Recently we have migrated from Apache2 to Nginx server. Consider we have domain www.test.com and following is the www.test.com.conf and I had disabled default Nginx default file.
server {
server_name www.test.com;
# Character Set
charset utf-8;
# Logs
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# Directory Indexes
index index.html index.htm index.php;
# Document Root
root /var/www/html/project1/public;
# Location
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
# Error Pages
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
# PHP-FPM Support
location ~ \.php$ {
fastcgi_read_timeout 240;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; #/var/run/php5-fpm.sock;
#include fastcgi.conf;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# Block access to .htaccess
location ~ \.htaccess {
deny all;
}
client_body_timeout 10s;
client_header_timeout 10s;
client_max_body_size 100M;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.test.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.test.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.test.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen *:80;
server_name www.test.com;
return 404; # managed by Certbot
}
With the above configuration, I can access https://www.test.com without issues. In this case root /var/www/html/project1/public. Now to access multiple applications from the same domain I had changed the root directive to /var/www/html/ and tried to access https://www.test.com/project1/public but I'm getting the following error
FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream
May I know the reason for this issue? my application is Lumen which is a mirco service framework by Laravel.
By changing the following blocks it is working for me
from root /var/www/html/project1/public; to root /var/www/html;
And we need to add multiple location blocks based on the requirement. Consider I want to access two Lumen/ Laravel applications from single domain, then I need to add two location blocks as
location /project1/public {
try_files $uri $uri/ /project1/public/index.php$is_args$args;
}
location /project2/public {
try_files $uri $uri/ /project2/public/index.php$is_args$args;
}
Credits go to Richard Smith
Related
I've setup a debian 9 server using LEMP stack. On the site http://domain_name I have phpmyadmin setup phpmyadmin is working on https as well, and on http://domain_name:port/api I get response from the sql db hosted on phpmyadmin for an api call. The data comes as raw JSON data.
But over https, I'm not able to send data. What should I do to send the data over https.
Here is a screenshot of the issue
I created a seperate config file domain.conf, in the /etc/nginx/conf.d dir these are the contents.
server{
server_name domain_name www.domain_name;
access_log /var/log/nginx/phpmyadmin_access.log;
error_log /var/log/nginx/phpmyadmin_error.log;
root /usr/share/phpmyadmin;
index index.html index.htm index.php;
# Images and static content is treated different
location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|xml)$ {
access_log off;
expires 360d;
}
location ~ /\.ht {
deny all;
}
location ~ /(libraries|setup/frames|setup/libs) {
deny all;
return 404;
}
location ~ \.php$ {
# include snippets/fastcgi-php.conf;
# fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain_name/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain_name/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;}
server{if ($host = domain_name) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name domain_name www.domain_name ;
return 404; # managed by Certbot}
Figured it out, so basically this conf file was hosting the phpmyadmin, and i was also trying to host another project on this, thats why it didnt work, instead I created a seperate conf file and connected the phpmyadmin conf file with the new conf file. Another thing to note here is that, you cannot add a port after a domain and that was another reason why this error was prevailing.
I want to deny access to few directories, as well as all sub-directories and files, including JS/CSS files.
I have this configuration, and it works for the most part, but it doesn't deny access to .js file I have.
server {
listen 80;
server_name DOMAIN www.DOMAIN;
root /home/me/www/app;
index index.php index.html index.htm;
autoindex on;
client_max_body_size 20m;
fastcgi_read_timeout 600;
#Forbid access to these directories
location ~ /(data|dev|py)/ {
deny all;
return 403;
}
#Force download on PDF files
location ~* /(.*\.pdf) {
types { application/octet-stream .pdf; }
default_type application/octet-stream;
}
location / {
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}
#API
location /api/v1/ {
index index.php;
try_files $uri $uri/ /api/v1/index.php?$args;
}
#php support
location ~ [^/]\.php(/|$) {
include /etc/nginx/conf.d/php_generic;
fastcgi_param DOCUMENT_ROOT /home/me/www/site1;
fastcgi_pass unix:/var/run/php/php-fpm-me.sock;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
error_log /home/me/logs/error.log;
access_log /home/me/logs/access.log;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
Any ideas?
