I'm looking to make Nginx allow any subfolder to redirect to a specific directory, but store the chosen subfolder in a header.
So for example I have this at the moment which works:
location ^~ /AhRnfKlM {
alias /var/www/html/admin;
index index.php index.html index.htm;
location ~ \.php$ {
limit_req zone=one burst=8;
try_files $uri =404;
fastcgi_index index.php;
fastcgi_pass php;
include fastcgi_params;
fastcgi_buffering on;
fastcgi_buffers 96 32k;
fastcgi_buffer_size 32k;
fastcgi_max_temp_file_size 0;
fastcgi_keep_conn on;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
}
So if I go to http://website.com/AhRnfKlM/index.php it'll work no problem, but what I want is for me to be able to pick any subfolder such as http://website.com/test123/index.php and it will still alias correctly, but store test123 as a header such as X-AuthCode, which I can read in PHP, check against a mysql database of allowed authentication codes and decide what to do from there. This way I can have specific access codes for specific admins or allow one time access codes to exist without modifying NGINX with new aliases.
I've tried various things with regex such as:
location ~ ^(/[^/]+) {
alias /var/www/html/admin;
add_header X-AuthCode $1;
index index.php index.html index.htm;
location ~ \.php$ {
limit_req zone=one burst=8;
try_files $uri =404;
fastcgi_index index.php;
fastcgi_pass php;
include fastcgi_params;
fastcgi_buffering on;
fastcgi_buffers 96 32k;
fastcgi_buffer_size 32k;
fastcgi_max_temp_file_size 0;
fastcgi_keep_conn on;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
}
But can't get it to work! I just get 403 forbidden.
Entire server block (after Ivan's suggestion):
server {
listen 80;
location ~ ^/(?<authcode>[^/]+) {
alias /var/www/html/admin;
index index.php index.html index.htm;
location ~ \.php$ {
limit_req zone=one burst=8;
try_files $uri =404;
fastcgi_index index.php;
fastcgi_pass php;
include fastcgi_params;
fastcgi_buffering on;
fastcgi_buffers 96 32k;
fastcgi_buffer_size 32k;
fastcgi_max_temp_file_size 0;
fastcgi_keep_conn on;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param AUTHCODE $authcode;
}
}
}
Thank you :)
With add_header directive you are adding X-AuthCode header to the nginx response to the user browser after the response was received by nginx from your PHP backend. What you should do instead is to pass your URI prefix with a fastcgi_param directive to your PHP backend, e.g.
location ~ ^/(?<authcode>[^/]+) {
...
location ~ \.php$ {
...
fastcgi_param AUTHCODE $authcode;
...
and then check the $_SERVER['AUTHCODE'] content.
But this does not answer the question why do you receive 403 HTTP error. I think there are other locations in your config that can catch a request before this location did it. Can you test only this location without any others? If your first example works, this one should work too.
Related
I'm a complete nginx noob, so I apologize in advance for whatever necessary details I'm leaving out of this question.
I've got my server set up, and my localhost is displaying the "Welcome to nginx!" page, when I've set my nginx.conf file root to my desired path (which is not the nginx welcome page).
Here's my nginx.conf:
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 8080;
server_name 0.0.0.0;
location ~ /devices/(.+) {
include fastcgi_params;
proxy_pass http://127.0.0.1:5000/$1;
}
location ~ /surveyapp/(.+) {
include fastcgi_params;
proxy_pass http://127.0.0.1:5000/$1;
}
location / {
root /Users/ryanyoung/Desktop/website/public;
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
error_page 405 =200 $uri;
}
location ~* \.php$ {
include /usr/local/etc/nginx/fastcgi_params;
fastcgi_index index.php;
fastcgi_param DOCUMENT_ROOT /Users/ryanyoung/Desktop/website/public;
fastcgi_param SCRIPT_FILENAME /Users/ryanyoung/Desktop/website/public/index.php;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param CI_URI_PROTOCOL "REQUEST_URI";
fastcgi_pass unix:/usr/local/var/run/php5-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_read_timeout 1800;
}
}
include servers/*;
}
Since my root path is definitely correct, my only guess is this has something to do with fastcgi_params? This file is nowhere to be found, and the above path that is referenced (/usr/local/etc/nginx/fastcgi_params) does not exist.
I used homebrew to install nginx, so its location is /opt/homebrew/bin. that directory holds nginx and nginx.conf, but no fastcgi_params (and also no fcgi.conf). I've tried every other path I could think of, and I'm fairly certain that fastcgi doesn't exist on my machine.
Not even sure if that's the issue. Any insight would be appreciated!
I have the following nginx configuration which works fine :
#wordpress
location /wordpress/ {
index index.php;
alias /usr/share/webapps/wordpress/;
try_files $uri $uri/ wordpress/index.php?$args;
}
location ~ \.php$ {
alias /usr/share/webapps/;
include fastcgi.conf;
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_pass php;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location "^/wordpress/.*\.(js|css|png|jpg|jpeg|gif|ico)$" {
expires max;
}
And I am trying to change the url location to "hidden_wordpress", therefore I tried this :
#wordpress
location /hidden_wordpress/ {
index index.php;
alias /usr/share/webapps/wordpress/;
try_files $uri $uri/ wordpress/index.php?$args;
}
location ~ \.php$ {
alias /usr/share/webapps/;
include fastcgi.conf;
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_pass php;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location "^/hidden_wordpress/.*\.(js|css|png|jpg|jpeg|gif|ico)$" {
expires max;
}
But with this configuration, I keep getting those error logs :
==> nginx_error.log <==
2018/12/18 20:35:38 [error] 30923#30923: *1 FastCGI sent in stderr: "Unable to open primary script: /usr/share/webapps//hidden_wordpress/index.php (No such file or directory)" while reading response header from upstream, client: 127.0.0.1, server: 127.0.0.1, request: "GET /hidden_wordpress/ HTTP/1.1", upstream: "fastcgi://unix:/run/php-fpm/php-fpm.sock:", host: ""
I didn't move the wordpress contents to the "hidden_wordpress" folder since I don't want to change that.
