How to handle multiple websites through FastCGI server - nginx

I'm interested in serving multiple .Net sites using Nginx for the front end proxying to fastcgi-server. I would like to know if its possible to support 2 sites on a single fastcgi-mono-server4 port (9000) or if the accepted practice to is to create a port for each site? When specifying a webapp file there seems to be nowhere to specify whether to use 9000 or 9001 so I'm confused unless you can specify a pool of fastcgi processes. I found when attempting 2 sites on Port 9000 using a webapp configuration file with 2 hosts... the same site was served on both urls.
Thanks

Yes. The fastcgi-mono-server4(mono 3.12.1) can take more than one webapp in single proc.
It seems that the fastcgi-mono-server only use the vhost+vport+vpath to match the webapp node defined in .webapp file.
Setup two webapp in different port 80 vs. 81
my_nginx.conf
server {
listen 80;
server_name localhost;
location / {
root /home/test/www;
index index.html Default.aspx;
fastcgi_pass 127.0.0.1:9000;
include /etc/nginx/fastcgi_params;
}
}
server {
listen 81;
server_name localhost;
location / {
root /home/test/www2;
index index.html Default.aspx;
fastcgi_pass 127.0.0.1:9000;
include /etc/nginx/fastcgi_params;
}
}
two.webapp
it contains 2 webapp nodes
<apps>
<web-application>
<name>www</name>
<vhost>*</vhost>
<vport>80</vport>
<vpath>/</vpath>
<path>/home/test/www/</path>
<enabled>true</enabled>
</web-application>
<web-application>
<name>www2</name>
<vhost>*</vhost>
<vport>81</vport>
<vpath>/</vpath>
<path>/home/test/www2/</path>
<enabled>true</enabled>
</web-application>
</apps>
I just tested use the vport to distinct them, and succeed. I think using vhost or vpath or any combination of vhost+vport+vpath should worked.
start the fastcgi server
listening in 9000 port.
fastcgi-mono-server4 --appconfigfile=./two.webapp /socket=tcp:127.0.0.1:9000

Related

Nginx redirects to unwanted port

I’m trying to host 2 different websites - one static non-wordpress site, and one wordpress subdomain site - on my own pi server (test sites). Whenever accessing the subdomain site test.mysite.co.uk, it instead loads test.mysite.co.uk:4323 at the unwanted port 4323. The main mysite.co.uk site loads correctly however.
Initially I’ve been running these test sites locally (on different ports - the main site on port 4321 and subdomain on 4323) until I decided to deploy them using real domain names. However, presumably you cannot configure DNS to point to a specific IP and port (presumably a DNS record just points to an IP only), so I changed both the 2 domains’ conf files to listen to port 80 (as apparently you can define the server names to tell nginx which site to load - called virtual hosts?). Note that I have DNS A records for mysite.co.uk and test.mysite.co.uk that both point to the same public IP address of my router.
Nowhere is there a reference to port 4323 anymore, so I am confused as to why the subdomain still insists on forwarding to that port. I’ve been using incognito mode on chrome so there should be no caching issues. My router forwards external port 80 to internal port 80, and I’ve restarted the nginx server multiple times. The default port of my pi itself is no longer 80.
Here’s the /etc/nginx/sites-available/mysite.co.uk.conf file:
server {
listen 80;
listen [::]:80;
root /var/www/mysite.co.uk;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name mysite.co.uk www.mysite.co.uk;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
}
And here’s the /etc/nginx/sites-available/test.mysite.co.uk.conf file:
upstream wp-php-handler {
server unix:/var/run/php/php7.4-fpm.sock;
}
server {
listen 80;
server_name test.mysite.co.uk;
root /var/www/wp.mysite.co.uk;
index index.php;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass wp-php-handler;
}
}
Both .conf files are also symlinked to their respective sites-enabled folders.
Not sure if this means anything but loading local_ip:80 (or without :80 as presumably it assumes :80) in a web browser returns the Apache2 Ubuntu Default Page.
As per this post, I’ve tried adding port_in_redirect off, autoindex on and proxy_redirect http://test.mysite.co.uk:4323/ http://test.mysite.co.uk/ but to no avail.
Does anyone have any ideas of what I’m doing wrong?
UPDATE:
I've managed to create another test non-wordpress site that's exactly the same as the first non-wordpress site but called copy.mysite.co.uk, which seems to work. I'm assuming the problem with the wordpress test site may be to do with its config (although I can't see anything wrong with the code I've listed here)?

