Skip to content. | Skip to navigation

This is SunRain Plone Theme

Navigation

You are here: Home / Plone / Configuration / Konfiguration (server)

Konfiguration (server)

1. Plone

[buildout.cfg]

[instance]
<= instance_base
recipe = plone.recipe.zope2instance
http-address = 8080
ip-address = 127.0.0.1      << listen only on localhost, no external interfaces [important]

...

eggs =
    Plone
    Pillow
    quintagroup.dropdownmenu
    collective.prettyphoto
    collective.portlet.customizablerecent
    Products.ContentWellPortlets

red = addon products

2. Using Nginx as frontend for Plone

  • Access via HTTPS only (optional, same configuration can work for HTTP)
  • Proxies the site AND WebDAV access (note, WebDAV without HTTPS should be considered highly risky, don't do this)
  • If you want gzipped output, let Nginx do it, it's most likely more efficient and disable GZIP in Plone administration.
server {
        listen 443;
        server_name miranda.or.at;
        ssl on;

        root /home/miranda_at/www;

        ssl_certificate         /etc/ssl/certs/****;
        ssl_certificate_key     /etc/ssl/certs/****;
        ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers             ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
        ssl_session_cache       shared:SSL:10m;

        client_max_body_size                    32m;           # if you need to upload big files
        http_accounting_id                      mysite;        # traffic-counter ID (note: requires an optional Nginx plugin, disable this if you don't have it on your sever)
        access_log                              /home/miranda_at/logs/access_log.plone main;
        error_log                               /home/miranda_at/logs/error_log.plone;

        location / {
            add_header X-Frame-Options "SAMEORIGIN";
            add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
            add_header X-XSS-Protection "1; mode=block";
            add_header X-Content-Type-Options "nosniff";
            add_header Content-Security-Policy-Report-Only "default-src 'self'; img-src *; style-src 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval'$

            proxy_pass http://localhost:8080/VirtualHostBase/https/miranda.or.at:443/Plone/VirtualHostRoot/;

 # alternative methode # rewrite ^/(.*)$ /VirtualHostBase/https/miranda.or.at:443/Plone/VirtualHostRoot/$1 break; # proxy_pass http://127.0.0.1:8080/;

# allow plone to see the real IP of the visitor, not always the IP from the frontend proxy
proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; gzip on; }

green: real base URL as seen by the frontend server in the request
red: Plone Site-ID (e.g. http://localhost:8080/Plone
 

__TODO__