Symfony2, Wordpress and Nginx: How should configuration file look like - wordpress

I have a project set up on Nginx running on Symfony2 with Wordpress blog in it. Wordpress blog is inside web/ in Symfony2. Some things on the blog doesn't work (for example infinite 302 on wp-admin and some CSS issues). Can someone show me how proper config file for this setup should look like?
Mine looks like this:
server {
listen 80;
server_name project.com *.project.com;
return 301 https://www.project.com$request_uri;
root /usr/share/nginx/html/project.com/web;
error_log /var/log/nginx/project.error.log;
access_log /var/log/nginx/project.access.log;
client_max_body_size 12M;
# strip app.php/ prefix if it is present
#rewrite ^/app\.php/?(.*)$ /$1 permanent;
location / {
index app.php;
try_files $uri #rewriteapp;
if ($http_host ~ "^[^.]+\.[^.]+$"){
rewrite ^(.*)$ https:%1://www.$http_host$request_uri redirect;
}
}
location #rewriteapp {
rewrite ^(.*)$ /app.php/$1 last;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ .php {
#fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS off;
}
}
server {
listen 443;
ssl on;
ssl_certificate /etc/nginx/ssl/www.project.com/project-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/www.project.com/project.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !MEDIUM";
ssl_dhparam dh4096.pem;
server_name project.com *.project.com;
root /usr/share/nginx/html/project.com/web;
error_log /var/log/nginx/project.error.log;
access_log /var/log/nginx/project.access.log;
client_max_body_size 12M;
# strip app.php/ prefix if it is present
rewrite ^/app\.php/?(.*)$ /$1 permanent;
location / {
index app.php;
try_files $uri #rewriteapp;
if ($http_host ~ "^[^.]+\.[^.]+$"){
rewrite ^(.*)$ https:%1://www.$http_host$request_uri redirect;
}
}
location /blog/wp-admin/ {
index index.php;
# #try_files $uri #rewriteindex;
# try_files $uri $uri/ /index.php?$args;
}
#location #rewriteindex {
# rewrite ^(.*)$ /blog/wp-admin/index.php/$1 last;
#}
location #rewriteapp {
rewrite ^(.*)$ /app.php/$1 last;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ .php {
#fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS off;
}
location .(js|jpg|png|css)$ {
root /usr/share/nginx/html/project.com/web;
expires 30d;
}
}
This config file is just a mess. It might be better just to start from scratch but I'm not sure how I should handle the Wordpress part inside web/blog/

location ~ /blog {
proxy_pass http://your_wp_server_url;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
and define in a new site enabled file in nginx the server for wordpress:
server{
server_name your_wp_server_url;
root path_to_wordpress;
.
.
.
}

Related

Prestashop nginx Categories 404

i try to configure my Prestashop with nginx.
Everything works except the categories. I have some friendly URL Rewrite:
{categories:/}{rewrite}/
Like: myurl.com/fuellmaterial/
Nginx give me a 404 for that category sites. The problem is that the server add "index.html" to the url, i can see that in the error.log
Error 404 GET /fuellmaterial/ HTTP/1.1 SSL/TLS-Zugriff für nginx
Error 15130#0: *1295 "/var/www/vhosts/myurl.com/httpdocs/fuellmaterial/index.html" is not found (2: No such file or directory) nginx-Fehler
How can i remove that index.html for categories? Any Ideas?
thanks
This configuration should work as it is on our PHP 7 / Nginx / Presta 1.6 production configuration, don't forget to uncomment and edit for your needs like SSL configuration :
server {
listen *:80;
#listen *:443 ssl;
#ssl_certificate /root/etc/letsencrypt/live/www.domain.tld/fullchain.pem;
#ssl_certificate_key /root/etc/letsencrypt/live/www.domain.tld/privkey.pem;
server_name www.domain.tld;
access_log /var/log/nginx/www.domain.tld.access.log;
error_log /var/log/nginx/www.domain.tld.error.log;
root /var/www/www.domain.tld;
index index.html index.htm index.php;
client_max_body_size 60M;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
fastcgi_connect_timeout 600;
fastcgi_send_timeout 600;
fastcgi_read_timeout 600;
rewrite ^/api/?(.*)$ /webservice/dispatcher.php?url=$1 last;
rewrite ^/([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$1$2$3.jpg last;
rewrite ^/([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$1$2$3$4.jpg last;
rewrite ^/([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$1$2$3$4$5.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg last;
rewrite ^/c/([0-9]+)(\-[\.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ /img/c/$1$2$3.jpg last;
rewrite ^/c/([a-zA-Z_-]+)(-[0-9]+)?/.+\.jpg$ /img/c/$1$2.jpg last;
rewrite ^/images_ie/?([^/]+)\.(jpe?g|png|gif)$ /js/jquery/plugins/fancybox/images/$1.$2 last;
try_files $uri $uri/ /index.php$is_args$args;
error_page 404 /index.php?controller=404;
#ssl_session_timeout 24h;
#ssl_session_cache shared:SSL:10m;
#ssl_dhparam /etc/ssl/dhparam.pem;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:RSA+3DES:AES128-SHA:!ADH:!AECDH:!MD5;
#ssl_prefer_server_ciphers on;
#ssl_stapling on;
#ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=31536000;
resolver 127.0.0.1;
location ~* \.(eot|ttf|woff|eof|woff2|css|js|jsonp|jpg|jpeg|gif|png|ico|svg|webm|mp3|mp4)$ {
add_header Access-Control-Allow-Origin *;
# ~ 10 Days
expires 604800s;
}
location ~ \.tpl {
deny all;
}
location ~ [^/]\.php(/|$) {
fastcgi_index index.php;
include fcgi.conf;
# depending on version, could be : include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}

