Nginx reverse proxy to Wordpress on an URI - wordpress

I have a Symfony 2.5.X app running on an nginx server. I will call it domain.com.
The /news URI within that server is configured as a reverse proxy to a remote machine, where I run Wordpress blog on nginx server again. I will call it blog.domain.com.
domain.com's configuration looks like that:
server {
listen 80;
server_name domain.com;
set $project_path /home/webserver/prod.domain.com;
root $project_path/web;
error_log /home/webserver/prod.domain.com/app/logs/nginx_error.log;
access_log /home/webserver/prod.domain.com/app/logs/nginx_access.log;
charset utf-8;
client_max_body_size 65m;
# Some extra speed
open_file_cache max=1000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
# Reverse-proxy all /news calls to remote machine
location ~ /news?(.*) {
access_log off;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_set_header Host blog.domain.com; # without it it doesn't work
#proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Custom-Secret 6ffe3dba7213c678324a101827aa3cf22c;
proxy_redirect off;
proxy_buffering off;
#proxy_intercept_errors on;
proxy_pass http://blog.domain.com:80;
break;
}
# Default URLs
location / {
try_files $uri /app.php$is_args$args;
}
# Error pages (static)
#error_page 403 /errorpages/403.html;
error_page 404 /errorpages/404.html;
#error_page 405 /errorpages/405.html;
error_page 500 501 502 503 504 /errorpages/5xx.html;
# Don't log garbage, add some browser caching
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off;
log_not_found off;
expires max;
add_header Pragma "public";
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
try_files $uri /app.php?$query_string;
}
location ~* ^.+\.(css|js)$ {
expires modified +1m;
add_header Pragma "private";
add_header Cache-Control "private";
etag on;
try_files $uri /app.php?$query_string;
}
location = /robots.txt {
allow all;
access_log off;
log_not_found off;
}
# Disallow .htaccess, .htpasswd and .git
location ~ /\.(ht|git) {
deny all;
}
# Parse PHP
location ~ ^/(app|app_dev|config)\.php(/|$) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS off;
fastcgi_pass php;
}
}
blog.domain.com's configuration looks like that:
server {
listen 80;
server_name blog.domain.com;
root /home/webserver-blog/news;
access_log /home/webserver-blog/logs/http_access.log;
error_log /home/webserver-blog/logs/http_error.log;
charset utf-8;
client_max_body_size 65m;
# Some extra speed
open_file_cache max=1000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
# Default URLs
location / {
# This never gets parsed as / is reserved for our main server
}
location ~* ^/news/(wp-content|wp-admin) { # without this directive I didn't have any static files
root /home/webserver-topblog/;
}
location ~* ^/news {
try_files $uri $uri/ /index.php?args;
}
# Don't log garbage
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off;
log_not_found off;
expires max;
}
location = /robots.txt {
allow all;
access_log off;
log_not_found off;
}
# Disallow .htaccess or .htpasswd
location ~ /\.ht {
deny all;
}
# Disallow logs
location ~ ^/logs/.*\.(log|txt)$ {
deny all;
}
# Parse PHP
location ~ \.php$ {
#if (!-e $request_filename) { rewrite / /index.php last; }
try_files $uri =404;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass php;
}
}
As you can figure out, my Wordpress resides in /home/webserver-blog/news/. I have a slightly modified index.php file in Wordpress that checks for X-Custom-Secret header, and if it's not present (or invalid), it forces a 301 redirection to domain.com/news/
Now I have tried several different approaches to get it running properly.
First (and most obvious) was pointing the root of blog.domain.com's to /home/webserver-blog/ and allowing nginx to naturally pass the request URI to the subdirectory, /news. This worked quite well, yet it didn't allow me to utilize Wordpress' permalinks and just worked with query strings. Other strange behaviour it produced was actually exposing blog.domain.com in HTTP redirect if you called /news without trailing slash. Those redirects were quickly handled by my custom index.php, but still I want to avoid exposing blog.domain.com completely.
Second (and pretty-much current) approach was again pointing the root of blog.domain.com's directly to Wordpress' directory, /home/webserver-blog/news/ and cheating all the requests for static files with location ~* ^/news/(wp-content|wp-admin) directive pointing it's root directory one levelel up. This worked for both permalinks and static files, but again - /news/wp-login.php gives me infinite redirects to itself, and /news/wp-admin/ actually downloads the index.php file instead of parsing it (sends it as application/octet-stream)
I am completely out of ideas... Any help would be much appreciated.

