[Request] ProcessWire

What about the wonderfull ProcessWire CMS?

Anybody tried to install via git clone of the official repository?

Hello,

According to GitHub - ryancramerdesign/ProcessWire: Our repository has moved to https://github.com/processwire – ple you can simply unzip its files into a Custom Webapp (installed with a MySQL database).

Erm, someone made a package of Processwire, here:

Until about 10 minutes ago there was a post about it on the forum, but perhaps its been taken down?

The official YunoHost repo is GitHub - YunoHost-Apps/processwire_ynh: ProcessWire package for YunoHost

The NGINX config is half broken and I have little clue on how to fix it.

Thanks for clarifying @ericg.

I’m no expert, but I have been doing more and more nginx wrangling lately.

I have some time and lots of motivation. If I can find out how to fix the nginx config on my install, is that something you’d have time/interest in adding to the package?

I’m going to test some settings using the resources below, and will post here how I go.

UPDATE: Early search results

This post appears to describe the same nginx issue as the YNH processwire package has: Nginx directives for Processwire - General Support - ProcessWire Support Forums

These led me to…

Nginx sample config for Processwire 3.0

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name example.com;
    root /home/forge/example.com/public;

    
    index index.html index.htm index.php;

    charset utf-8;

    
    # -----------------------------------------------------------------------------------------------
	# Access Restrictions: Protect ProcessWire system files
	# -----------------------------------------------------------------------------------------------

	# Block access to ProcessWire system files
	location ~ \.(inc|info|module|sh|sql)$ {
		deny all;
	}

	# Block access to any file or directory that begins with a period
	location ~ /\. {
		deny all;
	}

	# Block access to protected assets directories
	location ~ ^/(site|site-[^/]+)/assets/(cache|logs|backups|sessions|config|install|tmp)($|/.*$) {
		deny all;
	}

	# Block acceess to the /site/install/ directory
	location ~ ^/(site|site-[^/]+)/install($|/.*$) {
		deny all;
	}

	# Block dirs in /site/assets/ dirs that start with a hyphen
	location ~ ^/(site|site-[^/]+)/assets.*/-.+/.* {
		deny all;
	}

	# Block access to /wire/config.php, /site/config.php, /site/config-dev.php, and /wire/index.config.php
	location ~ ^/(wire|site|site-[^/]+)/(config|index\.config|config-dev)\.php$ {
		deny all;
	}

	# Block access to any PHP-based files in /templates-admin/
	location ~ ^/(wire|site|site-[^/]+)/templates-admin($|/|/.*\.(php|html?|tpl|inc))$ {
		deny all;
	}

	# Block access to any PHP or markup files in /site/templates/
	location ~ ^/(site|site-[^/]+)/templates($|/|/.*\.(php|html?|tpl|inc))$ {
		deny all;
	}

	# Block access to any PHP files in /site/assets/
	location ~ ^/(site|site-[^/]+)/assets($|/|/.*\.php)$ {
		deny all;
	}

	# Block access to any PHP files in core or core module directories
	location ~ ^/wire/(core|modules)/.*\.(php|inc|tpl|module)$ {
		deny all;
	}

	# Block access to any PHP files in /site/modules/
	location ~ ^/(site|site-[^/]+)/modules/.*\.(php|inc|tpl|module)$ {
		deny all;
	}

	# Block access to any software identifying txt files
	location ~ ^/(COPYRIGHT|INSTALL|README|htaccess)\.(txt|md)$ {
		deny all;
	}

	# Block all http access to the default/uninstalled site-default directory
	location ~ ^/site-default/ {
		deny all;
	}
	#Amplify dashboard
	location /nginx_status {
        stub_status on;
        allow 127.0.0.1;
        deny all;
    }

	# -----------------------------------------------------------------------------------------------
	# If the request is for a static file, then set expires header and disable logging.
	# Give control to ProcessWire if the requested file or directory is non-existing.
	# -----------------------------------------------------------------------------------------------

	location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|eot|woff|ttf)$ {
		expires 15d;
		log_not_found off;
		access_log off;
		try_files $uri $uri/ /index.php?it=$uri&$query_string;
	}
	
