I have a hybrid php/Rails app sitting on one AWS ec2 server. I am hosting a Mediawiki installation and using Rails as a frontend to it. For the Rails app, I am using Passenger as a server. I would like location / to serve the Rails app, and anything at location /w or any .php files to be served by Mediawiki (php5-fpm).
I used to have a working configuration, but it was hacked together and I would like to refactor it.
My current working implementation gives me a 403 Forbidden error when I try to access the Rails app at /.
The error I get (from rails_error.log): 2017/10/24 20:08:31 [error] 14947#14947: *2 directory index of "/var/www/myapp/public/" is forbidden, client: xx.yy.zz.aa, server: myapp.amazonaws.com, request: "GET / HTTP/1.1", host: "myapp.amazonaws.com"
I would like to be able to access only the Rails app at / for now; I am not focused on the php5-fpm configurations yet.
Here are my .conf files:
sites-available/myapp.conf:
fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=mw_cache:10m max_size=10g inactive=60m use_temp_path=off;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
server {
listen 80;
listen [::]:80 ipv6only=on default_server;
server_name myapp.com;
charset utf-8;
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
root /var/www/myapp/public;
passenger_enabled on;
location /w {
alias /var/www/mediawiki-1.28.0;
index index.php index.html index.htm;
charset utf-8;
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_cache mw_cache;
fastcgi_cache_valid 200 60m;
try_files $uri /index.php =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:7777;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
error_log /var/log/nginx/mediawiki_error.log;
access_log /var/log/nginx/mediawiki_access.log;
}
error_log /var/log/nginx/rails_error.log;
access_log /var/log/nginx/rails_access.log;
}
nginx.conf:
user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
passenger_root /home/ubuntu/.rvm/gems/ruby-2.3.1#myapp/gems/passenger-5.1.1;
passenger_ruby /home/ubuntu/.rvm/gems/ruby-2.3.1#myapp/wrappers/ruby;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
I have a suspicion it has to do with how Passenger is installed or running, or it could be that I am running Passenger not as www-data but as ubuntu.
/var/www/myapp/ is also owned by ubuntu, though I have tried chown -R www-data /var/www/myapp and chown -R ubuntu:www-data /var/www/myapp to no avail.
Does anyone have any pointers from here?
Thanks.
Your config works for me: the app is started successfully, at least, if I start Nginx as root (how it usually is done).
Note that the user directive from your config tells Nginx what user to run its workers as, it does not specify what user to run the Passenger core as (that is inherited from what Nginx was started with).
My pointers would be as follows:
Usually the first thing to do is to check the logs.
Your config declares logfiles, but doesn't set the top level error log, so you're missing the Passenger log output.
To solve this, move the error_log /var/log/nginx/error.log; to above the http { line in your nginx.conf.
If needed, you can also set passenger_log_level 7; (in the http block) to get very detailed logs.
By changing the log level and observing the result you can also ensure that the config you think is being used, is actually the one that is used, on the URL that you are querying (i.e. you can see requests coming in).
Passenger has some troubleshooting tools, e.g. passenger-status can be used to inspect if it's running successfully. Note that you haven't declared a passenger_pre_start url, so your app won't be started by Passenger until the first request is routed to it.
Related
I have 12 sites that I plan to run on a single server that has NGinx and php5-fpm on it. I set them all up using one server block per conf file, all included by the main nginx.conf file. It's a mix of Wordpress, PhpMyAdmin, and PHP sites. The wordpress and PhpMyAdmin sites are working fine, but the PHP sites are not. Meaning, when I pull up example.com, Chrome says connection refused, and there's no trace of an incoming connection on NGinx logs. test.example.com pulls up the default site(because I didn't configure test.example.com then) at the same time.
I copied the nginx configs from the working sites to set up the sites that are not working, but no luck. The only difference in nginx config between the working and non-working sites are the server_name directive.
After checking and rechecking for over 2 hours, I found out that the sites that have the server_name as pqr.example.com work, but the ones with example.com don't. All of the working sites are configured to use subdomain URLs, and that's probably why they're working.
