I'm trying to set up prestashop but can't get php to recognize write permissions.
I'm getting the following error
You need to grant write permissions for PHP on the following directory: /usr/share/nginx/presta
output of ls -la
total 75960
drwxr-xr-x 2 http http 4096 Oct 5 23:45 .
drwxrwxrwx 5 root root 4096 Oct 5 20:58 ..
-rw-r--r-- 1 http http 690272 Sep 14 12:00 index.php
-rw-r--r-- 1 http http 441 Jun 15 11:32 Install_PrestaShop.html
-rw-r--r-- 1 http http 77073848 Sep 14 12:00 prestashop.zip
I'm using nginx on arch here's http server config
server {
# Ipv4
listen 82 ssl;
# IPv6
# listen [::]:80;
# SSL Ipv4 & v6
# listen 443 ssl http2;
# listen [::]:443 ssl;
# Your SSL Certificates, don't forget to take a look at Certbot (https://certbot.eff.org)
# ssl_certificate /etc/ssl/fullchain.pem;
# ssl_certificate_key /etc/ssl/privkey.pem;
ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem; # managed by Certbot
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# ssl_session_timeout 24h;
# ssl_session_cache shared:SSL:10m;
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:RSA+3DES:AES128-SHA:!ADH:!AECDH:!MD5;
# ssl_prefer_server_ciphers on;
# Do not forget to create this file before with OpenSSL : "openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048"
# ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# [REQUIRED EDIT] Your domain name goes here
server_name domain.tld;
# [REQUIRED EDIT] Absolute path to your website root on the filesystem
root /usr/share/nginx/presta;
index index.php;
# Redirect 404 errors to prestashop
error_page 404 /index.php?controller=404;
# Gzip Settings, convert all types.
gzip on;
gzip_vary on;
gzip_proxied any;
# Can be enhance to 5, but it can slow you server
# gzip_comp_level 5;
# gzip_min_length 256;
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
# HSTS (Force clients to interact with your website using HTTPS only)
# For enhanced security, register your site here: https://hstspreload.org/
# WARNING: Don't use this if your site is not fully on HTTPS!
# add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" preload; always;
# Cloudflare / Max CDN fix
location ~* \.(eot|otf|ttf|woff(?:2)?)$ {
add_header Access-Control-Allow-Origin *;
}
# Force pdf files to be downloaded
location ~* \.pdf$ {
add_header Content-Disposition Attachment;
add_header X-Content-Type-Options nosniff;
}
# Force files in upload directory to be downloaded
location ~ ^/upload/ {
add_header Content-Disposition Attachment;
add_header X-Content-Type-Options nosniff;
}
# Do not save logs for these
location = /favicon.ico {
auth_basic off;
allow all;
log_not_found off;
access_log off;
}
location = /robots.txt {
auth_basic off;
allow all;
log_not_found off;
access_log off;
}
# [REQUIRED EDIT] if you are using multiple languages
# rewrite ^/fr$ /fr/ redirect;
# rewrite ^/fr/(.*) /$1;
# Images
rewrite ^/([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$1$2$3.jpg last;
rewrite ^/([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$1$2$3$4.jpg last;
rewrite ^/([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$1$2$3$4$5.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg last;
rewrite ^/c/([0-9]+)(-[.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+.jpg$ /img/c/$1$2$3.jpg last;
rewrite ^/c/([a-zA-Z_-]+)(-[0-9]+)?/.+.jpg$ /img/c/$1$2.jpg last;
# AlphaImageLoader for IE and fancybox
rewrite ^images_ie/?([^/]+)\.(jpe?g|png|gif)$ js/jquery/plugins/fancybox/images/$1.$2 last;
# Web service API
rewrite ^/api/?(.*)$ /webservice/dispatcher.php?url=$1 last;
# Installation sandbox
rewrite ^(/install(?:-dev)?/sandbox)/(.*) /$1/test.php last;
