Nginx Default: Why is location / not forwarded to reverse proxy? - wordpress

I want NGINX to forward any requests to the domain name http://home.com to proxy_pass http://localhost:8866;. I have set a root root /home/owncloud;, in the NGINX configuration file where the document root of ownCloud is located. This should point to http://home.com/owncloud Under the http://localhost:8866 I have a Docker container running hosting Wordpress. However, NGINX always points the Reverse Proxy to the actual document root of the server (root /home/owncloud) when I try to access http://home.com
Thank you for your input on this - I already browsed through a lot of documentation, but currently I am not able to find a solution myself. Thanks!
This is my NGINX configuration file:
upstream php-handler {
server unix:/var/run/php5-fpm.sock;
}
server {
listen 80;
server_name home.com;
index index.html index.htm index.php;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
ssl on;
listen 443 ssl;
server_name home.com;
server_name 123.456.789.10 ssl;
ssl_certificate /home/ssl/certificate.pem;
ssl_certificate_key /home/ssl/owncloud.key;
index index.html index.htm index.php;
root /space/owncloud;
try_files $uri $uri/ /index.php?q=$request_uri;
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
# set max upload size
client_header_buffer_size 64k;
large_client_header_buffers 4 64k;
# Disable gzip to avoid the removal of the ETag header
gzip off;
rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
index index.php index.html index.htm;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location = / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8866;
proxy_read_timeout 90;
}
location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){
deny all;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
proxy_pass_header Authorization;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
}
location /owncloud {
index index.html index.htm index.php;
rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
# attachments can be huge
client_max_body_size 513M;
client_body_in_file_only clean;
# this is where requests body are saved
client_body_temp_path /opt/nginx/bugzilla/data/request_body 1 2;
}
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}

If you need to forward all requests another port at your localhost, you need merely this:
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8866$request_uri;
proxy_read_timeout 90;
}
Note, there is no "=" equal sign before the slash /. location / {} means "exact match of /".
In your code nothing really tryes to forward all requests to localhost. Only requests to index page (document root, i.e. "/") are forwarded.
If you pass all requests to the the process at localhost:8866, none of other location sections will even be tested, so once you make sure your proxy_pass works, you may delete them.

