👋🏾 Looking to join our SuiteCRM Community Working Group? 💌 Open invitation throughout January. Check out all the details here 👈

SuiteCRM 8 nginx conf

There was a statement by a SuiteCRM maintainer, that nginx was not supported with SuiteCRM 8 and one should use an Apache server.

https://community.suitecrm.com/t/suitecrm-8-beta-install-questions/79383/158

Well, here is a working nginx server conf that handles legacy and all types of API requests:

server {
        listen 80; # adjust to your needs
        listen [::]:80;
        root /path/to/SuiteCRM/public;
        index  index.php index.html index.htm;
        server_name  localhost;

        client_max_body_size 100M;



        location / {
            # try to serve file directly, fallback to index.php
            try_files $uri /index.php$is_args$args;

            # optionally disable falling back to PHP script for the asset directories;
            # nginx will return a 404 error when files are not found instead of passing the
            # request to Symfony (improves performance but Symfony's 404 page is not displayed)
            # location /bundles {
            #     try_files $uri =404;
            # }

            location ~ ^/index\.php(/|$) {
                fastcgi_split_path_info ^(.+\.php)(/.*)$;
                include fastcgi_params;
                fastcgi_pass 127.0.0.1:9074; # adjust to your needs
                fastcgi_param  HTTPS $https;
                fastcgi_intercept_errors on;

                fastcgi_temp_file_write_size 10m;
                fastcgi_busy_buffers_size    512k;
                fastcgi_buffer_size          512k;
                fastcgi_buffers           16 512k;
                fastcgi_read_timeout 1200;
                fastcgi_param HTTP_AUTHORIZATION $http_authorization;

                # optionally set the value of the environment variables used in the application
                # fastcgi_param APP_ENV prod;
                # fastcgi_param APP_SECRET <app-secret-id>;
                # fastcgi_param DATABASE_URL "mysql://db_user:db_pass@host:3306/db_name";

                # When you are using symlinks to link the document root to the
                # current version of your application, you should pass the real
                # application path instead of the path to the symlink to PHP
                # FPM.
                # Otherwise, PHP's OPcache may not properly detect changes to
                # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
                # for more information).
                fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
                fastcgi_param DOCUMENT_ROOT $realpath_root;
                # Prevents URIs that include the front controller. This will 404:
                # http://domain.tld/index.php/some-path
                # Remove the internal directive to allow URIs like this
                internal;

            }

            # return 404 for all other php files not matching the front controller
            # this prevents access to other php files you don't want to be accessible.
            location ~ \.php$ {
                return 404;
            }
        }

        location ^~ /legacy/ {
            try_files $uri $uri/ /index.php?$args;

            location ~ \.php$ {
                try_files $uri =404;
                fastcgi_split_path_info ^(.+\.php)(/.*)$;
                include fastcgi_params;
                fastcgi_pass 127.0.0.1:9074; # adjust to your needs
                fastcgi_param  HTTPS $https;

                fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
                fastcgi_param DOCUMENT_ROOT $realpath_root;
            }
        }

        location ~ /Api/(?!(graphql)) {
            alias /path/to/SuiteCRM/public/legacy; # !important

            index index.php;
            try_files $uri @rewrite_api;

            location ~ .php {
                fastcgi_split_path_info ^(.+\.php)(/.*)$;
                include fastcgi_params;
                fastcgi_pass 127.0.0.1:9074; # adjust to your needs
                fastcgi_param  HTTPS $https;

                fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
                fastcgi_param DOCUMENT_ROOT $realpath_root;
            }
        }

        location @rewrite_api {
            rewrite ^/Api/(.*)?$ /Api/index.php/$1 last;
        }

    }
1 Like

Hi @myfluxi,

Welcome to the community :wave: and thank you for trying out SuiteCRM 8 RC.

Thanks for the guide!

@D3rv @chriswithadot the above may help with some of the questions you’ve posted previously.

Though I think there maybe a couple of scenarios were you may find issues, due to some legacy code.

Hey, thanks for this base config, it works decently!

Just note that:

  • Logs are public (/legacy/suitecrm.log)
  • If using OAuth2, the keys would also be accessible on /Api/V8/OAuth2/private.key

In order to fix this, I changed location ~ \.php$ by location ~ \.(php|key|log)$ in the necessary places.

Please rotate your OAuth keys after doing that :-D.

2 Likes