Website and Piwik on same server produces 403 - nginx

i've got a site on xyz.com and piwik on xyz.com/piwik. Piwik is running fine, but unfortunately not all data - requested by piwik - are handled by the server.
I've watched behaviour like:
xyz.com/piwik/ -> error
xyz.com/piwik/index.php -> is fine
xyz.com/piwik/?module=... -> error
nginx.conf
# Configuration containing list of application servers
upstream wsgi_cluster {
server ***.***.112.44:5000;
}
# Default server configuration
#
server {
listen 80;
error_log /var/log/nginx/http.error.log warn;
server_name xxx;
return 301 https://$server_name$request_uri;
}
# HTTPS server
server {
listen 443 ssl;
server_name xxx;
auth_basic "Restricted";
root /usr/share/nginx/html;
index index.html index.htm;
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
error_log /var/log/nginx/https.error.log warn;
charset utf-8;
location /piwik/ {
location ~ /piwik/(.*\.php)(/.*)?$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
#fastcgi_split_path_info ^(.+\.php)(/.+)$;
#fastcgi_pass unix:/var/run/php5-fpm.sock;
#fastcgi_index index.php;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
}
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 60s;
proxy_send_timeout 90s;
proxy_read_timeout 90s;
proxy_buffering off;
proxy_temp_file_write_size 64k;
proxy_pass http://wsgi_cluster;
proxy_redirect off;
}
# Deny certain User-Agents (case insensitive)
# The ~* makes it case insensitive as opposed to just a ~
if ($http_user_agent ~* "Baiduspider|Jullo|AcoiRobot" ) {
return 403;
}
error_page 502 /502.html;
location = /502.html {
root /etc/nginx/;
internal;
}
error_page 401 /401.html;
location = /401.html {
root /etc/nginx/;
internal;
}
}
my-site.conf
# Configuration containing list of application servers
upstream wsgi_cluster {
server ***.***.112.44:5000;
}
# Default server configuration
#
server {
listen 80;
error_log /var/log/nginx/http.error.log warn;
server_name xxx;
return 301 https://$server_name$request_uri;
}
# HTTPS server
server {
listen 443 ssl;
server_name xxx;
auth_basic "Restricted";
root /usr/share/nginx/html;
index index.html index.htm;
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
error_log /var/log/nginx/https.error.log warn;
charset utf-8;
location /piwik/ {
location ~ /piwik/(.*\.php)(/.*)?$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
#fastcgi_split_path_info ^(.+\.php)(/.+)$;
#fastcgi_pass unix:/var/run/php5-fpm.sock;
#fastcgi_index index.php;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
}
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 60s;
proxy_send_timeout 90s;
proxy_read_timeout 90s;
proxy_buffering off;
proxy_temp_file_write_size 64k;
proxy_pass http://wsgi_cluster;
proxy_redirect off;
}
# Deny certain User-Agents (case insensitive)
# The ~* makes it case insensitive as opposed to just a ~
if ($http_user_agent ~* "Baiduspider|Jullo|AcoiRobot" ) {
return 403;
}
error_page 502 /502.html;
location = /502.html {
root /etc/nginx/;
internal;
}
error_page 401 /401.html;
location = /401.html {
root /etc/nginx/;
internal;
}
}

You are missing any default action for the /piwik/ URI. Presumably, if no other matching file is found, you would like the /piwik/index.php URI to be tried. Add a try_files directive to the outer location block, for example:
location /piwik/ {
try_files $uri /piwik/index.php$is_args$args;
location ~ /piwik/(.*\.php)(/.*)?$ { ... }
}

Related

Nginx routing issue - http server and https server

I have two nginx files in my sites-available. One is for a https domain and another for and http domain. I have the routing for the https domain to route domain1.com to https://www.domain1.com, but instead, it routes to the http domain I have set up, http://www.domain2.com. Can anybody help me out? I've tried google the issue but nothing has help so far.
domain1 setup
server{
server_name http://domain1.com
return 301 https://www.domain1.com$request_uri;
}
server {
listen 443 ssl;
server_name www.domain1.com;
ssl_certificate /home/node/www.domain1.com.crt;
ssl_certificate_key /home/node/www.domain1.com.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_redirect off;
access_log /var/log/nginx/mainacc.log;
proxy_pass http://127.0.0.1:3000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
}
}
domain2 setup
server {
listen 80;
listen [::]:80;
server_name domain2.com www.domain2.com;
root /var/www/html;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}
You are missing the listen 80 directive at top of your domain1 setup block
this should work
server {
listen 80 ;
listen [::]:80 ;
server_name domain1.com, www.domain1.com;
# return 301 https://www.domain1.com$request_uri;
rewrite ^/(.*) https://www.domain1.com/$1 permanent;
}
Did this do the trick ?

