Can't serve "hidden" wordpress install - wordpress

I'm switching a Wordpress site from Apache to Nginx.
We're trying to obfuscate the fact that it's a Wordpress site (I don't know why, but those are the requirements).
There are a few calls to static assets within the wordpress directory, so it's not perfect.
For the most part, it's working (www.example.com and other pages within show up properly), but I can't get the Admin page to work.
When you go to example.com/wp-admin, the server should load /var/example.com/docroot/wordpress/wp-admin/index.php, but I keep getting a 404.
I'm not sure where I've gone wrong. This is my server conf:
server {
server_name *.example.com;
root /var/example.com/docroot;
access_log logs/access.log;
error_log logs/error.log debug ;
gzip off;
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
# Rewrite wp-content to pretend we don't use Wordpress
location ~ ^/content/(.*)$ {
alias /var/example.com/docroot/wordpress/wp-content/$1;
}
location ~ ^/wp-content/(.*)$ {
alias /var/example.com/docroot/wordpress/wp-content/$1;
}
location ~ ^/includes/(.*)$ {
alias /var/example.com/docroot/wordpress/wp-includes/$1;
}
location ~ ^/wp-includes/(.*)$ {
alias /var/example.com/docroot/wordpress/wp-includes/$1;
}
location /wp-admin {
alias /var/example.com/docroot/wordpress/wp-admin;
}
# Basic php configuration
location ~ \.php$ {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files $uri =404;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
# static assets and blocking specific access
include sites-enabled/common.conf;
}

The two things I did to get this to work:
Proxy_pass instead of alias
location /wp-admin {
proxy_pass $scheme://www.dev4.railrode.net/wordpress/wp-admin/;
}
And for the try_files directives, added a wordpress$uri option:
try_files $uri /wordpress$uri =404

Related

Nginx install wordpress under some URI prefix on existing website

We have a website build with react by a partener. And we want to add a blog on the same domain, in a subdirectory:
example.org => /var/www/example.org/app
example.org/blog => /var/www/example.org/blog
I tried many solutions, but I always got a 404 on example.org/blog
server {
server_name example.org;
root /var/www/project/app/functions/build;
access_log /var/log/nginx/example.org_access.log;
error_log /var/log/nginx/example.org_error.log;
index index.html index.htm;
location ^~ /blog/ {
access_log /var/log/nginx/blog-example.org_access.log;
error_log /var/log/nginx/blog-example.orgm_error.log;
alias /var/www/example.org/blog;
index /index.php;
# Add a trailing slash if missing
if (!-f $request_filename) {
rewrite [^/]$ $uri/ permanent;
}
try_files $uri $uri/ /index.php?$args;
}
location / {
try_files $uri #prerender;
}
location #prerender {
// .. config for react stuff
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
# Change this to your fpm socket
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
include fastcgi_params;
}
}
I tried to create a subdomain with a separate nginx site conf to test if everything was OK, and it was. So it's my nginx site config above which is not good.
Do you have any idea?
Thanks you!
Solution
Thanks to Ivan Shatsky, I was able to correct my config to make everything works.
My main issue why I always had a 404 was because of my index. I had an extra slash: index /index.php => index index.php
location /blog/ {
access_log /var/log/nginx/blog-example.org_access.log;
error_log /var/log/nginx/blog-example.org_error.log;
root /var/www/example.org;
index index.php;
# Add a trailing slash if missing
if (!-f $request_filename) {
rewrite [^/]$ $uri/ permanent;
}
try_files $uri $uri/ /blog/index.php?$args;
location ~ \.php {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
# Change this to your fpm socket
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
include fastcgi_params;
}
}
Not sure if this will be an answer, but the errors I already see are:
If your react app doesn't make use of PHP (and I suppose it doesn't) why are you use location ^~ /blog/ { ... } having a PHP handler below this block? This way no request for /blog/any/path/file.php ever reach that PHP handler. Use simple location /blog/ { ... } prefix location or move the PHP handler inside the location ^~ /blog/ { ... } making it nested location (preferred).
If your directory where the WP is located is /var/www/example.org/blog and your URI pefix is /blog/ you'd better use root /var/www/example.org; instead of alias /var/www/example.org/blog;. It those string doesn't match, add the trailing slash at the end of the alias directive argument: alias /var/www/example.org/blog/;
You are using try_files directive incorectly, the last argument supposed to be an URI, so to redirect all the requests to WP index file you should use try_files $uri $uri/ /blog/index.php?$args;
Your PHP handler uses global /var/www/project/app/functions/build root instead of WordPress one (if you'd make the PHP handler nested location, this one would gone automatically).
Not sure that's all, but lets start from fixing these errors.
Update
The final working configuration was added by OP as the original question update.

