Nginx -- Further configuration required - nginx

I'm a complete nginx noob, so I apologize in advance for whatever necessary details I'm leaving out of this question.
I've got my server set up, and my localhost is displaying the "Welcome to nginx!" page, when I've set my nginx.conf file root to my desired path (which is not the nginx welcome page).
Here's my nginx.conf:
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 8080;
server_name 0.0.0.0;
location ~ /devices/(.+) {
include fastcgi_params;
proxy_pass http://127.0.0.1:5000/$1;
}
location ~ /surveyapp/(.+) {
include fastcgi_params;
proxy_pass http://127.0.0.1:5000/$1;
}
location / {
root /Users/ryanyoung/Desktop/website/public;
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
error_page 405 =200 $uri;
}
location ~* \.php$ {
include /usr/local/etc/nginx/fastcgi_params;
fastcgi_index index.php;
fastcgi_param DOCUMENT_ROOT /Users/ryanyoung/Desktop/website/public;
fastcgi_param SCRIPT_FILENAME /Users/ryanyoung/Desktop/website/public/index.php;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param CI_URI_PROTOCOL "REQUEST_URI";
fastcgi_pass unix:/usr/local/var/run/php5-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_read_timeout 1800;
}
}
include servers/*;
}
Since my root path is definitely correct, my only guess is this has something to do with fastcgi_params? This file is nowhere to be found, and the above path that is referenced (/usr/local/etc/nginx/fastcgi_params) does not exist.
I used homebrew to install nginx, so its location is /opt/homebrew/bin. that directory holds nginx and nginx.conf, but no fastcgi_params (and also no fcgi.conf). I've tried every other path I could think of, and I'm fairly certain that fastcgi doesn't exist on my machine.
Not even sure if that's the issue. Any insight would be appreciated!

Related

NGINX - Allow any location and alias

I'm looking to make Nginx allow any subfolder to redirect to a specific directory, but store the chosen subfolder in a header.
So for example I have this at the moment which works:
location ^~ /AhRnfKlM {
alias /var/www/html/admin;
index index.php index.html index.htm;
location ~ \.php$ {
limit_req zone=one burst=8;
try_files $uri =404;
fastcgi_index index.php;
fastcgi_pass php;
include fastcgi_params;
fastcgi_buffering on;
fastcgi_buffers 96 32k;
fastcgi_buffer_size 32k;
fastcgi_max_temp_file_size 0;
fastcgi_keep_conn on;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
}
So if I go to http://website.com/AhRnfKlM/index.php it'll work no problem, but what I want is for me to be able to pick any subfolder such as http://website.com/test123/index.php and it will still alias correctly, but store test123 as a header such as X-AuthCode, which I can read in PHP, check against a mysql database of allowed authentication codes and decide what to do from there. This way I can have specific access codes for specific admins or allow one time access codes to exist without modifying NGINX with new aliases.
I've tried various things with regex such as:
location ~ ^(/[^/]+) {
alias /var/www/html/admin;
add_header X-AuthCode $1;
index index.php index.html index.htm;
location ~ \.php$ {
limit_req zone=one burst=8;
try_files $uri =404;
fastcgi_index index.php;
fastcgi_pass php;
include fastcgi_params;
fastcgi_buffering on;
fastcgi_buffers 96 32k;
fastcgi_buffer_size 32k;
fastcgi_max_temp_file_size 0;
fastcgi_keep_conn on;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
}
But can't get it to work! I just get 403 forbidden.
Entire server block (after Ivan's suggestion):
server {
listen 80;
location ~ ^/(?<authcode>[^/]+) {
alias /var/www/html/admin;
index index.php index.html index.htm;
location ~ \.php$ {
limit_req zone=one burst=8;
try_files $uri =404;
fastcgi_index index.php;
fastcgi_pass php;
include fastcgi_params;
fastcgi_buffering on;
fastcgi_buffers 96 32k;
fastcgi_buffer_size 32k;
fastcgi_max_temp_file_size 0;
fastcgi_keep_conn on;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param AUTHCODE $authcode;
}
}
}
Thank you :)
With add_header directive you are adding X-AuthCode header to the nginx response to the user browser after the response was received by nginx from your PHP backend. What you should do instead is to pass your URI prefix with a fastcgi_param directive to your PHP backend, e.g.
location ~ ^/(?<authcode>[^/]+) {
...
location ~ \.php$ {
...
fastcgi_param AUTHCODE $authcode;
...
and then check the $_SERVER['AUTHCODE'] content.
But this does not answer the question why do you receive 403 HTTP error. I think there are other locations in your config that can catch a request before this location did it. Can you test only this location without any others? If your first example works, this one should work too.

