Allowing access to a specific file in location block nginx config - nginx

In my nginx config I have been block all access from my IP however allowed to do that with my localhost. I would like to allow global access to one file of mine xn.php I try to do that with location ^~ /xn.php and it's not working. As well I tried location /xn.php and still fail. How should I do that? I checked a lot documentation however I stuck on it
server {
listen 127.0.0.1:80;
root /var/www/html/;
index /index.php;
server_name localhost;
location / {
deny 77.777.77.0/24;
allow 127.0.0.1;
autoindex on;
index index.php;
try_files $uri /index.html /index.php;
deny all;
}
location ^~ /xn.php {
allow all;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}

With your current configuration xn.php content would be send as HTTP response rather than being interpreted with PHP-FPM. Additionally, any request for PHP file won't be blocked with your deny rule since it won't match the location / { ... } block. You can try this:
server {
listen 80;
root /var/www/html/;
index /index.php;
location / {
allow 127.0.0.1;
deny all;
autoindex on;
index index.php;
try_files $uri /index.html /index.php;
}
location = /xn.php {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location ~ \.php$ {
allow 127.0.0.1;
deny all;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
Update
Since you are listening only on 127.0.0.1 interface this server block won't be reachable from any other host at all. Right configuration for you depends on other server blocks you have in your nginx config.

Update your nginx location config a bit
location /xn.php {
allow all;
autoindex on;
index index.php;
try_files $uri $uri/ /index.php?$args;
}

Related

Nginx yii2 configuration

Hi there!
I'am trying to configure Nginx for 2 yii projects, frontend for users and admin for admins with only one domain (no sub domain). I need to configure it in a way such that mydomain.com should refer to frontend and mydomain.com/admin to admin. The problem is I'am being able to configure only one of them at a time, meaning I can use frontend or admin not both of them.
What I have tried
front.conf
server {
listen 80;
server_name api.maim.experiments.uz;
return 301 https://$server_name$request_uri;
}
server {
charset utf-8;
client_max_body_size 128M;
listen 443 ssl;
ssl_certificate_key privkey.pem;
ssl_certificate fullchain.pem;
ssl_protocols TLSv1.2;
set $host_path "/home/itschool/inha_dev/frontend";
server_name api.maim.experiments.uz;
root $host_path/web;
set $yii_bootstrap "index.php";
access_log /var/log/nginx/itschool-access.log;
error_log /var/log/nginx/itschool-error.log;
location / {
index index.html $yii_bootstrap;
try_files $uri $uri/ /index.php;
}
location ~ ^/(protected|framework|themes/\w+/views) {
deny all;
}
location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
try_files $uri =404;
}
location ~ \.php$ {
set $fsn /index.php;
if (-f $document_root$fastcgi_script_name){
set $fsn $fastcgi_script_name;
}
fastcgi_pass 127.0.0.1:9002;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fsn;
}
location ~ /\.(ht|svn|git) {
deny all;
}
location ~* /\. {
deny all;
access_log off;
log_not_found off;
}
}
back.conf
server {
listen 80;
server_name api.maim.experiments.uz;
return 301 https://$server_name$request_uri;
}
server {
charset utf-8;
client_max_body_size 128M;
listen 443 ssl;
ssl_certificate_key privkey.pem;
ssl_certificate fullchain.pem;
ssl_protocols TLSv1.2;
set $host_path "/home/itschool/inha_dev/backend";
server_name api.maim.experiments.uz;
root $host_path/web;
set $yii_bootstrap "index.php";
access_log /var/log/nginx/itschool-access.log;
error_log /var/log/nginx/itschool-error.log;
location ^~ /admin {
alias /home/itschool/inha_dev/backend/web;
if (!-e $request_filename) { rewrite ^ /admin/index.php last; }
location ~ \.php$ {
if (!-f $request_filename) { return 404; }
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_pass 127.0.0.1:9002;
}
}
location ~ /\.(ht|svn|git) {
deny all;
}
location ~* /\. {
deny all;
access_log off;
log_not_found off;
}
}
I found some questions with answers but they didn't work for me, please help.
I have recently use similar configuration to support web application / mobile application and admin panel on single domain
I hope this could help you out. Below is the configuration
server {
listen 80;
set $root /var/www/html/application;
#here we go
#if backend not found in url then set root url
if ($uri !~ "^(.*)/(backend)(.*)") {
set $root /var/www/html/application/frontend/web;
}
# when request is coming from mobile then display mobile site
# you don't need this one, I just written in order to explain the mobile application navigation.
if ($http_user_agent ~* "android|blackberry|googlebot-mobile|iemobile|ipad|iphone|ipod|opera mobile|palmos|webos") {
set $root /var/www/html/application/mobile/web;
}
root $root;
index index.php index.html index.htm index.nginx-debian.html;
server_name your_domain;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
}
location / {
index index.html index.php;
if (!-e $request_filename){
rewrite ^/(.*) /index.php?r=$1 last;
}
}
location ~ /\.ht {
deny all;
}
}
Also have a look in official document of Yii2 to setup yii2-app-advanced on single domain (Apache, Nginx).
CLICK HERE
One more thing that you need to know is if you want to change backend/web to admin then you also have to made some changes in Yii2 application.
One domain will lead all requests to one IP (server). Nginx will use the first server block matching server_name https://nginx.org/en/docs/http/request_processing.html so you need to put all configuration on one file and use location to separate them.
You can move location ^~ /admin at the beginning of the front.conf locations and play with roots;
Or you can create a proxying config file that will contain just a little.
Something like that
location /admin {
proxy_pass http://localhost:8001;
}
location / {
proxy_pass http://localhost:8002;
}
Using the latter one you should change front & back configs to listen to other ports. Also, an SSL certificate was given for a domain, not URL. So you can use it only in the proxying config.
If you follow some of the key instructions from option 1 of Yii2 Single Domain Apache and Nginx you should be able to accomplish what you want.
Per the referenced link, Option 1:
Assuming Linux OS
cd /path/to/project/frontend/web
ln -s ../../backend/web backend
and set your nginx file
server {
charset utf-8;
client_max_body_size 128M;
listen 80; ## listen for ipv4
#listen [::]:80 default_server ipv6only=on; ## listen for ipv6
server_name api.maim.experiments.uz;
root /home/itschool/inha_dev/frontend/web;
index index.php;
access_log /var/log/nginx/itschool-access.log;
error_log /var/log/nginx/itschool-error.log;
location / {
# Redirect everything that isn't a real file to index.php
try_files $uri $uri/ /index.php$is_args$args;
}
# uncomment to avoid processing of calls to non-existing static files by Yii
#location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
# try_files $uri =404;
#}
#error_page 404 /404.html;
# deny accessing php files for the /assets directory
location ~ ^/assets/.*\.php$ {
deny all;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass 127.0.0.1:9000;
#fastcgi_pass unix:/var/run/php5-fpm.sock;
try_files $uri =404;
}
location ~* /\. {
deny all;
}
}
Not: See below link for the Option-2, if the above does not work:
Yii2 Single Domain Apache and Nginx

