I have edited my fastcgi.conf file and added the following in an attempt to access the $http_referer: fastcgi_param HTTP_REFERER $http_referer;.
After doing so I made sure to reload my php-fpm.
In this example I'm attempting to stop any domain with google in it from refering to my domain, but when I try to restart my nginx I get the error: Invalid Condition: "$http_referer".
server {
listen 80;
server_name server.domain;
if($http_referer != "") {
if ($http_referer ~* (google)) {
return $http_referer;
}
}
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl default deferred;
root /var/www/html;
server_name server.domain;
if($http_referer != "") {
if ($http_referer ~* (google)) {
return $http_referer;
}
}
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.html;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
}
My thoughts are either I did not add the $http_referer into the fastcgi.conf correctly or maybe I added it to the wrong file so it didn't load... or I possibly did not include the fastcgi_params correctly.
Additionally, maybe I need to install a module ontop of nginx, but I'm not sure how to add them.
Related
Some details about my setup first:
I am serving a static webapp (HTML + JS) from default Nginx webroot
I have a PHP-FPM server running on localhost:9000
The destination file should be /api/webroot/index.php for FPM (always, no need to try_files etc.)
I need to forward all /api and /api-debug calls to arrive at localhost:9000, and the /app/webroot/index.php should handle all these requests.
I have the following working Nginx configuration:
upstream fastcgi_backend {
server localhost:9000;
keepalive 30;
}
server {
listen 80;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
location ~ ^/(api|api-debug)/ {
root /app/webroot;
index index.php;
try_files $uri /api/index.php$is_args$args;
location ~ \.php$ {
fastcgi_pass fastcgi_backend;
fastcgi_split_path_info ^(?:\/api\/)(.+\.php)(.*)$;
fastcgi_param SCRIPT_FILENAME /app/webroot/$fastcgi_script_name;
include fastcgi_params;
}
}
}
}
I just want to make it more simple and efficient, because as I see it now it's a mess.
I tried to adjust for example
try_files $uri /api/index.php$is_args$args;
to
try_files $uri /api/webroot/index.php$is_args$args;
and it failed... The only reason that it works is that /api/index.php includes /api/webroot/index.php, but I see it's inefficient.
I found debugging nginx config hard, because it's not easy to test.
Thank you very much for your help in advance!
The simplest solution would be to hardwire SCRIPT_FILENAME with a value of /app/webroot/index.php and remove one of your location blocks altogether.
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
location ~ ^/(api|api-debug)/ {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /app/webroot/index.php;
fastcgi_pass fastcgi_backend;
}
Alternatively, to keep the flexibility of specifying a URI with a .php extension, you could simplify the configuration with:
location / {
root /usr/share/nginx/html;
index index.html index.htm;
rewrite ^/(api|api-debug)/ /index.php last;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /app/webroot$uri;
fastcgi_pass fastcgi_backend;
}
I have a PHP website that uses subdomains for each user.
I want to be able to internally route cname.otherdomain.com to otherdomain.domain.com and pass this to PHP.
Currently I have this
server {
listen 80;
server_name cname.otherdomain.com;
rewrite ^ $scheme://otherdomain.domain.com$request_uri;
}
server {
listen 80 default_server;
server_name ~^(?<subdomain>[a-z\_\-\.]+)?\.?domain\.com$ "";
root g:/www;
index index.php;
#error_log /var/log/nginx/debug.log debug;
location ~ (?:application|modules|system) {
deny all;
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}
location ^~ /index.php {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SERVER_NAME $http_host;
fastcgi_pass 127.0.0.1:9999;
}
}
If you want to hide this from the user, you need to keep it within a single server block. You could create a server block which captures the subdomain and reuses it with the fastcgi location block:
server {
server_name ~^cname\.(?<subdomain>.+)\.com$;
...
location ... {
fastcgi_param SERVER_NAME $subdomain.domain.com;
}
}
server {
listen 80 default_server;
...
}
Large amounts of duplication within nginx configuration files can be managed with include statements.
Nginx 1.6.2 on Debian Jessie
I want to map all example.com/forum/ requests to /path/to/htdocs/phpbb and cut off the /forum/ part in the URI. Someone on Stackoverflow recommended the "rewrite" solution instead of "alias", because there are some bugs.
server
{
listen [::]:80;
server_name example.com;
root /var/www/html;
index index.php index.html;
#try_files $uri $uri/ =404;
location /forum/
{
root /path/to/htdocs/phpbb;
rewrite ^/forum/(.*)$ /$1 break;
location ~ .+\.php$
{
rewrite ^/forum/(.*)$ /$1 break;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
}
}
The example configuration works fine – example.com/forum/viewtopic.php executes the script /path/to/htdocs/phpbb/viewtopic.php – but example.com/ (index.php) doesn't work:
"/var/www/html/index.php" failed (2: No such file or directory)
After removing the "index" line from server block:
directory index of "/path/to/htdocs/phpbb/" is forbidden
After moving the "index" and/or "try_files" line(s) into the location block:
index.php served without passing over to php-fpm…
Ok, what's wrong with my config? Any hints?
Ok, alias is buggy (rewrite too…), but if you avoid try_files and use if instead (even if evil…) it should work!
server
{
listen [::]:80;
server_name example.com;
root /var/www/html;
location /forum/
{
alias /path/to/htdocs/phpbb/;
index index.php index.html;
location ~ "^(/forum/)(.+\.php)(/.+){0,1}$"
{
if (!-f $document_root$2)
{
return 404;
}
fastcgi_index index.php;
include fastcgi.conf;
fastcgi_param SCRIPT_FILENAME $document_root$2;
fastcgi_param SCRIPT_NAME $1$2;
fastcgi_param PATH_INFO $3;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
}
}
phpinfo() looks fine, but one question remains: Is it secure?
Weird problem. In my Nginx vhost configuration I am setting variable such as ENV to tell PHP if it should act differently depending on the environment.
For example:
location / {
...
fastcgi_param ENV production;
...
}
And then PHP reads it like:
<?php
if($SERVER['ENV'] == 'production' {
//Do This
} else {
//Do That
}
This works normally. But when the site is accessed through a cname, it seems the ENV variable is no longer being read. What could be causing this?
Full Server BLock
server {
listen 80;
server_name example.com www.example.com;
location / {
root /data/sites/www.example.com/public_html/;
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?rt=$uri&$args;
}
location ~ \.php$ {
root /data/sites/www.example.com/public_html/;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param ENV production;
fastcgi_param HTTPS off;
}
}
I would like to rewrite 'https://www.example.com' and 'https://example.com' to 'http://www.example.com' or 'http://example.com respectively'. I only want to write that specific part of the site not any subfolders or php related pages. How do I do this?
I use it in the other direction (not tested in this direction but should work).
if ( $scheme = https )
{
rewrite ^ http://$host$uri;
}
EDIT: limit to a location and end don't try to rewrite more:
location / {
if ( $scheme = https )
{
rewrite ^ http://$host$uri last;
}
}
I've used something similar to the following, which avoid's IfIsEvil and uses return instead of rewrite . However it fails DRY, which bothers me.. Suggestions welcome.
server {
listen 80;
server_name .example.com;
index index.html index.htm index.php;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock ;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 443 ssl;
server_name .example.com;
ssl_certificate /etc/ssl/certs/example.com.cert;
ssl_certificate_key /etc/ssl/private/example.com.key;
index index.html index.htm index.php;
# Rewrite only / to http
location = / {
return 301 http://$server_name$request_uri;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock ;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
See also
nginx http location docs
related nginx https to http answer