I think I managed to come with a so-so solution. Far from being perfect or clean, but... well, it works.
blog.domain.com's config:
server {
listen 80;
server_name blog.domain.com;
root /home/webserver-blog;
access_log /home/webserver-blog/logs/http_access.log;
error_log /home/webserver-blog/logs/http_error.log;
charset utf-8;
client_max_body_size 65m;
# Some extra speed
open_file_cache max=1000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
# Default URLs
location ~* ^/news$ {
rewrite ^ $scheme://domain.com/news/ permanent; # ** HARDCODED production url
break;
}
location / {
try_files $uri $uri/ #redir;
}
location #redir {
rewrite ^/news/(.*)$ /news/index.php?$1 last;
}
# Don't log garbage
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off;
log_not_found off;
expires max;
}
location = /robots.txt {
allow all;
access_log off;
log_not_found off;
}
# Disallow .htaccess or .htpasswd
location ~ /\.ht {
deny all;
}
# Disallow logs
location ~ ^/logs/.*\.(log|txt)$ {
deny all;
}
# Parse PHP
location ~ \.php$ {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS off;
fastcgi_pass php;
}
}
So the trick is I'm still operating on filesystem directories and not fancy all-the-way-around rewrites and redirects. news/ still remains a physical directory in the filesystem that gets read with the location / directive from nginx. Previous issues with exposing the blog.domain.com domain on trying to access without slashes seem to be native nginx's behaviour - it sees a directory, it adds a slash at the end; and since it's server_name is set to blog.domain.com, here we go. Hardcoding production URL and putting that rule on top pretty much fixed the problem.
#redir location again enabled the Wordpress' permalinks nicely.
One more thing I have added to entire setup to prevent people form going directly on http://blog.domain.com/ is another index.php file stored directly in /home/webserver-blog/:
<?php
/*
* domain.com redirector
*/
$production = 'http://domain.com/news/';
// Redirect nicely
if(isset($_SERVER['REQUEST_URI']) and $_SERVER['REQUEST_URI'] !== '/') {
$target = sprintf('%s%s', $production, preg_replace('/^\//', null, $_SERVER['REQUEST_URI']));
header('Location: ' . $target);
}
else header('Location: ' . $production);
...and, as mentioned before, few lines on top of Wordpress' original index.php:
<?php
/*
* wordpress loader
*/
$production = 'http://domain.com/news/';
// Allow only reverse-proxied requests
if(!isset($_SERVER['HTTP_X_CUSTOM_SECRET']) or $_SERVER['HTTP_X_CUSTOM_SECRET'] !== md5('your-md5encoded-text-in-proxy_set_header-X-Custom-Secret')) {
die(header('Location: ' . $production));
}
require_once dirname(__FILE__) . '/index-wp-org.php';
Ugly... but works.
I'd still be happy to hear nicer solutons. :)

