I'am going crazy to understand this nginx vhost config. My issue is with the /v2 location, it does not send php stuff to php-fpm while it works properly outside /v2. Can anyone point me the mistake ?
server {
listen 443 ssl;
include ssl.conf;
include hardening.conf;
server_name myapp.domain.com myapp;
ssl_certificate /etc/pki/tls/certs/myapp.domain.com.crt;
ssl_certificate_key /etc/pki/tls/private/myapp.domain.com.key;
access_log /var/log/nginx/myapp.domain.com-access.log main;
error_log /var/log/nginx/myapp.domain.com-error.log notice;
root /var/www/html/myapp.domain.com;
location ~ /\.ht {
deny all;
}
location ~ /v2 {
alias /var/www/html/myapp.domain.com/version-2/web;
try_files $uri index.php$is_args$args;
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
# Mitigate https://httpoxy.org/ vulnerabilities
fastcgi_param HTTP_PROXY "";
fastcgi_pass localhost:9000;
fastcgi_index index.php;
include fastcgi_params.conf;
}
}
According to comments, I'm trying the nested location solution but I receive now 404 when I try https://myapp.domain.com/v2/index.php while /var/www/html/myapp.domain.com/version-2/web/index.php is present on the filesystem. Also as explained on the link given, I modified my location from ^ to ^~. Any idea what's wrong?
server {
listen 443 ssl;
include ssl.conf;
include hardening.conf;
server_name myapp.domain.com myapp;
ssl_certificate /etc/pki/tls/certs/myapp.domain.com.crt;
ssl_certificate_key /etc/pki/tls/private/myapp.domain.com.key;
access_log /var/log/nginx/myapp.domain.com-access.log main;
error_log /var/log/nginx/myapp.domain.com-error.log notice;
root /var/www/html/myapp.domain.com;
location ~ /\.ht {
deny all;
}
location ^~ /v2 {
alias /var/www/html/myapp.domain.com/version-2/web;
try_files $uri index.php$is_args$args;
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
# Mitigate https://httpoxy.org/ vulnerabilities
fastcgi_param HTTP_PROXY "";
fastcgi_pass localhost:9000;
fastcgi_index index.php;
include fastcgi_params.conf;
}
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
# Mitigate https://httpoxy.org/ vulnerabilities
fastcgi_param HTTP_PROXY "";
fastcgi_pass localhost:9000;
fastcgi_index index.php;
include fastcgi_params.conf;
}
}
you have to point to the php5-fpm location. like this:
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
Take a look in a whole example:
server {
listen 8082;
listen [::]:8082;
server_name 192.168.2.60;
root /usr/share/nginx/html/phpmyadmin/;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php?uri=$uri;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
For posterity, I got working config:
server {
listen 443 ssl;
include ssl.conf;
include hardening.conf;
server_name myapp.domain.com myapp;
ssl_certificate /etc/pki/tls/certs/myapp.domain.com.crt;
ssl_certificate_key /etc/pki/tls/private/myapp.domain.com.key;
access_log /var/log/nginx/myapp.domain.com-access.log main;
error_log /var/log/nginx/myapp.domain.com-error.log notice;
root /var/www/html/myapp.domain.com;
location ^~ /v2/admin/web/index[_dev]*.php/command {
if (!-f $request_filename) {
rewrite ^ /v2/admin/web/index.php$is_args$args last;
}
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
include fastcgi_params.conf;
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000;
}
}
Related
I installed a PHP script in /files/ subfolder on Nginx but when I access the page, it's not working. Just showing 404 not found. I also tried changing the root directly to the subfolder but still not working, like this: root /home/smart/web/example.com/public_html/files;
Also, I added this in the config but not working.
