I'm developing a project using Symfony2, Nginx.
Project is located in my subdomain like developing_site.mysite.com.
I'd like to restrict access to this subdomain without authentication. Not only to dev and config files, but also to production.
So i added auth_basic component to nginx config file in location/ sector in nginx config that is recommended by symfony official web site.
As a result, before page loading server asks authentication and loads everything except for any files stores in /web directory like images, js, css and so on. As a result, there is all content processed by .php but without any style and dynamic functionality.
So how can i resolve this issue? What i'm doing wrong?
Nginx config looks like this:
server {
listen {MyServerIp};
server_name developing_site.mysite.com;
root /var/www/developing_site/web;
index index.php index.html index.htm;
location / {
try_files $uri /app.php$is_args$args;
auth_basic "Restricted Content";
auth_basic_user_file var/www/developing_site/.lock/.htpasswd;
}
# DEV
# This rule should only be placed on your development environment
# In production, don't include this and don't deploy app_dev.php or config.php
location ~ ^/(app_dev|config)\.php(/|$) {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
# When you are using symlinks to link the document root to the
# current version of your application, you should pass the real
# application path instead of the path to the symlink to PHP
# FPM.
# Otherwise, PHP's OPcache may not properly detect changes to
# your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
# for more information).
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
}
# PROD
location ~ ^/app\.php(/|$) {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
# When you are using symlinks to link the document root to the
# current version of your application, you should pass the real
# application path instead of the path to the symlink to PHP
# FPM.
# Otherwise, PHP's OPcache may not properly detect changes to
# your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
# for more information).
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
# Prevents URIs that include the front controller. This will 404:
# http://domain.tld/app.php/some-path
# Remove the internal directive to allow URIs like this
internal;
}
error_log /var/log/nginx/project_error.log;
access_log /var/log/nginx/project_access.log;
}
I resolved the issue by myself..
Two mistakes:
syntactic mistake
incorrect place ofauth_basic block
The syntactic mistake is in var/www/developing_site/.lock/.htpasswd;. I used relative link instead of absolute. Correct form is /var/www/developing_site/.lock/.htpasswd; (sorry for that...)
When I've placed auth_basic block in location/ I've set authentication only to / location that in fact processes all /web requests... (/web requests wasn't processed because of 1-st mistake...)
Main symfony requests are processed by location ~ ^/(app_dev|config)\.php(/|$) block in nginx config file.
Solution: To restrict any requests to any files of developing_site.mysite.com without authentication, auth_basic block should be place before any location blocks.
So the correct nginx config should looks like this:
server {
listen MyServerIp;
server_name developing_site.mysite.com;
auth_basic "Unauthorized";
auth_basic_user_file /var/www/.lock/.htpasswd;
root /var/www/developing_site/web;
index index.php index.html index.htm;
location / {
try_files $uri /app.php$is_args$args;
}
# DEV
# This rule should only be placed on your development environment
# In production, don't include this and don't deploy app_dev.php or config.php
location ~ ^/(app_dev|config)\.php(/|$) {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
# When you are using symlinks to link the document root to the
# current version of your application, you should pass the real
# application path instead of the path to the symlink to PHP
# FPM.
# Otherwise, PHP's OPcache may not properly detect changes to
# your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
# for more information).
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
}
# PROD
location ~ ^/app\.php(/|$) {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
# When you are using symlinks to link the document root to the
# current version of your application, you should pass the real
# application path instead of the path to the symlink to PHP
# FPM.
# Otherwise, PHP's OPcache may not properly detect changes to
# your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
# for more information).
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
# Prevents URIs that include the front controller. This will 404:
# http://domain.tld/app.php/some-path
# Remove the internal directive to allow URIs like this
internal;
}
error_log /var/log/nginx/project_error.log;
access_log /var/log/nginx/project_access.log;
}
Related
I still cannot understand what happening in my server
when i push my code throught the server in /public_html and wanna get the homepage of my application like this:
http:/www.example.com/web/
Server shows me the content of /web (the files and directory that exist inside /web)
and that's happen after i follow step's Command Line to deploy symfony 3 in that link:
https://symfony.com/doc/3.1/deployment.html
I Still cannot understand what's happening there!!
any help would be extremely appreciated!
