This question already has answers here:
upstream sent too big header while reading response header from upstream
(16 answers)
Closed last year.
I'm currently trying to switch from an Apache server to using nginx to be load resistant.
But I came across an error that I can not solve and I would be happy for your help,
so:
Most pages (php) work smoothly,
Unexpectedly certain pages when I browse to them I get a 502 error
Quote the error from the error.log logs
2022/01/25 18:51:57 [error] 848#848: *4 upstream sent too big header while reading response header from upstream, client: 147.234.64.35, server: XXXX.com, request: "GET /XXX.php?XXX=true&XXX=no&XXX= HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php7.4-fpm.sock:", host: "XXX.com"
But what I do not understand most is that when I enable error output by adding the value "ini_set ('display_errors', 1);" At the top of the code, it works smoothly without a 502 error
This is defined for me in the file / etc / nginx / sites-available / default
server {
server_name domain.com;
root /var/www/html;
index index.html index.htm index.php;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
location ~ /\.ht {
deny all;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name domain.com;
return 404; # managed by Certbot
}
I would appreciate any assistance or preparation
Thanks
Try to add:
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
or (if you use proxy_pass):
proxy_buffer_size 128k;
proxy_buffers 16 256k;
proxy_busy_buffers_size 256k;
If necessary change the values ;)
Related
I am using Nginx for a couple of websites. First time user of it and not that happy (Apache will not work in my case). I am trying to use PHP for a new project that requires it. I have PHP 7.3 FPM. To test, phpinfo(); does work however when adding this project (openCAD), index.php seems to be blank.
I tried putting on MyBB to see if that executes and it simply does not, just a blank page.
Here is my nginx config
server {
root /var/www/mywebsite.com/;
index index.php index.html index.htm index.nginx-debian.html;
server_name mywebsite.com www.mywebsite.com;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mywebsite.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mywebsite.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}server {
if ($host = www.mywebsite.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = mywebsite.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name mywebsite.com www.mywebsite.com;
return 404; # managed by Certbot
}
server {
if ($host = www.appeal.mywebsite.com) {
return 301 https://mywebsite.com/appeal;
} # managed by Certbot
if ($host = appeal.mywebsite.com) {
return 301 https://mywebsite.com/appeal;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name www.appeal.mywebsite.com appeal.mywebsite.com;
return 404; # managed by Certbot
}
server {
if ($host = www.cad.mywebsite.com) {
return 301 https://mywebsite.com/cad;
} # managed by Certbot
if ($host = cad.mywebsite.com) {
return 301 https://mywebsite.com/cad;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name www.cad.mywebsite.com cad.mywebsite.com;
return 404; # managed by Certbot
}
Here is the error log for trying to access MyBB
2019/08/20 15:48:11 [error] 23516#23516: *71 FastCGI sent in stderr: "PHP message: PHP Warning: require_once(/var/www/mywebsite.com/php/inc/init.php): failed to open stream: No such file or directory in /var/www/mywebsite.com/php/global.php on line 20PHP message: PHP Fatal error: require_once(): Failed opening required '/var/www/mywebsite.com/php/inc/init.php' (include_path='.:/usr/share/php') in /var/www/mywebsite.com/php/global.php on line 20" while reading response header from upstream, client: 70.44.50.53, server: mywebsite.com, request: "GET /php/index.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php7.3-fpm.sock:", host: "mywebsite.com"
Based on your error log, mybb is trying to find its files in /var/www/mywebsite.com/php/, but your root is set to /var/www/mywebsite.com/. So it looks like you didn't set it up properly. If you keep your root as is, you need to ensure that mybb's folders like inc, admin, etc. are subdirectories of /var/www/mywebsite.com/.
I'm trying to setup Symfony 4 next to an already working wordpress site with nginx. Wordpress should manage the homepage at
https://www.my.domain
and the blog posts under
https://www.my.domain/conseils
The symfony application should take over for anything under
https://www.my.domain/app
I've read the default documentation bot here and here aswell as some troubleshooting made here. Furthermore, it seems REALLY close to that answered question but with nginx instead of apache: Symfony4 routing inside a subfolder
The fact is i still cant manage to make it working. Here's my current site.conf which gives me a 404, but i cant really find some helpful log even with the debug option enabled in nginx.
