We have set up a local server on one of our branches. Ubuntu for OS and Nginx for Web server. Our target is to access our projects or websites by using this format http://Ip_address/Folder_Name. Like http://192.168.1.1/myproject1 and http://192.168.1.1/myproject2.
We have accomplished that target with the configuration below.
server {
listen 80;
listen [::]:80;
root /usr/share/nginx/html;
index index.php index.html index.htm;
server_name _;
location /myproject1 {
try_files $uri $uri/ /myproject1/public/index.php?q=$uri&$args;
}
location /myproject2 {
try_files $uri $uri/ /myproject2/public/index.php?q=$uri&$args;
}
location /myproject3 {
try_files $uri $uri/ /myproject3/public/index.php?q=$uri&$args;
}
location /myproject4 {
try_files $uri $uri/ myproject4/public/index.php?q=$uri&$args;
}
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
The main problem is anyone can access the .env file as well as the other file that can be found in my root folder (.env , .htaccess , etc).We are using a Laravel framework to complete all the project. File can be downloaded via "http://192.168.1.1/myproject1/.env". What is the best way to prevent the user from downloading any of my files? I don't know if we missed something on our configuration or what.
Related
How can I configure Codeigniter in NGINX server? .htaccess is not working here and i have no root permission. Only I can upload files using FTP and can access database.
where can I use this config...?
server {
server_name domain.tld;
root /var/www/codeignitor;
index index.html index.php;
# set expiration of assets to MAX for caching
location ~* \.(ico|css|js|gif|jpe?g|png)(\?[0-9]+)?$ {
expires max;
log_not_found off;
}
location / {
# Check if a file or directory index file exists, else route it to index.php.
try_files $uri $uri/ /index.php;
}
location ~* \.php$ {
fastcgi_pass 127.0.0.1:9000;
include fastcgi.conf;
}
}
Ref: https://www.nginx.com/resources/wiki/start/topics/recipes/codeigniter/
You should talk to your network admin for access of configuration files /etc/nginx/conf.d/default.conf. which needs to be configured correctly to make your routing work.you can configure your nginx server file like this code to make your routing work.
server{ listen 80; listen [::]:80; server_name 192.168.56.101 192.168.101.100 localhost; root /var/www/html; index index.php index.html index.htm; location / { try_files $uri $uri/ =404; } error_page 404 /404.html; error_page 500 502 503 504 /50x.html; location = /50x.html { root /var/www/html; } location /ci { try_files $uri $uri/ /ci/index.php?/$request_uri; }location ~ \.php$ { try_files $uri $uri/ /ci/index.php?/$request_uri; fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location ~ /\.ht { deny all; } }
I am currently developing a laravel application, on a nginx webserver, I have always accessed my projects by editing /etc/hosts and adding an entry for the name of the project then adding a server block with server name in default file in nginx, so if I have a project called "Missouri", I would call it like this :
http://missouri/
I would like now to change this is a bit, and to use my IP Address, or my localhost to be before the project name, like this :
http://localhost/missouri/
I have searched a lot, found a lot of different combinations, but none was efficient, this is the configuration block for the general server configuration :
server {
listen 80 default_server;
root /var/www/html;
index index.php index.html index.htm;
server_name localhost;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ^~ /Missouri {
alias /var/www/html/Missouri/public;
try_files $uri $uri/ /Missouri/index.php?$query_string;
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
}
If I use the previous configuration and call localhost/Missouri I get a File not found. white page error, however if I use the following code and call Missouri/ it works :
server {
listen 80;
server_name missouri;
root /var/www/html/Missouri/public;
index index.php index.html;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
I would appreciate any help, thank you.
I'm not a DevOps but I think that you can write regex in your nginx server block, so "localhost/foo" will be an alias for "localhost/foo/public". By doing that you don't need to add block for every website.
On the other hand, about your question, I'd recommend you to use "root" instead of "alias". Here is an example code:
location /Missouri {
root /var/www/html/Missouri/public;
index index.php index.html;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
I hope it works.
I have been browsing various threads for many hours (not exaggerated), but have been unable to find a solution combination that allows me to forward a non-www and http to a www and https while still being able to view php files without the extension. As follows is my nginx configuration file; any and all help IS appreciated!
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
server {
listen 80;
server_name domain.com;
rewrite ^(.*) http://www.domain.com$1 permanent;
}
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name www.domain.com;
root /usr/share/nginx/html;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ #extensionless-php;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
# Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
#location /RequestDenied {
# proxy_pass http://127.0.0.1:8080;
error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location #extensionless-php {
rewrite ^(.*)$ $1.php last;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# root html;
# index index.html index.htm;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
# HTTPS server
server {
listen 443;
server_name www.domain.com;
root html;
index index.html index.htm index.php;
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
location / {
try_files $uri $uri/ =404;
}
}
P.S. Generic code (i.e. domain.com) was provided in order for others to use this solution if so desired!
Edit: I have solved my own question! See my solution below. :)
I have found the solution to my own question! Hopefully this can be of use to some people out there. Basically, the modifications in the NGINX configuration file forward http://domain.com to http://www.domain.com and then forward http://www.domain.com to https://www.domain.com, all without using .php extensions.