Securing phpMyAdmin by whitelisting IPs and changing alias

I’m trying to figure out the best way of securing access to my MariaDB database. I have a root non-wordpress site with 2 wordpress sites as directories (/blog and /shop) - each with separate databases - that use phpMyAdmin as a database viewer (accessible at /phpmyadmin). I want to increase the security so that it can’t be hacked so easily. However, I can’t seem to implement any of the recommended security measures.
Creating a .htaccess and in /usr/share/phpmyadmin and adding the following to whitelist IPs and block all other IPs has no effect:
Order Deny,Allow
Deny from All
Allow from 12.34.56.78
Changing the phpMyAdmin url via the config file (so it’s not accessible at /phpmyadmin) also seems to have no effect.
I’m assuming that it’s because apache is not running (I use Nginx to run my main domain and the 2 wordpress sites). I can’t run apache and Nginx simultaneously (presumably because they’re both fighting for port 80), but what I don’t get is that when Nginx is running and apache is supposedly not running, how is the /phpmyadmin link still accessible?
Here’s my .conf file in /etc/nginx/sites-available (also symlinked to sites-enabled):
upstream wp-php-handler-four {
server unix:/var/run/php/php7.4-fpm.sock;
}
server {
listen 1234 default_server;
listen [::]:1234 default_server;
root /var/www/site;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html index.php;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location /blog {
try_files $uri $uri/ /blog/index.php?$args;
}
location /shop {
try_files $uri $uri/ /shop/index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass wp-php-handler-four;
}
}
I followed a tutorial to set this up (maybe I’m misunderstanding how it’s fully set up) but is this not actually using apache to access /phpmyadmin or is it using some web socket? How can I make the above security attempts work?
Note: the /usr/share/phpmyadmin/ dir is symlinked to /var/www/site/
Creating a .htaccess in /usr/share/phpmyadmin and adding the following to whitelist IPs and block all other IPs has no effect:
Order Deny,Allow
Deny from All
Allow from 12.34.56.78
Of course it won't have any effect since this file processed only by apache.
I can’t run apache and Nginx simultaneously (presumably because they’re both fighting for port 80)
In an early days of nginx there was a technique to use nginx for static files and apache to process PHP scripts. Apache was running on some other port (for example, 8080) and listening only on local IP (127.0.0.1). Nginx configuration for that was looking like
upstream apache {
server 127.0.0.1:8080;
}
server {
...
location ~ \.php$ {
proxy_pass http://apache;
}
}
Nowadays it is rarely used since using PHP-FPM is more flexible and gives a less server overhead. However it can be used when you have a complex .htaccess configuration and don't want to rewrite it for nginx/PHP-FPM.
but what I don’t get is that when Nginx is running and apache is supposedly not running, how is the /phpmyadmin link still accessible?
...
Is this not actually using apache to access /phpmyadmin or is it using some web socket?
This configuration uses UNIX socket /var/run/php/php7.4-fpm.sock where PHP-FPM daemon is listening for requests (you can read an introduction to this article to get some additional details).
How can I make the above security attempts work?
One of many possible solutions is
Unlink /usr/share/phpmyadmin/ from /var/www/site/
Use the following location block (put it before the location ~ \.php$ { ... } one:
location ~ ^/phpmyadmin(?<subpath>/.*)? {
allow 12.34.56.78;
# add other IPs here
deny all;
alias /usr/share/phpmyadmin/;
index index.php;
try_files $subpath $subpath/ =404;
location ~ \.php$ {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$subpath;
fastcgi_pass wp-php-handler-four;
}
}
To add to the otherwise quite thorough answer:
Since Nginx doesn't use .htaccess files or the same syntax as Apache, you aren't being restricted as Apache would do. You may wish to find some other solution, or you could use what's built in to phpMyAdmin: there is a allow/deny functionality built in that you can learn about in the documentation: https://docs.phpmyadmin.net/en/latest/config.html#cfg_Servers_AllowDeny_order (and https://docs.phpmyadmin.net/en/latest/config.html#cfg_Servers_AllowDeny_rules); this will let you restrict access based on username and IP address.

nginx shows vhost instead of default root

I just installed ngninx on my dev machine.
It automatically migrated my vhosts from lighttpd (very comfy!), I only had to adjust the TLDs (it only took \.dev, I changed that to \.(dev|test|local).
and bound itself to port 81; after removing lighttpd, I changed the ports in /etc/nginx/sites-available to 80.
But when I call http://<ip-adress>/ in the browser, I get the index page of one of my vhosts instead of the default DOCUMENT_ROOT (/var/www/).
I touched /etc/nginx/sites-available/default, changed the port number and uncommented the PHP block.
current contents (comments stripped):
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www;
index.php index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}
Half of the vhosts had self-references in /etc/nginx/sites-enabled, I replaced them with symlinks to /etc/nginx/sites-available and added a symlink for default; all my vhosts can now be accessed, but calling the IP address still routes to the same vhost instead of /var/www.
That vhost file is neither alphabetically first nor considering the mtime, but it is when I list the directory unsorted (ls -f), it even comes before ...
How do I get nginx to deliver /var/www/ instead of /var/www/vhost/?
update: After a few clicks on my primary vhost, switching to https and back, it changed:
http://www.vhost1.test now routes to /var/www, but the other vhosts seem to work correctly.
update: I tried to solve the problem by uncommenting the server block in nginx.conv (pointing to /var/www) and linking sites-enabled/default to sites-available/vhost1. The latter resulted in both the ip-address and vhost1 getting routed to another vhost. The other vhosts are still working fine.
I got it:
sites-available/vhost1 only had listen 443 ssl;; listen 80; was missing
(because listen 80 default_server caused a "duplicate default server" error),
so calling the domain via port 80 fell back to the default server.