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name www.my.domain;
root /var/www/my.domain/html;
#symfony location block
location /app {
alias /var/www/my.domain/app/public;
index index.php;
try_files $uri /app/public/index.php/$1 last;
include snippets/fastcgi-php.conf;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
error_log /var/log/nginx/project_error.log;
access_log /var/log/nginx/project_access.log;
}
#Wordpress location block
location / {
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
}
location ~* \.(css|js|ico|gif|jpeg|jpg|webp|png|svg|eot|otf|woff|woff2|ttf|ogg)$ {
expires max;
}
location ~ /\.ht {
deny all;
}
}
}
Lastly i tried something found here. This times, it gives me the following symfony routing error: No route found for "GET /app".
Below the conf file:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name www.my.domain;
root /var/www/my.domain/html;
# Symfony location block
location /app {
alias /var/www/my.domain/app/public;
index index.php;
rewrite ^/app/(.*)$ /$1 break;
try_files $uri #symfonyFront;
}
set $symfonyRoot /var/www/my.domain/app/public;
set $symfonyScript index.php;
location #symfonyFront {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $symfonyRoot/$symfonyScript;
fastcgi_param SCRIPT_NAME /app/$symfonyScript;
fastcgi_param REQUEST_URI /app$uri?$args;
}
#Wordpress location block
location / {
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
}
location ~* \.(css|js|ico|gif|jpeg|jpg|webp|png|svg|eot|otf|woff|woff2|ttf|ogg)$ {
expires max;
}
location ~ /\.ht {
deny all;
}
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.my.domain/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.my.domain/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
In both cases, the wordpress is working as intended. Homepage and blog posts are showing when expected. The symfony app however isnt. For the former cas, i got a 404 when visiting my.domain/app and the latter gives me a symfony routing error. That means i'm actually hitting SF front controller. And i got the kernel stack trace saying the route app/ is not found within symfony. And that's absolutely correct since i expect symfony to work under that directory and it should not be user for the routing.
At this point i'm not even sure which one makes me close to the desired result. Any tip would be appreciated!
EDIT:
etc/nginx/error.log with debug activated show many lines but this one caught my attention:
2019/08/15 18:11:42 [alert] 6929#6929: *5 "alias" cannot be used in
location "/app" where URI was rewritten, client: 86.252.250.94,
server: www.my.domain, request: "GET /app/ HTTP/1.1", host:
"www.my.domain"
And when i got the route not found error, i got that (which is expected) in the symfony log:
[2019-08-15 18:26:00] request.ERROR: Uncaught PHP Exception Symfony\Component\HttpKernel\Exception\NotFoundHttpException: "No route found for "GET /app"" at /var/www/my.domain/app/vendor/symfony/http-kernel/EventListener/RouterListener.php line 141 {"exception":"[object] (Symfony\Component\HttpKernel\Exception\NotFoundHttpException(code: 0): No route found for \"GET /app\" at /var/www/my.domain/app/vendor/symfony/http-kernel/EventListener/RouterListener.php:141, Symfony\Component\Routing\Exception\ResourceNotFoundException(code: 0): No routes found for \"/app/\". at /var/www/my.domain/app/vendor/symfony/routing/Matcher/Dumper/CompiledUrlMatcherTrait.php:70)"} []
EDIT2: i've added the
fastcgi_split_path_info ^/app(.+.php)(/.+)$;
without noticeable change.
Interestingly enough, when i replaced the rewrite directive with "last" instead of "break" it displays the 404 page from wordpress.
I'm trying to setup basic authentication for all of my site, but I'm getting a redirect loop when I try to enable it. Current config works, but when I add
auth_basic "Secured";
auth_basic_user_file /var/www/*****/.htpasswd;
under location / {
it redirects endlessly to mysite.com/login and fails. mysite.com/login is the login page for the script I'm using, but it is not supposed to redirect there upon visiting the homepagepage and it does not do so normally. I am not sure if something in my script is causing the redirect loop, or my nginx config but I would like to figure a way to enable basic HTTP authentication.
Any ideas would be most appreciated, thank you.
server {
server_name ***** www.*****;
# note that these lines are originally from the "location /" block
root /var/www/******/public;
location / {
try_files $uri /index.php$is_args$args;
}
location ~ ^/index\.php(/|$) {
include fastcgi.conf;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
internal;
}
location ~ \.php$ {
return 404;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/*****/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/*****/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.*****) {
return 302 https://$host$request_uri;
} # managed by Certbot
if ($host = *****) {
return 302 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name ***** www.*****;
return 404; # managed by Certbot
}
I've just installed a Ghost Blog on a new server running NGINX. The Ghost config.json file is pointing at the correct directory /blog and the blog loads fine when I visit it.
