I have 12 sites that I plan to run on a single server that has NGinx and php5-fpm on it. I set them all up using one server block per conf file, all included by the main nginx.conf file. It's a mix of Wordpress, PhpMyAdmin, and PHP sites. The wordpress and PhpMyAdmin sites are working fine, but the PHP sites are not. Meaning, when I pull up example.com, Chrome says connection refused, and there's no trace of an incoming connection on NGinx logs. test.example.com pulls up the default site(because I didn't configure test.example.com then) at the same time.
I copied the nginx configs from the working sites to set up the sites that are not working, but no luck. The only difference in nginx config between the working and non-working sites are the server_name directive.
After checking and rechecking for over 2 hours, I found out that the sites that have the server_name as pqr.example.com work, but the ones with example.com don't. All of the working sites are configured to use subdomain URLs, and that's probably why they're working.
My questions are -
1. What am I missing in the config to make the abc.com work ?
2. I have two sites, example.com and example.net that I'm trying to run on the same server. Is that going to be a problem for NGinx ?
3. Does Nginx have a problem with differentiating between example.com, test.example.com, and example.net ?
4. I also noticed that if www.example.net works, www.example.com doesn't and vice versa, which means I have to assign each site that has the name abc in it different subdomains like www.example.net and test.example.com. Is this a standard/expected behavior of Nginx, or am I missing something ?
5. All of my base URLs auto redirect from http://example.com to http://www.example.com; How do I find out where that redirect is happening ?
Below are the Nginx config files that I'm having problems with, truncated to include the important parts; Please let me know if more info is needed.
Main nginx.conf file -
user www-data www-data;
pid /var/run/nginx.pid;
worker_processes 4;
worker_rlimit_nofile 100000;
events {
worker_connections 4096;
include /etc/nginx.custom.events.d/*.conf;
}
http {
default_type application/octet-stream;
access_log off;
error_log /var/log/nginx/error.log crit;
.......
server_tokens off;
include proxy.conf;
include fcgi.conf;
include conf.d/*.conf;
include /etc/nginx.custom.d/*.conf;
}
include /etc/nginx.custom.global.d/*.conf;
Here is the full working .conf file for a blog that works. All other sites have this full config, since they are just basic PHP sites.
server {
listen *:80;
server_name blog.example.com;
access_log /var/log/nginx/blog-example.access.log;
error_log /var/log/nginx/blog-example.error.log;
root /var/www/example/blog;
index index.html index.htm index.php;
# This order might seem weird - this is attempted to match last if rules below fail.
location / {
try_files $uri $uri/ /index.php?$args;
}
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
# Directives to send expires headers and turn off 404 error logging.
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~ /\. {
deny all;
}
# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
location ~ [^/]\.php(/|$) {
# Zero-day exploit defense.
# http://forum.nginx.org/read.php?2,88845,page=3
# Won't work properly (404 error) if the file is not stored on this server, which is entirely possible with php-fpm/php-fcgi.
# Comment the 'try_files' line out if you set up php-fpm/php-fcgi on another machine. And then cross your fingers that you won't get hacked.
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
include fcgi.conf;
fastcgi_pass unix:/var/run/php-fcgi-blog-example-php-fcgi-0.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
Here's the truncated .conf file for example.com
server {
listen *:80;
server_name example.com www.example.com test.example.com;
access_log /var/log/nginx/examplecom.access.log;
error_log /var/log/nginx/examplecom.error.log;
root /var/www/example/com;
index index.html index.htm index.php;
# This order might seem weird - this is attempted to match last if rules below fail.
location / {
try_files $uri $uri/ /index.php?$args;
}
........
location ~ [^/]\.php(/|$) {
......
fastcgi_index index.php;
include fcgi.conf;
fastcgi_pass unix:/var/run/php-fcgi-examplecom-php-fcgi-0.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
Here's the truncated file for example.net
server {
listen *:80;
server_name example.net www.example.net test.example.net;
access_log /var/log/nginx/examplenet.access.log;
error_log /var/log/nginx/examplenet.error.log;
root /var/www/example/net;
index index.html index.htm index.php;
# This order might seem weird - this is attempted to match last if rules below fail.
location / {
try_files $uri $uri/ /index.php?$args;
}
........
location ~ [^/]\.php(/|$) {
......
fastcgi_index index.php;
include fcgi.conf;
fastcgi_pass unix:/var/run/php-fcgi-examplenet-php-fcgi-0.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
Meaning, when I pull up example.com, Chrome says connection refused, and there's no trace of an incoming connection on NGinx logs. test.example.com pulls up the default site(because I didn't configure test.example.com then) at the same time.
