I've installed nginx on a fresh Ubuntu 18.04 server. Its for an osTicket installation if that matters at all. I put all the files in the /var/www/html directory and setup my sites-available/enabled. But when I go to the site I get an Access Denied message and the error log shows:
2019/04/07 13:50:24 [error] 17708#17708: *1 FastCGI sent in stderr:
"PHP message: PHP Warning: Unknown: failed to open stream: Permission
denied in Unknown on line 0
Unable to open primary script: /var/www/html/upload/index.php
(Permission denied)" while reading response header from upstream,
client: [my IP], server: server.domain.local, request: "GET / HTTP/1.1",
upstream: "fastcgi://unix:/run/php/php7.2-fpm.sock:", host: "server.domain.local"
Already made sure all directories from /var/www/html down have www-data:www-data and +x.
/etc/nginx/sites-available/osticket.conf
server {
listen 80;
server_name server.domain.local;
root /var/www/html/upload/;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
index index.php;
client_max_body_size 2000M;
client_body_buffer_size 100M;
client_header_buffer_size 10M;
large_client_header_buffers 2 10M;
client_body_timeout 12;
client_header_timeout 12;
keepalive_timeout 15;
send_timeout 10;
gzip on;
gzip_comp_level 2;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain application/x-javascript text/xml text/css application/xml;
set $path_info "";
location ~ /include {
deny all;
return 403;
}
if ($request_uri ~ "^/api(/[^\?]+)") {
set $path_info $1;
}
location ~ ^/api/(?:tickets|tasks).*$ {
try_files $uri $uri/ /api/http.php?$query_string;
}
if ($request_uri ~ "^/scp/.*\.php(/[^\?]+)") {
set $path_info $1;
}
location ~ ^/scp/ajax.php/.*$ {
try_files $uri $uri/ /scp/ajax.php?$query_string;
}
location / {
try_files $uri $uri/ index.php;
}
location ~ \.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
fastcgi_param PATH_INFO $path_info;
}
}
User portion of /etc/php/7.2/fpm/pool.d/www.conf
; Unix user/group of processes
user = www-data
group = www-data
Well, I jumped straight to configs and other ideas. Forgot to KISS. For whatever reason, the files from the osTicket download came with 755 permissions on the folders, but absolutely no permissions on the files. Did a chmod 755 on everything and now its good.
Related
I try to configure Nginx to distribute my laravel api on a subfolder of my domain
server {
listen 80;
server_name stackoverflow.com;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block";
charset utf-8;
location /dev {
alias /home/debian/www/stackoverflow/api/dev/public;
try_files $uri $uri/ /dev/index.php?$query_string;
location = /dev/favicon.ico { access_log off; log_not_found off; }
location = /dev/robots.txt { access_log off; log_not_found off; }
error_page 404 /dev/index.php;
error_log /home/debian/logs/nginx/error_log;
access_log /home/debian/logs/nginx/access_log;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
include fastcgi_params;
}
}
location ~ /\.(?!well-known).* {
deny all;
}
}
I tried different configuration, with /dev on try_files, without /dev, but always same result "File not found" and in error log :
*1 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 109.221.246.178, server: xxx, request: "GET /dev/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php8.1-fpm.sock:", host: "xxx"
or
*1 open() "/home/debian/www/xxx/api/dev/public/login" failed (2: No such file or directory), client: xxx, server: xxx, request: "GET /dev/login HTTP/1.1", host: "xxx"
My poor knowledge on Nginx stop there. I know its about a file path issue, but can't understand where...
The configuration works perfectly when I try to set up on location / { }
Thanks a lot for your help !
This is my based conf when i put laravel app in domain subfolder, you can try to add your custom settings on it.
