access link : http://142.93.60.127/phpmyadmin
my phpmyadmin.conf file is
server {
listen 80;
server_name 142.93.60.127;
location /phpmyadmin {
index index.php;
root /usr/share/phpMyAdmin;
}
## Images and static content is treated different
location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|xml)$ {
access_log off;
expires 30d;
}
location ~ /\.ht {
deny all;
}
location ~ /(libraries|setup/frames|setup/libs) {
deny all;
return 404;
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/phpMyAdmin$fastcgi_script_name;
}
}
Usually when I have this problem it's a permissions issue.
Make sure you have the correct permissions on the /usr/share/phpMyAdmin directory and the files in it. The user that nginx is running on needs execute access to the directories and read access to the files.
Also try moving your "root" flag outside of the location flag:
server {
listen 80;
server_name 142.93.60.127;
root /usr/share/phpMyAdmin;
location / {
index index.php;
}
....
}
I solve this problem and write a blog about this
solution
Related
Hi there!
I'am trying to configure Nginx for 2 yii projects, frontend for users and admin for admins with only one domain (no sub domain). I need to configure it in a way such that mydomain.com should refer to frontend and mydomain.com/admin to admin. The problem is I'am being able to configure only one of them at a time, meaning I can use frontend or admin not both of them.
What I have tried
front.conf
server {
listen 80;
server_name api.maim.experiments.uz;
return 301 https://$server_name$request_uri;
}
server {
charset utf-8;
client_max_body_size 128M;
listen 443 ssl;
ssl_certificate_key privkey.pem;
ssl_certificate fullchain.pem;
ssl_protocols TLSv1.2;
set $host_path "/home/itschool/inha_dev/frontend";
server_name api.maim.experiments.uz;
root $host_path/web;
set $yii_bootstrap "index.php";
access_log /var/log/nginx/itschool-access.log;
error_log /var/log/nginx/itschool-error.log;
location / {
index index.html $yii_bootstrap;
try_files $uri $uri/ /index.php;
}
location ~ ^/(protected|framework|themes/\w+/views) {
deny all;
}
location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
try_files $uri =404;
}
location ~ \.php$ {
set $fsn /index.php;
if (-f $document_root$fastcgi_script_name){
set $fsn $fastcgi_script_name;
}
fastcgi_pass 127.0.0.1:9002;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fsn;
}
location ~ /\.(ht|svn|git) {
deny all;
}
location ~* /\. {
deny all;
access_log off;
log_not_found off;
}
}
back.conf
server {
listen 80;
server_name api.maim.experiments.uz;
return 301 https://$server_name$request_uri;
}
server {
charset utf-8;
client_max_body_size 128M;
listen 443 ssl;
ssl_certificate_key privkey.pem;
ssl_certificate fullchain.pem;
ssl_protocols TLSv1.2;
set $host_path "/home/itschool/inha_dev/backend";
server_name api.maim.experiments.uz;
root $host_path/web;
set $yii_bootstrap "index.php";
access_log /var/log/nginx/itschool-access.log;
error_log /var/log/nginx/itschool-error.log;
location ^~ /admin {
alias /home/itschool/inha_dev/backend/web;
if (!-e $request_filename) { rewrite ^ /admin/index.php last; }
location ~ \.php$ {
if (!-f $request_filename) { return 404; }
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_pass 127.0.0.1:9002;
}
}
location ~ /\.(ht|svn|git) {
deny all;
}
location ~* /\. {
deny all;
access_log off;
log_not_found off;
}
}
I found some questions with answers but they didn't work for me, please help.
I have recently use similar configuration to support web application / mobile application and admin panel on single domain
I hope this could help you out. Below is the configuration
server {
listen 80;
set $root /var/www/html/application;
#here we go
#if backend not found in url then set root url
if ($uri !~ "^(.*)/(backend)(.*)") {
set $root /var/www/html/application/frontend/web;
}
# when request is coming from mobile then display mobile site
# you don't need this one, I just written in order to explain the mobile application navigation.
if ($http_user_agent ~* "android|blackberry|googlebot-mobile|iemobile|ipad|iphone|ipod|opera mobile|palmos|webos") {
set $root /var/www/html/application/mobile/web;
}
root $root;
index index.php index.html index.htm index.nginx-debian.html;
server_name your_domain;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
}
location / {
index index.html index.php;
if (!-e $request_filename){
rewrite ^/(.*) /index.php?r=$1 last;
}
}
location ~ /\.ht {
deny all;
}
}
Also have a look in official document of Yii2 to setup yii2-app-advanced on single domain (Apache, Nginx).
CLICK HERE
One more thing that you need to know is if you want to change backend/web to admin then you also have to made some changes in Yii2 application.
One domain will lead all requests to one IP (server). Nginx will use the first server block matching server_name https://nginx.org/en/docs/http/request_processing.html so you need to put all configuration on one file and use location to separate them.
