NGINX | NetworkError: 401 Unauthorized ~ but it works? - nginx

I've a really strange issue mostly with images and sometimes with URLs, too. (on my NGINX setup)
Sometimes I find following message in the console of Firebug the message:
"NetworkError: 401 Unauthorized - http://myproject.mydomain.com/images/20150812/sample1.png"
or
"NetworkError: 401 Unauthorized - http://myproject.mydomain.com/appliaction/item/18/#"
But the strange thing is, these things are loaded! There aren't anything missing. So I'm a little bit confused about this error message.
Configuration:
myproject-file in "sites-available" and "sites-enabled"
server {
listen 80;
#listen 443 ssl;
server_name myproject.mydomain.com;
root /srv/www/myproject;
access_log /var/log/nginx/myproject-access.log;
error_log /var/log/nginx/myproject-error.log;
include global/dev.conf;
}
dev.conf
## Disable Access
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
## Open instead listing (start)
index index.php index.html index.htm;
## Redirect Default Pages
# error_page 404 /404.html;
## favicon.ico should not be logged
location = /favicon.ico {
log_not_found off;
access_log off;
}
## Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
## Deny all attems to access possible configuration files
location ~ \.(tpl|yml|ini|log)$ {
deny all;
}
## XML Sitemap support.
location = /sitemap.xml {
log_not_found off;
access_log off;
}
## robots.txt support.
location = /robots.txt {
log_not_found off;
access_log off;
}
location ~ \.php$ {
# try_files $uri $uri/ =404;
## NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
fastcgi_split_path_info ^(.+\.php)(/.+)$;
## required for upstream keepalive
# disabled due to failed connections
#fastcgi_keep_conn on;
include fastcgi_params;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
client_max_body_size 24M;
client_body_buffer_size 128k;
## Timeout for Nginx to 5 min
fastcgi_read_timeout 300;
## upstream "php-fpm" must be configured in http context
fastcgi_pass php-fpm;
}
#URL Rewrite
location / {
try_files $uri $uri/ /index.php?$args;
}
Any idea?

Related

Nginx server multiple site and domain redirection (on same port/different port)

I am trying to host multiple unrelated sites on the same nginx server. How do I edit the http.conf and the https.conf file in order to make it work?
ORIGINAL HTTP.CONF
server {
listen 2333;
server_name port1.example.com;
rewrite ^/(.\*) http://port1.example.com/$1 permanent;
root /var/www/html;
index index.php index.html;
# set max upload size
client_max_body_size 2G;
fastcgi_buffers 64 4K;
access_log /var/log/nginx/http_access.log combined;
error_log /var/log/nginx/http_error.log;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ \.php$
{
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~* \.(htaccess|htpasswd) {
deny all;
}
# set long EXPIRES header on static assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
expires 30d;
access_log off;
}
}
ORIGINAL HTTPS.CONF
server {
listen 4433 ssl default_server;
server_name _;
ssl_certificate /etc/nginx/ssl/port2.example.com.crt;
ssl_certificate_key /etc/nginx/ssl/port2.example.com.key;
root /usr/share/nginx/html;
index index.php index.html;
# set max upload size
client_max_body_size 2G;
fastcgi_buffers 64 4K;
access_log /var/log/nginx/https_access.log combined;
error_log /var/log/nginx/https_error.log;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ \.php$
{
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~* \.(htaccess|htpasswd) {
deny all;
}
# set long EXPIRES header on static assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
expires 30d;
access_log off;
}
}
My port 4433 is on SSL obviously. How can I get port 2333 to work only on port1.example.com and port 4433 to work only on port2.example.com It's better if 2333 can be served on SSL, too.
Thanks guys for viewing. I ended up using Nginx and it was way faster setting up using multiple .conf files in the /etc/nginx/conf folder.

Nginx showing blank page on my website after upgrading

I upgraded my nginx package via apt-upgrade (running ubuntu 14.04) and now, when I've tried to connect to my website, it only shows a blank page (no error message).
This is what my nginx configuration file looks like:
server {
listen 80;
server_name www.example.com;
root /home/forge/example.com/public;
# FORGE SSL (DO NOT REMOVE!)
# ssl on;
# ssl_certificate;
# ssl_certificate_key;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/example.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
server {
listen 80;
server_name example.com;
return 301 http://www.example.com$request_uri;
}
Also, the error.log shows this message: conflicting server name "www.example.com" on 0.0.0.0:80, ignored
Second time today I'm seeing the use of fastcgi_split_pathinfo without setting a document root and path info setting. Where does that come from? In addition the match is on \.php$, so it won't ever match on path info requests.
I'm guessing there lies the root of your problem as fastcgi_params has been upgraded.

Nginx block for multiple domains to redirect all traffic to https?

