I have a pretty standard setup with a symfony2-like app with a front controller, running on nginx 1.10 and Centos7. It all works as expected, blocks where expected etc.
server {
listen 80;
root /opt/my/code/web;
index app.php;
charset utf-8;
location / {
try_files $uri $uri/ /app.php$is_args$args;
}
# pass the PHP scripts to php5-fpm
location ~ ^/app\.php(/|$) {
# problem here
location ~ ^/recording {
add_header Content-Type audio/x-wav;
}
fastcgi_split_path_info ^(.+?\.php)(/?.*)$;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_index app.php;
include /etc/nginx/fastcgi_params;
fastcgi_param DOCUMENT_ROOT $realpath_root;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# Prevents URIs that include the front controller. This will 404:
internal;
}
# return 404 for all other php files not matching the front controller
location ~ \.php$ {
return 404;
}
}
I have a few issues but the main one is that I want special handling for a URI matching /recording but it still has to go through the front controller. (This is not debatable, it HAS to go through the front controller and modify a response header if the URI matches /recording)
Since try_files redirects to location ~ ^/app\.php(/|$) nginx's $uri parameter used for location matching gets updated to /app.php, so any nested locations won't work.
I cant use add_header outside of the front controller block because any add_header directives get dropped on an internal redirect.
Obviously I can't use location if with add_header either.
This is easy in apache, but the only remote solution I have found uses a third party lua module and the installation docs are a bit thin on that and the thought of compiling that in from source on centos is giving me heart palpitations.
If internal redirect bother us, lets remove internal redirect :) You can solve it easy with fastcgi config duplication
server {
listen 80;
root /opt/my/code/web;
index app.php;
charset utf-8;
location / {
try_files $uri $uri/ /app.php$is_args$args;
}
location ~ ^/recording {
add_header Content-Type audio/x-wav;
fastcgi_pass unix:/var/run/php-fpm.sock;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_NAME /app.php;
fastcgi_param SCRIPT_FILENAME $document_root/app.php;
}
# pass the PHP scripts to php5-fpm
location ~ ^/app\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/?.*)$;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_index app.php;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# Prevents URIs that include the front controller. This will 404:
internal;
}
# return 404 for all other php files not matching the front controller
location ~ \.php$ {
return 404;
}
}
Second solution works only if you know content type of all other requests. We can use variables. (btw, I don't suggest this solution because harder to support and not cute :))
server {
listen 80;
root /opt/my/code/web;
index app.php;
charset utf-8;
location / {
try_files $uri $uri/ /app.php$is_args$args;
set $ct "text/html";
}
location ~ ^/recording {
try_files $uri $uri/ /app.php$is_args$args;
set $ct "audio/x-wav";
}
# pass the PHP scripts to php5-fpm
location ~ ^/app\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/?.*)$;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_index app.php;
include /etc/nginx/fastcgi_params;
fastcgi_param DOCUMENT_ROOT $realpath_root;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
add_header "Content-Type $ct;
# Prevents URIs that include the front controller. This will 404:
internal;
}
# return 404 for all other php files not matching the front controller
location ~ \.php$ {
return 404;
}
}
Related
Sorry if this is a dumb question, i am quite new to using nginx after switching from apache. I have a symfony app running on nginx and it's working using containers and cgi pass. I am able to access symfony routes on it without an issue, but i also have a single php file in the public folder that needs to be accessed, but it's giving me 404.
I think it's related to the nginx rules but i'm not sure how to get around it
events {
worker_connections 1024;
}
http {
server {
listen 80;
root /usr/share/nginx/html/public;
server_name api.gofollow.vip;
location / {
try_files $uri /index.php$is_args$args;
#try_files $uri $uri/ =404;
}
location ~ \.php$ {
fastcgi_pass php:9000;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
internal;
}
# deny access to apache .htaccess
location ~ /\.ht {
deny all;
}
error_log /usr/share/nginx/logs/error.log;
access_log /usr/share/nginx/logs/access.log;
}
}
So i need the symfony routes like example.com/page/hello to work, which they do, but i also need to be able to access example.com/tester.php
It can block any other php file, but "tester.php" needs to be accessible.
My structure project
- index.php
- abc.php
- folder/
---- def.php
My nginx.conf
server {
listen 80 default_server;
root /var/www/public;
index index.html index.htm index.php;
server_name _;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location /index.php {
include snippets/fastcgi-php.conf;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
}
How can I change nginx.conf to use domain/abc for href instead of domain/abc.php
Thanks!