Related

Yii2 after server change can't authenticate via query param auth

I upgraded my Yii2 application version to the latest - 2.0.46 and changed server from apache to Nginx and now I can't make API GET request from my application using query param auth Given error below
<response>
<name>Unauthorized</name>
<message>Your request was made with invalid credentials.</message>
<code>0</code>
<status>401</status>
<type>yii\web\UnauthorizedHttpException</type>
</response>
My API controller looks like this
public function behaviors(): array
{
$behaviors = parent::behaviors();
$behaviors['authenticator'] = [
'class' => CompositeAuth::class,
'authMethods' => [
QueryParamAuth::class,
]
];
$behaviors['language'] = [
'class' => LanguageSelector::class
];
return $behaviors;
}
I read that similar problem people had with apache servers and editing .htaccess helped, but what about Nginx? Or maybe problem is with new Yii2 version!?
API call example that I am making - examplesite/api/controller/method/?access-token=myaccesstoken&id=myID&lang=lv-LV
As my application is using only get requests, old version and new version uses same DB and on old version API call like example given (with good data) works fine. Can enyone help me?
UPDATE: Nginx config
server {
listen 443 ssl;
# server_name exsampleserver;
server_name exampleserverIP
# add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
ssl_certificate /etc/nginx/ssl/certdomainexample.crt;
ssl_certificate_key /etc/nginx/ssl/certdomainexample.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
access_log /var/log/nginx/app.log upstream_time;
error_log /var/log/nginx/app-ssl.error.log notice;
root /srv/www/web/frontend/web;
index index.php;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location /api/ {
try_files $uri $uri/ /api/index.php?query_string;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/run/php/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
fastcgi_read_timeout 1200;
fastcgi_send_timeout 1200;
fastcgi_connect_timeout 1200;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_pass_header Authorization;
}
location ~ /\.ht {
deny all;
}
location ~ /\.git {
deny all;
}
}
With a help from tech group we founded that working with symlinks in Nginx config $query_params wont work.
So instead of
location /api/ {
try_files $uri $uri/ /api/index.php?query_string;
}
need to add
location /api/ {
try_files $uri $uri/ /api/index.php$is_args$args;
}
into Nginx config
Directory structure:
examplesite:
- api
+ models
+ controllers
+ web
- backend
+ models
+ controllers
+ web
+ common
+ console
- frontend
+ models
+ controllers
+ web
+ vendor
+ composer.json
Nginx config for Yii2 advanced app
This config will allow you to use fallowing domain rules:
examplesite.test/api - api folder app
examplesite.test/admin - backend folder app
examplesite.test/ - frontend folder app
Disclaimer
Use this config only in test environments and if you know how nginx works. For production sites better ask for a specialist help.
server {
#listen *:443 ssl http2;
listen *:80;
server_name examplesite.test;
#include /etc/nginx/ssl-snippets/ssl-snippet.conf;
# LOGS - config
access_log /var/log/nginx/examplesite.access.log;
error_log /var/log/nginx/examplesite.error.log;
# NGINX - config (sizes, charset, caching, ...)
client_max_body_size 32m;