Related

Block access to URL with nginx

I am trying to use nginx configuration to disable mailcow admin panel from the internet so that it is only accessible on the LAN.
Admin panel have default URL mail.xz.com
location / {
try_files $uri $uri/ #strip-ext;
#Allow ip
allow 192.168.250.0/25;
#deny for everybody else
deny all;
}
And after this webmail in URL mail.xz.com/SOGo stop working.
location /rspamd/ {
#Allow ip
allow 192.168.250.0/25;
#deny for everybody else
deny all;
I don't understand this because other /somethink URLs work.
For example, blocking works fine for me at mail.xz.com/rspamd. If I remove the block and leave it for / then rspamd works but SOGo doesn't.
I don't understand.
The whole configuration
include /etc/nginx/mime.types;
charset utf-8;
override_charset on;
server_tokens off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
ssl_ecdh_curve X25519:X448:secp384r1:secp256k1;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;
add_header Strict-Transport-Security "max-age=15768000;";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy strict-origin;
index index.php index.html;
client_max_body_size 0;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied off;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;
location ~ ^/(fonts|js|css|img)/ {
expires max;
add_header Cache-Control public;
}
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
fastcgi_hide_header X-Powered-By;
absolute_redirect off;
root /web;
location / {
try_files $uri $uri/ #strip-ext;
#Allow ip
allow 192.168.250.0/25;
#deny for everybody else
#deny all;
}
location /qhandler {
rewrite ^/qhandler/(.*)/(.*) /qhandler.php?action=$1&hash=$2;
}
location /edit {
rewrite ^/edit/(.*)/(.*) /edit.php?$1=$2;
}
location #strip-ext {
rewrite ^(.*)$ $1.php last;
}
location ~ ^/api/v1/(.*)$ {
try_files $uri $uri/ /json_api.php?query=$1&$args;
}
location ^~ /.well-known/acme-challenge/ {
allow all;
default_type "text/plain";
}
# If behind reverse proxy, forwards the correct IP
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16;
set_real_ip_from fc00::/7;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
rewrite ^/.well-known/caldav$ /SOGo/dav/ permanent;
rewrite ^/.well-known/carddav$ /SOGo/dav/ permanent;
location ^~ /principals {
return 301 /SOGo/dav;
}
location ^~ /inc/lib/ {
deny all;
return 403;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass phpfpm:9002;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_read_timeout 3600;
fastcgi_send_timeout 3600;
}
location /rspamd/ {
#Allow ip
allow 192.168.250.0/25;
#deny for everybody else
deny all;
location /rspamd/auth {
# proxy_pass is not inherited
proxy_pass http://rspamd:11334/auth;
proxy_intercept_errors on;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
error_page 403 /_rspamderror.php;
}
proxy_pass http://rspamd:11334/;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
}
location ~* ^/Autodiscover/Autodiscover.xml {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass phpfpm:9002;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files /autodiscover.php =404;
}
location ~* ^/Autodiscover/Autodiscover.json {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass phpfpm:9002;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files /autodiscover-json.php =404;
}
location ~ /(?:m|M)ail/(?:c|C)onfig-v1.1.xml {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass phpfpm:9002;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files /autoconfig.php =404;
}
location /sogo-auth-verify {
allow all;
internal;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header Content-Length "";
proxy_pass http://127.0.0.1:65510/sogo-auth;
proxy_pass_request_body off;
}
location ^~ /Microsoft-Server-ActiveSync {
include /etc/nginx/conf.d/includes/sogo_proxy_auth.conf;
include /etc/nginx/conf.d/sogo_eas.active;
proxy_connect_timeout 75;
proxy_send_timeout 3600;
proxy_read_timeout 3600;
proxy_buffer_size 128k;
proxy_buffers 64 512k;
proxy_busy_buffers_size 512k;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
client_body_buffer_size 512k;
client_max_body_size 0;
}
location ^~ /SOGo {
location ~* ^/SOGo/so/.*\.(xml|js|html|xhtml)$ {
include /etc/nginx/conf.d/includes/sogo_proxy_auth.conf;
include /etc/nginx/conf.d/sogo.active;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header x-webobjects-server-protocol HTTP/1.0;
proxy_set_header x-webobjects-remote-host $remote_addr;
proxy_set_header x-webobjects-server-name $server_name;
proxy_set_header x-webobjects-server-url $client_req_scheme://$http_host;
proxy_set_header x-webobjects-server-port $server_port;
proxy_hide_header Content-Type;
add_header Content-Type text/plain;
break;
}
include /etc/nginx/conf.d/includes/sogo_proxy_auth.conf;
include /etc/nginx/conf.d/sogo.active;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header x-webobjects-server-protocol HTTP/1.0;
proxy_set_header x-webobjects-remote-host $remote_addr;
proxy_set_header x-webobjects-server-name $server_name;
proxy_set_header x-webobjects-server-url $client_req_scheme://$http_host;
proxy_set_header x-webobjects-server-port $server_port;
proxy_buffer_size 128k;
proxy_buffers 64 512k;
proxy_busy_buffers_size 512k;
proxy_send_timeout 3600;
proxy_read_timeout 3600;
client_body_buffer_size 128k;
client_max_body_size 0;
break;
}
location ~* /sogo$ {
return 301 $client_req_scheme://$http_host/SOGo;
}
location /SOGo.woa/WebServerResources/ {
alias /usr/lib/GNUstep/SOGo/WebServerResources/;
}
location /.woa/WebServerResources/ {
alias /usr/lib/GNUstep/SOGo/WebServerResources/;
}
location /SOGo/WebServerResources/ {
alias /usr/lib/GNUstep/SOGo/WebServerResources/;
}
location (^/SOGo/so/ControlPanel/Products/[^/]*UI/Resources/.*\.(jpg|png|gif|css|js)$) {
alias /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2;
}
include /etc/nginx/conf.d/site.*.custom;
error_page 502 #awaitingupstream;
location #awaitingupstream {
rewrite ^(.*)$ /_status.502.html break;
}
location ~ ^/cache/(.*)$ {
try_files $uri $uri/ /resource.php?file=$1;
Thanks

Nginx throwing 404 for request, instead of performing try_files

I have the following block in my nginx configuration file:
location /cat {
try_files $uri $uri/ /index.php?url=$uri;
}
When I try any of the following URLs, this works as expected:
http://example.com/cat/test
http://example.com/cat/test/test
http://example.com/cat/t
The following, however, do not. Instead of a redirect, I get a 404 error.
http://example.com/cat/test/
http://example.com/cat/test/test/
http://example.com/cat/t/
I'm not very experienced with nginx, so let me know what further information might be needed. This has me quite stumped.
Edit: I did come across this, but I would prefer to avoid using rewrite (for the sake of efficiency), plus this seems like an unnecessary band-aid:
https://serverfault.com/questions/755646/nginx-use-try-files-to-serve-file-instead-of-directory
Edit 2: Here is the full config
server {
listen 64.40.99.86:80;
server_name example.com;
server_name www.example.com;
client_max_body_size 128m;
root "/var/www/vhosts/example.com/httpdocs";
access_log "/var/www/vhosts/system/example.com/logs/proxy_access_log";
error_log "/var/www/vhosts/system/example.com/logs/proxy_error_log";
if ($host ~* ^example.com$) {
rewrite ^(.*)$ http://www.example.com$1 permanent;
}
location / {
proxy_pass http://64.40.99.86:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
access_log off;
}
location /internal-nginx-static-location/ {
alias /var/www/vhosts/example.com/httpdocs/;
add_header X-Powered-By PleskLin;
internal;
}
location ~ ^/~(.+?)(/.*?\.php)(/.*)?$ {
alias /var/www/vhosts/example.com/web_users/$1/$2;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass "unix:///var/www/vhosts/system/example.com/php-fpm.sock";
include /etc/nginx/fastcgi.conf;
}
location ~ ^/~(.+?)(/.*)?$ {
proxy_pass http://64.40.99.86:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
access_log off;
}
location ~ \.php(/.*)?$ {
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass "unix:///var/www/vhosts/system/example.com/php-fpm.sock";
include /etc/nginx/fastcgi.conf;
}
location ~ /$ {
index index.html index.cgi index.pl index.php index.xhtml index.htm index.shtml;
}
location /cat {
try_files $uri $uri/ /index.php?url=$uri;
}
}

