When I try to upload a file to my site, I'm getting the Nginx "413 Request Entity Too Large" error, however in my nginx.conf file I've already explicitly stated the max size to be about 250MB at the moment, and changed the max file size in php.ini as well (and yes, I restarted the processes). The error log gives me this:
2010/12/06 04:15:06 [error] 20124#0:
*11975 client intended to send too large body: 1144149 bytes, client:
60.228.229.238, server: www.x.com, request: "POST
/upload HTTP/1.1", host:
"x.com", referrer:
"http://x.com/"
As far as I know, 1144149 bytes isn't 250MB...
Is there something I'm missing here?
Here's the base Nginx config:
user nginx;
worker_processes 8;
worker_rlimit_nofile 100000;
error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
client_max_body_size 300M;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
gzip on;
gzip_static on;
gzip_comp_level 5;
gzip_min_length 1024;
keepalive_timeout 300;
limit_zone myzone $binary_remote_addr 10m;
# Load config files from the /etc/nginx/conf.d directory
include /etc/nginx/sites/*;
}
And the vhost for the site:
server {
listen 80;
server_name www.x.com x.com;
access_log /var/log/nginx/x.com-access.log;
location / {
index index.html index.htm index.php;
root /var/www/x.com;
if (!-e $request_filename) {
rewrite ^/([a-z,0-9]+)$ /$1.php last;
rewrite ^/file/(.*)$ /file.php?file=$1;
}
location ~ /engine/.*\.php$ {
return 404;
}
location ~ ^/([a-z,0-9]+)\.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
}
Not knowing the version of your nginx build and what modules it was built with makes this tough, but try the following:
Copy your client_max_body_size 300M; line into the location / { } part of your vhost config. I'm not sure if it's overriding the default (which is 1 MB) properly.
Are you using nginx_upload_module? If so make sure you have the upload_max_file_size 300MB; line in your config as well.
My setup was:
php.ini
...
upload_max_filesize = 8M
...
nginx.conf
...
client_max_body_size 8m;
...
The nginx showed the error 413 when it was uploaded.
Then I had an idea: I will not let nginx show the error 413, client_max_body_size set to a value greater than upload_max_filesize, thus:
php.ini
...
upload_max_filesize = 8M
...
nginx.conf
...
client_max_body_size 80m;
...
What happened?
When you upload smaller than 80MB nginx will not display the error 413, but PHP will display the error if the file is up to 8MB.
This solved my problem, but if someone upload a file larger than 80MB error 413 happens, nginx rule.
I also add that you could define it in the *.php location handler
location ~ ^/([a-z,0-9]+)\.php$ {
Being the "lower" one in the cascading level, it would be an easy way to see if the problem comes from your nginx config or modules.
It sure doesn't come from PHP because the 413 error "body too large" is really a NGinx error.
Try the following steps to resolve the error.
Open the Nginx configuration file (nginx.conf) in a text editor.
$ sudo nano /etc/nginx/nginx.conf
Add the directive client_max_body_size under the http block:
http {
# Basic Settings
client max body size 16M;
...
}
Open nginx default file in a text editor
$ sudo nano /etc/nginx/sites-enabled/default
Add the directive client_max_body_size under location block.
location / {
...
client_max_body_size 100M;
}
Restart Nginx using the following command.
$ sudo systemctl restart nginx
Optional:
If you have a time-consuming process running on the backend server then you have to adjust the timeout attribute of the server to avoid 504 timeout error.
Open the Nginx default file in a text editor
$ sudo nano /etc/nginx/sites-enabled/default
Add the directives proxy_connect_timeout, proxy_send_timeout proxy_read_timeout under the location block:
location /api {
client_max_body_size 100M;
proxy_connect_timeout 6000;
proxy_send_timeout 6000;
proxy_read_timeout 6000;
proxy_pass http://localhost:5001;
}
Restart Nginx using the following command.
$ sudo systemctl restart nginx
Related
I am hosting multiple php slim applications on the same server. They are located at the path apis/'tier'/'organization'/'appName'/'version' so for example apis/FreeTierSmall/master/exampleApp/v1.