php7.0 + nginx makes 404 page error

In AWS EC2 Instance, I make web environment using php7.0 and nginx.
And this makes 404 page error.
HTML Extension page is work well, but not on php.
in default.conf
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/log/host.access.log main;
location / {
root /var/www;
index index.php index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/error;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
root /var/www;
fastcgi_intercept_errors on;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
in fastcgi_params
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
and in nginx.conf
user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
Whole environment is Nginx + php7.0 + mariaDB on AWS EC2 Instance.
I can't find what is wrong...
I will post this as an answer, but I am unfamiliar with php7 and AWS EC2.
You seem to have an inconsistency in your nginx configuration.
This block:
location / {
root /var/www;
index index.php index.html index.htm;
}
tells nginx that your files are located below /var/www, so that, for example:
the URI /index.html can be found at /var/www/index.html
the URI /foo/bar.html can be found at /var/www/foo/bar.html
The index directive tells nginx to look for index.php (etc.), also below /var/www. However, any URI ending with .php is processed by a different location block.
The block:
location ~ \.php$ {
root /var/www;
fastcgi_intercept_errors on;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi_params;
}
is intended to process .php URIs. Now, unless your architecture is special, the SCRIPT_FILENAME parameter passes the location of the file from nginx to the php subsystem. And on most systems, the value of $document_root$fastcgi_script_name is used which means that:
the URI /index.php can be found at /var/www/index.php
the URI /foo/bar.php can be found at /var/www/foo/bar.php
Assuming that root is set to /var/www.
In your configuration file, you are setting root in the location ~ \.php$ block but not using it. The root directive sets the value of $document_root.
There are other issues, but the important one is that (unless you are using a special architecture) the value of SCRIPT_FILENAME should be:
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
You should place include fastcgi_params; before any fastcgi_param directive to avoid the included file silently overwriting the desired value.

Nginx "invalid number of arguments in "try_files" directive..." for PHP security

I'm trying to get Nginx running from source in the user folder of my shared host with debian-style directory structure. I'm getting an error when I try to start the server up:
[emerg] invalid number of arguments in "try_files" directive in /home/.../nginx/conf/sites-enabled/default:11
The line referenced is the PHP execution protection from the Nginx pitfalls page. Here are my config files:
nginx.conf:
worker_processes 1;
events {
worker_connections 1024;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
client_max_body_size 5m;
include /home/hittingsmoke/nginx/conf/mime.types;
default_type application/octet-stream;
gzip on;
gzip_disable \"msie6\";
include /home/hittingsmoke/nginx/conf/sites-enabled/*;
}
...and sites-available/default:
server {
listen 12513;
root /home/hittingsmoke/nginx/html/;
index index.php index.html index.htm;
server_name _;
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/home/hittingsmoke/php-5.3/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
I can't find anything wrong with my configs. My setup is almost identical to a working installation on an Ubuntu box I'm running. What am I doing wrong?
EDIT: Upon further testing, this only happens when I'm using a sites-available setup with an include in nginx.conf. If I copy/paste the contents of my sites-available/default into my nginx.conf everything works fine.
EDIT2: As mentioned, if I removed try_files from the vhosts file it fails again with the same error on fastcgi_params. Here is the contents of my fastcgi_params file. It is all default:
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
EDIT3: I made a slight mistake. It's fastcgi_param, not fastcgi_param*s* where the error contiunes after removing the try_files directive.
Nginx tries to explain that the try_files directive needs at least two paths:
try_files /path1$uri /path2$uri ...
Use either /dev/null as a simple work-around:
try_files $uri /dev/null =404;
Or a named location that allows for more customization:
try_files $uri #error
...
location #error {
...
}
Not sure if this is your issue, but I've got my try_files outside the PHP location block:
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
....
}