Well, your server is listening. Chances are you haven't configured your DNS records correctly, or there is DNS caching. Set your host file to test this theory.
Related
I have a wordpress site with the configuration below:
ian#ianhobson:/etc/nginx/sites-enabled$ cat thecoachmasternetwork
# Statements for thecoachmasternetwork.com
#
# rewrites of http to https at bottom of file
server {
server_name thecoachmasternetwork.com www.thecoachmasternetwork.com;
listen 80;
fastcgi_read_timeout 300;
root /var/www/thecoachmasternetwork/htsecure;
index index.php;
fastcgi_index index.php;
access_log /var/log/nginx/thecoachmasternetwork.access.log;
# error_log /var/log/nginx/error.log;
#
location = /favicon.ico {
log_not_found off;
access_log off;
}
location ~ \.user\.ini$ {
deny all;
}
# disallow hot linking to images
location ~ .(gif|png|jpg|jpeg)$ {
valid_referers none blocked thecoachmasternetwork.com www.thecoachmasternetwork.com;
if ($invalid_referer) {
return 403;
}
}
# serve static files that exist
location / {
try_files $uri $uri/ /index.php?$args;
}
# send .php files to fastcgi if file exists
location ~ \.php$ {
# Zero-day exploit defence - http://forum.nginx.org/read.php?2,88845,page=3
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root#fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
include /etc/nginx/fastcgi.conf;
fastcgi_pass 127.0.0.1:9000;
}
}
# redirects from http -> https
#server {
# if ($host = www.thecoachmasternetwork.com) {
# return 301 https://$host$request_uri;
# } # managed by Certbot
# if ($host = thecoachmasternetwork.com) {
# return 301 https://$host$request_uri;
# } # managed by Certbot
# server_name thecoachmasternetwork.com www.thecoachmasternetwork.com;
# listen 80;
# return 404; # managed by Certbot
#}
ian#ianhobson:/etc/nginx/sites-enabled$
I can't find a rewrite, or a return 301.
However when I request the root, or when I request /index.php, the access log shows a 301 redirect to another site on my server. This is NOT the default_site, nor is it the first site. Those have been set up in nginx.conf before the inclusion of sites-enabled/*. However on port 80 only.
I suspect its a problem with certbot's certificates, (which is why I have switched it to port 80, soI can start them again). The site redirected to, is on https, and appears to be fine.
Other information that might be useful. /license.txt is served correctly. A .php file containing <php phpinfo() /php> produces what is expected. I can see nothing strange in it. I have poked about in the WP files, and can see nothing strange there, but it is a hideously complicated site.
There is nothing in the error.log.
So what is happening?
Turns out that wordpress has two lines in the ???options table, that define the URL of the siteurl and the home page. I had not changed these, and it was wordpress that was issuing the 301.
I'm trying to configure an error page in nginx for 500 and 502 error codes, I tried many different configuration options and solutions but none of them worked for me.
The issue itself is, that no matter how I do the configuration, I always get the generic Nginx error page with 502 bad gateway.
The following docker stack is running with these containers:
Nginx
MySQL
Composer
Azure CLI
PHP
A TYPO3 system is running behind the php/composer container.
I'm using Nginx instead of a Apache web server.
