Conditional rewriting, how to manage PHP scripts? - nginx

I need to create an API gateway that I can't test... But the problem is about manage PHP scripts.
What I need
all files HTML or PHP
special names as my1 and issn redirect to localhost at port 2018
special names as my2 and my3 redirect to ETC.php
Explanation
Pseudocode with details of "What I need",
if ($uri exists) {
if extension is .php use it with php7.0-fpm.sock
else use it as static page;
} else
try the #proxy_rewrite_engine;
#proxy_rewrite_engine =
if (regex ^\(my[23])$ use
ETC.php;
elseif (regex ^/(\d+)/my1$ use
http://127.0.0.1:2018?type=int&val=$1
elseif ^/([0-9]+\-\d+[Xx]?)/issn$ use
http://127.0.0.1:2018?type=str&val=$1
else
say error;
What I try
My problematic solution, please show a real solution, translating the "Explanation" section into concrete and correct NGINX script code.
... Below, my wrong-NGINX-script for clues and inspiration, it is not the solution... Need to use if instead neasted location? The fastcgi_param is valid? Can I group locations?
server {
server_name test.mytest.news;
root /var/www/test;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ #proxy;
}
location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi.conf; # without SCRIPT_FILENAME
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location #proxy {
rewrite ^\?(my[23])$ $document_root/ETC.php?cmd=$1
last;
rewrite ^/(\d+)/my1$ ?type=int&val=$1
break;
rewrite ^/([0-9]+\-\d+[Xx]?)/issn$ ?type=str&val=$1
break;
proxy_pass http://127.0.0.1:2018;
}
include snippets/ssl-test.mytest.news.conf;
} #end server
NOTE for #cnst comment: Suppose that what I need when say "all files HTML or PHP" = the try_files must to try other files tham index.htm, can be folders, imagens and other files.

If the desire is to have "a script 100% reliable, by its construction (not by testing)", then putting multiple independent issues in a single question is probably not the best approach.
Your rationale behind having to check existence of files prior to passing the request to a separate backend is not entirely clear, especially if the request is matching a given regular expression, like issn$. Best approach would be to use separate location directives for each distinct handling of the case.
More specifically, the following is also wrong with your approach: the regular expression in rewrite ^\?(my[23])$ is unlikely to match any request, as all external requests start with a slash.
Likewise, as per https://serverfault.com/a/864778/110020, the replacement string in rewrite ^/(\d+)/my1$ ?type=int&val=$1 is unlikely to be correct; in fact, when I've tried your code as above, the following is the 500 Internal Server Error I've gotten, as per nginx/error.log:
2017/07/24 08:46:22 [error] 45776#0: *2 the rewritten URI has a zero length, client: 127.0.0.1, server: , request: "GET /44444/my1 HTTP/1.1", host: "localhost:
This happens because you indeed rewrite URI to become an empty one — the question mark, ?, and anything after it, is generally not part of URI in request processing within nginx, so, as such, the URI is indeed entirely empty. Solution: at least put a slash in front of ? (i.e., /?id=), or, better yet, a full name of the script that must be activated (especially since this is merely an internal redirect).

Nginx works good with large configs. Bad idea optimize nginx.conf.
Do it simple, it'll work hard:)
I think config like this will work fine:
# Try to load existing files
location / {
try_files $uri $uri/ #rewriteIt;
}
# Handle all requests except two other locations below
location #rewriteIt {
# Send it to index.php
rewrite ^(.*)$ /index.php?cmd=$1 last;
}
# This RegExp location will rewrite to ETC.php
# It is more priority, than "/" and #rewriteIt
location ~ ^(my2|my3) $ {
rewrite ^(.*)$ /ETC.php?cmd=$1 last;
include /etc/nginx/fastcgi.conf; # without SCRIPT_FILENAME
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
# This RegExp location will proxy to 2018 port
# It is more priority, than "/" and #rewriteIt
location ~ ^(my1|issn) $ {
proxy_pass http://127.0.0.1:2018;
}
# This location handles all php files to php-fpm
location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi.conf; # without SCRIPT_FILENAME
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}

