I'm trying to make a download script, that catches all requests to /files/ and forces a download. The script fully works, and downloads any file I throw at it. The problem is that when I try to pass a file with a .php extension through try_files, the following nginx config messes up:
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl;
listen [::]:443 ssl;
server_name _;
root /var/www/localhost/public_html/;
index index.php index.html index.htm index.txt;
location /files/ {
try_files $uri $uri/ /.thedownloadscript.php?file=$uri;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME /public_html$fastcgi_script_name;
include fastcgi_params;
}
ssl_certificate /var/www/server.crt;
ssl_certificate_key /var/www/server.key;
}
/files/file.txt downloads the file.
/files/script.php throws a 404.
Both paths should be passed to the download script, but aren't.
I have tried removing the try_files from the "location ~ .php$" block, but that makes it output "No input file specified".
I hope somebody can help me out here.
Thanks in advance.
Any regex location block takes precedence over a prefix location block at the same level, unless the latter uses the ^~ modifier.
See this document for details.
Try:
location ^~ /files/ {
try_files $uri $uri/ /.thedownloadscript.php?file=$uri;
}
Note that the location ^~ /files/ block is a prefix location (and not a regex location).
According to nginx best practices you should isolate regexp locations:
location / {
location ~ \.php$ {
...
}
}
location /files/ {
try_files $uri $uri/ /.thedownloadscript.php?file=$uri;
}
Related
I thought I had understood the basics of nginx rewrite rules. How wrong I was.
Can you please let me know what is I am doing so wrong here:
server {
listen 80;
server_name myserver;
index index.php index.html index.htm;
root /apps/user/websites/;
location / {
autoindex on;
}
location ~ myapp {
try_files $uri $uri /office/myapp/api/public/index.php;
}
location ~\.php$ {
try_files $uri $uri /office/fake/index.html;
# include fastcgi.conf;
# fastcgi_pass php-fpm-upstream;
}
}
If I visit http://myserver/office The index.php is accessed, but instead of being caught by the last location (~.php$) as I thought it would, it is processed as a text file and send to the browser.
I was expecting to receive the office/fake/index.html file instead.
Thank you very much,
Andres
Regex matching locations are checked in the same order they are appeared in the config file. Having the
location ~ myapp {
try_files $uri $uri /office/myapp/api/public/index.php;
}
before the
location ~\.php$ {
try_files $uri $uri /office/fake/index.html;
# include fastcgi.conf;
# fastcgi_pass php-fpm-upstream;
}
would give you an endless loop on every URI containing myapp substring (except those that are matching existed files and not ended with .php) because the /office/myapp/api/public/index.php URI matches the myapp regex. You should swap those locations in order to get this configuration workable.
As I am new to cloud hosting and server hosting (decided to take the jump from shared hosting) I can't pinpoint why this is happening.
Long story short I'm trying to get Google Fonts to load and neither Chrome nor Firefox are allowing it so I've begun to look up and understand the headers. I'm using php7.2 and Nginx 1.1.14 and both the default and my custom.conf file (domain file) have no CSPs loaded?
Any ideas how I can track this down?!
Refused to load the stylesheet 'https://fonts.googleapis.com/css?family=Averia+Serif+Libre' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline'". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
But I don't have any CSP anywhere! So frustrated.
Here's my custom.conf:
server {
listen 80;
root /var/www/html/custom;
index index.php index.html index.htm index.nginx-debian.html;
server_name _;
location / {
try_files $uri $uri/ =404;
}
location ~* \.(eot|ttf|woff)$ {
add_header Access-Control-Allow-Origin *;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
And here's my default:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name _;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
EDIT: If it helps any I chose the "LEMP" option on Digital Ocean to create a custom setup? I've opened a ticket over there as well but it's been a couple days now.
I would like to know how I can have several sites on Nginx and be able to access each of them with the same IP (without the domain, since I am doing tests in a laboratory locally).
I have the server on a separate PC and I access it remotely from my computer using the IP. Both are on the same LAN.
In the directory /var/www/ I have two sites 'nextcloud' and 'phpmyadmin'. I would like to be able to enter both by placing (for example) 192.168.1.14/nextcloud and 192.168.1.14/phpmyadmin. Or having any other project in the www directory.
I tried all the solutions I found, but none of them worked for me. When I enter phpmyadmin for example, it gives me to download the page instead of entering it.
Within /etc/nginx/sites-enabled I have the two files, one from nextcloud:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/nextcloud/;
index index.php index.html index.htm;
server_name localhost;
client_max_body_size 512M;
fastcgi_buffers 64 4K;
location / {
root /var/www/nextcloud;
rewrite ^ /index.php$request_uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
location ~ \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$request_uri;
# Optional: Don't log access to other assets
access_log off;
}
}
And that of phpmyadmin:
server {
listen 80;
listen [::]:80;
root /var/www/phpmyadmin/;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name localhost;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
}
Try creating two test folders in /var/www/ (test1 and test2), each with an index.html file inside and modifying the nginx default file, but it didn't work for me either
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name localhost;
index index.html;
location / {
return 410; # Default root of site won't exist.
