How do I configure nginx to allow a slash between my /test_file.php/?param1=test ? Currently is only allowing /test_file.php?param1=test ...
Here is my current configuration:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
# rewrite ^/(.php*)/$ /$1 permanent;
root /var/www/example.com;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/example.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
Url working (undesirable):https://example.com/workouts.php?workout=206
Url I want: https://example.com/workouts.php/?workout=206
The block:
location ~ \.php$ { ... }
is responsible for processing any URI which ends with .php.
A simple solution would be to change the regular expression to accept URIs which include pathinfo. However, you should also make other changes within the block to mitigate known exploits. See this document for details.
For example:
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
# Mitigate https://httpoxy.org/ vulnerabilities
fastcgi_param HTTP_PROXY "";
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
Related
I've been trying to get this to work for a while now, but I'm failing manifold.
I have the following configuration:
server {
listen 8081;
server_name name.of.server.en;
root /path/to/api;
index index.php;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
}
location / {
try_files $uri $uri/ #rewrite;
}
location #rewrite {
rewrite ^/([A-Za-z0-9]+)/$ /index.php?data=$1? last;
rewrite ^/([A-Za-z0-9-]+)/([A-Za-z0-9-]+)/$ /index.php?data=$1&id=$2? last;
return 404;
}
}
nginx -t says that everything is ok. But as soon as I call the URL I always get a 404 Not Found.
I have no idea what I am doing wrong. Probably something completely banal, but I can't figure it out.
I am almost at the despair.
Here is what I am running for PHP7.4 for local testing. Might be helpful to you.
server {
listen 80;
root /var/www/html/public;
index index.html index.php;
server_name fancyproject;
charset utf-8;
location / {
root /var/www/html/vue/dist;
index index.html;
try_files $uri $uri/ /index.html;
}
location /api/ {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
add_header "Access-Control-Allow-Origin" *;
add_header "Access-Control-Allow-Methods" "GET,POST,OPTIONS,HEAD,PUT,DELETE,PATCH";
add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept, X-Nonce, DNT, X-CustomHeader";
access_log off;
error_log /var/log/nginx/error.log error;
sendfile off;
client_max_body_size 100m;
location ~ .php$ {
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_pass php:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors off;
fastcgi_buffer_size 16k;
fastcgi_buffers 4 16k;
}
location ~ /.ht {
deny all;
}
}
The order is important at this point.
This is how it should work:
server {
listen 8080;
server_name the.server.name.org;
root /path/to/api;
index index.php;
location / {
rewrite ^/(.*)$ /index.php?data=$1 last;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
}
}
I'am going crazy to understand this nginx vhost config. My issue is with the /v2 location, it does not send php stuff to php-fpm while it works properly outside /v2. Can anyone point me the mistake ?
server {
listen 443 ssl;
include ssl.conf;
include hardening.conf;
server_name myapp.domain.com myapp;
ssl_certificate /etc/pki/tls/certs/myapp.domain.com.crt;
ssl_certificate_key /etc/pki/tls/private/myapp.domain.com.key;
access_log /var/log/nginx/myapp.domain.com-access.log main;
error_log /var/log/nginx/myapp.domain.com-error.log notice;
root /var/www/html/myapp.domain.com;
location ~ /\.ht {
deny all;
}
location ~ /v2 {
alias /var/www/html/myapp.domain.com/version-2/web;
try_files $uri index.php$is_args$args;
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
# Mitigate https://httpoxy.org/ vulnerabilities
fastcgi_param HTTP_PROXY "";
fastcgi_pass localhost:9000;
fastcgi_index index.php;
include fastcgi_params.conf;
}
}
According to comments, I'm trying the nested location solution but I receive now 404 when I try https://myapp.domain.com/v2/index.php while /var/www/html/myapp.domain.com/version-2/web/index.php is present on the filesystem. Also as explained on the link given, I modified my location from ^ to ^~. Any idea what's wrong?
server {
listen 443 ssl;
include ssl.conf;
include hardening.conf;
server_name myapp.domain.com myapp;
ssl_certificate /etc/pki/tls/certs/myapp.domain.com.crt;
ssl_certificate_key /etc/pki/tls/private/myapp.domain.com.key;
access_log /var/log/nginx/myapp.domain.com-access.log main;
error_log /var/log/nginx/myapp.domain.com-error.log notice;
root /var/www/html/myapp.domain.com;
location ~ /\.ht {
deny all;
}
location ^~ /v2 {
alias /var/www/html/myapp.domain.com/version-2/web;
try_files $uri index.php$is_args$args;
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
# Mitigate https://httpoxy.org/ vulnerabilities
fastcgi_param HTTP_PROXY "";
fastcgi_pass localhost:9000;
fastcgi_index index.php;
include fastcgi_params.conf;
}
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
# Mitigate https://httpoxy.org/ vulnerabilities
fastcgi_param HTTP_PROXY "";
fastcgi_pass localhost:9000;
fastcgi_index index.php;
include fastcgi_params.conf;
}
}
you have to point to the php5-fpm location. like this:
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
Take a look in a whole example:
server {
listen 8082;
listen [::]:8082;
server_name 192.168.2.60;
root /usr/share/nginx/html/phpmyadmin/;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php?uri=$uri;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
For posterity, I got working config:
server {
listen 443 ssl;
include ssl.conf;
include hardening.conf;
server_name myapp.domain.com myapp;
ssl_certificate /etc/pki/tls/certs/myapp.domain.com.crt;
ssl_certificate_key /etc/pki/tls/private/myapp.domain.com.key;
access_log /var/log/nginx/myapp.domain.com-access.log main;
error_log /var/log/nginx/myapp.domain.com-error.log notice;
root /var/www/html/myapp.domain.com;
location ^~ /v2/admin/web/index[_dev]*.php/command {
if (!-f $request_filename) {
rewrite ^ /v2/admin/web/index.php$is_args$args last;
}
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
include fastcgi_params.conf;
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000;
}
}
I have php website (symfony framework running in dev env) under example.com and wordpress blog under example.com/blog/ .
