How to prevent google indexing my https urls? - nginx

When I search for my domain on google, it displays several https URLs from my website, because google loves https, but for particular reasons I do not want to index https / ssl versions.
How to avoid this, the whole world only writes solution via htaccess, but when most use nginx! How to solve this:
RewriteEngine On
RewriteCond %{HTTPS} =on
RewriteRule ^robots.txt$ robots-deny-all.txt [L]
robot content (in the extra robots):
User-agent: *
Disallow: /
How to do this via nginx rewrite rules?
Thank you.
JUST an addend ( my /etc/nginx/sites-availble/somedomain.conf ):
server {
server_name somedomain.com www.somedomain.com;
listen 100.10.10.10;
root /home/somedomain/public_html;
index index.php index.html index.htm;
access_log /var/log/virtualmin/somedomain.com_access_log;
error_log /var/log/virtualmin/somedomain.com_error_log;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME /home/somedomain/public_html$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT /home/somedomain/public_html;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS $https;
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
##
# cache client
##
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
access_log off;
log_not_found off;
expires 30d;
}
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php?q=$uri&$args;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
location = /robots.txt {
if ($scheme = https) {
rewrite ^ /robots-deny-all.txt permanent;
}
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
listen 100.10.10.10:443 ssl;
ssl_certificate /home/somedomain/ssl.cert;
ssl_certificate_key /home/somedomain/ssl.key;
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
}
my /etc/ngonx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 1024;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
server_names_hash_bucket_size 128;
client_max_body_size 100M;
client_body_buffer_size 16k;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
fastcgi_connect_timeout 180;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}

In your nginx.conf file, you may add headers to the server block listening on 443(SSL):
server {
listen 443 ssl;
...
# This header will prevent search engines from indexing your https pages
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
}

To perform something similar to your .htaccess file, use:
location = /robots.txt {
if ($scheme = https) {
rewrite ^ /robots-deny-all.txt permanent;
}
}
See this caution on the use of if.

Related

Nginx says it has no access to images ( 403 - forbidden error )

So I am having an issue with Nginx where It is the owner of all of the files in the web-root but it says it does not have permission to access the picture.
Image of error in console.
Here is my nginx.conf
user www-data;
# user root;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
Here is my site config
server {
server_name firesidemc.net;
listen 80;
listen [::]:80;
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/firesidemc.net/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/firesidemc.net/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
root /var/www/fireside;
index index.php index.html index.htm;
location / {
include /etc/nginx/mime.types;
try_files $uri $uri/ =404;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location /forums {
root /var/www/fireside;
index index.php;
try_files $uri $uri/ =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# location /store {
# root /var/www/fireside;
# index index.php;
# try_files $uri $uri/ =404;
# fastcgi_split_path_info ^(.+\.php)(/.+)$;
# fastcgi_pass unix:/run/php/php7.4-fpm.sock;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# include fastcgi_params;
# }
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ \.css {
add_header Content-Type text/css;
}
location ~ \.js {
add_header Content-Type application/x-javascript;
}
}
server {
if ($host = firesidemc.net) {
return 301 https://$host$request_uri;
} # managed by Certbot
return 404; # managed by Certbot
}
I have also tried granting all permissions to the files but that didn't work either.
I am fairly new to Nginx and I am running out of solutions, if anyone could help it would be highly appreciated.
EDIT: I found my issue, I had no reason to add in locations for /forums and /store in the config.