You can move location ^~ /admin at the beginning of the front.conf locations and play with roots;
Or you can create a proxying config file that will contain just a little.
Something like that
location /admin {
proxy_pass http://localhost:8001;
}
location / {
proxy_pass http://localhost:8002;
}
Using the latter one you should change front & back configs to listen to other ports. Also, an SSL certificate was given for a domain, not URL. So you can use it only in the proxying config.
If you follow some of the key instructions from option 1 of Yii2 Single Domain Apache and Nginx you should be able to accomplish what you want.
Per the referenced link, Option 1:
Assuming Linux OS
cd /path/to/project/frontend/web
ln -s ../../backend/web backend
and set your nginx file
server {
charset utf-8;
client_max_body_size 128M;
listen 80; ## listen for ipv4
#listen [::]:80 default_server ipv6only=on; ## listen for ipv6
server_name api.maim.experiments.uz;
root /home/itschool/inha_dev/frontend/web;
index index.php;
access_log /var/log/nginx/itschool-access.log;
error_log /var/log/nginx/itschool-error.log;
location / {
# Redirect everything that isn't a real file to index.php
try_files $uri $uri/ /index.php$is_args$args;
}
# uncomment to avoid processing of calls to non-existing static files by Yii
#location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
# try_files $uri =404;
#}
#error_page 404 /404.html;
# deny accessing php files for the /assets directory
location ~ ^/assets/.*\.php$ {
deny all;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass 127.0.0.1:9000;
#fastcgi_pass unix:/var/run/php5-fpm.sock;
try_files $uri =404;
}
location ~* /\. {
deny all;
}
}
Not: See below link for the Option-2, if the above does not work:
Yii2 Single Domain Apache and Nginx
i need your help with setting location allow,
location /route {
deny [my-ip];
}
So this works, it doesn't let me access the route
Throws this error
403 Forbidden
nginx/1.10.0 (Ubuntu)
And this...
location /route {
allow [my-ip];
deny all;
}
Doesn't let me access but it's supposed to let me access the route, can't understand why, it shows this error
404 Not Found
nginx/1.10.0 (Ubuntu)
Config file (with two examples on routes):
# Add index.php to the list if you are using PHP
index index.php index.html index.htm;
server_name [my-domain];
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php?$query_string;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
# Phpmyadmin Configurations
location /phpmyadmin {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
#fastcgi_pass 127.0.0.1:9000;
#fastcgi_param HTTPS on; # <-- add this line
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~* ^/phpmyadmin/(.+\.
(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
# Dealing with the uppercased letters
location /phpMyAdmin {
rewrite ^/* /phpmyadmin last;
}
location /logs {
deny [myip];
}
location /admin {
allow [myip];
deny all;
}
for anybody else who is searching for the solution. This did it for me after long try and error:
location = /phpmyadmin/index.php {
allow 1.2.3.4;
deny all;
....
}
Make sure you use the "=" sign or else it won't work.
So your problem is not the allow and deny. It is root /usr/share/; Since you have placed it into a location block location /phpmyadmin, it can not be found by location \admin therefore, it returns 404. Try to place the root /usr/share/ to the server block instead of a location block.
I'm hosting a website on /test/ but files can be accessed by going to the url if user knows filename. Ex:
domain.com/test/readmesample.txt
I have it setup like above but now when i go to domain.com/test the index.html file wont load and I get a 403 forbidden.
How can i set it up so when going to /test it allows the html file to load while still blocking files inside that directory? This includes files, folders and .files other than index.html.
location ~ /test {
deny all;
}
Here is my config file
server {
listen 80;
listen 443 ssl default_server;
root /config/www;
index index.html index.htm index.php;
server_name www.domain.com;
ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
ssl_dhparam /config/nginx/dhparams.pem;
ssl_ciphers 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
ssl_prefer_server_ciphers on;
client_max_body_size 0;
location / {
try_files $uri $uri/ /index.html /index.php?$args =404;
}
location ~ /new {
deny all;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# With php5-cgi alone:
fastcgi_pass 127.0.0.1:9000;
# With php5-fpm:
#fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
Thank you in advance
You can explicitly break out /test/index.html with:
location = /test/index.html {
}
location ^~ /test {
deny all;
}
The exact match location has highest precedence, and the ^~ modifier places the precedence of the prefix location above regular expression locations at the same level.
See this document for more.
I think I figured it out not sure if it's the proper way but it works. Feel free to correct me
location /test {
location ~ \.(txt|gif|jpg|png)$ {
deny all;
}
}
Using that blocks access to all those extensions in /test and inside any sub directory.
I prefer return 444; than deny all;
Deny all show server name
Nginx configuration disallow or allow files access
Richard Smith's answer is correct. Here is another correct answer:
location ^~ /test {
try_files /test/index.html =404
}
I have 2 nginx configurations. Both of them work well alone. One of them is for drupal (frontend) and one of them is the backend. At the end I would like to have mydomain.com/ = frontend & mydomain.com/backend = backend.