# without this line nginx seo url not working.
try_files $uri $uri/ /index.php?$args;
# [REQUIRED EDIT] Change this block to your admin folder
location /admin-dev/ {
if (!-e $request_filename) {
rewrite ^/.*$ /admin-dev/index.php last;
}
}
# File security
# .htaccess .DS_Store .htpasswd etc
location ~ /\. {
deny all;
}
# Source code directories
location ~ ^/(app|bin|cache|classes|config|controllers|docs|localization|override|src|tests|tests-legacy|tools|translations|travis-scripts|vendor|var)/ {
deny all;
}
# vendor in modules directory
location ~ ^/modules/.*/vendor/ {
deny all;
}
# Prevent exposing other sensitive files
location ~ \.(yml|log|tpl|twig|sass)$ {
deny all;
}
# Prevent injection of php files
location /upload {
location ~ \.php$ {
deny all;
}
}
location /img {
location ~ \.php$ {
deny all;
}
}
# PHP FPM part
location ~ \.php$ {
# Verify that the file exists, redirect to index if not
try_files $fastcgi_script_name /index.php$uri&$args =404;
fastcgi_index index.php;
# Environment variables for PHP
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# [REQUIRED EDIT] Connection to PHP-FPM - choose one
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_pass unix:/run/php/php7.3-fpm.sock;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_keep_conn on;
fastcgi_read_timeout 30s;
fastcgi_send_timeout 30s;
# In case of long loading or 502 / 504 errors
# fastcgi_buffer_size 256k;
# fastcgi_buffers 256 16k;
# fastcgi_busy_buffers_size 256k;
client_max_body_size 16M;
}
}
PHP is running under the http user, confirmed that by running a file containing <?php echo `whoami`; ?> from the browser.
A simple php file using fwrite also fails.
And yes I tried changing permissions of all files and dirs to 777/666 to check if maybe somehow php ran under different user but it did nothing.
Why install PrstaShop there?
It is customary to install it in the webserver root which for linux bases servers is either /var/www (/var/www/html) or chrooted user directories.
PHP will have no issue there.
Related
I am struggling with this from quite sometime now and thought to ask the community.
I have recently started working on digital ocean and nginx. I was using apache earlier.
I have a simple wordpress website that works fine in local but when pushed on droplet server using nginx the site is not working properly.
The landing page is working fine but when i route to different link I get 404 error page from nginx.
I feel this is because of htaccess file that is not getting picked up in nginx and I have to rewrite rules in nginx but nothing worked.
Here is my configuration file for nginx.conf file, sites-available/default file
sites-available/default
server {
listen 80;
server_name martinschildrenacademy.com www.martinschildrenacademy.com;
return 301 https://$host$request_uri;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}
# Default server configuration
#
server {
# listen 80 default_server;
# listen [::]:80 default_server;
listen 443 ssl;
server_name martinschildrenacademy.com www.martinschildrenacademy.com;
ssl_certificate /etc/letsencrypt/live/martinschildrenacademy.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/martinschildrenacademy.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name martinschildrenacademy.com;
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;#
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
client_max_body_size 100M;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
Any suggestion that could help me to solve this issue?
You have two server blocks in your sites-available/default file. The first server block receives HTTP requests and then responds with redirect instructions to the HTTPS version defined with the second server block. You only need to keep the first 3 lines inside the first block and remove the rest like this:
server {
listen 80;
server_name martinschildrenacademy.com www.martinschildrenacademy.com;
return 301 https://$host$request_uri;
}
Nginx configuration for WordPress must have the following location block to work correctly:
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
So you must insert the location block into the second server block. You did. And it worked.
Just got this working.
Not sure why but I just moved this line
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
in default.config file from top to bottom server block. And it worked.
Try this:
location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
}
I am running a PHP Website Where all Sub Pages are showing 404 Not Found Nginx
But Homepage and Admin Panel is working fine.
I am running Php website which is running on Nginx Server -
Here is my Default Nginx File
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name (My IP Pasted here);
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
# With php-cgi (or other tcp sockets):
#fastcgi_pass 127.0.0.1:9000;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}}
And Nginx.conf file as
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 100000;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
These are my files, Here is just homepage working fine but the other sub pages are not working here is getting the 404 not found nginx error. Even the Admin Panel working file.
Please Help me...
Here is nedwos solution to the problem
Change the line in the location block of the affected site to:
try_files $uri $uri/ /index.php?q=$uri&$args;
and reload nginx
sudo systemctl reload nginx
All should be well :)
Link to original question
try removing try_files $uri $uri/ =404; in location path of default nginx file. check if it's work
if not
remove try_files $uri $uri/ =404; in location path add the following with your localhost
proxy_pass http://localhost:5000; #whatever port your app runs on
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
paste in location path
My CSS and JS files are showing up as 404 / File Not Found. It is the "Laravel 404" page, not the "Nginx 404" page that is being shown, which makes me think it could be a Laravel issue, but I'm not sure. The rest of my site and the Laravel app in the sub-directory are working fine.
I have Nginx serving a regular PHP web site (PHP-FPM) from the default root at /
I also have Nginx serving a Laravel app from /todos/
But the images from under /todos/ (the Laravel app) are all showing up as 404. The file system location is /todos/public/css/ and /todos/public/js/ accordingly.