Server with multiple projects in /var/www?

I have a server that I want to use as a personal server, with all of my projects under /var/www.
I currently have two folders, /var/www/html and /var/www/site.
I want to be able to access these folders by the following URLs (123.123.123.123 is my server IP):
123.123.123.123/html and 123.123.123.123/site
Here is my default virtual host file:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name 123.123.123.123;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
And here is the one I created for /var/www/site, called site:
server {
listen 80;
listen [::]:80;
# Because this site uses Laravel, it needs to point to /public
root /var/www/site/public;
index index.php index.html index.htm index.nginx-debian.html;
server_name 123.123.123.123;
location /site {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
But when I go to 123.123.123.123/site, it says 404 Not Found, so clearly I'm doing something wrong (and yes, I restarted nginx).
Please help!
You only need one server block, as both /html and /site live in the same server.
Use nginx -t to check that nginx really does restart without giving any errors.
As /site uses a complicated directory scheme, you will need to use a nested location block to get the paths correct.
Your first project seems to have a simple arrangement of static and PHP files. You can use a root /var/www; statement to map URIs beginning with /html to the html folder. See this document for more.
Something like this may work for you:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/;
index index.php index.html index.htm index.nginx-debian.html;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location ^~ /site {
alias /var/www/site/public;
if (!-e $request_filename) { rewrite ^ /site/index.php last; }
location ~ \.php$ {
if (!-f $request_filename) { return 404; }
include snippets/fastcgi-php.conf;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}
}
The default server does not need a server_name.

How can I stop nginx from responding to non-local requests?

