My PHP application static files are served all right when running Apache but they are denied access when running Nginx although both http servers use my own user (the one I log in my Linux machine with) as their user.
The issue therefore lies within the Nginx or php-fpm configuration.
Here is some of the nginx.conf content:
user stephane;
worker_processes 1;
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
upstream php5-fpm-sock {
server unix:/home/stephane/programs/install/php5-fpm.sock;
}
server {
listen 80;
server_name localhost;
charset utf-8;
location / {
root html;
index index.html index.htm;
}
location ~ \.php$ {
try_files $uri = 404;
fastcgi_index index.php;
fastcgi_pass php5-fpm-sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\. {
access_log off;
log_not_found off;
deny all;
}
}
include conf.d/*.conf;
include sites-enabled/*;
}
Here is the Nginx virtual host configuration:
server {
listen 443;
server_name dev.extrapack.group.com;
root /home/stephane/dev/php/projects/Extrapack-Mon/public;
ssl on;
ssl_certificate /home/stephane/programs/install/nginx/conf/sites-available/extrapack.group.com.crt;
ssl_certificate_key /home/stephane/programs/install/nginx/conf/sites-available/extrapack.group.com.key;
location /simplesaml {
index index.php;
alias /usr/share/simplesaml/www;
location ~ ^/simplesaml/(module\.php)(/.+)$ {
include fastcgi_params;
fastcgi_pass php5-fpm-sock;
fastcgi_split_path_info ^/simplesaml/(module\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME /usr/share/simplesaml/www/$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_index index.php;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass php5-fpm-sock;
}
}
location / {
include fastcgi_params;
fastcgi_pass php5-fpm-sock;
fastcgi_split_path_info ^(.+\.php)(.*)$;
try_files $uri /index.php?$args;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS 'on'; # Make PHP-FPM aware that this vhost is HTTPs enabled
fastcgi_param APPLICATION_ENV development;
fastcgi_index index.php;
}
}
And the Apache virtual host configuration (that works fine accessing all the static resources):
<VirtualHost *:443>
ServerName dev.extrapack.group.com
DocumentRoot "/home/stephane/dev/php/projects/Extrapack-Mon/public"
<Directory "/home/stephane/dev/php/projects/Extrapack-Mon/public">
Options Indexes FollowSymLinks Includes
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
Replace your location / with these two locations:
location / {
try_files $uri /index.php?$args;
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
include fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass php5-fpm-sock;
fastcgi_param HTTPS 'on'; # Make PHP-FPM aware that this vhost is HTTPs enabled
fastcgi_param APPLICATION_ENV development;
fastcgi_index index.php;
}
The first location handles static files.
The second location handles .php files. Since it is a regexp-location (with ~) it has precedence over the first location if it matches, so .php-files get executed.
Related
I recently did a one-click installation on a Ubuntu server set up via Vultr. There is a PHP URL path (site.com/home.php) that I want to 301 redirect to the root folder (site.com/) but nothign has worked so far. Here are a few things I tried...
Set up .htacess file with mod rewrite rule (seems to ignore this)
Looked into nginx config files. I have three.
cockpit.conf
wordpress_http.conf
wordpress_https.conf
I tried updating a few things based on other threads but nothing worked (I'm a beginner with server configurations so I might have done the wrong thing too).
The content of each config file is:
cockpit.conf
server {
listen 9080 ssl;
server_name _;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
# set max upload size
client_max_body_size 2G;
fastcgi_buffers 64 4K;
access_log /var/log/nginx/cockpit_access.log combined;
error_log /var/log/nginx/cockpit_error.log;
server_tokens off;
location / {
# Required to proxy the connection to Cockpit
proxy_pass https://127.0.0.1:9090;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
# Required for web sockets to function
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Pass ETag header from Cockpit to clients.