location ^~ /files {
if (!-e $request_filename) { rewrite ^/(.*) /files/index.php?_page_url=$1 last; }
location ~ \.php$ {
if (!-e $request_filename) { rewrite ^/(.*) /files/index.php?_page_url=$1 last; }
fastcgi_pass unix:/run/php/php8.0-fpm-example.com.sock;
index index.php;
include /etc/nginx/fastcgi_params;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $request_filename;
}
location /files/files/ {
internal;
}
# these locations would be hidden by .htaccess normally
location /files/logs/ {
deny all;
}
}
Here is my full nginx config:
#=========================================================================#
# Default Web Domain Template #
# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS #
# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work #
#=========================================================================#
server
{
listen myip:443 ssl http2;
server_name example.com;
root /home/smart/web/example.com/public_html;
index index.php index.html index.htm;
access_log /var/log/nginx/domains/example.com.log combined;
access_log /var/log/nginx/domains/example.com.bytes bytes;
error_log /var/log/nginx/domains/example.com.error.log error;
client_max_body_size 5G;
ssl_certificate /home/smart/conf/web/example.com/ssl/example.com.pem;
ssl_certificate_key /home/smart/conf/web/example.com/ssl/example.com.key;
ssl_stapling on;
ssl_stapling_verify on;
include /home/smart/conf/web/example.com/nginx.hsts.conf*;
location /
{
location ~* ^.+\.(jpeg|jpg|png|webp|gif|bmp|ico|svg|css|js)$
{
expires max;
fastcgi_hide_header "Set-Cookie";
}
location ~ [^/]\.php(/|$)
{
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name)
{
return 404;
}
fastcgi_pass unix:/run/php/php8.0-fpm-example.com.sock;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
include /home/smart/conf/web/example.com/nginx.fastcgi_cache.conf*;
}
}
location ^~ /files {
if (!-e $request_filename) { rewrite ^/(.*) /files/index.php?_page_url=$1 last; }
location ~ \.php$ {
if (!-e $request_filename) { rewrite ^/(.*) /files/index.php?_page_url=$1 last; }
fastcgi_pass unix:/run/php/php8.0-fpm-example.com.sock;
index
index.php;
include /etc/nginx/fastcgi_params;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $request_filename;
}
location /files/files/ {
internal;
}
# these locations would be hidden by .htaccess normally
location /files/logs/ {
deny all;
}
}
location /error/
{
alias /home/smart/web/example.com/document_errors/;
}
location ~ /\.(?!well-known\/)
{
deny all;
return 404;
}
location /vstats/
{
alias /home/smart/web/example.com/stats/;
include /home/smart/web/example.com/stats/auth.conf*;
}
include /etc/nginx/conf.d/phpmyadmin.inc*;
include /etc/nginx/conf.d/phppgadmin.inc*;
include /home/smart/conf/web/example.com/nginx.conf_*;
}
My nginx config file like this:
server {
listen 80;
listen 443 ssl;
server_name XXX.com;
error_log /log/nginx/xxx.com_error.log;
access_log /log/nginx/xxx.com_access.log main;
root /data/www/;
index index.php index.html index.htm;
location ~ \.php$ {
add_header X-Frame-Options SAMEORIGIN;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
We need to config the nginx to satisfy following:
1、If url does not has prefix "/api/mobile/index.php",and the request's port is 80, redirect it to https
2、If url has prefix "/api/mobile/index.php",just go on
So I add content in the config file:
location ~ ^(?!/api/mobile/index\.php).*$ {
if ($server_port = "80") {
return 301 https://$server_name$request_uri;
}
rewrite /* $server_name$reqeust_uri last;
}
Now the config file content is :
server {
listen 80;
listen 443 ssl;
server_name XXX.com;
error_log /log/nginx/xxx.com_error.log;
access_log /log/nginx/xxx.com_access.log main;
root /data/www/;
index index.php index.html index.htm;
location ~ ^(?!/api/mobile/index\.php).*$ {
if ($server_port = "80") {
return 301 https://$server_name$request_uri;
}
rewrite /* $server_name$reqeust_uri last;
}
location ~ \.php$ {
add_header X-Frame-Options SAMEORIGIN;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
Than the request match the first location, will not match the other location.
That means these request couldn't go through the php cgi.
Is there anyone who knows how to solve the problem?
Nginx matches only one location. Move config to first location too.
location ~ ^(?!/api/mobile/index\.php).*$ {
if ($server_port = "80") {
return 301 https://$server_name$request_uri;
}
add_header X-Frame-Options SAMEORIGIN;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ \.php$ {
add_header X-Frame-Options SAMEORIGIN;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
There's the option to use two separated server context, and didn't use if statement (read why here: https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/).
The configuration could be:
server {
listen 80;
server_name XXX.com;
error_log /log/nginx/xxx.com_error.log;
access_log /log/nginx/xxx.com_access.log;
root /data/www;
index index.php index.html index.htm;
location /api/mobile/index.php {
rewrite ^(.*)$ https://$host$1 redirect;
}
location ~ \.php$ {
add_header X-Frame-Options SAMEORIGIN;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_param;
}
}
server {
listen 443 ssl http2;
server_name XXX.com;
error_log /log/nginx/xxx.com_ssl_error.log;
access_log /log/nginx/xxx.com_ssl_access.log;
root /data/www;
index index.php index.html index.htm;
location ~ \.php$ {
add_header X-Frame-Options SAMEORIGIN;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_param;
}
}
I am the beginner for nginx
I am tryingt to do
www.mywebsite.com/index.php to show in the url like www.mywebsite.com/
and
www.mywebsite.com/index.php/user/login to show in the url like www.mywebsite.com/user/login
and I got the error as show in the picture.