I am using Nginx with php-fpm and am getting a very weird bug. I am trying to redirect any requests that start with apis/master/ to apis/FreeTierSmall/master. I've turned on the Nginx rewrite_log and can see that the files get redirected correctly. I get the correct result if I try apis/FreeTierSmall/master/example/v1. However, I get a 404 error if I try apis/master/example/v1 which redirects to the same php file. I know the redirect is working because I can see it in the logs. It seems that there is some problem with php-fpm. I am adding a header to the php-fpm execution so I know that it is calling the correct script. For some reason though a request of the same file is producing a 404 error in one case and not the other.
Is there some parameter that could cause the same file passed to fpm to work in one instance and not the other?
Here is my nginx configuration:
worker_processes 1;
pid /run/nginx.pid;
user nginx www-data;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main_timed '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$request_time $upstream_response_time $pipe $upstream_cache_status'
'FPM - $document_root - $fastcgi_script_name > $request';
access_log /var/log/nginx/access.log main_timed;
# error_log /dev/stderr notice;
error_log /var/log/nginx/error.log debug;
# error_log above can be debug
rewrite_log on;
keepalive_timeout 65;
server {
listen [::]:80 default_server;
listen 80 default_server;
server_name _;
sendfile off;
root /var/www/html;
index index.php index.html;
error_page 404 /404.html;
# NOTE: Once you use last, that is the last redirect you can do. You must find the file after that.
# HEALTH CHECK
location /apis/FreeTierSmall/elb-status {
access_log off;
return 200 'A-OK!';
# because default content-type is application/octet-stream,
# browser will offer to "save the file"...
# the next line allows you to see it in the browser so you can test
add_header Content-Type text/plain;
}
# NORMAL API PATHS
location /apis/ {
#rewrite the old apis
rewrite ^/apis/master/([\w-]+)/([\w-]+)(.*)$ /apis/FreeTierSmall/master/$1/$2/api.php$3 last;
rewrite ^/apis/interfaceop/([\w-]+)/([\w-]+)(.*)$ /apis/FreeTierSmall/interfaceop/$1/$2/api.php$3 last;
# add api.php to the path of the file
rewrite ^/apis/([\w-]+)/([\w-]+)/([\w-]+)/([\w-]+)(.*)$ /apis/$1/$2/$3/$4/api.php$5 last;
}
# ANY OTHER FILES
location / {
# try to serve the file, the directory, or a 404 error
add_header X-debug-message-2 "A static file was served or 404 error $uri" always;
try_files $uri $uri/ /robots.txt; # Need to change back to =404
}
# ERRORS
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/lib/nginx/html;
}
# PHP FILES
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php {
add_header X-debug-message-5 "fastCGI -> .php $document_root$fastcgi_script_name" always;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_read_timeout 300;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
# SECURITY CONCERNS
# deny access to . files, for security
location ~ /\. {
log_not_found off;
deny all;
}
}
}
Turns out, the issue is that the URI of the request doesn't get changed with rewrite. Slim was providing the 404 error because the route didn't exist, and the route didn't exist because the URI never got changed by rewrite. So, rewrite doesn't actually change the request parameters it's just used to decide what file is going to be served. This is ok for most use cases but horrible for apis... a very odd error to debug. Good luck whoever runs into this in the future.
The solution: use proxy_pass.
location /apis/master/ {
# Reroutes /apis/master/* to /apis/FreeTierSmall/master/* correctly!
proxy_pass http://localhost:80/apis/FreeTierSmall/master/;
}
I have a hybrid php/Rails app sitting on one AWS ec2 server. I am hosting a Mediawiki installation and using Rails as a frontend to it. For the Rails app, I am using Passenger as a server. I would like location / to serve the Rails app, and anything at location /w or any .php files to be served by Mediawiki (php5-fpm).
I used to have a working configuration, but it was hacked together and I would like to refactor it.
My current working implementation gives me a 403 Forbidden error when I try to access the Rails app at /.
The error I get (from rails_error.log): 2017/10/24 20:08:31 [error] 14947#14947: *2 directory index of "/var/www/myapp/public/" is forbidden, client: xx.yy.zz.aa, server: myapp.amazonaws.com, request: "GET / HTTP/1.1", host: "myapp.amazonaws.com"
I would like to be able to access only the Rails app at / for now; I am not focused on the php5-fpm configurations yet.