That is, I can access a PHP file called "phpinfo," at https://www.domain.com/phpinfo.php by just visiting domain.com/phpinfo (or the full URL, https://www.domain.com/phpinfo <-- without the php extension). This may seem rather trivial to some users, but it is useful to a beginner like myself.
I had to make a small addition to the code from my question, whose updated form can be found below. Underneath server { ... } for HTTPS, I had to duplicate the location / { ... }, location ~ .php$ { ... }, and location #extensionless-php { ... } from the normal HTTP server { ... }.
As follows is the updated code for easy viewing! I hope this has proven useful.
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
server {
listen 80;
server_name domain.com;
rewrite ^(.*) https://www.domain.com$1 permanent;
}
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name www.domain.com;
rewrite ^(.*) https://www.domain.com$1 permanent;
root /usr/share/nginx/html;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ #extensionless-php;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
# Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
#location /RequestDenied {
# proxy_pass http://127.0.0.1:8080;
error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location #extensionless-php {
rewrite ^(.*)$ $1.php last;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# root html;
# index index.html index.htm;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
# HTTPS server
server {
listen 443;
server_name www.domain.com;
root html;
index index.html index.htm index.php;
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
location / {
# NOTE: THIS REQUIRED AN EDIT.
try_files $uri $uri/ #extensionless-php;
}
# NOTE: THE FOLLOWING CODE IS A MERE DUPLICATE FROM THE HTTP SERVER ABOVE!
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location #extensionless-php {
rewrite ^(.*)$ $1.php last;
}
}
ok well here's a little simplification to your config, ultimately you want to go to the https+www domain, the double redirection is a waste. so redirect to that directly
server {
# handles both www and non www to http
listen 80;
server_name www.example.com example.com;
return 301 https://www.example.com$request_uri$is_args$query_string;
}
server {
# handles non www to https
listen 443 ssl;
# add ssl settings to avoid certificate error
server_name example.com;
return 301 https://www.example.com$request_uri$is_args$query_string;
}
server {
listen 443 ssl;
server_name www.example.com;
# ssl settings
location / {
try_files $uri $uri/ #extensionless;
}
location #extensionless {
rewrite ^ $1.php last;
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
}
I believe this small php block is sufficient, if it doesn't work you can add back the remaining rules from your current config.
I installed sqlbuddy following the guide by arstechnia, but I cannot seem to access sqlbuddy.
This is the setup for /etc/nginx/sites-available/www
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html;
index index.html index.htm index.php;
# Make site accessible from http://localhost/
server_name localhost;
location / {
try_files $uri $uri/ =404;
allow 192.168.1.0/24;
allow 127.0.0.1;
deny all;
}
location ~ \.php$ {
try_files $uri =404;
allow 192.168.1.0/24;
allow 127.0.0.1;
deny all;
include fastcgi_params;
fastcgi_pass php5-fpm-sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
}
location ~ /\. {access_log off; log_not_found off; deny all; }
location ~ ~$ {access_log off; log_not_found off; deny all; }
location ~ /sqlbuddy/.*\.php$ {
allow 192.168.1.0/24;
allow 127.0.0.1;
deny all;
try_files $uri =404;
include fastcgi_params;
fastcgi_pass php5-fpm-sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
}
}
When I try to access sqlbuddy via 192.168.1.128/sqlbuddy I get this page from chrome:
http://imgur.com/8pomz3m
Nginx access log shows no record of me trying to access sqlbuddy but does record me accessing the index page and 192.168.1.128/phpinfo.php
No errors present in nginx error log either.
I tried individually commenting sections of the location ~ /sqlbuddy/... to no avail. Really lost on this one.
Following the same guide I came across with the same problem.
I commented out the location that made all requests to sqlbuddy go through https, I see you don't have it so it shouldn't be a problem.
Try deleting the browser's cache. That dit it for me.
Hope it helps.-
Check your sqlbuddy folder structure, make sure your index is in /sqlbuddy/index.php and not in /sqlbuddy/src/index.php. I had to copy all sources to /sqlbuddy.
also check your permission and owner for sqlbuddy (www-data:www-data).
I'm using NGINX On Ubuntu server. I have this vhost:
server {
listen 80;
server_name *.example.com;
root /home/nginx/vhosts/example.com/web;
location / {
index index.php;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9001;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
}
I have to add a rule...
If the file/dir IS NOT FOUND use index.php
How could I change my server {} directive?
Thank you!
You can use the try_files directive:
try_files $uri $uri/ /index.php
This will try to find files and directories first, and if that doesn't work, it will use index.php.
See also the front controller section on the nginx wiki.
Ikke is correct, use try_files like so:
location / {
try_files $uri $uri/ /index.php;
}
But your PHP fastcgi location is insecure. See this article to find out more about that.
For your setup you need to have something like this:
location ~ \.php$ {
try_files $uri /index.php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include /etc/nginx/fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass 127.0.0.1:9001;
}
Note that you should set local fastcgi_param after including the fastcgi_params global config.
You need to fllow setting:
server {
listen 80;
server_name *.example.com;
root /home/nginx/vhosts/example.com/web;
location / {
index index.php;
}
location ~ \.php$ {
root /home/nginx/vhosts/example.com/web;
fastcgi_pass 127.0.0.1:9001;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
}
hope help you
I had the same problem on RH6 an EC2 and I fixed it by hard coding the $document_root, in the param fastcgi_param.
Hope it helped.