I'm new to nginx, and trying to move a wordpress website on it.
Problem is I need to run a file called "installer.php", and nginx shows a 404 error for it (from domain/rocketstack/installer.php).
Incase I add a specific "location" directive, I get returned a "No input file specified" error (not sure I'm doing this right).
Accessing domain/rocketstack/index.php directly returns the same 404, but works if I go to domain/rocketstack/ (this is fine I guess).
I'm using php7.2-fpm on ubuntu 18.04, "installer.php" is in /var/www/rocketstack/, has permission 644. cgi.fix_pathinfo=0 is set in php.ini.
To set up the environment I used this guide: https://www.wpintense.com/2018/10/20/installing-the-fastest-wordpress-stack-ubuntu-18-mysql-8/
Here's my /etc/sites-available/rocketstack.conf file
How can I fix this? I've lost so many hours on this! Yet it must be so simple! Thank you so much
# This config file uses nginx fastcgi-cache
fastcgi_cache_path /var/www/cache levels=1:2 keys_zone=rocketstack:100m inactive=60m;
server {
listen 80;
listen [::]:80;
server_name _;
root /var/www/rocketstack;
index index.php index.htm index.html;
access_log /var/log/nginx/rocketstack_access.log;
error_log /var/log/nginx/rocketstack_error.log;
include snippets/acme-challenge.conf;
# Exclusions
include snippets/exclusions.conf;
# Security
include snippets/security.conf;
# Static Content
include snippets/static-files.conf;
# Fastcgi cache rules
include snippets/fastcgi-cache.conf;
include snippets/limits.conf;
include snippets/nginx-cloudflare.conf;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ (^|/)\. {
return 403;
}
location ~/installer.php {
root /var/www/rocketstack/;
fastcgi_index installer.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include snippets/fastcgi-params.conf;
include fastcgi.conf;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
}
location ~ \.php$ {
try_files $uri =404;
include snippets/fastcgi-params.conf;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
# Skip cache based on rules in snippets/fastcgi-cache.conf.
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
# Define memory zone for caching. Should match key_zone in fastcgi_cache_path above.
fastcgi_cache rocketstack;
# Define caching time.
fastcgi_cache_valid 60m;
#increase timeouts
fastcgi_read_timeout 6000;
fastcgi_connect_timeout 6000;
fastcgi_send_timeout 6000;
proxy_read_timeout 6000;
proxy_connect_timeout 6000;
proxy_send_timeout 6000;
send_timeout 6000;
#these lines should be the ones to allow Cloudflare Flexible SSL to be used so the server does not need to decrypt SSL
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-NginX-Proxy true;
}
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server ;
server_name _;
root /var/www/rocketstack;
index index.php index.htm index.html;
access_log /var/log/nginx/rocketstack_ssl_access.log;
error_log /var/log/nginx/rocketstack_ssl_error.log;
#once you have SSL certificates using LetsEncrypt you can alter the paths in the two lines below to reflect your domain and uncomment the lines by removing the leading # symbol
#ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
# Exclusions
include snippets/exclusions.conf;
# Security
include snippets/security.conf;
# Static Content
include snippets/static-files.conf;
# Fastcgi cache rules
include snippets/fastcgi-cache.conf;
include snippets/limits.conf;
include snippets/nginx-cloudflare.conf;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
include snippets/fastcgi-params.conf;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
# Skip cache based on rules in snippets/fastcgi-cache.conf.
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
# Define memory zone for caching. Should match key_zone in fastcgi_cache_path above.
fastcgi_cache rocketstack;
# Define caching time.
fastcgi_cache_valid 60m;
#increase timeouts
fastcgi_read_timeout 6000;
fastcgi_connect_timeout 6000;
fastcgi_send_timeout 6000;
proxy_read_timeout 6000;
proxy_connect_timeout 6000;
proxy_send_timeout 6000;
send_timeout 6000;
#these lines should be the ones to allow Cloudflare Flexible SSL to be used so the server does not need to decrypt SSL if you wish
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-NginX-Proxy true;
}
}
Fixed by trial and error. Current setting:
location ~ \installer.php {
try_files $uri $uri/ /installer.php?$args;
fastcgi_index installer.php;
include snippets/fastcgi-params.conf;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
}
Problem was I wasn't telling nginx where to pick installer.php, I achieved that with try_files. Root setting in location was redundant too.
Related
Everyone.
Yesterday i did good of my experiment with nginx, but suddenly my nginx was suddenly error (can't reboot or stop or start) and i had to reinstall it.
But i forgot the code.