It seems the url is not properly rewritten for the php part. Any idea of how to achieve this?
Your location ~ \.php$ block cannot correctly resolve URIs that begin with /hidden_wordpress.
Use nested location blocks so that the effect of the alias directive can be inherited.
For example:
location ^~ /hidden_wordpress {
index index.php;
alias /usr/share/webapps/wordpress;
if (!-e $request_filename) { rewrite ^ /hidden_wordpress/index.php last; }
location ~ \.php$ {
if (!-f $request_filename) { return 404; }
...
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_pass php;
}
location ~ \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
}
}
Use $request_filename to obtain the correct path to the aliased file. Avoid try_files with alias due to this issue. See this caution on the use of if.
I'm trying to install simplesaml on nginx web server and I'm running into a problem with the alias, a friend told me to use rewrite and gave me the example below, but his example doesn't work either.
rewrite ^/simplesaml/module.php/(.*) /simplesaml/www/module.php?path=$1 last;
rewrite ^/simplesaml/(.*)$ /simplesaml/www/$1 last;
How can I fix this, I'm busting my head since 2 days now,I'm out of ideas.
root /home/mihaela/public_html;
I've been having the same issue and this config is the only one I've found to work.
Example NGINX config
Here are my nginx configs:
This is my central IDP config
server {
listen 80 default_server;
server_name saml.local;
root /srv/sites/saml.local/www/;
index index.php;
location ~ \.php(/|$) {
fastcgi_keep_conn on;
try_files $uri =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_URL $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_hide_header X-Powered-By;
fastcgi_pass 127.0.0.1:9000;
}
}
And here is my config for simplesaml accessible via /saml
location /saml {
alias /srv/sites/site.local/vendor/simplesamlphp/www;
index index.php;
location ~ ^(?<prefix>/saml)(?<phpfile>.+?\.php)(?<pathinfo>/.*)?$ {
fastcgi_param SCRIPT_FILENAME $document_root$phpfile;
fastcgi_param PATH_INFO $pathinfo if_not_empty;
include fastcgi_params;
fastcgi_hide_header X-Powered-By;
fastcgi_pass 127.0.0.1:9000;
}
}
I want to override the permissions to /folder/script.php and have the following rules:
location ^~ /folder/script.php{
allow all;
} #shouldn't ^this one with ^~ override the others?
location ~ /folder/(.+)\.php$ {
deny all;
return 404;
allow 127.0.0.1;
}
location ~ ^/folder {
return 404;
}
location / {
# First attempt to serve request as file, then
# as directory, then trigger 404
try_files $uri $uri/ =404;
server_name_in_redirect off;
}
location ~ \.php$ {
try_files $uri =404;
#fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
#fastcgi_pass /tmp/php5-fpm.sock;
#fastcgi_pass /var/run/php5-fpm.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $root_folder$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $root_folder;
# send bad requests
fastcgi_intercept_errors on;
include fastcgi_params;
}
but whenever I access admin.php I still get a 404 error and/or the script.php file is served to download, not interpreted. Could someone explain me why? Tyvm
The commands to execute a php script are:
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $root_folder$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $root_folder;
fastcgi_intercept_errors on;
include fastcgi_params;
I'm not sure where you define $root_folder, normally $document_root is used. The above (or similar) code must appear in each and every location block that is expected to execute php scripts.
So your configuration should look something like this:
location / {
try_files $uri $uri/ =404;
server_name_in_redirect off;
}
location ^~ /folder { deny all; }
location = /folder/script.php {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $root_folder$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $root_folder;
fastcgi_intercept_errors on;
include fastcgi_params;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $root_folder$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $root_folder;
fastcgi_intercept_errors on;
include fastcgi_params;
}
I have taken the liberty of simplifying your configuration a little. It seems that only the file /folder/script.php is executable within the /folder hierarchy, so an exact match (location =) is used, and /folder is denied. The allow 127.0.0.1; does nothing as it comes after the deny all.
As you can see, the fastcgi_pass 127.0.0.1:9000; directive must appear in any location container that directly handles php code. I would put some or all of these directives into a separate file and use include to pull them in at each location.
The rest of the directives have been copied across from your question, but I don't know if they are required here.
I've been struggling with this for some time now. I want to setup a Wordpress blog to run from a "/blogname" path on a server instead of the root. I also want the path to have a different name then the directory where the Wordpress scripts are since the server itself will run django.
I have Nginx as a reverse proxy and I set up php-fpm to run the wordpress. Here's my Nginx configuration file:
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
#tcp_nopush on;
#gzip on;
server {
root /Users/username/Dev/Wordpress/;
index index.php index.html index.htm;
listen 8080;
server_name localhost;
# Do not serve hidden files
location ~ /\. {
access_log off;
log_not_found off;
deny all;
}
# Static files
location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
expires max;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
# This is the problem
location /blogname {
try_files $uri $uri/ /index.php;
rewrite /blogname(.*) /blog$1 last;
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /Users/username/Dev/Wordpress/blog$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
}
}
Right now when I visit localhost:8080/blogname I just download the index.php script instead of executing it.
Other tips are also welcome.
Replace this
location /blogname {
try_files $uri $uri/ /index.php;
rewrite /blogname(.*) /blog$1 last;
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /Users/username/Dev/Wordpress/blog$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
with this
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_intercept_errors on;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi.conf;
}
I hope this should work for you because this is what I use for my local server.