User diretive is not allowed - nginx

I'm creating a virtual host for the OsTicket configuration.
In the file vim /etc/nginx/sites-available/osticket.conf I'm inserting these lines:
user nginx;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
charset utf-8;
gzip on;
gzip_types text/plain application/xml text/javascript;
gzip_min_length 1000;
index index.php index.html index.htm;
# Rewrite all requests from HTTP to HTTPS
server {
listen 80;
server_name 192.168.0.24;
rewrite ^ http://192.168.0.24 permanent;
}
server {
listen 443;
server_name 192.168.0.24;
ssl on;
ssl_certificate /etc/nginx/certs/cert.pem;
ssl_certificate_key /etc/nginx/certs/cert.key;
keepalive_timeout 70;
root /var/www/osticket;
set $path_info "";
location ~ /include {
deny all;
return 403;
}
if ($request_uri ~ "^/api(/[^\?]+)") {
set $path_info $1;
}
location ~ ^/api/(?:tickets|tasks).*$ {
try_files $uri $uri/ /api/http.php?$query_string;
}
if ($request_uri ~ "^/scp/.*\.php(/[^\?]+)") {
set $path_info $1;
}
if ($request_uri ~ "^/.*\.php(/[^\?]+)") {
set $path_info $1;
}
location ~ ^/scp/ajax.php/.*$ {
try_files $uri $uri/ /scp/ajax.php?$query_string;
}
location ~ ^/ajax.php/.*$ {
try_files $uri $uri/ /ajax.php?$query_string;
}
location / {
try_files $uri $uri/ index.php;
}
location ~ \.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_param PATH_INFO $path_info;
fastcgi_pass 192.168.0.24:8888;
}
}
}
And when I do service nginx restart I get the following error:
enter image description here
If you use the command nginx -t I get the following error:
enter image description here
In the nginx server logs I get the following error:
"user" directive is not allowed here in
/etc/nginx/sites-enabled/osticket.conf:1
How can I solve the problem for the nginx service to work.

All configuration files inside the sites-enabled folder are by default included within the nginx.conf configuration, which already has the http block and most of the things you are setting.
You should have only your server blocks in the osticket.conf file. Remove everything else and you should end up with something like:
server {
listen 80;
server_name 192.168.0.24;
rewrite ^ http://192.168.0.24 permanent;
}
server {
listen 443;
server_name 192.168.0.24;
ssl on;
ssl_certificate /etc/nginx/certs/cert.pem;
ssl_certificate_key /etc/nginx/certs/cert.key;
keepalive_timeout 70;
root /var/www/osticket;
set $path_info "";
location ~ /include {
deny all;
return 403;
}
if ($request_uri ~ "^/api(/[^\?]+)") {
set $path_info $1;
}
location ~ ^/api/(?:tickets|tasks).*$ {
try_files $uri $uri/ /api/http.php?$query_string;
}
if ($request_uri ~ "^/scp/.*\.php(/[^\?]+)") {
set $path_info $1;
}
if ($request_uri ~ "^/.*\.php(/[^\?]+)") {
set $path_info $1;
}
location ~ ^/scp/ajax.php/.*$ {
try_files $uri $uri/ /scp/ajax.php?$query_string;
}
location ~ ^/ajax.php/.*$ {
try_files $uri $uri/ /ajax.php?$query_string;
}
location / {
try_files $uri $uri/ index.php;
}
location ~ \.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_param PATH_INFO $path_info;
fastcgi_pass 192.168.0.24:8888;
}
}

Related

BasicAuth with nginx except for a specific location (Admin/API)