# See: https://github.com/cockpit-project/cockpit/issues/5239
gzip off;
}
}
wordpress_http.conf
upstream php-handler-http {
server 127.0.0.1:9000;
}
server {
listen 80 default_server;
server_name _;
#server_name wordpress.example.com;
root /var/www/html/;
index index.php;
# set max upload size
client_max_body_size 2G;
fastcgi_buffers 64 4K;
access_log /var/log/nginx/wordpress_http_access.log combined;
error_log /var/log/nginx/wordpress_http_error.log;
server_tokens off;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
try_files $uri $uri/ /index.php?$args ;
}
# protected area (XHProf)
location ^~ /xhprof/xhprof_html/ {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/htpasswd/xhprof;
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PHP_FLAG "session.auto_start=off \n mbstring.encoding_translation=off";
fastcgi_param PHP_VALUE "assert.active=0 \n mbstring.http_input=pass \n mbstring.http_output=pass";
fastcgi_pass php-handler-http ;
fastcgi_read_timeout 60s;
}
}
# protected area (phpmyadmin)
location ^~ /mysqladmin/ {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/htpasswd/phpmyadmin;
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PHP_FLAG "session.auto_start=off \n mbstring.encoding_translation=off";
fastcgi_param PHP_VALUE "assert.active=0 \n mbstring.http_input=pass \n mbstring.http_output=pass";
fastcgi_pass php-handler-http ;
fastcgi_read_timeout 60s;
}
}
location ^~ /wp-admin/install.php {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/htpasswd/wpadmin;
location ~* \.(htaccess|htpasswd) {
deny all;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PHP_VALUE "auto_prepend_file=/var/www/html/xhprof/external/header.php";
fastcgi_pass php-handler-http;
fastcgi_read_timeout 60s;
}
}
location ~* \.(htaccess|htpasswd) {
deny all;
}
location ~* \.(?:ini|conf|txt)$ {
deny all;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PHP_VALUE "auto_prepend_file=/var/www/html/xhprof/external/header.php";
fastcgi_pass php-handler-http;
fastcgi_read_timeout 60s;
}
# set long EXPIRES header on static assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
expires 30d;
access_log off;
}
}
wordpress_https.conf
upstream php-handler-https {
server 127.0.0.1:9000;
}
server {
listen 443 ssl default_server;
server_name _;
#server_name wordpress.example.com;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
root /var/www/html/;
index index.php;
# set max upload size
client_max_body_size 2G;
fastcgi_buffers 64 4K;
access_log /var/log/nginx/wordpress_https_access.log combined;
error_log /var/log/nginx/wordpress_https_error.log;
server_tokens off;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
try_files $uri $uri/ /index.php?$args ;
}
# protected area (XHProf)
location ^~ /xhprof/xhprof_html/ {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/htpasswd/xhprof;
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PHP_FLAG "session.auto_start=off \n mbstring.encoding_translation=off";
fastcgi_param PHP_VALUE "assert.active=0 \n mbstring.http_input=pass \n mbstring.http_output=pass";
fastcgi_pass php-handler-http ;
fastcgi_read_timeout 60s;
}
}
# protected area (phpmyadmin)
location ^~ /mysqladmin/ {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/htpasswd/phpmyadmin;
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PHP_FLAG "session.auto_start=off \n mbstring.encoding_translation=off";
fastcgi_param PHP_VALUE "assert.active=0 \n mbstring.http_input=pass \n mbstring.http_output=pass";
fastcgi_pass php-handler-http ;
fastcgi_read_timeout 60s;
}
}
location ^~ /wp-admin/install.php {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/htpasswd/wpadmin;
location ~* \.(htaccess|htpasswd) {
deny all;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param PHP_VALUE "auto_prepend_file=/var/www/html/xhprof/external/header.php";
fastcgi_pass php-handler-https;
fastcgi_read_timeout 60s;
}
}
location ~* \.(htaccess|htpasswd) {
deny all;
}
location ~* \.(?:ini|conf|txt)$ {
deny all;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param PHP_VALUE "auto_prepend_file=/var/www/html/xhprof/external/header.php";
