Nginx 1.6.2 on Debian Jessie
I want to map all example.com/forum/ requests to /path/to/htdocs/phpbb and cut off the /forum/ part in the URI. Someone on Stackoverflow recommended the "rewrite" solution instead of "alias", because there are some bugs.
server
{
listen [::]:80;
server_name example.com;
root /var/www/html;
index index.php index.html;
#try_files $uri $uri/ =404;
location /forum/
{
root /path/to/htdocs/phpbb;
rewrite ^/forum/(.*)$ /$1 break;
location ~ .+\.php$
{
rewrite ^/forum/(.*)$ /$1 break;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
}
}
The example configuration works fine – example.com/forum/viewtopic.php executes the script /path/to/htdocs/phpbb/viewtopic.php – but example.com/ (index.php) doesn't work:
"/var/www/html/index.php" failed (2: No such file or directory)
After removing the "index" line from server block:
directory index of "/path/to/htdocs/phpbb/" is forbidden
After moving the "index" and/or "try_files" line(s) into the location block:
index.php served without passing over to php-fpm…
Ok, what's wrong with my config? Any hints?
Ok, alias is buggy (rewrite too…), but if you avoid try_files and use if instead (even if evil…) it should work!
server
{
listen [::]:80;
server_name example.com;
root /var/www/html;
location /forum/
{
alias /path/to/htdocs/phpbb/;
index index.php index.html;
location ~ "^(/forum/)(.+\.php)(/.+){0,1}$"
{
if (!-f $document_root$2)
{
return 404;
}
fastcgi_index index.php;
include fastcgi.conf;
fastcgi_param SCRIPT_FILENAME $document_root$2;
fastcgi_param SCRIPT_NAME $1$2;
fastcgi_param PATH_INFO $3;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
}
}
phpinfo() looks fine, but one question remains: Is it secure?
Related
I have put a Laravel 8 application on a AWS t2.nano Linux AMI ec2 instance. I would like to start up front by saying I have been at this for about a day now. I have tried a few configurations.
Here's some configurations I have tried:
The default nginx config file from the Laravel 8 documentation
https://laravel.com/docs/8.x/deployment#nginx
Another very similar stackoverflow question referenced here
Laravel on nginx says 404 for all routes except index
At the end of the day, I cannot get it to work properly. My index page loads, but any of the other routes end up at a 404 page. You can view the application here.
https://technology.dvemedia.com/
So here are some tech specs and the current state of my conf file.
Laravel - 8
PHP - 7.4
NGINX - 1.12.2
# HTTP
server {
listen 80;
listen [::]:80;
server_name technology;
return 301 https://$host$request_uri; # Redirect to www
}
server {
listen 80;
listen [::]:80;
server_name technology.dvemedia.com;
root /var/www/html/technology/public;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fixes timeouts
fastcgi_read_timeout 600;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
What am I missing or doing wrong, because I cannot get it to route to save my life.
Try this:
## Nginx php-fpm Upstream
upstream dvemedia {
server unix:/var/run/php/php7.4-fpm.sock;
}
## Web Server Config
server
{
## Server Info
listen 80;
listen [::]:80;
server_name technology.dvemedia.com;
root /var/www/html/technology/public;
index index.html index.php;
## DocumentRoot setup
location / {
try_files $uri $uri/ #handler;
expires 30d;
}
## Disable .htaccess and other hidden files
location /. {
return 404;
}
## Rewrite all request to index
location #handler {
rewrite / /index.php;
}
## Execute PHP scripts
location ~ \.php$ {
try_files $uri = 404;
expires off;
fastcgi_pass dvemedia;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
and put all your optimisation/tweaks (like fastcgi_buffers ...) in fastcgi_params file
I made a bad assumption by thinking my php-fpm socket would stay the same. After looking at the directory structure, my socket for 7.4 ended up being here.
fastcgi_pass unix:/var/run/php-fpm/www.sock;
That actually fixed it and everything worked. I gave bad information when I wrote the path for my socket was actually this.