NGINX on URL load static content

Having the following nginx configuration I try to load static content if url /intern is requested, but what I try it fails in 404. How can I properly setup nginx for this case?
server {
listen 80;
root /var/www/html/public;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include fastcgi_params;
#try_files $uri /index.php =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass php:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location = /intern {
autoindex on;
root /var/www/html/public/back;
}
}
In case of the root directive, full path is appended to the root including the location part, whereas in case of the alias directive, only the portion of the path NOT including the location part is appended to the alias.
So for:
location = /intern/ {
autoindex on;
root /var/www/html/public/back;
}
nginx will create the final path to be:
/var/www/html/public/back/intern/*
Assuming you don't have the intern directory inside the .../public/back/ directory, this will result in a 404 error.
If that's the case, you should use the alias directive. Where the location path is dropped before looking for the file at the said location.
try this:
location = /intern/ {
autoindex on;
alias /var/www/html/public/back/; # trailing slash is important here
}
This should result in the path:
/var/www/html/public/back/*

Nginx deny doesn't work for folder files

I'm trying to restrict access to my site to allow only specific IPs and I've got the following problem: when I access www.example.com deny works perfectly, but when I try to access www.example.com/index.php it returns "Access denied" page AND php file is downloaded directly in browser without processing.
I do want to deny access to all the files on the website for all IPs but mine. How should I do that?
Here's the config I have:
server {
listen 80;
server_name example.com;
root /var/www/example;
location / {
index index.html index.php; ## Allow a static html file to be shown first
try_files $uri $uri/ #handler; ## If missing pass the URI to front handler
expires 30d; ## Assume all files are cachable
allow my.public.ip;
deny all;
}
location #handler { ## Common front handler
rewrite / /index.php;
}
location ~ .php/ { ## Forward paths like /js/index.php/x.js to relevant handler
rewrite ^(.*.php)/ $1 last;
}
location ~ .php$ { ## Execute PHP scripts
if (!-e $request_filename) { rewrite / /index.php last; } ## Catch 404s that try_files miss
expires off; ## Do not cache dynamic content
fastcgi_pass 127.0.0.1:9001;
fastcgi_param HTTPS $fastcgi_https;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params; ## See /etc/nginx/fastcgi_params
}
}
That is because your deny/allow rule applies to just one location.
Remove that and try:
server {
listen 80;
server_name example.com;
root /var/www/example;
if ($remote_addr != "YOUR.PUBLIC.IP") {return 403;}
...
}
As the test is outside any specific locationblock, it will apply to all cases.
Note also that IF is not evil here since it just "returns".
OK, so I've found the solution. Nginx processes the most exact regex which in this case is the regex for php files. To make the config work all further locations must be defined within / location rule except for #handler (you cannot put under any rule - only as root)
server {
listen 80;
server_name example.com;
root /var/www/example;
location / {
index index.html index.php; ## Allow a static html file to be shown first
try_files $uri $uri/ #handler; ## If missing pass the URI to front handler
expires 30d; ## Assume all files are cachable
allow my.public.ip;
deny all;
location ~ .php/ { ## Forward paths like /js/index.php/x.js to relevant handler
rewrite ^(.*.php)/ $1 last;
}
location ~ .php$ { ## Execute PHP scripts
if (!-e $request_filename) { rewrite / /index.php last; } ## Catch 404s that try_files miss
expires off; ## Do not cache dynamic content
fastcgi_pass 127.0.0.1:9001;
fastcgi_param HTTPS $fastcgi_https;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params; ## See /etc/nginx/fastcgi_params
}
}
location #handler { ## Common front handler
rewrite / /index.php;
}
}

Nginx rewrite in subfolder (404)

