This component is responsible for setting up Nginx for your instance.
Nginx is a webserver that either returns assets (such as images, css or js files) or passes the requests on to PHP-FPM (Magento)
Settings
The nginx component is always enabled, without it your instance wouldn't work.
- Force HTTPS - If enabled MDOQ will redirect requests from
http
(unsecure) tohttps
(secure) without interacting with Magento. - Additional SSL Configuration - This is an advanced option to allow you to change the SSL configuration within Nginx (e.g
ssl_protocols
). In most cases this won't need changing, for more information see Entrypoint Configuration - Additional Custom Params - This is another advanced option to allow custom settings to be set in Nginx (e.g
real_ip_recursive on
). In most cases this won't need changing, for more information see Entrypoint Configuration - Default Store Code - This is the
MAGE_RUN_CODE
MDOQ should pass to PHP-FPM when a request is made to a domain that isn't configured within Magento. (See "Non 'default' default store" guide for more info). - Admin Store Code - This is the
MAGE_RUN_CODE
MDOQ should pass to PHP-FPM when a request is made to a valid admin domain and path. The default isdefault
in most cases you won't need to change this. Some legacy stores rely on this value beingadmin
. - Additional Domains - Here you can specify additional domains for MDOQ to configure. These domains don't have to exist within your Magento website. A few good use case examples are; "Redirect root domain to www" and "Configure custom entry point".
- Certificate Manager - The certificate manager is responsible for ensuring all your sites have valid SSL certifcates. Please see Certificate Manager section for More Info
Version
The current version on Nginx used is 1.24.0
Logs
NGINX access and error logs can be found in the Magento log directory for your instance.[magento root]/mdoq/var/log/nginx/
The logs stored here are rotated nightly. On rotation an incremental number is added onto the end of the log:access.log (current day)
access.log.1 (yesterday)
access.log.2 (2 days ago)
If you are using MDOQ Web SSH to view the logs, you can use: ls -lath
to get an exact modified date.
NGINX logs are kept on the system for 14 days.
Certificate Manager
The MDOQ Certificate Manager is responsible for monitoring your site and ensuring all configured domains have valid SSL certificates.
To determine the correct domains to monitor MDOQ looks in two places:
- On a nightly basis MDOQ queries your Magento site for all urls
- MDOQ looks at the Additional Domains that you have configured.
If MDOQ finds a new domain or spots an existing domain certificate is about to expire it will generate a certificate request. Once the certificate request has been approved an SSL Certificate is generated and applied to your site.
If you have just added a new store to your Magento site you can simple synchronize Nginx to trigger this logic immediatly. (Please note it can take a little while for the SSL certificate to be generated depending on how busy the system is)
MDOQ use HTTP authentication to validate SSL certificates for you. This means you don't need to do any DNS changes and allows MDOQ to automatically renew certificates. The only thing you need to have configured is the actual domain DNS pointing to your server.
If you are using a WAF (Website Application Firewall) then we may not be able to generate a certificate (because your WAF will block the validation requests). In this case MDOQ generates a self signed certificate, which most WAFs are happy with.
If you're happy with this, simply add the domain to the "excluded domains" section of MDOQ certificate manager, to stop MDOQ attempting to create a certifcate.
If you're not happy with a self signed certificate, you will need to contact your WAF provider and ask them how to allow HTTP SSL Certificate Validation (please reach out to our support for more info if required)
Further Reading / Additional Guides
- Source control configuration - We understand that some people have custom requirements when it comes to Nginx. To support this MDOQ allows you to use your own Nginx templates.
- Configuring custom variables to change Nginxs behaviour:
Increasing Max Post Size
Handling 413 Request Entity Too Large - Configuring a custom domain for static assets
- Custom redirects - adding custom redirects to your Nginx config.
- Non 'default' default store - if your site doesn't have a 'default' store
- Configure custom entry point - if you have a Akeneo or Wordpress install within your Magento codebase, this can be used to serve them alongside your Magento installation.
- Redirect root domain to www - if you want to ensure all web traffic goes to your www. domain.
- Increased Security Options - additional options that may be required by some PCI scans.