I want to set up BasicAuth on a DEV installation of Shopware to prevent Google/visitors from coming to the site.
I would like to keep the admin area without BasicAuth, as the SPA backend keeps asking for login on many ajax requests.
In short, BasicAuth for all requests except "/admin" and "/api".
I have tried this with the following configuration. But I get the password prompt even for requests on "/admin".
Why does "auth_basic" from one location affect the other?
server {
listen [--IP--]:80;
listen [--IP--]:443 ssl http2;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_certificate /var/www/clients/client1/web7/ssl/[--DOMAIN--].crt;
ssl_certificate_key /var/www/clients/client1/web7/ssl/[--DOMAIN--].key;
server_name [--DOMAIN--] ;
root /var/www/[--DOMAIN--]/web;
.
.
.
add_header X-Robots-Tag "noindex, nofollow" always;
location #rewriteapp {
root /var/www/[--DOMAIN--]/web/public/;
client_max_body_size 100M;
rewrite ^/(.*)$ /index.php last;
}
location /admin {
alias /var/www/[--DOMAIN--]/web/public/;
client_max_body_size 100M;
index index.php;
http2_push_preload on;
rewrite ^/(.+)\.php/(.*)$ /$1.php last;
try_files $uri #rewriteapp;
location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_index index.php;
.
.
.
http2_push_preload on;
}
}
location / {
alias /var/www/[--DOMAIN--]/web/public/;
client_max_body_size 100M;
index index.php;
http2_push_preload on;
rewrite ^/(.+)\.php/(.*)$ /$1.php last;
try_files $uri #rewriteapp;
.
.
.
auth_basic "DEV";
auth_basic_user_file /var/www/clients/client1/web6/web/public/.htpasswd;
location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_index index.php;
.
.
.
http2_push_preload on;
}
}
}
I also tried with auth_basic off in the "/admin" location.
auth_basic off;
allow all;
Try this:
server {
location ~ .php$ {
set $auth "Restricted";
if ($request_uri ~ /api/.*){
set $auth "off";
}
if ($request_uri ~ /admin.*){
set $auth "off";
}
auth_basic $auth;
auth_basic_user_file /www/htdocs/shopware/.htpasswd;
}
}

.well-known/acme-challenge/xxxx gives 404 nginx

I manage a wordpress site.
I have below code block in my nginx config file.
server {
listen 443 ssl;
server_name example.com;
client_max_body_size 1000M;
root /var/www/wordpress;
index index.php index.html index.htm;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
proxy_read_timeout 3000;
proxy_connect_timeout 3000;
proxy_send_timeout 3000;
expires 1s;
set $skip_cache 0;
# POST requests and URLs with a query string should always go to PHP
if ($request_method = POST) {
set $skip_cache 1;
}
if ($query_string != "") {
set $skip_cache 1;
}
# Don't cache URIs containing the following segments
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php
|sitemap(_index)?.xml") {
set $skip_cache 1;
}
# Don't use the cache for logged-in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass
|wordpress_no_cache|wordpress_logged_in") {
set $skip_cache 1;
}
location / {
autoindex on;
client_max_body_size 1000M;
try_files $uri $uri/ /index.php$is_args$args;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires 1s;
log_not_found off;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache WORDPRESS;
fastcgi_cache_valid 60m;
fastcgi_cache_lock on;
expires 1s;
add_header X-FastCGI-Cache $upstream_cache_status;
}
location ~ /.well-known {
allow all;
}
location ^~ /.well-known/acme-challenge/ {
allow all;
default_type "text/plain";
try_files $uri =404;
}
}
I created test file in /var/www/wordpress/.well-known/acme-challenge/ folder.
when I load https://example.com/.well-known/acme-challenge it gives me nice 404 from wordpress.
when I load https://example.com/.well-known/acme-challenge/ it gives me below error
404 Not Found
nginx/1.14.0 (Ubuntu)
when I try to load https://example.com/.well-known/acme-challenge/test also it gives me. below 404 error.
404 Not Found
nginx/1.14.0 (Ubuntu)
Because of this my ssl renew fails.
What am I missing here ?

