NGINX Rewrite rules for WordPress Multisite in a subfolder - wordpress

I have a unique setup with a WordPress install in the main root and a second WordPress install (multisite) in a sub folder.
/sites/example.com/files/[WP Site example.com]
/sites/example.com/files/demo [WP Multisite example.com/demo]
The main site is working well but the multisite isn't.
When I request a multisite (example.com/demo/site1) it I get 404's in the console (example.com/demo/site1/style.css = 404)
Here is my conf.
map $uri $blogname{
~^(?P<blogpath>/[^/]+/)files/(.*) $blogpath ;
}
map $blogname $blogid{
default -999;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
root /sites/example.com/files/;
index index.html index.php;
access_log /sites/example.com/logs/access.log;
error_log /sites/example.com/logs/error.log;
# MIME sniffing prevention
add_header X-Content-Type-Options "nosniff";
# Enable cross-site scripting filter in supported browsers.
add_header X-Xss-Protection "1; mode=block";
# WP Multisite start
location ~ ^(/[^/]+)?/files/(.+) {
try_files /wp-content/blogs.dir/$blogid/files/$2 /wp-includes/ms-files.php?file=$2 ;
access_log off; log_not_found off; expires max;
}
#avoid php readfile()
location ^~ /blogs.dir {
internal;
alias /sites/example.com/files/demo/wp-content/blogs.dir ;
access_log off; log_not_found off; expires max;
}
if (!-e $request_filename) {
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
rewrite ^(/[^/]+)?(/wp-.*) $2 last;
rewrite ^(/[^/]+)?(/.*\.php) $2 last;
}
location /demo {
#alias /sites/example.com/files/demo/;
try_files $uri $uri/ /demo/index.php?$args;
}
# WP Multisite end
# Prevent access to hidden files
location ~* /\.(?!well-known\/) {
deny all;
}
# Prevent access to certain file extensions
location ~\.(ini|log|conf|blade.php)$ {
deny all;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi.conf;
fastcgi_pass unix:/run/php/php8.0-example.sock;
}
}
Any advice would be greatly appreciated. I've been trying to solve this for about a week.
I've been using this as a guide:
https://www.nginx.com/resources/wiki/start/topics/recipes/wordpress/#rewrite-rules-for-multisite
Thank you!

I commented above and left the link that was helpful in answering my question.
Here is my final nginx config that is working.
map $uri $blogname{
~^(?P<blogpath>/[^/]+/)files/(.*) $blogpath ;
}
map $blogname $blogid{
default -999;
#Ref: http://wordpress.org/extend/plugins/nginx-helper/
#include /var/www/wordpress/wp-content/plugins/nginx-helper/map.conf ;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
root /sites/example.com/files/;
index index.html index.php;
access_log /sites/example.com/logs/access.log;
error_log /sites/example.com/logs/error.log;
# MIME sniffing prevention
add_header X-Content-Type-Options "nosniff";
# Enable cross-site scripting filter in supported browsers.
add_header X-Xss-Protection "1; mode=block";
# WP Multisite start
location ~ ^(/[^/]+)?/files/(.+) {
try_files /wp-content/blogs.dir/$blogid/files/$2 /wp-includes/ms-files.php?file=$2 ;
access_log off; log_not_found off; expires max;
}
#avoid php readfile()
location ^~ /blogs.dir {
internal;
alias /sites/example.com/files/demo/wp-content/blogs.dir ;
access_log off; log_not_found off; expires max;
}
# Rewrite multisite '.../wp-.*' and '.../*.php'.
if (!-e $request_filename) {
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
rewrite ^/demo(/[^/]+)?(/wp-.*) /demo$2 last;
rewrite ^/demo(/[^/]+)?(/.*\.php)$ /demo$2 last;
}
location /demo {
#alias /sites/example.com/files/demo/;
try_files $uri $uri/ /demo/index.php?$args;
}
# WP Multisite end
# Prevent access to hidden files
location ~* /\.(?!well-known\/) {
deny all;
}
# Prevent access to certain file extensions
location ~\.(ini|log|conf|blade.php)$ {
deny all;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi.conf;
fastcgi_pass unix:/run/php/php8.0-example.sock;
}
}