So the .conf would help you process to the other web. for Example :
My IP Server : 192.302.xx.xxx
I set listen port to : 3000
I only type 192.302.xx.xxx:3000 and then my ip would show up the proxy pass for example watching youtube, it would become like this 92.302.xx.xxx:3000/v=watch?4hnb32yh even it linked when i press the button in my ip, even the blocked site from my local gov. all i need is only change the proxy pass. For example : Adult Videos Site, etc (Except site that reverse proxy like cloudflare one)
And today i want to recreate that one but it fails, these are my code
upstream backend_mirrors {
server anotherwebsite1.id;
server anotherwebsite2.com;
}
server {
listen 3000;
listen [::]:3000;
server_name 192.302.xx.xxx;
return 301 https://website_that_i_want_togo/$request_uri$is_args$args;
}
server {
listen 433 ssl;
listen [::]:433 ssl;
server_name 192.302.xx.xxx;
ssl_certificate "/etc/letsencrypt/live/myservername/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/myservername/privkey.pem";
#include /etc/letsencrypt/option-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
ssl_session_timeout 1d;
ssl_session_tickets off;
location / {
resolver 8.8.8.8;
mirror /mirror;
mirror_request_body on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://website_that_i_want_togo/;
}
location /mirror {
internal;
proxy_pass https://givesometraffictootherwebsites/;
proxy_set_header X-SERVER-PORT $server_port;
proxy_set_header X-SERVER-ADDR $server_addr;
proxy_set_header HOST $http_host;
proxy_set_header X-REAL-IP $remote_addr;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
What i want to :
192.138.xx.xxx:3000 but i can open some other website like blocked websites from domain sites.
But the ip address still with it when i change to other page
192.138.xx.xxx:3000/search but it still full function like the website that i put in proxy_pass
But what my code do :
It's auto redirect to proxy_pass sites even the header changed
I am running an Nginx server and several services in jails. I have two TLDs, one old and one new. For the new TLD I have added a new jail with a new service (wordpress). I added a new server block to my reverse proxy. Accessed locally, bypassing the reverse proxy, wordpress works fine. All PHP executes correctly.
However, accessed through the reverse proxy, using the new TLD, any attempt to navigate to a .php file returns a 404 error. Note that the site itself is working and php is properly executing; the issue only arises if you try to navigate to a .php directly. This is problematic, for example, because you can't access the login page. In fact, you can't even navigate to index.php, even though going to domain2.com itself works, domain2.com/index.php fails.
These are the server blocks from my nginx.conf:
#Domain2
server {
server_tokens off;
listen 80;
server_name www.domain2.com domain2.com;
return 301 https://$host$request_uri;
}
server {
server_tokens off;
listen 443 ssl;
server_name www.domain2.com domain2.com;
ssl_certificate /usr/local/etc/letsencrypt/live/domain2.com/cert.pem;
ssl_certificate_key /usr/local/etc/letsencrypt/live/domain2.com/privkey.pem;
#USE SECURE PROTOCOLS
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
#DEFINE ACCESS LOG LOCATION
access_log /var/log/nginx/access_domain2.log;
#PASS PHP TO FASTCGI
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi_params;
}
#PROXY_SETTINGS
client_max_body_size 10m;
client_body_buffer_size 128k;
#Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_http_version 1.1;
proxy_pass http://192.168.1.253;
}
error_page 401 403 404 /404.html;
#redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/www/nginx-dist;
}
}
I fixed this by commenting out the "pass php to fastcgi" which was apparently redundant.
I am trying to create a php inside my docker container
However, when I go to the localhost on my browser, I keep getting the 502 bad gateway.
The error log shows
[error] 11#0: *1 connect() failed (111: Connection refused) while connecting to upstream, client: (my IP), server: localhost, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "localhost"
My nginx conf looks like this
server {
listen 80;
server_name jenkins.local;
root /var/www/html;
index index.php;
access_log /var/log/nginx/localhost-access.log;
error_log /var/log/nginx/localhost-error.log;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_intercept_errors on;
}
}
I am new to docker and PHP so please let me know if I need to provide any other information.
Did you start php-fpm?
Is port 9000 open?
Brief edition
upstream websocketserver {
server localhost:8080;
}
server {
listen 80;
server_name jenkins.local; //Or try localhost;
root /var/www/html;
index index.php;
access_log /var/log/nginx/localhost-access.log;
error_log /var/log/nginx/localhost-error.log;
location / {
proxy_pass http://websocketserver;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_read_timeout 86400; # neccessary to avoid websocket timeout disconnect
proxy_send_timeout 900s;
proxy_redirect off;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.4-fpm.sock; //Check if your php is 7.4, run php -v
}
}
Hello I am trying to serve a php web application using Nginx PHP-FPM using a tcp socket on a remote host and a lighttd to serve static content on a remote server.
