I'm trying to restrict direct access to .php files on web server.
Used allow localhost;deny all;. However, this restricts access also to index.php.
How to overcome this issue? Is there something like IF conditions?
My config:
if ($request_uri ~* "^(/)index\.php$") {
return 301 $1;
}
location / {
try_files $uri $uri/ /index.php?$args;
rewrite ^/(\w+)$ /?system=$1 break;
rewrite ^/(\w+)/(\w+)(/.)*$ /?system=$1&id=$2 break;
rewrite ^/(.*)/$ /$1 permanent;
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param PHP_VALUE "auto_prepend_file=/usr/share/nginx/html/web/config.php";
}
}
What's commonly done is that you add a RewriteRule to an .htaccess file. This makes it possible to redirect all traffic to the index.php as you wish.
This solution even allows you to add the requested URL as an URL-parameter, so it is accessible within index.php as a $_GET variable.
Since .htaccess is only a solution for an Apache server it cannot be applied one-on-one here. This blog post on NGINX's website explains how it's done on NGINX: https://www.nginx.com/blog/creating-nginx-rewrite-rules/
Instead of matching all PHP files, match just index.php and reject all others, like this:
location = /index.php {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param PHP_VALUE "auto_prepend_file=/usr/share/nginx/html/web/config.php";
}
location ~ \.php$ {
return 301 $scheme://$http_host/index.php;
}
If you want to allow posts from the server to itself add the following for the URI
location = /post.php {
allow 127.0.0.1/24;
deny all;
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param PHP_VALUE "auto_prepend_file=/usr/share/nginx/html/web/config.php";
}
Edit: Alternative Configuration
server {
listen 80;
location = /index.php {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param PHP_VALUE "auto_prepend_file=/usr/share/nginx/html/web/config.php";
}
location ~ \.php$ {
return 301 $scheme://$http_host/index.php;
}
}
server {
listen 127.0.0.1:81;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param PHP_VALUE "auto_prepend_file=/usr/share/nginx/html/web/config.php";
}
}
Local requests would then need to be directed to port 81, ie:
curl http://localhost:81/myscript.php
Related
I am trying to get nginx to route all requests starting with /embed to /home/forge/dev.tline.io/embed/index.php
My Nginx config:
location /embed {
root /home/forge/dev.tline.io;
try_files /embed/index.php =404;
}
location / {
root /home/forge/dev.tline.io;
index index.html index.htm;
try_files $uri$args $uri$args/ $uri $uri/ /index.html =404;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
All requests go to /embed/index.php but it doesn't run the php file it downloads it.
Note: http://dev.tline.io/embed/index.php is compiled not downloaded
I got it to work if add
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
into location /embed but there should be a better way to do this
This should execute /embed/index.php for all /embed URLs:
server {
root /home/forge/dev.tline.io;
location / {
index index.html index.htm;
try_files $uri$args $uri$args/ $uri $uri/ /index.html =404;
}
location /embed {
fastcgi_param SCRIPT_NAME $document_root/embed/index.php;
fastcgi_param SCRIPT_FILENAME $document_root/embed/index.php;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
include fastcgi_params;
}
}
Please try out the following code,
map $request_uri $rot {
"~ /embed" /home/forge/dev.tline.io/embed/;
default /home/forge/dev.tline.io/;
}
map $request_uri $ind {
"~ /embed" index.php;
default index.html;
}
server {
...
root $rot;
index index.php index.html index.htm;
...
location / {
try_files $uri$args $uri$args/ $uri $uri/ /$ind =404;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
...
}
If this doesn't work out, try switching $ind position suitably, and check error log in case of extra '/' found.
I have a little experience with configuring nginx server and here is my trouble.
I am trying set correct locations. I have two directs: address.com and address.com/api.
For last direction(API) I have setted locations and it works fine. API is located in /var/www/project/api folder.
root /var/www/project;
index index.php;
server_name localhost;
location /api {
try_files /api/$uri $uri/ /api/index.php?$query_string;
fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^/api/(.+\.php)(/.+)$;
fastcgi_intercept_errors on;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_keep_conn on;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_buffer_size 32k;
fastcgi_busy_buffers_size 64k;
fastcgi_buffers 4 32k;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
}
Now I need implement root for address.com to /var/www/project/website. And here I have some troubles.
First thing, what I did I had written that:
location / {
alias /var/www/project/website/;
}
And then I tried to add many different variants and here is my last note.
I have put it inside location / {}
location ~ ^/(.+\.php)$ {
alias /var/www/project/website/;
include /etc/nginx/fastcgi.conf;
proxy_intercept_errors on;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_intercept_errors on;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
}
In /etc/nginx/fastcgi.conf file I have added
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_script_name;
And I get all time 403 Forbidden or 404 Not found or in nginx errors log is written that, for example, /var/www/project/website/... is not found.