	# -----------------------------------------------------------------------------------------------
	# ProCache Rules
	# -----------------------------------------------------------------------------------------------

	set $cache_uri $request_uri;

	if ($request_method = POST) {
		set $cache_uri 'nocache';
	}

	if ($http_cookie ~* "wires_challenge") {
		set $cache_uri 'nocache';
	}
	
	if ($http_cookie ~* "persist") {
		set $cache_uri 'nocache';
	}


	# -----------------------------------------------------------------------------------------------
	# This location processes all other requests. If the request is for a file or directory that
	# physically exists on the server, then load the file. Else give control to ProcessWire.
	# -----------------------------------------------------------------------------------------------

	location / {
		expires -1;
		try_files /site/assets/ProCache-b3d534d...d/$cache_uri/index.html $uri $uri/ /index.php?it=$uri&$args;
	}
    

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/example.com-error.log error;

    error_page 404 /index.php;

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }

    location ~ /\.ht {
        deny all;
    }
}

Courtesy of this post (original bulk of code): ProcessWire on NGINX - General Support - ProcessWire Support Forums
And this post (updated to work with Processwire 3.x): ProcessWire on NGINX - Page 2 - General Support - ProcessWire Support Forums

Apache htaccess to nginx converter

https://www.winginx.com/en/htaccess
There are at least a few of these converters, which makes me think it’s a common problem, commonly solved in an automated way. Yay?

Nginx resources

This is for my reference mainly, but sharing in case it helps anyone else searching the forum for nginx issues.

Nginx Primer

Nginx Official Docs

Updated efforts

Today attempt 1: installing Processwire on MyWebApp
Result 1: has same error
Steps taken:

• updating Yunohost to 11.2.9.1
• installing processwire via MyWebApp

This tells me:

• @ericg Your package nginx has similar trouble to the default PW install
• Confims this is a Processwire-Yunohost Nginx config compatibility issue

Today attempt 2: edit nginx file to add recommended specs from this forum post
Result 2: has same error
Steps taken:

• tinkered with the nginx config at

/etc/nginx/conf.d/subdomain.tld/processwire.conf

I left @ericg’s code intact, but added comments and extra instructions from the recommended nginx config on the processwire forums (linked in earlier post).

Here is the full processwire.conf as I ended up using it:

#sub_path_only rewrite ^/$ / permanent;
location / {

  # Path to source
  alias /var/www/processwire/;

  index index.php index.html;

  # Common parameter to increase upload size limit in conjunction with dedicated php-fpm file
  client_max_body_size 100M;

  try_files $uri $uri/ index.php;
  location ~ [^/]\.php(/|$) {
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    fastcgi_pass unix:/var/run/php/php8.2-fpm-processwire.sock;

    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param REMOTE_USER $remote_user;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param SCRIPT_FILENAME $request_filename;
  }

  # Block access to any file or directory that begins with a period
  location ~ /\. {
    deny  all;
  }

  location ~ /(COPYRIGHT|LICENSE|README|htaccess)\.txt {
    deny  all;
  }

  # Block access to protected assets directories
  location ~ ^/site(-[^/]+)?/assets/(.*\.php|backups|cache|config|install|logs|sessions) {
    deny  all;
  }

  # Block access to the /site/install/ directory
  location ~ ^/site(-[^/]+)?/install {
    deny  all;
  }

  # Block access to /wire/config.php, /site/config.php, /site/config-dev.php, and /wire/index.config.php
  location ~ ^/(site(-[^/]+)?|wire)/(config(-dev)?|index\.config)\.php {
    deny  all;
  }

  # Block access to any PHP files in core or core module directories
  location ~ ^/wire/(core|modules)/.*\.(php|inc|tpl|module)$ {
    deny all;
  }

  location ~ ^/(site(-[^/]+)?|wire)/templates(-admin)?/.*\.(inc|html?|php|tpl) {
    deny  all;
  }

  # -----------------------------------------------------------------------------------------------
  # Access Restrictions: Protect ProcessWire system files
  # -----------------------------------------------------------------------------------------------

  # Block access to ProcessWire system files
  location ~ \.(inc|info|module|sh|sql)$ {
    deny all;
  }


  # Block access to the /site/install/ directory
  location ~ ^/(site|site-[^/]+)/install($|/.*$) {
    deny all;
  }

  # Block dirs in /site/assets/ dirs that start with a hyphen
  location ~ ^/(site|site-[^/]+)/assets.*/-.+/.* {
    deny all;
  }