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
#Latheesan answer would most likely have worked had I had given the correct information, minus the spelling mistake of course.
I need to have a php application inside my default server configuration.
Also this application it was previously allocated on a apache server with rewrite rules on the .htaccess file that I translated to nginx.
I'm trying to configure it all like that:
server {
listen [::]:443;
server_name _;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
location /admin {
alias /var/www/sefoanco/html;
index index.php index.html index.htm;
try_files $uri $uri/ #admin;
rewrite ^(/admin/.*)/login/ /login/controller.php break;
rewrite ^(/admin/.*)/observacions/ /observacions/controller.php break;
rewrite ^(/admin/.*)/usuari/ /usuari/controller.php break;
rewrite ^(/admin/.*)/llistat/ /llistat/controller.php break;
location ~ /admin/.+\.php$ {
include snippets/fastcgi-php.conf;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
include fastcgi_params;
}
}
location #admin {
rewrite /admin/(.*)$ /admin/$1 last;
}
}
If I access to localhost/admin/login I get a 403 forbidden error.
If I add the controller.php to the index files, it answer correctly with the php response, so I think that the php is well configured.
So I think that I forget something to config.
Finally the problem was that the application are not made to work inside a path. If I see the application configuration I saw the following:
$_DOCUMENT_ROOT = $_SERVER["DOCUMENT_ROOT"];
So, is easy to make it working on paths but the application doesn't work with relative paths so after make a call inside login, will search the auth method inside the root path.
So is needed to rewrite some parts of the application before it can work inside a path.
Anyway, I get the login page working just deleting rewrite rules and adding controller.php on the index param. Something like should work:
server {
listen [::]:443 ;
server_name _;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html controller.php;
location /admin {
try_files $uri $uri/ =404;
}
location ~ \.php($|/) {
include snippets/fastcgi-php.conf;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
include fastcgi_params;
}
}
Some details about my setup first:
I am serving a static webapp (HTML + JS) from default Nginx webroot
I have a PHP-FPM server running on localhost:9000
The destination file should be /api/webroot/index.php for FPM (always, no need to try_files etc.)
I need to forward all /api and /api-debug calls to arrive at localhost:9000, and the /app/webroot/index.php should handle all these requests.
I have the following working Nginx configuration:
upstream fastcgi_backend {
server localhost:9000;
keepalive 30;
}
server {
listen 80;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
location ~ ^/(api|api-debug)/ {
root /app/webroot;
index index.php;
try_files $uri /api/index.php$is_args$args;
location ~ \.php$ {
fastcgi_pass fastcgi_backend;
fastcgi_split_path_info ^(?:\/api\/)(.+\.php)(.*)$;
fastcgi_param SCRIPT_FILENAME /app/webroot/$fastcgi_script_name;
include fastcgi_params;
}
}
}
}
I just want to make it more simple and efficient, because as I see it now it's a mess.
I tried to adjust for example
try_files $uri /api/index.php$is_args$args;
to
try_files $uri /api/webroot/index.php$is_args$args;
and it failed... The only reason that it works is that /api/index.php includes /api/webroot/index.php, but I see it's inefficient.
I found debugging nginx config hard, because it's not easy to test.
Thank you very much for your help in advance!
The simplest solution would be to hardwire SCRIPT_FILENAME with a value of /app/webroot/index.php and remove one of your location blocks altogether.
