How can I stop nginx from responding to non-local requests? - nginx

Here's what my nginx file looks like. However when I browse to my server using the ip, I still the the "Welcome to nginx!" page
server {
listen 127.0.0.1:9070;
root /var/www/[redacted]/public/;
index index.php index.html index.htm;
server_name [redacted];
location / {
try_files $uri $uri/ /index.php$is_args$args;
allow 127.0.0.1;
deny all;
}
# pass the PHP scripts to FastCGI server listening on /var/run/php5-fpm.sock
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}

I believe that you'll find that moving the allow/deny into the server clause will clear this up:
server {
listen 127.0.0.1:9070;
root /var/www/[redacted]/public/;
index index.php index.html index.htm;
server_name [redacted];
location / {
try_files $uri $uri/ /index.php$is_args$args;
allow 127.0.0.1;
deny all;
}
becomes:
server {
listen 127.0.0.1:9070;
root /var/www/[redacted]/public/;
index index.php index.html index.htm;
server_name [redacted];
allow 127.0.0.1;
deny all;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}

Related

Why nginx location directive doesn't work?

Salut! I'm learning nginx location directives. Now I faced a trouble:
server {
listen 80;
# server_name 127.0.0.1 localhost;
root /usr/share/nginx/html;
index index.php index.html index.htm index.nginx-debian.html;
location /rukovoditel/ {
index index.php index.html index.htm index.nginx-debian.html;
}
# location / {
# try_files $uri $uri/ =404;
# }
location ~ \.php$ {
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
}
location ~ /\.ht {
deny all;
}
}
This default.conf doesn't work correctly. When I go to 127.0.0.1/rukovoditel, I get an errror - connection refused.
But following default.conf works correctly!
server {
listen 80;
root /usr/share/nginx/html/rukovoditel;
index index.php index.html index.htm index.nginx-debian.html;
# location / {
# try_files $uri $uri/ =404;
# }
location ~ \.php$ {
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
}
location ~ /\.ht {
deny all;
}
}
Nginx service is running. -t output is correct.
Thanks for help!)

trouble with two locations in nginx config

I have 2 links: myserver.org and myserver.org/support
I need first link follow to /var/www/myserver.org and second to /var/www/support
My config now:
first file & link
server {
listen 80 default_server;
server_name groupmanager.org;
charset utf-8;
root /var/www/groupmanager.org;
index index.php;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
access_log /var/log/nginx/groupmanager.org_access.log;
error_log /var/log/nginx/groupmanager.org_error.log;
include /etc/nginx/templates/php-fpm.conf;
}
server {
listen 80;
server_name www.groupmanager.org;
rewrite ^(.*) http://groupmanager.org$1 permanent;
}
Second file & link:
server {
listen 80;
server_name 163.172.88.31/support;
charset utf-8;
root /var/www/support;
index index.php;
access_log /var/log/nginx/support_access.log;
error_log /var/log/nginx/support_error.log;
include /etc/nginx/templates/php-fpm.conf;
}
server {
listen 80;
server_name www.163.172.88.31/support;
rewrite ^(.*) http://163.172.88.31/support$1 permanent;
}
php-fpm.conf
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~ /\.ht {
deny all;
}
location ~* \.(gif|jpeg|jpg|txt|png|tif|tiff|ico|jng|bmp|doc|pdf|rtf|xls|ppt|rar|rpm|swf|zip|bin|exe|dll|deb|cur)$ {
expires 168h;
}
location ~* \.(css|js)$ {
expires 180m;
}
First link works fine, second - no. I see '403 Forbidden'
What is not rigth?
Permissions for folders are the same, I think, they are right.
For both /var/www/myserver.org and /var/www/support you have to make two separate nginx config file with two different roots and server names .
besides , if you just want to show two links you can setup nginx for one and link the second one with just an internal link ( if they are in the same page)
Try like this:
include /etc/nginx/default.d/*.conf;
server {
listen 80 default_server;
server_name myserver.org;
charset utf-8;
root /var/www/myserver.org;
index index.php;
include /etc/nginx/default.d/*.conf;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
in /etc/nginx/default.d/ directory , create a .config file test.config:
location myserver.org {
proxy_pass /myserver.org;
}
location myserver.org/support {
proxy_pass /var/www/support;
}
This works:
groupmanager.org.conf
server {
listen 80 default_server;
server_name groupmanager.org;
charset utf-8;
root /var/www/groupmanager.org;
index index.php;
location /support/ {
alias /var/www/support/;
index index.php;
access_log /var/log/nginx/support_access.log;
error_log /var/log/nginx/support_error.log;
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/$fastcgi_script_name;
}
}
access_log /var/log/nginx/groupmanager.org_access.log;
error_log /var/log/nginx/groupmanager.org_error.log;
include /etc/nginx/templates/php-fpm.conf;
}
server {
listen 80;
server_name www.groupmanager.org;
rewrite ^(.*) http://groupmanager.org$1 permanent;
}
php-fpm.conf
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~ /\.ht {
deny all;
}
location ~* \.(gif|jpeg|jpg|txt|png|tif|tiff|ico|jng|bmp|doc|pdf|rtf|xls|ppt|rar|rpm|swf|zip|bin|exe|dll|deb|cur)$ {
expires 168h;
}
location ~* \.(css|js)$ {
expires 180m;
}