Related

.well-known/acme-challenge/xxxx gives 404 nginx

I manage a wordpress site.
I have below code block in my nginx config file.
server {
listen 443 ssl;
server_name example.com;
client_max_body_size 1000M;
root /var/www/wordpress;
index index.php index.html index.htm;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
proxy_read_timeout 3000;
proxy_connect_timeout 3000;
proxy_send_timeout 3000;
expires 1s;
set $skip_cache 0;
# POST requests and URLs with a query string should always go to PHP
if ($request_method = POST) {
set $skip_cache 1;
}
if ($query_string != "") {
set $skip_cache 1;
}
# Don't cache URIs containing the following segments
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php
|sitemap(_index)?.xml") {
set $skip_cache 1;
}
# Don't use the cache for logged-in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass
|wordpress_no_cache|wordpress_logged_in") {
set $skip_cache 1;
}
location / {
autoindex on;
client_max_body_size 1000M;
try_files $uri $uri/ /index.php$is_args$args;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires 1s;
log_not_found off;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache WORDPRESS;
fastcgi_cache_valid 60m;
fastcgi_cache_lock on;
expires 1s;
add_header X-FastCGI-Cache $upstream_cache_status;
}
location ~ /.well-known {
allow all;
}
location ^~ /.well-known/acme-challenge/ {
allow all;
default_type "text/plain";
try_files $uri =404;
}
}
I created test file in /var/www/wordpress/.well-known/acme-challenge/ folder.
when I load https://example.com/.well-known/acme-challenge it gives me nice 404 from wordpress.
when I load https://example.com/.well-known/acme-challenge/ it gives me below error
404 Not Found
nginx/1.14.0 (Ubuntu)
when I try to load https://example.com/.well-known/acme-challenge/test also it gives me. below 404 error.
404 Not Found
nginx/1.14.0 (Ubuntu)
Because of this my ssl renew fails.
What am I missing here ?

Can't forward images to webp with Nginx using Laravel

I'm trying to forward all jpeg and png images to webp. It's a Laravel project. Most of images in /storage folder as a symlink in public folder. I followed guides and I know a bit regex but I couldn't find any clue what's wrong.
I have webp images in every folder.
path/to/image.jpg
path/to/image.jpg.webp
ngnix.conf file:
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
map $http_accept $webp_suffix {
default "";
"~*webp" ".webp";
}
Server config:
server{
root /var/www/site/public;
server_name example.com www.example.org;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
index index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
location ~* \.(jpg|jpeg|png|webp|gif|ico|css|js)$ {
expires 365d;
}
location ~* ^.+\.(png|jpe?g)$ {
add_header Vary Accept;
try_files $uri$webp_suffix $uri =404;
}
error_page 404 /index.php;
if ($host = example.org) {
return 301 https://www.example.org$request_uri;
} # managed by Certbot
location ~ \.php$ {
include snippets/fastcgi-php.conf;
}
location ~ /\.ht {
deny all;
}
location ~ /\.(?!well-known).* {
deny all;
}
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server{
if ($host = www.example.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name example.org www.example.org;
return 404; # managed by Certbot
}
I don't know what I am doing wrong. Any help will be appreciated thanks.
Regular expression location blocks are evaluated in order until a match is found. See this document for details.
You have two location expressions which match .png, .jpg and .jpeg. You need to remove these from the first expression for the second expression to succeed.
For example:
location ~* \.(gif|ico|css|js)$ {
expires 365d;
}
location ~* \.(png|jpe?g)$ {
expires 365d;
add_header Vary Accept;
try_files $uri$webp_suffix $uri =404;
}

