i need your help with setting location allow,
location /route {
deny [my-ip];
}
So this works, it doesn't let me access the route
Throws this error
403 Forbidden
nginx/1.10.0 (Ubuntu)
And this...
location /route {
allow [my-ip];
deny all;
}
Doesn't let me access but it's supposed to let me access the route, can't understand why, it shows this error
404 Not Found
nginx/1.10.0 (Ubuntu)
Config file (with two examples on routes):
# Add index.php to the list if you are using PHP
index index.php index.html index.htm;
server_name [my-domain];
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php?$query_string;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
# Phpmyadmin Configurations
location /phpmyadmin {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
#fastcgi_pass 127.0.0.1:9000;
#fastcgi_param HTTPS on; # <-- add this line
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~* ^/phpmyadmin/(.+\.
(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
# Dealing with the uppercased letters
location /phpMyAdmin {
rewrite ^/* /phpmyadmin last;
}
location /logs {
deny [myip];
}
location /admin {
allow [myip];
deny all;
}
for anybody else who is searching for the solution. This did it for me after long try and error:
location = /phpmyadmin/index.php {
allow 1.2.3.4;
deny all;
....
}
Make sure you use the "=" sign or else it won't work.
So your problem is not the allow and deny. It is root /usr/share/; Since you have placed it into a location block location /phpmyadmin, it can not be found by location \admin therefore, it returns 404. Try to place the root /usr/share/ to the server block instead of a location block.
Related
access link : http://142.93.60.127/phpmyadmin
my phpmyadmin.conf file is
server {
listen 80;
server_name 142.93.60.127;
location /phpmyadmin {
index index.php;
root /usr/share/phpMyAdmin;
}
## Images and static content is treated different
location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|xml)$ {
access_log off;
expires 30d;
}
location ~ /\.ht {
deny all;
}
location ~ /(libraries|setup/frames|setup/libs) {
deny all;
return 404;
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/phpMyAdmin$fastcgi_script_name;
}
}
Usually when I have this problem it's a permissions issue.
Make sure you have the correct permissions on the /usr/share/phpMyAdmin directory and the files in it. The user that nginx is running on needs execute access to the directories and read access to the files.
Also try moving your "root" flag outside of the location flag:
server {
listen 80;
server_name 142.93.60.127;
root /usr/share/phpMyAdmin;
location / {
index index.php;
}
....
}
I solve this problem and write a blog about this
solution
I'd like to pass all requests that don't match a file to a script at /framework/root.php?path={whatever the request $uri was}.
This works nicely for all requests except for only /, for example http://localhost.
Here is my Nginx config:
PS: Only started using Nginx coming from Apache today.
server {
listen 80;
root /var/www/html;
server_name localhost;
location / {
try_files $uri $uri/ #root;
}
location #root {
rewrite ^(.*)$ /framework/root.php?path=$1;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
Oooo got it.
try_files $uri $uri/ #root; should be try_files $uri #root; without the $uri/ part because that matches the base / directory.
I am trying to setup a Nginx / PHP-FPM server on my raspberry Pi (Debian) and I am having trouble getting the php to work correctly.
Text displayed on webpage: This Page is Temporarily Unavailble
I have checked the nginx logs and there are no errors being recorded.
This is my nginx.conf:
# Pi Nginx Config v0.1 10:53 30/01/2014
# NOTE: fastcgi is NOT php5-fpm
server {
listen 1080;
# server_name mysite.org;
charset utf-8;
access_log off;
root /var/www/cms;
index index.php;
location / {
try_files $uri $uri/ /index.php?id=$uri&$args;
}
location ~* /admin/.*\.php$ {
try_files $uri /admin/index.php?id=$uri&$args; # Try the admin index page
include /etc/nginx/fastcgi_params;
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
location ~* \.php$ {
try_files $uri =404; # Try any .php files in root or throw a 404
include /etc/nginx/fastcgi_params;
fastcgi_index index.php;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in /etc/php5/fpm/php.ini
# With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
expires 2h;
}
location ~* \.(?:ico|js|gif|jpg|png)$ {
expires 14d;
}
location ~* \.(htm|css|html)$ {
expires 2d;
}
# this blocks direct access to the XML files (but sitemap.xml) - that hold all the data
location ~* \.xml$ { deny all; }
location ~* \.xml\.bak$ { deny all; }
location = /sitemap.xml { allow all; }
# this prevents hidden files (beginning with a period) from being served
location ~ /\. { deny all; }
location ^~ /uploads/ {
if ($request_uri ~* \.php$) {return 403;}
}
}
I do not have enough experience to see anything wrong with this config. My server is on port 1080 and the server root is within the cms directory.