trouble with two locations in nginx config

I have 2 links: myserver.org and myserver.org/support
I need first link follow to /var/www/myserver.org and second to /var/www/support
My config now:
first file & link
server {
listen 80 default_server;
server_name groupmanager.org;
charset utf-8;
root /var/www/groupmanager.org;
index index.php;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
access_log /var/log/nginx/groupmanager.org_access.log;
error_log /var/log/nginx/groupmanager.org_error.log;
include /etc/nginx/templates/php-fpm.conf;
}
server {
listen 80;
server_name www.groupmanager.org;
rewrite ^(.*) http://groupmanager.org$1 permanent;
}
Second file & link:
server {
listen 80;
server_name 163.172.88.31/support;
charset utf-8;
root /var/www/support;
index index.php;
access_log /var/log/nginx/support_access.log;
error_log /var/log/nginx/support_error.log;
include /etc/nginx/templates/php-fpm.conf;
}
server {
listen 80;
server_name www.163.172.88.31/support;
rewrite ^(.*) http://163.172.88.31/support$1 permanent;
}
php-fpm.conf
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~ /\.ht {
deny all;
}
location ~* \.(gif|jpeg|jpg|txt|png|tif|tiff|ico|jng|bmp|doc|pdf|rtf|xls|ppt|rar|rpm|swf|zip|bin|exe|dll|deb|cur)$ {
expires 168h;
}
location ~* \.(css|js)$ {
expires 180m;
}
First link works fine, second - no. I see '403 Forbidden'
What is not rigth?
Permissions for folders are the same, I think, they are right.
For both /var/www/myserver.org and /var/www/support you have to make two separate nginx config file with two different roots and server names .
besides , if you just want to show two links you can setup nginx for one and link the second one with just an internal link ( if they are in the same page)
Try like this:
include /etc/nginx/default.d/*.conf;
server {
listen 80 default_server;
server_name myserver.org;
charset utf-8;
root /var/www/myserver.org;
index index.php;
include /etc/nginx/default.d/*.conf;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
in /etc/nginx/default.d/ directory , create a .config file test.config:
location myserver.org {
proxy_pass /myserver.org;
}
location myserver.org/support {
proxy_pass /var/www/support;
}
This works:
groupmanager.org.conf
server {
listen 80 default_server;
server_name groupmanager.org;
charset utf-8;
root /var/www/groupmanager.org;
index index.php;
location /support/ {
alias /var/www/support/;
index index.php;
access_log /var/log/nginx/support_access.log;
error_log /var/log/nginx/support_error.log;
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/$fastcgi_script_name;
}
}
access_log /var/log/nginx/groupmanager.org_access.log;
error_log /var/log/nginx/groupmanager.org_error.log;
include /etc/nginx/templates/php-fpm.conf;
}
server {
listen 80;
server_name www.groupmanager.org;
rewrite ^(.*) http://groupmanager.org$1 permanent;
}
php-fpm.conf
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~ /\.ht {
deny all;
}
location ~* \.(gif|jpeg|jpg|txt|png|tif|tiff|ico|jng|bmp|doc|pdf|rtf|xls|ppt|rar|rpm|swf|zip|bin|exe|dll|deb|cur)$ {
expires 168h;
}
location ~* \.(css|js)$ {
expires 180m;
}

Wordpress permalink after migrating to Nginx

My permalinks are ~~/%category%~~/%postname%/~~.html~~.
I migrated from Apache to Nginx.
Then my config file I added in
server{
location /mydirectory/ {
try_files $uri $uri/ /mydirectory/$uri.html;
}
But my browser goes on going to the 404 page.
I tried many codes found after deleting cache but still no success.Any help will be much appreciated
Thank you
I desactivate all my plugins and was able to change my permalinks into
/%postname%/
Here is my my.site.com config (my site is in a sub directory Vie/) :
server {
listen 80;
server_name my.site.com;
location ~ /(vie|\|Vie|Vie)/(.*) {
return 301 https://my.site.com/Vie;
}
return 301 https://my.site.com/Vie$request_uri;
}
server {
listen 443 ssl;
server_name my.site.com;
root /var/www/my.site.com/html;
index index.php index.html;
ssl_certificate /etc/letsencrypt/live/krouus.company/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/krouus.company/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-CAMELLIA256-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA128-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA256';
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_dhparam /etc/nginx/dhparam.pem;
add_header Strict-Transport-Security "max-age=31536000;";
location /Vie/ {
index index.php;
try_files $uri $uri/ /Vie/index.php?$args;
}
location / {
try_files $uri $uri/ /Vie/index.php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffers 4 256k;
fastcgi_buffer_size 128k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
include fastcgi_params;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
}
location ~* commun {
deny all;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ /\.ht {
deny all;
}
location ~ (^|/)\. {
return 403;
}
location ~* \.(?:css|gif|htc|ico|js|jpe?g|png|swf)$ {
expires max;
log_not_found off;
## No need to bleed constant updates. Send the all shebang in one
## fell swoop.
tcp_nodelay off;
## Set the OS file cache.
open_file_cache max=1000 inactive=120s;
open_file_cache_valid 45s;
open_file_cache_min_uses 2;
open_file_cache_errors off;
}
location ~* \.ini$ {
deny all;
return 404;
}
error_page 404 /404.html;
location /404.html {
internal;
}
location ~* /(?:uploads|files)/.*\.(html|htm|shtml|php|js|swf|py|jsp|asp|sh|cgi)$ {
deny all;
}
if ($request_method !~ ^(GET|POST|HEAD)$ ) {
return 444;
}
location ~* wp-includes/theme-compat/ {
deny all;
}
location ~* wp-includes/js/tinymce/langs/.*.php {
deny all;
}
location /wp-includes/ {
internal;
}
location ~* .(pl|cgi|py|sh|lua|asp)$ {
return 444;
}
location ~* /(wp-config.php|readme.html|license.txt|nginx.conf) {
deny all;
}
if (!-e $request_filename) {
rewrite ^.*$ /index.php last;
}
location /xmlrpc.php {
deny all;
}
}
Try this instead. As i was also facing same problem,hope its work for you too.
location /mydirectory{
try_files $uri $uri/ /mydirectory/index.php;
}
Well in fact I solved my problem. I read attentively my ocnfiguration and removed
if (!-e $request_filename) {
rewrite ^.*$ /index.php last;
}
And now my Wordpress works.
Cheerio!

