I"m trying to get the configuration for NGINX to work with WordPress being the default such as domain.com and the Laravel app being domain.com/app.
I'm not opposed to it being a sub-domain, but I wanted to try this first. I'm not sure which is easier / better.
The directories are:
WP - /var/www/wordpress
L5 - /var/www/laravel
server {
client_max_body_size 10M;
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/wordpress;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name somename;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
log_not_found off;
access_log off;
allow all;
}
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location /app/ {
alias /var/www/laravel/public;
try_files $uri $uri/ /app//app/index.php?$query_string;
location ~ /app/.+\.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}
location ~ /\.ht {
deny all;
}
}
I cannot confirm that this will work as I do not know Laravel. Two PHP apps without a common root will need two PHP locations (which you have). However, the location /app/ statement needs to use the ^~ modifier to stop the wrong PHP location from being selected. See this document for details.
location ^~ /app/ {
alias /var/www/laravel/public/;
if (!-e $request_filename) { rewrite ^ /app/index.php last; }
location ~ \.php$ {
if (!-f $request_filename) { return 404; }
include snippets/fastcgi-php.conf;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}
I see your question includes a fix for the alias/try_files bug - but I prefer the the if block solution above.
Related
We have a website where we are using a Laravel for the part available to the end-user, and an older legacy codebase for the admin panel.
Currently root is the public folder for the currently deployed version.
The website folder structure looks something like this:
admin/
|____index.php <-- desired entrypoint for admin-related requests
app/
public/
|____index.php <-- main entrypoint for website
resources/
routes/
So, when someone wants to access the admin panel they go to example.com/admin
Here's the current nginx configs file we are using.
example.com
server {
server_name example.com;
root /var/www/example.com/current/public;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
index index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location /admin {
proxy_pass http://localhost:3000;
}
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
example.com/admin
server {
listen 3000;
server_name example.com;
root /var/www/example.com/current/admin;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
index index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
I'm not very well versed in nginx server configuration and would love som assistance on this.
EDIT 1
Config file using map:
EDIT 2
Updated the config below with the changes made to make it work.
map $uri $siteroot {
# This didn't work, per the accepted answer.
# ^/admin /var/www/example.com/current/admin;
# This works great!
^/admin /var/www/example.com/current;
default /var/www/example.com/current/public;
}
server {
server_name example.com;
root $siteroot;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
index index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name example.com;
return 404; # managed by Certbot
}
If you try changing root directory, Nginx will shows not found error.
Because, Nginx tries find file with request path even you changed root.
For example, If you change root directory for /admin path to /app/admin, Nginx will find file in /app/admin/admin. That's why you can't reach file.
Try insert rewrite /admin(.*) $1 break; line at /admin location block and set root path, or use alias expression.
I would use map directive for this, something like
map $uri $siteroot {
~^/admin /var/www/example.com/current/admin;
default /var/www/example.com/current/public;
}
server {
server_name example.com;
root $siteroot;
...
}
I am trying to exclude path client and every url that contains client from https, using nginx.
server {
listen 80;
server_name example.com www.example.com;
location / {
return 301 https://www.example.com$request_uri;
}
location /client/ {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
server {
listen 443 ssl;
server_name example.com www.example.com;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
root /var/www/laravel/public;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php?$query_string;
}
location /client/ {
return 301 http://www.example.com$request_uri;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
location ~ /.well-known {
allow all;
}
location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
expires 30d;
add_header Vary Accept-Encoding;
access_log off;
}
}
I removed ssl certificate key from second server block.
When i type https://example.com/client, i get redirected to http://www.example.com/client (as expected). I have a simple index.php file inside client folder that is not getting executed. I am seeing too many redirects in browser.
Credit to https://stackoverflow.com/users/4862445/richard-smith
Added root and index statements in first server block.
server {
listen 80;
server_name example.com www.example.com;
root /var/www/laravel/public; #LINE-ADDED
index index.php index.html index.htm; #LINE-ADDED
# other code here ...
}
Im using nginx with a very simple configuration, it works for all php sites in the subdirs of /usr/share/nginx/www/.
But now id like to make a new project in a subdirectory with rewrite rules.
So i decide to make a .conf for this beside the default.
But the rewriting is not working cause of the error "rewrite or internal redirection cycle".
default
server {
listen 80 default_server;
# listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/www;
index index.php index.html index.htm;
# Make site accessible from http://localhost/
server_name localhost;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.html;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
location /doc/ {
alias /usr/share/doc/;
autoindex on;
allow 127.0.0.1;
allow ::1;
deny all;
}
location ~ \.php$ {
try_files $uri =404;
# fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
# With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_intercept_errors on;
}
location ~ /\. {
access_log off;
log_not_found off;
deny all;
}
}
newproject.conf
# nginx configuration
autoindex off;
location /newproject/ {
if (!-e $request_filename) {
rewrite ^/newproject/(.+)$ /newproject/index.php?url=$1 break;
}
}
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.html;
This part about fall back to 404 is wrong. Probably you have missed =404 here, which resulted in redirection cycle (it redirects to /index.html again and again).
Please note from the documentation:
If none of the files were found, an internal redirect to the uri specified in the last parameter is made.
I have a Problem with our Nginx configuration, We have Wordpress in our current root directory and i would like to setup owncloud on /owncloud by using a directory outside of our root. I have tried to setup an alias in nginx but i get an "access denied" from nginx or php i'am not sure.
