my nginx version : 1.17.3
I want served same template from many url my site in nginx
for example-
localhost:0000/adprofit
localhost:0000/adprofit/0
localhost:0000/adprofit/0/2
localhost:0000/adprofit/asdlk/asd/asd
localhost:0000/adprofit/sand/12312/asd/?AS?Dsa
in any case if i catch same keyword like 'adprofit'.
my site user must be served 'adprofit.html' template.
BUT, NO REWRITE, NO REDIRECT.
i want keep user request url.
My directory:
build
|
|-index.html
|-index.js
|-adprofit
| |
| |-adprofit.js
| |-adprofit.html
|
|-another directories...
I succeed served from diffrent url used 'alias'.
location /all {
allow all;
alias ./build/adprofit;
index adprofit.html;
}
in this case keep url localhost:0000/all/ and view template adprofit.html.
and this case too.
Code:
location /adprofit/all {
allow all;
alias ./build/adprofit;
index adprofit.html;
}
url : 'localhost:0000/adprofit/all/'
my nginx code:
server {
listen 8888;
server_name 192.168.0.25;
add_header 'Access-Control-Allow-Origin' '*';
access_log logs/host.access.log main;
location / {
allow all;
root ./build;
index index.html;
}
location /adprofit {
allow all;
alias ./build/adprofit;
index adprofit.html;
}
}
my try case:
location /adprofit/ {
allow all;
alias ./build/adprofit;
index adprofit.html;
}
succeed url : 'localhost:0000/adprofit/'
failed url : 'localhost:0000/adprofit/[anykeyword]' => 404 error page
code2)
location ~*/adprofit/(all|update|event) {
allow all;
alias ./build/adprofit;
index adprofit.html;
}
succeed url : 'localhost:0000/adprofit/'
failed url : 'localhost:0000/adprofit/all and update and event' => 403 Forbidden
how can i resolve this situation?
try_files directive is a better approach here. This config will always point to the same files (adprofit.html).
Tested and works:
/adprofit
/adprotif/random
location /adprofit {
alias /tmp/;
try_files /adprofit.html =404
}
Related
First of all, I have to deal with a project-related upgrade of a TYPO3 version and am also relatively new to the Nginx web server.
I have upgraded a TYPO3 installation from version 7.6-LTS to 8.7-LTS and transferred the site from an IIS (Windows) server to an Ubuntu 18.04 system with Nginx.
I have now discovered the following: the first click on an internal link on the website in the menu e.g. domain.com/prices works correctly. The URL domain.com/prices is called and also shown in the URL. Now when the page has been reloaded, the same menu item link now looks like this...
domain.com/index.php?id=8&L=1%20or%20%281%2C2%29%3D%28select%2Afrom%28select%20name_const%28CHAR%28111%2C108%2C111%2C108%2C111%2C115%2C104%2C101%2C114%29%2C1%29%2Cname_const%28CHAR%28111%2C108%2C111%2C108%2C111%2C108%2C111%2C115%2C104%2C101%2C114%29%2C1%29%29a%29%20- -%20and%201%3D1
...instead of the usual domain.com/prices. The oontent of the page is still correctly, so the correct page is being loaded.
The Typo3 installation uses the extension real url, which is exactly for this feature. It translates domain.com/index.php?id=8&L=1... into a speaking url like domain.com/prices. So why is it working on the first load, but then no longer?
I also thought, it could be an issue with the configuration of Nginx, but now I think it is a different topic here, because if it is a webserver issue, it won't work the first time, will it?
What can cause this behaviour?
Update
I actually saw, that the English version of the website is working well. So here, the links are displayed correctly: domain.com/prices, domain.com/modules and not even not first page load.