Server with multiple projects in /var/www?

I have a server that I want to use as a personal server, with all of my projects under /var/www.
I currently have two folders, /var/www/html and /var/www/site.
I want to be able to access these folders by the following URLs (123.123.123.123 is my server IP):
123.123.123.123/html and 123.123.123.123/site
Here is my default virtual host file:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name 123.123.123.123;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
And here is the one I created for /var/www/site, called site:
server {
listen 80;
listen [::]:80;
# Because this site uses Laravel, it needs to point to /public
root /var/www/site/public;
index index.php index.html index.htm index.nginx-debian.html;
server_name 123.123.123.123;
location /site {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
But when I go to 123.123.123.123/site, it says 404 Not Found, so clearly I'm doing something wrong (and yes, I restarted nginx).
Please help!
You only need one server block, as both /html and /site live in the same server.
Use nginx -t to check that nginx really does restart without giving any errors.
As /site uses a complicated directory scheme, you will need to use a nested location block to get the paths correct.
Your first project seems to have a simple arrangement of static and PHP files. You can use a root /var/www; statement to map URIs beginning with /html to the html folder. See this document for more.
Something like this may work for you:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/;
index index.php index.html index.htm index.nginx-debian.html;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location ^~ /site {
alias /var/www/site/public;
if (!-e $request_filename) { rewrite ^ /site/index.php last; }
location ~ \.php$ {
if (!-f $request_filename) { return 404; }
include snippets/fastcgi-php.conf;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}
}
The default server does not need a server_name.

Nginx multiple domains doesn't work

I have a perfect configuration which is nginx, php5-fpm, apc, varnish and mariadb. Everything works flawless except;
I am hosting a single web site, since my server resources are high and available, I want to host other web sites on the same server. When I try to add different websites into nginx the service simply does not restart.
here's my configuration file when everything works:
server {
listen 8080;
root /usr/share/nginx/www;
index index.php index.html index.htm;
server_name www.domain1.com;
location / {
try_files $uri $uri/ /index.php?$args;
}
location /doc/ {
alias /usr/share/doc/;
autoindex on;
allow 127.0.0.1;
allow ::1;
deny all;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 365d;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
}
}
I don't want to use seperate files for different virtual hosts, I want to do everything in default file. But when I add another virtual host like below and save default file. nginx won't restart.
server {
listen 8080;
root /usr/share/nginx/www;
index index.php index.html index.htm;
server_name www.domain1.com;
location / {
try_files $uri $uri/ /index.php?$args;
}
location /doc/ {
alias /usr/share/doc/;
autoindex on;
allow 127.0.0.1;
allow ::1;
deny all;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 365d;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
}
}
server {
listen 8080;
root /usr/share/nginx/domain2;
index index.php index.html index.htm;
server_name www.domain2.com;
location / {
try_files $uri $uri/ /index.php?$args;
}
location /doc/ {
alias /usr/share/doc/;
autoindex on;
allow 127.0.0.1;
allow ::1;
deny all;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 365d;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
}
}
Please help me resolve this issue. I think something is conflicting but don't know what.
ok I found the solution just by investigating error log.
2014/08/19 21:55:07 [emerg] 5927#0: could not build the server_names_hash, you should increase server_names_hash_bucket_size: 32
error log tells me to increase hash bucket size..
I edited nginx.conf and set the bucket size to 32 as advised in error log, it didn't work at first, but then I set it to 64 and it worked.
just search for "bucket" in nginx.conf, uncomment it, then set to 64 (or above in some cases) it will work, unless there is another issue.