My nginx config:
server {
listen 134.34.60.101:80; ## listen for ipv4; this line is default and implied
# listen [::]:80 default ipv6only=on; ## listen for ipv6
listen 134.34.60.101:443 default ssl;
server_name fachschaft.inf.uni-konstanz.de www.fachschaft.inf.uni-konstanz.de;
#root /usr/share/nginx/www;
root /srv/www/website/current;
index index.php;
# reroute to old svn for now - Sammy 2013-11-26
rewrite ^/svn/fachschaft(/.*)$ https://134.34.58.21/svn/fachschaft$1;
ssl_certificate ssl/chained-nginx.crt;
ssl_certificate_key ssl/key-no-pw.pem;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
if ($ssl_protocol = "") {
rewrite ^ https://www.fachschaft.inf.uni-konstanz.de$request_uri? redirect;
}
#Owncloudsettings:
client_max_body_size 256M; # set max upload size
fastcgi_buffers 64 4K;
rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location /doc/ {
alias /usr/share/doc/;
autoindex on;
allow 127.0.0.1;
deny all;
}
location ~ /adminier {
# TODO find a better solution...
alias /srv/www/adminier/index.php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location /owncloud {
alias /srv/www/owncloud;
try_files $uri $uri/ /index.php?$args;
# fastcgi_split_path_info ^(/owncloud/.+\.php)(/.+)$;
fastcgi_split_path_info ^/owncloud/(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
#Owncloud:
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
location ~ ^/owncloud/(data|config|\.ht|db_structure\.xml|README) {
deny all;
}
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root /usr/share/nginx/www;
#}
# Roots Wordpress Theme Rewrites
# See http://roots.io/roots-101/
location ~ ^/assets/(img|js|css|fonts)/(.*)$ {
try_files $uri $uri/ /content/themes/fsinf-v2/assets/$1/$2;
}
location ~ ^/plugins/(.*)$ {
try_files $uri $uri/ /content/plugins/$1;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
#fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
# With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# With php5-fpm:
#fastcgi_pass unix:/var/run/php5-fpm.sock;
#fastcgi_index index.php;
include fastcgi_params;
#}
location ~ ^(.+?\.php)(/.*)?$ {
try_files $1 = 404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$1;
fastcgi_param PATH_INFO $2;
fastcgi_param htaccessWorking true;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
# location ~ /\.ht {
# deny all;
#}
location ~ ^/owncloud/(data|config|\.ht|db_structure\.xml|README) {
deny all;
}
}
Has anyone an idea how it will work?
1) First of all, check
fastcgi_split_path_info ^/owncloud/(.+\.php)(/.+)$;
I think You must use (.+?.php) here, ? will allow to correctly operate with *.php file as user data (I see You use it above). BTW, create info.php with
<?php
phpinfo();
?>
Upload it to You server and try download it from owncloud/remote.php/webdav/SOME_FOLDER/info.php, its must start downloading, not executing.
2) Make sure that fastcgi parameter PATH_INFO set correctly (using that info.php file), if not, try use
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
Don't ask me why it's set in such odd way, there was a bug, I don't remember where I found this solution…
3) Why You are using fastcgi_split_path_info in location /owncloud? This location is not blocking further regex matches (use location ^~ … to avoid it), so php scripts won't get there, it will be matched in location ~ ^(.+?\.php)(/.*)?$ below, which, by the way, seems doesn't have fastcgi_split_path_info.
Can't say more, sorry, I just using owncloud for my home PC
PS) I recommend You use include directive to split one huge config in multiple small configs to increase readability …
I am trying to set up the nginx server to run a Yii application. I have created a bootsrap yii application using the yiic command and the folder is currently present in /usr/share/nginx/www. The folder is called mysite. I have managed to get this running with the following config in the /etc/nginx/sites-available/default
# You may add here your
# server {
# ...
# }
# statements for each of your virtual hosts to this file
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
server {
set $host_path "/usr/share/nginx/";
access_log /usr/share/nginx/www/log/access.log;
server_name diabcalc;
root $host_path/www;
set $yii_bootstrap "index.php";
charset utf-8;
location / {
index index.html $yii_bootstrap;
try_files $uri $uri/ /$yii_bootstrap?$args;
}
location ~ ^/(protected|framework|themes/\w+/views) {
deny all;
}
#avoid processing of calls to unexisting static files by yii
location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
try_files $uri =404;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php {
fastcgi_split_path_info ^(.+\.php)(.*)$;
#let yii catch the calls to unexising PHP files
set $fsn /$yii_bootstrap;
if (-f $document_root$fastcgi_script_name){
set $fsn $fastcgi_script_name;
}
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fsn;
#PATH_INFO and PATH_TRANSLATED can be omitted, but RFC 3875 specifies them for CGI
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fsn;
}
location ~ /\.ht {
deny all;
}
}
server {
listen 80;
server_name phpmyadmin;
root /usr/share/nginx/www/;
index index.php index.html;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make sure files with the following extensions do not get loaded by nginx because nginx would display the source code, and these files can contain PASSWORDS!
location ~* \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_ {
deny all;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ {
expires max;
log_not_found off;
}
location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# root html;
# index index.html index.htm;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
# HTTPS server
#
#server {
# listen 443;
# server_name localhost;
#
# root html;
# index index.html index.htm;
#
# ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
#
# ssl_session_timeout 5m;
#
# ssl_protocols SSLv3 TLSv1;
# ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
# ssl_prefer_server_ciphers on;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
I have now copied phpmyadmin to the very same folder under which the application resides, ie, /usr/share/nginx/www. So the two folders mysite and phpadmin are present within the above folder. But I cannot get phpadmin to be displayed and I am not sure how to set this up in the nginx config. Any help is greatly appreciated.
nginx won't handle PHP by itself. You need something to proxy the PHP requests to - PHP-FPM or Apache are common.