I'm having an hard time trying to add some security to a site,
Basically I wish that what's under a directory must:
1) be redirected to https if http
2) be under HttpAuthBasicModule
for some reasons I can get the auth to work, but it's not redirecting to https for certain urls, such as /index.php, but it does for some other files:
/revive/www/admin/assets/images/login-welcome.gif works
/revive/www/admin/index.php remains under port 80
this is the relevant part of my nginx config file
location ^~ /revive/www/admin {
if ($server_port = 80) {
rewrite ^ https://$host$request_uri permanent;
}
auth_basic "Restricted";
auth_basic_user_file htpasswd_revive;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9001;
fastcgi_param PHP_VALUE "newrelic.appname=revive.host.com";
fastcgi_index index.php;
include fastcgi_params;
}
}
How could I make sure that everything under /revive/www/admin is redirected to port 443 if it's called on port 80? any help would be greatly appreciated!
put your server rules only with "listen 443" and add the following rule bellow:
server {
listen 80;
server_name mysite.com;
rewrite ^ https://$server_name$request_uri? permanent;
}
turns out it seems to be working if I do this:
location ^~ /revive/www/admin {
if ($server_port = 80) {
rewrite ^ https://$host$request_uri permanent;
}
auth_basic "Restricted";
auth_basic_user_file htpasswd_revive;
location ~ \.php$ {
if ($server_port = 80) {
rewrite ^ https://$host$request_uri permanent;
}
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9001;
fastcgi_param PHP_VALUE "newrelic.appname=revive.host.com";
fastcgi_index index.php;
include fastcgi_params;
}
}
Related
My access to the site is only possible with this domain name:
https://example.com [Working]
That's I can access it but if I add www; I get the 403 screen.
This is my Nginx conf. file:
server {
listen 80;
server_name domain.com;
rewrite_log on;
client_max_body_size 1000M;
root /usr/share/nginx/html;
index index.php index.html index.htm;
location / {
if (!-e $request_filename){
rewrite ^/(.+)/(.+)$ /index.php?id=$1&cmd=$2 last;
rewrite ^/(.+)$ /index.php?id=$1 last;
}
}
location ~* \.php$ {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(.*)$;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
I found the answer myself. Actually, the answer is very simple.
server_name domain.com; to server_name domain.com www.domain.com;
So I'm going to fix the problem.
I'm trying to get a clear understanding of what's going on with my nginx configuration file for Symfony2, here it is:
server {
listen 80;
autoindex on;
server_name example.com;
root /var/www/example.com/web;
rewrite ^/app\.php/?(.*)$ /$1 permanent;
location / {
index app.php;
try_files $uri $uri/ #symfony;
}
location #symfony {
rewrite ^(.*)$ /app.php/$1 last;
}
location ~ ^/app\.php(/|$) {
include fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
}
In short, I'm trying to strip app.php in every possible URI that a user can set e.g. example.com/app.php/demo or just example.com/app.php.
This config actually works for URIs like ones above, but it leads to a redirect loop in case of trying to access "root" URI example.com.
And if I remove $uri/ from try_files and leave only $uri and a fallback #symfony there, everything is working fine except I can't access any directories as they're going to be processed by SF.
I'm out of ideas, did a lot of research on how nginx and rewrites actually work, but as for now it's a dead end for me. If you can find a solution to stay with $uri/ in try_files and get out of a loop at front, please let me know.
This solution from Nginx Tips worked for me. It's almost, but not quite, the same as yours.
server {
server_name domain.tld www.domain.tld;
root /var/www/project/web;
location / {
# try to serve file directly, fallback to rewrite
try_files $uri #rewriteapp;
}
location #rewriteapp {
# rewrite all to app.php
rewrite ^(.*)$ /app.php/$1 last;
}
location ~ ^/(app|app_dev|config).php(/|$) {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_split_path_info ^(.+.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS off;
}
error_log /var/log/nginx/project_error.log;
}
I have a project written using Symfony2 framework and running on Nginx server.
The goal is to protect it with auth_basic.
What I did in nginx config file:
location ~ \.php(/|$) {
auth_basic 'RESTRICTED ACCESS';
auth_basic_user_file /var/www/my.passwd;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS off;
}
But there, when I try to access the page and i fill in the username and password, It asks me the same again and again.