My questions are -
1. What am I missing in the config to make the abc.com work ?
2. I have two sites, example.com and example.net that I'm trying to run on the same server. Is that going to be a problem for NGinx ?
3. Does Nginx have a problem with differentiating between example.com, test.example.com, and example.net ?
4. I also noticed that if www.example.net works, www.example.com doesn't and vice versa, which means I have to assign each site that has the name abc in it different subdomains like www.example.net and test.example.com. Is this a standard/expected behavior of Nginx, or am I missing something ?
5. All of my base URLs auto redirect from http://example.com to http://www.example.com; How do I find out where that redirect is happening ?
Below are the Nginx config files that I'm having problems with, truncated to include the important parts; Please let me know if more info is needed.
Main nginx.conf file -
user www-data www-data;
pid /var/run/nginx.pid;
worker_processes 4;
worker_rlimit_nofile 100000;
events {
worker_connections 4096;
include /etc/nginx.custom.events.d/*.conf;
}
http {
default_type application/octet-stream;
access_log off;
error_log /var/log/nginx/error.log crit;
.......
server_tokens off;
include proxy.conf;
include fcgi.conf;
include conf.d/*.conf;
include /etc/nginx.custom.d/*.conf;
}
include /etc/nginx.custom.global.d/*.conf;
Here is the full working .conf file for a blog that works. All other sites have this full config, since they are just basic PHP sites.
server {
listen *:80;
server_name blog.example.com;
access_log /var/log/nginx/blog-example.access.log;
error_log /var/log/nginx/blog-example.error.log;
root /var/www/example/blog;
index index.html index.htm index.php;
# This order might seem weird - this is attempted to match last if rules below fail.
location / {
try_files $uri $uri/ /index.php?$args;
}
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
# Directives to send expires headers and turn off 404 error logging.
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~ /\. {
deny all;
}
# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
location ~ [^/]\.php(/|$) {
# Zero-day exploit defense.
# http://forum.nginx.org/read.php?2,88845,page=3
# Won't work properly (404 error) if the file is not stored on this server, which is entirely possible with php-fpm/php-fcgi.
# Comment the 'try_files' line out if you set up php-fpm/php-fcgi on another machine. And then cross your fingers that you won't get hacked.
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
include fcgi.conf;
fastcgi_pass unix:/var/run/php-fcgi-blog-example-php-fcgi-0.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
Here's the truncated .conf file for example.com
server {
listen *:80;
server_name example.com www.example.com test.example.com;
access_log /var/log/nginx/examplecom.access.log;
error_log /var/log/nginx/examplecom.error.log;
root /var/www/example/com;
index index.html index.htm index.php;
# This order might seem weird - this is attempted to match last if rules below fail.
location / {
try_files $uri $uri/ /index.php?$args;
}
........
location ~ [^/]\.php(/|$) {
......
fastcgi_index index.php;
include fcgi.conf;
fastcgi_pass unix:/var/run/php-fcgi-examplecom-php-fcgi-0.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
Here's the truncated file for example.net
server {
listen *:80;
server_name example.net www.example.net test.example.net;
access_log /var/log/nginx/examplenet.access.log;
error_log /var/log/nginx/examplenet.error.log;
root /var/www/example/net;
index index.html index.htm index.php;
# This order might seem weird - this is attempted to match last if rules below fail.
location / {
try_files $uri $uri/ /index.php?$args;
}
........
location ~ [^/]\.php(/|$) {
......
fastcgi_index index.php;
include fcgi.conf;
fastcgi_pass unix:/var/run/php-fcgi-examplenet-php-fcgi-0.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
Meaning, when I pull up example.com, Chrome says connection refused, and there's no trace of an incoming connection on NGinx logs. test.example.com pulls up the default site(because I didn't configure test.example.com then) at the same time.
Well, your server is listening. Chances are you haven't configured your DNS records correctly, or there is DNS caching. Set your host file to test this theory.