I have a web server running nginx 1.6 with one IP address and hosting www.domainname.com as well as dev.domainname.com.
I'm trying to find a smart way to route all http traffic to https and I want to make sure that my default server is the 'www' live version of the time. So the end goal is that unless the user specifies https://dev.domainname.com they will be redirected to https://www.domainname.com.
My nginx.conf setup is configured to include for '/etc/nginx/etc/sites-enabled/*'. So my configuration example is located at 'etc/nginx/sites-enabled/www.domainname.com'.
So my question is there a better way to handle this type of setup?
# redirect all non https
server {
# all traffic should be over https
listen 80 default;
# listen for all server names
server_name *.domainname.com;
# redirect to www with https
return 301 $scheme://www.domainname.com$request_uri;
}
# configuration for the non-www redirect
server {
# non-www server name
server_name domainname.com;
# return to www
return 301 $scheme://www.domainname.com$request_uri;
}
# configuration for the live website
server {
# configuration for all https sites
listen 443 default_server ssl;
ssl on;
# www server name
server_name www.domainname.com;
# root to public directory
root /path/to/www.domainname.com/public;
# ssl certificates
ssl_certificate /etc/nginx/ssl/www.domainname.com/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/www.domainname.com/server.key;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
# error logs for www site
error_log /var/log/nginx/www.domainname.com-error.log error;
}
# configuration for the dev site
server {
# dev server name
server_name dev.domainname.com;
# root to public directory
root /path/to/dev.domainname.com/public;
# ssl certificates - using multi domain ssl
ssl_certificate /etc/nginx/ssl/www.domainname.com/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/www.domainname.com/server.key;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
# error logs for dev site
error_log /var/log/nginx/dev.domainname.com-error.log error;
}

Dynamic root with subdomain not working with Nginx

I tried everything I could, I can not make it work.
I'd like to redirect my subdomains to a specific folder in my Debian server using NGinx, here's the configurations I tried :
server {
listen 8080;
server_name ~^(?<user>.+)\.example\.net$;
root /srv/www/example.net/$user;
}
=> error is :
Starting nginx: [emerg]: unknown "user" variable configuration file
/etc/nginx/nginx.conf test failed
(note: I also tried without the ^ as indicated here : Nginx server_name regexp not working as variable)
If I try this instead :
server {
listen 8080;
server_name *.example.net$;
root /srv/www/example.net/$1;
}
Error is on the request :
2013/08/20 15:38:42 [error] 5456#0: *6 directory index of
"/srv/www/example.net//" is forbidden, client: xxx.xxx.xxx.xxx, server:
*.example.net, request: "GET / HTTP/1.1", host: "test.example.net:8080"
Aka, $1 is empty !
The documentation is wrong then :
http://nginx.org/en/docs/http/server_names.html
Update:
This is working (taken from https://serverfault.com/questions/457196/dynamic-nginx-domain-root-path-based-on-hostname):
server {
server_name ~^(.+)\.example\.com$;
root /var/www/example.com/$1/;
}
BUT I'd like to display PHP Pages, and if I add the following in my server {}, the $1 is then empty (wtf?) :
index index.php index.html;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make sure files with the following extensions do not get loaded by nginx because nginx would display the source code, and these files can contain PASSWORDS!
location ~* \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_ {
deny all;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ {
expires max;
log_not_found off;
}
location ~ \.php$ {
server_tokens off;
try_files $uri $uri/ /index.php?$args;
fastcgi_pass unix:/tmp/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
fastcgi_intercept_errors off;
fastcgi_send_timeout 30s;
fastcgi_read_timeout 30s;
}
I finally found the solution, and it's not so pretty.
In fact it was a mix of an old NGinx version (0.7.67, in Debian Squeeze) and some odd reaction (maybe from this version) of the NGinx configuration.
The following code works fine, but successful only in a NGinx version of 1.2.1 (it fails in 0.7.67, and not tested in other versions) :
map $host $username {
~^(?P<user>.+)\.example\.com$ $user;
}
server {
listen 80;
server_name *.example.com;
root /var/www/example.com/$username;
index index.php index.html;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make sure files with the following extensions do not get loaded by nginx because nginx would display the source code, and these files can contain PASSWORDS!
location ~* \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_ {
deny all;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ {
expires max;
log_not_found off;
}
location ~ \.php$ {
server_tokens off;
try_files $uri $uri/ /index.php?$args;
fastcgi_pass unix:/tmp/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
fastcgi_intercept_errors off;
fastcgi_send_timeout 30s;
fastcgi_read_timeout 30s;
}
}
This alternative also works (for newer PCRE versions) :
map $host $username {
~^(?<user>.+)\.example\.com$ $user;
}
I had to combine all found solutions to create my own working .conf This is my answer from similar question https://stackoverflow.com/a/40113553/1713660
server {
listen 80;
server_name ~^(?P<sub>.+)\.example\.com$;
root /var/www/$sub;
location / {
index index.php index.html;
}
}
The correct form is:
server {
listen 8080;
server_name ~^(?P<user>.+)\.example\.net$;
location / {
root /srv/www/example.net/$user;
}
}