Nginx geoip environment variables Undefined

I've just try this documentation : https://www.howtoforge.com/tutorial/how-to-use-geoip-with-nginx-on-ubuntu-16.04/
Here's my environment :
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.3 LTS
Release: 16.04
Codename: xenial
$ uname -a
Linux diameter 4.11.0-14-generic #20~16.04.1-Ubuntu SMP Wed Aug 9 09:06:22 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
the nginx.conf :
$ cat /etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
geoip_country /etc/nginx/geoip/GeoIP.dat; # the country IP database
geoip_city /etc/nginx/geoip/GeoLiteCity.dat; # the city IP database
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
The vhost conf :
$ cat /etc/nginx/sites-enabled/diameter.vhost
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /home/david/*****/diameter;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name diameter.********
fr.diameter.*******
uk.diameter.*******
us.diameter.*******;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
Fastcgi parameters :
$ cat /etc/nginx/fastcgi_params
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
### SET GEOIP Variables ###
fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
fastcgi_param GEOIP_COUNTRY_CODE3 $geoip_country_code3;
fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;
fastcgi_param GEOIP_CITY_COUNTRY_CODE $geoip_city_country_code;
fastcgi_param GEOIP_CITY_COUNTRY_CODE3 $geoip_city_country_code3;
fastcgi_param GEOIP_CITY_COUNTRY_NAME $geoip_city_country_name;
fastcgi_param GEOIP_REGION $geoip_region;
fastcgi_param GEOIP_CITY $geoip_city;
fastcgi_param GEOIP_POSTAL_CODE $geoip_postal_code;
fastcgi_param GEOIP_CITY_CONTINENT_CODE $geoip_city_continent_code;
fastcgi_param GEOIP_LATITUDE $geoip_latitude;
fastcgi_param GEOIP_LONGITUDE $geoip_longitude;
And environment variables are undefined. Here's the log :
==> /var/log/nginx/error.log <==
2017/10/16 14:40:37 [error] 3533#3533: *5 FastCGI sent in stderr: "PHP message: PHP Notice: Undefined index: GEOIP_COUNTRY_CODE in /home/david/******/diameter/index.php on line 2" while reading response header from upstream, client: 92.154.72.118, server: diameter.******, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/run/php/php7.0-fpm.sock:", host: "fr.diameter.**********"
I've certainly miss a point. I do not know which one actually.
thanks for your help,
David.
First thing, you should use IPV6 databases of GeoIP, thay also work for IPV4 addresses.
Secondly, the Nginx GeoIP module is dynamic, so you need to enable it :
sudo ln -sf /usr/share/nginx/modules-available/mod-http-geoip.conf /etc/nginx/modules-enabled/
Last thing, in /etc/nginx/ there are two files, fastcgi_params and fastcgi.conf. If unsure, put the GeoIP variables in both.

Nginx starts but site not loading? Unable to connect

Just installed nginx and php-fpm on centos 5.10 but I can't get it to work. There is ping to the server IPs but when I try to open the domains... I am not able to connect. When I restart nginx, it says OK (no errors). Error logs are empty. No matter the domains and IPs. There will be several domains on several IPs running custom php script. What did I miss??
Here is my config:
nginx.conf
user myusername;
worker_processes 4;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 2;
gzip on;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain text/css
application/x-javascript text/xml
application/xml application/xml+rss
text/javascript;
server_tokens off;
include /sites-enabled/*.conf;
}
several of these: sites-enabled/example.com.conf
server {
listen xxx.xxx.xxx.xxx:80;
server_name example.com;
access_log /var/log/nginx/example.com.access.log;
error_log /var/log/nginx/example.com.error.log;
location / {
root /var/www/html/example.com;
index index.php;
}
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
access_log off;
log_not_found off;
expires max;
}
location ~* \.php$ {
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
}
location ~ /\. {
access_log off;
log_not_found off;
deny all;
}
error_page 404 /404.php;
# redirect server error pages to the static page /50x.php
#
error_page 500 502 503 504 /50x.php;
location = /50x.php {
root /var/www/html/example.com;
}
set $mobile_rewrite do_not_perform;
## chi http_user_agent for mobile / smart phones ##
if ($http_user_agent ~* "(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino") {
set $mobile_rewrite perform;
}
if ($http_user_agent ~* "^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-)") {
set $mobile_rewrite perform;
}
## redirect to m.example.com ##
if ($mobile_rewrite = perform) {
rewrite ^ http://m.example.com$request_uri? redirect;
break;
}
}
server {
listen xxx.xxx.xxx.xxx:80;
server_name m.example.com;
access_log /var/log/nginx/m.example.com.access.log;
error_log /var/log/nginx/m.example.com.error.log;
location / {
root /var/www/html/example.com/m;
index index.php;
}
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
access_log off;
log_not_found off;
expires max;
}
location ~* \.php$ {
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
}
location ~ /\. {
access_log off;
log_not_found off;
deny all;
}
error_page 404 /404.php;
# redirect server error pages to the static page /50x.php
#
error_page 500 502 503 504 /50x.php;
location = /50x.php {
root /var/www/html/example.com/m;
}
}
server {
server_name www.example.com;
return 301 $scheme://example.com$request_uri;
}
server {
server_name www.m.example.com;
return 301 $scheme://m.example.com$request_uri;
}
fastcgi_params
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

