I make HTTP authorization in nginx config for all files, exclude index.php:
server {
listen 80;
root /var/www/site;
index index.php;
charset utf-8;
location ~ /(?!index.php) {
auth_basic "Unauthorized";
auth_basic_user_file /var/www/site/htpasswd;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_read_timeout 3000;
}
}
As a result, nginx instead of executing PHP files, begins to give them to download. Without location ~ /(?! index.php) - files are normally executed.
How to make a negative condition correctly?
Related
I've the following configuration which works well:
root /var/www/en;
location / {
try_files $uri $uri/ /index.php?$args;
}
location /admin {
try_files $uri $uri/ /admin/index.php;
}
location ~ \.php(/|\?|$) {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
fastcgi_param COCKPIT_URL_REWRITE On;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
}
This redirects all requests to index.php and to admin/index.php for the admin backend.
Now I need to put a copy of the website in a different language to subdirectory having the same redirect rules for the subdirectory. This is actually a separate project with a separate root folder. I'm doing it the following way:
location ~ ^/de {
root /var/www/de;
try_files $uri $uri/ /de/index.php?$args;
}
location ~ ^/de/admin {
root /var/www/de;
try_files $uri $uri/ /de/admin/index.phpd;
}
However, this leads to the following nginx error:
rewrite or internal redirection cycle while internally redirecting to "/de/index.php"
How this could be fixed?
Thanks ;)
UPDATE:
I managed to get static files working by changing root to alias. So, now I can access static files site.com/de/test.txt. However, when I try to access site.com/de/ php handler is not working and browser tries to download the php file. I put php handler inside the new location block but it still not working.
Try this
location ~ \.php(/|\?|$) {
location /de {
root /var/www/de;
try_files $uri $uri/ /de/index.php?$args;
}
location /de/admin {
root /var/www/de;
try_files $uri $uri/ /de/admin/index.php;
}
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
fastcgi_param COCKPIT_URL_REWRITE On;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
}
I have problem with Nginx and PHP5-fpm, if I configure Nginx 1.2.1 everything is fine, but if I upgrade to 1.6 I have only blank page. Cany anyone say why?
Socket is created fine.
Html pages working
If i see network in Chrome i have 200OK
In PHP is only:
<?php
phpinfo();
?>
My confing files:
/etc/nginx/conf.d/web.conf
server {
listen 192.168.99.127:8080;
server_name sub.localhost;
root /home/clients_ssl/sub/www;
index index.php index.html index.htm;
location ~ \.php$ {
fastcgi_pass unix:/etc/php5/fpm/socks/ssl_sub.sock;
include fastcgi_params;
fastcgi_param HTTPS on;
}
location ~ /\. {
deny all;
}
access_log /home/clients_ssl/sub/logs/access.log;
error_log /home/clients_ssl/sub/logs/error.log;
error_page 404 /404.html;
}
/etc/nginx/nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
/etc/php5/fpm/pool.d/web.conf
[ssl_sub]
listen = /etc/php5/fpm/socks/ssl_sub.sock
user = nginx
group = nginx
pm = dynamic
pm.max_children = 50
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 5
pm.max_requests = 0
php_admin_value[open_basedir]=/
php_admin_value[session.save_path]=/home/clients_ssl/sub/tmp
php_admin_value[upload_tmp_dir]=/home/clients_ssl/sub/tmp
php_admin_value[disable_functions]=dl
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
((( if i change lister.owner/group and user/group to other system user for example USER0 i have error 502 bad gateway, where is problem? ))))
/etc/nginx/fastcgi_params
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
If you have upgraded nginx by including
deb http://nginx.org/packages/debian/ wheezy nginx
deb-src http://nginx.org/packages/debian/ wheezy nginx
in your /etc/apt/sources.list file, you won't have a copy of fastcgi.conf in your /etc/nginx folder.
Find the file fastcgi_params in /etc/nginx and add this line:
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
to the top of the file. Rename the file to fastcgi.conf
Then, you can replace include fastcgi_params; to include fastcgi.conf; in your .conf file's php location block.