Nginx and subdomains

I'm trying to getting started with nginx. But I cant really understand what's going wrong with this code.
As you can see there are 2 domains:
mauromarano.it
dev.mauromarano.it
The first domains hosts a wordpress blog.
#####################
# mauromarano.it/ #
####################
server {
listen 80;
# listen [::]:80 default_server;
root /usr/share/nginx/mauromarano.it/public_html;
index index.html index.htm index.php;
# Make site accessible from http://localhost/
server_name mauromarano.it www.mauromarano.it;
access_log /usr/share/nginx/mauromarano.it/logs/access.log;
error_log /usr/share/nginx/mauromarano.it/logs/error.log;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.html;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
location /blog {
try_files $uri $uri/ /blog/index.php?$args;
}
location /doc/ {
alias /usr/share/doc/;
autoindex on;
allow 127.0.0.1;
allow ::1;
deny all;
}
location ~ .php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^(/blog)(/.*)$;
fastcgi_param SCRIPT_FILENAME /usr/share/nginx/mauromarano.it/public_html$fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
}
}
#####################
# mauromarano.com #
####################
server {
listen 80;
# listen [::]:80 default_server;
root /usr/share/nginx/mauromarano.com/public_html;
index index.html index.htm index.php;
# Make site accessible from http://localhost/
server_name mauromarano.com www.mauromarano.com;
access_log /usr/share/nginx/mauromarano.com/logs/access.log;
error_log /usr/share/nginx/mauromarano.com/logs/error.log;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.html;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
location /doc/ {
alias /usr/share/doc/;
autoindex on;
allow 127.0.0.1;
allow ::1;
deny all;
}
location ~ .php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME /usr/share/nginx/mauromarano.com/public_html$fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
}
}
#####################
# dev.mauromarano.it/ #
####################
server {
listen 80;
# listen [::]:80 default_server;
root /usr/share/nginx/dev.mauromarano.it/public_html;
index index.html index.htm index.php;
# Make site accessible from http://localhost/
server_name dev.mauromarano.it www.dev.mauromarano.it;
access_log /usr/share/nginx/dev.mauromarano.it/logs/access.log;
error_log /usr/share/nginx/dev.mauromarano.it/logs/error.log;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.html;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
location /doc/ {
alias /usr/share/doc/;
autoindex on;
allow 127.0.0.1;
allow ::1;
deny all;
}
location ~ .php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^(/blog)(/.*)$;
fastcgi_param SCRIPT_FILENAME /usr/share/nginx/dev.mauromarano.it/public_html$fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
}
}
Where I'm wrong?
My goal Is to having this two domains working. But in this way, the subdomains (dev.mauromarano.it) is not working.
The following clause is not needed for server blocks:
listen 80;
listen [::]:80 default_server;
This should solve the subdomain issue. In addition to this, you are missing the rewrite rules for wordpress. They should be as follows:
location / {
try_files $uri $uri/ #wordpress;
}
location #wordpress {
rewrite ^/(.*)$ /index.php?/$1 last;
}
Hopefully this will clear your problem. More info on it would mean more pointed solutions, however, so feel free to comment with any bugs you still have.

Resources