I want to make my wordpress admin directory/files accessible only from my IP white list.
I want the list to be in other conf file because the list has more than 200 IPs.
Here is my default.conf. I use docker-compose.
server {
listen 80;
server_name 127.0.0.1;
root /var/www/html;
index index.php;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location ~* /wp-login\.php|/wp-admin/((?!admin-ajax\.php).)*$ {
include /etc/nginx/conf.d/allowip.conf;
deny all;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass wordpress:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
result...
I am in the white list and when I access to mysite.com/wp-admin, my browser download the actual php files.
plus, I just realized no matter if you 'include' the allowip.conf or not, the setting in allowip.conf is active.
My question
How do you apply a white list in a separate file to a certain directory?
try this
server {
listen 80;
server_name 127.0.0.1;
root /var/www/html;
index index.php;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location ~* /wp-login\.php|/wp-admin/((?!admin-ajax\.php).)*$ {
include /etc/nginx/conf.d/allowip.conf;
deny all;
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass wordpress:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass wordpress:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
Related
How to put this is nginx config of Symfony 4.3
https://symfony.com/doc/4.3/setup/web_server_configuration.html#nginx to sub location?
Config:
server {
server_name domain.tld www.domain.tld;
root /var/www/project/public;
location / {
try_files $uri /index.php$is_args$args;
}
location ~ ^/index\.php(/|$) {
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
internal;
}
location ~ \.php$ {
return 404;
}
error_log /var/log/nginx/project_error.log;
access_log /var/log/nginx/project_access.log;
}
Need put to location:
location /api {
}
I am find two variants with root or alias.
With root:
server {
server_name domain.tld www.domain.tld;
root /var/www/project/public;
location /api {
index index.php;
root /var/www/project/api/public;
try_files $uri /api/index.php$is_args$args;
location ~ ^/api(/index\.php(/|$)) {
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_NAME index.php;
fastcgi_param DOCUMENT_URI index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$1;
fastcgi_param DOCUMENT_ROOT $realpath_root;
internal;
}
location ~ \.php$ {
return 404;
}
}
error_log /var/log/nginx/project_error.log;
access_log /var/log/nginx/project_access.log;
}
With alias:
server {
server_name domain.tld www.domain.tld;
root /var/www/project/public;
location /api {
index index.php;
alias /var/www/project/api/public;
try_files $uri $uri/ /api/api/index.php$is_args$args;
location ~ ^/api/index\.php(/|$) {
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_NAME index.php;
fastcgi_param DOCUMENT_URI index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param DOCUMENT_ROOT $realpath_root;
internal;
}
location ~ \.php$ {
return 404;
}
}
error_log /var/log/nginx/project_error.log;
access_log /var/log/nginx/project_access.log;
}
For understand how it must be i am used
fastcgi_pass 127.0.0.1:9000;
and
#tcpdump -nAs 20000 -i lo tcp port 9000
I am configurating a virtual hosts with nginx. When I put my address, the page return me this error: File not found.
My configuration is the next:
server {
listen 80;
server_name vcarlos.lan;
root /home/tfc_dev/tfc/web;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log error;
index app.php index.html index.htm;
try_files $uri $uri/ #rewrite;
location #rewrite {
rewrite ^/(.*)$ /app.php/$1;
}
location ~ \.php(/|$) {
# try_files $uri =404;
fastcgi_index app.php;
fastcgi_pass unix:/var/run/php5-fpm.sock;
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_buffer_size 1280k;
fastcgi_buffers 4 2560k;
fastcgi_busy_buffers_size 2560k;
}
location ~ /\.ht {
deny all;
}
}
EDIT #1
I have modified the code and I put the next:
server {
server_name vcarlos.lan;
root /home/sierra/tfc_dev/tfc/web;
location / {
# try to serve file directly, fallback to app.php
try_files $uri /app.php$is_args$args;
}
# DEV
# This rule should only be placed on your development environment
# In production, don't include this and don't deploy app_dev.php or config.php
location ~ ^/(app_dev|config)\.php(/|$) {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS off;
}
# PROD
location ~ ^/app\.php(/|$) {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fasserver {
server_name vcarlos.lan;
root /home/sierra/tfc_dev/tfc/web;
location / {
# try to serve file directly, fallback to app.php
try_files $uri /app.php$is_args$args;
}
# DEV
# This rule should only be placed on your development environment
# In production, don't include this and don't deploy app_dev.php or config.php
location ~ ^/(app_dev|config)\.php(/|$) {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS off;
}
# PROD
location ~ ^/app\.php(/|$) {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS off;
# Prevents URIs that include the front controller. This will 404:
# http://domain.tld/app.php/some-path
# Remove the internal directive to allow URIs like this
internal;
}
error_log /var/log/nginx/project_error.log;
access_log /var/log/nginx/project_access.log;
}tcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS off;
# Prevents URIs that include the front controller. This will 404:
# http://domain.tld/app.php/some-path
# Remove the internal directive to allow URIs like this
internal;
}
error_log /var/log/nginx/project_error.log;
access_log /var/log/nginx/project_access.log;
}
Now it recognise Symfony2 but it return this error:
Oops! An Error Occurred
The server returned a "404 Not Found".
Something is broken. Please let us know what you were doing when this error occurred. We will fix it as soon as possible. Sorry for any inconvenience caused.*
Please replace:
rewrite ^/(.*)$ /app.php/$1;
with:
rewrite ^/(.*)$ /app.php?query_string;
UPD: Try this one:
server {
listen 0.0.0.0:80;
server_name vcarlos.lan;
root /home/tfc_dev/tfc/web;
index app.php;
try_files $uri $uri/ /app.php?$query_string;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_pass php-fpm;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
}
}
I have a little experience with configuring nginx server and here is my trouble.