Here are my .conf files:
sites-available/myapp.conf:
fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=mw_cache:10m max_size=10g inactive=60m use_temp_path=off;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
server {
listen 80;
listen [::]:80 ipv6only=on default_server;
server_name myapp.com;
charset utf-8;
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
root /var/www/myapp/public;
passenger_enabled on;
location /w {
alias /var/www/mediawiki-1.28.0;
index index.php index.html index.htm;
charset utf-8;
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_cache mw_cache;
fastcgi_cache_valid 200 60m;
try_files $uri /index.php =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:7777;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
error_log /var/log/nginx/mediawiki_error.log;
access_log /var/log/nginx/mediawiki_access.log;
}
error_log /var/log/nginx/rails_error.log;
access_log /var/log/nginx/rails_access.log;
}
nginx.conf:
user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
passenger_root /home/ubuntu/.rvm/gems/ruby-2.3.1#myapp/gems/passenger-5.1.1;
passenger_ruby /home/ubuntu/.rvm/gems/ruby-2.3.1#myapp/wrappers/ruby;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
I have a suspicion it has to do with how Passenger is installed or running, or it could be that I am running Passenger not as www-data but as ubuntu.
/var/www/myapp/ is also owned by ubuntu, though I have tried chown -R www-data /var/www/myapp and chown -R ubuntu:www-data /var/www/myapp to no avail.
Does anyone have any pointers from here?
Thanks.
Your config works for me: the app is started successfully, at least, if I start Nginx as root (how it usually is done).
Note that the user directive from your config tells Nginx what user to run its workers as, it does not specify what user to run the Passenger core as (that is inherited from what Nginx was started with).
My pointers would be as follows:
Usually the first thing to do is to check the logs.
Your config declares logfiles, but doesn't set the top level error log, so you're missing the Passenger log output.
To solve this, move the error_log /var/log/nginx/error.log; to above the http { line in your nginx.conf.
If needed, you can also set passenger_log_level 7; (in the http block) to get very detailed logs.
By changing the log level and observing the result you can also ensure that the config you think is being used, is actually the one that is used, on the URL that you are querying (i.e. you can see requests coming in).
Passenger has some troubleshooting tools, e.g. passenger-status can be used to inspect if it's running successfully. Note that you haven't declared a passenger_pre_start url, so your app won't be started by Passenger until the first request is routed to it.
I'm new to all of this, but can't keep my newly spun micro ec2 server up and running (running wordpress). The PHP-FPM log only has this with logging set to debug.
[17-Oct-2016 15:46:38] NOTICE: configuration file /etc/php5/fpm/php-fpm.conf test is successful
My nginx log is continuously filling with errors trying to connect to php5-fpm.sock (hundreds of entries per minute even though there is no one else accessing the site).
2016/10/17 16:32:16 [error] 26389#0: *7298 connect() to unix:/var/run/php5-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client: 191.96.249.80, server: mysiteredacted.com, request: "POST /xmlrpc.php HTTP/1.0", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "removed"
After restarting nginx and PHP-FPM the site works for a few minutes before throwing 502 Bad Gateway errors until I restart them both again.
I don't know where to begin with this. Here is my nginx config file:
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
port_in_redirect off;
gzip on;
gzip_types text/css text/xml text/javascript application/x-javascript;
gzip_vary on;
include /etc/nginx/conf.d/*.conf;
}
Which also include this file in the /conf.d folder:
server {
## Your website name goes here.
server_name mysiteredacted.com www.mysiteredacted.com;
## Your only path reference.
root /var/www/;
listen 80;
## This should be in your http block and if it is, it's not needed here.
index index.html index.htm index.php;
include conf.d/drop;
location / {
# This is cool because no php is touched for static content
try_files $uri $uri/ /index.php?q=$uri&$args;
}
location ~ \.php$ {
fastcgi_buffers 8 256k;
fastcgi_buffer_size 128k;
fastcgi_intercept_errors on;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# fastcgi_pass unix:/dev/shm/php-fpm-www.sock;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
location ~* \.(css|js|png|jpg|jpeg|gif|ico)$ {
expires 1d;
}
}
The second file has this line:
fastcgi_pass unix:/var/run/php5-fpm.sock;
If that file does not exist it will throw this error.
