I have a medium to large size WordPress site running off a MediaTemple NGINX server, and CENTOS and I'm having trouble getting any location block properties applied. What the goal is, is to have a directory locked down so that only the server has access to it. From everything I've seen, the root I'm setting and the locations blocks are being called correctly, they just don't seem to be being noticed.
#user nginx;
worker_processes 24;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
# rewrite_log on;
include mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
sendfile on;
#tcp_nopush on;
keepalive_timeout 3;
#tcp_nodelay on;
#gzip on;
#gzip_disable "MSIE [1-6]\.(?!.*SV1)”;
index index.php index.html index.htm
server_tokens off;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
include /etc/nginx/conf.d/*.conf;
include fastcgi.conf;
server {
listen 80;
server_name domainname.com;
rewrite ^ $scheme://www.domainname.com$request_uri redirect;
}
server {
listen 80;
server_name www.domainname.com;
root /var/www/vhosts/domainname.com/httpdocs;
# Additional rules go here.
location ^~ /protected-folder/ {
allow 127.0.0.1;
deny all;
}
# include global/restrictions.conf;
location ~* \.php$ {
try_files $uri =404; # This is not needed if you have cgi.fix_pathinfo = 0 in php.ini (you should!)
fastcgi_pass 127.0.0.1:9000;
}
# Only include one of the files below.
include global/wordpress.conf;
# include global/wordpress-ms-subdir.conf;
# include global/wordpress-ms-subdomain.conf;
}
}
After every change I'm running:
sudo service nginx restart
Do I have to do a full server reboot?
Is there something wrong with the syntax above?
For any imports above, the content follows almost identical to the WordPress article on setting up NGINX for WordPress.
Any help on this would be appreciated.
Related
I have Nginx with three domains.
The sites, alphabetically are d.com, g.com, and m.com.
All three sites are single site WordPress installations.
g.com is https with a letsencrypt certificate and loads as expected.
m.com is not https and loads as expected
d.com loads m.com instead of its own folder.
I've been searching and reading for two weeks now and I cannot sort out what I have done wrong.
NEW INFORMATION
I discovered that the DNS for this was still at my old host ( mt ), it was pointing here correctly, but I decided to move it to the new host ( linode ).
Now if I use www.d.com I get the correct site loading from the correct folder. But if I leave off the www and just use d.com, I get redirected to www.m.com as a full redirect.
/etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
client_max_body_size 150M;
# server_tokens off;
server_names_hash_bucket_size 64;
# server_name_in_redirect off;
#fastcgi
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
# /snippits/ssl-params.conf
##
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
#ssl_prefer_server_ciphers on;
##
# Logging Settings
# Logs set in server blocks
##
error_log /var/log/nginx/http_error.log error;
##
# Gzip Settings
# /conf.d/gzip.conf
##
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
/etc/nginx/sites-available/d.com
server {
listen 80;
listen [::]:80;
server_name d.com www.d.com;
include snippets/expires-headers.conf;
root /var/www/html/d.com/public_html;
index index.php;
access_log /var/log/nginx/d.com/www-access.log;
error_log /var/log/nginx/d.com/www-error.log error;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_intercept_errors on;
include fastcgi_params;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME /var/www/html/d.com/public_html$fastcgi_script_name;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}
/etc/nginx/sites-available/g.com
server {
listen 80;
listen [::]:80;
server_name g.com www.g.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /var/lib/acme/live/g.com/fullchain;
ssl_certificate_key /var/lib/acme/live/g.com/privkey;
include snippets/ssl-params.conf;
include snippets/expires-headers.conf;
server_name g.com www.g.com;
root /var/www/html/g.com/public_html;
index index.html index.php;
access_log /var/log/nginx/g.com/www-access.log;
error_log /var/log/nginx/g.com/www-error.log error;
location /.well-known/acme-challenge/ {
alias /var/run/acme/acme-challenge/;
}
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
include fastcgi_params;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME /var/www/html/g.com/public_html$fastcgi_script_name;
}
}
/etc/nginx/sites-available/m.com
server {
listen 80;
listen [::]:80;
server_name m.com www.m.com;
include snippets/expires-headers.conf;
root /var/www/html/m.com/public_html;
index index.php;
access_log /var/log/nginx/m.com/www-access.log;
error_log /var/log/nginx/m.com/www-error.log error;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_intercept_errors on;
include fastcgi_params;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME /var/www/html/m.com/public_html$fastcgi_script_name;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}
There seems to be nothing wrong with your config, but my suspicion is that you created the config for d.com by copy/pasting the config from m.com and saved the file before making any changes and then either NGINX restarted or reloaded its configuration before you made your modifications to d.com config, which basically means that NGINX doesn't have your current configuration loaded.
You could reload the configuration. On Ubuntu/Debian is something like this:
sudo service nginx reload
You should also recheck and be absolutely sure that /var/www/html/d.com/public_html and /var/www/html/m.com/public_html are indeed serving different content.
After moving the DNS Zone file from Media Temple to Linode, http://www.d.com started loading the WordPress install from the correct folder, though http://d.com did not.
I tried another browser and found that in the other browser both were now working.
I don't understand why moving the DNS Zone file worked here.
I am curently configuring a nginx server with subdomains.
I am using noip.com for DNS service, which provide me a web adress similar to
mydomain.ddns.net
As I have subdomains, I want to access them by the adress http://mydomain.ddns.net/subdomain
In the server, the subdomain files are located here :
/var/www/mydomain.ddns.net/www/subdomain
My question is : what is the code to write in the mydomain.ddns.net nginx configuration file to redirect http://mydomain.ddns.net/subdomain to /var/www/mydomain.ddns.net/www/subdomain/welcome.php ?
