I want to create dockerized Wordpress with nginx that will use /kokpit instead of /wp-admin I'm using nginx:latest container with default config. And declared my server block for Wordpress like below
server {
listen 443 ssl;
ssl_certificate /etc/nginx/localhost.crt;
ssl_certificate_key /etc/nginx/localhost.key;
server_name dimidia.dev.com;
root /var/www/html;
index index.php;
error_log /var/log/nginx/stderr_dimidia debug;
access_log /var/log/nginx/stdout_dimidia;
location /media
{
rewrite ^/media/(.+) /wp-content/themes/mytheme/$1;
}
location /
{
try_files $uri $uri/ /index.php?$args;
}
location /kokpit
{
rewrite ^/kokpit(.*) /wp-admin$1;
}
location ~ \.php$ {
fastcgi_read_timeout 300;
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
client_max_body_size 50m;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_pass dimidia_php:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
However when I reach to /kokpit files like load-scripts.php are returning 404 instead of scripts, and I cannot reach any php files inside kokpit (all are returning 404) big question is: why?
Related
I'am running ddev under macos with apple silicon m1.
I'am trying to open a phar (Contao-Manager.phar.php) file in the browser but got a 404.
webroot is correctly set, because its is possible to open a test.php in same webroot in the browser.
Here Is My nginx-conf:
server {
listen 80 default_server;
listen 443 ssl default_server;
root /var/www/html/web;
ssl_certificate /etc/ssl/certs/master.crt;
ssl_certificate_key /etc/ssl/certs/master.key;
include /etc/nginx/monitoring.conf;
index index.php index.htm index.html;
sendfile off;
error_log /dev/stdout info;
access_log /var/log/nginx/access.log;
location / {
absolute_redirect off;
try_files $uri $uri/ /index.php?$query_string;
}
location #rewrite {
rewrite ^ /index.php;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/run/php-fpm.sock;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_intercept_errors off;
fastcgi_read_timeout 10m;
fastcgi_param SERVER_NAME $host;
fastcgi_param HTTPS $fcgi_https;
}
location ~* /\.(?!well-known\/) {
deny all;
}
location ~* (?:\.(?:bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ {
deny all;
}
include /etc/nginx/common.d/*.conf;
include /mnt/ddev_config/nginx/*.conf;
}
Try to change your default location to this (didn't check if works):
location / {
absolute_redirect off;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
try_files $fastcgi_script_name $uri $uri/ /index.php?$query_string;
}
And check your access.log and error.log if it's not working.
The problem is somewhere between fastcgi_split_path_info and your location order (which location actually handles *.php request first).
It is also possible that your regular expression in fastcgi_split_path_info doesn't match Contao-Manager.phar.php (file has 2 extensions).
I just stumbled upon the 0 day exploit
and some discussions about it
https://forum.nginx.org/read.php?2,88845,page=3
https://serverfault.com/questions/690983/which-try-files-nginx-directive-is-best-for-the-zero-day-exploit
that zero day exploit looks scary.
And all php apps like laravel are affected? Wordpress? everything?
what other exploits are out there that I don't know about but should know about?
I am confused, and preoccupied.
So to fix nginx, I need to have something like this:
server {
listen 80;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name dev.MyApp.com;
root /var/www/html/dev.MyApp.com/public;
index index.html index.htm index.php;
access_log /var/log/nginx/mylog.com.access.log;
error_log /var/log/nginx/mylog.com.error.log;
location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
}
location ~ \.php$ {
try_files $uri =404;
proxy_intercept_errors on;
error_page 500 501 502 503 = #fallback;
fastcgi_buffers 8 256k;
fastcgi_buffer_size 128k;
fastcgi_intercept_errors on;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
}
location #fallback {
try_files $uri =404;
fastcgi_buffers 8 256k;
fastcgi_buffer_size 128k;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
}
location ~* .(css|js|png|jpg|jpeg|gif|ico)$ { expires 1d; }
}
where try_files $uri =404; fixes the security issue. What else do i have to do? e.g. what other exploits are out there?
I have problem with my configuration server on nginx.
