Gramps Web - nginx configuration file

The documentation at Docker with Let's Encrypt - Gramps Web states:

A particularly convenient option is to use a dockerized Nginx reverse proxy with automated Let’s Encrypt certificate generation. This is achieved with this docker-compose.yml. (The nginx_proxy.conf needs to be stored in the same directory to allow uploading large media files to Gramps Web.)

The same directory as what?

Please provide more information about your configuration.

Narrative Web puts everything in the directory your designated. It is made of a base directory <tree_name>_NAVWEB containing images and img subdirectories. As long as nGinx has access to the base directory, you should be able to display your images. Of course, the drawback is duplication of media files from where they are normally stored into the NAVWEB directory.

Here is a part of my nGinx configuration (it hosts several servers, I just display the NavWeb one) which is entered with URL //localhost/Famille. Sensitive data have been replaced by …

	location ^~ /Famille {
		if ($scheme != 'https') {   # see note 1
			return 403;
		}
		location ~ \.html$ {
			root /home/…/www/saga_NAVWEB;
			fastcgi_split_path_info	^(/Famille)(/.*|$);
#			include fastcgi.conf;
# see note 2 why this directive is commented out and replaced by its expansion
			fastcgi_param DOCUMENT_ROOT  $document_root;
			fastcgi_param QUERY_STRING $query_string;
			fastcgi_param REQUEST_URI  $request_uri;
			fastcgi_param SCRIPT_NAME  poc.pl;
			fastcgi_param SCRIPT_FILENAME /home/…/projects/Saga_data_filtering/poc.pl;
#  see note 3
			fastcgi_param PATH_INFO  $fastcgi_path_info;
			fastcgi_read_timeout 10s;
			fastcgi_pass unix:/var/run/fcgiwrap/fcgiwrap-0.sock;
		}
		location = /Famille/au.th {
#  see note 4
			root /home/…/www/saga_NAVWEB;
			fastcgi_split_path_info	^(/Famille/au\.th)(/.*|$);
#			include fastcgi.conf;
#  see again note 2
			fastcgi_param DOCUMENT_ROOT  $document_root;
			fastcgi_param QUERY_STRING $query_string;
			fastcgi_param REQUEST_URI  $request_uri;
			fastcgi_param SCRIPT_NAME  poc.pl;
			fastcgi_param SCRIPT_FILENAME /home/prog/projects/Saga_data_filtering/poc.pl;
			fastcgi_param PATH_INFO  $fastcgi_path_info;
			fastcgi_pass unix:/var/run/fcgiwrap/fcgiwrap-0.sock;
		}
		location ~ /Famille(/.*(?!\.html(\?|$))) {
#  see note 5
			alias /home/…/www/saga_NAVWEB$1;
		}
	}

	location ^~ /WEBCAL/ {
        if ($scheme != 'https') {
            return 403;
        }
        rewrite /WEBCAL(.*) /saga_WEBCAL$1 last;
	}

	location ^~ /saga_WEBCAL/ {
        if ($scheme != 'https') {
            return 403;
        }
        root /home/…/www;
	}

	location ^~ /images/ {}
	location ^~ /common/ {}

	rewrite /NAVWEB/(.*) /Famille/$1 last;

Notes:

1. As a weak protection, I only allow HTTPS access to my Gramps server. Since I create myself the keys, my self-signed site is considered as “suspect” by most browsers and this requires special manipulation to complete access.
2. Using standard include fastcgi.conf results in a conflict in assigning values to SCRIPT_NAME and SCRIPT_FILENAME leading to HTML Error 400. I preferred to assign all variables with the values I expect.
3. I don’t serve directly the Gramps pages. I filter them through Perl script poc.pl (proof-ot-concept). I have expended the notion of “private data” from a binary yes-no to a versatile “tagging” system. A Gramps object can be annotated with a string of sequences (say words to simplify matters) separated by spaces. This propagates to the pages generated by NavWeb in the <head> part of the HTML page. When such a page is detected by script poc.pl, its transmission is suspended and user is requested to authenticate. If successful, the page is transmitted, otherwise an error page is displayed.
4. This is the response to the authentication request. It is managed as a small finite state automaton
5. This section is for all non-HTML data: CSS, images, … It must not be filtered or altered in any way

The rest of the directives are there because I didn’t change the URL structure when I changes from Apache to nGinx (many years ago) and didn’t changer either the parameters in the Narrative Web control dialog. I should do it to make the URLs more consitent and simplify nGinx configuration.

Hi and thanks for the reply. I am guessing that this has to be integrated to, or be saved in the same folder as the default.conf file but that’s only a guess.

Using the default installation instructions, it’s unclear.

Steve

You didn’t mention your Linux distro. There are various existing structuring for configuration file storage.

