I have ubuntu 14 on AWS ngnix is point to a website. I have tried everything but it does not serve up the static images. when I try to cache them. I have tired every combo of this but every time I go there are no files.
location ~* \.(css|js|jpeg|jpg|gif|png|ico|xml)$ {
access_log off;
expires 30d;
}
When I go to the directory there is no files in the root path. Any ideas?
Here is an official block usage https://www.nginx.com/resources/wiki/start/topics/examples/server_blocks/#
server {
# Replace this port with the right one for your requirements
listen 80 default_server; #could also be 1.2.3.4:80
# Multiple hostnames separated by spaces. Replace these as well.
server_name star.yourdomain.com *.yourdomain.com; # Alternately: _
root /PATH/TO/WEBROOT;
error_page 404 errors/404.html;
access_log logs/star.yourdomain.com.access.log;
index index.php index.html index.htm;
# static file 404's aren't logged and expires header is set to maximum age
location ~* \.(jpg|jpeg|gif|css|png|js|ico|html)$ {
access_log off;
expires max;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_intercept_errors on;
# By all means use a different server for the fcgi processes if you need to
fastcgi_pass 127.0.0.1:YOURFCGIPORTHERE;
}
location ~ /\.ht {
deny all;
}
Related
I'm trying to launch my Yii2-advanced project on AWS' Elastic Beanstalk stack running an nginx server. I have been unable figure out a configuration that allows me to access the backend of the site. I have tried extending the nginx configuration via the AWS documentation:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/platforms-linux-extend.html
Which does not work. So I modify the configuration manually via vim from the command line.
While using combinations of the following configuration settings:
https://www.yiiframework.com/wiki/799/yii2-app-advanced-on-single-domain-apache-nginx
To no avail. I have tried alias and root for the backend folder and each variation I get either a 404 (file not found) or 502 (bad gateway) error.
At bare minimum, this is what I've tried to add to my nginx configuration:
root /var/www/html/frontend/web;
index index.php index.html index.htm;
location /backend/ {
root ../../backend/web;
}
What am I doing wrong?
Here you can see a fully working yii2 advanced app example nginx configuration. You can change it to match your needs.
App server:
mycoolapp.com
nginx
php7.4-fpm
Routes:
http://mycoolapp.com -- frontend
http://mycoolapp.com/admin -- backend
http://mycoolapp.com/api -- api
Nginx configuration:
server {
## Listen ports config
listen *:80 http2;
#listen *:443 ssl http2;
## Site name config
server_name mycoolapp.com;
## SSL config (uncomment if necessary)
#include /etc/nginx/ssl-snippets/ssl-snippet.conf;
## Access and error log files path
access_log /var/log/nginx/mycoolapp.com.access.log;
error_log /var/log/nginx/mycoolapp.com.error.log;
## Max upload size config
client_max_body_size 32m;
client_body_buffer_size 32m;
charset utf-8;
## Gzip config
gzip on;
gzip_types
text/plain
text/css
application/json
application/x-javascript
text/xml
application/xml
application/xml+rss
text/javascript
application/javascript;
## Path to app root (folder that contains frontend and backend folders)
set $base_root /var/www/html/mycoolapp;
root $base_root;
index index.php index.html;
## Frontend app config
## Entry point: https://mycoolapp.com
location / {
# Path to frontend web folder
root $base_root/frontend/web;
try_files $uri $uri/ /frontend/web/index.php$is_args$args;
## Omit static files logging, and if they don't exist, avoid processing by Yii (uncomment if necessary)
location ~ ^/.+\.(css|less|js|map|ico|png|jpe?g|gif|webp|svg|eot|ttf|woff|woff2|mp4|mov|swf|txt|pdf)$ {
expires 365d;
log_not_found off;
access_log off;
try_files $uri =404;
}