I am using WT-NMP software with combination of php,mysql and ngnix server.
worker_processes 1;
events {
worker_connections 1024;
}
http {
server_tokens off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
ssi off;
#Timeouts
client_body_timeout 5;
client_header_timeout 5;
keepalive_timeout 25 25;
send_timeout 15s;
resolver_timeout 3s;
#Directive sets timeout period for connection with FastCGI-server. It should be noted that this value can't exceed 75 seconds.
fastcgi_connect_timeout 5s;
#Directive sets the amount of time for upstream to wait for a fastcgi process to send data. Change this directive if you have long running fastcgi processes that do not produce output until they have finished processing. If you are seeing an upstream timed out error in the error log, then increase this parameter to something more appropriate.
fastcgi_read_timeout 40s;
#Directive specifies request timeout to the server. The timeout is calculated between two write operations, not for the whole request. If no data have been written during this period then serve closes the connection.
fastcgi_send_timeout 15s;
fastcgi_buffers 8 32k;
fastcgi_buffer_size 32k;
#fastcgi_busy_buffers_size 256k;
#fastcgi_temp_file_write_size 256k;
open_file_cache off;
#php max upload limit cannot be larger than this
client_max_body_size 8m;
####client_body_buffer_size 1K;
client_header_buffer_size 1k;
large_client_header_buffers 2 1k;
types_hash_max_size 2048;
include nginx.mimetypes.conf;
default_type text/html;
##
# Logging Settings
##
access_log "c:/wt-nmp/log/nginx_access.log";
error_log "c:/wt-nmp/log/nginx_error.log" warn; #debug or warn
log_not_found on; #enables or disables messages in error_log about files not found on disk.
rewrite_log off;
#Leave this off
fastcgi_intercept_errors off;
gzip off;
index index.php index.htm index.html;
server {
listen 127.0.0.1:80 default_server;
listen 127.0.0.1:8080;
#listen [::1]:80 ipv6only=on;
server_name mylocalhost;
root "c:/wt-nmp/www/projectname";
autoindex on;
error_log "c:/wt-nmp/log/nginx_error.log";
allow 127.0.0.1;
#allow ::1;
deny all;
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
#tools are now served from wt-nmp/include/tools/
location ~ ^/tools/.*\.php$ {
root "c:/wt-nmp/include";
try_files $uri =404;
include nginx.fastcgi.conf;
fastcgi_pass php_farm;
}
location ~ ^/tools/ {
root "c:/wt-nmp/include";
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass php_farm;
include nginx.fastcgi.conf;
}
}
include domains.d/*.conf;
include nginx.phpfarm.conf;
}
when I am trying to access with "mylocalhost" its working fine when I am firing an event and call ajax method . It is giving page not found message
WT-NMP - portable Nginx Mysql Php development stack for Windows README.md states:
Starting only one PHP-CGI server with wt-nmp.exe --phpCgiServers=1 will result in slow ajax requests since Nginx will not be able to process PHP scripts simultaneous.
So, make sure you use the latest version of WT-NMP and choose at least 3 PHP-CGI servers.
this is the first time i use nginx , and i have two problems with it,
the first one is that i want to redirect http://localhost/project automatically to http://localhot/project/en/ and en is subdirectory on project.
The second problem : in localhost/project/en/ i can see the index.php i mean the main page but every redirecting from the project give me 404 not found like localhost/project/en/people/ or
localhost/project/en/people/article1
NB : i use nginx in windows with drupal and . here is my configuration:
worker_processes 1;
events {
worker_connections 1024;
}
http {
server_tokens on;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
ssi off;
#Timeouts
client_body_timeout 5;
client_header_timeout 5;
keepalive_timeout 25 25;
send_timeout 15s;
resolver_timeout 3s;
#Directive sets timeout period for connection with FastCGI-server. It should be noted that this value can't exceed 75 seconds.
fastcgi_connect_timeout 5s;
#Directive sets the amount of time for upstream to wait for a fastcgi process to send data. Change this directive if you have long running fastcgi processes that do not produce output until they have finished processing. If you are seeing an upstream timed out error in the error log, then increase this parameter to something more appropriate.
fastcgi_read_timeout 400s;
#Directive specifies request timeout to the server. The timeout is calculated between two write operations, not for the whole request. If no data have been written during this period then serve closes the connection.