I had also some problems after update nginx 1.2 to 1.6
I got this information (see below), when I install wheezy-backports main contrib non-free
I put to this list: /etc/apt/sources.list
that source:
deb http://ftp.de.debian.org/debian/ wheezy-backports main contrib non-free
Information by the installation:
Fastcgi configuration issues ============================
nginx shipped a modified fastcgi_params, which declared
SCRIPT_FILENAME fastcgi_param. This line has now been removed.
From now on we are also shipping fastcgi.conf from the upstream
repository, which includes a sane SCRIPT_FILENAME parameter value.
So, if you are using fastcgi_params, you can try switching to
fastcgi.conf or manually set the relevant params.
So I made a change in etc/nginx/conf.d/default.conf
I changed include fastcgi_params; to include fastcgi.conf;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
fastcgi_read_timeout 600;
}
Afterwards, restart php5-fpm and nginx
My php formular / form now works again in nginx 1.6.2
I am running a server on nginx 1.4.1 with PHP-FastCGI. Currently I have it setup so that it removes trailing slashes from my URLs and issues a 301 redirect. However, when I visit a directory that exists, I am forced into a redirect loop. My current document root looks like this:
- index.php (app)
- webgrind
- index.php
- static
- css
Currently I cannot visit example.com/webgrind or any other directory. My access logs repeatedly read similar to:
GET /webgrind/ HTTP/1.1" 301 178 "-"
GET /webgrind HTTP/1.1" 301 178 "-"
This is the server block in my nginx.conf:
server {
listen 80;
server_name example.com;
location / {
try_files $uri $uri/ /index.php?$args;
root /var/www/example/public;
index index.php index.html index.htm;
}
rewrite ^/(.*)/$ /$1 permanent;
location = /favicon.ico {
access_log off;
log_not_found off;
}
location ~ \.php$ {
try_files $uri $uri/ /index.php?$args;
root /var/www/example/public;
index index.php index.html index.htm;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/example/public$fastcgi_script_name;
fastcgi_param APPLICATION_ENV testing;
fastcgi_param PATH /usr/bin:/bin:/usr/sbin:/sbin;
fastcgi_intercept_errors on;
include fastcgi_params;
}
}
I am aware that rewrite ^/(.*)/$ /$1 permanent; is the offending line. If I remove it and visit example.com/webgrind, a 301 is issued for me to redirect to example.com/webgrind/ since it is a directory. However, my application will now accept both trailing and non-trailing slashes (i.e. example.com/users/ and example.com/users) and this is not what I want.
Wrapping the 'if' directive around my rewrite as follows still creates a redirect loop for my directories (if is evil, apparently, but a rewrite directive in this case is considered safe):
if (!-d $request_filename) {
rewrite ^/(.*)/$ /$1 permanent;
}
(I know that visiting webgrind/index.php would solve my problem, but I'd like to avoid costly and unprofessional redirect loops when my production directories are pushed live.)
So how can I conditionally strip trailing slashes only for resources that don't exist (my web application paths)?
UPDATE: My (unaltered) fastcgi_params config:
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS $https;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
Putting the root directive outside of the location block as a direct child of the server block fixed the issue.
server {
listen 80;
server_name example.com;
# This WORKS!
root /var/www/example/public;
location / {
try_files $uri $uri/ /index.php?$args;
index index.php index.html index.htm;
}
if (!-d $request_filename) {
rewrite ^/(.*)/$ /$1 permanent;
}
location = /favicon.ico {
access_log off;
log_not_found off;
}
location ~ \.php$ {
try_files $uri $uri/ /index.php?$args;
index index.php index.html index.htm;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/example/public$fastcgi_script_name;
fastcgi_param APPLICATION_ENV testing;
fastcgi_param PATH /usr/bin:/bin:/usr/sbin:/sbin;
fastcgi_intercept_errors on;
include fastcgi_params;
}
}
Apparently it is a pitfall that the Nginx wiki recommends to avoid.