Unfortunately I don't know what I have to do to make this work.
Here both configs:
//Drupal
upstream fcp {
server unix:/var/run/php-fpm.sock;
}
server {
listen 80;
server_name www.example.com;
root /usr;
location / {
index index.php;
}
location ~ \.php$ {
fastcgi_pass fcp;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
include /usr/local/nginx/conf/fastcgi_params;
}
}
// ====== //
// Backend-Software
upstream backend{
server unix:/var/run/php-fpm.sock;
}
server {
[...]
server_name www.example.com;
root /usr/backend/wwwroot;
#Generic definition
location / {
index index.php;
try_files $uri $uri/ /index.php?route=$uri&$args;
}
#backend.net frontend controller (redirect these calls to PHP-FPM)
location ~ ^/index.php {
fastcgi_pass backend;
fastcgi_param SCRIPT_FILENAME /usr/backend/wwwroot$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
# Internal link to the files for X-Accel support
location /_files {
internal;
alias /usr/backend/_files/filesource/;
}
#Static Resources
location /wwwres/ {
expires 365d;
alias /usr/backend/wwwres/;
}
location ~ ^/wwwres/mod/([^/\.]*)/(.*)$ {
expires 365d;
alias /usr/backend/modules/$1/wwwres/$2;
}
location ~ ^/wwwres/vendor/([^/\.]*)/([^/\.]*)/(.*)$ {
expires 365d;
alias /usr/backend/vendor/$1/modules/$2/wwwres/$3;
}
location ~ ^/wwwres/theme/set_([^/\.]*)/(.*)$ {
expires 365d;
alias /usr/backend/_files/theme_set/$1/$2;
}
location ~ ^/wwwres/theme/([^/\.]*)/(.*)$ {
expires 365d;
alias /usr/backend/themes/$1/wwwres/$2;
}
location ~ ^/wwwres/vendor_theme/([^/\.]*)/([^/\.]*)/(.*)$ {
expires 365d;
alias /usr/backend/vendor/$1/themes/$2/wwwres/$3;
}
location ~ ^/_cache/(.*)$ {
expires 365d;
alias /usr/backend/_cache/$1;
}
#Error Pages
error_page 404 /static/error/404.php;
error_page 500 504 /static/error/500.php;
error_page 502 /static/error/502.html;
error_page 503 /static/error/503.php;
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
I think you can merge these configurations into one server section. The root in this section can be /usr (from first section - is this correct?) or /usr/backend/wwwroot. You should decide which will be the default (www.example.com): the /usr/index.php or the /usr/backend/wwwroot/index.php. As I see you want /usr/index.php so your root should be /usr. And should add
location /backend {
root /usr/backend;
...
}
The location /_files and "Static Resources" will right because you use alias in every section.
Summary:
http {
server_name example.com;
root /usr;
index index.php;
location /backend_uri {
alias /usr/backend; # if "backend_uri"=="backend" (and root is /usr) this section is unnecessary
}
location /_files {
# same as your post
}
# Static resources
# same as your post
}
I am trying to setup a Nginx / PHP-FPM server on my raspberry Pi (Debian) and I am having trouble getting the php to work correctly.
Text displayed on webpage: This Page is Temporarily Unavailble
I have checked the nginx logs and there are no errors being recorded.
This is my nginx.conf:
# Pi Nginx Config v0.1 10:53 30/01/2014
# NOTE: fastcgi is NOT php5-fpm
server {
listen 1080;
# server_name mysite.org;
charset utf-8;
access_log off;
root /var/www/cms;
index index.php;
location / {
try_files $uri $uri/ /index.php?id=$uri&$args;
}
location ~* /admin/.*\.php$ {
try_files $uri /admin/index.php?id=$uri&$args; # Try the admin index page
include /etc/nginx/fastcgi_params;
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
location ~* \.php$ {
try_files $uri =404; # Try any .php files in root or throw a 404
include /etc/nginx/fastcgi_params;
fastcgi_index index.php;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in /etc/php5/fpm/php.ini
# With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
expires 2h;
}
location ~* \.(?:ico|js|gif|jpg|png)$ {
expires 14d;
}
location ~* \.(htm|css|html)$ {
expires 2d;
}
# this blocks direct access to the XML files (but sitemap.xml) - that hold all the data
location ~* \.xml$ { deny all; }
location ~* \.xml\.bak$ { deny all; }
location = /sitemap.xml { allow all; }
# this prevents hidden files (beginning with a period) from being served
location ~ /\. { deny all; }
location ^~ /uploads/ {
if ($request_uri ~* \.php$) {return 403;}
}
}
I do not have enough experience to see anything wrong with this config. My server is on port 1080 and the server root is within the cms directory.
Any help would be greatly appreciated.