I want to make certain php files accessible via http only.
So I added location = /example.php{} as shown in the code below.
server {
listen 80;
ssl off;
server_name example.com www.example.com;
root /var/www/example;
location ~* \.(php)$ {
# dostufdd
}
location = /example.php {
#do stuff
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
server {
listen 443 ssl http2;
server_name example.com www.example.com;
root /var/www/example;
index index.php;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
ssl_dhparam /etc/letsencrypt/live/example.com/example.com.dhparam;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4;
# Set caches, protocols, and accepted ciphers. This config will
# merit an A+ SSL Labs score.
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kED$
error_log /var/log/nginx/example.error.log warn;
location / {
try_files $uri $uri/ /index.php?$args;
}
# Allow Lets Encrypt Domain Validation Program
location ^~ /.well-known/acme-challenge/ {
allow all;
}
# Block dot file (.htaccess .htpasswd .svn .git .env and so on.)
location ~ /\. {
deny all;
}
# Block (log file, binary, certificate, shell script, sql dump file) access.
location ~* \.(log|binary|pem|enc|crt|conf|cnf|sql|sh|key)$ {
deny all;
}
location = /robots.txt {
log_not_found off;
access_log off;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location ~* \.(css|js|ico|gif|jpe?g|png|svg|eot|otf|woff|woff2|ttf|ogg)$ {
expires max;
}
location ~ /.well-known {
allow all;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_read_timeout 180;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
However, if I try to access to http://example.com/example.php, the php file is
downloaded instead of executing.
but If i access https://example.com/example.php, it will be accessed normally.
I have no idea what to do.
Please help me.
Thank you.
Related
If I have this config in sites-available in nginx for the aforementioned wordpress site, it will not display the root page (403 error), but it will display specific pages if I enter their URL manually, such as https:// subdomain.domain.tld/suchandsuch
server {
listen 80;
server_name subdomain.domain.tld;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
## Your website name goes here.
server_name subdomain.domain.tld;
## Your only path reference.
root /var/www/subdomain.domain.tld;
ssl_certificate /etc/letsencrypt/live/subdomain.domain.tld/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/subdomain.domain.tld/privkey.pem;
## This should be in your http block and if it is, it's not needed here.
index index.php;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi_params;
fastcgi_intercept_errors on;
#fastcgi_pass php;
#The following parameter can be also included in fastcgi_params file
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}
However if I have this config set, it will do the opposite - it will show the root page, but any other pages I click on gives a 404 error:
server {
listen 80;
server_name subdomain.domain.tld;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name subdomain.domain.tld;
root /var/www/subdomain.domain.tld;
index index.php index.html;
access_log /var/log/nginx/subdomain.domain.tld-access.log;
error_log /var/log/nginx/subdomain.domain.tld-error.log;
ssl_certificate /etc/letsencrypt/live/subdomain.domain.tld/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/subdomain.domain.tld/privkey.pem;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}
Could some part of each config be needed to be combined together to make a working config for wordpress?
I expected the wordpress files and MySQL database to function as it had on the Apache server I had it on previously.
ChatGPT did a bang-up job of helping me figure this out.
Here is the final config:
server {
listen 80;
server_name subdomain.domain.tld;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name subdomain.domain.tld;
root /var/www/subdomain.domain.tld;
index index.php index.html;
access_log /var/log/nginx/subdomain.domain.tld-access.log;
error_log /var/log/nginx/subdomain.domain.tld-error.log;
ssl_certificate /etc/letsencrypt/live/subdomain.domain.tld/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/subdomain.domain.tld/privkey.pem;
## This should be in your http block and if it is, it's not needed here.
index index.php;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
}
location ~ \.php$ {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi_params;
fastcgi_intercept_errors on;
#fastcgi_pass php;
#The following parameter can be also included in fastcgi_params file
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}
I have a nginx block for a wordpress installation, and a subdirectory which redirects to an app I have running. I want .php urls that go to the subdirectory to not be evaluated by fastcgi, since the app has it's own special system for evaluating them. However, php URLs still go to the fastcgi block and return a 404.