php-fpm returning "page not found" on all requests ... permissions already checked

So I will start out and say that I am pretty new to web servers and this is my first that I have configured. That being said the webserver is up and running and I can add sites and files to it just fine. However I cannot get any .php files working right now.
I am currently running nginx on FreeBSD and have installed php-fpm. I know that nginx is correctly using php-fpm but for any php file I try and view all I get is "file not found". I know that this is coming from php-fpm because for any file that actually isn't there nginx gives me a different "file not found" page.
I have looked through several google pages about this problem and the most common solution is that it is incorrect permissions on the php file. At this point I can't rule too much out but I have tried changing the permissions for the file and folder including just opening them up to everything with no success.
Here is my nginx.conf file in the hopes that it helps.
user www www;
worker_processes 4;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
index index.html index.htm index.php
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main; ## Default: off
sendfile on;
tcp_nopush on;
###custom changes
server_tokens off;
client_max_body_size 200M;
client_body_buffer_size 1M;
port_in_redirect off;
###
keepalive_timeout 15; ## Default: 0
gzip on;
### More custom changes
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 6;
gzip_proxied any;
gzip_types text/plain text/css application/json application/x-javascript application/xml application/xml+rss text/javascript;
gzip_buffers 16 8k;
gzip_disable "MSIE [1-6].(?!.*SV1)";
###
server { # simple reverse-proxy
listen 80;
server_name localhost;
#access_log logs/mySite1.access.log;
root /usr/local/www/mySite.com;
location / {
try_files $uri $uri/ /index.php;
}
# this prevents hidden files (beginning with a period) from being served
location ~ /\. { access_log off; log_not_found off; deny all; }
#error_page 404 /404.html;
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi_params;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/www/nginx-dist;
}
}
}
If anyone has any ideas about what is going on here they would be greatly appreciated.
This might help you out. I use the sockets of FPM, so just change to use the IP like you are but here are my working configurations:
example.com.conf
server {
listen 192.168.1.1:80;
server_name example.com;
charset utf-8;
access_log /vhosts/example.com/logs/access_log main;
error_log /vhosts/example.com/logs/error_log;
index index.php;
root /vhosts/example.com/public;
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
fastcgi_pass unix:/usr/local/etc/php-fpm/nginx.sock;
include fastcgi.conf;
}
location ~ \.htaccess {
deny all;
}
}
fastcgi.conf
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
I don't think you actually have a directory /scripts on your filesystem. You probably mean $document_root/scripts. If you do have a directory /scripts then post the php-fpm log with the SCRIPT_FILENAME logged. I think it's logged by default, but if not the syntax is explained very well in the config file.

Nginx redirect Http to Https - what's wrong here?

