Hi there!
I'am trying to configure Nginx for 2 yii projects, frontend for users and admin for admins with only one domain (no sub domain). I need to configure it in a way such that mydomain.com should refer to frontend and mydomain.com/admin to admin. The problem is I'am being able to configure only one of them at a time, meaning I can use frontend or admin not both of them.
What I have tried
front.conf
server {
listen 80;
server_name api.maim.experiments.uz;
return 301 https://$server_name$request_uri;
}
server {
charset utf-8;
client_max_body_size 128M;
listen 443 ssl;
ssl_certificate_key privkey.pem;
ssl_certificate fullchain.pem;
ssl_protocols TLSv1.2;
set $host_path "/home/itschool/inha_dev/frontend";
server_name api.maim.experiments.uz;
root $host_path/web;
set $yii_bootstrap "index.php";
access_log /var/log/nginx/itschool-access.log;
error_log /var/log/nginx/itschool-error.log;
location / {
index index.html $yii_bootstrap;
try_files $uri $uri/ /index.php;
}
location ~ ^/(protected|framework|themes/\w+/views) {
deny all;
}
location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
try_files $uri =404;
}
location ~ \.php$ {
set $fsn /index.php;
if (-f $document_root$fastcgi_script_name){
set $fsn $fastcgi_script_name;
}
fastcgi_pass 127.0.0.1:9002;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fsn;
}
location ~ /\.(ht|svn|git) {
deny all;
}
location ~* /\. {
deny all;
access_log off;
log_not_found off;
}
}
back.conf
server {
listen 80;
server_name api.maim.experiments.uz;
return 301 https://$server_name$request_uri;
}
server {
charset utf-8;
client_max_body_size 128M;
listen 443 ssl;
ssl_certificate_key privkey.pem;
ssl_certificate fullchain.pem;
ssl_protocols TLSv1.2;
set $host_path "/home/itschool/inha_dev/backend";
server_name api.maim.experiments.uz;
root $host_path/web;
set $yii_bootstrap "index.php";
access_log /var/log/nginx/itschool-access.log;
error_log /var/log/nginx/itschool-error.log;
location ^~ /admin {
alias /home/itschool/inha_dev/backend/web;
if (!-e $request_filename) { rewrite ^ /admin/index.php last; }
location ~ \.php$ {
if (!-f $request_filename) { return 404; }
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_pass 127.0.0.1:9002;
}
}
location ~ /\.(ht|svn|git) {
deny all;
}
location ~* /\. {
deny all;
access_log off;
log_not_found off;
}
}
I found some questions with answers but they didn't work for me, please help.
I have recently use similar configuration to support web application / mobile application and admin panel on single domain
I hope this could help you out. Below is the configuration
server {
listen 80;
set $root /var/www/html/application;
#here we go
#if backend not found in url then set root url
if ($uri !~ "^(.*)/(backend)(.*)") {
set $root /var/www/html/application/frontend/web;
}
# when request is coming from mobile then display mobile site
# you don't need this one, I just written in order to explain the mobile application navigation.
if ($http_user_agent ~* "android|blackberry|googlebot-mobile|iemobile|ipad|iphone|ipod|opera mobile|palmos|webos") {
set $root /var/www/html/application/mobile/web;
}
root $root;
index index.php index.html index.htm index.nginx-debian.html;
server_name your_domain;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
}
location / {
index index.html index.php;
if (!-e $request_filename){
rewrite ^/(.*) /index.php?r=$1 last;
}
}
location ~ /\.ht {
deny all;
}
}
Also have a look in official document of Yii2 to setup yii2-app-advanced on single domain (Apache, Nginx).
CLICK HERE
One more thing that you need to know is if you want to change backend/web to admin then you also have to made some changes in Yii2 application.
One domain will lead all requests to one IP (server). Nginx will use the first server block matching server_name https://nginx.org/en/docs/http/request_processing.html so you need to put all configuration on one file and use location to separate them.
You can move location ^~ /admin at the beginning of the front.conf locations and play with roots;
Or you can create a proxying config file that will contain just a little.
Something like that
location /admin {
proxy_pass http://localhost:8001;
}
location / {
proxy_pass http://localhost:8002;
}
Using the latter one you should change front & back configs to listen to other ports. Also, an SSL certificate was given for a domain, not URL. So you can use it only in the proxying config.
If you follow some of the key instructions from option 1 of Yii2 Single Domain Apache and Nginx you should be able to accomplish what you want.