fastcgi_pass php-handler-https;
fastcgi_read_timeout 60s;
}
# set long EXPIRES header on static assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
expires 30d;
access_log off;
}
}
server {
listen 443 ssl ;
server_name www.gardenfreshsalsa.com gardenfreshsalsa.com; # managed by Certbot
#server_name wordpress.example.com;
ssl_certificate /etc/letsencrypt/live/gardenfreshsalsa.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/gardenfreshsalsa.com/privkey.pem; # managed by Certbot
root /var/www/html/;
index index.php;
# set max upload size
client_max_body_size 2G;
fastcgi_buffers 64 4K;
access_log /var/log/nginx/wordpress_https_access.log combined;
error_log /var/log/nginx/wordpress_https_error.log;
server_tokens off;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
try_files $uri $uri/ /index.php?$args ;
}
# protected area (XHProf)
location ^~ /xhprof/xhprof_html/ {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/htpasswd/xhprof;
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PHP_FLAG "session.auto_start=off \n mbstring.encoding_translation=off";
fastcgi_param PHP_VALUE "assert.active=0 \n mbstring.http_input=pass \n mbstring.http_output=pass";
fastcgi_pass php-handler-http ;
fastcgi_read_timeout 60s;
}
}
# protected area (phpmyadmin)
location ^~ /mysqladmin/ {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/htpasswd/phpmyadmin;
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PHP_FLAG "session.auto_start=off \n mbstring.encoding_translation=off";
fastcgi_param PHP_VALUE "assert.active=0 \n mbstring.http_input=pass \n mbstring.http_output=pass";
fastcgi_pass php-handler-http ;
fastcgi_read_timeout 60s;
}
}
location ^~ /wp-admin/install.php {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/htpasswd/wpadmin;
location ~* \.(htaccess|htpasswd) {
deny all;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param PHP_VALUE "auto_prepend_file=/var/www/html/xhprof/external/header.php";
fastcgi_pass php-handler-https;
fastcgi_read_timeout 60s;
}
}
location ~* \.(htaccess|htpasswd) {
deny all;
}
location ~* \.(?:ini|conf|txt)$ {
deny all;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param PHP_VALUE "auto_prepend_file=/var/www/html/xhprof/external/header.php";
fastcgi_pass php-handler-https;
fastcgi_read_timeout 60s;
}
# set long EXPIRES header on static assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
expires 30d;
access_log off;
}
}
Would someone be able to point me in the right direction?
Desired Result
https://www.abcde.org/home.php -> 301 redirects https://www.abcde.org/
Is your .htaccess located in ...site/public with proper permissions?
Try this in your htaccess:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^home\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /home.php [L]
</IfModule>
# END WordPress
I have some site on Nginx with page and API for it. Location of html page is
var/www/mysite/mysite_rest
and location of api is
var/www/mysite/mysite_rest/api
The next configuration works fine for me:
server {
listen 80;
server_name example.com;
# return 301 https://$host$request_uri;
return 301 https://example.com;
rewrite ^ https://example.com$request_uri? permanent;
client_max_body_size 350M;
}
server {
listen 443 ssl http2;
server_name example.com;
charset UTF-8;
# certs sent to the client in SERVER HELLO are concatenated in
ssl_certificate
ssl_certificate /etc/ssl/example.crt;
ssl_certificate_key /etc/ssl/example.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 30m;
keepalive_timeout 70;
ssl_session_tickets off;
ssl_dhparam /etc/ssl/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers off;
# ssl_stapling on;
ssl_trusted_certificate /etc/ssl/example.crt;
# resolver 8.8.8.8;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# add_header Strict-Transport-Security max-age=31536000 always;
add_header X-Frame-Options DENY;
# add_header Public-Key-Pins 'pin-sha256="base64+info1="; max-age=31536000'
always;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
##
rewrite ^/(.*)/$ /$1 permanent;
rewrite ^/api/(.*)$ /api/index.php?_url=/$1 last;