  # Block access to any PHP-based files in /templates-admin/
  location ~ ^/(wire|site|site-[^/]+)/templates-admin($|/|/.*\.(php|html?|tpl|inc))$ {
    deny all;
  }

  # Block access to any PHP or markup files in /site/templates/
  location ~ ^/(site|site-[^/]+)/templates($|/|/.*\.(php|html?|tpl|inc))$ {
    deny all;
  }

  # Block access to any PHP files in /site/assets/
  location ~ ^/(site|site-[^/]+)/assets($|/|/.*\.php)$ {
    deny all;
  }

  # Block access to any PHP files in core or core module directories
  location ~ ^/wire/(core|modules)/.*\.(php|inc|tpl|module)$ {
    deny all;
  }

  # Block access to any PHP files in /site/modules/
  location ~ ^/(site|site-[^/]+)/modules/.*\.(php|inc|tpl|module)$ {
    deny all;
  }

  # Block access to any software identifying txt files
  location ~ ^/(COPYRIGHT|INSTALL|README|htaccess)\.(txt|md)$ {
    deny all;
  }

  # Block all http access to the default/uninstalled site-default directory
  location ~ ^/site-default/ {
    deny all;
  }
  
  # Amplify dashboard
  location /nginx_status {
        stub_status on;
        allow 127.0.0.1;
        deny all;
    }


  # -----------------------------------------------------------------------------------------------
	# If the request is for a static file, then set expires header and disable logging.
	# Give control to ProcessWire if the requested file or directory is non-existing.
	# -----------------------------------------------------------------------------------------------

	location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|eot|woff|ttf)$ {
		expires 15d;
		log_not_found off;
		access_log off;
		try_files $uri $uri/ /index.php?it=$uri&$query_string;
	}


  # -----------------------------------------------------------------------------------------------
  # ProCache Rules
  # -----------------------------------------------------------------------------------------------

  set $cache_uri $request_uri;

  if ($request_method = POST) {
    set $cache_uri 'nocache';
  }

  if ($http_cookie ~* "wires_challenge") {
    set $cache_uri 'nocache';
  }

  if ($http_cookie ~* "persist") {
    set $cache_uri 'nocache';
  }


  # -----------------------------------------------------------------------------------------------
  # This location processes all other requests. If the request is for a file or directory that
  # physically exists on the server, then load the file. Else give control to ProcessWire.
  # -----------------------------------------------------------------------------------------------

  location / {
    expires -1;
    try_files /site/assets/ProCache-b3d534d...d/$cache_uri/index.html $uri $uri/ /index.php?it=$uri&$args;
  }


    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/example.com-error.log error;

    error_page 404 /index.php;


  # Include SSOWAT user panel.
  include conf.d/yunohost_panel.conf.inc;
}

Next planned steps
This post My Webapp: Pointing domain to /public subfolder - #2 by tituspijean by @Nadine seems to have a similar issue, which was resolved with some re-write rules. Perhaps I’ll do some digging around rewrite rules next. idk.

My questions

• Does anything jump out in the nginx config above as definitely wrong or broken?
• Could a re-write rule help nginx find the admin login at

mydomain.tld/processwire

Thank you for reading.

Any ideas you have about what might be worth exploring would be very welcome.

Hey @Vanitarium

Perhaps be nicer?
@ericg has done a kind thing for us, packaging Processwire. It is not currently working, true and annoying!

But several folks are working together here and on the yunohost processwire package GitHub issues to make it work. This is my newbie understanding of the benefit of open source collaboration.

Making Apache (Processwire uses) and nginx (Yunohost uses) play nice is hard! We will get there, but it is slow sometimes.

I have a lot of tweaking to do to get most apps to work correctly on Yunohost, but I enjoy the process, and appreciate the opportunity to learn, contribute, and enjoy using the tools.

If you would like to learn and contribute too, here is a post on how to change nginx settings to get the admin panel to appear.

I find your comments not respectful to be honest…

it’s not nice not being nice

literally everyone here is a volunteer, the least you can do is not being abusively rude as if you were owed everything