I'm guessing this is an Nginx issue, but I'm not sure. It might be a Laravel issue. Do I need to set a Route in /routes/web.php for css and js files in Laravel?
This is a pretty vanilla Bitnami Ubuntu install.
Here are my Nginx config files:
Contents of nginx.conf:
user daemon daemon;
worker_processes auto;
error_log "/opt/bitnami/nginx/logs/error.log";
pid "/opt/bitnami/nginx/logs/nginx.pid";
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
client_body_temp_path "/opt/bitnami/nginx/tmp/client_body" 1 2;
proxy_temp_path "/opt/bitnami/nginx/tmp/proxy" 1 2;
fastcgi_temp_path "/opt/bitnami/nginx/tmp/fastcgi" 1 2;
scgi_temp_path "/opt/bitnami/nginx/tmp/scgi" 1 2;
uwsgi_temp_path "/opt/bitnami/nginx/tmp/uwsgi" 1 2;
access_log "/opt/bitnami/nginx/logs/access.log";
sendfile on;
keepalive_timeout 65;
gzip on;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_proxied any;
gzip_vary on;
gzip_types text/plain
text/xml
text/css
text/javascript
application/json
application/javascript
application/x-javascript
application/ecmascript
application/xml
application/rss+xml
application/atom+xml
application/rdf+xml
application/xml+rss
application/xhtml+xml
application/x-font-ttf
application/x-font-opentype
application/vnd.ms-fontobject
image/svg+xml
image/x-icon
application/atom_xml;
gzip_buffers 16 8k;
add_header X-Frame-Options SAMEORIGIN;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS;
include "/opt/bitnami/nginx/conf/bitnami/bitnami.conf";
Contents of bitnami.conf:
# HTTP server
server {
listen 80;
listen [::]:80 default_server ipv6only=on;
server_name localhost;
return 301 https://$host$request_uri;
location / {
root /opt/bitnami/nginx/html;
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$query_string;
}
## Begin - Security
# deny all direct access for these folders
location ~* /(\.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
# deny running scripts inside core system folders
location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny running scripts inside user folder
location ~* /user/.*\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny access to specific files in the root folder
location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; }
## End - Security
include "/opt/bitnami/nginx/conf/bitnami/phpfastcgi.conf";
include "/opt/bitnami/nginx/conf/bitnami/bitnami-apps-prefix.conf";
}
# HTTPS server
server {
listen 443 ssl http2;
listen [::]:443 default ipv6only=on;
server_name localhost;
ssl_certificate server.crt;
ssl_certificate_key server.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
location / {
root /opt/bitnami/nginx/html;
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$query_string;
}
location /todos {
try_files $uri $uri/ /todos/index.php?$query_string;
index index.php index.html index.htm;
root /opt/bitnami/nginx/html/todos/public/;
location ~ \.php$ {
fastcgi_index index.php;
fastcgi_read_timeout 300;
fastcgi_pass unix:/opt/bitnami/php/var/run/www.sock;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME /opt/bitnami/nginx/html/todos/public/index.php;
fastcgi_param QUERY_STRING $query_string;
include fastcgi_params;
}
}
## Begin - Security
# deny all direct access for these folders
location ~* /(\.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
# deny running scripts inside core system folders
location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny running scripts inside user folder
location ~* /user/.*\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny access to specific files in the root folder
location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; }
## End - Security
include "/opt/bitnami/nginx/conf/bitnami/phpfastcgi.conf";
include "/opt/bitnami/nginx/conf/bitnami/bitnami-apps-prefix.conf";
}
include "/opt/bitnami/nginx/conf/bitnami/bitnami-apps-vhosts.conf";
Contents of /opt/bitnami/nginx/conf/bitnami/phpfastcgi.conf:
location ~ \.php$ {
root html;
fastcgi_read_timeout 300;
fastcgi_pass unix:/opt/bitnami/php/var/run/www.sock;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
include fastcgi_params;
}
Well, I ended up adding the following location blocks and it worked, turns out alias was the trick:
location /todos/css/ {
alias /opt/bitnami/nginx/html/todos/public/css/;
}
location /todos/js/ {
alias /opt/bitnami/nginx/html/todos/public/js/;
}
I am using WordPress with Nginx but whenever I try to enable caching of static files they turn to 404 not found.