nginx - proxy/rewrite based on location

I am trying to redirect all requests beginning with /api/ to a node server on localhost. I've been unable to get nginx to rewrite the request properly.
My server.conf (I included the whole file in case there is something conflicting I'm not noticing):
server {
listen 80;
root /var/www/sites/my.server;
index index.php index.html index.htm;
server_name .my.server;
access_log /var/log/nginx/my.server-access.log;
error_log /var/log/nginx/my.server-error.log;
location / {
try_files $uri $uri/ /index.html;
}
## Redirect api to node server
location /api {
rewrite ^/api/(.*)$ /$1 last;
proxy_pass http://127.0.0.1:3030/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/www;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
if (!-e $request_filename){
rewrite ^(.*)$ /index.php?q=$1 last;
break;
}
# SSL Related Setup
listen 443 ssl;
ssl on;
ssl_certificate /etc/ssl/certs/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/private/my.server.key;
#enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#Disables all weak ciphers
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
}
Using this config, http://my.server/api is redirected properly to the node server, but http://my.server/api/jobs is not.
After much trial and error and searching, I found the following works:
location ^~ /api/ {
rewrite ^/api/(.*) /$1 break;
proxy_pass http://127.0.0.1:3030/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

Location directive for Nginx not being observed

I have a Ruby on Rails application that is working great with the nginx configuration pasted below. The problem is, I'm trying to add a new url http://www.example.com/gpp that will point to a completely directory path/app on the server. Here's my configuration:
upstream fi {
server unix:/media/apps/example/shared/tmp/pids/thin.0.sock;
server unix:/media/apps/example/shared/tmp/pids/thin.1.sock;
server unix:/media/apps/example/shared/tmp/pids/thin.2.sock;
server unix:/media/apps/example/shared/tmp/pids/thin.3.sock;
}
server {
listen 80;
gzip on;
gzip_min_length 1000;
gzip_types application/json text/css application/x-javascript;
server_name example.com www.example.com;
sendfile on;
keepalive_timeout 65;
client_max_body_size 2m;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
#root /media/apps/example/current/public;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
location ~ \.php$ {
root /usr/share/nginx/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location / {
root /media/apps/example/current/public;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_connect_timeout 3600;
send_timeout 3600;
proxy_read_timeout 3600;
if (!-f $request_filename) {
proxy_pass http://fi;
break;
}
}
location /gpp {
alias /media/apps/podcast;
index index.php index.html index.htm;
}
}
Whenever I visit http://www.example.com/gpp it just goes to the Rails app listed in location / instead of the PHP app I have running in /media/apps/podcast. I also tried changing the alias directive to root but that doesn't do the trick either.
I don't see a location directive for your /media/apps/podcast alias. I think this
location /gpp {
alias /media/apps/podcast;
index index.php index.html index.htm;
}
should just be
location /gpp {
root /media/apps/podcast;
index index.php index.html index.htm;
}
Give this a try:
location /podcast {
root /media/apps/;
index index.php index.html index.htm;
location ~ ^/podcast/(.+\.php)$ {
try_files $uri =404;
root /media/apps/;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~* ^/podcast/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /media/apps/;
}
}
location /gpp {
rewrite ^/* /podcast last;
}

nginx configuration root

Help me to configure nginx index file option, please.
Any requests except the main page i want to redirect to some handler file and the main page request to index.html file.
Something like this:
example.com/123/ -> /root/handler.php
example.com/123.php -> /root/handler.php
example.com/ -> /root/index.html
Answer
i use this config
listen 80;
server_name domain.com;
root /srv/http/domain.com;
index index.html;
charset utf-8;
access_log /var/log/http/x_nginx_access.log main;
error_log /var/log/http/x_nginx_error.log warn;
auth_basic "Restricted access";
auth_basic_user_file /srv/http/$host/.htpasswd;
location = / {
index index.html;
}
location / {
try_files $uri $uri/ /handler.php?$args;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires 24h;
log_not_found off;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ /\.ht {
deny all;
}
location ~ \.php {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Request-Filename $request_filename;
fastcgi_param SCRIPT_FILENAME /srv/http/$host$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
proxy_read_timeout 512;
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
}

Resources