Nginx configuration:
server {
listen 0.0.0.0:443 http2 default_server;
listen [::]:443 http2 default_server;
ssl on;
ssl_certificate /etc/nginx/certificate.pem;
ssl_certificate_key /etc/nginx/certificate.key;
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
root /var/www/wordpress;
index index.html index.php;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location /my_app {
proxy_pass http://localhost:8081/;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
I want /index.php to be evaluated by fastcgi.
I want /my_app/index.php to be proxy_pass'd to my app.
Although I do not have laravel setup on the server I am just trying to display some php files
In my root directory I have /public/dashboard which is executed by domain.com/dashboard
It shows up fine but as soon as I try to append something to "dashboard" it redirects back to /dashboard
For example type domain.com/dashboard/test it goes back to domain.com/dashboard
I have nothing in my htaccess file. Here is my nginx config:
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/domain.com/before/*;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name jackco.biz;
root /home/forge/domain.com/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/domain.com/292197/server.crt;
ssl_certificate_key /etc/nginx/ssl/domain.com/292197/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers '';
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
#add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/domain.com/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/domain.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php5.6-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_read_timeout 600;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/domain.com/after/*;
Any thoughts to disable the constant redirect/rewite?
i have a nginx server running and want to remove the .php extension from my files. I have allready tried a few things but the only thing i managed to accopmplish was breaking the fastcgi proccessing leading into downloading php files. The server is running fine with the following configuration:
##
# Virtual Host configuration for example.com
##
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GC$
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/letsencrypt/dhparams.pem;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
root /usr/share/nginx/html/example/;
index index.php;
server_name example.com www.example.com;
location / {
try_files $uri $uri/ =404;
}
location /uploads {
deny all;
}
error_page 404 /templates/404.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
fastcgi_intercept_errors on;
}
location ~* \.(?:ttf|ttc|otf|eot|woff|font.css|jpg|jpeg|png|gif|ico|css|js)$ {
expires 365d;
access_log off;
add_header Cache-Control "public";
}
location ~ /\. {
deny all;
}
}
Thank you for your effort and time.
##
# Virtual Host configuration for example.com
##
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GC$
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/letsencrypt/dhparams.pem;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
root /usr/share/nginx/html/example/;
index index.php;
server_name example.com www.example.com;
location / {
try_files $uri $uri/ #extensionless-php; // add #extensionless-php
}
location /uploads {
deny all;
}
error_page 404 /templates/404.php;
location ~ \.php$ {
try_files $uri =404; // add this
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
fastcgi_intercept_errors on;
}
location #extensionless-php { // add this block
rewrite ^(.*)$ $1.php last;
}
location ~* \.(?:ttf|ttc|otf|eot|woff|font.css|jpg|jpeg|png|gif|ico|css|js)$ {
expires 365d;
access_log off;
add_header Cache-Control "public";
}
location ~ /\. {
deny all;
}
}
from this site http://www.tweaktalk.net/60/nginx-remove-php-file-extension-from-url
Say I have wordpress installed and served at example.com using nginx.
I would like example.com/microsite to be served by a separate wordpress installation in another root directory.
I've included my nginx configuration which is not working. the calls to /microsite are passed to the main site's index.php and I get a 404.
server {
listen 80;
server_name example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 80;
server_name www.example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443;
ssl_certificate /etc/ssl/certs/Example.pem;
ssl_certificate_key /etc/ssl/private/example.key;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
server_name www.example.com;
root /var/www/www.example.com;
index index.php;
access_log off;
client_max_body_size 15M;
gzip on;
########## BEGIN MICRO-SITES
# Mini Site Conference
location /minisite/ {
root /var/www/minisite;
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}
#END Mini Site Conference
######### END MICRO-SITES
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_intercept_errors on;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}
Was easier to just move the subdirectory inside the main wordpress file and use the following:
# Micro site
location /microsite/ {
try_files $uri $uri/ /microsite/index.php?$args;
}