## Deny any php file in assets folder (security)
location ~ ^/assets/.+\.php(/|$) {
deny all;
}
}
## Backend app config
## Entry point: https://mycoolapp.com/admin
location /admin {
## Path to backend web folder
root $base_root/backend/web/;
## Redirect to the URL without a trailing slash (uncomment if necessary)
#location = /admin/ {
# return 301 /admin;
#}
## Prevent the directory redirect to the URL with a trailing slash
location = /admin {
try_files $uri /backend/web/index.php$is_args$args;
}
## Omit static files logging, and if they don't exist, avoid processing by Yii (uncomment if necessary)
location ~ ^/admin/.+\.(css|less|js|map|ico|png|jpe?g|gif|webp|svg|eot|ttf|woff|woff2|mp4|mov|swf|txt|pdf)$ {
rewrite ^/admin(/.+)$ $1 break;
log_not_found off;
access_log off;
try_files $uri =404;
}
## Deny any php file in assets folder (security)
location ~ ^/admin/assets/.+\.php(/|$) {
deny all;
}
try_files $uri $uri/ /backend/web/index.php$is_args$args;
}
## API app config
## Entry point: https://mycoolapp.com/api
location /api {
root $base_root/api/web/;
## Redirect to the URL without a trailing slash (uncomment if necessary)
#location = /api/ {
# return 301 /api;
#}
location = /api {
try_files $uri /api/web/index.php$is_args$args;
}
## Omit static files logging, and if they don't exist, avoid processing by Yii (uncomment if necessary)
location ~ ^/api/.+\.(css|less|js|map|ico|png|jpe?g|gif|webp|svg|eot|ttf|woff|woff2|mp4|mov|swf|txt|pdf)$ {
rewrite ^/api(/.+)$ $1 break;
log_not_found off;
access_log off;
try_files $uri =404;
}
## Deny any php file in assets folder (security)
location ~ ^/api/assets/.+\.php(/|$) {
deny all;
}
try_files $uri $uri/ /api/web/index.php$is_args$args;
}
## PHP configuration
location ~ ^/.+\.php(/|$) {
## Rewrites
rewrite (?!^/((frontend|api|backend)/web|api|admin))^ /frontend/web$uri break;
rewrite (?!^/api/web)^/api(/.+)$ /api/web$1 break;
rewrite (?!^/backend/web)^/admin(/.+)$ /backend/web$1 break;
## FPM config
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(.*)$;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files $fastcgi_script_name =404;
}
## Logging and access of restricted folders
location = /robots.txt { access_log off; log_not_found off; }
location = /favicon.ico { access_log off; log_not_found off; }
location ~* /CHANGELOG { access_log off; log_not_found off; deny all; }
location ~* /LICENSE { access_log off; log_not_found off; deny all; }
location ~* /README { access_log off; log_not_found off; deny all; }
location ~* /\. { access_log off; log_not_found off; deny all; }
}
"I'm setting up an Nginx server on Hostwinds for CI project which is in a subdirectory. Where I want to make a clean URL by removing index.php. Initially, this project was running on Apache server and with the help of .htaccess file, I have made a clean URL by removing index.php. But .htaccess file not works on the Nginx server. So, tell me what codes should I use to remove index.php from URL in 'Hostwinds' Server.
In subdirectory home page of projects opens but when you click on any of its links it will redirects you to 404 page.
I have tried various solution which is available on the internet but none of them worked for me. I have used this code inside nginx.conf file.
some of them:-
1)
location /category/subcategory {
try_files $uri $uri/ /category/subcategory/index.php;
}
2)
location /subfoldername/ {
root /usr/share/nginx/www/subfoldername;
try_files $uri $uri/ /index.php?$query_string;
}
3)
location /api/ {
alias /var/www/api/;
try_files $uri $uri/ /api/index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_pass backend;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
}
}
4)
location /nested {
alias /var/www/nested/public;
try_files $uri $uri/ /index.php$is_args$args;
}
...http {...