1-)
yum install nginx
2-)service nginx start
3-) Add Nginx configuration into /etc/nginx/conf.d/project_name.conf
server{
set $web_host "domain_name";
set $web_root "web_directory";
server_name $web_host;
root $web_root;
location / {
try_files $uri /app.php$is_args$args;
}
# DEV
# This rule should only be placed on your development environment
# In production, don't include this and don't deploy app_dev.php or config.php
# location ~ ^/(app_dev|config)\.php(/|$) {
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_split_path_info ^(.+\.php)(/.*)$;
# include fastcgi_params;
# When you are using symlinks to link the document root to the
# current version of your application, you should pass the real
# application path instead of the path to the symlink to PHP
# FPM.
# Otherwise, PHP's OPcache may not properly detect changes to
# your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
# for more information).
# fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
# fastcgi_param DOCUMENT_ROOT $realpath_root;
# }
# PROD
location ~ ^/app\.php(/|$) {
fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
# When you are using symlinks to link the document root to the
# current version of your application, you should pass the real
# application path instead of the path to the symlink to PHP
# FPM.
# Otherwise, PHP's OPcache may not properly detect changes to
# your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
# for more information).
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
# Prevents URIs that include the front controller. This will 404:
# http://domain.tld/app.php/some-path
# Remove the internal directive to allow URIs like this
internal;
}
error_log /var/log/nginx/project_error.log;
access_log /var/log/nginx/project_access.log;
}
4-) `chmod -R nginx:nginx /var/www/html/project``
5-) service nginx restartand service php-fpm restart
This is the first time I use nginx with Symfony, and I used the configuration that is on the Symfony document. I have the basic configuration of the latest version of nginx.
However, on my url: 127.0.0.1:83/app_dev.php/fr/admin/organisations
I get the error in my nginx project_error.log file :
2017/06/01 09:16:14 [error] 20204#20204:
*1 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream,
client: 127.0.0.1, server: localhost,
request: "GET /app_dev.php/fr/admin/organisations/ HTTP/1.1",
upstream: "fastcgi://unix:/var/run/php/php7.0-fpm.sock:", host: "127.0.0.1:83",
referrer: "http://127.0.0.1:83/app_dev.php/fr/admin/organisations/1/edit"
My nginx server config (From Symfony documentation) :
server {
listen 83 default_server;
listen [::]:83 default_server;
server_name localhost;
root /var/www/SymfonySkeleton/web;
location / {
# try to serve file directly, fallback to app.php
try_files $uri /app.php$is_args$args;
}
# DEV
# This rule should only be placed on your development environment
# In production, don't include this and don't deploy app_dev.php or config.php
location ~ ^/(app_dev|config)\.php(/|$) {
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
# When you are using symlinks to link the document root to the
# current version of your application, you should pass the real
# application path instead of the path to the symlink to PHP
# FPM.
# Otherwise, PHP's OPcache may not properly detect changes to
# your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
# for more information).
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
}
# PROD
location ~ ^/app\.php(/|$) {
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
# When you are using symlinks to link the document root to the
# current version of your application, you should pass the real
# application path instead of the path to the symlink to PHP
# FPM.
# Otherwise, PHP's OPcache may not properly detect changes to
# your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
# for more information).
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
# Prevents URIs that include the front controller. This will 404:
# http://domain.tld/app.php/some-path
# Remove the internal directive to allow URIs like this
internal;
}
# return 404 for all other php files not matching the front controller
# this prevents access to other php files you don't want to be accessible.
location ~ \.php$ {
return 404;
}
error_log /var/log/nginx/project_error.log;
access_log /var/log/nginx/project_access.log;
}
Any ideas ? I strongly assume that my configuration is not good
Thanks !
Remove the lines:
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
Though this may impact on the use of symlinks in your project. It will remove that error message though.
Please check the root path and the files under it .
Based on this question How to install symfony2 app in a subdirectory in nginx
I've created symfony3 application that works in subdirectory called bcms4. I've manged to make php work with PHP-FPM but I have probelms with assets. When I want to GET asset it directs the request to app_dev and shows 404 because obviosly the path does not exist.
My question is how to make assets not to be proccesed by app_dev but downloaded as supposed?