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
location ~ ^/(api|api-debug)/ {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /app/webroot/index.php;
fastcgi_pass fastcgi_backend;
}
Alternatively, to keep the flexibility of specifying a URI with a .php extension, you could simplify the configuration with:
location / {
root /usr/share/nginx/html;
index index.html index.htm;
rewrite ^/(api|api-debug)/ /index.php last;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /app/webroot$uri;
fastcgi_pass fastcgi_backend;
}
This is my original nginx configuration
server {
listen 80;
server_name my-site.com;
return 301 http://www.my-site.com$request_uri;
}
server {
listen 80;
server_name www.my-site.com;
root /var/www/sites/mysite/public_html;
index index.php index.html index.html;
access_log /var/log/nginx/mysite.access.log;
error_log /var/log/nginx/mysite.error.log;
ssl off;
location / {
try_files $uri $uri/ index.php;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_read_timeout 180;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
Then I want to add another site in subfolder lets say "my-site.com/another_app" but this site requires rewriting url like:
my-site.com/another_app/api
my-site.com/another_app/home
becomes
my-site.com/another-app/api.php
my-site.com/another-app/index.php?mod=home
i already tried to add rewrite inside the "location /" like this
location / {
try_files $uri $uri/ index.php;
rewrite ^/another-app/api$ /another-app/api.php break;
rewrite ^/another-app/([A-Za-z0-9-|_]+)/?$ /another-app/index.php?mod=$1 break;
}
But every time I try to access "my-site.com/another-app/api" it triggers to download the php script
Did I missing something?
I can't comment yet so I answer this way.
I have had this problem only with static files like css and js:
I fixed it with indexing the files in the static folder:
location /static/ {
# My static files including the css reside inside my static
# folder e.g. /static/css/style.css
# autoindex on will index everything under the given location
autoindex on;
}
Also what #Richard Smith said, try using last.
Hi somebody please help me out, I’m trying to setup a cakephp environment on a Centos server running Nginx with Fact CGI. I already have a wordpress site running on the server and a phpmyadmin site so I have PHP configured correctly.
My problem is that I cannot get the rewrite rules setup correct in my vhost so that cake renders pages correctly i.e. with styling and so on. I’ve googled as much as possible and the main consensus from the sites like the one listed below is that I need to have the following rewrite rule in place
location / {
root /var/www/sites/somedomain.com/current;
index index.php index.html;
# If the file exists as a static file serve it
# directly without running all
# the other rewrite tests on it
if (-f $request_filename) {
break;
}
if (!-f $request_filename) {
rewrite ^/(.+)$ /index.php?url=$1 last;
break;
}
}
http://blog.getintheloop.eu/2008/4/17/nginx-engine-x-rewrite-rules-for-cakephp
problem is these rewrite assume you run cake directly out of the webroot which is not what I want to do. I have a standard setup for each site i.e. one folder per site containing the following folders log, backup, private and public. Public being where nginx is looking for its files to serve but I have cake installed in private with a symlink in public linking back to /private/cake/
this is my vhost
server {
listen 80;
server_name app.domain.com;
access_log /home/public_html/app.domain.com/log/access.log;
error_log /home/public_html/app.domain.com/log/error.log;
#configure Cake app to run in a sub-directory
#Cake install is not in root, but elsewhere and configured
#in APP/webroot/index.php**
location /home/public_html/app.domain.com/private/cake {
index index.php;
if (!-e $request_filename) {
rewrite ^/(.+)$ /home/public_html/app.domain.com/private/cake/$1 last;
break;
}
}
location /home/public_html/app.domain.com/private/cake/ {
index index.php;
if (!-e $request_filename) {
rewrite ^/(.+)$ /home/public_html/app.domain.com/public/index.php?url=$1 last;
break;
}
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /home/public_html/app.domain.com/private/cake$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
}
Now like I said I can see the main index.php of cake and have connected it to my DB but this page is without styling so before I proceed any further I would like to configure it correctly. What am I doing wrong?
Thanks seanl
At a glance, your problem might be that you are not pointing nginx to the webroot of your app. Deploying to the root cake folder is really not the way to go under any web-server.
The following is a complete server-block I use running Cake apps. In reality I only have the first four lines and then include the rest from a separate file "cakephp.inc".