This is commonly called "extensionless PHP", there are many solutions, of which this is just one:
location / {
try_files $uri $uri/ #php;
}
location #php {
try_files $uri.php $uri/index.php /index.php =404;
include snippets/fastcgi-php.conf;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
If you want URIs ending in .php to work too, add:
location ~* ^(.*)\.php$ { return 301 $1$is_args$args; }
The high-performance solution is simply specifying the desired location, and map it to the corresponding PHP script.
location = /abc {
include snippets/fastcgi-php.conf;
fastcgi_param SCRIPT_FILENAME $document_root/abc.php;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
This will ensure that /abc is processed by script /abc.php.
If you want to also "hide" access to /abc.php, you can add:
location = /abc.php {
return 404;
}
Why this is fast, is because the exact matching (with equals sign) involves no prefix matching and no regular expression processing.
Moreover we don't need to use try_files (it has performance issues). Specifically, if using the config from the answer by #RichardSmith, it may yield up to 5 unnecessary file existence checks for an arbitrary request, and 3 file existence checks for every request to /abc.
I'm trying to serve my frontend app under /, but have requests for /oauth2 pass off to a php backend. Here is my latest nginx config attempt:
upstream dockerphp {
server backendphp:9000;
}
server {
listen 80;
server_name localhost;
index index.html;
root /application/frontend/build;
location /oauth2 {
root /application/public;
index index.php;
try_files $uri $uri/ /index.php$is_args$args;
#try_files /index.php$is_args$args =404;
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass dockerphp;
fastcgi_index index.php;
}
}
location / {
try_files $uri $uri/ /index.html;
}
}
I've tried just about every combination of config I can think of and just can't get it to work. Most of the time I end up with 404s.
Both my nginx and php docker containers have the same /application directory mounted.
With the above config, any requests to /oauth2/blah are being picked up by the location block at the bottom and therefore back to my frontend. This is probably my biggest problem - the /oauth2 location block to my mind is more "specific" so why isn't it "winning"?
I tried the commented out try_files line instead (to see whether index.php being the "fallback" value had an effect on specificity), and nginx just started downloading the index.php file rather than passing on the request. Help?
This is the approach that I use:
attempt to serve js / static pages first
if 1.) fails, pass to PHP backend
define a location for handling .php
upstream dockerphp {
server backendphp:9000;
}
server {
listen 80;
server_name localhost;
index index.html;
root /application/frontend/build;
location / {
try_files $uri $uri/ #php;
}
location #php {
root /application/public;
index index.php;
try_files $uri $document_root/index.php?$query_string;
# $document_root/index.php is the important part due to how root and alias directives work
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass dockerphp;
fastcgi_index index.php;
}
}
The location /oauth2 only wins when the URL you try is exactly website.com/oauth2. Add ^~ and the route will win all of the URLs starting with /oauth2, like this:
location ^~ /oauth2 {
For reference I eventually found a simple working solution (below).
upstream dockerphp {
server backendphp:9000;
}
server {
listen 80;
server_name localhost;
index index.html;
root /application/frontend/build;
location / {
try_files $uri $uri/ /index.html;
}
location /oauth2 {
try_files $uri $uri/ #php;
}
location #php {
include /etc/nginx/fastcgi_params;
fastcgi_pass dockerphp;
fastcgi_param SCRIPT_FILENAME /application/public/index.php;
}
}
I have been trying to configure multiple webapp on my nginx webserver but I can't get working one Laravel app that requires $document_root set to laravel public folder.
I am currently trying to configure it using alias directive but for an obscure reason this doesn't work. Here is what I am trying to do.
# Default server configuration
#
server {
listen 80;
# SSL configuration
#
listen 443 ssl;
error_log /var/log/nginx/error.log warn;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
set $root_path '/var/www/html';
root $root_path;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html index.php;
server_name localhost;
location /paperwork {
alias /var/www/html/paperwork/frontend/public;
try_files $uri $uri/;
#location ~ \.php {
# fastcgi_split_path_info ^(.+\.php)(.*)$;
# fastcgi_pass unix:/var/run/php5-fpm.sock;
# include /etc/nginx/fastcgi_params;
# #fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
# #fastcgi_intercept_errors on;
#}
}
#location #paperwork {
# rewrite /paperwork/(.*)$ /paperwork/index.php/$1 last;
#}
location / {
}
location /wallabag {
try_files $uri $uri/ /index.php;
}
location /laverna {
try_files $uri/ /index.php;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
# With php5-cgi alone:
#fastcgi_pass 127.0.0.1:9000;
# With php5-fpm:
fastcgi_split_path_info ^(.+\.php)(/.+)$;
#try_files $uri $uri/ =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
location ~ /\.ht {
deny all;
}
}
To test my "alias" config I put a 'test.php' files in /var/www/html/paperwork/frontend/public/test.php and tried to access it via https://IP/paperwork/test.php. I get a 404 error and nothing in nginx error log.