My laravel app root is in "subsite" folder, so you may change "subsite" to "dev" and test it.
location /subsite {
alias /var/www/project/subsite/public/;
try_files $uri $uri/ #subsite;
location ~ \.php$ {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
}
}
location #subsite {
rewrite /subsite/(.*)$ /subsite/index.php?/$1 last;
}
I am using the default config with Nginx installed on my manjaro machine. I just added some simple configurations down below.
nginx.conf:
user http;
worker_processes auto;
worker_cpu_affinity auto;
.....
http{
.....
server {
listen 9000;
server_name localhost;
root /usr/share/nginx/html/exam;
location / {
index index.php index.html index.htm;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
if (!-e $request_filename){
rewrite ^/(.+)$ /index.php?url=$1 break;
}
}
location /. {
return 404;
}
location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
include /etc/nginx/fastcgi.conf;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_intercept_errors on;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_read_timeout 864000;
}
location ~ /\.ht {
deny all;
}
}
....
}
since the user for Nginx is http, I also changed the ownership of the folder, subfolders and files as HTTP with:
chmod -R http:http exam/
it looks like this:
1838248 lrwxrwxrwx 1 http http 42 Eyl 13 17:42 exam
but still gives 403 Forbidden on browser with this error:
2021/09/13 17:49:22 [error] 493923#493923: *4 open() "/usr/share/nginx/html/exam/index.php" failed (13: Permission denied), client: 127.0.0.1, server: localhost, request: "GET /exam HTTP/1.1", host: "localhost:9000"
I have tried every solution I found, but it did not work.
I also tried simple PHP files that runs like "phpinfo();" even they are not working.
I moved the project file under /srv/http and redirect the root in the conf file to it. Now it is working.
I get a 502 server error from nginx on every PHP request that has an error in it. This is what shows up in the nginx log for every type of error:
[error] 394#0: *7 upstream prematurely closed connection while reading response header from upstream, client: 127.0.0.1, server: example.test, request: "GET /nova-api/users/lens/example-lens?search=&filters=W3siY2xhc3MiOiJBcHBcXE5vdmFcXEZpbHRlcnNcXExlbnNVc2VyRmlsdGVyIiwidmFsdWUiOnsiY29sdW1uIjoiMCIsIm9wZXJhdG9yIjoiPSIsImRhdGEiOiJoYXJ2ZXkifX1d&orderBy=&orderByDirection=desc&perPage=25&page=1&viaResource=&viaResourceId=&relationshipType= HTTP/2.0", upstream: "fastcgi://unix:/Users/user/.config/valet/valet.sock:", host: "example.test", referrer: "https://example.test/nova/resources/users/lens/example-lens"
If I run the same code on any other system, I actually get a PHP error in my laravel.log file.
I've tried increasing the number of max PHP children.
I've tried completely reinstalling nginx, PHP, and Laravel Valet.
My valet.conf nginx file which is auto-generated by Laravel Valet:
server {
listen 127.0.0.1:80 default_server;
root /;
charset utf-8;
client_max_body_size 128M;
location /41c270e4-5535-4daa-b23e-c269744c2f45/ {
internal;
alias /;
try_files $uri $uri/;
}
location / {
rewrite ^ "/Users/user/.composer/vendor/laravel/valet/server.php" last;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log "/Users/user/.config/valet/Log/nginx-error.log";
error_page 404 "/Users/user/.composer/vendor/laravel/valet/server.php";
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass "unix:/Users/user/.config/valet/valet.sock";
fastcgi_index "/Users/user/.composer/vendor/laravel/valet/server.php";
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME "/Users/user/.composer/vendor/laravel/valet/server.php";
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location ~ /\.ht {
deny all;
}
}
Manually removing valet by doing sudo rm -rf /Users/myuser/.config/valet/ and then valet install fixed the issue.