server {
listen 443 ssl http2;
#listen [::]:443 ssl http2 ipv6only=off;
server_name example.com;
location / {
index index.html index.htm index.php;
try_files $uri $uri/ #backend;
}
location #backend {
include proxy_params_common;
# === MICRO CACHING ===
# Comment the following line to disable 1 second micro-caching for dynamic
HTML content
include proxy_params_dynamic;
}
# Enable browser cache for static content files (TTL is 1 hour)
location ~* \.(?:json|xml|rss|atom)$ {
include proxy_params_common;
include proxy_params_static;
expires 1h;
}
# Enable browser cache for CSS / JS (TTL is 30 days)
location ~* \.(?:css|js)$ {
include proxy_params_common;
include proxy_params_static;
expires 30d;
}
# Enable browser cache for images (TTL is 60 days)
location ~* \.(?:ico|jpg|jpeg|gif|png|webp)$ {
include proxy_params_common;
include proxy_params_static;
expires 60d;
}
# Enable browser cache for archives, documents & media files (TTL is 60 days)
location ~* \.
(?:3gp|7z|avi|bmp|bz2|csv|divx|doc|docx|eot|exe|flac|flv|gz|less|mid|midi|mka|mkv|mov|mp3|mp4|mpeg|mpg|odp|ods|odt|ogg|ogm|ogv|opus|pdf|ppt|pptx|rar|rtf|swf|tar|tbz|tgz|tiff|txz|wav|webm|wma|wmv|xls|xlsx|xz|zip)$ {
set $CACHE_BYPASS_FOR_STATIC 1;
include proxy_params_common;
include proxy_params_static;
expires 60d;
}
# Enable browser cache for fonts & fix #font-face cross-domain restriction (TTL is 60 days)
location ~* \.(eot|ttf|otf|woff|woff2|svg|svgz)$ {
include proxy_params_common;
include proxy_params_static;
expires 60d;
#add_header Access-Control-Allow-Origin *;
}
# Prevent logging of favicon and robot request errors
location = /favicon.ico {
include proxy_params_common;
include proxy_params_static;
expires 60d;
log_not_found off;
}
location = /robots.txt {
include proxy_params_common;
include proxy_params_static;
expires 1d;
log_not_found off;
}
# Deny access to files like .htaccess or .htpasswd
location ~ /\.ht {
deny all;
}
}
Initially link:- www.example.com/index.php/search-result
resulted in link:- www.example.com/search-result
Using Azure Wordpress for Linux Web App, I'm trying to modify the nginx conf.d file to restrict access to wp-login.php and wp-admin directory by IP address. The directives that I'm trying to use either seem to completely allow access or completely deny access, it does not seem to respect allow x.x.x.x; at all.
Here is the code that I've placed in my server block:
location ~ ^(wp-admin|wp-login.php) {
try_files $uri $uri/ /index.php?$args;
index index.html index.htm index.php;
allow x.x.x.x;
deny all;
}
If I only have the deny all; directive, everything returns a 403 forbidden error. If I put in the allow directive, I can access it from any IP address and it never seems to throw an error.
I've noticed in my logs that this is showing up:
278#278: *25 access forbidden by rule, client: 172.19.0.1, server: _, request: "GET /wp-admin HTTP/1.1", host: "myhostname.com"
and that this precedes my server block in the default.conf file:
upstream php {
#server unix:/tmp/php-cgi.socket;
server 127.0.0.1:9000;
}
Is these something going on that basically makes all my inbound traffic appear to nginx as coming from the same IP address? Is there any way to "pass that down" ?
Here is the default.conf file:
upstream php {
server unix:/var/run/php/php7.0-fpm.sock;
#server 127.0.0.1:9000;
}
server {
listen 80;
## Your website name goes here.
server_name _;
## Your only path reference.
root /home/site/wwwroot;
## This should be in your http block and if it is, it's not needed here.
index index.php index.html;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Add locations of phpmyadmin here.
# Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtual
sendfile off;
set $skip_cache 0;
# POST requests and urls with a query string should always go to PHP
if ($request_method = POST) {
set $skip_cache 1;
}
if ($query_string != "") {
set $skip_cache 1;
}
# Don't cache uris containing the following segments
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
set $skip_cache 1;
}
# Don't use the cache for logged in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
set $skip_cache 1;
}
# Don't cache WooCommerce URLs
# Cart widgets are still a problem: https://github.com/emcniece/docker-wordpress/issues/3
if ($request_uri ~* "/(cart|checkout|my-account)/*$") {
set $skip_cache 1;
}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi.conf;
fastcgi_intercept_errors on;
fastcgi_pass php;
fastcgi_read_timeout 300;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache WORDPRESS;
fastcgi_cache_valid 60m;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
I started noticing today that I can see the IP address that I want under the PHP variable of $_SERVER['HTTP_X_CLIENT_IP'] --- Is there a way to test that under the allow/deny options, or to override the value that allow/deny looks at to use this other value? For example:
if ($http_x_client_ip != x.x.x.x) {
return 403;
}
I have to run wordpress and laravel side by side on the nginx server. The url structure required is example.com (to show the wordpress content) and example.com/testapp (for the laravel application). The config I am using for nginx currently, is doing just opposite.
server {
listen 80 default_server;
server_name default;
root /home/forge/default/public;
#root /home/forge/apen;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/default-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
Its handling all the routes starting with example.com except for example.com/testapp through laravel. example.com/testapp is serving the wordpress content. Wordpress folder is saved inside public folder of laravel.
I installed the wordpress seprately and and tried to create a separate server names in /etc/nginx/sites-available one for example.com and another for example.com/testapp. After this example.com is showing the wordpress content but example.com/testapp is not loading laravel content.
Add this to your vHost and try again! Hope it will work!
location /testapp/ {
# Do nothing. nginx will serve files as usual.
}
Let me know if it works!It will ignore the test app Directory and Wordpress will be able to take control of the Routes Having the /testapp/ Theoretically!
I've just switched from Apache to nginx and it still takes some getting used to (and a lot of learning).
I'm running a Pagekit website which has this configuration: https://gist.github.com/DarrylDias/be8955970f4b37fdd682
server {
listen 80;
listen [::]:80;
# SSL configuration
listen 443 ssl;
listen [::]:443 ssl;
ssl on;
ssl_certificate /etc/ssl/private/mydomain.com.crt;
ssl_certificate_key /etc/ssl/private/mydomain.com.private.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_client_certificate /etc/ssl/private/cloudflare.origin-pull-ca.pem;
ssl_verify_client on;
server_name mydomain.com www.mydomain.com;
root /home/vhosts/domains/mydomain.com/public/;
index index.php;
# Leverage browser caching of media files for 30 days
location ~* \.(?:ico|css|js|gif|jpe?g|png|ttf|woff)\$ {
access_log off;
expires 30d;
add_header Pragma public;
add_header Cache-Control "public, mustrevalidate, proxy-revalidate";
}
location / {
try_files $uri $uri/ /index.php?$args;
}
# Deny access to sensitive folders
location ~* /(app|packages|storage|tmp)/.*$ {
return 403;
}
# Deny access to files with the following extensions
location ~* \.(db|json|lock|dist|md)$ {
return 403;
}
# Deny access to following files
location ~ /(config.php|pagekit|composer.lock|composer.json|LICENSE|\.htaccess) {
return 403;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php7-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_param HTTP_MOD_REWRITE On;
}
}
Unforunately, many (including me) have the issue that files with extensions such as js|css|jpg|<etc> are getting a 403 response because they're located inside either the app or packages directory.
I've attempted multiple regexes to try and give the location for these files a higher priority in nginx, but they seemed to have no effect.
How should this config file be changed in order to allow these kind of files, but still return a 403 on all other files inside those directories?
EDIT: the file URL's look like https://example.com/app/js/something.min.js?v=1921 perhaps it doesn't work because of the ?v=1921 ?
According to nginx's document:
nginx checks locations given by regular expression in the order listed in the configuration file
So first you need to move your last location to the top.
Then the regular expression that tries to match static files is also incorrect. The dollar sign "$" should match the end of path but it was escaped by a prior backslash "\" (so it actually matches a character "$"). Remove the backslash will fix your issue:
location ~* \.(?:ico|css|js|gif|jpe?g|png|ttf|woff)$ {
...
}