I am trying to exclude path client and every url that contains client from https, using nginx.
server {
listen 80;
server_name example.com www.example.com;
location / {
return 301 https://www.example.com$request_uri;
}
location /client/ {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
server {
listen 443 ssl;
server_name example.com www.example.com;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
root /var/www/laravel/public;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php?$query_string;
}
location /client/ {
return 301 http://www.example.com$request_uri;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
location ~ /.well-known {
allow all;
}
location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
expires 30d;
add_header Vary Accept-Encoding;
access_log off;
}
}
I removed ssl certificate key from second server block.
When i type https://example.com/client, i get redirected to http://www.example.com/client (as expected). I have a simple index.php file inside client folder that is not getting executed. I am seeing too many redirects in browser.
Credit to https://stackoverflow.com/users/4862445/richard-smith
Added root and index statements in first server block.
server {
listen 80;
server_name example.com www.example.com;
root /var/www/laravel/public; #LINE-ADDED
index index.php index.html index.htm; #LINE-ADDED
# other code here ...
}
Related
We have a website where we are using a Laravel for the part available to the end-user, and an older legacy codebase for the admin panel.
Currently root is the public folder for the currently deployed version.
The website folder structure looks something like this:
admin/
|____index.php <-- desired entrypoint for admin-related requests
app/
public/
|____index.php <-- main entrypoint for website
resources/
routes/
So, when someone wants to access the admin panel they go to example.com/admin
Here's the current nginx configs file we are using.
example.com
server {
server_name example.com;
root /var/www/example.com/current/public;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
index index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location /admin {
proxy_pass http://localhost:3000;
}
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
example.com/admin
server {
listen 3000;
server_name example.com;
root /var/www/example.com/current/admin;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
index index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
I'm not very well versed in nginx server configuration and would love som assistance on this.
EDIT 1
Config file using map:
EDIT 2
Updated the config below with the changes made to make it work.
map $uri $siteroot {
# This didn't work, per the accepted answer.
# ^/admin /var/www/example.com/current/admin;
# This works great!
^/admin /var/www/example.com/current;
default /var/www/example.com/current/public;
}
server {
server_name example.com;
root $siteroot;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
index index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name example.com;
return 404; # managed by Certbot
}
If you try changing root directory, Nginx will shows not found error.
Because, Nginx tries find file with request path even you changed root.
For example, If you change root directory for /admin path to /app/admin, Nginx will find file in /app/admin/admin. That's why you can't reach file.
Try insert rewrite /admin(.*) $1 break; line at /admin location block and set root path, or use alias expression.
I would use map directive for this, something like
map $uri $siteroot {
~^/admin /var/www/example.com/current/admin;
default /var/www/example.com/current/public;
}
server {
server_name example.com;
root $siteroot;
...
}
I am trying to add another site to my nginx server.
The problem is the server does not execute php for second site.
This page isn’t working xxx.com redirected you too many times.
Been a week trying to fix the problem, im new to nginx as switched from apache.
Any help is appreciated.
default(site1):
server {
listen 80;
listen [::]:80 ipv6only=on;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name localhost;
location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
site 2 im trying to add:
server {
listen 80;
listen [::]:80;
root /var/www/xxxs.com/html;
index index.php index.html;
server_name xxxs.com www.xxxs.com;
location / {
try_files $uri $uri / /index.php?q=$uri&$args;
}
location ~\.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~/\.ht {
deny all;
}
}
Both sites run wordpress.
When i try to open a text file on second site it works perfectly
Space is important. These lines miss the space.
1. try_files $uri $uri/ /index.php?q=$uri&$args;
2. location ~ \.php$ {
3. location ~ /\.ht {
The complete config:
server {
listen 80;
listen [::]:80;
root /var/www/xxxs.com/html;
index index.php index.html;
server_name xxxs.com www.xxxs.com;
location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
I"m trying to get the configuration for NGINX to work with WordPress being the default such as domain.com and the Laravel app being domain.com/app.