my website download .sh pages instead of display them

when i click on this link for example: http://debian.local/cgi-bin/hobbitcolumn.sh?bbgen it download the .sh file instead of show it.
i tried to put fastcgi_ params in location ^~ /hobbit but still not working.
could you help me please
thanks
here is my sites-available/debian.local.conf:
# /etc/nginx/sites-available/debian.local.conf
# HTTP server
server {
listen 80; ## listen for ipv4; this line is default and implied
#listen [::]:80 default_server ipv6only=on; ## listen for ipv6
# Make site accessible from http://localhost/
server_name debian.local localhost ;
# On redirige toutes les requêtes vers HTTPS
#rewrite ^ https://$server_name$request_uri? permanent;
location ^~ /glpi {
root /home/cedric/web;
index index.php;
location ~ /glpi(/.*\.php) {
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
}
}
location ^~ /hobbit {
alias /usr/lib/hobbit/server/www/ ;
index index.html ;
}
location /cgi-bin/ {
alias /usr/lib/hobbit/cgi-bin/;
}
location /cgi-secure/ {
alias /usr/lib/hobbit/cgi-secure/ ;
}
}
server {
listen 443 ssl;
server_name debian.local localhost ;
root html;
index index.html index.htm;
# Use a self-signed certificate to ensure
# secure connexion to phpmyadmin
ssl_certificate debian.local.crt;
ssl_certificate_key debian.local.key;
ssl_session_timeout 5m;
# Access only latest browsers
ssl_protocols TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
location / {
try_files $uri $uri/ =404;
}
location /zabbix {
if ($scheme ~ ^http:){
rewrite ^(.*)$ https://$host$1 permanent;
}
alias /usr/share/zabbix;
index index.php;
error_page 403 404 502 503 504 /zabbix/index.php;
location ~ \.php$ {
if (!-f $request_filename) { return 404; }
expires epoch;
include /etc/nginx/fastcgi_params;
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
location ~ \.(jpg|jpeg|gif|png|ico)$ {
access_log off;
expires 33d;
}
}
location /phpmyadmin {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
location /phpMyAdmin {
rewrite ^/* /phpmyadmin last;
}
## Xcache admin pages
location /xcache {
alias /usr/share/xcache/;
try_files $uri $uri/ /index.php;
location ~ ^/xcache/(.+\.php)$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi_params;
}
}
}
this is what appear instead of the web page:
#!/bin/sh QS="${QUERY_STRING}" QUERY_STRING="db=columndoc.csv&key=${QS}" export QUERY_STRING . /usr/lib/hobbit/server/etc/hobbitcgi.cfg exec /usr/lib/hobbit/server/bin/bb-csvinfo.cgi $CGI_HOBBITCOLUMN_OPTS
You should use the default_type directive in the interested location, for example:
location /cgi-bin/ {
alias /usr/lib/hobbit/cgi-bin/;
default_type text/plain;
}
I made it work.
This helped me: https://www.howtoforge.com/serving-cgi-scripts-with-nginx-on-debian-squeeze-ubuntu-11.04-p3
i intalled Fcgiwrap and edited my sites-available/debian.local.conf like this:
location /cgi-bin/ {
# Disable gzip (it makes scripts feel slower since they have to complete
# before getting gzipped)
gzip off;
# Set the root to /usr/lib (inside this location this means that we are
# giving access to the files under /usr/lib/cgi-bin)
alias /usr/lib/hobbit/cgi-bin/;
# Fastcgi socket
fastcgi_pass unix:/var/run/fcgiwrap.socket;
# Fastcgi parameters, include the standard ones
include /etc/nginx/fastcgi_params;
# Adjust non standard parameters (SCRIPT_FILENAME)
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
Thanks.