Magento Wordpress Nginx Configuration

I have a Magento shop at http://example.com and I want to keep a Wordpress blog at http://example.com/blog.
I have installed the blog and everything seems to be fine but when am logging to Wp-Admin am getting 404 for css and js files due to which dashboard is looking very ugly.
Am I doing any mistake? am attaching my nginx config file
##################################################################################
#
# example.com
#
##################################################################################
server {
listen 80;
server_name example.com ;
#charset koi8-r;
#access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location / {
root /usr/share/nginx/html/mebozo-magento.mebozo.com;
try_files $uri $uri/ #handler; ## If missing pass the URI to Magento's front handler
index index.php index.html index.htm;
}
location /blog {
root /usr/share/nginx/html/mebozo-magento.mebozo.com/blog;
try_files $uri $uri/ /blog/index.php;
index index.php index.html index.htm;
rewrite ^.*/files/(.*) /wp-includes/ms-files.php?file=$2;
rewrite ^.*/wp-admin(.*) $1wp-admin/;
}
location ~* ^.+\.(html|jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$
{
root /usr/share/nginx/html/mebozo-magento.mebozo.com/blog;
rewrite ^/.*(/.*\.(html|jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js))$ $1 last;
rewrite ^.*/files/(/.*(html|jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js))$/wp-includes/ms-files.php?file=$1 last;
expires 30d;
break;
}
## These locations would be hidden by .htaccess normally
#location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
#expires 1y;
#log_not_found off;
#}
location ~ .php/ {
## Forward paths like /js/index.php/x.js to relevant handler
rewrite ^(.*.php)/ $1 last;
}
################For Foomen Speedster###############
#rewrite ^/minify/([0-9]+)(/.*.(js|css))$ /lib/minify/m.php?f=$2&d=$1 last;
# rewrite ^/skin/m/([0-9]+)(/.*.(js|css))$ /lib/minify/m.php?f=$2&d=$1 last;
# location /lib/minify/ {
# allow all;
# }
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
}
#############gzip###########
gzip on; # use gzip compression
gzip_min_length 1100;
gzip_buffers 4 8k;
gzip_proxied any; # enable proxy for the fcgi requests
gzip_types text/plain text/css application/x-javascript text/javascript application/json;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
location #handler { ## Magento uses a common front handler
rewrite / /index.php;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
# if (!-e $request_filename) { rewrite / /index.php last; } ## Catch 404s that try_files miss
root /usr/share/nginx/html/mebozo-magento.mebozo.com;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html/mebozo-magento.mebozo.com$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
I will attempt to solve this puzzle by suggesting that we clean up your nginx config file. Your */files/ rewrites look to be problematic to me.
Without knowing what your nginx.conf file looks like OR what your http {block} looks like, I will assume that it is pretty clean and that you are handling your global settings like gzip types, ssl protocols and ciphers, and additional headers, etc. there. I know that you included your gzip on in your file but sometimes duplicate that in server not realizing it is already set a layer above... if not add your gzip back in as necessary. All that said, after reading your conf file completely and I would suggest rewriting it to something like this:
(Note: the new URI level location and the #rewrites, and the removal of redundant root path definitions.)
server {
listen 80;
listen [::]:80;
## SSL CONFIGURATION (can be done here in same file)
#listen 443 ssl http2;
#listen [::]:443 ssl http2;
#ssl_certificate /etc/nginx/ssl/cert_chain.crt;
#ssl_certificate_key /etc/nginx/ssl/star_example.com.priv.key;
# domain name
server_name example.com www.example.com;
# doc root
root /usr/share/nginx/html/mebozo-magento.mebozo.com;
## Logs per vhost
access_log /var/log/nginx/example.com.access.log;
error_log /var/log/nginx/example.com.error.log warn;
## This can also be set in your http block and if it is, it's not needed here.
index index.php index.html index.htm;
# Adjust upload max file size settings
# This value should match your PHP.ini config settings for upload_max_filesize
client_max_body_size 50M; # allows file uploads up to 50 megabytes
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
## Main Magento location
location / {
try_files $uri $uri/ #rewrite;
}
# Your blog location
location /blog/ {
try_files $uri $uri/ #rewrite_blog;
}
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx;
}
## These locations are protected
location ~ /(app|downloader|includes|pkginfo|var|errors/local.xml)/ {
deny all;
}
## Images
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
access_log off;
add_header ETag "";
}
location =/js/index.php/x.js {
rewrite ^(.*\.php)/ $1 last;
}
# rewrites
location #rewrite {
rewrite / /index.php?$args;
}
location #rewrite_blog {
rewrite /blog/ /blog/index.php?$args;
}
## Execute PHP scripts
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
## Store code with multi store/domain magento instance
#fastcgi_param MAGE_RUN_CODE $mage_code;
#fastcgi_param MAGE_RUN_TYPE $mage_type;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# Banned locations (only reached if the earlier PHP entry point regexes don't match)
location ~* (\.php$|\.sh$|\.txt$|\.htaccess$|\.git|\.sample$|mage$) {
deny all;
}
}

Resources