EDIT / RESOLVED
Well, the website is behind CloudFlare, so after 30 minutes of pulling my hair off, link is no longer accessible, which tells me that CloudFlare had it cached and served it, even tho nginx config was changed.
i'm new to nginx and i have a problem with virtual host. The virtual host didn't work when i try to access the vhost it'll be redirect to localhost "Welcome to nginx". Here are the contents of my config:
/etc/hosts config:
127.0.0.1 localhost localhost.localdomain
::1 localhost localhost.localdomain
****Generated by Admin****
18.200.10.50 mail.testingweb.com
18.200.10.50 testingweb.com
SSL config on /etc/nginx/conf.d/ssl.conf:
server {
listen 443 default_server ssl;
server_name testingweb.com;
ssl_certificate /etc/nginx/sslcert/xxxx.crt;
ssl_certificate_key /etc/nginx/sslcert/xxxxx.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
keepalive_timeout 70;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNU$
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
root /usr/share/nginx/html;
index index.php index.html index.htm;
}
location ~ \.php$ {
try_files $uri =404;
# With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
/etc/nginx/sites-available/default config:
server {
listen 80 default_server;
# listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/xhtml;
index index.php index.html index.htm;
# Make site accessible from http://localhost/
server_name testingweb.com;
return 301 https://$host$request_uri;
location / {
try_files $uri $uri/ =404;
}
error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
try_files $uri =404;
# # With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
server {
listen 80;
listen 443;
return 403;
}
I want to access another sites from new root directory, /usr/share/nginx/html/www on www directory there is a wordpress.
/etc/nginx/sites-available/testingweb config:
server {
listen 80 default_server;
# listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html/www;
index index.php index.html index.htm;
# Make site accessible from http://localhost/
server_name testingweb.com;
# rewrite ^ https://$http_host$request_uri? permanent;
return 301 https://$host$request_uri;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php?q=$uri&$args;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules;
}
error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
try_files $uri =404;
# # With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# location = /favicon.ico {
# alias /usr/share/nginx/html/favicon.ico;
# }
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
According the configs, what's wrong with my config ? i cannot access the wordpress file on /usr/share/nginx/html/www directory by domain testingweb.com ? its always redirect to default host instead of testingweb host ?
sorry for my bad english..
This is a revised version of the nginx configuration from your pastebin code:
server {
listen 80;
# listen [::]:80 default_server ipv6only=on;
# Make site accessible from http://devdev.com/
server_name devdev.com;
return 301 https://$host$request_uri;
}
# HTTPS server
#
server {
listen 443 default_server ssl;
server_name devdev.com;
root /var/www;
index index.php index.html index.htm;
# uncomment to add your access log path here
# access_log /var/log/nginx/devdev.com.access.log main;
ssl_certificate /etc/ssl/ssl-unified.crt;
ssl_certificate_key /etc/ssl/ssl-my-private-decrypted.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
keepalive_timeout 70;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS +RC4 RC4";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location #default {
rewrite ^/(.*) /index.php?uri=$request_uri last;
}
location / {
try_files $uri $uri/index.php #default;
}
location ~ \.php$ {
try_files $uri =404;
# With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
The first server block listening on port 80 just redirects to https://devdev.com/. This will redirect all http requests to https so you don't need any other processing rules.
The second server block listens on port 443 and will proxy requests with a path ending with .php to php-fpm (you want to double-check that it's running on a unix socket and your permissions are correct).
The location block matching the / prefix (location /) will try to match files in the request URI and handle the request appropriately. For example:
If the request is for /index.php and the file exists, the following block will match the .php suffix and proxy to php-fpm.
If the request is for /foo and there's no match for a file by that name, nginx will try to match /foo/index.php and then proxy to php-fpm.
If there is still no match, try_files will use the #default location block, which just sends the request to your top-level /index.php with the request URI as parameters.
If your WordPress site is located in /var/www -- the top-level entry point should be /var/www/index.php -- this configuration should work. You might need to tweak the configurations based on your WordPress settings -- though this is generic enough that it should work without a lot of changes.
index.html works properly. But my config from sites-enabled won't work on index.php file (it doesn't even display echo, or any text before/after php tags). I have all needed dependencies installed.