What isn't working is when I remove /blog from the URL, I get taken to a 404 page. I've checked my sites-enabled file, which looks like this:
server {
listen 80;
listen [::]:80;
server_name *********;
root /var/www/ghost/system/nginx-root;
location ^~ /blog {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://*********:2368;
proxy_redirect off;
}
location ~ /.well-known {
allow all;
}
client_max_body_size 50m;
But I'm not entirely sure what I need to change to not get the 404 error. I have an example .php file which should be loading but isn't.
I've always used the Digital Ocean One-Click Ghost app but I wanted to use the Ghost CLI this time round. I have a feeling I've missed something though.
the following may remove some of your restrictions but it will work
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name _;
ssl on;
ssl_certificate /etc/letsencrypt/live/thedomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/thedomain.com/privkey.pem;
access_log /var/log/nginx/thedomain.access.log;
error_log /var/log/nginx/thedomain.error.log;
root /var/www/thedomain;
index index.html;
gzip on;
gzip_proxied any;
gzip_types text/css text/javascript text/xml text/plain application/javascript application/x-javascript application/json;
location / {
try_files $uri $uri/ =404;
}
}
You need to make sure all the ssl files are there and permissioned for access by www-data.
If you need to run certbot for the first time, just but the 443 code in an 80 block without the ssl statements
The nginx configuration you've posted only deals with Ghost.
You've setup a server responding on port 80, set the root to Ghost's nginx-root, and created 2 location blocks. One is for /blog/ and serves Ghost, the second .well-known block is for handling generation of SSL certificates with letsencrypt.
I'm not an expert at configuring nginx for PHP, but this guide from Digital Ocean and this stackoverflow question covers a lot of the details.
I think you have a couple of options:
Set the index to be index.php
Add a new location block for / which serves php files
Add a block to handle all php files
I believe adding a new location block like this, will mean any .php files you have will always be called if the path in the URL matches.
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
But the value of fastcgi_pass will depend on how you have PHP setup on your system.
With this, going to /index.php should work.
Setting index: index.php will mean that / maps to /index.php I'm not sure if that will interfere with Ghost, if it does, you'd need a specific location / {} block instead of the index being set.
I'm using Laravel (5.4) Forge for a web app that uploads Vimeo and Youtube videos from S3. In the past, before moving to Forge, this script worked correctly, and also still works correctly with smaller files today.
Now that I'm trying to upload larger files (~1gb), Im receiving a 502 Bad Gateway after just over 1 minute for the php upload script. The rest of the application runs fine.
Specifically, here is the error:
2017/04/24 20:36:48 [error] 2111#2111: *1 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: X.X.X.X.X, server: myserver.com, request: "POST /recordings/vimeo/upload HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php7.1-fpm.sock:", host: "myserver.com", referrer: "http://myserver.com/recordings"
I have tried:
adding / editing fastcgi directives in the nginx config
upping output_buffering in php
adding the proxy_ and client_max_body items below
Here's my NGINX config:
include forge-conf/myserver.com/before/*;
server {
listen 80;
listen [::]:80;
server_name .myserver.com;
root /home/forge/myserver.com/public;
# FORGE SSL (DO NOT REMOVE!)
# ssl_certificate;
# ssl_certificate_key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'hidden for SO';
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
include forge-conf/myserver.com/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/myserver.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
fastcgi_index index.php;
fastcgi_read_timeout 3600;
fastcgi_buffers 8 512k;
fastcgi_buffer_size 512k;
include fastcgi_params;
client_max_body_size 128M;
proxy_buffer_size 256k;
proxy_buffers 4 512k;
proxy_busy_buffers_size 512k;
}
location ~ /\.ht {
deny all;
}
}
include forge-conf/myserver.com/after/*;
What am I missing? I can't seem to figure this out at all. Thank you in advance for the help.
"request_terminate_timeout" turned out to be the issue:
https://laracasts.com/discuss/channels/forge/502-bad-gateway-with-large-file-uploads
I had the same 502 problem and after some debugging discovered that I was hitting a limit inside nginx, not a problem in PHP.
Added the following to my site conf and things seem to be working now:
server{
fastcgi_temp_file_write_size 10m;
fastcgi_busy_buffers_size 512k;
fastcgi_buffer_size 512k;
fastcgi_buffers 16 512k;
#...our rest of config
}
typically you can find nginx config file inside
/etc/nginx/sites-available/default or
/etc/nginx/sites-available/your_domain.com