rewrite ^/api$ /api/index.php?_url=/ last;
##
location / {
root /var/www/mysite/mysite_rest;
charset utf-8;
index index.php index.html;
}
location /api {
internal;
root /var/www/mysite/mysite_rest/api;
index index.php;
include /etc/nginx/fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# fastcgi_pass unix:/var/run/php7.1-fpm.sock;
fastcgi_pass 127.0.0.1:9000;
# fastcgi_param SCRIPT_FILENAME $document_root/index.php;
fastcgi_param SCRIPT_FILENAME /var/www/mysite/mysite_rest/api/index.php;
fastcgi_param SCRIPT_NAME index.php;
fastcgi_param HTTPS on;
# fastcgi_param HTTP_HTTPS on;
fastcgi_param REQUEST_SCHEME https;
fastcgi_param SERVER_PORT 443;
}
}
And now I need to install wordpress alongside my site, I downloaded it and placed in
var/www/mysite/wp
folder, then added to Nginx conf the next line:
location /wp {
internal;
root /var/www/mysite/wp;
index index.php;
include /etc/nginx/fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# fastcgi_pass unix:/var/run/php7.1-fpm.sock;
fastcgi_pass 127.0.0.1:9000;
# fastcgi_param SCRIPT_FILENAME $document_root/index.php;
fastcgi_param SCRIPT_FILENAME /var/www/mysite/wp/index.php;
fastcgi_param SCRIPT_NAME index.php;
# fastcgi_param HTTPS on;
fastcgi_param HTTP_HTTPS on;
fastcgi_param REQUEST_SCHEME https;
fastcgi_param SERVER_PORT 443;
}
The result of requesting url: example.com/wp is 404. What I'm doing wrong?
UPD1 When deleting "internal" the request rewrites on https://example.comindex.php/wp-admin/install.php
UPD2 Add the next lines for wordpressp location instead of previous:
location ^~ /wp {
root /var/www/mysite/mysite_rest;
index index.php index.html index.htm;
try_files $uri $uri/ /wp/index.php;
location ~ \.php {
fastcgi_split_path_info ^(.*\.php)(.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_pass 127.0.0.1:9000;
}
This allowed me to run install, but than when I'm requesting example.com/wp it causes ERR_TOO_MANY_REDIRECTS . I can access /wp-login.php by manually request.
You have used the internal directive which prevents external access to the location. The root directive is wrong and you have no way to load WordPress static files.
You could try something like this:
location ^~ /wp {
root /var/www/mysite;
index index.php;
try_files $uri $uri/ /wp/index.php;
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $request_filename;
}
}
Don't forget to configure WordPress with the correct URL. See this document for details.
I'm building a web app with Docker, Nginx and Lumen. I have completed file upload functionality and everything works fine. However, when I try to access uploaded file from URL Lumen throws me NotFoundHttpException.
I have already created symlink between storage and public folders using the following command:
ln -s /var/www/storage/app/public /var/www/public/storage
This is my Nginx configuration:
http {
index index.html index.php;
sendfile on;
tcp_nopush on;
gzip on;
gzip_proxied any;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
gzip_vary on;
gzip_disable "msie6";
server {
disable_symlinks off;
listen 80;
listen [::]:80;
server_name api.uhire.test www.api.uhire.test;
root /var/www/public;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass php:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
}
My file's path is storage/app/public/customers/1/test.jpeg. However, this is not accessible if I type http://api.uhire.test/storage/customers/1/test.jpeg in browser's URL bar.
I'm using DigitalOcean Debian 9 + PHP 7.0 + NGINX 1.10.3-1 and trying to install Joomla! CMS, but at the very first installation screen (example.com/installation/index.php) I've noticed a broken image (which is the Joomla logo), and it looks like this:
img src attribute for that image contains "/template/images/joomla.png", but the image is actually located at "/installation/template/images/joomla.png" which means I'm missing the "/installation/" part.
Here is my nginx conf part for the PHP:
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
}
The "cgi.fix_pathinfo" line at "/etc/php/7.0/fpm/php.ini" is uncommented and the value changed to 0.