Here is my nginx.config
#user nobody;
worker_processes 4;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name www.wcp6288.com;
root /var/www/wangou;
index index.html index.htmi index.php;
#charset koi8-r;
#access_log logs/host.access.log main;
if ($request_uri ~* "^(.*/)index\.php$") {
return 301 $1;
}
location / {
try_files $uri $uri/ /index.php?$query_string;
# Remove from everywhere index.php
if ($request_uri ~* "^(.*/)index\.php(/?)(.*)") {
return 301 $1$3;
}
}
# Remove trailing slash.
if (!-d $request_filename) {
rewrite ^/(.+)/$ /$1 permanent;
}
# Clean Double Slashes
if ($request_uri ~* "\/\/") {
rewrite ^/(.*) /$1 permanent;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
root /var/www/wangou/;
fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
include fastcgi.conf;
try_files $uri $uri/ =404;
}
}
}
Thanks you for your helps.
Should you remove
try_files $uri $uri/ =404;
In block:
location ~ \.php$ {
root /var/www/wangou/;
fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
include fastcgi.conf;
try_files $uri $uri/ =404;
}
Here is my config and it's worked.
server {
listen 80;
listen 443 ssl http2;
server_name test.dev;
root "/var/www/html/test/";
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
access_log off;
error_log /var/log/nginx/test.dev-error.log error;
sendfile off;
client_max_body_size 100m;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors off;
fastcgi_buffer_size 16k;
fastcgi_buffers 4 16k;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
}
location ~ /\.ht {
deny all;
}
}
I am trying to get basic auth set up on an Nginx subdomain but its not working.
server {
listen 80 default;
listen 443 default ssl;
#ssl_certificate /etc/pki/tls/certs/localhost.crt;
#ssl_certificate_key /etc/pki/tls/private/localhost.key;
ssl_certificate /etc/pki/tls/certs/2019-wildcard.somserver.com.crt;
ssl_certificate_key /etc/pki/tls/private/2019-wildcard.somserver.com.key;
server_name www.somserver.com;
root /var/www/vhosts/somserver.com/httpdocs;
access_log /var/log/nginx/somserver.com-access.log main;
error_log /var/log/nginx/somserver.com-error.log warn;
index index.php index.html;
location / {
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
try_files $uri $uri/ #handler;
expires 30d;
}
location ~ ^/(app|includes|lib|media/customer|media/downloadable|pkginfo|var)/ { deny all; }
location ~ ^/RELEASE_NOTES.txt { return 404; }
location ~ ^/errors/.*\.(xml|phtml)$ { return 404; }
location ~ ^/media/.*\.(cfg|ini|xml)$ { return 404; }
location ~ ^/media/.*\.(php|pl|py|jsp|asp|htm|shtml|sh|cgi) { return 404; }
location ~ /\. { return 404; }
location /media/ {
location ~ /\. { return 404; }
location /media/ {
try_files $uri uri/ /get.php;
expires 30d;
}
location #handler {
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
rewrite / /index.php;
}
location ~ .php/ {
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
rewrite ^(.*.php)/ $1 last;
}
location ~ .php$ {
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
try_files $uri /index.php;
expires off;
fastcgi_pass unix:/var/run/php-fpm/somserver.com.sock;
fastcgi_buffers 256 4k;
fastcgi_buffer_size 32k;
fastcgi_busy_buffers_size 256k;
fastcgi_read_timeout 3600s;
fastcgi_param HTTPS $fastcgi_https;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param MAGE_RUN_CODE default;
fastcgi_param MAGE_RUN_TYPE store;
include fastcgi_params;
}
location ~ ^/(php-status|ping)$ {
access_log off;
allow 127.0.0.1;
allow 172.24.16.85;
deny all;
include fastcgi_params;
fastcgi_pass unix:/var/run/php-fpm/somserver.com.sock;
include fastcgi_params;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_script_name;
}
}
initially I assumed that I would just need to add it to the location / { but then even after trying to add it to all the php related locations it still seems to have no affect. Anything I can try to troubleshoot this further?
Its a Cent OS box running Nginx and FasstCGI. App is Magento, so I need to just add basic auth on php files.
How do I configure nginx to allow a slash between my /test_file.php/?param1=test ? Currently is only allowing /test_file.php?param1=test ...
Here is my current configuration:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
# rewrite ^/(.php*)/$ /$1 permanent;
root /var/www/example.com;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/example.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
Url working (undesirable):https://example.com/workouts.php?workout=206
Url I want: https://example.com/workouts.php/?workout=206
The block:
location ~ \.php$ { ... }
is responsible for processing any URI which ends with .php.
A simple solution would be to change the regular expression to accept URIs which include pathinfo. However, you should also make other changes within the block to mitigate known exploits. See this document for details.
For example:
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
# Mitigate https://httpoxy.org/ vulnerabilities
fastcgi_param HTTP_PROXY "";
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}