Thank you in advance for your help
Quentin C
I'm not an expert of serving PHP with nginx, and I can't try this right now, but at least the configuration below should get you started.
Try to follow this guide to tweak it, while this should make searching the configuration docs a bit less painful.
user nginx nginx;
worker_processes 3;
worker_rlimit_nofile 2048;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
accept_mutex on;
use epoll; # for Linux
}
http {
server_tokens off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log combined;
sendfile on;
server {
listen 80;
server_name mydomain.ddns.net;
# To enable https
#
# listen 443 ssl;
# ssl_certificate /etc/nginx/sslfiles/certificate_chain.crt;
# ssl_certificate_key /etc/nginx/sslfiles/certificate_key_no_passphrase.key;
# ssl_session_cache shared:a_cache_name:1m;
# ssl_session_timeout 5m;
root /var/www/mydomain.ddns.net/www;
location / {
return 403; # forbidden
}
location #php_app {
fastcgi_split_path_info ^(.+?(\.php)?)(\/.*)?$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
}
location /subdomain_one/ {
try_files $uri/index.html #php_app;
}
}
}
I cannot access my site anymore using the ip address (or domain name). It always 404 Not Found I use Laravel Forge with Digital Ocean with Ubuntu 14.04.
Here's my sites-enabled/default nginx file
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/default/before/*; #That directory is empty
server {
listen 80;
server_name default;
root /home/forge/default/public;
# FORGE SSL (DO NOT REMOVE!)
# ssl_certificate;
# ssl_certificate_key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/default/server/*; #That directory is empty
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/default.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/default/after/*; #That directory is empty
nginx.conf (Without commented lines)
user forge;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
multi_accept on;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_names_hash_bucket_size 64;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
On sudo service nginx restart my nginx/error.log only contains:
2016/03/24 15:25:07 [notice] 8416#0: signal process started
My nginx/default.log is empty.
Any clue of what I could look into?
It doesn't look like you defined the default server correctly - as per the Nginx docs, it should be
server {
listen 80 default_server;
server_name _; # This is just an invalid value which will never trigger on a real hostname.
...
}
Note the listen 80 default_server; in particular
I'm new to nginx and I just can't determine why my nginx config doesn't work as expected. All I want to do is to make nginx prioritize index.html over index.php for every web root (/) request.
This is my nginx config:
user www-data;
worker_processes 4;
pid /var/run/nginx.pid;
events {
worker_connections 768;
multi_accept on;
}
http {
##
# Basic Settings
##
server {
location / {
index index.html index.php;
}
location ~ \.php$ {
fastcgi_pass localhost:9000;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
include fastcgi_params;
}
}
sendfile on;
tcp_nopush on;
tcp_nodelay off;
keepalive_timeout 15;
keepalive_requests 100000;
types_hash_max_size 2048;
client_body_in_file_only clean;
client_body_buffer_size 32K;
client_max_body_size 300M;
server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
----------------- cut ---------------
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
Where's my error? What's the correct way to write this nginx config?
If you explicitly request /index.html, is it served? If not, you might want to add an explicit root /path/to/root; to your server {} block. Also verify that index.html has the correct permissions.
This will help with troubleshooting: It will force a 404 if the root index.html is not found. If that happens, at least you can check the logs to see were it was looking:
location = / {
index index.html;
}
Also, be sure to do nginx -s reload when changing the config.
Convention:
You should keep location and server declarations in virtual host files (/etc/nginx/conf.d/*.conf; and /etc/nginx/sites-enabled/*;, as you can see from the nginx conf). Files in /etc/nginx/conf.d/*.conf; are typically symlinked to files in /etc/nginx/sites-enabled/*; in order to become "enabled"
Some things to try
See my blog post here which has a setup similar to yours.
Try moving your index index.html index.html index.php files directive outside of a location {} block
I have a site that uses subdirectories and currently only works when the trailing slash is added to the URL ("http://www.domain.com/dir/"). When there is no trailing slash, I get "unable to connect at server domain.com:8080" (8080 is the listening port Nginx is set up for).
I've tried adding the rewrite suggested here (and here), but it results in the "cannot connect" error for the entire virtual host.
Is there another way to add the trailing slash that I could try? Or, is there a way I can configure it to see the URL as a directory (and thus, look for the index file), regardless of the presence of the trailing slash?
Edit
Nginx.conf:
user www-data;
worker_processes 4;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
# multi_accept on;
}
http {
include /etc/nginx/mime.types;
access_log /var/log/nginx/access.log;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
gzip on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
map $scheme $fastcgi_https { ## Detect when HTTPS is used
default off;
https on;
}
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
Server block:
server {
listen 8080;
server_name domain.com www.domain.com;
include www.inc;
root /var/vhosts/domain/current/frontend/;
include php.inc;
}
Php.inc:
index index.php;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
#fastcgi_param ENVIRONMENT production;
fastcgi_param HTTPS $fastcgi_https;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_intercept_errors on;
fastcgi_connect_timeout 10;
fastcgi_send_timeout 15;
fastcgi_read_timeout 120;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
include fastcgi_params;
}
www.inc:
if ($host ~ ^([^\.]+\.com)) {
rewrite ^/(.*)$ http://www.$host/$1 permanent;
}
Change server {} block to
server {
listen 8080;
port_in_redirect off;
server_name www.domain.com domain.com; #Order matters!
include www.inc;
root /var/vhosts/domain/current/frontend/;
include php.inc;
}