A note on the line "fastcgi_param SERVER_NAME $host;". This is because some of my apps use $_SERVER['SERVER_NAME'] and it does not have the same meaning in nginx as in Apache. If youe server has several server_name(s) defined nginx will always pass the first one to php.
server {
server_name cakeapp.example.com;
root /var/www/vhosts/cake/app/webroot;
access_log /var/log/nginx/cakeapp.access.log;
error_log /var/log/nginx/cakeapp.error.log;
listen 80;
rewrite_log on;
# rewrite rules for cakephp
location / {
index index.php index.html;
# If the file exists as a static file serve it
# directly without running all
# the other rewite tests on it
if (-f $request_filename) {
break;
}
if (!-f $request_filename) {
rewrite ^/(.+)$ /index.php?url=$1 last;
break;
}
}
location ~* \favicon.ico$ {
expires 6m;
}
location ~ ^/img/ {
expires 7d;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
fastcgi_param SERVER_NAME $host;
}
location ~ /\.ht {
deny all;
}
}
There's now official documentation on this issue, which I used and confirmed works.
The documentation states:
server {
listen 80;
server_name www.example.com;
rewrite ^(.*) http://example.com$1 permanent;
}
server {
listen 80;
server_name example.com;
# root directive should be global
root /var/www/example.com/public/app/webroot/;
index index.php;
access_log /var/www/example.com/log/access.log;
error_log /var/www/example.com/log/error.log;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
I got this working:
root DIR/app/webroot/;
location / {
index index.php index.html;
rewrite ^/$ /index.php?url=/;
if (!-e $request_filename) {
rewrite ^(/.*)$ /index.php?url=$1 last;
}
}
and then of course handlers for php and stuff...
It is not advisable to use 'IF' blocks inside a 'location' block.
Here is a more natural way to achieve the same, using regex locations.
In this example, CakePHP 2.x is the root app on a vhost (skipping common stuff like server_name , logs etc):
root /path/to/cakephp-2.x_root/app/webroot;
index index.php;
location ~ .+\.php$ {
try_files $uri =404; #handle requests for missing .php files
include fastcgi_params;
fastcgi_pass 127.0.0.1:7001; #the FPM pool port
}
location ~ ^/(.*) {
try_files $uri $uri/ /index.php?url=$1&$args;
}
Note that the .php location block is BEFORE the / location block. That's important because with regex locations, they are searched until the first match.
If you need to make it run in a sublocation, eg http://www.example.com/something/, here is how I managed to do it. First I had to do a symlink to trick nginx: extract cakephp-2.x somewhere, then in 'app/webroot' create a symlink to itself with the same name as the sublocation, e.g. 'ln -s ../webroot something' .
Then the following config works to access cackephp under /something/:
location ~ ^/something/.+\.php$ {
try_files $uri =404; #handle requests for missing .php files
root /path/to/cakephp-2.x_root/app/webroot;
include fastcgi_params;
fastcgi_pass 127.0.0.1:7001; #the FPM pool port
}
location ~ ^/something(?:/)(.*) {
root /path/to/cakephp-2.x_root/app/webroot;
index index.php;
try_files $uri $uri/ /something/index.php?url=$1&$args;
}
Symlinking can probably be avoided by using 'alias' istead of 'root' but I could not figure out how.
I had a bunch of issues setting up a CakePHP site that was running an older version of CakePHP 1.2 - going by the date of this post it might be around the time. I recently blogged about it and simply suggest upgrading or installing a fresh version of the Cake library and all problems went away.
Please use below code in
vi /etc/nginx/sites-available/domainname.com
server {
server_name cakeapp.example.com;
root /var/www/vhosts/cake/app/webroot;
access_log /var/log/nginx/cakeapp.access.log;
error_log /var/log/nginx/cakeapp.error.log;
listen 80;
rewrite_log on;
# rewrite rules for cakephp
location / {
index index.php index.html;
# If the file exists as a static file serve it
# directly without running all
# the other rewite tests on it
if (-f $request_filename) {
break;
}
if (!-f $request_filename) {
rewrite ^/(.+)$ /index.php?url=$1 last;
break;
}
}
location ~* \favicon.ico$ {
expires 6m;
}
location ~ ^/img/ {
expires 7d;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
fastcgi_param SERVER_NAME $host;
}
location ~ /\.ht {
deny all;
}
}
Its working for me.