We Keep Coding

NGINX config for php backend and JS frontend

I'm trying to serve my frontend app under /, but have requests for /oauth2 pass off to a php backend. Here is my latest nginx config attempt:
upstream dockerphp {
server backendphp:9000;
}
server {
listen 80;
server_name localhost;
index index.html;
root /application/frontend/build;
location /oauth2 {
root /application/public;
index index.php;
try_files $uri $uri/ /index.php$is_args$args;
#try_files /index.php$is_args$args =404;
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass dockerphp;
fastcgi_index index.php;
}
}
location / {
try_files $uri $uri/ /index.html;
}
}
I've tried just about every combination of config I can think of and just can't get it to work. Most of the time I end up with 404s.
Both my nginx and php docker containers have the same /application directory mounted.
With the above config, any requests to /oauth2/blah are being picked up by the location block at the bottom and therefore back to my frontend. This is probably my biggest problem - the /oauth2 location block to my mind is more "specific" so why isn't it "winning"?
I tried the commented out try_files line instead (to see whether index.php being the "fallback" value had an effect on specificity), and nginx just started downloading the index.php file rather than passing on the request. Help?

This is the approach that I use:
attempt to serve js / static pages first
if 1.) fails, pass to PHP backend
define a location for handling .php
upstream dockerphp {
server backendphp:9000;
}
server {
listen 80;
server_name localhost;
index index.html;
root /application/frontend/build;
location / {
try_files $uri $uri/ #php;
}
location #php {
root /application/public;
index index.php;
try_files $uri $document_root/index.php?$query_string;
# $document_root/index.php is the important part due to how root and alias directives work
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass dockerphp;
fastcgi_index index.php;
}
}

The location /oauth2 only wins when the URL you try is exactly website.com/oauth2. Add ^~ and the route will win all of the URLs starting with /oauth2, like this:
location ^~ /oauth2 {

For reference I eventually found a simple working solution (below).
upstream dockerphp {
server backendphp:9000;
}
server {
listen 80;
server_name localhost;
index index.html;
root /application/frontend/build;
location / {
try_files $uri $uri/ /index.html;
}
location /oauth2 {
try_files $uri $uri/ #php;
}
location #php {
include /etc/nginx/fastcgi_params;
fastcgi_pass dockerphp;
fastcgi_param SCRIPT_FILENAME /application/public/index.php;
}
}

Nginx + PHP-FPM redirect to static PHP file

Some details about my setup first:
I am serving a static webapp (HTML + JS) from default Nginx webroot
I have a PHP-FPM server running on localhost:9000
The destination file should be /api/webroot/index.php for FPM (always, no need to try_files etc.)
I need to forward all /api and /api-debug calls to arrive at localhost:9000, and the /app/webroot/index.php should handle all these requests.
I have the following working Nginx configuration:
upstream fastcgi_backend {
server localhost:9000;
keepalive 30;
}
server {
listen 80;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
location ~ ^/(api|api-debug)/ {
root /app/webroot;
index index.php;
try_files $uri /api/index.php$is_args$args;
location ~ \.php$ {
fastcgi_pass fastcgi_backend;
fastcgi_split_path_info ^(?:\/api\/)(.+\.php)(.*)$;
fastcgi_param SCRIPT_FILENAME /app/webroot/$fastcgi_script_name;
include fastcgi_params;
}
}
}
}
I just want to make it more simple and efficient, because as I see it now it's a mess.
I tried to adjust for example
try_files $uri /api/index.php$is_args$args;
to
try_files $uri /api/webroot/index.php$is_args$args;
and it failed... The only reason that it works is that /api/index.php includes /api/webroot/index.php, but I see it's inefficient.
I found debugging nginx config hard, because it's not easy to test.
Thank you very much for your help in advance!