So when I enter
test.localhost/s/asdfad -> it runs symfony
test.localhost/asdf -> it runs other app living in main dir
test.localhost/s/assets/css/test.css -> it will show file in directory /var/www/test.localhost/bcms4/web/assets/css/test.css
My nginx config:
server {
listen 80;
root /var/www/test.localhost;
index index.html index.htm index.php;
# Make site accessible from http://localhost/
server_name test.localhost;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
location ~ ^/s(/.*)$ {
try_files /s/web$1 /web$1 #sf2dev =404;
}
location #sf2dev {
expires off;
fastcgi_pass unix:/var/run/php5-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/test.localhost/bcms4/web/app_dev.php;
fastcgi_param SCRIPT_NAME /s/app_dev.php;
fastcgi_param REQUEST_URI /s$1;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
# With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
fastcgi_intercept_errors on;
}
}
After hours of trying I've managed to figure it out with little hack.
This is what I've added to my config file
location ~ ^/s(/.*).\w{1,5}$ {
rewrite ^/s(/.*) /bcms4/web$1 break;
return 404;
}
It'll rewrite files that has prefix /s and extension to directory where they are actually.
Maybe it will help someone. I'll leave question open for a while maybe someone has better solution cause it's seems hacky for me.
I'm building a website in Laravel 5.2 and rather than building a forum from scratch, I wish to install one such as SMF.
Laravel is currently in the root directory of my web server and I wish to keep it there as I wish to install SMF in a folder.
For example: www.example.com/smf
I'm thinking to install it in Laravel's /public folder but I'm afraid they will they conflict with each other. Is the /publicfolder the correct place to install SMF and should I use a route to point to the SMF folder?
Server: D.O droplet via Laravel Forge
You need to add custom rules for the folder(s) you want to use before Laravel related rules:
location /smf/index.php(/.*)?$ {
fastcgi_split_path_info ^(/smf/index.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_read_timeout 1000;
fastcgi_param PATH_INFO $fastcgi_path_info;
include fastcgi_params;
}
location /smf/ {
if (!-e $request_filename) {
rewrite ^.*$ /smf/index.php last;
}
try_files $uri $uri/ smf/index.php?args;
}
Please look for sample nginx config file here.
You could use Nginx to redirect www.example.com/smf to your SMF installation. To do so add this to your server block:
location /smf {
# nginx will concatenate the string above with the root value
# so your SMF files should be in "/path/to/smf/parent/dir/smf".
# Make sure that Nginx can access them.
root "/path/to/smf/parent/dir";
# change this config to suit your needs
index index.php index.html index.htm;
location ~ \.php$ {
# Here use the same config from the server block that allows you
# to execute PHP scripts
fastcgi_pass 127.0.0.1:9123;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
A couple of things I should add:
Backup the config file before editing them.
Although I've tried the code above (and it works on my machineā¢) I must say that I'm not an Nginx expert.
I am using Symfony2 (PHP) framework for my project and is having a small problem with regards to configuring my NGINX to catch request going to a 3rd party library I placed under "web" directory.
This is my configuration
server {
listen 80;
server_name test.com;
root /var/www/my-symfony-project/web;
rewrite ^/app\.php/?(.*)$ /$1 permanent;
location / {
index app.php;
try_files $uri #rewriteapp;
}
location #rewriteapp {
rewrite ^(.*)$ /app.php/$1 last;
}
location ~ ^/(app|app_dev|config)\.php(/|$) {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS off;
}
}
As you may have noticed that the root is pointed in "/var/www/my-symfony-project/web" directory.
Now, the problem is that I have this "some-plugin" folder inside the "web" directory and there are PHP files from there that are not handled by the Symfony2 routing.
I actually made it work when I have the following "location" block inside the "server" block illustrated above.
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
}
It seems okay having this type of configuration at first but we realized that it accepts request to any "*.php" file to which we evaluated as a security breach.
Any suggestions?
Allowing access to .php files is usually not considered dangerous or a security breach, as long as the PHP files are executed and not served in their source form and, of course, don't print any sensitive information.
If either of the former are not the case, you should probably change your setup or your code.
Anyway, you should be able to restrict the .php file handling to /var/www/my-symfony-project/web/some-plugin by using the following as location:
location ~ ^/var/www/my-symfony-project/web/some-plugin/.*\.php$ {
# your rules here
}
This should match all files whose path starts with /var/www/my-symfony-project/web/some-plugin/ and end with .php in upper or lower case.