How to debug and find default document root for sub domains in nginx?

I am unable debug which default document root for one of sub domain(s) configured in nginx, I have tried all valid solution described here.
Web server running on nginx version: nginx/1.10.3
Problem is I need to figure out, where is root dir for this URL http://w.knexusgroup.com/ or http://w.knexusgroup.com/index.php it prints 1
On /usr/share/nginx/html/index.php I have written 2.
Below is some snippet for nginx conf:
include /etc/nginx/static/*.conf;
include /etc/nginx/saas_clients/*.conf;
index index.php index.html index.htm;
server {
listen 80;
server_name localhost;
root /mnt/codebase/httpdocs/saas;
location / {
root /usr/share/nginx/html;
index index.php index.html index.htm;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi_params;
}
.
.
.
nginx -V
nginx version: nginx/1.10.3
built by gcc 4.8.3 20140911 (Red Hat 4.8.3-9) (GCC)
built with OpenSSL 1.0.1k-fips 8 Jan 2015
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx
Seems you have overridden root.
Steps to debug this kind of problem:
Try to create 1 virtual host file with w.knexus.
Restart nginx. This time it will report duplicate entry.
Pay attention on the config which is not newly created.
Once you identified config, you can remove the newly created conf.
See the root on conf:
a. There might be multiple root based on location, so make sure you are seeing right root path.
b. You might have proxies, so it might need further debugging inside proxy app as well
cheers

fastcgi_mono_server 4 wildcard hostname

I have configured nginx with fastcgi_mono_server4.
In my nginx config I have 2 hostnames :
server {
listen 80;
server_name dev.example.org
location / {
root /var/www/dev.example.org/;
fastcgi_index Default.aspx;
fastcgi_pass 127.0.0.1:9001;
include /etc/nginx/fastcgi_params;
}
}
server {
listen 80;
server_name *.example.org
location / {
root /var/www/example.org/;
fastcgi_index Default.aspx;
fastcgi_pass 127.0.0.1:9000;
include /etc/nginx/fastcgi_params;
}
}
nginx is OK with this configuration. dev goes to one and all other to another one .
I've already tried this :
fastcgi-mono-server4 /applications=*.example.org:/:/var/www/example.org/ /socket=tcp:127.0.0.1:9000
but it throws an error (Uri parse exception)
Update :
I need to get the full host name in my application, for example if the request was abc.example.org, I need to get "abc".
Unfortunately, HttpContext.Current.Request.Url does not contains "abc" but "*" which causes the parse error
If nginx is going to take care of routing the appropriate sub-domains to each fastcgi port (9000 or 9001) then can you get away with a wildcard domain when you start the mono server process e.g. just use a * instead of '*.example.org'
fastcgi-mono-server4 /applications=*:/:/var/www/example.org/ /socket=tcp:127.0.0.1:9000
Update: The above works to get two Mono server apps listening via nginx, but, using the nginx config from the original question will lead to an exception if you call HttpContext.Request.Url on the catch-all server. This is due to it not liking the * in *.example.org.
There are two possible solutions, depending what you'd like to see returned from HttpContext.Request.Url when a client browses foo.example.org, bar.example.org etc.
Option 1: If you don't care about the sub-domain and want to see example.org
Configure the second (*.example.org) nginx server to be the 'default_server' and have it assign a server-name without the wildcard e.g.
server {
listen 80 default_server;
server_name example.org;
access_log ... }
With these settings, browsing to foo.example.org/Default.aspx loads the page and HttpContext.Request.Url returns example.org/Default.aspx
Option 2: If you want to see the actual sub-domain e.g. foo.example.org
Removing the server_name from the second server definition works.
server {
listen 80 default_server;
access_log ... }
With these settings, browsing to foo.example.org/Default.aspx loads the page and HttpContext.Request.Url returns foo.example.org/Default.aspx
#stephen's answer is more simple and does not need fastcgi config modification.
I tried previous answer (before update), but it did not work.
Nginx take care of routing, as #stephen said, and the routing part worked.
to start fastcgi I used this command to match all routes (and server names)
fastcgi-mono-server4 /applications=/:/var/www/example.org/ /socket=tcp:127.0.0.1:9000
The problem was that HttpContext.Request.Url contains the $server_name value in my case it was "*.example.org" and when I try to parse URI there was an error.
To handle this I changed nginx fastcgi_params and replaced thi line
fastcgi_param SERVER_NAME $server_name;
by
fastcgi_param SERVER_NAME $http_host;
and add in site-available conf
proxy_set_header Host $host;
I think it is set by default.
reload nginx
nginx -t && service nginx reload
reload fastcgi-mono-server to test
fastcgi-mono-server4 /applications=/://var/www/example.org/ /socket=tcp:127.0.0.1:9000 /printlog=True /loglevels=Debug
in the log SERVER_NAME contains the real (not *) subomain.

Resources