How to setup php to run from a single location in Nginx

I've been struggling with this for some time now. I want to setup a Wordpress blog to run from a "/blogname" path on a server instead of the root. I also want the path to have a different name then the directory where the Wordpress scripts are since the server itself will run django.
I have Nginx as a reverse proxy and I set up php-fpm to run the wordpress. Here's my Nginx configuration file:
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
#tcp_nopush on;
#gzip on;
server {
root /Users/username/Dev/Wordpress/;
index index.php index.html index.htm;
listen 8080;
server_name localhost;
# Do not serve hidden files
location ~ /\. {
access_log off;
log_not_found off;
deny all;
}
# Static files
location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
expires max;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
# This is the problem
location /blogname {
try_files $uri $uri/ /index.php;
rewrite /blogname(.*) /blog$1 last;
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /Users/username/Dev/Wordpress/blog$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
}
}
Right now when I visit localhost:8080/blogname I just download the index.php script instead of executing it.
Other tips are also welcome.
Replace this
location /blogname {
try_files $uri $uri/ /index.php;
rewrite /blogname(.*) /blog$1 last;
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /Users/username/Dev/Wordpress/blog$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
with this
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_intercept_errors on;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi.conf;
}
I hope this should work for you because this is what I use for my local server.

Config assistance with nginx & php5-fpm on ubuntu

I am trying to configure nginx with php-fpm (php v 5.3.5) on ubuntu 11. Both nginx and php5-fpm are set to run as www-data. nginx appears to serve html files but php files are not being served (log files generate a 404 error). php5-fpm is running and listening on the same port that nginx is attempting to connect on (9000). Config files are copied below. Files are located in /var/www (www-data has read/write access to all files within that directory).
How can I go about troubleshooting this issue in order to figure out whether php5-fpm is even properly receiving the request from nginx and whether it is unable to process the request because of incorrect privileges/incorrect config file location.
Any help would be appreciated.
nginx.conf file:
user www-data;
worker_processes 4;
pid /var/run/nginx.pid;
events {
worker_connections 768;
}
http
{
include mime.types;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
gzip_comp_level 2;
gzip_proxied any;
gzip_http_version 1.1;
gzip_buffers 16 8k;
gzip_types text/plain text/css text/javascript application/json application/x-javascript text/xml application/xml application/xml+rss;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
default file in sites (enabled/available) folder:
default
server
{
listen 80;
server_name localhost;
access_log /var/log/nginx/localhost.access.log;
location / {
root /var/www;
index index.html index.php;
try_files $uri $uri/ /index.php?q=$uri&$args;
}
location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|xml)$ {
access_log off;
expires 30d;
root /var/www;
}
## Disable viewing .htaccess & .htpassword
location ~ /\.ht {
deny all;
}
include php.conf;
}
php.config file in nginx directory:
fastcgi_intercept_errors on;
location ~ \.php$
{
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT /var/www;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_read_timeout 600; # Set fairly high for debugging
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
}
log file output for php5-fpm:
configuration file /etc/php5/fpm/main.conf test is successful
log file output from nginx:
"GET /index.php HTTP/1.1" 404 31 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
aTo answer the original question. In you vhost configuration a part is missing, telling nginx what to do with the PHP files.
Example:
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME PATH_TO_YOUR_WEBSITE_ROOT$fastcgi_script_name;
}
You could also look at https://www.digitalocean.com/community/articles/how-to-install-linux-nginx-mysql-php-lemp-stack-on-ubuntu-12-04 and if you plan to run multiple vhosts https://www.digitalocean.com/community/tutorials/how-to-optimize-nginx-with-php-pools-on-an-ubuntu-13-04-vps
Both tutorials show in a good way how to setup everything.
You're missing a bit in your server block that is meant to pass php files over php5-fpm.
e.g.
location ~ .php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www$fastcgi_script_name;
}
To write a new server block (the bit in /site-enabled), try using this tool.

Resources