I has a site host on a NGINX server which used to work fine to remove index.php in nginx site config using try_files.
But now I am going to add a blog on it, where the URL will be www.foo.com/blog, I can access the blog and use index.php?p=.
But, once I use pretty permalink with Nginx Helper, www.foo.com/blog/2013/07/bar, I get 404.
server {
# don't forget to tell on which port this server listens
listen 80;
# listen on the www host
server_name foo.com;
# and redirect to the non-www host (declared below)
return 301 $scheme://www.ultra-case.com$request_uri;
}
server {
# listen 80 default_server deferred; # for Linux
# listen 80 default_server accept_filter=httpready; # for FreeBSD
listen 80;
# The host name to respond to
server_name www.foo.com;
# Path for static files
root /web/foo.com
#index file
index index.php;
#Specify a charset
charset utf-8;
# Custom 404 page
error_page 404 /404.html;
# Uri Rewrite
location /blog {
index index.php;
try_files $uri $uri/ /blog/index.php?$args;
}
location / {
autoindex on;
# This is cool because no php is touched for static content.
# include tihe "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi.conf;
fastcgi_intercept_errors on;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
}
# Include the component config parts for h5bp
include conf/h5bp.conf;
}
The accepted answer routes everything through index.php.
This will break certain script includes, the wp-admin script being one of them.
You can use:
location /blog/ {
index index.php;
try_files $uri $uri/ /blog/index.php?$args;
}
Um... Thank you for all comments and answer. But finally I use this method to get it works
location /blog {
index index.php;
rewrite ^/blog/(.*)+$ /blog/index.php?$1; # it finally works
# return 200 $request_uri; # it is for inspect what $request_uri is
# try_files $uri $uri/ /blog/index.php$request_uri$is_args$args; # it gets 500 server error
}
Please point out if current setting has any problems. thank you!
I would suggest the following, to catch any permalinks under subfolder /blog
location /blog {
index index.php;
try_files $uri $uri/ /blog/index.php?$args;
}
Try this, I changed my answer to try to imitate the same behaviour you are using in your rewrite.
location ~ /blog(.*) {
index index.php;
try_files $uri /blog/index.php?$1&$args;
}
Try this
location /api {
# example: http://demo.com/api/channels/dmzb
root /data/webserver/demo.com/api/web;
rewrite ^/api/(.*) /$1 break;
try_files $uri $uri/ /api/index.php?$args;
location ~ ^/api/index\.php {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
# fix request_uri
set $changed_request_uri $request_uri;
if ($changed_request_uri ~ ^/api(.*)) {
set $changed_request_uri $1;
}
fastcgi_param REQUEST_URI $changed_request_uri;
# fix script_filename
fastcgi_split_path_info ^(?:\/api\/)(.+\.php)(.*);
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
}
}
Think for php, rewrite is no needed with something like this:
location /app/ {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /path/to/your/app/index.php;
fastcgi_pass php;
}
With following fastcgi pass
upstream php {
server unix:/var/run/php5-fpm.sock;
}
A universal solution for pretty URLs in root and one subfolder level:
set $virtualdir "";
set $realdir "";
if ($request_uri ~ ^/([^/]*)/.*$ ) {
set $virtualdir /$1;
}
if (-d "$document_root$virtualdir") {
set $realdir "${virtualdir}";
}
location / {
try_files $uri $uri/ $realdir/index.php?$args;
}
I found that with permalink enabled, I needed a combination of both sets of answers given here, otherwise
With only the rewrite, none of the static files got served
With only the try files, the permalinks did not work
This is working on my set up
location /blog/ {
rewrite ^/blog/(blog/(tag|category|20??)/.*)+$ /blog/index.php?$1;
try_files $uri $uri/ /blog/index.php?$args =404;
}
ip url: 123.123.123/xxxxxxxxxx/
location /xxxxxxxxxx/ {
try_files $uri $uri/ /xxxxxxxxxx/index.php?$query_string;
}
# Rewrite multisite '.../wp-.*' and '.../*.php'.
if (!-e $request_filename) {
rewrite ^(/xxxxxxxxxx/.*)+(/wp-.*) /xxxxxxxxxx/$2 last;
rewrite ^(/xxxxxxxxxx/.*)+.*(/wp-admin/.*\.php)$ /xxxxxxxxxx/$2 last;
rewrite ^(/xxxxxxxxxx/.*)+(/.*\.php)$ /xxxxxxxxxx/$2 last;
}

Nginx proxy_pass to another port with Wordpress

My problem is following: I use Wordpress on Nginx with "pretty links". I also run 2 other services on ports 88 and 1234 and I want to make a subdomains bugs.mydomain and mail.mydomain. I did the proxypass on location / but it's working only for the main directory, anything that is after the domain/ is falling into Wordpress "pretty links" mechanism. Do you have any idea how to solve this? My config files below:
The server config:
server {
listen <IP>:80;
root /usr/share/nginx/www/domain;
index index.html index.htm index.php;
server_name domain www.domain;
location / {
try_files $uri $uri/ /index.html;
if ( $host ~ "bugs.domain" ) {
proxy_pass http://domain:88;
}
if ( $host ~ "mail.domain" ) {
proxy_pass http://domain:1234;
}
}
location /doc/ {
alias /usr/share/doc/;
autoindex on;
allow 127.0.0.1;
deny all;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
include /home/domain/public_html/nginx.conf;
}
the config for specified domain (with Wordpress):
#First there is many rewrites for the W3TC plugin, like minification, caches etc
if ($host ~* ^www\.(.*))
{
set $host_without_www $1;
rewrite ^/(.*)$ $scheme://$host_without_www/$1 permanent;
}
#
# unless the request is for a valid file, send to bootstrap
if (!-e $request_filename)
{
rewrite ^(.+)$ /index.php?q=$1 last;
}
Now, when I enter domain:88 or domain:1234 it works. When I enter bugs.domain the website loads, but no CSS or images works as the url is bugs.domain/somapath and this falls into the Wordpress bootstrap. I run out of the ideas.
why create only 1 server with if's in it, separate the servers
server {
listen 80;
server_name bugs.example.com;
proxy_pass http://example.com:88;
}
server {
listen 80;
server_name mail.example.com;
proxy_pass http://example.com:1234;
}
server {
listen 80;
# the rest of your main server
#
}
So the problem was completely different then I thought. it was failing on this line:
try_files $uri $uri/ /index.html;
The problem was, that file index.html didn't exist, I only had index.php. Changing it solved the problem.

Resources