Maybe it is helpful. This is the Nginx config, I currently use:
server {
listen 80;
server_name domain.com;
root /var/www/domain.com/public;
index index.php index.html index.htm index.nginx-debian.html;
listen 443 ssl;
ssl_certificate /var/www/domain.com/ssl/domain.com-2020.crt;
ssl_certificate_key /var/www/domain.com/ssl/domain.com-2020.rsa;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
# Special root site case. prevent "try_files $uri/" + "index" from skipping the cache
# by accessing /index.php directly
location =/ {
recursive_error_pages on;
error_page 405 = #sfc;
return 405;
}
location #t3frontend {
# Using try_files for ease of configuration demonstration here,
# you can also fastcgi_pass directly to php here
try_files $uri /index.php$is_args$args;
}
location #sfc {
# Perform an internal redirect to TYPO3 if any of the required
# conditions for StaticFileCache don't match
error_page 405 = #t3frontend;
# Query String needs to be empty
if ($args != '') {
return 405;
}
# We can't serve static files for logged-in BE/FE users
if ($cookie_staticfilecache = 'fe_typo_user_logged_in') {
return 405;
}
if ($cookie_be_typo_user != '') {
return 405;
}
# Ensure we redirect to TYPO3 for non GET/HEAD requests
if ($request_method !~ ^(GET|HEAD)$ ) {
return 405;
}
charset utf-8;
try_files /typo3temp/tx_staticfilecache/${scheme}/${host}/${server_port}${uri}/index.html
/typo3temp/tx_staticfilecache/${scheme}/${host}/${server_port}${uri}
=405;
}
location /typo3temp/tx_staticfilecache {
deny all;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
# Prevent clients from accessing hidden files (starting with a dot)
# This is particularly important if you store .htpasswd files in the site hierarchy
# Access to `/.well-known/` is allowed.
# https://www.mnot.net/blog/2010/04/07/well-known
# https://tools.ietf.org/html/rfc5785
location ~* /\.(?!well-known\/) {
deny all;
}
# Prevent clients from accessing to backup/config/source files
location ~* (?:\.(?:bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ {
deny all;
}
# TYPO3 - Block access to composer files
location ~* composer\.(?:json|lock) {
deny all;
}
# TYPO3 - Block access to flexform files
location ~* flexform[^.]*\.xml {
deny all;
}
# TYPO3 - Block access to language files
location ~* locallang[^.]*\.(?:xml|xlf)$ {
deny all;
}
# TYPO3 - Block access to static typoscript files
location ~* ext_conf_template\.txt|ext_typoscript_constants\.(?:txt|typoscript)|ext_typoscript_setup\.(?:txt|typoscript) {
deny all;
}
# TYPO3 - Block access to miscellaneous protected files
location ~* /.*\.(?:bak|co?nf|cfg|ya?ml|ts|typoscript|dist|fla|in[ci]|log|sh|sql)$ {
deny all;
}
# TYPO3 - Block access to recycler and temporary directories
location ~ _(?:recycler|temp)_/ {
deny all;
}
# TYPO3 - Block access to configuration files stored in fileadmin
location ~ fileadmin/(?:templates)/.*\.(?:txt|ts|typoscript)$ {
deny all;
}
# TYPO3 - Block access to libaries, source and temporary compiled data
location ~ ^(?:vendor|typo3_src|typo3temp/var) {
deny all;
}
# TYPO3 - Block access to protected extension directories
location ~ (?:typo3conf/ext|typo3/sysext|typo3/ext)/[^/]+/(?:Configuration|Resources/Private|Tests?|Documentation|docs?)/ {
deny all;
}
}
server {
if ($host = domain.com) {
return 301 https://$host$request_uri;
}
listen 80;
server_name domain.com;
return 404;
}
And this is the config of realurl:
The template analysis does not show any error. This is the template analysis for realurl:
Update 2
I'm a step further in this issue. I've read the bug report https://github.com/dmitryd/typo3-realurl/issues/333 which is similar to my issue. I tried to switch the config.linkVars value from L to L(0,1). That helped in the URL issue. But now it switches always back to German language.
With the setting L in config.linkVars, it added the language in the url, if it was not German:
domain.com/en/prices
With the new value L(0,1) it removes the language in the URL
domain.com/prices
So it always shows the German version of the page. I even tried to set the value to L(0,2), because of German, English and French language is integrated (1=English, 2=French), but it does not help in this case. It switches always back to German because of the missing language code in the URL.