Below you can see my current nginx configuration.
server {
listen 80;
root /var/www/html/public;
index index.php index.htm index.html;
# Make site accessible from http://localhost/
server_name _;
# Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html
sendfile off;
error_log /dev/stdout info;
access_log /var/log/nginx/access.log;
# NGINX - Provide error page
error_page 500 502 /error.html;
location = /error.html {
internal;
}
## provide a health check endpoint
location /healthcheck {
access_log off;
stub_status on;
keepalive_timeout 0; # Disable HTTP keepalive
return 200;
}
location / {
absolute_redirect off;
try_files $uri $uri/ /index.php$is_args$args;
}
# pass the PHP scripts to FastCGI server listening on socket
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass ${PHP_DOMAIN}:9000;
fastcgi_buffers 16 128k;
fastcgi_buffer_size 128k;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_intercept_errors off;
# fastcgi_read_timeout should match max_execution_time in php.ini
fastcgi_read_timeout 600;
fastcgi_param SERVER_NAME $host;
fastcgi_cache_bypass $http_x_blackfire_query;
}
# Expire rules for static content
# Feed
location ~* \.(?:rss|atom)$ {
expires 1h;
}
# Media: images, icons, video, audio, HTC
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
}
# Prevent clients from accessing hidden files (starting with a dot)
# This is particularly important if you store .htpasswd files in the site hierarchy
# Access to `/.well-known/` is allowed.
# https://www.mnot.net/blog/2010/04/07/well-known
# https://tools.ietf.org/html/rfc5785
location ~* /\.(?!well-known\/) {
deny all;
}
# Prevent clients from accessing to backup/config/source files
location ~* (?:\.(?:bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ {
deny all;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
# TYPO3 - Block access to composer files
location ~* composer\.(?:json|lock) {
deny all;
}
# TYPO3 - Block access to flexform files
location ~* flexform[^.]*\.xml {
deny all;
}
# TYPO3 - Block access to language files
location ~* locallang[^.]*\.(?:xml|xlf)$ {
deny all;
}
# TYPO3 - Block access to static typoscript files
location ~* ext_conf_template\.txt|ext_typoscript_constants\.(?:txt|typoscript)|ext_typoscript_setup\.(?:txt|typoscript) {
deny all;
}
# TYPO3 - Block access to miscellaneous protected files
location ~* /.*\.(?:bak|co?nf|cfg|ya?ml|ts|typoscript|dist|fla|in[ci]|log|sh|sql)$ {
deny all;
}
# TYPO3 - Block access to recycler and temporary directories
location ~ _(?:recycler|temp)_/ {
deny all;
}
# TYPO3 - Block access to configuration files stored in fileadmin
location ~ fileadmin/(?:templates)/.*\.(?:txt|ts|typoscript)$ {
deny all;
}
# TYPO3 - Block access to libaries, source and temporary compiled data
location ~ ^(?:vendor|typo3_src|typo3temp/var) {
deny all;
}
# TYPO3 - Block access to protected extension directories
location ~ (?:typo3conf/ext|typo3/sysext|typo3/ext)/[^/]+/(?:Configuration|Resources/Private|Tests?|Documentation|docs?)/ {
deny all;
}
if (!-e $request_filename) {
rewrite ^/(.+)\.(\d+)\.(php|js|css|png|jpg|gif|gzip)$ /$1.$3 last;
}
#Include development locations if needed
include /etc/nginx/conf.d/locations/*.conf;
}
I think the issue itself does not come from the configuration but from anywhere else but I don't know where.. I can't find the problem.
Hope u guys can help me, btw it's my first stack overflow question :D
EDIT:
Just added the configuration below to test the error codes but unfortunately I still get a 502 Bad Gateway, maybe a problem with the local setup. To my surprise the configured location for a healthcheck is working, just the error page not.
location /get_error {
return 500;
}
UPDATE:
The configuration itself was correct, I just deployed the changes made to the dev system and it just worked! I don't know why and where the issue was but it just won't work for my local dev environment.
Basically I need to logically separate 2 sites on one hosting and one domain name registered.
