I have the following domain:
https://example.com
I want, when the following /path/ is hit:
https://example.com/path/subpath/?param1=value1¶m2=value2
the content from this url to be served:
https://example.com/subpath/?param1=value1¶m2=value2
without performing a redirect.
I have tried using an alias like this:
location /path/ {
alias /home/forge/example.com/current/;
}
where current is a symlink pointing to the latest release:
current -> /root/example.com/releases/timestamp/
But it doesn't work. it gives 404.
How can I achieve this?
The entire server block:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
server_tokens off;
root /home/forge/example.com/current;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
location /path/ {
alias /home/forge/example.com/current/;
}
location / {
gzip_static on;
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log /var/log/nginx/example.com-access.log;
error_log /var/log/nginx/example.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
gzip on;
}
I don't see any reason why
rewrite ^/path(/.*) $1;
didn't work as expected. But if you want to use an alias solution instead, you should take into account that regex matching locations have a greater priority than prefix ones and any request for /path/subpath/index.php would be processed by location ~ \.php { ... } rather than location /path/ { ... }. You can override this with ^~ location modifier using a second nested PHP handler:
location ^~ /path/ {
alias /home/forge/example.com/current/;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}
Related
I simply want to allow my static ip & ipv6 to have access to folder and its content and deny to all
here is the config I have.
location ~ /(wp-admin\/|wp-login\.php) {
allow 72.1.1.1;
allow 2400:abcd:1234:1234:1234:1234:1234:ba4b;
deny all;
}
If I remove the ipv6 line its works fine and return 403 forbidden on folder and files.
But with ipv6 it starts downloading every url I hit valid or not.
Error: You have choose to open - application/octet-stream (7.0 KB)
What am I missing, please guide.
Edit: server block
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.mysite.com;
server_tokens off;
root /home/wwwadt/www.mysite.com/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/www.mysite.com/1048699/server.crt;
ssl_certificate_key /etc/nginx/ssl/www.mysite.com/1048699/server.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS_AES_256_GCM_SHA384:TLS-AES-256-GCM-SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log /var/log/nginx/www.mysite.com-access.log;
error_log /var/log/nginx/www.mysite.com-error.log error;
error_page 404 /index.php;
# New changes as per Richard's instructions
location ~ ^/(wp-admin|wp-login\.php) {
allow 72.1.1.1;
allow 2400:abcd:1234:1234:1234:1234:1234:1234;
deny all;
# also tried this to serve but no luck
try_files $uri $uri/ /index.php?$query_string;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.4-fpm-wwwadt.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.4-fpm-wwwadt.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
The protected location block needs to include the necessary statements to execute PHP scripts.
For example:
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ ^/(wp-admin|wp-login\.php) {
allow 72.1.1.1;
allow 2400:abcd:1234:1234:1234:1234:1234:1234;
deny all;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.4-fpm-wwwadt.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.4-fpm-wwwadt.sock;
fastcgi_index index.php;
include fastcgi_params;
}
PHP only expects to see URIs which end with .php, so the location ~ \.php$ block is included as a nested location.
All my links is redirecting to root, where I serve the file "index.php".
This is my nginx config :
/etc/nginx/sites-available/myproject.local
server {
listen 80;
listen 444 ssl http2;
server_name .buildurlshortener.local;
root "/home/vagrant/codecourse/buildurlshortener/public";
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/buildurlshortener.local-error.log error;
sendfile off;
client_max_body_size 100m;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors off;
fastcgi_buffer_size 16k;
fastcgi_buffers 4 16k;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
}
location ~ /\.ht {
deny all;
}
ssl_certificate /etc/nginx/ssl/buildurlshortener.local.crt;
ssl_certificate_key /etc/nginx/ssl/buildurlshortener.local.key;
}
If I make a post request to "http://myproject.local/something", it works.
But a post request to the root, i.e. http://myproject.local, is not working.
I get "405 Not Allowed" from nginx.
If I add a rule with "location ~ { ... }", then I can post to "http://myproject.local". But now it is "http://myproject.local/something" that is not working.
How can I also serve "index.php" from the root ("/"), without breaking my other routes ?
One of the causes of message "405 Not Allowed" is that nginx can't serve static content on POST-request. Could you show config more detailed?
To this line :
location ~ .php$
I appended |/$ :
location ~ .php$|/$
So that it can also accept an empty query.
Now I can use post requests to "myproject.local", "myproject.local/index.php", ""myproject.local/someroute".
I'm attempting to link a particular subdirectory of my existing laravel site over to a wordpress installation. For some reason the root works, but all subdirectories of the root of the wordpress are not pointing to that folder.
I've attempted to add in wild cards to the location that is pointing over, but it doesn't seem to want to pick it up.
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name .swyftfilings.us;
root /home/forge/swyftfilings.us/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/swyftfilings.us/457933/server.crt;
ssl_certificate_key /etc/nginx/ssl/swyftfilings.us/457933/server.key;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/swyftfilings.us/server/*;
location /learning-center {
alias /home/forge/learning-center/public;
try_files $uri $uri/ /index.php?$query_string;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/swyftfilings.us-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/swyftfilings.us/after/*;
Expected the url sub directory /learning-center/{anything here} to search within the 'learning-center/public' directory, however only /learning-center does.
EDIT: It looks like it will work, but only with files ending in .php
I'm using Nginx as a web server for my site.
My goal is to enable caching on my site so my site can load faster.
I've tried added
proxy_cache one;
Nginx Config File
server {
listen 80 default_server;
server_name default;
root /home/forge/web-app/public;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
index index.html index.htm index.php;
charset utf-8;
location ~* \.html$ {
expires -1;
}
location / {
try_files $uri $uri/ /index.php?$query_string;
#configure cache
proxy_cache one; <----------------------------- Added HERE
proxy_cache_valid any 1m;
}
location ~* \.(css|js|gif|jpe?g|png)$ {
expires 168h;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/default-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
#configure cache
proxy_cache one;
proxy_cache_valid any 1m;
}
location ~ /\.ht {
deny all;
}
}
How do I properly enable HTTP cached in Nginx, and test my work ?
Any hints / suggestions will be much appreciated !
You need to define this cache zone first using proxy_cache_path. Here's the tutorial.
So I have decided to do two kind of wrong, slightly inspired by Troy Hunt.
I would like my API to accept version specification through Accept header but also in the URL, e.g. /v1.
For now, I have made an nginx config which works with Accept header, but trying out various methods, I have not been able to get the /v1
What I want to achieve is that the URL passed to my application, does not include the version part as the role of the version is simply to point at a root directory.
map $http_accept $api_version {
default 0;
"application/vnd.it.echo.api+json; version=1" "v1";
}
server {
listen 80;
server_name api.app;
index index.html index.htm index.php;
charset utf-8;
sendfile off;
rewrite_log on;
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
location / {
if ($api_version = 0) {
return 307 https://echo.it;
}
try_files $uri $uri/ #api;
}
location /v1 {
set $api_version "v1";
rewrite ^/.+/(.+)$ /$1 last;
}
location #api {
root /home/vagrant/api/$api_version/public/;
error_log /var/log/nginx/api.$api_version.app-error.log error;
try_files $uri $uri/ /index.php?$query_string;
}
error_page 404 /index.php;
location ~ \.php$ {
root /home/vagrant/api/$api_version/public/;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
The problem appears to be with the rewrite rule in the /v1 location directive not taking effect.