And the "/snippets/fastcgi-php.conf" file contains the following:
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;
# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_index index.php;
include fastcgi.conf;
I've noticed that the image is loading once I comment the PATH_INFO part:
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
But all my further attempts to figure out the root of the problem are unsuccessful, please help me to fix this.
One of our clients had the same problem, and we explained how to fix it in this post. Essentially, your try_files line is incorrect.
By the way, the cgi.fix_pathinfo must be set to 1, and not to zero (it defaults to 0, so uncommenting it does not solve the problem.)
When you define locations, nginx processes them in order of appearance.
The first rules that matches a file get's executed and the others ignored.
This is how you put some security first, static assets next, and php in the end:
server {
listen 80;
server_name example.com;
root /full/path/to/your/joomla/root/directory;
# allow letsencrypt
location ~ /.well-known/acme-challenge {
allow all;
access_log off;
log_not_found off;
}
# handle some security and logs
location = /favicon.ico {
access_log off;
log_not_found off;
}
location = /robots.txt {
allow all;
access_log off;
log_not_found off;
}
# Deny access to htaccess and other hidden files
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# handle static xml files
location ~* \.(xml)$ {
access_log off;
log_not_found off;
add_header Pragma no-cache;
add_header Cache-Control "no-cache, no-store, must-revalidate, post-check=0, pre-check=0";
gzip off;
}
# include in each host for static content to run with cache and without logs, with CORS enabled (for fonts)
location ~* \.(jpg|jpeg|gif|png|bmp|css|js|ico|txt|pdf|swf|flv|mp4|mp3|eot|ttf|svg|woff|woff2)$ {
add_header Access-Control-Allow-Origin *;
add_header Cache-Control "public";
access_log off;
log_not_found off;
tcp_nopush on;
sendfile on;
expires 15d;
# Enable gzip
gzip on;
gzip_comp_level 6;
gzip_vary on;
gzip_types text/richtext text/plain text/css text/x-script text/x-component text/x-java-source application/javascript application/x-javascript text/javascript text/js image/x-icon application/x-perl application/x-httpd-cgi text/xml application/xml application/xml+rss application/json multipart/bag multipart/mixed application/xhtml+xml font/ttf font/otf image/svg+xml application/vnd.ms-fontobject application/ttf application/x-ttf application/otf application/x-otf application/truetype application/opentype application/x-opentype application/eot application/font application/font-sfnt;
}
# html
location ~* \.(html|htm|shtml)$ {
max_ranges 0;
etag off;
if_modified_since off;
add_header Last-Modified "";
gzip on;
gzip_buffers 64 128k;
gzip_comp_level 9;
gzip_http_version 1.1;
gzip_min_length 0;
gzip_types text/plain;
gzip_vary off;
}
# allow wordpress, joomla, etc to work properly
location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
}
# handle php
location ~ .php$ {
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
try_files $uri $uri/ /index.php?q=$uri&$args;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param HTTP_PROXY "";
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param HTTP_CF_IPCOUNTRY $http_cf_ipcountry;
fastcgi_param SCRIPT_FILENAME $request_filename;
}
}
I am using this setting for nginx (default file):
server {
listen 30425;
# Don't want to log accesses.
#access_log /dev/null main;
access_log /var/log/nginx/php.acces_log main;
error_log /var/log/nginx/php.error_log info;
root /usr/share/phpmyadmin;
index index.php index.html index.htm;
error_page 401 403 404 /404.php;
location ~ .*.php$ {
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $http_host;
fastcgi_ignore_client_abort on;
}
}
When I try to access 30425, I am getting 502 Bad Gateway. All other setting are default one (PHP 7).
I had to replace this fastcgi_pass 127.0.0.1:9000;
to fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
and then it worked perfectly.
Full code.
server{
listen 80;
index index.html index.htm index.php;
server_name 127.0.0.1;
root /usr/share/phpmyadmin;
location / {
#try_files $uri $uri/ = 404;
autoindex on;
}
location ~\.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+);
try_files $uri $uri/ =404;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_na$
fastcgi_param SERVER_NAME $http_host;
fastcgi_ignore_client_abort on;
}
}