I need to execute index.php, that's linked to composer autoloader, and executes router (that must take uri from server). Thanks in advance!
This is my default file in sites-enabled:
# You may add here your
# server {
# ...
# }
# statements for each of your virtual hosts to this file
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html/multisite;
index index.html index.htm index.php;
# Make site accessible from http://localhost/
server_name mypage.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php?q=$uri&$args;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
# Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
#location /RequestDenied {
# proxy_pass http://127.0.0.1:8080;
#}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root /usr/share/nginx/html;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
#
# # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# root html;
# index index.html index.htm;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
# HTTPS server
#
#server {
# listen 443;
# server_name localhost;
#
# root html;
# index index.html index.htm;
#
# ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
#
# ssl_session_timeout 5m;
#
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don't use SSLv3 ref: POODLE
# ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
# ssl_prefer_server_ciphers on;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
You should have this structure to get your PHP-FPM working correctly
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html;
index index.php index.html index.htm;
server_name server_domain_name_or_IP;
location / {
try_files $uri $uri/ =404;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
This way you can enable the errors section and the necessary script to get your PHP-FPM up and runnig
I hope it helps.
You didn't define fastcgi_params SCRIPT_FILENAME.
Try adding this to you php location :
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
I am not a NGINX expert but there may be a problem with your /index.php?q=$uri&$args try_files directive.
try_files $uri $uri/ /index.php?q=$uri&$args;
Is good for some CMS as explained in the pitfalls page of Nginx.
As cited:
Note - the parameter names are different based on the package you’re
using. For example:
q is the parameter used by Drupal, Joomla, WordPress
page is used by CMS Made Simple
My company is running a webserver with nginx. The configuration is set so that every request on a certain server block are forcefully rewritten to https, using a location block. This is the full configuration for a specific domain:
# HTTP server
server {
listen 80;
server_name www.mydomain.it mydomain.it admin.mydomain.it;
rewrite ^(.*) https://$host$1 permanent;
}
# HTTPS server
server {
listen 443;
server_name www.mydomain.it mydomain.it admin.mydomain.it;
root /usr/share/nginx/html/mydomain_server;
ssl on;
ssl_certificate /etc/certs/mydomain-bundle.crt;
ssl_certificate_key /etc/certs/mydomain.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/mydomain.ssl.access.log main;
error_log /var/log/nginx/mydomain.ssl.error.log error;
location / {
try_files $uri $uri/ =404;
}
error_page 404 /404-mydomain.html;
error_page 500 502 503 504 /50x.html;
location ~ \.php$ {
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
try_files $uri =404;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
This domain serves several implementations of the same software to different customers, and works like this:
Customer John: www.domain.com/John
Customer Ada: www.domain.com/Ada
etc...
Obviously, as you can see, all accesses to such URLS are redirected to HTTPS.
Now, there is a particular need for a single customer not this to happen.
I've been reading the official doc here about locations, which tells I can't non-match a particular expression (as stated here too), and I can't find a way to have it work.
I've tried to add another location block matching the customer path before the default one, like this:
server {
listen 80;
server_name www.mydomain.it mydomain.it admin.mydomain.it;
root /usr/share/nginx/html/mydomain_server;
location ^~ /Mole/ {
try_files $uri $uri/ =404;
}
location / {
rewrite ^(.*) https://$host$1 permanent;
try_files $uri $uri/ =404;
}
}
which is not working, as Mole is still being redirected to HTTPS. I've tried using "~", "=" and even simply "location /Mole/", without success. Not a browser cache problem as I've tried already flushing it. What am I missing?
You could try using the map directive to identify customers who prefer to use http:
map $uri $use_https {
default 1;
~^/Mole/ 0; # add other exceptions as needed
}
server {
listen 80;
server_name www.mydomain.it mydomain.it admin.mydomain.it;
root /usr/share/nginx/html/mydomain_server;
location / {
if ($use_https) { # consider using 302 for testing
return 301 https://$host$request_uri;
}
try_files $uri $uri/ =404;
}
}