I have an Nginx server which should redirect all requests from http://www.domain.com and http://domain.com and https://domain.com to https://www.domain.com
So with or without www and with or without ssl I want the user to always get to https://www.domain.com.
After reading the nginx documentation and researching on google this is my current nginx configuration:
server {
listen 80;
server_name .domain.com;
return 301 https://www.domain.com$request_uri;
}
server {
listen 443 ssl;
server_name .domain.com;
ssl_certificate /etc/ssl/private/[pem file];
ssl_certificate_key /etc/ssl/private/[key file];
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers HIGH:!ADH:!MD5;
ssl_prefer_server_ciphers on;
keepalive_timeout 70;
###
### Deny known crawlers.
###
if ($is_crawler) {
return 403;
}
location / {
proxy_pass http://nginx_http;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-By $server_addr:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Local-Proxy $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass_header Set-Cookie;
proxy_pass_header Cookie;
proxy_pass_header X-Accel-Expires;
proxy_pass_header X-Accel-Redirect;
proxy_pass_header X-This-Proto;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
access_log off;
log_not_found off;
}
50 }
What happens is that requests to http://domain.com get correctly redirected to https://www.domain.com but requests to http://www.domain.com are not being redirected (and the website is delivered without ssl).
UPDATE:
As this is part of a server set up by BOA (Barracuda Octopus Aegir) there are several config files in use. This is the nginx.conf which is loaded as well:
# Aegir web server main configuration file
#######################################################
### nginx.conf main
#######################################################
## FastCGI params
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE ApacheSolaris/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param USER_DEVICE $device;
fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
fastcgi_param GEOIP_COUNTRY_CODE3 $geoip_country_code3;
fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;
fastcgi_param REDIRECT_STATUS 200;
fastcgi_index index.php;
## Default index files
index index.php index.html;
## Size Limits
client_body_buffer_size 64k;
client_header_buffer_size 32k;
client_max_body_size 100m;
large_client_header_buffers 32 32k;
connection_pool_size 256;
request_pool_size 4k;
server_names_hash_bucket_size 512;
server_names_hash_max_size 8192;
types_hash_bucket_size 512;
map_hash_bucket_size 192;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
## Timeouts
client_body_timeout 60;
client_header_timeout 60;
send_timeout 60;
lingering_time 30;
lingering_timeout 5;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
## Open File Performance
open_file_cache max=8000 inactive=30s;
open_file_cache_valid 60s;
open_file_cache_min_uses 3;
open_file_cache_errors on;
## FastCGI Caching
fastcgi_cache_path /var/lib/nginx/speed
levels=2:2:2
keys_zone=speed:10m
inactive=15m
max_size=3g;
## General Options
ignore_invalid_headers on;
limit_conn_zone $binary_remote_addr zone=gulag:10m;
recursive_error_pages on;
reset_timedout_connection on;
fastcgi_intercept_errors on;
server_tokens off;
fastcgi_hide_header 'Link';
fastcgi_hide_header 'X-Generator';
fastcgi_hide_header 'X-Powered-By';
fastcgi_hide_header 'X-Drupal-Cache';
## TCP options moved to /etc/nginx/nginx.conf
## SSL performance
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
## GeoIP support
geoip_country /usr/share/GeoIP/GeoIP.dat;
## Compression
gzip_buffers 16 8k;
gzip_comp_level 5;
gzip_http_version 1.0;
gzip_min_length 10;
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
gzip_vary on;
gzip_proxied any;
add_header Vary "Accept-Encoding";
gzip_static on;
upload_progress uploads 1m;
## Log Format
log_format main '"$proxy_add_x_forwarded_for" $host [$time_local] '
'"$request" $status $body_bytes_sent '
'$request_length $bytes_sent "$http_referer" '
'"$http_user_agent" $request_time "$gzip_ratio"';
client_body_temp_path /var/lib/nginx/body 1 2;
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log crit;
# Extra configuration from modules:
#######################################################
### nginx default maps
#######################################################
###
### Support separate Boost and Speed Booster caches for various mobile devices.
###
map $http_user_agent $device {
default normal;