QUESTION: What am I missing or doing wrong?
I'm trying to migrate fully functional Zend Framework application from Apache2 with mod_php5 to nginx with php5-fpm. I get this kind of errors:
2012/06/27 12:08:04 [error] 1986#0: *1 open() "/var/www/public/sales/live-trials-json" failed (2: No such file or directory), client: *.*.*.*, server: www.mydomain.com, request: "POST /sales/live-trials-json HTTP/1.1", host: "www.mydomain.com", referrer: "https://www.mydomain.com/sales/live-trials"
Here are my configuration files:
a) /etc/nginx/sites-enabled/www
server {
listen 80;
listen 443 default ssl;
server_name www.mydomain.com;
root /var/www/public;
ssl_certificate /etc/nginx/ssl/mydomain.crt;
ssl_certificate_key /etc/nginx/ssl/mydomain.key;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log error;
index index.php index.phtml index.html;
location = /(favicon.ico|robots.txt) {
access_log off;
log_not_found off;
}
location ~* ^.+.(css|js|jpeg|jpg|gif|png|ico|xml) {
access_log off;
expires 30d;
}
location / {
try_files $uri $uri/ /index.php;
}
location ~ /\.ht {
deny all;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
b) /etc/nginx/fastcgi_params
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS $https;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
c) /etc/php5/fpm/pool.d/www.conf
[www]
user = www-data
group = www-data
listen = 127.0.0.1:9000
pm = dynamic
pm.max_children = 20
pm.start_servers = 4
pm.min_spare_servers = 2
pm.max_spare_servers = 6
chdir = /
d) ls -al /var/www
drwxr-xr-x 7 www-data www-data 4096 Jun 27 10:52 application
drwxr-xr-x 5 www-data www-data 4096 Jun 27 10:52 library
drwxr-xr-x 10 www-data www-data 4096 Jun 27 12:05 public
e) nginx -V
nginx version: nginx/1.1.19
TLS SNI support enabled
configure arguments:
--prefix=/etc/nginx
--conf-path=/etc/nginx/nginx.conf
--error-log-path=/var/log/nginx/error.log
--http-client-body-temp-path=/var/lib/nginx/body
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi
--http-log-path=/var/log/nginx/access.log
--http-proxy-temp-path=/var/lib/nginx/proxy
--http-scgi-temp-path=/var/lib/nginx/scgi
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi
--lock-path=/var/lock/nginx.lock
--pid-path=/var/run/nginx.pid
--with-debug
--with-http_addition_module
--with-http_dav_module
--with-http_geoip_module
--with-http_gzip_static_module
--with-http_image_filter_module
--with-http_realip_module
--with-http_stub_status_module
--with-http_ssl_module
--with-http_sub_module
--with-http_xslt_module
--with-ipv6
--with-sha1=/usr/include/openssl
--with-md5=/usr/include/openssl
--with-mail
--with-mail_ssl_module
--add-module=/build/buildd/nginx-1.1.19/debian/modules/nginx-auth-pam
--add-module=/build/buildd/nginx-1.1.19/debian/modules/nginx-echo
--add-module=/build/buildd/nginx-1.1.19/debian/modules/nginx-upstream-fair
--add-module=/build/buildd/nginx-1.1.19/debian/modules/nginx-dav-ext-module
f) php -v (this is cli version, but I swear I am running nginx with fpm:)
PHP 5.3.10-1ubuntu3 with Suhosin-Patch (cli) (built: Apr 11 2012 17:25:33)
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2012 Zend Technologies
Alright, after long and exhausting struggles, I've managed to figure out this madness. So, I've started everything from scratch and here is what I've learned:
Entire weirdness is somewhere in location ~* ... { ... }, so whoever have better experience, please explain why :-) Meanwhile I'll manage assets and caching on application layer.