Nginx yii2 configuration

Hi there!
I'am trying to configure Nginx for 2 yii projects, frontend for users and admin for admins with only one domain (no sub domain). I need to configure it in a way such that mydomain.com should refer to frontend and mydomain.com/admin to admin. The problem is I'am being able to configure only one of them at a time, meaning I can use frontend or admin not both of them.
What I have tried
front.conf
server {
listen 80;
server_name api.maim.experiments.uz;
return 301 https://$server_name$request_uri;
}
server {
charset utf-8;
client_max_body_size 128M;
listen 443 ssl;
ssl_certificate_key privkey.pem;
ssl_certificate fullchain.pem;
ssl_protocols TLSv1.2;
set $host_path "/home/itschool/inha_dev/frontend";
server_name api.maim.experiments.uz;
root $host_path/web;
set $yii_bootstrap "index.php";
access_log /var/log/nginx/itschool-access.log;
error_log /var/log/nginx/itschool-error.log;
location / {
index index.html $yii_bootstrap;
try_files $uri $uri/ /index.php;
}
location ~ ^/(protected|framework|themes/\w+/views) {
deny all;
}
location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
try_files $uri =404;
}
location ~ \.php$ {
set $fsn /index.php;
if (-f $document_root$fastcgi_script_name){
set $fsn $fastcgi_script_name;
}
fastcgi_pass 127.0.0.1:9002;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fsn;
}
location ~ /\.(ht|svn|git) {
deny all;
}
location ~* /\. {
deny all;
access_log off;
log_not_found off;
}
}
back.conf
server {
listen 80;
server_name api.maim.experiments.uz;
return 301 https://$server_name$request_uri;
}
server {
charset utf-8;
client_max_body_size 128M;
listen 443 ssl;
ssl_certificate_key privkey.pem;
ssl_certificate fullchain.pem;
ssl_protocols TLSv1.2;
set $host_path "/home/itschool/inha_dev/backend";
server_name api.maim.experiments.uz;
root $host_path/web;
set $yii_bootstrap "index.php";
access_log /var/log/nginx/itschool-access.log;
error_log /var/log/nginx/itschool-error.log;
location ^~ /admin {
alias /home/itschool/inha_dev/backend/web;
if (!-e $request_filename) { rewrite ^ /admin/index.php last; }
location ~ \.php$ {
if (!-f $request_filename) { return 404; }
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_pass 127.0.0.1:9002;
}
}
location ~ /\.(ht|svn|git) {
deny all;
}
location ~* /\. {
deny all;
access_log off;
log_not_found off;
}
}
I found some questions with answers but they didn't work for me, please help.
I have recently use similar configuration to support web application / mobile application and admin panel on single domain
I hope this could help you out. Below is the configuration
server {
listen 80;
set $root /var/www/html/application;
#here we go
#if backend not found in url then set root url
if ($uri !~ "^(.*)/(backend)(.*)") {
set $root /var/www/html/application/frontend/web;
}
# when request is coming from mobile then display mobile site
# you don't need this one, I just written in order to explain the mobile application navigation.
if ($http_user_agent ~* "android|blackberry|googlebot-mobile|iemobile|ipad|iphone|ipod|opera mobile|palmos|webos") {
set $root /var/www/html/application/mobile/web;
}
root $root;
index index.php index.html index.htm index.nginx-debian.html;
server_name your_domain;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
}
location / {
index index.html index.php;
if (!-e $request_filename){
rewrite ^/(.*) /index.php?r=$1 last;
}
}
location ~ /\.ht {
deny all;
}
}
Also have a look in official document of Yii2 to setup yii2-app-advanced on single domain (Apache, Nginx).
CLICK HERE
One more thing that you need to know is if you want to change backend/web to admin then you also have to made some changes in Yii2 application.
One domain will lead all requests to one IP (server). Nginx will use the first server block matching server_name https://nginx.org/en/docs/http/request_processing.html so you need to put all configuration on one file and use location to separate them.
You can move location ^~ /admin at the beginning of the front.conf locations and play with roots;
Or you can create a proxying config file that will contain just a little.
Something like that
location /admin {
proxy_pass http://localhost:8001;
}
location / {
proxy_pass http://localhost:8002;
}
Using the latter one you should change front & back configs to listen to other ports. Also, an SSL certificate was given for a domain, not URL. So you can use it only in the proxying config.
If you follow some of the key instructions from option 1 of Yii2 Single Domain Apache and Nginx you should be able to accomplish what you want.
Per the referenced link, Option 1:
Assuming Linux OS
cd /path/to/project/frontend/web
ln -s ../../backend/web backend
and set your nginx file
server {
charset utf-8;
client_max_body_size 128M;
listen 80; ## listen for ipv4
#listen [::]:80 default_server ipv6only=on; ## listen for ipv6
server_name api.maim.experiments.uz;
root /home/itschool/inha_dev/frontend/web;
index index.php;
access_log /var/log/nginx/itschool-access.log;
error_log /var/log/nginx/itschool-error.log;
location / {
# Redirect everything that isn't a real file to index.php
try_files $uri $uri/ /index.php$is_args$args;
}
# uncomment to avoid processing of calls to non-existing static files by Yii
#location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
# try_files $uri =404;
#}
#error_page 404 /404.html;
# deny accessing php files for the /assets directory
location ~ ^/assets/.*\.php$ {
deny all;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass 127.0.0.1:9000;
#fastcgi_pass unix:/var/run/php5-fpm.sock;
try_files $uri =404;
}
location ~* /\. {
deny all;
}
}
Not: See below link for the Option-2, if the above does not work:
Yii2 Single Domain Apache and Nginx