Check this previous question: How to find my php-fpm.sock?
After hours of searching I finally figured it out.. Turns out it's some sort of brute force attack on /xmlrpc.php as indicated by the thousands of requests of "POST /xmlrpc.php HTTP/1.0".
It's a common WordPress attack. Thanks all.
Iv'e setup an Nginx php server on a linux REHL machine.
When accessing html files all goes well, but trying to access php file, the file is downloaded instead of being executed.
This is my nginx.conf:
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
...and this is the server block:
server {
listen 80;
server_name {mywebsitename};
#access_log logs/host.access.log main;
location / {
root /usr/share/nginx/html/{mywebsitename}/;
}
location /ngx_status_2462 {
stub_status on;
access_log off;
allow all;
}
location ~ \.php$ {
# fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html/{mywebsitename}$fastcgi_script_name;
include fastcgi_params;
}
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
It might be because of the mimetype you're sending:
default_type application/octet-stream;
See: http://mimeapplication.net/octet-stream
I just had this exact same problem. I was using Ubuntu 12.04 and Linux Mint 14 so different OS but likely to have the same issues.
A couple of issues may happening. Firstly, you need to have php5-fpm installed (FastCGI Process Manager). I was trying to run it with my standard version of PHP but it was not working - http://www.php.net/manual/en/install.fpm.php
I also had Apache installed, and even if it weren't running it must have had some conflict because once I uninstalled Apache I was able to execute the PHP files.
I would also look at this line
fastcgi_pass 127.0.0.1:9000;
And consider changing it to
fastcgi_pass unix:/var/run/php5-fpm.sock;
Here is a detailed guide to installation of Nginx and PHP5-FPM for RHEL (and other OS's)
http://www.if-not-true-then-false.com/2011/install-nginx-php-fpm-on-fedora-centos-red-hat-rhel/
You need to change the user to nginx instead of apache in this file a/etc/php-fpm.d/www.conf
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
; RPM: apache Choosed to be able to access some dir as httpd
;user = apache
user = nginx
; RPM: Keep a group allowed to write in log dir.
;group = apache
group = nginx
and of course restart service php-fpm restart and service nginx restart
Comment out default_type application/octet-stream;
I got server setup with nginx+php-fpm and mysql.
I have another server with only installed php-fpm, so wanted to use as load balance.
But when I am using this dedacted server with php-fpm as load balancer, I got error when opening page: "Access denied."
/etc/nginx/nginx.conf
user www-data;
worker_processes 3;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 64;
access_log /var/log/nginx/access.log;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
tcp_nodelay on;
#gzip on;
upstream php {
server dedicatedserverip:9000;
}
include /etc/nginx/sites-enabled/*;
}
/etc/nginx/sites-enabled/site.org.conf
server {
listen 81;
server_name site.org www.site.org;
access_log /var/log/nginx/site.org.log;
error_log /var/log/nginx/site.org.log;
root /home/www/site.org;
index index.php;
location ~ .php$ {
fastcgi_pass php;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /home/www/$fastcgi_script_name;
}
}
Why I got this error? When I change only the fastcgi_pass to 127.0.0.1:9000 - all work fine.
If it's a blank page with "Access denied" on it, it's caused by security.limit_extensions directive that has been added to php-fpm.
If you don't have it in your php-fpm configuration, it defaults to .php and prevents all other file types from being parsed by the PHP interpreter producing "Access denied" when trying to do so.
You received that error because the files PHP-FPM don't exist on the PHP-FPM server.
fastcgi_param SCRIPT_FILENAME /home/www/$fastcgi_script_name;
or (I use this because it's simpler for multiple vhosts)
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
It seems Nginx simply provides the PHP-FPM server with the location of the file, and the PHP-FPM server then renders it. The simplest solution is to rsync the document root to the PHP-FPM server.
This post can explain details: http://code.google.com/p/sna/wiki/NginxWithPHPFPM