My configuration:
server {
listen 80;
server_name shop.md;
index index.php index.html index.htm;
access_log /var/log/nginx/test.dev.access.log;
error_log /var/log/nginx/test.dev.error.log;
location / {
root /home/vagrant/Workspace/shop/web;
try_files $uri $uri/ app_dev.php /app_dev.php$is_args$args;
}
location ~ .php$ {
root /home/vagrant/Workspace/shop/web;
index index.html index.htm index.php;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param APPLICATION_ENV development;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
}
sendfile off;
}
This configuration allow urls like this :
http://shop.md:8000/1/femei-pantofi
http://shop.md:8000/1/femei-pantofi?min_price=1&max_price=1000
For this URL:
http://shop.md:8000
I get the error 403 Forbidden
I use the #rewriteapp directive of nginx for my Symfony2 projects. The resulting configuration looks somewhat like this:
# strip app.php/ prefix if it is present
rewrite ^/app\.php/?(.*)$ /$1 permanent;
location / {
index app.php;
try_files $uri #rewriteapp;
}
location #rewriteapp {
rewrite ^(.*)$ /app.php/$1 last;
}
# pass the PHP scripts to FastCGI server from upstream phpfcgi
location ~ ^/(app|app_dev|adminer)\.php(/|$) {
fastcgi_pass phpfcgi-siyabonga;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS off;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
}
This works fairly well for me and is taken from the official nginx wiki page about Symfony2 with some additional changes. Also you should check the official Symfony2 docs. They have an example of a correct nginx configuration.
(first at all, sorry for english it's not my native :/ )
I have a problem with my NGINX conf, I have 2 symfony2 projects in 2 folders. The first one is my root dir (www.mywebsite.com/) in my nginx conf and I would have the second like this www.mywebsite.com/secondwebsite.
The first website works fine on port 80 (with classic nginx config).
My second website works fine on the port 82 (www.mywebsite.com:82) for example with this conf :
server {
listen 82;
server_name mywebsite.com *.mywebsite.;
root /var/www/project/dev/secondwebsite/web/;
index app_dev.php;
location / {
# try to serve file directly, fallback to app.php
try_files $uri /app_dev.php$is_args$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
include fastcgi_params;
add_header Access-Control-Allow-Origin *;
}
}
But I get a problem when I try to access like this www.mywebsite.com/secondwebsite, all my symfony2 routes does not work (I get a 404 on each), I put my app_dev.php as index to get more details
Here is the conf of my nginx conf :
server {
listen 80;
server_name mywebsite.com *.mywebsite.com;
index app.php;
root /var/www/project/dev/mywebsite/web;
error_log /var/log/nginx/mywebsite.error.log;
access_log /var/log/nginx/mywebsite.access.log;
if ($http_host != "www.mywebsite.com"){
rewrite ^ http://www.mywebsite.com$request_uri permanent;
}
location / {
# try to serve file directly, fallback to app.php
try_files $uri /app.php$is_args$args;
}
location /secondwebsite/ {
alias /var/www/project/dev/secondwebsite/web/;
index app_dev.php;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index app_dev.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
add_header Access-Control-Allow-Origin *;
}
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
include fastcgi_params;
add_header Access-Control-Allow-Origin *;
}
}
I've search many times but nothing works, I really need help ^^
I've got problem with my project in symfony2 when i'm trying to run this on nginx.
www.domain/ works fine
www.domain/app_dev.php ,"An error occurred while loading the web debug toolbar (404: Not Found).Do you want to open the profiler?"
www.domain/app.php/someurl/ - 404 not found
Is it server configuration issue or should I change my .htaccess in some way to make it possible to run with nginx?
You can check my dev config (with PHP-FPM):
server {
listen 80;
server_name dev.example.com;
root /var/www/web;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log error;
index app.php index.html index.htm;
try_files $uri $uri/ #rewrite;
location #rewrite {
rewrite ^/(.*)$ /app.php/$1;
}
location ~ \.php(/|$) {
# try_files $uri =404;
fastcgi_index app.php;
fastcgi_pass unix:/var/run/php5-fpm.sock;
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_buffer_size 1280k;
fastcgi_buffers 4 2560k;
fastcgi_busy_buffers_size 2560k;
}
location ~ /\.ht {
deny all;
}
}