I have some redirects on the page:
server {
listen 80;
server_name example.com;
rewrite ^ http://www.example.com$uri permanent;
}
server {
listen 80;
listen 443 default_server ssl;
ssl_certificate ssl2013/myssl.crt;
ssl_certificate_key ssl2013/myssl.key;
keepalive_timeout 70;
set $asset_dir /var/www/example.com/web/bundles/mdpimain;
server_name www.example.com;
root /var/www/example.com/web;
# strip app.php/ prefix if it is present
rewrite ^/app\.php/?(.*)$ /$1 permanent;
# rewrite home
rewrite ^/home/? / permanent;
# remove trailing slash
rewrite ^/(.*)/$ /$1 permanent;
# remove index.php
rewrite ^[/](.*)/index\.php$ /$1 permanent;
# sitemap redirection
rewrite ^/sitemap_(.*)$ /sitemap/$1 last;
location / {
index app.php;
if (-f $request_filename) {
break;
}
rewrite ^(.*)$ /app.php/$1 last;
}
EDIT1.
Another detail: the password and user I am using are ok because no logs in the nginx error.log, so there is a redirect problem.
Try checking the $remote_user, if empty, return 403.
EDIT This works for me.
server {
listen 80;
server_name www.example.com;
auth_basic 'RESTRICTED ACCESS';
auth_basic_user_file /var/web/my.passwd;
set $ok "no";
if ($remote_user ~ ^$) { break; }
if ($remote_user != '') { set $ok "yes"; }
if ($ok != "yes") {
return 403;
}
# Path for static files
root /var/web/public_html;
location / {
# try to serve file directly, fallback to app.php
try_files $uri /app_dev.php$is_args$args;
}
location ~ ^/(app|app_dev|config)\.php(/|$) {
fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS off;
}
}
I am trying to configure a subdomain in NGINX. Where am I going wrong?
Following is the configuration file:
server {
listen 80;
server_name www.teamomattic.com;
rewrite ^/(.*) http://teamomattic.com permanent;
}
server {
listen 80 default;
server_name teamomattic.com *.teamomattic.com;
root /home/jclark/web/teamomattic.com;
access_log /var/log/nginx/$host-access.log;
error_log /var/log/nginx/dev-error.log error;
index index.php index.html index.htm;
try_files $uri $uri/ #rewrite;
location #rewrite {
rewrite ^/(.*)$ /index.php/$1;
}
location ~ \.php {
# try_files $uri =404;
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~ /\.ht {
deny all;
}
}
server {
listen 80;
server_name test.teamomattic.com;
root /home/jclark/web/teamomattic.com/images;
access_log /var/log/nginx/$host-access.log;
error_log /var/log/nginx/dev-error.log error;
index index.php index.html index.htm;
}
Just guessing. I would do it this way.
server
{
listen 80;
server_name subdomain.teamomattic.com;
location / { return 303 http://teamomattic.com$request_uri; }
}
303 is the new temporary redirect. I never use permanent redirects, b/c you stay flexible and don't need to ask your custormers to clear cache.
You may not need this location block wrapper and can directly use return in server. But it is best practice to use always location, b/c you can add more locations easily.
Please use https if possible.
request_uri passes path and query string through - so you don't loose that info.
I can't get MediaWiki to work on Nginx.
I have it in my /var/www/domain.com/htdocs/wiki dir and in my wiki.domain.com subdomain.
I tried with many vhost examples found over the internet, for instance:
server {
server_name wiki.domain.com;
root /var/www/domain.com/htdocs/wiki;
index index.html index.php;
autoindex off;
location / {
index index.php5;
error_page 404 = #wiki;
}
location #wiki {
rewrite ^/([^?]*)(?:\?(.*))? /index.php5?title=$1&$2 last;
}
location ~ \.php5?$ {
include /etc/nginx/fastcgi.conf;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php5;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
Or, another:
server {
server_name wiki.domain.com;
root /var/www/domain.com/htdocs/wiki;
client_max_body_size 5m;
client_body_timeout 60;
# Remote index.php from URI
rewrite ^/index.php/(.*) /$1 permanent;
location / {
if (!-e $request_filename) {
rewrite ^/([^?]*)(?:\?(.*))? /index.php?title=$1&$2 last;
}
if ($uri ~* "\.(ico|css|js|gif|jpe?g|png)(\?[0-9]+)?$") {
expires max;
break;
}
}
location ~* \.php$ {
if (!-e $request_filename) {
return 404;
}
include /etc/nginx/fastcgi.conf;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
I get 403 Forbidden for wiki.domain.com and 500 Internet Server Error for wiki.domain.com/index.php
In my LocalSettings.php I also set this:
$wgUsePathInfo = true;
Can you help me..? How should I configure vhost/localsettings to make MW work on Nginx?
Okay, found the issue: it was with LyricExtension! I disabled it and everything started working properly :)