The simplest solution would be to hardwire SCRIPT_FILENAME with a value of /app/webroot/index.php and remove one of your location blocks altogether.
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
location ~ ^/(api|api-debug)/ {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /app/webroot/index.php;
fastcgi_pass fastcgi_backend;
}
Alternatively, to keep the flexibility of specifying a URI with a .php extension, you could simplify the configuration with:
location / {
root /usr/share/nginx/html;
index index.html index.htm;
rewrite ^/(api|api-debug)/ /index.php last;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /app/webroot$uri;
fastcgi_pass fastcgi_backend;
}

Nginx - php-files not found after rewrite

I'm trying to rewriting /assets/* -> to /theme/theme_1/*.
The rewrite url works with all files except .php-files.
Example file structure:
/theme/theme_1/images/image.jpg
/theme/theme_1/images/user.jpg
/theme/theme_1/ajax/register.php
/theme/theme_1/ajax/read.php
The problem is the PHP-files, I get a 404 with this url:
wget http://example.com/assets/ajax/read.php.
File is found (200) using full path http://example.com/theme/theme_1/ajax/read.php
All other file works fine (200):
wget http://example.com/assets/images/image.jpg
nginx config:
server {
listen 80 default_server;
root /var/www/html;
index index.php index.html
server_name mysite.com;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location /assets {
rewrite ^/assets/(.*) /theme/theme_1/$1 break;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
}

Okie you should try this
location /assets/ {
alias /var/www/html/theme/theme_1/;
}
If that doesn't work then try
location /assets/ {
alias /var/www/html/theme/theme_1/;
try_files $uri $uri/ /index.php?$args;
}
Edit-1
On second look I realize the previous answer won't work as ~ \.php { block will catch everything with php extension and the other assets block can never get called. So the solution is to nest the rewrite inside the php block. So use
location ~ \.php$ {
rewrite ^/assets/(.*)$ /theme/theme_1/$1;
include snippets/fastcgi-php.conf;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}

Access HTTP_REFERER in Nginx

I have edited my fastcgi.conf file and added the following in an attempt to access the $http_referer: fastcgi_param HTTP_REFERER $http_referer;.
After doing so I made sure to reload my php-fpm.
In this example I'm attempting to stop any domain with google in it from refering to my domain, but when I try to restart my nginx I get the error: Invalid Condition: "$http_referer".
server {
listen 80;
server_name server.domain;
if($http_referer != "") {
if ($http_referer ~* (google)) {
return $http_referer;
}
}
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl default deferred;
root /var/www/html;
server_name server.domain;
if($http_referer != "") {
if ($http_referer ~* (google)) {
return $http_referer;
}
}
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.html;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
}
My thoughts are either I did not add the $http_referer into the fastcgi.conf correctly or maybe I added it to the wrong file so it didn't load... or I possibly did not include the fastcgi_params correctly.
Additionally, maybe I need to install a module ontop of nginx, but I'm not sure how to add them.

Nginx/Fcgi: index.php issue with pseudo-alias location

Nginx 1.6.2 on Debian Jessie
I want to map all example.com/forum/ requests to /path/to/htdocs/phpbb and cut off the /forum/ part in the URI. Someone on Stackoverflow recommended the "rewrite" solution instead of "alias", because there are some bugs.
server
{
listen [::]:80;
server_name example.com;
root /var/www/html;
index index.php index.html;
#try_files $uri $uri/ =404;
location /forum/
{
root /path/to/htdocs/phpbb;
rewrite ^/forum/(.*)$ /$1 break;
location ~ .+\.php$
{
rewrite ^/forum/(.*)$ /$1 break;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
}
}
The example configuration works fine – example.com/forum/viewtopic.php executes the script /path/to/htdocs/phpbb/viewtopic.php – but example.com/ (index.php) doesn't work:
"/var/www/html/index.php" failed (2: No such file or directory)
After removing the "index" line from server block:
directory index of "/path/to/htdocs/phpbb/" is forbidden
After moving the "index" and/or "try_files" line(s) into the location block:
index.php served without passing over to php-fpm…
Ok, what's wrong with my config? Any hints?

Ok, alias is buggy (rewrite too…), but if you avoid try_files and use if instead (even if evil…) it should work!
server
{
listen [::]:80;
server_name example.com;
root /var/www/html;
location /forum/
{
alias /path/to/htdocs/phpbb/;
index index.php index.html;
location ~ "^(/forum/)(.+\.php)(/.+){0,1}$"
{
if (!-f $document_root$2)
{
return 404;
}
fastcgi_index index.php;
include fastcgi.conf;
fastcgi_param SCRIPT_FILENAME $document_root$2;
fastcgi_param SCRIPT_NAME $1$2;
fastcgi_param PATH_INFO $3;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
}
}
phpinfo() looks fine, but one question remains: Is it secure?