Nginx PHP file plaintext rendered

I'm having a main domain example.com and an example.com/admin/. This admin domain has a different document root and will render the admin interface. The problem currently is that the file is server plain-text by nginx. So I can basically see the index.php file. I'm trying to figure it out, but no success yet.
This is my nginx config:
server {
listen 127.0.0.1:8080;
server_name www.example.me;
rewrite ^(.*) http://example.me$1 permanent;
}
server {
listen 127.0.0.1:8080;
server_name example.me;
root /var/www/example.me/laravel/example/public/;
index index.html index.htm index.php;
error_log /var/log/nginx/example.me.error.log error;
access_log /var/log/nginx/example.me.access.log;
port_in_redirect off;
merge_slashes on;
client_max_body_size 20M;
error_page 404 =301 http://example.me;
location / {
#Don't use slash at end
rewrite ^/(.*)/$ /$1 permanent;
# add rewrite rule here:
# block access to /index.(php|htm|html)
if ($request_uri ~ "/index.(php|html?)") {
rewrite ^ /$1 permanent;
}
if (!-e $request_filename) {
rewrite ^.*$ /index.php last;
}
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_intercept_errors on;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ^~ /admin {
root /var/www/example.me/zend/public/;
index index.php;
try_files /index.php$is_args$args $uri;
auth_basic "example Admin";
auth_basic_user_file /var/www/example.me/zend/public/.htpasswd;
rewrite_log on;
access_log /var/log/nginx/adminexample.access.log;
error_log /var/log/nginx/adminexample.error.log notice;
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
#fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_param SCRIPT_FILENAME /var/www/example.me/zend/public$fastcgi_script_name;
}
}
}

nginx serve static files over both https and http

So, I want to secure only the login and admin part of my website. The problem is that the admin uses some common static files that are used on the general site as well. This means that when I am in the admin those files should be served over https while when I am on the general site they should be served as http.
How can I configure nginx to behave this way?
The configuration I use so far is bellow:
server {
listen 80;
server_name site.com www.site.com;
root /home/site_folder/web;
index index.php;
location ~ /(get-involved|contribute|api) {
return 301 https://$server_name$request_uri;
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param HTTPS on;
fastcgi_param SCRIPT_FILENAME /home/site_folder/web/index.php;
}
location / {
root /home/site_folder/web;
if (-f $request_filename) {
expires max;
break;
}
try_files $uri $uri/index.php;
rewrite ^(.*) /index.php last;
}
}
server {
listen 443 ssl;
ssl_certificate path_to_ssl.crt;
ssl_certificate_key path_to_key.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
server_name site.com www.site.com;
root /home/site_folder/web;
index index.php;
location ~ /(get-involved|contribute|api) {
root /home/site_folder/web;
if (-f $request_filename) {
expires max;
break;
}
try_files $uri $uri/index.php;
rewrite ^(.*) /index.php last;
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param HTTPS on;
fastcgi_param SCRIPT_FILENAME /home/site_folder/web/index.php;
}
location / {
return 301 http://$server_name$request_uri;
}
}