client_body_buffer_size 32m;
charset utf-8;
gzip on;
gzip_types
text/plain
text/css
text/xml
application/xml
application/xml+rss
text/javascript
application/json
application/x-javascript
application/javascript;
# BASE ROOT DIRECTORY for Yii advanced app setup. Default must be the path to your app composer.json. Let suppose it in /var/www/examplesite
set $base_root /var/www/examplesite;
# BASE PHP-FPM SOKET - this is passed to nginx fastcgi_pass, uncoment or add needed version
set $php_server unix:/run/php/php7.4-fpm.sock;
#set $php_server unix:/run/php/php8.0-fpm.sock;
#set $php_server unix:/run/php/php8.1-fpm.sock;
root $base_root;
index index.php index.html;
# FRONTEND APP - location config
location / {
root $base_root/frontend/web;
try_files $uri $uri/ /frontend/web/index.php$is_args$args;
# omit static files logging, and if they don't exist, avoid processing by Yii (uncomment if necessary)
location ~ ^/.+\.(css|less|js|map|ico|png|jpe?g|gif|webp|svg|eot|ttf|woff|woff2|mp4|mov|swf|txt|pdf)$ {
expires 365d;
log_not_found off;
access_log off;
try_files $uri =404;
}
location ~ ^/assets/.+\.php(/|$) {
deny all;
}
}
# API APP - location config
location /api {
root $base_root/api/web/;
# redirect to the URL without a trailing slash (uncomment if necessary)
#location = /api/ {
# return 301 /api;
#}
location = /api {
try_files $uri /api/web/index.php$is_args$args;
}
# omit static files logging, and if they don't exist, avoid processing by Yii (uncomment if necessary)
location ~ ^/api/.+\.(css|less|js|map|ico|png|jpe?g|gif|webp|svg|eot|ttf|woff|woff2|mp4|mov|swf|txt|pdf)$ {
rewrite ^/api(/.+)$ $1 break;
log_not_found off;
access_log off;
try_files $uri =404;
}
location ~ ^/api/assets/.+\.php(/|$) {
deny all;
}
try_files $uri $uri/ /api/web/index.php$is_args$args;
}
# BACKEND APP - location config
location /admin {
root $base_root/backend/web/;
# redirect to the URL without a trailing slash (uncomment if necessary)
#location = /admin/ {
# return 301 /admin;
#}
# prevent the directory redirect to the URL with a trailing slash
location = /admin {
try_files $uri /backend/web/index.php$is_args$args;
}
# omit static files logging, and if they don't exist, avoid processing by Yii (uncomment if necessary)
location ~ ^/admin/.+\.(css|less|js|map|ico|png|jpe?g|gif|webp|svg|eot|ttf|woff|woff2|mp4|mov|swf|txt|pdf)$ {
rewrite ^/admin(/.+)$ $1 break;
log_not_found off;
access_log off;
try_files $uri =404;
}
location ~ ^/admin/assets/.+\.php(/|$) {
deny all;
}
# if your location is "/backend", try use "/backend/backend/web/index.php$is_args$args"
# bug ticket: https://trac.nginx.org/nginx/ticket/97
try_files $uri $uri/ /backend/web/index.php$is_args$args;
}
# PHP FILES HANDLE
location ~ ^/.+\.php(/|$) {
rewrite (?!^/((frontend|api|backend)/web|api|admin))^ /frontend/web$uri break;
rewrite (?!^/api/web)^/api(/.+)$ /api/web$1 break;
rewrite (?!^/backend/web)^/admin(/.+)$ /backend/web$1 break;
fastcgi_pass $php_server;
fastcgi_split_path_info ^(.+\.php)(.*)$;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files $fastcgi_script_name =404;
}
# OTHER LOCATIONS AND RESTRICTIONS
location = /robots.txt { access_log off; log_not_found off; }
location = /favicon.ico { access_log off; log_not_found off; }
location ~* /\. { access_log off; log_not_found off; deny all; }
}