I am trying set correct locations. I have two directs: address.com and address.com/api.
For last direction(API) I have setted locations and it works fine. API is located in /var/www/project/api folder.
root /var/www/project;
index index.php;
server_name localhost;
location /api {
try_files /api/$uri $uri/ /api/index.php?$query_string;
fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^/api/(.+\.php)(/.+)$;
fastcgi_intercept_errors on;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_keep_conn on;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_buffer_size 32k;
fastcgi_busy_buffers_size 64k;
fastcgi_buffers 4 32k;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
}
Now I need implement root for address.com to /var/www/project/website. And here I have some troubles.
First thing, what I did I had written that:
location / {
alias /var/www/project/website/;
}
And then I tried to add many different variants and here is my last note.
I have put it inside location / {}
location ~ ^/(.+\.php)$ {
alias /var/www/project/website/;
include /etc/nginx/fastcgi.conf;
proxy_intercept_errors on;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_intercept_errors on;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
}
In /etc/nginx/fastcgi.conf file I have added
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_script_name;
And I get all time 403 Forbidden or 404 Not found or in nginx errors log is written that, for example, /var/www/project/website/... is not found.
Has somebody experience with nginx configuring and can tell, how to set /website location correct?
Something like that:
server {
listen 80;
server_name localhost;
root /var/www/src/website;
index index.php index.html;
error_log /var/log/nginx/error.log;
location / {
try_files $uri $uri/ =404;
}
location /test {
try_files $uri $uri/test.html =404;
}
location /api/ {
alias /var/www/src/api/;
try_files $uri $uri/ /index.php =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
location /pmants {
root /var/www/src/;
index index.php index.html index.htm;
location ~ ^/pmants/(.+\.php)$ {
try_files $uri =404;
root /var/www/src/;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
location ~* ^/pmants/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /var/www/src/;
}
}
location ~* \.php {
include fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_cache off;
fastcgi_index index.php;
}
}
There is a problem with the location.
We need to do that at the request:
http://domain.com open the site by way of /var/www/domain/main/web
http://domain.com/job open the site by way of /var/www/domain/job/web
Try this config:
server {
listen *:80;
server_name domain.com;
access_log /var/log/nginx/domain.com.access.log;
error_log /var/log/nginx/domain.com.error.log;
location /job/ {
root /var/www/domain/job/web;
try_files $uri $uri/ /index.php?$args;
index index.html index.htm index.php;
location ~ \.php$ {
root /var/www/domain/job/web;
try_files $uri $uri/ /index.php?$args;
index index.html index.htm index.php;
fastcgi_index index.php;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param APP_ENV dev;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
}
}
location / {
root /var/www/domain/main/web;
try_files $uri $uri/ /index.php?$args ;
index index.html index.htm index.php;
location ~ \.php$ {
root /var/www/domain/main/web;
try_files $uri $uri/ /index.php?$args;
index index.html index.htm index.php;
fastcgi_index index.php;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param APP_ENV dev;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
}
}
}
The location /job/ not work, open site in /
I have a problem with the configuration of nginx. Structure directory in my server is:
/var/www/public_html is my page.
/var/www/pma - phpmyadmin
/var/www/vimbadmin - ViMbAdmin
My /etc/nginx/sites-available/default
server{
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
access_log /var/www/log/access.log;
error_log /var/www/log/error.log;
root /var/www/public_html;
index index.php index.htm;
# Make site accessible from http://localhost/
server_name localhost;
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location /pma/ {
index index.php;
alias /var/www/phpmyadmin/;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
}
}
location /vma/ {
index index.php;
alias /var/www/vimbadmin/public/;
try_files $uri $uri/ /index.php?$args;
index index.php;
location ~\.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
#fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#try_files $uri =404;
include fastcgi_params;
}
}
}
Now when I go: domian.com/vma/ redirect me to domian.com/vma/auth/login and I see:
File not found.
Phpmyadmin works.
I know that the configuration is bad... But where is mistake?
I did something like this
location ~ ^/vma {
alias /usr/local/vimbadmin/public;
location ~ ^/vma/(.*\.(js|css|gif|jpg|png|ico))$ {
alias /usr/local/vimbadmin/public/$1;
}
rewrite ^/vma(.*)$ /vma/index.php last;
location ~ ^/vma(.+\.php)$ {
alias /usr/local/vimbadmin/public$1;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
charset utf8;
include fastcgi_params;
fastcgi_param DOCUMENT_ROOT /usr/local/vimbadmin/public;
}
}
it works, at least on my machine ;)
The answer of ir1keren did not work for me with ViMbAdmin V3.0.11.
Here is how I did it:
#
# ViMbAdmin 3.0.x Nginx configuration
# Directory where ViMbAdmin is installed
set $vimbadmin /var/www/vimbadmin;
location /vma {
alias $vimbadmin/public;
index index.php index.html index.htm;
location ~ ^/vma/(.*\.(js|css|gif|jpg|png|ico))$ {
alias $vimbadmin/public/$1;
}
rewrite ^/vma(.*)$ /mail/index.php last;
# Pass PHP scripts to FastCGI server
location ~ \.php$ {
#try_files $uri =404;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
fastcgi_split_path_info ^/vma/(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param DOCUMENT_ROOT $realpath_root;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param APPLICATION_ENV production;
fastcgi_index index.php;
fastcgi_pass php-backend;
fastcgi_intercept_errors on;
}
}