Has somebody experience with nginx configuring and can tell, how to set /website location correct?
Something like that:
server {
listen 80;
server_name localhost;
root /var/www/src/website;
index index.php index.html;
error_log /var/log/nginx/error.log;
location / {
try_files $uri $uri/ =404;
}
location /test {
try_files $uri $uri/test.html =404;
}
location /api/ {
alias /var/www/src/api/;
try_files $uri $uri/ /index.php =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
location /pmants {
root /var/www/src/;
index index.php index.html index.htm;
location ~ ^/pmants/(.+\.php)$ {
try_files $uri =404;
root /var/www/src/;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
location ~* ^/pmants/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /var/www/src/;
}
}
location ~* \.php {
include fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_cache off;
fastcgi_index index.php;
}
}
I want to make a sub directory my on web server, system that serves a backend from another folder for people, but I am having some difficulty.
The server configuration should translate system as index.php of the /srv/www/xxx/backend/web, essentially system should alias to the index of another directory.
I have a configuration like:
location /system {
alias /srv/www/xxx/backend/web;
rewrite ^(.*) /index.php?r=$1;
return 200 $document_root$fastcgi_script_name;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
try_files $uri =404;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
location / {
rewrite /(.*) /index.php?r=$1;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
try_files $uri =404;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
I have tried numerous iterations (including using root), however even though I can get:
return 200 $document_root$fastcgi_script_name;
to give me:
/srv/www/xxx/backend/web/index.php
and I have vi'ed into this file to make sure it works when I take out the return wget gives me a 404. I am sure I am missing something really simple.
Can someone help me understand what is wrong?
As location php is nested the /index.php URI is not resolved here but in the last block of your configuration. Due to a long standing bug in nginx alias doesn't work with try_files so you need to use the root/rewrite couple instead. So you can fix this with :
location /system {
root /srv/www/xxx/backend/web;
rewrite ^/system/(.*)$ /$1 break;
try_files $uri /system/index.php?r=$uri;
location ~ \.php$ {
rewrite ^/system/(.*)$ /$1 break;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
try_files $uri =404;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
location / {
rewrite /(.*) /index.php?r=$1;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
try_files $uri =404;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
To complete the accepted answer, I add some parts to get static files working:
location ~ ^/system(.*) {
root /srv/www/xxx/backend/web;
rewrite ^/system/(.*)$ /$1 break;
try_files $uri /system/index.php?r=$1&$args;
location ~ \.php$ {
rewrite ^/system/(.*)$ /$1 break;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
try_files $uri =404;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ (.*\.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar|mp4|ogg|woff|ttf))$ {
rewrite ^/system/(.*)$ /$1 break;
try_files $uri =404;
}
}
The last location solves the static files problem whereby files would not load from this place.
I'm trying to test DreamVids (https://github.com/DreamVids/DreamVids on branch v2) on my server with Nginx and PHP-FPM.
But i have a problem when i try to access it, it downloads a file.
My configuration is :
server {
server_name mydomain.fr;
root /home/dreamvids/DreamVids;
index index.html index.htm index.php;
error_page 404 index.php;
autoindex off;
location / {
try_files $uri /index.php$is_args$args;
if (!-e $request_filename){
rewrite ^(.*)$ /index.php?/$1 break;
}
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi_params;
}
}
Thanx for help
server {
listen 80;
root /home/dreamvids/DreamVids;
index index.html index.htm index.php;
server_name example.com;
location / {
try_files $uri /index.php$is_args$args;
if (!-e $request_filename){
rewrite ^(.*)$ /index.php?/$1 break;
}
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi_params;
}
}
I am trying to setup my Laravel 4 project using nginx . Here is my nginx server block for laravel :
server {
listen 80;
root /home/prism/www/laravel/public;
index index.php index.html index.htm;
server_name example.com;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
But my problem is , Its showing "404 not found" error for all other routes except the default one , that comes with default installation .
This is an NGINX Configuration i've used with Laravel 4 and Laravel 4.1 that works.
server {
listen 80;
server_name sub.domain.com;
set $root_path '/var/www/html/application_name/public';
root $root_path;
index index.php index.html index.htm;
try_files $uri $uri/ #rewrite;
location #rewrite {
rewrite ^/(.*)$ /index.php?_url=/$1;
}
location ~ \.php {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index /index.php;
include /etc/nginx/fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~* ^/(css|img|js|flv|swf|download)/(.+)$ {
root $root_path;
}
location ~ /\.ht {
deny all;
}
}
you could try this for location / { ... }
location / {
try_files $uri $uri/ /index.php?$query_string;
}
$query_string worked for me.