I succeed to link those three blocks but I have an issue to manage the interactions.
Here my Nginx proxy configuration
upstream xxxx-staging {
server xxxxx.com:81 fail_timeout=0;
}
server {
listen 80;
server_name xxxxxxx.com;
return 301 https://xxxxx.com$request_uri;
}
server {
listen 443 ssl;
server_name xxxxxx.com;
root /xxxxxx/public;
ssl_certificate /etc/nginx/ssl/xxx.com.pem;
ssl_certificate_key /etc/nginx/ssl/xxx.com.key;
access_log /var/log/nginx/xxx.access.log;
error_log /var/log/nginx/xxx.error.log error;
client_max_body_size 256m;
proxy_intercept_errors on;
error_page 404 = /index.php;
error_page 405 = 200$uri;
location = / {index index.php;}
location / {
proxy_pass http://xxxxx-staging;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
auth_basic "Please authenticate";
auth_basic_user_file /etc/nginx/passwords/xxxxxxx.com.passwdfile;
}
location ~ ^/index\.php$(/|$) {
fastcgi_pass xxxxx.com:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
}
}
When I removed error_page 405 = 200$uri; symfony is returning me a method post not allowed and when I put it nginx is returning me a 405.
I clearly missunderstand how the communication are established but don't know where I am wrong.
You are using auth_basic and auth_basic_user_file in the location / block. Am I right that you don't get a prompt to enter a password when you navigate to the side and get instead directly the 405 error?
I interpret the error to mean that an authentication is expected but doesn't happen. I would suggest to move auth_basic and auth_basic_user_file up one level in the server block. That way everything is covered and not only the one location block and you should get the password prompt.
upstream xxxx-staging {
server xxxxx.com:81 fail_timeout=0;
}
server {
listen 80;
server_name xxxxxxx.com;
return 301 https://xxxxx.com$request_uri;
}
server {
listen 443 ssl;
server_name xxxxxx.com;
root /xxxxxx/public;
auth_basic "Please authenticate";
auth_basic_user_file /etc/nginx/passwords/xxxxxxx.com.passwdfile;
ssl_certificate /etc/nginx/ssl/xxx.com.pem;
ssl_certificate_key /etc/nginx/ssl/xxx.com.key;
access_log /var/log/nginx/xxx.access.log;
error_log /var/log/nginx/xxx.error.log error;
client_max_body_size 256m;
proxy_intercept_errors on;
error_page 404 = /index.php;
error_page 405 = 200$uri;
location = / {index index.php;}
location / {
proxy_pass http://xxxxx-staging;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~ ^/index\.php$(/|$) {
fastcgi_pass xxxxx.com:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
}
}
I hope that helps you.
My server is frequently having Timed Out problem, I have adjust parameters such as fastcg_read_timeout and proxy_read_timeout but it did not solve my problem. Find below my xxxx.conf
server {
server_name www.xxxx.com;
return 301 $scheme://xxxx.com$request_uri;
}
server {
## Your website name goes here.
server_name xxxx.com;
## Your only path reference.
root /var/www/xxxx.com;
# This should be in your http block and if it is, it's not needed here.
index index.html index.php;
error_log /var/log/nginx/xxxx.com-error.log;
access_log /var/log/nginx/xxxx.com-access.log;
# Body size (max upload)
# client_max_body_size 64m;
# client_body_buffer_size 2m;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~ /\. {
deny all;
}
# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
location / {
# This is cool because no php is touched for static content
try_files $uri $uri/ /index.php?$args;
# This to stop connection timeout
proxy_http_version 1.1;
proxy_set_header Connection "";
# Time-out Settings
proxy_send_timeout 150;
proxy_read_timeout 150;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm-sock;
fastcgi_read_timeout 150;
fastcgi_index index.php;
include fastcgi_params;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}}
I experienced this same issue while developing on my local nginx machine.
After some extensive research I found a solution to my problem (Unfortunately I cannot find the article anymore).
You could try changing this:
fastcgi_pass_unix: localhost:9000;
Then run a 'sudo service nginx reload'.
This fixed the issue for me. Hopefully It will too for you.
This problem resolved for me. I commented on the proxy_send_timeout and proxy_read_timeout and fastcgi_read_timeout but leave proxy_http_version and proxy_set_header in the codes below.
location / {
proxy_http_version 1.1;
proxy_set_header Connection "";
# proxy_send_timeout 150;
# proxy_read_timeout 150;
}