Here's what my nginx file looks like. However when I browse to my server using the ip, I still the the "Welcome to nginx!" page
server {
listen 127.0.0.1:9070;
root /var/www/[redacted]/public/;
index index.php index.html index.htm;
server_name [redacted];
location / {
try_files $uri $uri/ /index.php$is_args$args;
allow 127.0.0.1;
deny all;
}
# pass the PHP scripts to FastCGI server listening on /var/run/php5-fpm.sock
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
I believe that you'll find that moving the allow/deny into the server clause will clear this up:
server {
listen 127.0.0.1:9070;
root /var/www/[redacted]/public/;
index index.php index.html index.htm;
server_name [redacted];
location / {
try_files $uri $uri/ /index.php$is_args$args;
allow 127.0.0.1;
deny all;
}
becomes:
server {
listen 127.0.0.1:9070;
root /var/www/[redacted]/public/;
index index.php index.html index.htm;
server_name [redacted];
allow 127.0.0.1;
deny all;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}

Nginx multiple domains doesn't work

I have a perfect configuration which is nginx, php5-fpm, apc, varnish and mariadb. Everything works flawless except;
I am hosting a single web site, since my server resources are high and available, I want to host other web sites on the same server. When I try to add different websites into nginx the service simply does not restart.
here's my configuration file when everything works:
server {
listen 8080;
root /usr/share/nginx/www;
index index.php index.html index.htm;
server_name www.domain1.com;
location / {
try_files $uri $uri/ /index.php?$args;
}
location /doc/ {
alias /usr/share/doc/;
autoindex on;
allow 127.0.0.1;
allow ::1;
deny all;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 365d;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
}
}
I don't want to use seperate files for different virtual hosts, I want to do everything in default file. But when I add another virtual host like below and save default file. nginx won't restart.
server {
listen 8080;
root /usr/share/nginx/www;
index index.php index.html index.htm;
server_name www.domain1.com;
location / {
try_files $uri $uri/ /index.php?$args;
}
location /doc/ {
alias /usr/share/doc/;
autoindex on;
allow 127.0.0.1;
allow ::1;
deny all;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 365d;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
}
}
server {
listen 8080;
root /usr/share/nginx/domain2;
index index.php index.html index.htm;
server_name www.domain2.com;
location / {
try_files $uri $uri/ /index.php?$args;
}
location /doc/ {
alias /usr/share/doc/;
autoindex on;
allow 127.0.0.1;
allow ::1;
deny all;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 365d;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
}
}
Please help me resolve this issue. I think something is conflicting but don't know what.
ok I found the solution just by investigating error log.
2014/08/19 21:55:07 [emerg] 5927#0: could not build the server_names_hash, you should increase server_names_hash_bucket_size: 32
error log tells me to increase hash bucket size..
I edited nginx.conf and set the bucket size to 32 as advised in error log, it didn't work at first, but then I set it to 64 and it worked.
just search for "bucket" in nginx.conf, uncomment it, then set to 64 (or above in some cases) it will work, unless there is another issue.

Nginx + PHP-FPM Error: This Page is Temporarily Unavailble

I am trying to setup a Nginx / PHP-FPM server on my raspberry Pi (Debian) and I am having trouble getting the php to work correctly.
Text displayed on webpage: This Page is Temporarily Unavailble
I have checked the nginx logs and there are no errors being recorded.
This is my nginx.conf:
# Pi Nginx Config v0.1 10:53 30/01/2014
# NOTE: fastcgi is NOT php5-fpm
server {
listen 1080;
# server_name mysite.org;
charset utf-8;
access_log off;
root /var/www/cms;
index index.php;
location / {
try_files $uri $uri/ /index.php?id=$uri&$args;
}
location ~* /admin/.*\.php$ {
try_files $uri /admin/index.php?id=$uri&$args; # Try the admin index page
include /etc/nginx/fastcgi_params;
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
location ~* \.php$ {
try_files $uri =404; # Try any .php files in root or throw a 404
include /etc/nginx/fastcgi_params;
fastcgi_index index.php;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in /etc/php5/fpm/php.ini
# With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
expires 2h;
}
location ~* \.(?:ico|js|gif|jpg|png)$ {
expires 14d;
}
location ~* \.(htm|css|html)$ {
expires 2d;
}
# this blocks direct access to the XML files (but sitemap.xml) - that hold all the data
location ~* \.xml$ { deny all; }
location ~* \.xml\.bak$ { deny all; }
location = /sitemap.xml { allow all; }
# this prevents hidden files (beginning with a period) from being served
location ~ /\. { deny all; }
location ^~ /uploads/ {
if ($request_uri ~* \.php$) {return 403;}
}
}
I do not have enough experience to see anything wrong with this config. My server is on port 1080 and the server root is within the cms directory.
Any help would be greatly appreciated.

Resources