Running GO prof 6.x with Nginx Webserver

Having trouble installing Group-Office? No worries. Help is on the way.

Moderator: Developers

peter_stirnberg
Posts: 279
Joined: Tue Dec 13, 2005 7:57 am

Running GO prof 6.x with Nginx Webserver

Postby peter_stirnberg » Thu May 11, 2017 1:23 pm

Hello folks,

here is my solution for running (and syncing) GO prof 6.x with Nginx webserver. Please note that trailing slashes are essential :wink:
I added some security stuff and tested it with GO 6.1.136 and 6.2.38.

Have fun!
Attachments
Running GO prof. 6 with nginx.pdf
(44.06 KiB) Downloaded 646 times
peter_stirnberg
Posts: 279
Joined: Tue Dec 13, 2005 7:57 am

Re: Running GO prof 6.x with Nginx Webserver

Postby peter_stirnberg » Wed May 17, 2017 11:35 am

PHP Update:

In case you have php7 installed simply exchange php5 with php7.0 (Debian or Ubuntu)
peter_stirnberg
Posts: 279
Joined: Tue Dec 13, 2005 7:57 am

Re: Running GO prof 6.x with Nginx Webserver

Postby peter_stirnberg » Fri Jun 15, 2018 1:42 pm

Udate for syncing ActiveSync and DAV protocols under nginx. Works for GO 6.2 and 6.3. All my tests proof that hereby GO is fully supported by Nginx.

Here's a sample site-config:

server {
listen 80;
server_name my_go_server;
root /var/www/html/DocRoot;
index index.php index.html;
#Redirect all traffic to https
return 301 https://$host$request_uri;
}

# HTTPS
server {
listen 443;
server_name my_go_server;
root /var/www/html/DocRoot;
ssl on;
ssl_certificate /etc/letsencrypt/live/my_go_server/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my_go_server/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# Fix 'The Logjam Attack'.
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=31536000;
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
add_header Referrer-Policy "no-referrer";
index index.php index.html;

location / {
try_files $uri $uri/ =404;
}

error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}

location ~ ^(.+\.php)(.*) {
try_files $fastcgi_script_name =404;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_index index.php;
include fastcgi_params;
}

location /caldav {
rewrite /caldav/(.*)$ /modules/caldav/calendar.php?/$1 last;
}

location /carddav {
rewrite /carddav/(.*)$ /modules/carddav/addressbook.php?/$1 last;
}

location /webdav {
rewrite /webdav/(.*)$ /modules/dav/files.php?/$1 last;
}

location /Microsoft-Server-ActiveSync {
rewrite /Microsoft-Server-ActiveSync(.*)$ /modules/z-push/index.php?/$1 last;
}

location = /.well-known/carddav {
return 301 $scheme://$host/carddav/;
}
location = /.well-known/caldav {
return 301 $scheme://$host/caldav/;
}
}
Last edited by peter_stirnberg on Wed Jun 27, 2018 9:06 am, edited 2 times in total.
mschering
Site Admin
Site Admin
Posts: 8357
Joined: Tue Apr 20, 2004 1:06 pm
Location: The Netherlands - Den Bosch
Contact:

Re: Running GO prof 6.x with Nginx Webserver

Postby mschering » Tue Jun 26, 2018 3:08 pm

Thanks for sharing!
Best regards,

Merijn Schering
Intermesh
drkkvfulda
Posts: 14
Joined: Wed Oct 09, 2013 3:04 pm

Re: Running GO prof 6.x with Nginx Webserver

Postby drkkvfulda » Thu Dec 20, 2018 1:08 pm

Have you had experience with 504 errors (Gateway Timeout)? As soon as I connect a device with ActiveSync, the PHP process gets killed with the 504 error. Say, even the normal GO surface is no longer available. After a few minutes it works again.
peter_stirnberg
Posts: 279
Joined: Tue Dec 13, 2005 7:57 am

Re: Running GO prof 6.x with Nginx Webserver

Postby peter_stirnberg » Fri Dec 21, 2018 1:57 pm

drkkvfulda wrote: Thu Dec 20, 2018 1:08 pm Have you had experience with 504 errors (Gateway Timeout)?
No, sorry. Does everything work without using z-push?
drkkvfulda
Posts: 14
Joined: Wed Oct 09, 2013 3:04 pm

Re: Running GO prof 6.x with Nginx Webserver

Postby drkkvfulda » Sat Dec 22, 2018 3:19 pm

Yes without z-push it works.

as soon as a device connects via z-push, the error message appears.
peter_stirnberg
Posts: 279
Joined: Tue Dec 13, 2005 7:57 am

Re: Running GO prof 6.x with Nginx Webserver

Postby peter_stirnberg » Thu Dec 27, 2018 11:19 am

drkkvfulda wrote: Sat Dec 22, 2018 3:19 pm Yes without z-push it works.

as soon as a device connects via z-push, the error message appears.
Can you provide me your site-config?
drkkvfulda
Posts: 14
Joined: Wed Oct 09, 2013 3:04 pm