I’m under Fedora 37. There is an /etc/nginx/default.d/ directory and I don’t tamper with it. After all, it sets default parameters supposedly valid in any circumstances. There are also /etc/nginx.nginx.conf and /etc/nginx.nginx.conf.default which define catch-all fall-back configuration in case a user’s one fails. I don’t tamper with them either.

I create a mysite.conf file to be stored into /etc/nginx/conf.d from which it will be automatically extracted and interpreted when nginx is started. Its contents is a complete server {} block, out of which one or more location describe my Narrative Web pages.

My sanity rule is to never interfere with default configuration which is usually intended for graceful fallback. It is better to store in the adequate directory an overriding configuration file.

Hello again, here’s a more detailled answer:

I am running OMV 6 and have Portainer 2.16.2 running.

Inside the container that is created when I use the following yml file:

version: "3.7"

services:
  grampsweb:
    image: ghcr.io/gramps-project/grampsweb:latest
    restart: always
    environment:
      TREE: "Our Ancestry Family Trees"  # will create a new tree if not exists
      VIRTUAL_PORT: 5000
      VIRTUAL_HOST: "ourancestry.ddns.net"   # e.g. gramps.mydomain.com
      LETSENCRYPT_HOST: "ourancestry.ddns.net"   # e.g. gramps.mydomain.com
      LETSENCRYPT_EMAIL: "swadams1976@gmail.com"  # your email
    volumes:
      - gramps_users:/app/users
      - gramps_index:/app/indexdir
      - gramps_thumb_cache:/app/thumbnail_cache
      - gramps_secret:/app/secret
      - gramps_db:/root/.gramps/grampsdb
      - gramps_media:/app/media
    networks:
      - proxy-tier
      - default

  proxy:
    image: nginxproxy/nginx-proxy
    container_name: nginx-proxy
    restart: always
    ports:
      - 80:80
      - 443:443
    environment:
      ENABLE_IPV6: "true"
    volumes:
      - ./nginx_proxy.conf:/etc/nginx/conf.d/my_proxy.conf
      - conf:/etc/nginx/conf.d
      - dhparam:/etc/nginx/dhparam
      - certs:/etc/nginx/certs:ro
      - vhost.d:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/tmp/docker.sock:ro
    networks:
      - proxy-tier

  acme-companion:
    image: nginxproxy/acme-companion
    container_name: nginx-proxy-acme
    restart: always
    environment:
      NGINX_PROXY_CONTAINER: nginx-proxy
    volumes:
      - certs:/etc/nginx/certs:rw
      - vhost.d:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - acme:/etc/acme.sh
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - proxy-tier
    depends_on:
      - proxy

volumes:
  acme:
  certs:
  conf:
  dhparam:
  vhost.d:
  html:
  gramps_users:
  gramps_index:
  gramps_thumb_cache:
  gramps_secret:
  gramps_db:
  gramps_media:

networks:
  proxy-tier:

I am running:

root@b2c086dee65a:/app# cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

When I deploy this stack, nginx gives an error:

nginx: [crit] pread() "/etc/nginx/conf.d/my_proxy.conf" failed (21: Is a directory)

To resolve this I changed the default.nginx.conf in /etc/ngix from

    include /etc/nginx/conf.d/*;

to

    include /etc/nginx/conf.d/default.conf;
    include /etc/nginx/conf.d/ourancestry.conf;

The ourancestry.conf file contains the client_max_body_size line we originally noted.

This allows nginx to boot.

I might have this right, or not, any help is appreciated.

I am not familiar at all with docker configurations.

nGinx met an unexpected condition when it wanted to read some contents. The 21 may be the line number in my_proxy.conf where the error occurs. What is the directive there? Your workaround consists in restricting what nGinx includes to the two file in your interest. Works but it might be interesting to know why it fails in the general case.

You say you describe your Gramps environment in yml. There may be some error during the translation. It is certainly better to track back the cause to your yml source.

I appreciate it your efforts to troubleshoot. I am far from a docker wizard.

21 is an error code.

The error is that my_proxy.conf should have been created in the file system with files inside it before the image was deployed, but that’s not possible for someone like me who is not ssh’d into the underlying file system.

I was able to resolve this situation by removing /my_proxy.conf from the originally posted yaml file. This unlocked the directory and allowed me to remove it. The generated file then referenced /etc/nginx/conf.d/* which contained a default.conf file which was correctly imported and resolved the issue.

Future readers can edit the line:

- ./nginx_proxy.conf:/etc/nginx/conf.d/my_proxy.conf

to

- ./nginx_proxy.conf:/etc/nginx/conf.d/

I didn’t attempt it, but adding a “/” to the end of the original may also resolve the issue.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.