This is my /etc/nginx/conf.d/default.conf file:
server {
listen 80;
server_name _;
# SSL configuration
listen 443 ssl default_server;
ssl_certificate /etc/letsencrypt/live/shivampaw.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/shivampaw.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
ssl_session_timeout 30m;
ssl_session_cache shared:SSL:10m;
ssl_buffer_size 8k;
add_header Strict-Transport-Security max-age=31536000;
location / {
root /home/shivam/sites/shivampaw.com;
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
root /home/shivam/sites/shivampaw.com;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 9;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json applicationx-javascript text/xml application/xml application/xml+rss text/javascript;
include wordpress/wordpress.conf;
And this is the WordPress.conf file:
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~ /\. {
deny all;
}
# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
With that, it works fine. But if I add
# Media: images, icons, video, audio, HTC
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
}
# CSS and Javascript
location ~* \.(?:css|js)$ {
expires 1y;
access_log off;
add_header Cache-Control "public";
}
To the end of wordpress.conf and restart nginx and reload my site all the static files come up with 404.
So I have to comment that caching out and it works fine.
Any ideas?
This means that if I include wp-rocket.conf (I use it) it also gives a 404 because wp-rocket.conf has caching stuff in it.
So basically, why can't i cache static files?
It's because you've defined your root in the root location block. So the other location blocks don't know about it. This is bad practice (see here). These location blocks don't know where to look for the files.
You should have the root /home/shivam/sites/shivampaw.com; above your location / { block and then add the try_files $uri $uri/ /index.php?$args to each of your static blocks.
Another way to do it is to keep your config, but add alias /path/to/static/files/; to each block.
I used this tutorial from DigitalOcean
I am not able to get my vps to work with just one wordpress site with nginx.
Eventually I want to have 2 Wordpress sites on 2 different directories on the same server.
I included all 3 .conf files wordress.conf, common.conf & multisite.conf just like it says in the tutorial.
nginx.conf
user www-data;
worker_processes 1;
pid /run/nginx.pid;
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss textjavascript;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
My file in /etc/nginx/sites-enabled/example that is symlinked from /etc/nginx/sites-available/example
server {
server_name example.com;
rewrite ^/(.*)$ http://www.example.com/$1 permanent;
}
server {
server_name www.example.com;
root /var/www/example;
access_log /var/log/nginx/www.example.com.access.log;
error_log /var/log/nginx/www.example.com.error.log;
include global/common.conf;
include global/wordpress.conf;
}
wordpress.conf
# WORDPRESS : Rewrite rules, sends everything through index.php and keeps the appended query string intact
location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
}
# SECURITY : Deny all attempts to access PHP Files in the uploads directory
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
# REQUIREMENTS : Enable PHP Support
location ~ \.php$ {
# SECURITY : Zero day Exploit Protection
try_files $uri =404;
# ENABLE : Enable PHP, listen fpm sock
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
# PLUGINS : Enable Rewrite Rules for Yoast SEO SiteMap
rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;
rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
#Yeah! you did it.
common.conf
# Global configuration file.
# ESSENTIAL : Configure Nginx Listening Port
listen 80;
# ESSENTIAL : Default file to serve. If the first file isn't found,
index index.php index.html index.htm;
# ESSENTIAL : no favicon logs
location = /favicon.ico {
log_not_found off;
access_log off;
}
# ESSENTIAL : robots.txt
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# ESSENTIAL : Configure 404 Pages
error_page 404 /404.html;
# ESSENTIAL : Configure 50x Pages
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/www;
}
# SECURITY : Deny all attempts to access hidden files .abcde
location ~ /\. {
deny all;
}
# PERFORMANCE : Set expires headers for static files and turn off logging.
location ~* ^.+\.(js|css|swf|xml|txt|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires 30d;
}
multisite.conf
# Rewrite rules for WordPress Multi-site.
if (!-e $request_filename) {
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last;
rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 last;
}
I configured the wp-config.php file as well.
Created my MySQL user and made sure the user has access to the database.
Also changed the permissions of /var/www/example with chmod -R 755 .
And I have nothing on my logs:
/var/log/nginx/www.example.com.access.log nor /var/log/nginx/www.example.com.error.log files have been created.
When I curl or telnet I get a connection refused
telnet xxx.xxx.xxx.xx or telnet example.com
Trying xxx.xxx.xxx.xx...
telnet: connect to address xxx.xxx.xxx.xx: Connection refused
telnet: Unable to connect to remote host
curl xxx.xxx.xxx.xx or curl example.com
`curl: (7) Failed to connect to xxx.xxx.xxx.xx port 80: Connection refused`