i had installe nginx on my local machine,
my problem is i would like to do a cache for my website .
help to configure nginx
this my configuration
server
{
server_name .mywebsite.com;
access_log /var/log/nginx/example.com.access.log;
error_log /var/log/nginx/example.com.error.log;
root /var/www/example.com/html;
index index.php index.html index.htm;
# use fastcgi for all php files
location ~ \.php$
{
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to apache .htaccess files
location ~ /\.ht
{
deny all;
}
}
but i dosen't had any static content on my local machine
help please best regards
Related
I have a website running in production and I need to disable the route phpmyadmin and allow a list of IPs only.
Issue: The following is denying all the IPs including the ones which are allowed.
file: /etc/nginx/sites-available/default
location /phpmyadmin {
allow X.X.X.X;
allow Y.Y.Y.Y;
allow Z.Z.Z.Z;
deny all;
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
I need to fix this to allow 3-4 IPs only on this route. Please help. I am not sure what I am doing wrong here.
I am new to symfony. I am trying to setup symfony2 on ubuntu server with nginx. but it shows 500 internal server error. I have this server running some laravel projects as well and its find
Anyone can help what the problem is?
my nginx configuration is :
server {
listen 80;
root /home/ubuntu/test-symfony/web;
index app.php;
# Make site accessible from http://localhost/
server_name symfony.jonesjapriady.com http://symfony.jonesjapriady.com;
error_log /var/log/nginx/symfony2.error.log;
access_log /var/log/nginx/symfony2.access.log;
location / {
try_files $uri /app.php?$query_string;
}
location ~ ^/(app_dev|app_test.php|app)\.php(/|$) {
include fastcgi_params;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS off;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
}
}
I'm trying to lock down access to WP-admin using IP restrictions on Nginx. The following seems to block wp-admin, but doesn't block wp-login.php
This is a start as it will stop anyone being able to login from any other IP, as after signing in you are redirected to wp-admin which is restricted. However, they can still get to the sign in form and in theory could still be affected by brute force attacks.
server {
listen 80;
server_name website.com www.website.com dev.website.com;
location / {
root /var/www/html/website.com/;
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
root /var/www/html/website.com/;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ ^/(wp-admin|wp-login/.php) {
root /var/www/html/website.com/;
index index.php index.html index.htm;
allow 123.123.123.123/32;
deny all;
}
}
If you fix your context it might fix this issue. Instead of forward slash do a backslash prior to your .php
location ~ ^/(wp-admin|wp-login\.php) {
allow 123.123.123.123/32;
deny all;
}
Not a perfect solution, but I'm now using this:
server {
listen 80;
server_name website.com www.website.com dev.website.com;
root /var/www/html/website.com/;
error_page 403 404 500 502 503 504 = /server_error.php;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php?$args;
}
location = /wp-login.php {
allow 123.123.123.123/32;
deny all;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
which will keep everyone out, but doesn't mask the fact that wp-admin exists. If someone were to navigate to wp-admin, they're redirected to wp-login.php which is restricted.
Tidied up a bit too.
I know this is a little old, but your answer helped me and I have improved upon it. So for anyone else seeing this issue which I imagine is actually quite common. For me Nginx was only blocking CSS files.
I believe the issue is caused by Nginx first seeing its a php file and therefore dealing with it inside location ~ \.php$ {} before it gets to location ~ ^/(wp-admin|wp-login\.php) {}
So I did this, firstly above location ~ \.php$ {} add:
location = /wp-login.php{
allow 12.345.6.7; #example IP address
deny all;
fastcgi_index index.php;
include fastcgi_params;
}
This will block access to wp-login.php which is great, but like you said it doesnt block wp-admin so just follow up by adding the other block below location ~ \.php$ {}
location ~ ^/(wp-admin|wp-login\.php) {
allow 12.345.6.7 #example IP address
deny all;
}
Now, if your not coming from IP 12.345.6.7 then you can't get access to either wp-admin or wp-login.php
now (2018) Wordpress redirects wp-admin automaticaly to wp-login.
So it's sufficient to only disallow /wp-login.php wit:
location = /wp-login.php {
allow 16.16.12.11
deny all;
}
Just put it after the default "location `.php$" block
I am running a VPS server with Centos and Plesk.
The server is working right, on a Nginx + php-fpm setup.
So, websites are served correctly, but when user tries to access to its webemail ( roundcube tool installed ), doesn't work.
My current nginx conf for webmail is :
server {
listen [my server ip...]:80;
server_name webmail.* roundcube.webmail.* horde.webmail.* atmail.webmail.*;
client_max_body_size 20m;
client_body_buffer_size 128k;
proxy_read_timeout 90;
location / {
root /usr/share/psa-roundcube;
index index.php index.html index.htm;
location ~ \.php$
{
fastcgi_pass unix:/tmp/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $request_filename;
include /etc/nginx/fastcgi_params;
fastcgi_keep_conn on;
fastcgi_split_path_info ^(.+\.php)(.*)$;
}
}
}
What can be wrong?
This snippet works for me on CentOS 6.5. The SCRIPT_FILENAME is different and the is fastcgi_index is present. Think that's it.
location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/tmp/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
}
I have copied it from here and it works. The other directives in this particular example are very worth to get noticed/copied to harden the plesk setup just a little.
I was running apache2 on my laptop as a web server.Then i decided moving to nginx.
-Installed nginx - php (fastcgi - fpm) without removing apache
-configured the /etc/nginx/site-enabled/default with the next rules
root /var/www;
index index.html index.htm index.php;
location /doc/ {
alias /usr/share/doc/;
autoindex on;
allow 127.0.0.1;
deny all;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
# With php5-cgi alone:
fastcgi_pass 127.0.0.1:9000;
# With php5-fpm:
#fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
Typenig localhost from the browser it responds with 403 forbidden
Typing 127.0.0.1:9000 This webpage is not available
12.0.0.1 forbidden
I see its a permissions issue but i run chmod 777 var/www
and apache2 when running display websites
So what's wrong with my configuration or what am i missing?
If the above is the only content of your default file, than I’m wondering why nginx is even starting. You have to create a server block:
server {
listen 80;
server_name _;
root /var/www;
index index.html index.htm index.php;
location /doc/ {
alias /usr/share/doc;
autoindex on;
allow 127.0.0.1;
deny all;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000;
}
}
Always check your configuration with nginx -t before (re-)starting.