Redirect non-www to www (https) not working

I am trying to redirect all http and http calls to https:// www.example.com using nginx config file.
The problem is that the redirect do not work for http://example.com ->https://www.example.com
All others work.
server {
listen 80;
server_name example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443;
ssl on;
ssl_certificate /root/www.example.com.crt;
ssl_certificate_key /root/example.com.key;
server_name www.example.com;
add_header Strict-Transport-Security "max-age=31536000";
access_log /var/log/nginx/example.com.access.log;
error_log /var/log/nginx/example.com.error.log;
root /var/www/example.com/htdocs;
index index.php index.html;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ .php$ {
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
}
location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
expires 30d;
add_header Pragma public;
add_header Cache-Control "public";
}
}
You may try these, I guess its about using the exact statements
https://www.rosehosting.com/blog/how-to-redirect-http-traffic-to-https-in-nginx-and-apache/

wordpress nginx - Moved Permanently 301 after migration

{
server {
listen 80;
server_name www.example.com example.com;
return 301 https://www.example.com$request_uri;
}
server { #Redirect https, non-www to https, www
listen 443 ssl spdy;
server_name example.com;
ssl_certificate /var/www/web/example_com.crt;
ssl_certificate_key /var/www/web/www.expample.com.key;
return 301 https://www.example.com$request_uri;
}
server {
# SSL configuration
listen 443 ssl spdy;
server_name www.example.com;
ssl on;
ssl_certificate /var/www/web/example_com.crt;
ssl_certificate_key /var/www/web/www.expample.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # do not use SSLv3 ref: POODLE
root /var/www/web;
client_max_body_size 20M;
index index.php;
location / {
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}
location ~ ^/(protected|framework|themes/\w+/views) {
deny all;
}
#avoid processing of calls to unexisting static files by yii
location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
try_files $uri =404;
}
location #bo {
rewrite ^/bo(.*) /bo/index.php?q=$1;
}
location /bo {
index index.php;
try_files $uri $uri/ #bo;
alias /var/www/web/bo;
}
location #app {
rewrite ^/app(.*) /app/index.php?q=$1;
}
location /app {
index index.php;
try_files $uri $uri/ #app;
alias /var/www/web/app;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
include fastcgi_params;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME /var/www/web$fastcgi_script_name;
}
# prevent nginx from serving dotfiles (.htaccess, .svn, .git, etc.)
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
location ~ /\.ht {
deny all;
}
if (!-e $request_filename) {
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last;
rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 last;
}
}
server {
listen 80;
listen [::]:80;
server_name supp.example.com;
access_log /var/log/nginx/supp.example.com.access.log;
error_log /var/log/nginx/supp.example.com.error.log;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3001;
proxy_redirect off;
}
}
I had a server on OVH and I migrated to azure, inside the app I had a wordpress that is in the main root, a subfolder with an app on Yii2 and another subfolder with an app on CodeIgniter, When I test the config, everything works fine, I used the testnew.example.com for test it, when I do the deploy and use www.example.com, I got Moved permantly 301 on main root (Wordpress site), the rest of apps works good.

Resources