Ok. Now I found the solution.
As I wrote in the comments it was the config setting:
config.linkVars
which was set initially to
config.linkVars = L
After I found this bug report
https://github.com/dmitryd/typo3-realurl/issues/333
I saw that I need to limit the L-value for security reasons.
In our case 0 for german, 1 for english, 2 for french:
config.linkVars = L(0-2)
Then all worked fine.
I am using Sucuri Scanner to notify me of failed login attempts and I am currently getting about 50+ emails a day. I've tried several different ways to block access to wp-login.php and wp-admin without any luck, because I think these rules possibly don't work with subdomains (or generally just suck).
server {
# Primary domain, secondary domain and subdomains are explicitly
# declared so that I can generate certs using CertBot
server_name primarydomain.com
secondarydomain.com
subdomain1.primarydomain.com
subdomain2.primarydomain.com
subdomain3.primarydomain.com;
client_max_body_size 20M;
root /home/username/www/primarydomain.com/public_html;
index index.php;
error_log /home/username/www/primarydomain.com/logs/error.log error;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
# This doesn't seem to block access
location /wp-login.php {
allow XXX.XXX.XXX.XXX; # this is my ipaddress
deny all;
}
# This doesn't seem to block access
location /wp-admin/ {
deny all;
allow XXX.XXX.XXX.XXX; # this is my ipaddress
}
# This doesn't seem to block access
location ~ ^/(wp-admin|wp-login\.php) {
deny all;
allow XXX.XXX.XXX.XXX; # this is my ipaddress
}
}
It's not working because regexps have higher priority than prefixes in nginx
https://nginx.ru/en/docs/http/ngx_http_core_module.html#location
To find location matching a given request, nginx first checks
locations defined using the prefix strings (prefix locations). Among
them, the location with the longest matching prefix is selected and
remembered.
And here's the point:
Then regular expressions are checked, in the order of their appearance
in the configuration file. The search of regular expressions
terminates on the first match, and the corresponding configuration is
used. If no match with a regular expression is found then the
configuration of the prefix location remembered earlier is used
So this expression would handle all the requests
location ~ \.php$
One of the solutions might be to transform your prefix locations into regexps and move them upwards in the config files
Or use = modifier for urls you'd like to restrict access to
Also, using the “=” modifier it is possible to define an exact match
of URI and location. If an exact match is found, the search terminates
More examples from the docs:
location = / {
[ configuration A ]
}
location / {
[ configuration B ]
}
location /documents/ {
[ configuration C ]
}
location ^~ /images/ {
[ configuration D ]
}
location ~* \.(gif|jpg|jpeg)$ {
[ configuration E ]
}
The “/” request will match configuration A, the “/index.html” request
will match configuration B, the “/documents/document.html” request
will match configuration C, the “/images/1.gif” request will match
configuration D, and the “/documents/1.jpg” request will match
configuration E
Do try iTheme security plugin with custom login URL and google recaptcha plugin. It reduces the attack up to an extent. A month ago we were getting so many attacks on our site but now it's fine, it got reduced to 2 /week to none.
The easiest fix would be to use nested location
http{
server {
server_name *.domain.com;
listen 80;
location ~ \.php$ {
location ~ /wp-login\.php$ {
deny all;
}
location ~ ^/wp-admin/ {
deny all;
}
return 200 "OK";
}
}
And the test results are as below
$ curl vm/testing.php
OK%
$ curl vm/wp-login.php
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>openresty/1.11.2.2</center>
</body>
</html>
$ curl vm/wp-admin/index.php
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>openresty/1.11.2.2</center>
</body>
</html>
I am trying to deny all access on a certain server block.
server {
listen 8080;
server_name myserver;
root /srv/nkosl;
deny all;
location /mydistro {
return 302 https://www.ubuntu.com/;
}
location /files {
autoindex on;
}
}
This denies access on files location (and successfully returns 403 forbidden message).