wordpress nginx ssl redirect loop

So I'm setting up an nginx server and installed wordpress and SSL.
The site is working perfectly on both http and https but when I try to redirect http to https via nginx's server block, both http and https results in a endless redirect loop.
Here's my server block
server {
listen 80;
return 301 $server_name$request_uri;
listen 443 ssl spdy;
root /var/www/wordpress;
index index.php index.html index.htm;
server_name www.example.com;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
spdy_headers_comp 6;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /etc/ssl/certs/www.example.com.certchain.crt;
ssl_certificate_key /etc/ssl/private/www.example.com.key;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
add_header Alternate-Protocol 443:npn-spdy/2;
proxy_set_header X-Forwarded-Proto https;
access_log /var/log/nginx/example.com.access.log;
error_log /var/log/nginx/example.com.error.log;
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location / {
proxy_set_header X-Forwarded-Proto $scheme;
# try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php?q=$uri&$args;
if ($http_referer ~* (buttons-for-website.com)) { return 444; }
if ($http_referer ~* (semalt.com)) { return 444; }
}
location ~ \.(hh|php)$ {
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
fastcgi_keep_conn on;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache microcache;
fastcgi_cache_valid 200 60m;
}
location ~ \.php$ {
location #fallback {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache microcache;
fastcgi_cache_valid 200 60m;
}
# Cache Static Files For As Long As Possible
location ~*
\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|$
{
access_log off;
log_not_found off;
expires max;
}
# Security Settings For Better Privacy Deny Hidden Files
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# Return 403 Forbidden For readme.(txt|html) or license.(txt|html)
if ($request_uri ~* "^.+(readme|license)\.(txt|html)$") {
return 403;
}
# Disallow PHP In Upload Folder
location /wp-content/uploads/ {
location ~ \.php$ {
deny all;
}
}
}
I'd really appreciate anyone's help. I commented out that "return 301" in 3rd line and google indexed both http and https version of the same page and deindexed most of my pages and dropped rankings for several keywords.
Thanks a bunch in advance!
Try separating the non ssl server block so you'd have this
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl spdy;
root /var/www/wordpress;
....

Location directive for Nginx not being observed

I have a Ruby on Rails application that is working great with the nginx configuration pasted below. The problem is, I'm trying to add a new url http://www.example.com/gpp that will point to a completely directory path/app on the server. Here's my configuration:
upstream fi {
server unix:/media/apps/example/shared/tmp/pids/thin.0.sock;
server unix:/media/apps/example/shared/tmp/pids/thin.1.sock;
server unix:/media/apps/example/shared/tmp/pids/thin.2.sock;
server unix:/media/apps/example/shared/tmp/pids/thin.3.sock;
}
server {
listen 80;
gzip on;
gzip_min_length 1000;
gzip_types application/json text/css application/x-javascript;
server_name example.com www.example.com;
sendfile on;
keepalive_timeout 65;
client_max_body_size 2m;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
#root /media/apps/example/current/public;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
location ~ \.php$ {
root /usr/share/nginx/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location / {
root /media/apps/example/current/public;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_connect_timeout 3600;
send_timeout 3600;
proxy_read_timeout 3600;
if (!-f $request_filename) {
proxy_pass http://fi;
break;
}
}
location /gpp {
alias /media/apps/podcast;
index index.php index.html index.htm;
}
}
Whenever I visit http://www.example.com/gpp it just goes to the Rails app listed in location / instead of the PHP app I have running in /media/apps/podcast. I also tried changing the alias directive to root but that doesn't do the trick either.
I don't see a location directive for your /media/apps/podcast alias. I think this
location /gpp {
alias /media/apps/podcast;
index index.php index.html index.htm;
}
should just be
location /gpp {
root /media/apps/podcast;
index index.php index.html index.htm;
}
Give this a try:
location /podcast {
root /media/apps/;
index index.php index.html index.htm;
location ~ ^/podcast/(.+\.php)$ {
try_files $uri =404;
root /media/apps/;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~* ^/podcast/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /media/apps/;
}
}
location /gpp {
rewrite ^/* /podcast last;
}

Can multi laravel based sites be accessed by folder not by port?

Now, I have two projects(sites) based on Laravel + PHP + MySQL + Nginx, vistors can access them by typing:
http://www.mysite.com:80
http://www.mysite.com:8001
Can I change the accessing method to virtual folder not by port?
http://www.mysite.com/project1
http://www.mysite.com/project2
The nginx conf files are (at /etc/nginx/conf.d/):
project1.conf
server {
listen *:80;
server_name mysite.com www.mysite.com;
server_tokens off;
root /var/www/html/project1/public;
client_max_body_size 100m;
access_log /var/log/nginx/project1_access.log;
error_log /var/log/nginx/project1_error.log;
location / {
index index.php index.html;
if (!-f $request_filename){
rewrite (.*) /index.php;
}
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
project2.conf
server {
listen *:80;
server_name www.mysite.com;
server_tokens off;
root /var/www/html/project2/public;
client_max_body_size 100m;
access_log /var/log/nginx/project2_access.log;
error_log /var/log/nginx/project2_error.log;
location / {
index index.php index.html;
if (!-f $request_filename){
rewrite (.*) /index.php;
}
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
The only decent way to do it is by folder and virtual host rather than port.
Sure - an example config will look like this:
1 Define your app servers
server {
listen 8080;
root /var/www/html/project1/public;
......
}
server {
listen 8081;
root /var/www/html/project2/public;
......
}
2 Define your proxy server
server {
listen 80;
server_name mysite.com www.mysite.com;
.....
location /project1 {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
.....
}
location /project2 {
proxy_pass http://localhost:8081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
....
}
}

nginx configuration root

Help me to configure nginx index file option, please.
Any requests except the main page i want to redirect to some handler file and the main page request to index.html file.
Something like this:
example.com/123/ -> /root/handler.php
example.com/123.php -> /root/handler.php
example.com/ -> /root/index.html
Answer
i use this config
listen 80;
server_name domain.com;
root /srv/http/domain.com;
index index.html;
charset utf-8;
access_log /var/log/http/x_nginx_access.log main;
error_log /var/log/http/x_nginx_error.log warn;
auth_basic "Restricted access";
auth_basic_user_file /srv/http/$host/.htpasswd;
location = / {
index index.html;
}
location / {
try_files $uri $uri/ /handler.php?$args;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires 24h;
log_not_found off;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ /\.ht {
deny all;
}
location ~ \.php {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Request-Filename $request_filename;
fastcgi_param SCRIPT_FILENAME /srv/http/$host$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
proxy_read_timeout 512;
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
}

Resources