Nginx 404 pages request method is always GET

When I post to a 404 page, nginx is stripping the post data and changing the request method to "GET". How do I prevent this? I have nginx configured to serve a php file as the error 404 page that is in the root of the domain directory. I would like to keep a log of whatever is posted to it.
nginx.conf
server {
listen 80;
error_page 404 = /404.php;
set $oldhost $host;
root /var/www/www/$oldhost;
location ~* \.(?:ico|css|js|gif|jpg|png|html|htm)$ {
expires 3d;
add_header Pragma public;
add_header Cache-Control "public";
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
index index.php index.htm index.html;
try_files $uri $uri/ /index.php?$args;
}
location ~ .php$ {
location ~ \..*/.*\.php$ {return 404;}
expires 1d;
add_header Pragma public;
client_max_body_size 80m;
add_header Cache-Control "public";
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_intercept_errors on;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
This happens because when nginx cannot find a page, it will redirect (GET) the user to that 404.php page you defined.
What you need to do is to add it to the try_files directive, so nginx will try to post to it when it cannot find the others, or make it that you can handle 404 error directly on your index.php (like wordpress does).
EDIT:
location / {
index index.php index.htm index.html;
try_files $uri $uri/ /index.php?$args 404.php 404.php?$args;
}

Dynamic root with subdomain not working with Nginx

I tried everything I could, I can not make it work.
I'd like to redirect my subdomains to a specific folder in my Debian server using NGinx, here's the configurations I tried :
server {
listen 8080;
server_name ~^(?<user>.+)\.example\.net$;
root /srv/www/example.net/$user;
}
=> error is :
Starting nginx: [emerg]: unknown "user" variable configuration file
/etc/nginx/nginx.conf test failed
(note: I also tried without the ^ as indicated here : Nginx server_name regexp not working as variable)
If I try this instead :
server {
listen 8080;
server_name *.example.net$;
root /srv/www/example.net/$1;
}
Error is on the request :
2013/08/20 15:38:42 [error] 5456#0: *6 directory index of
"/srv/www/example.net//" is forbidden, client: xxx.xxx.xxx.xxx, server:
*.example.net, request: "GET / HTTP/1.1", host: "test.example.net:8080"
Aka, $1 is empty !
The documentation is wrong then :
http://nginx.org/en/docs/http/server_names.html
Update:
This is working (taken from https://serverfault.com/questions/457196/dynamic-nginx-domain-root-path-based-on-hostname):
server {
server_name ~^(.+)\.example\.com$;
root /var/www/example.com/$1/;
}
BUT I'd like to display PHP Pages, and if I add the following in my server {}, the $1 is then empty (wtf?) :
index index.php index.html;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make sure files with the following extensions do not get loaded by nginx because nginx would display the source code, and these files can contain PASSWORDS!
location ~* \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_ {
deny all;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ {
expires max;
log_not_found off;
}
location ~ \.php$ {
server_tokens off;
try_files $uri $uri/ /index.php?$args;
fastcgi_pass unix:/tmp/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
fastcgi_intercept_errors off;
fastcgi_send_timeout 30s;
fastcgi_read_timeout 30s;
}
I finally found the solution, and it's not so pretty.
In fact it was a mix of an old NGinx version (0.7.67, in Debian Squeeze) and some odd reaction (maybe from this version) of the NGinx configuration.
The following code works fine, but successful only in a NGinx version of 1.2.1 (it fails in 0.7.67, and not tested in other versions) :
map $host $username {
~^(?P<user>.+)\.example\.com$ $user;
}
server {
listen 80;
server_name *.example.com;
root /var/www/example.com/$username;
index index.php index.html;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make sure files with the following extensions do not get loaded by nginx because nginx would display the source code, and these files can contain PASSWORDS!
location ~* \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_ {
deny all;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ {
expires max;
log_not_found off;
}
location ~ \.php$ {
server_tokens off;
try_files $uri $uri/ /index.php?$args;
fastcgi_pass unix:/tmp/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
fastcgi_intercept_errors off;
fastcgi_send_timeout 30s;
fastcgi_read_timeout 30s;
}
}
This alternative also works (for newer PCRE versions) :
map $host $username {
~^(?<user>.+)\.example\.com$ $user;
}
I had to combine all found solutions to create my own working .conf This is my answer from similar question https://stackoverflow.com/a/40113553/1713660
server {
listen 80;
server_name ~^(?P<sub>.+)\.example\.com$;
root /var/www/$sub;
location / {
index index.php index.html;
}
}
The correct form is:
server {
listen 8080;
server_name ~^(?P<user>.+)\.example\.net$;
location / {
root /srv/www/example.net/$user;
}
}