Per the referenced link, Option 1:
Assuming Linux OS
cd /path/to/project/frontend/web
ln -s ../../backend/web backend
and set your nginx file
server {
charset utf-8;
client_max_body_size 128M;
listen 80; ## listen for ipv4
#listen [::]:80 default_server ipv6only=on; ## listen for ipv6
server_name api.maim.experiments.uz;
root /home/itschool/inha_dev/frontend/web;
index index.php;
access_log /var/log/nginx/itschool-access.log;
error_log /var/log/nginx/itschool-error.log;
location / {
# Redirect everything that isn't a real file to index.php
try_files $uri $uri/ /index.php$is_args$args;
}
# uncomment to avoid processing of calls to non-existing static files by Yii
#location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
# try_files $uri =404;
#}
#error_page 404 /404.html;
# deny accessing php files for the /assets directory
location ~ ^/assets/.*\.php$ {
deny all;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass 127.0.0.1:9000;
#fastcgi_pass unix:/var/run/php5-fpm.sock;
try_files $uri =404;
}
location ~* /\. {
deny all;
}
}
Not: See below link for the Option-2, if the above does not work:
Yii2 Single Domain Apache and Nginx
Related
------- Technologies I'm using ---------
Debian 10
Nginx server
PHP8.0
--------- The scenario ------------
I have exmaple.com which has an HTML static website
and I have a subdomain, blog.example.com I installed WP on it and it's working fine
but I want to make the wp-admin access on login.blog.example.com.
-------- What I tried -------------
1- I tried redirecting any /wp-* URL to login.blog.example.com, but that isn't useful if there are no files/folders of wp-admin on login.blog.example.com.
2- I followed this, but it wasn't handy since they are redirecting to 404 and a static page
https://403.ie/how-to-serve-wp-admin-from-a-separate-subdomain/
-------- The nginx configuration -----------
example.com:
server{
listen 80;
listen [::]:80;
server_name IP_ADDRESS;
return 301 http://example.com;
}
server {
listen 80;
listen [::]:80;
server_name example.com;
root /var/www/example.com;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
blog.example.com:
server {
listen 80;
listen [::]:80;
server_name blog.example.com;
root /var/www/blog.example.com;
index index.html index.php index.htm;
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
location / {
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php$is_args$args;
}
# location /wp-admin{
# rewrite ^/wp-(.*)$ http://login.blog.example.com redirect;
# }
location ~ \.php$ {
try_files $uri /index.php;
include fastcgi_params;
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
The first step is to create a server to handle requests to login.blog.example.com. This is identical to blog.example.com except for the server_name and any "login" bits you want to add.
Then add a redirect in the blog.example.com server block:
location ^~ /wp-admin {
return 302 $scheme://login.blog.example.com$request_uri;
}
WordPress may insist on redirecting you back to blog.example.com. This is because of the settings for site URL in the Dashboard configuration or the wp-config.php configuration file.
You should be able to drop the hostname from the HOME and SITEURL values and use / instead of http://blog.example.com.
Is it possible to optimize/minimize the config posted below?
I feel that it should be possible to merge all the redirects into something more simple.
http:// & http://www & https://www > https://
Though I've had issues and settled.
I understand variables are not supported in NGINX config, so I have to manually define the log locations for example. Would there be a way to set a default location for all vhosts?
I use the same ssl-params.conf file for all vhosts. Can this be defaulted and disabled on a per-vhost basis?
# Redirect http:// & http://www to https://
server {
server_name example.com www.example.com;
return 301 https://example.com$request_uri;
}
# Redirect https://www to https://
server {
listen 443 ssl;
server_name www.example.com;
return 301 https://example.com/$request_uri;
}
# Main config
server {
listen 443 ssl;
server_name example.com;
# SSL config
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
# Error logs
access_log /srv/logs/nginx.access.example.com.log;
error_log srv/logs/nginx.error.example.com.log;
# Root dir
location / {
root /srv/example.com/_site/;
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}
# Caching
location ~ .php$ {
root /srv/example.com/_site/;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
root /srv/example.com/_site/;
expires 365d;
}
location ~* \.(pdf)$ {
root /srv/example.com/_site/;
expires 30d;
}
# SSL
location /.well-known {
allow all;
}
}
I understand variables are not supported in NGINX config, so I have to manually define the log locations for example. Would there be a way to set a default location for all vhosts?
Yes, just define it in the http context of your config or stick with the default of your distro (e.g. /var/log/nginx/access.log).
I use the same ssl-params.conf file for all vhosts. Can this be defaulted and disabled on a per-vhost basis?
It works the other way around you enable it where you need it through the include directive.
Here is a shorter config (untested):
http {
error_log /srv/logs/nginx.error.example.com.log;
access_log /srv/logs/nginx.access.example.com.log;
index index.php index.html index.htm;
server {
listen 80;
listen 443 ssl;
server_name .example.com;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
root /srv/example.com/_site/;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
location / {
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files $uri =404;
}
location ~* \.(jpe?g|png|gif|ico|css|js)$ {
expires 365d;
}
location ~* \.(pdf)$ {
expires 30d;
}
try_files $uri $uri/ /index.php?$args;
}
location /.well-known {
allow all;
}
}
}
I have this folder: /home/sites/dev/
Nginx serves the content of this folder if I visit "domain.com"
But, let's say that if I create a folder inside this folder, for example "wp-test", I want nginx to serve this folder if I visit "wp-test.domain.com"
It seems like "ianc" made it work on his blog post, but I can't get it to work.