Firstly, I've set up a sub-domain using CNAME record. Then I've created 2 files for domain and sub-domain (no syntax errors, nginx restarted after changes):
subdomain.conf
server {
listen 80;
server_name sub.domain.com;
index index.php index.html;
root /web/www/sub.domain.com;
access_log off;
server_tokens off;
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/webserv/var/php-cgi.sock;
fastcgi_index index.php;
include /webserv/nginx/conf/fastcgi.conf;}}
domain.conf
server {
listen 80;
server_name domain.com;
index index.php index.html;
root /web/www/domain.com;
access_log off;
server_tokens off;
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/webserv/var/php-cgi.sock;
fastcgi_index index.php;
include /webserv/nginx/conf/fastcgi.conf;}}
But only one of them is working, and a request in browser to the other doesn't even get to nginx, and eventually it says the page load time was too long. What is the easiest way of doing this? Should several instances of nginx, php-fpm be used?
Your configuration looks fine, if the seconde file was enabled and wrong nginx would have triggered a server error, but from what you are saying the problem come from your domain name, maybe it is missconfigured or has not yet been propagated.
Resolved, it wasn't working as I was using google public DNS on local machine(who would have thought)
I'm trying to set up a web application using Nginx, but when trying to access it I am getting a 403 error. I've followed various different approaches to solving this including making sure that my permissions are set but to no avail.
here iss the config for the web application:
server {
listen 80;
server_name localhost
index index.php index.html index.htm;
root /usr/share/nginx/html/my-app/webapp;
port_in_redirect off;
# Use cached or actual file if they exists, otherwise pass request to WordPress
location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
}
# Deny access to hidden files
location ~* /\.ht {
deny all;
access_log off;
log_not_found off;
}
# Pass PHP scripts on to PHP-FPM
location ~* \.php$ {
try_files $uri /index.php;
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php5-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
}
I ran chmod -R 777 my-app to give it all permissions.
yet I still get the 403 error.
You are missing a ; on your server_name directive, which would normally be a syntax error, but in your case it translates to:
server_name localhost index index.php index.html index.htm;
Which may be a weird list of server names, but more importantly, it means you do not have an index directive. This means that you will get an HTTP 403 response code whenever you attempt to list a directory such as /.
I have installed the Homestead VM and setup the Moodle installation folder on my Mac (OSX Yosemite). I also created the 'moodledata' folder and gave it the permissions 0777 as well as the folder 'moodledata/sessions' via my system command line (I tried doing this via SSH inside the VM but it didn't appear to change the permissions). However checking the permissions after doing it via my system showed the folder was writable from inside the VM.
I then moved on to the installation which ran through and created the DB tables and did the check which showed 2 check warnings:
Intl and xmlrpc to check
I don't believe these are essential for initial installation so carried on. It is when I get to the admin user creation where I am getting a problem. The page (/user/editadvanced.php?id=2) stops loading any images and when I post the form I get an error: 'Incorrect sesskey submitted, form not accepted!'
I thought this could be down to the session not being writable in the moodledata folder but as I have checked that now I am out of ideas!
I have attached a couple of screenshots.
Many thanks, Mike.
Ok after a good few days of head scratching I fixed my own issue by editing the NGINX config file. Below is what it was by default:
server {
listen 80;
server_name example.com;
root /home/forge/example.com;
# FORGE SSL (DO NOT REMOVE!)
# ssl_certificate;
# ssl_certificate_key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/example.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
And this is what I changed it to and it now works:
server {
listen 80;
server_name example.com; #REPLACE SERVER NAME
root /var/www/example.com/www/; #REPLACE MOODLE INSTALL PATH
error_log /var/www/example.com/log/example.com_errors.log; #REPLACE MOODLE ERROR LOG PATH
access_log /var/www/example.com/log/example.com_access.log; #REPLACE MOODLE ACCESS LOG PATH
rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last;
location / {
index index.php index.html index.htm;
try_files $uri $uri/ /index.php;
}
fastcgi_intercept_errors on;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
I haven't had time to see which part/parts of the above config fixed the issue, maybe someone who knows can see straight away? I suspect it could be the rewrite rule? Either way I hope this helps someone else in the future and I am really happy to get this working!
I can confirm is just the rewrite part for that specific config file, although in the Moodle Nginx page it's not documented that way.
My guess is that the location ~ [^/]\.php(/|$) { part is doing the same thing as the rewrite rule rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; and the location ~ \.php$ { directive. Will need to make some test changing the location directive to see if that works as well.