Laravel: 403 when trying to access any folder/file in /public - http

I got Laravel's 4.2 homestead server (nginx).
So, if I write in any view something like this:
<script src="media/js/application.js"></script>
<link rel="icon" href="media/img/branding/favicon.png" type="image/x-icon">
<link rel="stylesheet" href="media/css/markdown.css">
It includes all files propetly, but code below doesn't work (403 error):
<div style="background-image: url(media/img/image.jpg)"></div>
Also, if I try to access some folder/file in /public directly it returns 403 too. Why? That's my nginx site config (the truth is this is a auto-generated homestead config):
vagrant#homestead:~/work/Timetable$ cat /etc/nginx/sites-enabled/timetable.dev
server {
listen 80;
listen 443 ssl;
server_name timetable.dev;
root "/home/vagrant/work/Timetable/public";
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/timetable.dev-error.log error;
sendfile off;
client_max_body_size 100m;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors off;
fastcgi_buffer_size 16k;
fastcgi_buffers 4 16k;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
}
location ~ /\.ht {
deny all;
}
ssl_certificate /etc/nginx/ssl/timetable.dev.crt;
ssl_certificate_key /etc/nginx/ssl/timetable.dev.key;
}

You gave two questions, for the first one :
Your media folder should have been under assets folder, then to include it :
asset('media/img/image.jpg');
For the second question , it already exists on this site : Laravel Homestead: 403 forbidden on nginx

<div style="background-image: url(/media/img/image.jpg)"></div>
add extra / before media.

I'm not familiar with nginx, but are you 100% sure that the folder permissions are what they should be? 403 translates to forbidden meaning that somewhere in your config or permissions, it is disallowing access.
What if you try chmod -R 777 public? Does it work if you do that?

Related

Slim NGINX Rewriting Url to Look Nicer

I am using slim nginx. The site is live, vagrant homestead. An example of my url is
myurl.com/?page=admins <-- ugly
I want to make it look like this
myurl.com/page/admins <-- user friendly
myurl.com/page/orders
simply just want to remove the ? and replace = with /
I've tried this and many other things but no solution for a while now (I am completely new to this so I am a bit lost)
my etc/nginx/sites-available/myurl.com file so far:
server {
listen 80;
listen 443 ssl http2;
server_name .myurl.com;
root "/home/vagrant/code/admin";
index index.html index.htm index.php api.php;
charset utf-8;
location / {
try_files $uri $uri/ /api.php$is_args$args;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/myurl.com-error.log error;
sendfile off;
client_max_body_size 100m;
location ~ \.php {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors off;
fastcgi_buffer_size 16k;
fastcgi_buffers 4 16k;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
}
location ~ /\.ht {
deny all;
}
ssl_certificate /etc/nginx/ssl/myurl.com.crt;
ssl_certificate_key /etc/nginx/ssl/myurl.com.key;
}
server {
rewrite ^/page/(.*)$ /?page=$1 last;
location / {
proxy_pass https://myurl.com;
}
}
last bit of code is my current attempt (suggested by Robert)
Help would be greatly appreciated as I have been stuck on this issue for hours and have researched almost all of the available resources out there!
Assuming you want your users to interact with the application using https://myurl.com/page/admins the rewrite would look similar to this
server {
rewrite ^/page/(.*)$ /?page=$1 last;
location / {
proxy_pass https://1.2.3.4;
}
}
Take a look at either of the following for more information
https://www.nginx.com/blog/creating-nginx-rewrite-rules/
http://nginx.org/en/docs/http/ngx_http_rewrite_module.html

nginx: how to serve file from a subfolder of root?