Now I'm trying make make wordpress working under this set up.
As of right now I have only static files served by nginx.
I can't make php files executed.
Symfony app root dir: /data/example.com
Wordpress root dir: /data/example.com-blog/web
My nginx config
server {
listen 80;
server_name example.com;
charset utf-8;
access_log /var/log/nginx/example.com_access.log main;
error_log /var/log/nginx/example.com_error.log;
root /data/example.com/web/;
index app_dev.php;
error_page 400 401 404 500 = /index.php;
location ~ /\. {
deny all;
}
location ^~ /blog {
log_not_found on;
access_log on;
root /data/example.com-blog/web;
rewrite ^/blog/([^.]+\.[^.]+)$ /$1 break;
try_files $uri $uri/ /blog/index.php$is_args$args;
location ~ \.php {
return 401; # for
}
}
location / {
try_files $uri /app_dev.php$is_args$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_intercept_errors off;
fastcgi_pass unix:/tmp/php-fpm.socket;
fastcgi_index index.php;
fastcgi_param HTTPS off;
include fastcgi_params;
}
location ~* \.(jpg|jpeg|gif|png|ico|js|css|htm|html|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|swf|flv|htc|xsl|eot|woff|ttf|svg)$ {
expires 1w;
tcp_nodelay off;
}
}
I tried to use RichardSmith's example and now I'm getting 403 error
location ^~ /blog {
alias /data/example.com-blog/web;
if (!-e $request_filename) { rewrite ^ /blog/index.php last; }
location ~ \.php$ {
if (!-f $request_filename) { return 404; }
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_pass unix:/tmp/php-fpm.socket;
}
}
My site keep showing phpinfo(); when I land on it
My root should be : /home/forge/aveniros/public
I'm not sure where to set it.
I decide to configure my settings in : ~/etc/nginx/sites-available/default
server {
listen 80 default_server;
server_name
default;
root / home / forge / aveniros / public;
index index.html index.htm index.php;
#
FORGE SSL(DO NOT REMOVE!)# ssl_certificate;#
ssl_certificate_key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
index index.html index.htm index.php;
charset utf - 8;
location / {
try_files $uri $uri / /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /
var / log / nginx /
default -error.log error;
error_page 404 / index.php;
location~\.php$ {
fastcgi_split_path_info ^ (. + \.php)(/.+)$;
fastcgi_pass unix: /var/run / php5 - fpm.sock; fastcgi_index index.php; include fastcgi_params;
}
location~/\.ht {
deny all;
}
}
Then, I run sudo service nginx restart after I saved.
Nothing seem to take effect.
Can someone please tell me what did I do wrong here ?
You need to set your server name to _, currently you are only listening to requests to the name default.
server_name _;
Use this virtual host
server {
listen 80;
server_name project.dev;
root /var/www/directory/project/public;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location / {
index index.php;
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php/?(.*)$ {
fastcgi_connect_timeout 3s; # default of 60s is just too long
fastcgi_read_timeout 10s; # default of 60s is just too long
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location /phpmyadmin {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
include fastcgi_params;
}
}
}
My Site is working now. Here are my settings :
File Path : ~/etc/nginx/sites-available/default
server {
listen 80 default_server;
server_name default;
root /home/forge/aveniros/public;
#HTTP Authentication Configuartion
auth_basic "Restricted";
auth_basic_user_file /home/forge/aveniros/.htpasswd;
# FORGE SSL (DO NOT REMOVE!)
# ssl_certificate;
# ssl_certificate_key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/default-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
I've installed nginx and I try to run wordpress on it.
Everything works fine, except for permalinks.
Here is the vhost-file I'm using:
server {
listen 123456:80;
server_name my-domain.com;
if ($host ~* www\.(.*)) {
set $wwwless $1;
rewrite ^(.*)$ $scheme://$wwwless$1 permanent;
}
root /var/www/my-folder;
index index.php;
location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}
(I've replaced critical data in the above code with my-domain.com, my-folder and the ip 123456.)
index.php, the admin-panel and using the standard links (.../?p=123) work finde. If I enable some of the permalinks, index.php and the admin-panel still work. But if I try to open another site of the wordpress blog, my browser downloads the index.php :(
Try something like this for the .php location config:
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
Here's my wordpress config modified to suit you.
server { # the redirecting from www to non-www
server_name www.example.com;
return 301 $scheme://example.com$request_uri$is_args$query_string;
}
server {
listen 80;
server_name example.com;
root /path/to/root;
# make sure the directory /var/log/nginx exists
access_log /var/log/nginx/wordpress_access.log;
error_log /var/log/nginx/wordpress_error.log;
index index.php;
location / {
try_files $uri /index.php$request_uri$is_args$query_string;
}
location ~ \.php {
include fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
location ~ /\.ht { # avoid downloading htaccess, htpasswd, etc files
deny all;
}
}
you can try this vhost file
server {
listen 80;
server_name www.example.com example.com;
root /var/www/www.example.com/web;
if ($http_host != "www.example.com") {
rewrite ^ http://www.example.com$request_uri permanent;
}
index index.php index.html;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ {
expires max;
log_not_found off;
}
location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}