Tengine

Revision as of 06:26, July 9, 2015 by Uudruid74 (Talk | contribs) (security updates and joomla compatibility)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

www-servers/tengine


Source Repository:Repository:Funtoo Overlay

http://tengine.taobao.org

Summary: Robust, small and high performance http and reverse proxy server


News

Drobbins

Perl Updates

Gentoo has bumped perl from 5.20 to 5.22. Be sure to run perl-cleaner --all after the upgrade.
2015-07-25 by Drobbins
Drobbins

ARM Rebuild

ARM systems will use new stage3's that are not compatible with earlier versions.
2015-06-27 by Drobbins
Drobbins

ABI X86 64 and 32

Funtoo Linux has new 32-bit compatibility libraries inherited from Gentoo. Learn about them here.
2015-06-18 by Drobbins
More...

Tengine

Tip

We welcome improvements to this page. To edit this page, Create a Funtoo account. Then log in and then click here to edit this page. See our editing guidelines to becoming a wiki-editing pro.

Tengine is an Package:Nginx fork. It supports DSO module loading, meaning it can have external modules without the need to compile them in. Tengine is a good back end web server node choice. As tengine is missing from many upstream gentoo web-server-stack packages, emerge nginx also, and direct the system to use nginx instead of apache to prevent apache from being pulled in.

Installation

Shared & Static Modules

If you happen to want all modules installed dynamically, you, still, need to install some static modules. Make sure to add this to your /etc/portage/make.conf file:

/etc/portage/make.conf - Tengine all-modules build
...
TENGINE_SHARED_MODULES_HTTP="access addition autoindex browser charset_filter empty_gif fastcgi flv footer_filter geoip image_filter limit_conn limit_req lua map memcached mp4 random_index referer reqstat rewrite scgi secure_link slice split_clients sub sysguard tfs trim_filter upstream_ip_hash upstream_least_conn upstream_session_sticky user_agent userid_filter uwsgi xslt"
TENGINE_STATIC_MODULES_HTTP="concat dav degradation geo gunzip gzip gzip_static perl proxy realip spdy ssi ssl stub_status upstream-rbtree upstream_check upstream_consistent_hash upstream_keepalive"
...

External Modules

Passenger is an easy method to serve ruby, python, node.js, and Meteor cms' or web applications.

If you want to run passenger:

/etc/portage/make.conf - build the passenger module
TENGINE_EXTERNAL_MODULES_HTTP="passenger"

Then merge:

# emerge tengine


Configuration

Files for configuration are located at /etc/tengine

The major differing point in tengine from nginx is that you have to specifically declare which modules are loaded. Available modules are located at /var/lib/tengine/modules.

/etc/tengine/tengine.conf - DSO module statements
...
dso {
	load ngx_http_charset_filter_module.so;
	load ngx_http_fastcgi_module.so;
	load ngx_http_rewrite_module.so;
	load ngx_http_access_module.so; ## added because you want most likely use allow & deny on certain positions
}
...
/etc/tengine/tengine.conf - make life easier
#user tengine tengine;
user apache apache;
...
http {
...
#	disable_symlinks if_not_owner;
	disable_symlinks off;
...

Tengine

/etc/tengine/tengine.conf contains engine specific configurations.

Sites

/etc/tengine/sites-available/localhost has site specific configurations. Generally localhost is copied to domain.tld file formats in the /etc/tengine/sites-available/ directory.

SSL Encryption

Follow these instructions HOWTO:WebServer_SSL

Redirection / Rewriting

Tengine has a number of features that allow you to redirect users from one URL to another or rewrite the incoming URL so your site sees it differently. If you are familiar with regular expressions, you're in luck as you'll be using them. If you aren't, you might want to learn them.

Do not use redirection to redirect from http to https as this opens up the possibility of a man-in-the-middle attack. Instead, use HTTP Strict Transport Security. This is just a single line and its already in the above SSL configuration.

Unix Socket

To listen on a unix socket & 127.0.0.1:

/etc/tengine/sites-available/localhost - Listen on a unix socket
server{
	listen 127.0.0.1;
	listen unix:/var/run/tengine.sock;
...
}

PHP-FPM

Tengine does not natively support php, so we delegate that responsibility to php-fpm

/etc/tengine/sites-available/localhost - fpm tcp/ip configuration
server {
        ...
	index index.php index.cgi index.htm index.html;
	location ~ \.php$ {
		fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
#	        fastcgi_pass 127.0.0.1:9000;   #uncomment this line, and comment the socket line above to use tcp
		include fastcgi.conf;
        }
        ...
}

Content Management Systems

The above PHP configuration is a bare-minimal default. If you are using a content management system where your URL doesn't end in .PHP, the above will fail. A full description of how to set up Joomla is beyond the scope of this article, but you can start with this. And like in the above example, if your PHP-FPM is running via TCP/IP you can change to an IP address instead of a Unix socket, although the most common reason for that is if you have the web server and PHP on different servers (and so you replace 127.0.0.1 with the PHP-FPM server's IP); otherwise, Unix domain is faster. Also the try_files line should always end in =404 for security reasons.

server {
        ...
       #- Support Clean (aka Search Engine Friendly) URLs
        location / {
            try_files $uri $uri/ /index.php?$args =404;
                        break;
        }

       #- deny running scripts inside writable directories
        location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
                return 403;
                error_page 403 /error/403.html;
        }

        #- magic needed to make joomla URLs work
        location ~ [^/]\.php(/|$) {
                gzip off;
                fastcgi_split_path_info ^(.+?\.php)(/.*)$;
                if (!-f $document_root$fastcgi_script_name) {
                        return 404;
                }
                fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
                fastcgi_index index.php;
                include /etc/tengine/fastcgi.conf;
        }
        ...
}

Passenger

Passenger's app environments:

  1. test
  2. development
  3. production
Note

Anything the internet can touch should be in production mode.

Ruby on Rails

To serve with passenger, change the root statement below to point to your application's public directory:

/etc/tengine/sites-available/localhost - passenger configuration
passenger_root /usr/libexec/passenger/locations.ini;
passenger_ruby /usr/bin/ruby;

server {
        passenger_enabled on;
	passenger_app_env development;
	root /home/$USER/ror/public;
        ...
}

Node.js

/etc/tengine/sites-available/localhost - passenger configuration
passenger_root /usr/libexec/passenger/locations.ini;
passenger_ruby /usr/bin/ruby;

server {
        passenger_enabled on;
	passenger_app_env development;
	root /home/$USER/node/public;
        ...
}

Create the public directory:

# mkdir /home/$USER/node/public


Passenger's node entry point is app.js, the entry point must be named this for passenger to serve it.

Create a node hello world:

/home/$USER/node/app.js - node hello world
// Load the http module to create an http server.
var http = require('http');

// Configure our HTTP server to respond with Hello World to all requests.
var server = http.createServer(function (request, response) {
  response.writeHead(200, {"Content-Type": "text/plain"});
  response.end("Hello World From Node.js\n");
});

//**only for instances started via node app.js** Listen on port 8000, IP defaults to 127.0.0.1
server.listen(8000);

//**only for instances started via node app.js** Put a friendly message on the terminal
console.log("Server running at http://127.0.0.1:8000/");

Python

Important

This section is in need of updates.

Currently (01:52, May 19, 2015 (UTC)) python 3.x doesn't clash well with passenger, however python 2.7 runs well.

# eselect python set  python2.7


Usage

To start the tengine server:

# rc-update add tengine default
# rc