Related

OpenCart 3 nginx config for multi language

I have a config
location / {
try_files $uri $uri/ #opencart;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass 127.0.0.1:9002;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
}
location #opencart {
rewrite ^/(.+)$ /index.php?_route_=$1 last;
}
it works fine, but I am want to add multi-language support from URL like:
location /en {
rewrite ^/en/([^?]*) /index.php?_route_=$1&lang=en break;
}
location /es {
rewrite ^/es/([^?]*) /index.php?_route_=$1&lang=es break;
}
Get language as the first URL param, and put it as get parameter &lang=es to index.php.
How correctly do that?
I don't think there is a way to do that multilingual postfix through nginx (or even apache) configs. There are a lot of connections and routing around the main HTTP_SERVER (or HTTPS_SERVER) global constant. Maximum what will you get - 301 redirect on every page loading. Which is unacceptable for search engines.
I suggest you to try tree different ways to solve this tusk:
Rewrite system/library/url.php or
catalog/controller/startup/startup.php. Don't have the exact code, but if you are familiar to php - the routing of URL you can find in
these files. Nice manual here
How to set language through url in opencart
Use some free or paid modules from marketplace by query "language code in url".
If You are using SEO URL - there are multilingual urls on each product, category etc. You don't need postfix with these, all URLs could multilingual and unique.
If you don't have these functions - just download it from here, it's free https://www.opencart.com/index.php?route=marketplace/extension/info&extension_id=32788

rewrite rules for nginx and Codeigniter

I have implemented a php application in codeigniter and now want to deploy it to the nginx server. Before deploying I checked my nignx configuration on my localhost using MAMP server. It is working correctly. But, this configuration is not working on the live server. As a beginner in nginx, I am not understanding where is the mistake here. In live server, I can not write in the main nginx.conf file. I have a separate configuration file like "abc" for my application "abc". And all my application files are under "abc/xyz" directory. Here is my sample confuguration,
location /abc {
root /srv/www/htdocs/apps/;
index index.html index.htm index.php;
location /xyz {
try_files $uri $uri/ /abc/xyz/index.php;
}
location ~ \.php(\/(\w+))*$ {
try_files $uri =404;
rewrite (.+)\.php(\/(\w+))*$ $1.php break;
include /etc/nginx/fastcgi_params;
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
Here, I can see my welcome page https://myapplication/abc/xyz. But if I want to navigate other pages like https://myapplication/abc/xyz/other_pages, it is showing "404 Page not found". I have checked the other solutions but none of them is not working in this case. Thanks in advance for the help!
The location /xyz block is nested within the location /abc block. The nested block is required to precess URIs with a prefix of /abc/xyz.
If there are other regular expression location blocks surrounding your location /abc block, you should use the^~` modifier.
For example:
location ^~ /abc {
...
location /abc/xyz {
...
}
...
}
See this document for more.
Sorry for the late answer. It was actually very silly mistake. My controller page name was in small character. This is why it was not working. My configuration is okay. The first letter of the controller page should be in capital character. For example, my controller name is Home. So my php file name must be Home.php not home.php.