~*Nokia|BlackBerry.+MIDP|240x|320x|Palm|NetFront|Symbian|SonyEricsson mobile-other;
~*iPhone|iPod|Android|BlackBerry.+AppleWebKit mobile-smart;
~*iPad|Tablet mobile-tablet;
}
###
### Set a cache_uid variable for authenticated users (by #brianmercer and #perusio, fixed by #omega8cc).
###
map $http_cookie $cache_uid {
default '';
~SESS[[:alnum:]]+=(?<session_id>[[:graph:]]+) $session_id;
}
###
### Live switch of $key_uri for Speed Booster cache depending on $args.
###
map $request_uri $key_uri {
default $request_uri;
~(?<no_args_uri>[[:graph:]]+)\?(.*)(utm_|__utm|_campaign|gclid|source=|adv=|req=) $no_args_uri;
}
###
### Set cache expiration depending on the Drupal core version.
###
map $sent_http_x_purge_level $will_expire_in {
default on-demand;
~*5|none 5m;
}
###
### Deny crawlers.
###
map $http_user_agent $is_crawler {
default '';
~*HTTrack|BrokenLinkCheck|2009042316.*Firefox.*3\.0\.10|MJ12|HTMLParser|libwww|PECL|Automatic|Click|SiteBot|BuzzTrack|Sistrix|Offline|Screaming|Nutch|Mireo|SWEB|Morfeus|GSLFbot is_crawler;
}
###
### Deny all known bots on some URIs.
###
map $http_user_agent $is_bot {
default '';
~*crawl|goog|yahoo|yandex|spider|bot|tracker|click|parser is_bot;
}
###
### Deny almost all crawlers under high load.
###
map $http_user_agent $deny_on_high_load {
default '';
~*crawl|goog|yahoo|yandex|baidu|bing|spider|tracker|click|parser deny_on_high_load;
}
###
### Deny listed requests for security reasons.
###
map $args $is_denied {
default '';
~*delete.+from|insert.+into|select.+from|union.+select|onload|\.php.+src|system\(.+|document\.cookie|\;|\.\. is_denied;
}
#######################################################
### nginx default server
#######################################################
server {
limit_conn gulag 32; # like mod_evasive - this allows max 32 simultaneous connections from one IP address
listen *:80;
server_name _;
location / {
root /var/www/nginx-default;
index index.html index.htm;
}
}
#######################################################
### nginx virtual domains
#######################################################
# virtual hosts
include /var/aegir/config/server_master/nginx/pre.d/*;
include /var/aegir/config/server_master/nginx/platform.d/*;
include /var/aegir/config/server_master/nginx/vhost.d/*;
include /var/aegir/config/server_master/nginx/post.d/*;
In the included directories at the end are some servers defined which listen to specific subdomains (set up by aegir). I think these don't affect us here.
UPDATE 2:
Thanks davismwfl and Melvyn for you input. Now it's getting interesting:
server {
listen 80;
server_name www.domain.com;
return 301 https://www.domain.com$request_uri;
}
When I create a server which should only redirect http://www.domain.com to https://www.domain.com requests get redirected to https://.. and then stuck in a redirect loop.
If I understand this right for some reason the server which shall listen to port 80 also listens to https requests and tries again to redirect requests.
Do you guy know why?
Any ideas what the problem might be or why it does what it does?
Thanks a lot, Martin
So, I do this the reverse way. I literally had this issue the other day. One thing is the order was found to be important, and I really should have changed the "rewrite" rules to "return 301 ..." but I got lazy and didn't do that yet as I was in a bit of a hurry.
Here is a snippet of my config
#
# Rewrite any http requests for domain.com to https.
#
server {
listen 80;
server_name domain.com;
return 301 https://domain.com$request_uri;
}
#
# Rewrite any http requests for www.domain.com to domain.com
# using SSL
#
server {
listen 80;
server_name www.domain.com;
rewrite ^/(.*) https://domain.com/$1 permanent;
}
#
# The domain.com website
#
server {
listen 443 ssl;
server_name domain.com;
ssl_certificate /etc/nginx/conf.d/[crt];
ssl_certificate_key /etc/nginx/conf.d/[key];
... Bunches of more stuff goes here.
}
#
# Rewrite any https requests for www.domain.com to domain.com
# Note that this must be after the domain.com declaration.
#
server {
listen 443;
server_name www.domain.com;
rewrite ^/(.*) https://domain.com/$1 permanent;
}
The most nice way that I found looks like:
server {
listen 80;
server_name example.com www.example.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name examle.com www.example.com;
ssl_certificate /etc/nginx/conf.d/[crt];
ssl_certificate_key /etc/nginx/conf.d/[key];
...
}
In this way you can use $server_name instead of hardcoded values.

Resources