My local dev env is configured on nginx as is
server {
listen 80;
server_name project.local;
root /var/www/project.local/public;
charset utf-8;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
# Questi due parametri sono fondamentali
# per le app Laravel
# => https://serverfault.com/a/927619/178670
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
The problem is only about a folder /fonts that is inside the root, at /var/www/project.local/fonts
Note: it's not my code, I inherited it... :(
Note 2: it's an old laravel 5.4 project
Actually when the website looks for fonts/some.file I got a 404, but the file is already here.
What should I change in nginx conf to allow serving /fonts/some.file from /var/www/project.local/fonts ?
Why actually is not working?
Fixed adding
location /fonts {
root /var/www/prod.revisions;
}

Bolt CMS on Vagrant does not parse PHP

My vagrant box doesn't parse PHP-files for Bolt CMS.
I'm a dev for years now, been working in Vagrant since about 5 years, and never had serious problems.
I wanted to give Bolt CMS a try, but when I fire my browser to the correct url (http://sallys.local:8000) it always wants to download the index-file (or any other file) instead of parsing it.
My vagrant-box is updated to the latest version 8.10, I use Nginx, but it seems as Nginx isn't called. I activated the acces-log and it shows no entries. For my other projects, same box, it does.
The Nginx-config for this one is:
server {
listen 80;
listen 443 ssl;
server_name sallys.local;
root "/home/vagrant/sallys/public";
index index.html index.htm index.php app.php;
charset utf-8;
location / {
try_files $uri $uri/ /app.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
# access_log off;
access_log /var/log/nginx/sallys.local-ssl-acces.log;
error_log /var/log/nginx/sallys.local-ssl-error.log error;
sendfile off;
client_max_body_size 100m;
# DEV
location ~ ^/(app_dev|config)\.php(/|$) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors off;
fastcgi_buffer_size 16k;
fastcgi_buffers 4 16k;
}
# PROD
location ~ ^/app\.php(/|$) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors off;
fastcgi_buffer_size 16k;
fastcgi_buffers 4 16k;
# Prevents URIs that include the front controller. This will 404:
# http://domain.tld/app.php/some-path
# Remove the internal directive to allow URIs like this
internal;
}
location ~ /\.ht {
deny all;
}
ssl_certificate /etc/nginx/ssl/sallys.local.crt;
ssl_certificate_key /etc/nginx/ssl/sallys.local.key;
}
I have a similar setup for my other projects, and they all respond on port 8000. And parse PHP-files correctly. This seems to be a noob-problem. But I can't find the problem in here.
when I'm using the built-in server, it does work. So there must be a problem with Nginx.
Any one any idea?
Thanks
Tim
It looks like that is an Nginx site config for a Symfony 2/3 set-up (Symfony 4 is simpler FWIW), so it won't work "out of the box", so to speak.
My guess would be the location / {} as that is referencing app.php, and by default, a Bolt install will use index.php as the index file in the webroot.
There is a specific documentation page in Bolt's documentation that covers Nginx configuration specifically for a Bolt install, and I'd guess that'd be enough for your use case.
Thanks for pointing me out, Gawain. I tried your solution, but it didn't work. I removed the entries in my homestead file, reprovisioned vagrant, ..... and it works...
There is a new config generated:
server {
listen 80;
listen 443 ssl http2;
server_name sallys.local;
root "/home/vagrant/sallys/public";
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/sallys.local-error.log error;
sendfile off;
client_max_body_size 100m;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors off;
fastcgi_buffer_size 16k;
fastcgi_buffers 4 16k;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
}
location ~ /\.ht {
deny all;
}
ssl_certificate /etc/nginx/ssl/sallys.local.crt;
ssl_certificate_key /etc/nginx/ssl/sallys.local.key;
}

redirecting to root, even if query is empty

All my links is redirecting to root, where I serve the file "index.php".
This is my nginx config :
/etc/nginx/sites-available/myproject.local
server {
listen 80;
listen 444 ssl http2;
server_name .buildurlshortener.local;
root "/home/vagrant/codecourse/buildurlshortener/public";
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/buildurlshortener.local-error.log error;
sendfile off;
client_max_body_size 100m;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors off;
fastcgi_buffer_size 16k;
fastcgi_buffers 4 16k;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
}
location ~ /\.ht {
deny all;
}
ssl_certificate /etc/nginx/ssl/buildurlshortener.local.crt;
ssl_certificate_key /etc/nginx/ssl/buildurlshortener.local.key;
}
If I make a post request to "http://myproject.local/something", it works.
But a post request to the root, i.e. http://myproject.local, is not working.
I get "405 Not Allowed" from nginx.
If I add a rule with "location ~ { ... }", then I can post to "http://myproject.local". But now it is "http://myproject.local/something" that is not working.
How can I also serve "index.php" from the root ("/"), without breaking my other routes ?
One of the causes of message "405 Not Allowed" is that nginx can't serve static content on POST-request. Could you show config more detailed?
To this line :
location ~ .php$
I appended |/$ :
location ~ .php$|/$
So that it can also accept an empty query.
Now I can use post requests to "myproject.local", "myproject.local/index.php", ""myproject.local/someroute".