Any help would be greatly appreciated.
I'm trying to restrict access to my site to allow only specific IPs and I've got the following problem: when I access www.example.com deny works perfectly, but when I try to access www.example.com/index.php it returns "Access denied" page AND php file is downloaded directly in browser without processing.
I do want to deny access to all the files on the website for all IPs but mine. How should I do that?
Here's the config I have:
server {
listen 80;
server_name example.com;
root /var/www/example;
location / {
index index.html index.php; ## Allow a static html file to be shown first
try_files $uri $uri/ #handler; ## If missing pass the URI to front handler
expires 30d; ## Assume all files are cachable
allow my.public.ip;
deny all;
}
location #handler { ## Common front handler
rewrite / /index.php;
}
location ~ .php/ { ## Forward paths like /js/index.php/x.js to relevant handler
rewrite ^(.*.php)/ $1 last;
}
location ~ .php$ { ## Execute PHP scripts
if (!-e $request_filename) { rewrite / /index.php last; } ## Catch 404s that try_files miss
expires off; ## Do not cache dynamic content
fastcgi_pass 127.0.0.1:9001;
fastcgi_param HTTPS $fastcgi_https;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params; ## See /etc/nginx/fastcgi_params
}
}
That is because your deny/allow rule applies to just one location.
Remove that and try:
server {
listen 80;
server_name example.com;
root /var/www/example;
if ($remote_addr != "YOUR.PUBLIC.IP") {return 403;}
...
}
As the test is outside any specific locationblock, it will apply to all cases.
Note also that IF is not evil here since it just "returns".
OK, so I've found the solution. Nginx processes the most exact regex which in this case is the regex for php files. To make the config work all further locations must be defined within / location rule except for #handler (you cannot put under any rule - only as root)
server {
listen 80;
server_name example.com;
root /var/www/example;
location / {
index index.html index.php; ## Allow a static html file to be shown first
try_files $uri $uri/ #handler; ## If missing pass the URI to front handler
expires 30d; ## Assume all files are cachable
allow my.public.ip;
deny all;
location ~ .php/ { ## Forward paths like /js/index.php/x.js to relevant handler
rewrite ^(.*.php)/ $1 last;
}
location ~ .php$ { ## Execute PHP scripts
if (!-e $request_filename) { rewrite / /index.php last; } ## Catch 404s that try_files miss
expires off; ## Do not cache dynamic content
fastcgi_pass 127.0.0.1:9001;
fastcgi_param HTTPS $fastcgi_https;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params; ## See /etc/nginx/fastcgi_params
}
}
location #handler { ## Common front handler
rewrite / /index.php;
}
}
I have a location which simply for some reason isn't triggering. I've tried the routes in all sorts of different orders, and still it doesn't work. When a user comes along and requests /_hostmanager/ it should trigger, but instead it gets the index.php page from the route.
The server config file is:
server {
index index.php index.html;
root /var/www/html;
server_name _;
listen 80;
# Logging
error_log /var/log/httpd/elasticbeanstalk-error_log;
# Route standard requests
location / {
try_files $uri $uri/ /index.php;
}
# Proxy Hostmanager
location /_hostmanager/ {
proxy_pass http://127.0.0.1:8999/;
}
# Include PHP
location ~ \.php {
# CGI Configuration
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
fastcgi_index index.php;
# Zero-day exploit defense
try_files $uri $uri/ /index.php =404;
# Use socket for connection
fastcgi_pass unix:/tmp/php5-fpm.sock;
}
# Cache control
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
log_not_found off;
expires 360d;
}
# Disable hidden files
location ~ /\. {
deny all;
}
}
Can anyone spot what my (probably stupid!) error is?
Thanks in advance! :)
Nevermind, I worked it out! For some reason using the reload command on nginx wasn't working. stopped and started and voila!