fastcgi_send_timeout 150s;
fastcgi_buffers 8 32k;
fastcgi_buffer_size 32k;
#fastcgi_busy_buffers_size 256k;
#fastcgi_temp_file_write_size 256k;
open_file_cache off;
#php max upload limit cannot be larger than this
client_max_body_size 8m;
####client_body_buffer_size 1K;
client_header_buffer_size 1k;
large_client_header_buffers 2 1k;
types_hash_max_size 2048;
include nginx.mimetypes.conf;
default_type text/html;
##
# Logging Settings
##
access_log "c:/wt-nmp/log/nginx_access.log";
error_log "c:/wt-nmp/log/nginx_error.log" warn; #debug or warn
log_not_found on; #enables or disables messages in error_log about files not found on disk.
rewrite_log off;
#Leave this off
fastcgi_intercept_errors off;
gzip off;
index index.php index.htm index.html;
server {
listen 127.0.0.1:80 default_server;
#listen [::1]:80 ipv6only=on;
server_name localhost;
root "c:/wt-nmp/www/";
autoindex on;
allow 127.0.0.1;
#allow ::1;
deny all;
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
# deny all;
}
location /project {
index index.php;
try_files $uri $uri/ #handler;
}
location #handler { rewrite / /project/en/index.php; }
location ~ ^/en/ {
root "c:/wt-nmp/www/project";
try_files $uri $uri/ /en/index.php?$args;
}
#tools are now served from wt-nmp/include/tools/
location ~ ^/tools/.*\.php$ {
root "c:/wt-nmp/include";
try_files $uri =404;
include nginx.fastcgi.conf;
fastcgi_pass php_farm;
}
location ~ ^/tools/ {
root "c:/wt-nmp/include";
}
location ~ \.php$ {
# try_files $uri =404;
# fastcgi_pass php_farm;
fastcgi_pass 127.0.0.1:9000;
include nginx.fastcgi.conf;
}
}
include domains.d/*.conf;
include nginx.phpfarm.conf;
}
WPN-XM Server Stack
Installation Instructions for Drupal 7
with "Clean URLs"
Installation Steps:
Download http://ftp.drupal.org/files/projects/drupal-7.34.zip
Extract into c:\wpn-xm\www
rename versionized folder to just "drupal" = full path to drupal = c:\wpn-xm\www\drupal
run drupal install - http://localhost/drupal/install.php
activate missing PHP extensions: maybe gd2, mbstring, then restart php
reload install page, all green, proceed to database dialog
before filling the database dialog, create database "drupal" in adminer, then use that as db in dialog
proceed with install steps until done
Browse: http://localhost/drupal/
Ok, you just installed Drupal on localhost.
URL Rewriting and Clean URLs Steps:
After the installation, 3 things are needed to get short URLs working:
provide new host "http://drupal.dev"
add a Nginx Configuration for URL rewriting
enabling "Clean URLs" in the Drupal Configuration
Important Notice
The short/nice/clean URLs work only for URLs starting with
"http://drupal.dev/" not for "localhost". Using megaphone: not working
with "http://localhost/..." - use "http://drupal.dev/...".
Add "drupal.dev" to hosts file
You need to add "drupal.dev" to your "hosts" file.
manually or
via the WPN-XM Server Control Panel - Steps:
right-click tray icon - "Manage Hosts"
"Add" - Data "127.0.01" "drupal.dev"
Click Ok.
The Windows Permissions Dialog pops up.
Click Ok, to allow writing to the "hosts" file.
If Anti-Virus tool blocks writing to the hosts file, disable AV it, repeat the steps, enable it again.
Check: http://drupal.dev/?q=admin - ok
-
**Add a Nginx server block for Drupal7 **
Use the following Nginx config file to activate rewriting URLs:
https://github.com/WPN-XM/software/blob/master/nginx/config/conf/domains-disabled/drupal7.conf
You might use an include directive in your main nginx.conf to load it.
Restart or rehash Nginx to activate the new configuration.
You can now start using the URL "http://drupal.dev" in your browser.
Important is the the following directive in your server block
# Make site accessible from http://drupal.dev/
server_name drupal.dev;
and the rewrite rule rewrite ^/(.*)$ /index.php?q=$1;.