I have two lxc containers. One is the proxy with nginx and this config:
server {
server_name cloud.malte-kiefer.de;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://cloud.lxd;
}
real_ip_header proxy_protocol;
set_real_ip_from 127.0.0.1;
listen [::]:443 ssl http2 proxy_protocol;
listen 443 ssl http2 proxy_protocol;
ssl_certificate /etc/nginx/ssl/cloud.malte-kiefer.de/fullchain.cer;
ssl_certificate_key /etc/nginx/ssl/cloud.malte-kiefer.de/privkey.key;
}
server {
listen 80 proxy_protocol;
listen [::]:80 proxy_protocol;
server_name cloud.malte-kiefer.de;
location / {
return 301 https://cloud.malte-kiefer.de$request_uri;
}
return 404;
}
Then I have the cloud container with nextcloud with this config:
upstream php-handler {
server unix:/var/run/php/php7.3-fpm.sock;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
set $base /var/www/html;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name cloud.malte-kiefer.de;
fastcgi_hide_header X-Powered-By;
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
rewrite ^ /index.php;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
location = /.well-known/carddav {
return 301 https://cloud.malte-kiefer.de/remote.php/dav;
}
location = /.well-known/caldav {
return 301 https://cloud.malte-kiefer.de/remote.php/dav;
}
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /index.php$request_uri;
# Optional: Don't log access to other assets
access_log off;
}
}
When I try to open the URL I see the installation page from nextcloud. When I enter information and send it reload from page and this in the nextcloud log:
Unknown: POST Content-Length of 213 bytes exceeds the limit of 16
bytes at Unknown#0
This is the nginx log from the nextcloud container
2020/01/13 17:32:20 [error] 416#416: *8 FastCGI sent in stderr: "PHP
message: PHP Warning: Unknown: POST Content-Length of 213 bytes
exceeds the limit of 16 bytes in Unknown on line 0" while reading
response header from upstream, client: 89.204.135.199, server:
cloud.malte-kiefer.de, request: "POST /index.php HTTP/1.0", upstream:
"fastcgi://unix:/var/run/php/php7.3-fpm.sock:", host:
"cloud.malte-kiefer.de"
I check my PHP ini file:
root#cloud:~# grep -R "post_max_size" /etc/php/
/etc/php/7.3/fpm/php.ini:post_max_size = 16GB
/etc/php/7.3/cli/php.ini:post_max_size = 16GB
/etc/php/7.3/phpdbg/php.ini:post_max_size = 8M
root#cloud:~# grep -R "memory_limit" /etc/php/
/etc/php/7.3/fpm/pool.d/www.conf:;php_admin_value[memory_limit] = 32M
/etc/php/7.3/fpm/php.ini:memory_limit = 512M
/etc/php/7.3/cli/php.ini:memory_limit = 512M
/etc/php/7.3/phpdbg/php.ini:memory_limit = 128M
I can't find the issue. Maybe you guys can help me.
Ok, it was a missconfig in the php.ini file.
I totally removed PHP vom the nextcloud container, reinstalled and it works now.
I have a PHP project, a REST API. Nginx configuration is working for the API but is not for uploaded images
Images are always returning 404 error
the project starts at /public directory, upload directory is inside public, so the image access url is something like:
DOMAIN.COM/upload/201812/20181204133821.jpg
The actual NGINX configuration is
server {
listen 80;
listen [::]:80;
set $root_path '/usr/share/nginx/html/api/public';
root $root_path;
index index.php index.html index.htm;
server_name api-eduplus.blanco-estudio.com;
#try_files $uri $uri/ #rewrite;
try_files $uri $uri/ /index.php?q=$uri&$args;
location ~* \.(jpg|jpeg|png|gif)$ {
root $root_path;
expires max;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
#error_log logs/error.log warn;
}
So the API starts at /public directory and images are uploaded into /public/upload/
Also. The nginx error log on the server says:
2018/12/04 16:35:54 [error] 17338: *1 openat() "/usr/share/nginx/html/api/public/upload/201812/20181204133821.jpg" failed (20: Not a directory), request: "GET /upload/201812/20181204133821.jpg HTTP/1.1"
Please help, I'm actually stuck
I just fixed this issue on my server. The cause of the error was a symlink.
I just encountered this (not very elucidating) error message on my server's nginx config:
"/path/to/index.html" is not found (20: Not a directory)
After some trial-and-error, I determined that the actual cause was that nginx couldn't access the site's document root because part of the path to the root included a symlink, but I had disable_symlinks on; set in my main nginx.conf file.
Commenting-out the disable_symlinks on; line or changing it to disable_symlinks off; fixes the issue.
See also:
https://nginx.org/en/docs/http/ngx_http_core_module.html#disable_symlinks