How to prevent rewrite after deny

I have a website inside "/directory/", and a special variation of the website inside "/directory/subdirectory/" which should only be accessible by a few specific IP addresses. The subdirectory, however is a virtual URL, the website code is still in the parent directory called "directory" in this example. So I need rewrites.
This is the relevant part of my current nginx config file:
location /directory {
# here are various rewrites for my website
location /directory/subdirectory/ {
allow 10.0.0.0/8; # example range of IP addresses allowed
deny all; # disable access for others
rewrite ^/directory/subdirectory/(.*)$ /directory/$1 last; # the website location is still in the parent folder but the PHP code knows this specific version is to be used when the user surfs into subdirectory, which is why there is this rewrite
}
try_files $uri $uri/ /directory/index.php?q=$uri&$args;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
fastcgi_read_timeout 43200;
}
The problem I'm facing: I don't know how to stop the execution as soon as the "deny all" hits. If you're surfing into the subdirectory, the rewrite always executes, no matter if your IP is allowed or not by the directives above it. So someone surfing to the subdirectory with an IP address which is not allowed can see the website inside subdirectory, which is of course not what I want. If I comment out the rewrite, then the allow/deny directives work as they are supposed to.
So: how can I specify this rewrite is ONLY to be executed if the visitor is not denied?
Tried adding "error_page 403 /403.html;" to that location after the "deny all;" directive but it only changes the 403 page (and can only be seen again when commenting the rewrite rule in the subdirectory). Been searching the net for days already with various search terms to make this happen, and been fiddling with variations of the config, but to no avail.
Also: the "deny all" doesn't work anymore as soon as I surf to an URL inside subdirectory, ending with ".php". I assume it is because of the "location ~ .php$" directive, getting priority for some reason over the nested location directives above. I could get around this by doing:
location ^~ /directory/subdirectory/ {
allow 10.0.0.0/8; # example range of IP addresses allowed
deny all; # disable access for others
rewrite ^/directory/subdirectory/(.*)$ /directory/$1 last;
}
location /directory {
# here are various rewrites for my website
try_files $uri $uri/ /directory/index.php?q=$uri&$args;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
fastcgi_read_timeout 43200;
}
Now the "location ^~ /directory/subdirectory/" directive gets priority over the "location ~ .php$" directive which makes the "deny all" work but I don't know if that's the way to go since it doesn't seem like the most "clear to read" solution because I move something from within the "directory/" location out of that location block. And also, that still doesn't solve my main problem (only making the "rewrite ^/directory/subdirectory/(.*)$ /directory/$1 last;" execute for allowed IP addresses and not those getting denied by the "deny all".
Thank you.
The issue you are facing is related to the precedence/order in which nginx handles it's directives. A detailed explanation can be found here (hats off to the author!):
In their execution order the phases are post-read, server-rewrite,
find-config, rewrite, post-rewrite, preaccess, access, post-access,
try-files, content, and finally log
Since "rewrite" comes before "access", the "rewrite" directive is handled first.
Since "if" is handled in "rewrite"-phase as well, one could write:
location ~ \.php$ {
if ($remote_addr != "172.17.0.1") {
return 403;
}
rewrite ^ /your-redirect last;
}

Nginx rewrite rule to PHP that also allows .php in the URI

Slightly unusual question, hopefully with a simple answer! (I'm new to Nginx)
I have an old PHP system running on Apache and I'd like to bring it over to Nginx, but my issue is that some of it needs to be rewritten back to a single handler file (/handler.php) and some of it wants to execute the actual files. The tricky part seems to be that almost all routes end in .php whether they reference an actual PHP file or not.
For example, /foo.php might be an actual file that executes its own code, but /bar.php might not exist and therefore wants to call /handler.php. There are also instances of routes of the form /bar (without the .php extension) that also want to call /handler.php.
There are lots of all types in the system (far, far more than I'd like to manually code for). Is there a solution to this in Nginx?
The server block currently contains something like:
location / {
try_files $uri $uri/ /handler.php$is_args$args;
}
include /etc/nginx/sites.d/*.conf;
and sites.d/php.conf currently looks something like:
location ~ \.php$
{
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
But this treats all routes with .php extensions as actual files and just gives me the standard "No input file specified." error for any that don't exist (performs no rewrite). No problem if there is no .php extension, they call /handler.php without issue.
So in summary, with this almost default setup:
/foo.php - works (actual file)
/bar.php - fails (no file)
/bar - works (no file)
If I only had the "no-file" type I could update the php.conf to something like "location ~ \handler.php$", but in this case it means all actual .php files just trigger a download (i.e. /foo.php fails).
Any help is appreciated! Thanks in advance.
In your location block matching .php You can test if the file actually exists and redirect to handler.php if it's not there:
location ~ \.php$ {
if (!-f $request_filename) {
rewrite ^.*\.php$ /handler.php last;
}
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
Updated example
Alternative location rule using try_files (as suggested by OP):
location ~ \.php$ {
try_files $uri /handler.php$is_args$args;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
With the first version using rewrite you can do substitution from regex matches. But try_file I think is the recommended method of testing for file existence. Thank you to the OP for suggesting an improved alternative.

Certain URLs don't go through PHP-FPM

I'm having a lot of trouble setting up my nginx server with my PHP RESTful API. I have the following blocks in my server{} block:
location / {
rewrite ^/v1/* /v1/api.php last;
rewrite ^/* /index.php last;
}
location * .*\.php$ {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass 127.0.0.1:9000;
}
However.. these seem not to be functioning properly. Basicly, I want every URL starting with /v1/ to be rewritten to /v1/api.php, and anything else to /index.php.
This seems to be working partially. Sometimes it actually does go to api.php, but sometimes it just seems to download the file instead of processing it through PHP-FPM. How would I fix this?
Downloading a file means not being passed to the php engine, so I assume the problem is in that block definition
replace
location * .*\.php$ {
with
location ~ \.php$ {
And probably it will work.

Resources