My functional configuration file looks like this:
server {
listen 80;
listen 443 default ssl;
server_name www.mydomain.com;
root /var/www/public;
ssl_certificate /etc/nginx/ssl/mydomain.crt;
ssl_certificate_key /etc/nginx/ssl/mydomain.key;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log error;
index index.php index.phtml index.html;
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
Thanks for trying, especially #sarnold and #sergei-lomakov!
Your nginx configuration is little wrong.
Because agree with your rules, nginx tries to access /var/www/public/sales/live-trials-json
which doesn't exist.
Because I don't know which endpoints your application use, I suggest you to make two nginx locations. First , for all static files (with regexp) create this location:
location ~* ^.+.(css|js|jpeg|jpg|gif|png|ico|xml) {
access_log off;
expires 30d;
}
All another queries should be proxied to apache:
location / {
fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
Make little change with this rule:
location ~* ^/(favicon.ico|robots.txt)$ {
access_log off;
log_not_found off;
}
Of course, you can leave ".ht settings" untouched:
location ~ /\.ht {
deny all;
}
So, Final config will be:
server {
listen 80;
listen 443 default ssl;
server_name www.mydomain.com;
root /var/www/public;
ssl_certificate /etc/nginx/ssl/mydomain.crt;
ssl_certificate_key /etc/nginx/ssl/mydomain.key;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log error;
index index.php index.phtml index.html;
location ~* ^/(favicon.ico|robots.txt)$ {
access_log off;
log_not_found off;
}
location ~* ^.+.(css|js|jpeg|jpg|gif|png|ico|xml) {
access_log off;
expires 30d;
}
location ~ /\.ht {
deny all;
}
location / {
fastcgi_pass 127.0.0.1:9000;
# I'm not sure that this setting is needed:
# fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
As you noted, your problem is with
location ~* ^.+.(css|js|jpeg|jpg|gif|png|ico|xml) {
access_log off;
expires 30d;
}
This matches your POST uri of /sales/live-trials-json because it hasn't been anchored to the end of the uri path, and . matches any character. This means that '-js' matches. To fix this, you just need to add a \ (to match a literal '.') and a $ (to anchor the match at the end of the uri path):
location ~* \.(css|js|jpeg|jpg|gif|png|ico|xml)$ {
access_log off;
expires 30d;
}
I have strange rewrite problem with nginx & php5-fpm on an *nix platform. I'm using a Router.php class as app resource and there are lot of routes in this file which generates user-friendly uri's for corresponding modules & controllers. Now, i want to move some of this regex based application routes to nginx level and when i move a route to nginx config, i'm getting "invalid controller specified" error.
Simply, when a user requests a /foo URI, i want to trigger BarController's bazAction(). It's successfully working on application level (via Router resource)
public function init() {
$router = Zend_Controller_Front::getInstance()->getRouter();
$f = new Zend_Controller_Router_Route_Static('foo',
array( 'controller' => 'Bar',
'action' => 'baz'));
$router->addRoute( 'foo', $f);
...
When i try to do this using nginx rewrite rules like this
rewrite ^/foo /index.php/bar/baz?$args last;
I'm getting Invalid controller specified (foo) error. How can i handle this rewrite rules correctly?
My server.config is:
server {
listen 80;
server_name www.dummy.com;
root /Users/foozy/Sites/dummy.com/public;
index index.php;
location / {
try_files $uri $uri/ #rewrites;
}
location #rewrites {
rewrite ^/foo /index.php/bar/baz?$args last;
# i also tried :
# rewrite ^/foo /bar/baz?$args last;
rewrite ^ /index.php?$args;
}
location ~ ^.+\.php {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
}
}
My fastcgi_params file is:
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
... nginx's default params here ...
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
...
fastcgi_param APPLICATION_ENV development;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
And in php.ini fix_pathinfo is set to 0:
cgi.fix_pathinfo=0
PHP v5.3.8, Nginx v1.0.10
I used this manual to make routers worked NGINX + PHP-FPM + Zend_Framework Infinite 30x redirect loop