However I can still access myserver:8080/mydistro and it redirects me to ubuntu page.
How can I deny the /mydistro location as well?
this answer describes why allow/deny does not work with return/rewrite.
one way to work around it is indeed using ifs, however ifs can be tricky in nginx in certain cases and allow/deny can also take a network mask...
Try to completely remove the /mydistro location. Or, at least, comment the line return 302 https://www.ubuntu.com/;.
To redirect selectively, try this:
location /mydistro {
if ($remote_addr != 127.0.0.1) {
rewrite ^ https://www.ubuntu.com;
}
}
I need to service some file to users by nginx. It's different bitween user's request url and real file path in server. So I tried to use alias in location
request URL :
1) http://info.myservice.com/statement/12345678/12/34/A.html
2) http://info.myservice.com/statement/57837873/56/78/B.html
...
real path in server :
1) /data/statement/0/12/34/A.html
2) /data/statement/0/56/78/B.html
location setting :
location ~ /statement/[0-9]+ {
if ($request_uri ~ "/(d+|-)(.*)") {
#access_log off;
access_log /var/log/nginx/access.log main;
}
alias /data/statement/0;
}
but it doesn't work. need some advice..
Thanks.
You could use a root directive with a rewrite ... break to make the URL match the real path:
location /statement/ {
root /data/statement/0;
rewrite ^/statement/[0-9]+(/.*)$ $1 break;
}
See this document for details.
This seems ridiculous but I've not found a working answer in over an hour of searching.
When I access "http://oa.wechat.com/screen/index.html", it will cause a 301 redirect loop, like this:
"GET /screen/ HTTP/1.1" 301
"GET /screen/index.html/ HTTP/1.1" 301
"GET /screen/index.html/index.html/ HTTP/1.1" 301
...
nginx verson: 1.5.6
nginx.conf
server {
listen 80;
server_name oa.wechat.com;
location ~ ^/screen/ {
alias /data/screen/static/;
index index.html;
}
}
Could anyone tell me the reason? Thanks very much.
i have checked nginx document. the right usage of 'alias':
# use normal match like this
location /i/ {
alias /spool/w3/images/;
}
# use regex match like this
location ~ ^/download/(.*)$ {
alias /home/website/files/$1;
}
the wrong way to use 'alias' is:
location ~ ^/screen/ {
alias /data/screen/static/;
index index.html;
}
In this case, the request would be considered as a directory request, not file request, which will lead a redirect loop.
Anyway, Thanks Flesh very much!
It's already trying to access index.html in that directory because it's the default of nginx's index directive. The problem is that you're using the index directive within a location block where it has a special meaning and executes an internal redirect (as documented).
Unless you know what you're doing, set the index directive within the server block. We end up with the following server block (be sure to read the comments).
server {
# Both default values and not needed at all!
#index index.html;
#listen 80;
server_name oa.wechat.com;
# Do not use regular expressions to match the beginning of a
# requested URI without protecting it by a regular location!
location ^~ /screen/ {
alias /data/screen/static/;
}
}
location examples
server {
# Won't work because the /data is considered the new document root and
# the new location matches the regular expression again.
location ~ ^/screen/ {
alias /data/screen/static/;
}
# Should work because the outer location limits the inner location
# to start with the real document root (untested)
location / {
location ~ ^/screen/ {
alias /data/screen/static/;
}
}
# Should work as well above reason (untested)
location / {
location ~ ^(/screen/) {
alias /data$1static/;
}
}
# Might work as well because we are using the matching group
# VERY BAD because we have a regular expression outside any regular location!
location ~ ^(/screen/) {
alias /data$1static/;
}
# Always works and allows nesting of more directives and is totally save
location ^~ /screen/ {
alias /data/screen/static/;
}
}
Weblinks
alias documentation
index documentation
location documentation
you should move ^ location modifier from ^/screen/, then add ^ before ~, like this:
`location ^~ /screen/ {
alias /data/screen/static/;
index index.html;
}`