I am building an application that consists of Laravel at the back end and Nodejs at the front end. To join them I would like to create location in Nginx conf for Laravel via https://localhost/admin/? route with or without trailing slash. I have managed to do that with trailing slash but not without.
Here is my config:
server {
listen 443 ssl http2;
server_name localhost;
ssl_certificate /certs/localhost.crt;
ssl_certificate_key /certs/localhost.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
location / {
proxy_pass https://nodejs:3000;
proxy_ssl_verify off;
}
# Backend
location /admin/ {
alias /var/www/api/public;
try_files $uri #admin;
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_pass php-upstream;
fastcgi_index index.php;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_param SCRIPT_FILENAME $request_filename;
#fixes timeouts
fastcgi_read_timeout 600;
include fastcgi_params;
}
}
location #admin {
rewrite /admin/(.*)$ /admin/index.php?/$1 last;
}
# BrowserSync websocket
location /browser-sync/socket.io/ {
proxy_pass http://nodejs:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
I have tried the following location ~ /admin/?(.*)$ { but was unable to get it running as Nginx was looking for a location that doesn't exist. How can I achieve that?
Thanks in advance.
The URI /admin should result in a redirect anyway, so why not simply add:
location = /admin {
return 301 /admin/;
}
Related
I'm working on an application that utilizes Elasticsearch on the front-end as well as prerender.io.
I've setup SSL Certs but I cannot get the http to redirect to https, when I tried to add a 301 redirect to the secure version the secure version of the site then breaks.
The redirect at the bottom for the non-www version over to the www version works fine, but if I try to add return 301 https://www.dev.example.com$request_uri; it seems to break the application front-end.
Here's my NGINX Config:
map $http_origin $cors_origin {
default "";
"~^https?:\/\/(www\.)?dev.example.com" "$http_origin";
}
server {
ignore_invalid_headers off;
listen 80;
listen 443 ssl http2;
server_name www.dev.example.com;
ssl_certificate /etc/letsencrypt/live/dev.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev.example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/dev.example.com/chain.pem;
#return 301 https://www.dev.example.com$request_uri;
#Potential redirection placement
root /var/www/example/public;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
# Begin Prerender.io Config
proxy_set_header X-Prerender-Token exampletoken;
set $prerender 0;
if ($http_user_agent ~* "googlebot|bingbot|yandex|baiduspider|twitterbot|facebookexternalhit|rogerbot|linkedinbot|embedly|quora link preview|showyoubot|outbrain|pinterest|slackbot|vkShare|W3C_Validator") {
set $prerender 1;
}
if ($args ~ "_escaped_fragment_") {
set $prerender 1;
}
if ($http_user_agent ~ "Prerender") {
set $prerender 0;
}
if ($uri ~* "\.(js|css|xml|less|png|jpg|jpeg|gif|pdf|doc|txt|ico|rss|zip|mp3|rar|exe|wmv|doc|avi|ppt|mpg|mpeg|tif|wav|mov|psd|ai|xls|mp4|m4a|swf|dat|dmg|iso|flv|m4v|torrent|ttf|woff|svg|eot)") {
set $prerender 0;
}
#resolve using Google's DNS server to force DNS resolution and prevent caching of IPs
resolver 8.8.8.8;
if ($prerender = 1) {
#setting prerender as a variable forces DNS resolution since nginx caches IPs and doesnt play well with load balancing
set $prerender "service.prerender.io";
rewrite .* /$scheme://$host$request_uri? break;
proxy_pass http://$prerender;
}
# checks for static file, if not found proxy to app
#proxy_pass https://127.0.0.1:9200/example$path/_search?$query_string;
}
# end Prerender.io Config
# Various important file locations
location ~* ^/(robots.txt|admin|api|sitemap.xml|sitemap.xml.gz) {
try_files $uri $uri/ /index.php?$query_string;
}
# Favicon Location
location /favicon.ico {
access_log off;
log_not_found off;
}
# Robots.txt Location
location /robots.txt {
access_log off;
log_not_found off;
}
# NGINX Log Locations
access_log /var/log/nginx/example-access.log;
error_log /var/log/nginx/example-error.log error;
sendfile off;
# PHP Config - 7.3
location ~ (/index|/calculator/.*)\.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
#fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
include fastcgi_params;
}
# This line below was disabled upon rewrite, leaving in for legacy - DR
# location ~ /\.ht {
# deny all;
# }
# ElasticSearch Config
location ~ ^/es/example(?<path>/.*)?/_(?<msearch>m?)search$ {
# This line below was disabled upon rewrite, leaving in for legacy - DR
# location ~ ^/es/quirks(?<path>/.*)?/_search$ {
access_log /var/log/nginx/elasticsearch.log;