Nginx configuration for a wordpress blog in a subfolder of magento root

I have installed a Magento extension to have a wordpress blog integrated with Magento.
Basically, the WP is in a subdirectory of the Magento root. I want to create multiple sites with subdirectories but I can't make it work due to the nginx configuration.
Wordpress is in his /wp subdirectory (http://example.com/wp/wp-admin/) and the others sites are accessible from http://example.com/wp/ca/wp-admin/ and http://example.com/wp/en/wp-admin/
Here is whats I got so far :
server
{
server_name dev.example.com;
access_log /var/log/nginx/example.access.log;-
error_log /var/log/nginx/example.error.log;
root /var/www/example;
location ^~ /wp {
index index.php index.html index.htm;
try_files $uri $uri/ /wp/index.php?q=$uri&$args;
# Multisite
if (!-e $request_filename) {
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
rewrite ^/wp(/[^/]+)?(/wp-.*) /wp$2 last;
rewrite ^/wp(/[^/]+)?(/.*\.php)$ /wp$2 last;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_pass 127.0.0.1:9000;
}
}
set $mage_developer true;
set $mage_code es;
set $mage_type store;
include snippets.d/magento-site;-
}
and in snippets.d/magento-site :
# Serve static pages directly,
# otherwise pass the URI to Magento's front handler
location / {
index index.php;
try_files $uri $uri/ #handler;
expires 30d;-
}
# Disable .htaccess and other hidden files
location /. {
return 404;
}
# Allow admins only to view export folder
location /var/export/ {
auth_basic "Restricted";
auth_basic_user_file htpasswd;
autoindex on;
}
# These locations would be hidden by .htaccess normally
location /app/ { deny all; }
location /includes/ { deny all; }
location /lib/ { deny all; }
location /media/downloadable/ { deny all; }
location /pkginfo/ { deny all; }
location /report/config.xml { deny all; }
location /var/ { deny all; }
# Magento uses a common front handler
location #handler {
rewrite / /index.php;
}
# Forward paths like /js/index.php/x.js to relevant handler
location ~ .php/ {
rewrite ^(.*.php)/ $1 last;
}
# Execute PHP scripts
location ~ .php$ {
# Catch 404s that try_files miss
if (!-e $request_filename) { rewrite / /index.php last; }
expires off;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_param MAGE_RUN_CODE $mage_code;
fastcgi_param MAGE_RUN_TYPE $mage_type;
fastcgi_ignore_client_abort on;
fastcgi_read_timeout 900s; # 15 minutes
}
Thanks for your help.
Wanted to pass along a full conf file for anyone who needs to configure this. Please keep in mind, many file paths are unique your your server configuration.
Please note, you'll need to adjust the following parameters based on file paths on your server:
server_name domain.com www.domain.com;
ssl_certificate /sslpath/domain.com.crt;
ssl_certificate_key /sslpath/domain.com.key;
root /webrootpath/domain.com;
rewrite ^/blogpath(.*) /blogpath/index.php?q=$1;
location ^~ /blogpath {
error_log /data/log/nginx/domain.com_error.log;
access_log /data/log/nginx/domain.com_access.log;
Here is the full nginx conf file:
server {
listen 80;
server_name domain.com www.domain.com;
rewrite ^ https://$server_name$request_uri? permanent;
}
server {
listen 443;
server_name domain.com www.domain.com;
ssl on;
ssl_certificate /sslpath/domain.com.crt;
ssl_certificate_key /sslpath/domain.com.key;
ssl_session_timeout 30m;
root /webrootpath/domain.com;
index index.php;
location / {
index index.html index.php;
try_files $uri $uri/ #handler;
expires 30d;
}
location #wp {
rewrite ^/blogpath(.*) /blogpath/index.php?q=$1;
}
location ^~ /blogpath {
root /webrootpath/domain.com;
index index.php index.html index.htm;
try_files $uri $uri/ #wp;
location ~ \.php$ {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_pass 127.0.0.1:9000;
}
}
location ~ ^/(app|includes|lib|media/downloadable|pkginfo|report/config.xml|var)/ { internal; }
location /var/export/ { internal; }
location /. { return 404; }
location #handler { rewrite / /index.php; }
location ~* .php/ { rewrite ^(.*.php)/ $1 last; }
location ~* .php$ {
if (!-e $request_filename) { rewrite / /index.php last; }
expires off;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param MAGE_RUN_CODE default;
fastcgi_param MAGE_RUN_TYPE store;
include fastcgi_params;
}
error_log /data/log/nginx/domain.com_error.log;
access_log /data/log/nginx/domain.com_access.log;
}
Well, in the end, it works passing all request to the blog to Apache and creating the site in the virtual hosts corresponding.
location ~ ^/blog {
proxy_pass http://apache:80;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 6000s;
}
If someone succeed to make it work with Nginx only, I'm looking forward to his answer :)
Why run Apache? Doesn't make sense to run 2 webservers.
Try adding this to your nginx conf.
location #wp {
rewrite ^/wp(.*) /wp/index.php?q=$1;
}
location ^~ /wp {
root /var/www/example;
index index.php index.html index.htm;
try_files $uri $uri/ #wp;
location ~ \.php$ {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_pass 127.0.0.1:9000;
}
}

Resources