}
location /test1/ {
alias /var/www/test1/;
try_files $uri $uri/ =404;
# any additional configuration for non-static content
}
location /test2/ {
alias /var/www/test2/;
try_files $uri $uri/ =404;
# any additional configuration for non-static content
}
}
As I said, I tried different solutions. Another problem I had was that it only redirected me to nextcloud, although I put phpmyadmin in the url. And the previous one that I already mentioned, that when I enter, download the index.php. Thank you.
Sorry for my English.
Simple add nextcloud.my and phpmyadmin.my to your .hosts file and listen domain name in Nginx.
The option that you proposed can also be made to work, but it is full of bugs and difficulties can occur during the transfer to work server.
I've been Googling this for a while but can't seem to find a solution.
At the moment I have a config file setup on Nginx to send all requests regardless of file extension to a single index.php file. However, it ignores requests ending with .php and will throw a 404 if it's not there or, try to execute it if it is.
How can I configure Nginx to send .php requests to the index.php file too so I can use it to handle all file requests, not just non-PHP files?
My config file currently looks like the following:
server {
listen 80;
listen 443;
ssl on;
ssl_certificate /somecrt.crt;
ssl_certificate_key /somekey.key;
root /sites/;
index index.php;
server_name somesite.net;
access_log /sites/logs/access.log;
error_log /sites/logs/error.log;
location ~ /\. { deny all; }
location / {
# First attempt to serve request as file, then
# as directory then fall back to index.php
try_files $uri $uri/ /index.php?$args;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
location ~ \.php$ {
try_files $uri /index.php?$args =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
# fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
}
}
After some more Googling "nginx: Map single static URL to a PHP file" helped me figure out the solution. So the new config is now:
server {
listen 80;
listen 443;
ssl on;
ssl_certificate /somecrt.crt;
ssl_certificate_key /somekey.key;
root /sites/;
index index.php;
server_name somesite.net;
access_log /sites/logs/access.log;
error_log /sites/logs/error.log;
location ~ /\. { deny all; }
location / {
include fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root/index.php;
}
}
With this config, all requests will be sent to the single index.php.
Of course, this will include static files such as image files which will probably impact Nginx server performance. In that case, you might want to add another location block before it if you want to exclude certain kind of requests.
For example, to exclude jpgs and gifs:
location ~ \.(jpg|gif) {
try_files $uri =404;
}
I am trying to setup a Nginx server configuration to serve a CakePHP installation from and to a subfolder.
URL: https://sub.domain.com/cakefolder
Folder on system: /var/www/domain/sub/cakefolder
So i am using a sub folder for both the URL as well as on the system. Now it took me a while to figure the following config out with which requests are properly handled by CakePHP. This means it's correctly bootstraping and handling controllers.
What doesn't work however, is serving static files from the webroot directory (e.g. *.css files) as those are all interpreted as CakePHP controllers leading to a CssController could not be found. error.
My site.conf:
server {
listen *:80;
listen *:443 ssl;
server_name sub.domain.com;
ssl_certificate ./ssl/domain.crt;
ssl_certificate_key ./ssl/domain.key;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
if ($ssl_protocol = "") {
rewrite ^ https://$server_name$request_uri? permanent;
}
root /var/www/domain/sub/cakefolder/;
autoindex off;
index index.php;
location /cakefolder {
root /var/www/domain/sub/cakefolder/app/webroot/;
try_files $uri $uri/ /cakefolder/index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
How do I stop Nginx from routing existing static files through the FastCGI PHP interpreter?
Based on https://stackoverflow.com/a/22550332/671047 I already tried replacing my location /cakefolder { ... } with
location ~ /cakefolder/(.*) {
try_files /cakefolder/$1 /cakefolder/$1/ /cakefolder/index.php?$args;
}
but this leads to a redirection loop causing a HTTP 500 error.
Solution (thanks Pete!):
I found the following additional directive to be working for this specific setup. This might not be the most elegant solution but who cares, glad it's working for now.
location ~* /cakefolder/(.*)\.(css|js|ico|gif|png|jpg|jpeg)$ {
root /var/www/domain/sub/cakefolder/app/webroot/;
try_files /$1.$2 =404;
}
you could catch it early:
location ~* \.(css|js|ico)$ {
try_files $uri =404;
}
i have a similar setup and that worked for me when i experienced the same thing (just not cake.) I won't lie, i never understood why the try_files w/redirect always failed on existing static files, where as throwing a try_files like ^above finds the file np. ideas on that? (perhaps today is a source-reading day)