my website download .sh pages instead of display them

when i click on this link for example: http://debian.local/cgi-bin/hobbitcolumn.sh?bbgen it download the .sh file instead of show it.
i tried to put fastcgi_ params in location ^~ /hobbit but still not working.
could you help me please
thanks
here is my sites-available/debian.local.conf:
# /etc/nginx/sites-available/debian.local.conf
# HTTP server
server {
listen 80; ## listen for ipv4; this line is default and implied
#listen [::]:80 default_server ipv6only=on; ## listen for ipv6
# Make site accessible from http://localhost/
server_name debian.local localhost ;
# On redirige toutes les requĂȘtes vers HTTPS
#rewrite ^ https://$server_name$request_uri? permanent;
location ^~ /glpi {
root /home/cedric/web;
index index.php;
location ~ /glpi(/.*\.php) {
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
}
}
location ^~ /hobbit {
alias /usr/lib/hobbit/server/www/ ;
index index.html ;
}
location /cgi-bin/ {
alias /usr/lib/hobbit/cgi-bin/;
}
location /cgi-secure/ {
alias /usr/lib/hobbit/cgi-secure/ ;
}
}
server {
listen 443 ssl;
server_name debian.local localhost ;
root html;
index index.html index.htm;
# Use a self-signed certificate to ensure
# secure connexion to phpmyadmin
ssl_certificate debian.local.crt;
ssl_certificate_key debian.local.key;
ssl_session_timeout 5m;
# Access only latest browsers
ssl_protocols TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
location / {
try_files $uri $uri/ =404;
}
location /zabbix {
if ($scheme ~ ^http:){
rewrite ^(.*)$ https://$host$1 permanent;
}
alias /usr/share/zabbix;
index index.php;
error_page 403 404 502 503 504 /zabbix/index.php;
location ~ \.php$ {
if (!-f $request_filename) { return 404; }
expires epoch;
include /etc/nginx/fastcgi_params;
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
location ~ \.(jpg|jpeg|gif|png|ico)$ {
access_log off;
expires 33d;
}
}
location /phpmyadmin {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
location /phpMyAdmin {
rewrite ^/* /phpmyadmin last;
}
## Xcache admin pages
location /xcache {
alias /usr/share/xcache/;
try_files $uri $uri/ /index.php;
location ~ ^/xcache/(.+\.php)$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi_params;
}
}
}
this is what appear instead of the web page:
#!/bin/sh QS="${QUERY_STRING}" QUERY_STRING="db=columndoc.csv&key=${QS}" export QUERY_STRING . /usr/lib/hobbit/server/etc/hobbitcgi.cfg exec /usr/lib/hobbit/server/bin/bb-csvinfo.cgi $CGI_HOBBITCOLUMN_OPTS
You should use the default_type directive in the interested location, for example:
location /cgi-bin/ {
alias /usr/lib/hobbit/cgi-bin/;
default_type text/plain;
}
I made it work.
This helped me: https://www.howtoforge.com/serving-cgi-scripts-with-nginx-on-debian-squeeze-ubuntu-11.04-p3
i intalled Fcgiwrap and edited my sites-available/debian.local.conf like this:
location /cgi-bin/ {
# Disable gzip (it makes scripts feel slower since they have to complete
# before getting gzipped)
gzip off;
# Set the root to /usr/lib (inside this location this means that we are
# giving access to the files under /usr/lib/cgi-bin)
alias /usr/lib/hobbit/cgi-bin/;
# Fastcgi socket
fastcgi_pass unix:/var/run/fcgiwrap.socket;
# Fastcgi parameters, include the standard ones
include /etc/nginx/fastcgi_params;
# Adjust non standard parameters (SCRIPT_FILENAME)
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
Thanks.

Resources