Simplest possible nginx configuration


#1

Hi all,

Trying to setup Funkwhale from source on Gentoo to first make sure everything works as expected.
I am trying to setup the simplest nginx configuration possible to use the server locally ( i.e. over the local network) . No https, no domain names etc.

Preferably , just a couple of ’ server’ lines in /etc/nginx.conf.

I realise this is most likely an nginx-setup- question, but I would like to prevent spending too much time on nginx from scratch to get this running…

Can someone point me to the most simple but complete nginx config to make this happen, since the one provided already contains a lot of items associated with certificates, https etc, and I can get sites-enabled to work this way.

Thanks,

Alexander.


#2

The most simple working configuration is this one, without the https things. So you’d probably end up with something like that (replace ${} placeholders with your .env variables):

# This file was generated from funkwhale.template

upstream funkwhale-api {
    # depending on your setup, you may want to update this
    server ${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT};
}

# required for websocket support
map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

server {
    listen 80;
    listen [::]:80;
    server_name ${FUNKWHALE_HOSTNAME};
    root ${FUNKWHALE_FRONTEND_PATH};

    # end of compression settings
    location / {
        include /etc/nginx/funkwhale_proxy.conf;
        # this is needed if you have file import via upload enabled
        client_max_body_size ${NGINX_MAX_BODY_SIZE};
        proxy_pass   http://funkwhale-api/;
    }

    location /front/ {
        alias ${FUNKWHALE_FRONTEND_PATH}/;
        expires 30d;
        add_header Pragma public;
        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
    }

    location /federation/ {
        include /etc/nginx/funkwhale_proxy.conf;
        proxy_pass   http://funkwhale-api/federation/;
    }

    # You can comment this if you do not plan to use the Subsonic API
    location /rest/ {
        include /etc/nginx/funkwhale_proxy.conf;
        proxy_pass   http://funkwhale-api/api/subsonic/rest/;
    }

    location /.well-known/ {
        include /etc/nginx/funkwhale_proxy.conf;
        proxy_pass   http://funkwhale-api/.well-known/;
    }

    location /media/ {
        alias ${MEDIA_ROOT}/;
    }

    location /_protected/media {
        # this is an internal location that is used to serve
        # audio files once correct permission / authentication
        # has been checked on API side
        internal;
        alias   ${MEDIA_ROOT};
    }

    location /_protected/music {
        # this is an internal location that is used to serve
        # audio files once correct permission / authentication
        # has been checked on API side
        # Set this to the same value as your MUSIC_DIRECTORY_PATH setting
        internal;
        alias   ${MUSIC_DIRECTORY_SERVE_PATH};
    }

    location /staticfiles/ {
        # django static files
        alias ${STATIC_ROOT}/;
    }
}


#3

Hi @eliotberriot,

Thanks, I used that one indeed but I cant get it to work.

However, on Gentoo there is no sitesavailable/enabled by default, so I am thinking some of the other (default) config is different.

Are there any specific modules for nginx required, or maybe can we somewhere post the entire config, including nginx.conf and all other directories or files in /etc/nginx?

A.

Ps One way forward for me could be to first try to get it working on Debian (on a pi for example) and then translate everything to gentoo, but that will take me a lot more effort so I was hoping to get some default nginx working…


#4

The sites-enabled workflow is in fact really simple: I put this line in my nginx.conf:

http {
    […]

    include /etc/nginx/sites-enabled/*;
}

And this sites-enabled directory only contains symlinks from the sites-available dir, that actually contains the config files


#5

Yeah, you can use the conf.d directory otherwise :slight_smile: (as long as it’s picked up by nginx.conf, any location is fine)

What do you mean by that? Do you have an error (nginx -t)?


#6

Thanks, yes, I am doing that.

No, seems to be fine:
# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

In the log of nginx when starting I get the following error:
' [error] 21266#0: *1 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 192.168.0.114, server: 0.0.0.0:443 '
However, i can’t generate keys: certbot complains I am using a local domain ( which I am) since i dont want to use a public domain for now. So basically I just want to comment out the ssl_certificate_key and ssl_certificate part in the file.

So, maybe that has something to do with it.
Easiest way to get going would be to use an nginx config without https for local use only, or somehow make https work without the keys.

Thanks so far, any tips are welcome,

Alexander.


#7

PS:

For me to check nginx is working with whalefunk.conf: Is there anything I should see/check from my browser with just the index file and static files in /srv/funkwhale/front/dist ?

I would like to check this part separately from the Daphne-server , which seems to be running but I can onyl check form the commandline.


#8

I shared a sample file without any SSL stuff earlier, did you try this one? Does it work for you?


#9

Hi,

I did now (sorry, i saw the file but in the end used the one in your link,which was the default one… I should pay more attention …).

So :
Although It doesn’t completely work yet, something did changed which indicates something changed for the good.

Right now, the Daphne out (commandline) shows errors like when I try to load the page, while it didn’t show any reaction to me attempting to visit the page before! So, getting there I guess! :

2019-03-15 11:10:16,299 ERROR    Invalid HTTP_HOST header: '192.168.0.30:80'. You may need to add '192.168.0.30' to ALLOWED_HOSTS.
192.168.0.114:80 - - [15/Mar/2019:11:10:16] "GET /test.html" 400 26
ERROR 2019-03-15 11:10:20,647 exception 26857 139710712977152 Invalid HTTP_HOST header: '192.168.0.30:80'. You may need to add '192.168.0.30' to ALLOWED_HOSTS.
2019-03-15 11:10:20,647 ERROR    Invalid HTTP_HOST header: '192.168.0.30:80'. You may need to add '192.168.0.30' to ALLOWED_HOSTS.
192.168.0.114:80 - - [15/Mar/2019:11:10:20] "GET /" 400 26
ERROR 2019-03-15 11:10:20,739 exception 26857 139710725302016 Invalid HTTP_HOST header: '192.168.0.30:80'. You may need to add '192.168.0.30' to ALLOWED_HOSTS.

This means that with that config file now there is contact between ‘NGinx’ and the Daphne Funkwhale backend!

I will look into it later, I have to be away now.
Thanks so far!


#10

@alexander: the daphne error is because you access the server from http://192.168.0.30 (or something similar), while the Funkwhale server is configured to only accept connections from the host used in FUNKWHALE_URL, in your env file.

You can add a DJANGO_ALLOWED_HOSTS=192.168.0.30 line in your .env for your tests :slight_smile:


#11

That helped, those errors are now gone. (strange btw, since that IP address is actually the address of the machine on which both FW and nginx are running, so it should use the local address but i will look into that later)

Now Daphne gives n each load of the webpage :
192.168.0.114:80 - - [15/Mar/2019:11:44:20] “GET /” 200 933
192.168.0.114:80 - - [15/Mar/2019:11:44:40] “GET /” 200 933

So this indicates the ’ chain’ from nginx to daphne works.

EDIT: It works using Firefox, I now can see the weinterface!!! Great news!

Thanks a lot for helping me out , I will play more with it later on!