Check: http://drupal.dev/admin
Activate "Clean URLs" in Drupal Configuration
Testing "Clean URLs"
http://drupal.dev/admin/config/search/clean-urls/check
Response: {"status":true}
Enabling "Clean URLs" (b)
http://drupal.dev/admin/config/search/clean-urls
Check Checkbox & Save.
Links in the menu should appear in "Clean URL" form without "?q=".
Final Checks:
Hover links in the menu and check for short URLs. - ok
http://drupal.dev/admin - ok
http://drupal.dev/user/login - ok
Done.
Iv'e setup an Nginx php server on a linux REHL machine.
When accessing html files all goes well, but trying to access php file, the file is downloaded instead of being executed.
This is my nginx.conf:
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
...and this is the server block:
server {
listen 80;
server_name {mywebsitename};
#access_log logs/host.access.log main;
location / {
root /usr/share/nginx/html/{mywebsitename}/;
}
location /ngx_status_2462 {
stub_status on;
access_log off;
allow all;
}
location ~ \.php$ {
# fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html/{mywebsitename}$fastcgi_script_name;
include fastcgi_params;
}
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
It might be because of the mimetype you're sending:
default_type application/octet-stream;
See: http://mimeapplication.net/octet-stream
I just had this exact same problem. I was using Ubuntu 12.04 and Linux Mint 14 so different OS but likely to have the same issues.
A couple of issues may happening. Firstly, you need to have php5-fpm installed (FastCGI Process Manager). I was trying to run it with my standard version of PHP but it was not working - http://www.php.net/manual/en/install.fpm.php
I also had Apache installed, and even if it weren't running it must have had some conflict because once I uninstalled Apache I was able to execute the PHP files.
I would also look at this line
fastcgi_pass 127.0.0.1:9000;
And consider changing it to
fastcgi_pass unix:/var/run/php5-fpm.sock;
Here is a detailed guide to installation of Nginx and PHP5-FPM for RHEL (and other OS's)
http://www.if-not-true-then-false.com/2011/install-nginx-php-fpm-on-fedora-centos-red-hat-rhel/
You need to change the user to nginx instead of apache in this file a/etc/php-fpm.d/www.conf
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
; RPM: apache Choosed to be able to access some dir as httpd
;user = apache
user = nginx
; RPM: Keep a group allowed to write in log dir.
;group = apache
group = nginx
and of course restart service php-fpm restart and service nginx restart
Comment out default_type application/octet-stream;
I got server setup with nginx+php-fpm and mysql.
I have another server with only installed php-fpm, so wanted to use as load balance.
But when I am using this dedacted server with php-fpm as load balancer, I got error when opening page: "Access denied."
/etc/nginx/nginx.conf
user www-data;
worker_processes 3;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 64;
access_log /var/log/nginx/access.log;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
tcp_nodelay on;
#gzip on;
upstream php {
server dedicatedserverip:9000;
}
include /etc/nginx/sites-enabled/*;
}
/etc/nginx/sites-enabled/site.org.conf
server {
listen 81;
server_name site.org www.site.org;
access_log /var/log/nginx/site.org.log;
error_log /var/log/nginx/site.org.log;
root /home/www/site.org;
index index.php;
location ~ .php$ {
fastcgi_pass php;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /home/www/$fastcgi_script_name;
}
}
Why I got this error? When I change only the fastcgi_pass to 127.0.0.1:9000 - all work fine.
If it's a blank page with "Access denied" on it, it's caused by security.limit_extensions directive that has been added to php-fpm.
If you don't have it in your php-fpm configuration, it defaults to .php and prevents all other file types from being parsed by the PHP interpreter producing "Access denied" when trying to do so.
You received that error because the files PHP-FPM don't exist on the PHP-FPM server.
fastcgi_param SCRIPT_FILENAME /home/www/$fastcgi_script_name;
or (I use this because it's simpler for multiple vhosts)
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
It seems Nginx simply provides the PHP-FPM server with the location of the file, and the PHP-FPM server then renders it. The simplest solution is to rsync the document root to the PHP-FPM server.
This post can explain details: http://code.google.com/p/sna/wiki/NginxWithPHPFPM