error_log /var/log/nginx/elasticsearch-error.log error;
limit_except OPTIONS POST {
allow 96.93.229.26;
deny all;
}
proxy_pass http://127.0.0.1:9200/quirks$path/_${msearch}search?$query_string;
# This line below was disabled upon rewrite, leaving in for legacy - DR
# proxy_pass http://127.0.0.1:9200/example$path/_search?$query_string;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $http_host;
}
}
server {
listen 80;
listen 443 ssl default_server http2;
server_name dev.quirks.com;
ssl_certificate /etc/letsencrypt/live/dev.quirks.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev.quirks.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/dev.quirks.com/chain.pem;
return 301 https://www.example.quirks.com$request_uri;
}
my current nginx conf file:
server {
listen 443 ssl default_server;
listen [::]:80 ipv6only=on;
ssl_certificate /etc/letsencrypt/live/domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain/privkey.pem;
access_log /var/log/nginx/domain-access.log;
error_log /var/log/nginx/domain-error.log;
root /var/www/domain/public;
index index.php index.html index.htm;
server_name domain;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# PHP-FPM Configuration Nginx
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
I want to be able to run 2 secure WebSocket servers (wss://) - one running over 8443 port and the other over 8444.
I tried many configuration suggestions but none of them seems to work (connection timeout).
UPDATE:
I want to be able to connect to the WebSocket server like this:
conn = new ab.Session('wss://domain:8443',....)
Is it possible? or should I change the connection URI?
Any advice?
After lots of digging, I managed to solve my problem:
I already tried the settings below from the beginning, but in my case all of my problem was firewall settings.. and yes, it's pretty dumb
First - the cause of time out problem was the firewall
So, in order to enable your tcp port, use (Centos 7):
firewall-cmd --zone=public --add-port=80/tcp --permanent
then,
firewall-cmd --reload
great guide: http://ask.xmodulo.com/open-port-firewall-centos-rhel.html
My settings:
upstream websocket{
server 127.0.0.1:8443;
}
map $http_upgrade $connection_upgrade {
default Upgrade;
'' close;
}
server {
listen 443 ssl default_server;
listen [::]:443 default_server ssl http2 ipv6only=on;
ssl on;
ssl_prefer_server_ciphers on;
ssl_certificate /etc/letsencrypt/live/domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain/privkey.pem;
if ($request_uri ~ "^[^?]*//") {
rewrite "(.*)" $scheme://$host$1 permanent;
}
access_log /var/log/nginx/domain-access.log;
error_log /var/log/nginx/domain-error.log;
root /var/www/domain/public;
index index.php index.html index.htm;
server_name domain
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# PHP-FPM Configuration Nginx
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location /ws/ {
proxy_pass http://websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_redirect off;
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
keepalive_timeout 86400s;
# prevents 502 bad gateway error
proxy_buffers 8 32k;
proxy_buffer_size 64k;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
reset_timedout_connection on;
}
}
Hope it will help others :)
{
server {
listen 80;
server_name www.example.com example.com;
return 301 https://www.example.com$request_uri;
}
server { #Redirect https, non-www to https, www
listen 443 ssl spdy;
server_name example.com;
ssl_certificate /var/www/web/example_com.crt;
ssl_certificate_key /var/www/web/www.expample.com.key;
return 301 https://www.example.com$request_uri;
}
server {
# SSL configuration
listen 443 ssl spdy;
server_name www.example.com;
ssl on;
ssl_certificate /var/www/web/example_com.crt;
ssl_certificate_key /var/www/web/www.expample.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # do not use SSLv3 ref: POODLE
root /var/www/web;
client_max_body_size 20M;
index index.php;
location / {
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}
location ~ ^/(protected|framework|themes/\w+/views) {
deny all;
}
#avoid processing of calls to unexisting static files by yii
location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
try_files $uri =404;
}
location #bo {
rewrite ^/bo(.*) /bo/index.php?q=$1;
}
location /bo {
index index.php;
try_files $uri $uri/ #bo;
alias /var/www/web/bo;
}
location #app {
rewrite ^/app(.*) /app/index.php?q=$1;
}
location /app {
index index.php;
try_files $uri $uri/ #app;
alias /var/www/web/app;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
include fastcgi_params;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME /var/www/web$fastcgi_script_name;