If I try https://IP/paperwork/frontend/public/test.php in browser it displays the test.php file without errors.
Nothing change if I uncomment try_files line in php location.
If I copy test.php to /var/www/html/paperwork/test2.php and access to https://IP/paperwork/test2.php the file is displayed without errors so I can see here that alias is not working as there is not a test2.php in paperwork public directory.
I can have a different behaviour if I uncomment php location inside paperwork location. With this, requests like https://IP/paperwork/test.php do not display a 404 but a blank screen.
I have been through a lot of forums / questions related to this but I couldn't get a working config for a simple task like displaying test.php...
Thanks !
I found the solution. It seems that a wrong request was sent for php files. When alias is used it is recommend to use $request_filename instead of $fastcgi_script_name.
Here is my location block :
location /paperwork {
alias /var/www/html/paperwork/frontend/public;
#try_files $uri $uri/;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
#fastcgi_intercept_errors on;
}
}
This solved my problem for my 'test.php' file which is now executed while reaching https://IP/paperwork/test.php. So alias is working and php is well executed.
I still have a problem when trying to reach 'index.php' (which is my laravel app index). File is found but instead of executing it is downloaded. So when I reach https://IP/paperwork/index.php I get a login file downloaded which is index.php file. I get same behaviour if I try /paperwork/index.php/login or /paperwork/login.
try this:
location /api/ {
index index.php index.html index.htm;
alias /app/www/;
location ~* "\.php$" {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $request_filename;
}
}
https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
I am trying to setup Zurmo CRM on my local machine (Win8x64). After installing all the requirements I want to get started with the actual installation. The problem is that it seems the paths are not correctly passed from NGinx to FastCGI PHP. Here is my Nginx serve configuration:
server {
listen 80;
server_name zurmo.local;
root html/zurmo.local;
set $index "index.php";
charset utf-8;
location / {
index index.html $index;
try_files $uri $uri/ /$index?$args;
}
location ~ ^/(protected|framework|themes/\w+/views) {
deny all;
}
location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
try_files $uri =404;
}
location ~ \.php {
fastcgi_split_path_info ^(.+\.php)(.*)$;
set $fsn /$index;
if (-f $document_root$fastcgi_script_name){
set $fsn $fastcgi_script_name;
}
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fsn;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fsn;
}
location ~ /\.ht {
deny all;
}
}
As a result, when I make a call to zurmo.local (which is added to hosts file) i get "This webpage has a redirect loop" with a URI that looks like this http://zurmo.local/app/app/ [...] /app/app/index.php If instead of $document_root$fsn and I comment the PATH_INFO and PATH_TRANSLATED than I get No input file specified. with a URI that looks like http://zurmo.local/app/app/index.php
Looking further into it, when I have added access_log html/zurmo.local/logs/access.log; the Nginx error.log shows me the following: [timestamp] [emerg] 4064#3660: CreateFile() "[path to stack]\nginx/html/zurmo.local/logs/access.log" failed (3: The system cannot find the path specified). As you can see the directory separator is not consistent.
One last note, my Nginx home directory is situated at nginx/html which is in fact a smlink to of ../home This is purely for keeping my file structure in a way that fits my day to day work.
How can I correctly configure Nginx in order to proceed (with the Zurmo installation) ?
I know this is an old question, but here is what I have done to make nginx + zurmo work.
server {
listen 80;
server_name zurmo.local;
root /home/www/zurmo.local;
access_log /var/log/nginx/zurmo.access.log main;
index index.php;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ ^/(protected|framework|themes/\w+/views) { deny all; }
location ~ /\. { deny all; access_log off; log_not_found off; }
location = /favicon.ico { log_not_found off; access_log off; }
location ~ \.(js|css|png|jpg|gif|ico|pdf|zip|rar)$ {
try_files $uri =404;
}
location ~ \.php {
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_read_timeout 600s;
fastcgi_send_timeout 600s;
}
}
I don't think you need the if() statement in your *.php block. In my nginx setups that's all i ever needed:
# Process PHP files
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# Include the standard fastcgi_params file included with nginx
include fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass 127.0.0.1:9000;
}