Re: Running GO prof 6.x with Nginx Webserver

Postby drkkvfulda » Mon Dec 31, 2018 12:52 pm

server {
server_name bla.de www.bla.de;
charset UTF-8;
index index.html index.php;
disable_symlinks if_not_owner from=$root_path;
include /etc/nginx/vhosts-includes/*.conf;
include /etc/nginx/vhosts-resources/..../*.conf;
access_log /var/www/httpd-logs/.....access.log;
error_log /var/www/httpd-logs/......error.log debug;
ssi on;
set $root_path /var/www/.....;
root $root_path;
include /etc/nginx/vhosts-resources/..../*.conf;
location / {
location ~ [^/]\.ph(p\d*|tml)$ {
try_files /does_not_exists @php;
}
}

error_log /var/www/httpd-logs/.....de.error.log notice;
listen IP:80;
location @php {
fastcgi_index index.php;
fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f webmaster@bla.de";
fastcgi_pass unix:/var/www/php-fpm/go.sock;
fastcgi_split_path_info ^((?U).+\.ph(?:p\d*|tml))(/?.+)$;
try_files $uri =404;
include fastcgi_params;
}
}

server {
server_name bla.de www.bla.de;
ssl_certificate "/var/www/httpd-cert/...._le2019.crtca";
ssl_certificate_key "/var/www/httpd-cert/.....de_le2019.key";
ssl_ciphers EECDH:+AES256:-3DES:RSA+AES:!NULL:!RC4;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security "max-age=31536000;";
ssl_dhparam /etc/ssl/certs/dhparam4096.pem;
charset UTF-8;
index index.html index.php;
disable_symlinks if_not_owner from=$root_path;
include /etc/nginx/vhosts-includes/*.conf;
include /etc/nginx/vhosts-resources/.../*.conf;
access_log /var/www/httpd-logs/....access.log;
error_log /var/www/httpd-logs/....error.log notice;
ssi on;
set $root_path /var/www/...;
root $root_path;
include /etc/nginx/vhosts-resources/.../*.conf;
# location / {
# location ~ [^/]\.ph(p\d*|tml)$ {
# try_files /does_not_exists @php;
# }
# }
location / {
try_files $uri $uri/ =404;
}

listen IP:443 ssl;
# location @php {
location ~ ^(.+\.php)(.*) {
try_files $fastcgi_script_name =404;
# fastcgi_index index.php;
fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f webmaster@blablub.de";

fastcgi_split_path_info ^(.+\.php)(.*)$;

fastcgi_pass unix:/var/www/php-fpm/go.sock;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;

# fastcgi_split_path_info ^((?U).+\.ph(?:p\d*|tml))(/?.+)$;
# try_files $uri =404;

fastcgi_index index.php;

include fastcgi_params;
}

location /caldav {
rewrite /caldav(.*)$ /modules/caldav/calendar.php?/$1 last;
}

location /carddav {
rewrite /carddav(.*)$ /modules/carddav/addressbook.php?/$1 last;
}

location /webdav {
rewrite /webdav(.*)$ /modules/dav/files.php?/$1 last;
}

location /Microsoft-Server-ActiveSync {
rewrite /Microsoft-Server-ActiveSync(.*)$ /modules/z-push/index.php?/$1 last;
}

location = /.well-known/carddav {
return 301 $scheme://$host/carddav/;
}
location = /.well-known/caldav {
return 301 $scheme://$host/caldav/;
}
}

I think the fastcgi read timeout setting is the Problem, what are your preferences?

see: http://www.smashinglab.com/fix-504-gateway-time-nginx/ and https://wiki.z-hub.io/display/ZP/Nginx+configuration
peter_stirnberg
Posts: 279
Joined: Tue Dec 13, 2005 7:57 am

Re: Running GO prof 6.x with Nginx Webserver

Postby peter_stirnberg » Wed Jan 02, 2019 7:16 am

fastcgi read timeout is unset here
drkkvfulda
Posts: 14
Joined: Wed Oct 09, 2013 3:04 pm

Re: Running GO prof 6.x with Nginx Webserver

Postby drkkvfulda » Wed Jan 02, 2019 4:09 pm

correct, but I think nginx will have standard values ​​and do not allow 3660 seconds
peter_stirnberg
Posts: 279
Joined: Tue Dec 13, 2005 7:57 am

Re: Running GO prof 6.x with Nginx Webserver

Postby peter_stirnberg » Thu Jan 03, 2019 4:58 pm

drkkvfulda wrote: Wed Jan 02, 2019 4:09 pm correct, but I think nginx will have standard values ​​and do not allow 3660 seconds
I think nginx allows any value here. You can configure it e. g. in your location. Does your server connect via dynDNS and behind a gateway? If your backbone or your server is too slow I suggest to configure it accordingly. Our server responses find with the standard value (which I think is 60 sec.).

Syntax: fastcgi_read_timeout time;
Default:
fastcgi_read_timeout 60s;
Context: http, server, location
Defines a timeout for reading a response from the FastCGI server. The timeout is set only between two successive read operations, not for the transmission of the whole response. If the FastCGI server does not transmit anything within this time, the connection is closed.
drkkvfulda
Posts: 14
Joined: Wed Oct 09, 2013 3:04 pm

Re: Running GO prof 6.x with Nginx Webserver

Postby drkkvfulda » Mon Jan 21, 2019 6:00 pm

Ok. The problem always seems to occur during the push query, but I have not found a solution so far, have also tested everything without success with the Read timeout. Even with Apache and NGINX instead of NGINX FastCGI with FPM-PHP, the timeout occurs only with the difference that no 504 timeout error comes in the browser. The error log of the web server also reports the corresponding message ...

2019/01/21 18:59:10 [error] 9090#9090: *160336 upstream timed out (110: Connection timed out) while reading response header from upstream, client: xxxxxxx, server: xxxxxx, request: "POST /Microsoft-Server-ActiveSync?Cmd=Ping&User=xxxxx&DeviceId=xxxxxx&DeviceType=SamsungDevice HTTP/1.1", upstream: "http://127.0.0.1:8080/modules/z-push/index.php?/&Cmd=Ping&User=xxxxxx&DeviceId=xxxxxxx&DeviceType=SamsungDevice", host: "xxxx"

Who is online

Users browsing this forum: No registered users and 5 guests

cron