Magento Wordpress Nginx Configuration

I have a Magento shop at http://example.com and I want to keep a Wordpress blog at http://example.com/blog.
I have installed the blog and everything seems to be fine but when am logging to Wp-Admin am getting 404 for css and js files due to which dashboard is looking very ugly.
Am I doing any mistake? am attaching my nginx config file
##################################################################################
#
# example.com
#
##################################################################################
server {
listen 80;
server_name example.com ;
#charset koi8-r;
#access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location / {
root /usr/share/nginx/html/mebozo-magento.mebozo.com;
try_files $uri $uri/ #handler; ## If missing pass the URI to Magento's front handler
index index.php index.html index.htm;
}
location /blog {
root /usr/share/nginx/html/mebozo-magento.mebozo.com/blog;
try_files $uri $uri/ /blog/index.php;
index index.php index.html index.htm;
rewrite ^.*/files/(.*) /wp-includes/ms-files.php?file=$2;
rewrite ^.*/wp-admin(.*) $1wp-admin/;
}
location ~* ^.+\.(html|jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$
{
root /usr/share/nginx/html/mebozo-magento.mebozo.com/blog;
rewrite ^/.*(/.*\.(html|jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js))$ $1 last;
rewrite ^.*/files/(/.*(html|jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js))$/wp-includes/ms-files.php?file=$1 last;
expires 30d;
break;
}
## These locations would be hidden by .htaccess normally
#location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
#expires 1y;
#log_not_found off;
#}
location ~ .php/ {
## Forward paths like /js/index.php/x.js to relevant handler
rewrite ^(.*.php)/ $1 last;
}
################For Foomen Speedster###############
#rewrite ^/minify/([0-9]+)(/.*.(js|css))$ /lib/minify/m.php?f=$2&d=$1 last;
# rewrite ^/skin/m/([0-9]+)(/.*.(js|css))$ /lib/minify/m.php?f=$2&d=$1 last;
# location /lib/minify/ {
# allow all;
# }
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
}
#############gzip###########
gzip on; # use gzip compression
gzip_min_length 1100;
gzip_buffers 4 8k;
gzip_proxied any; # enable proxy for the fcgi requests
gzip_types text/plain text/css application/x-javascript text/javascript application/json;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
location #handler { ## Magento uses a common front handler
rewrite / /index.php;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
# if (!-e $request_filename) { rewrite / /index.php last; } ## Catch 404s that try_files miss
root /usr/share/nginx/html/mebozo-magento.mebozo.com;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html/mebozo-magento.mebozo.com$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
I will attempt to solve this puzzle by suggesting that we clean up your nginx config file. Your */files/ rewrites look to be problematic to me.
Without knowing what your nginx.conf file looks like OR what your http {block} looks like, I will assume that it is pretty clean and that you are handling your global settings like gzip types, ssl protocols and ciphers, and additional headers, etc. there. I know that you included your gzip on in your file but sometimes duplicate that in server not realizing it is already set a layer above... if not add your gzip back in as necessary. All that said, after reading your conf file completely and I would suggest rewriting it to something like this:
(Note: the new URI level location and the #rewrites, and the removal of redundant root path definitions.)
server {
listen 80;
listen [::]:80;
## SSL CONFIGURATION (can be done here in same file)
#listen 443 ssl http2;
#listen [::]:443 ssl http2;
#ssl_certificate /etc/nginx/ssl/cert_chain.crt;
#ssl_certificate_key /etc/nginx/ssl/star_example.com.priv.key;
# domain name
server_name example.com www.example.com;
# doc root
root /usr/share/nginx/html/mebozo-magento.mebozo.com;
## Logs per vhost
access_log /var/log/nginx/example.com.access.log;
error_log /var/log/nginx/example.com.error.log warn;
## This can also be set in your http block and if it is, it's not needed here.
index index.php index.html index.htm;
# Adjust upload max file size settings
# This value should match your PHP.ini config settings for upload_max_filesize
client_max_body_size 50M; # allows file uploads up to 50 megabytes
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
## Main Magento location
location / {
try_files $uri $uri/ #rewrite;
}
# Your blog location
location /blog/ {
try_files $uri $uri/ #rewrite_blog;
}
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx;
}
## These locations are protected
location ~ /(app|downloader|includes|pkginfo|var|errors/local.xml)/ {
deny all;
}
## Images
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
access_log off;
add_header ETag "";
}
location =/js/index.php/x.js {
rewrite ^(.*\.php)/ $1 last;
}
# rewrites
location #rewrite {
rewrite / /index.php?$args;
}
location #rewrite_blog {
rewrite /blog/ /blog/index.php?$args;
}
## Execute PHP scripts
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
## Store code with multi store/domain magento instance
#fastcgi_param MAGE_RUN_CODE $mage_code;
#fastcgi_param MAGE_RUN_TYPE $mage_type;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# Banned locations (only reached if the earlier PHP entry point regexes don't match)
location ~* (\.php$|\.sh$|\.txt$|\.htaccess$|\.git|\.sample$|mage$) {
deny all;
}
}

NGINX rewriting rule for getting clean URL

What would be the nginx rewrite rule to redirect my wordpress permalink structure from /%category%/%postname%/ to /%postname%/?
In summary, you need to let NGINX know that if that file doesn't exist, to not throw a 404 error, but rather call index.php. Wordpress is smart enough to parse the URL as parameters, and serve the correct page.
Add this snippet in your server configuration block:
location / {
try_files $uri $uri/ /index.php?$args;
}
Here is a complete example from nginx.org:
# Upstream to abstract backend connection(s) for php
upstream php {
server unix:/tmp/php-cgi.socket;
server 127.0.0.1:9000;
}
server {
## Your website name goes here.
server_name domain.tld;
## Your only path reference.
root /var/www/wordpress;
## This should be in your http block and if it is, it's not needed here.
index index.php;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi.conf;
fastcgi_intercept_errors on;
fastcgi_pass php;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}

Resources