Dynamic root with subdomain not working with Nginx

I tried everything I could, I can not make it work.
I'd like to redirect my subdomains to a specific folder in my Debian server using NGinx, here's the configurations I tried :
server {
listen 8080;
server_name ~^(?<user>.+)\.example\.net$;
root /srv/www/example.net/$user;
}
=> error is :
Starting nginx: [emerg]: unknown "user" variable configuration file
/etc/nginx/nginx.conf test failed
(note: I also tried without the ^ as indicated here : Nginx server_name regexp not working as variable)
If I try this instead :
server {
listen 8080;
server_name *.example.net$;
root /srv/www/example.net/$1;
}
Error is on the request :
2013/08/20 15:38:42 [error] 5456#0: *6 directory index of
"/srv/www/example.net//" is forbidden, client: xxx.xxx.xxx.xxx, server:
*.example.net, request: "GET / HTTP/1.1", host: "test.example.net:8080"
Aka, $1 is empty !
The documentation is wrong then :
http://nginx.org/en/docs/http/server_names.html
Update:
This is working (taken from https://serverfault.com/questions/457196/dynamic-nginx-domain-root-path-based-on-hostname):
server {
server_name ~^(.+)\.example\.com$;
root /var/www/example.com/$1/;
}
BUT I'd like to display PHP Pages, and if I add the following in my server {}, the $1 is then empty (wtf?) :
index index.php index.html;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make sure files with the following extensions do not get loaded by nginx because nginx would display the source code, and these files can contain PASSWORDS!
location ~* \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_ {
deny all;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ {
expires max;
log_not_found off;
}
location ~ \.php$ {
server_tokens off;
try_files $uri $uri/ /index.php?$args;
fastcgi_pass unix:/tmp/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
fastcgi_intercept_errors off;
fastcgi_send_timeout 30s;
fastcgi_read_timeout 30s;
}
I finally found the solution, and it's not so pretty.
In fact it was a mix of an old NGinx version (0.7.67, in Debian Squeeze) and some odd reaction (maybe from this version) of the NGinx configuration.
The following code works fine, but successful only in a NGinx version of 1.2.1 (it fails in 0.7.67, and not tested in other versions) :
map $host $username {
~^(?P<user>.+)\.example\.com$ $user;
}
server {
listen 80;
server_name *.example.com;
root /var/www/example.com/$username;
index index.php index.html;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make sure files with the following extensions do not get loaded by nginx because nginx would display the source code, and these files can contain PASSWORDS!
location ~* \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_ {
deny all;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ {
expires max;
log_not_found off;
}
location ~ \.php$ {
server_tokens off;
try_files $uri $uri/ /index.php?$args;
fastcgi_pass unix:/tmp/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
fastcgi_intercept_errors off;
fastcgi_send_timeout 30s;
fastcgi_read_timeout 30s;
}
}
This alternative also works (for newer PCRE versions) :
map $host $username {
~^(?<user>.+)\.example\.com$ $user;
}
I had to combine all found solutions to create my own working .conf This is my answer from similar question https://stackoverflow.com/a/40113553/1713660
server {
listen 80;
server_name ~^(?P<sub>.+)\.example\.com$;
root /var/www/$sub;
location / {
index index.php index.html;
}
}
The correct form is:
server {
listen 8080;
server_name ~^(?P<user>.+)\.example\.net$;
location / {
root /srv/www/example.net/$user;
}
}

Resources