Here's my config so far for nginx:
server {
listen 80;
server_name www.ilundev.no;
root /home/sites/dev;
}
server {
listen 80;
server_name ~^(.*)\.ilundev\.no$;
if (!-d /home/sites/dev/ilundev.no/public/$1) {
rewrite . http://www.ilundev.no/ redirect;
}
root /home/sites/dev/$1;
}
server {
listen 80;
server_name ilundev.no;
rewrite ^/(.*) http://www.ilundev.no/$1 permanent;
}
I made it work!
First thing first. I had an error in my config.
The line
if (!-d /home/sites/dev/ilundev.no/public/$1) {
was wrong, and should be
if (!-d /home/sites/dev/$1) {
And, I had to set up a wildcard entry to my domain, at my domain provider.
The entry looked like "*.ilundev.no" and I used the "A" option - and it worked!
Updated and optimized config:
This will work as long as the DNS at your domain provider properly sets "*.dev" in a subdomain for your domain, with the "A" option - and the IP of your server.
server {
listen 80;
server_name dev.ilun.no www.dev.ilun.no;
root /home/sites/dev;
}
server {
listen 80;
server_name ~^(.*)\.dev.ilun\.no$;
if (!-d /home/sites/dev/$1) {
rewrite . http://dev.ilun.no/ redirect;
}
root /home/sites/dev/$1;
}
However, now I'm stuck trying to make the server run php code in such a subdomain.
server {
listen 80;
server_name ~^(?<branch>.*)\.example\.com;
root /var/www/$branch/public;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_log /var/log/nginx/$branch.example.com.error.log error;
sendfile off;
client_max_body_size 100m;
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_pass php-fpm:9000;
fastcgi_index index.php;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
I have a web server running nginx 1.6 with one IP address and hosting www.domainname.com as well as dev.domainname.com.
I'm trying to find a smart way to route all http traffic to https and I want to make sure that my default server is the 'www' live version of the time. So the end goal is that unless the user specifies https://dev.domainname.com they will be redirected to https://www.domainname.com.
My nginx.conf setup is configured to include for '/etc/nginx/etc/sites-enabled/*'. So my configuration example is located at 'etc/nginx/sites-enabled/www.domainname.com'.
So my question is there a better way to handle this type of setup?
# redirect all non https
server {
# all traffic should be over https
listen 80 default;
# listen for all server names
server_name *.domainname.com;
# redirect to www with https
return 301 $scheme://www.domainname.com$request_uri;
}
# configuration for the non-www redirect
server {
# non-www server name
server_name domainname.com;
# return to www
return 301 $scheme://www.domainname.com$request_uri;
}
# configuration for the live website
server {
# configuration for all https sites
listen 443 default_server ssl;
ssl on;
# www server name
server_name www.domainname.com;
# root to public directory
root /path/to/www.domainname.com/public;
# ssl certificates
ssl_certificate /etc/nginx/ssl/www.domainname.com/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/www.domainname.com/server.key;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
# error logs for www site
error_log /var/log/nginx/www.domainname.com-error.log error;
}
# configuration for the dev site
server {
# dev server name
server_name dev.domainname.com;
# root to public directory
root /path/to/dev.domainname.com/public;
# ssl certificates - using multi domain ssl
ssl_certificate /etc/nginx/ssl/www.domainname.com/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/www.domainname.com/server.key;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
# error logs for dev site
error_log /var/log/nginx/dev.domainname.com-error.log error;
}
I have transferred by Opencart websites from Apache to Nginx.In Apache everything was working fine,in Nginx I am unable to enter the admin section despite the correct password and keeps on showing the login page with every subsequent attempt.Besides that the addtocart button doesn't react.The config file seems ok.I have tried different options nothing has help so far.Any help will be appreciated.
Thanks.
server {
listen 80;
server_name opencart.local;
return 301 $scheme://www.opencart.local$request_uri;
}
server {
listen 80; # listen for ipv4; this line is default and implied
server_name www.opencart.local;
root /home/arch/mysites/opencart;
index index.php index.html index.htm;
charset UTF-8;
#autoindex off;
access_log /var/log/nginx/opencart.local.access.log;
error_log /var/log/nginx/opencart.local.error.log;
# Add trailing slash to */admin requests.
rewrite /admin$ $scheme://$host$uri/ permanent;
location /image/data {
autoindex on;
}
location /admin {
index index.php;
}
location / {
try_files $uri #opencart;
}
location #opencart {
rewrite ^/(.+)$ /index.php?_route_=$1 last;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make sure files with the following extensions do not get loaded by nginx
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ {
expires max;
log_not_found off;
}
location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
I have found the solution.Actually there are several vhosts named as opencart.local in my /etc/hosts file as under.
127.0.0.1 opencart.local opencart
127.0.0.1 opencart1.local opencart1
In my config file I removed the first server section:
server {
listen 80;
server_name opencart.local;
return 301 $scheme://www.opencart.local$request_uri;
}
In the next section I wrote:
server {
listen 80; # listen for ipv4; this line is default and implied
server_name opencart.local www.opencart.local; <---
root /home/arch/mysites/opencart;
index index.php index.html
It was probably the result of how host names where specified in /etc/hosts file.Now I can enter the admin section and the addtocart button also works.