I'm not opposed to it being a sub-domain, but I wanted to try this first. I'm not sure which is easier / better.
The directories are:
WP - /var/www/wordpress
L5 - /var/www/laravel
server {
client_max_body_size 10M;
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/wordpress;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name somename;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
log_not_found off;
access_log off;
allow all;
}
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location /app/ {
alias /var/www/laravel/public;
try_files $uri $uri/ /app//app/index.php?$query_string;
location ~ /app/.+\.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}
location ~ /\.ht {
deny all;
}
}
I cannot confirm that this will work as I do not know Laravel. Two PHP apps without a common root will need two PHP locations (which you have). However, the location /app/ statement needs to use the ^~ modifier to stop the wrong PHP location from being selected. See this document for details.
location ^~ /app/ {
alias /var/www/laravel/public/;
if (!-e $request_filename) { rewrite ^ /app/index.php last; }
location ~ \.php$ {
if (!-f $request_filename) { return 404; }
include snippets/fastcgi-php.conf;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}
I see your question includes a fix for the alias/try_files bug - but I prefer the the if block solution above.
I want to make certain php files accessible via http only.
So I added location = /example.php{} as shown in the code below.
server {
listen 80;
ssl off;
server_name example.com www.example.com;
root /var/www/example;
location ~* \.(php)$ {
# dostufdd
}
location = /example.php {
#do stuff
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
server {
listen 443 ssl http2;
server_name example.com www.example.com;
root /var/www/example;
index index.php;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
ssl_dhparam /etc/letsencrypt/live/example.com/example.com.dhparam;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4;
# Set caches, protocols, and accepted ciphers. This config will
# merit an A+ SSL Labs score.
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kED$
error_log /var/log/nginx/example.error.log warn;
location / {
try_files $uri $uri/ /index.php?$args;
}
# Allow Lets Encrypt Domain Validation Program
location ^~ /.well-known/acme-challenge/ {
allow all;
}
# Block dot file (.htaccess .htpasswd .svn .git .env and so on.)
location ~ /\. {
deny all;
}
# Block (log file, binary, certificate, shell script, sql dump file) access.
location ~* \.(log|binary|pem|enc|crt|conf|cnf|sql|sh|key)$ {
deny all;
}
location = /robots.txt {
log_not_found off;
access_log off;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location ~* \.(css|js|ico|gif|jpe?g|png|svg|eot|otf|woff|woff2|ttf|ogg)$ {
expires max;
}
location ~ /.well-known {
allow all;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_read_timeout 180;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
However, if I try to access to http://example.com/example.php, the php file is
downloaded instead of executing.
but If i access https://example.com/example.php, it will be accessed normally.
I have no idea what to do.
Please help me.
Thank you.
Opening Symfony/web/app_dev.php shows 404 file not found, trying to open other pages (except config page) again shows 404 file not found. I read that there is problems with mod rewrite.
This is my server configuration:
server {
listen 80;
listen [::]:80;
root /home/user/Projects/stereoshoots/www;
server_name stereoshoots.local;
location / {
autoindex on;
# try_files $uri $uri/ #rewrite;
try_files $uri $uri/ /index.php;
}
# location #rewrite {
# rewrite ^/(.*)$ /index.php?q=$1;
# }
location ~* \.(jpg|jpeg|gif|css|png|js|ico|xml|txt)$ {
access_log off;
expires 30d;
}
location = /favicon.ico {
return 204;
access_log off;
log_not_found off;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
How do i solve this problem?
For a symfony2 app have a look at this sample config file to get the info you are looking for:
http://wiki.nginx.org/Symfony
You want your server root to be in the web directory
root /home/user/Projects/stereoshoots/www/Symfony/web;
Then redirect all requests in there to the app.php
rewrite ^/app\.php/?(.*)$ /$1 permanent;