}
# prevent nginx from serving dotfiles (.htaccess, .svn, .git, etc.)
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
location ~ /\.ht {
deny all;
}
if (!-e $request_filename) {
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last;
rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 last;
}
}
server {
listen 80;
listen [::]:80;
server_name supp.example.com;
access_log /var/log/nginx/supp.example.com.access.log;
error_log /var/log/nginx/supp.example.com.error.log;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3001;
proxy_redirect off;
}
}
I had a server on OVH and I migrated to azure, inside the app I had a wordpress that is in the main root, a subfolder with an app on Yii2 and another subfolder with an app on CodeIgniter, When I test the config, everything works fine, I used the testnew.example.com for test it, when I do the deploy and use www.example.com, I got Moved permantly 301 on main root (Wordpress site), the rest of apps works good.
I'm trying to get the ckeditor to work with ckfinder, the problem are when i'm running the editor whitout a proxy on NGINX its working as is shut be, but when i'm working with my proxy its will not late me upload files and see files.
i will show both my config files for NGINX my server config and my proxy config.
Server config:
Where the backend are on, and where ckfinder and ckeditor running.
server {
root /var/www/domain-com/backend;
index index.php index.html index.htm;
server_name domain.com;
client_max_body_size 256M;
location ~ \.php$ {
try_files $uri $uri/ /index.php?$args;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
}
# Folders to block
location ^~ /Controller/ { deny all; }
location ^~ /Cron/ { deny all; }
location ^~ /Framework/ { deny all; }
location /json/ {
try_files $uri $uri/ /json.php?$args;
}
location /action/ {
try_files $uri $uri/ /action.php?$args;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
}
Proxy config
This is my config for the proxy server there control everything before its sending out to the backend server.
server {
listen 443 ssl;
root /var/www;
index index.php index.html;
client_max_body_size 256M;
server_name domain.com;
gzip on;
gzip_proxied any;
gzip_types text/css text/plain text/xml application/xml applicati$
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
# SSL Config setup
ssl on;
ssl_certificate /home/www-data/ssl/ssl-key.pem;
ssl_certificate_key /home/www-data/ssl/ssl-key.key;
ssl_stapling on;
ssl_session_timeout 10m;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
# Error pages if user is blocked
error_page 403 /e403.php;
location = /e403.php {
allow all;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
location / {
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_read_timeout 1d;
proxy_set_header Host $host;
proxy_pass http://domain_server_config$uri?$args;
}
}
Your proxy server has two location blocks which intercept URIs ending with .php. If your proxy server is intended to forward everything unmolested, there is no reason for it to execute PHP files locally.
Your existing applications probably use pretty permalinks (or similar) which disguises the fact that PHP is the engine behind the website.
I suspect that the tasks that so not work, expose a URI containing the pattern .php.
Now, I have two projects(sites) based on Laravel + PHP + MySQL + Nginx, vistors can access them by typing:
http://www.mysite.com:80
http://www.mysite.com:8001
Can I change the accessing method to virtual folder not by port?
http://www.mysite.com/project1
http://www.mysite.com/project2
The nginx conf files are (at /etc/nginx/conf.d/):
project1.conf
server {
listen *:80;
server_name mysite.com www.mysite.com;
server_tokens off;
root /var/www/html/project1/public;
client_max_body_size 100m;
access_log /var/log/nginx/project1_access.log;
error_log /var/log/nginx/project1_error.log;
location / {
index index.php index.html;
if (!-f $request_filename){
rewrite (.*) /index.php;
}
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
project2.conf
server {
listen *:80;
server_name www.mysite.com;
server_tokens off;
root /var/www/html/project2/public;
client_max_body_size 100m;
access_log /var/log/nginx/project2_access.log;
error_log /var/log/nginx/project2_error.log;
location / {
index index.php index.html;
if (!-f $request_filename){
rewrite (.*) /index.php;
}
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
The only decent way to do it is by folder and virtual host rather than port.
Sure - an example config will look like this:
1 Define your app servers
server {
listen 8080;
root /var/www/html/project1/public;
......
}
server {
listen 8081;
root /var/www/html/project2/public;
......
}
2 Define your proxy server
server {
listen 80;
server_name mysite.com www.mysite.com;
.....
location /project1 {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
.....
}
location /project2 {
proxy_pass http://localhost:8081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
....
}
}