1

I'am going crazy to understand this nginx vhost config. My issue is with the /v2 location, it does not send php stuff to php-fpm while it works properly outside /v2. Can anyone point me the mistake ?

server {
  listen 443 ssl;
  include ssl.conf;
   include hardening.conf;
   server_name myapp.domain.com myapp;
   ssl_certificate /etc/pki/tls/certs/myapp.domain.com.crt;
   ssl_certificate_key /etc/pki/tls/private/myapp.domain.com.key;
   access_log /var/log/nginx/myapp.domain.com-access.log main;
   error_log /var/log/nginx/myapp.domain.com-error.log notice;
   root /var/www/html/myapp.domain.com;

   location ~ /\.ht {
     deny  all;
   }

   location ~ /v2 {
     alias /var/www/html/myapp.domain.com/version-2/web;
     try_files $uri index.php$is_args$args;
   }

   location ~ [^/]\.php(/|$) {
     fastcgi_split_path_info ^(.+?\.php)(/.*)$;
     if (!-f $document_root$fastcgi_script_name) {
       return 404;
     }

     # Mitigate https://httpoxy.org/ vulnerabilities
     fastcgi_param HTTP_PROXY "";

     fastcgi_pass localhost:9000;
     fastcgi_index index.php;
     include fastcgi_params.conf;
   }
 }

According to comments, I'm trying the nested location solution but I receive now 404 when I try https://myapp.domain.com/v2/index.php while /var/www/html/myapp.domain.com/version-2/web/index.php is present on the filesystem. Also as explained on the link given, I modified my location from ^ to ^~. Any idea what's wrong?

server {
  listen 443 ssl;
  include ssl.conf;
   include hardening.conf;
   server_name myapp.domain.com myapp;
   ssl_certificate /etc/pki/tls/certs/myapp.domain.com.crt;
   ssl_certificate_key /etc/pki/tls/private/myapp.domain.com.key;
   access_log /var/log/nginx/myapp.domain.com-access.log main;
   error_log /var/log/nginx/myapp.domain.com-error.log notice;
   root /var/www/html/myapp.domain.com;

   location ~ /\.ht {
     deny  all;
   }

   location ^~ /v2 {
     alias /var/www/html/myapp.domain.com/version-2/web;
     try_files $uri index.php$is_args$args;

     location ~ [^/]\.php(/|$) {
       fastcgi_split_path_info ^(.+?\.php)(/.*)$;
       if (!-f $document_root$fastcgi_script_name) {
         return 404;
       }

       # Mitigate https://httpoxy.org/ vulnerabilities
       fastcgi_param HTTP_PROXY "";

       fastcgi_pass localhost:9000;
       fastcgi_index index.php;
       include fastcgi_params.conf;
     }

   }

   location ~ [^/]\.php(/|$) {
     fastcgi_split_path_info ^(.+?\.php)(/.*)$;
     if (!-f $document_root$fastcgi_script_name) {
       return 404;
     }

     # Mitigate https://httpoxy.org/ vulnerabilities
     fastcgi_param HTTP_PROXY "";

     fastcgi_pass localhost:9000;
     fastcgi_index index.php;
     include fastcgi_params.conf;
   }
 }
Improve this question
6
  • You have two PHP apps with different roots. You will need two different location blocks to process the .php URIs. Consider using a nested location blocks - like this answer. Commented Dec 8, 2017 at 16:11
  • @RichardSmith I updated the post with your proposal but now I get some 404 as explained in the post, can you have a look again please ? Commented Dec 11, 2017 at 9:51
  • $document_root$fastcgi_script_name does not work with alias, use: $request_filename instead. Also, you need to set a value for SCRIPT_FILENAME. Also, I would avoid using try_files and alias together due to this issue. Commented Dec 11, 2017 at 9:57
  • indeed I did not saw that detail, replacing the $document_root$fastcgi_script_name by $request_filename and replacing try_files by a rewrite rule also reording some stuff in the php location made it working. Commented Dec 11, 2017 at 10:33
  • @RichardSmith thanks a lot! Do I need to post the working version? Commented Dec 11, 2017 at 10:33

2 Answers 2

Reset to default
0

you have to point to the php5-fpm location. like this:

location ~ \.php$ {
      include snippets/fastcgi-php.conf;
      fastcgi_pass unix:/var/run/php5-fpm.sock;
}

Take a look in a whole example:

server {
    listen 8082;
    listen [::]:8082;
    server_name 192.168.2.60;

    root /usr/share/nginx/html/phpmyadmin/;
    index index.php index.html index.htm;


    location / {
            try_files $uri $uri/ /index.php?uri=$uri;
    }

    location ~ \.php$ {
            include snippets/fastcgi-php.conf;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
     }

     location ~ /\.ht {
            deny all;
     }   
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

For posterity, I got working config:

server {
  listen 443 ssl;
  include ssl.conf;
  include hardening.conf;
  server_name myapp.domain.com myapp;
  ssl_certificate /etc/pki/tls/certs/myapp.domain.com.crt;
  ssl_certificate_key /etc/pki/tls/private/myapp.domain.com.key;
  access_log /var/log/nginx/myapp.domain.com-access.log main;
  error_log /var/log/nginx/myapp.domain.com-error.log notice;
  root /var/www/html/myapp.domain.com;

  location ^~ /v2/admin/web/index[_dev]*.php/command {
    if (!-f $request_filename) {
      rewrite ^ /v2/admin/web/index.php$is_args$args last;
    }
  }

  location ~ [^/]\.php(/|$) {
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    if (!-f $document_root$fastcgi_script_name) {
      return 404;
    }
    include fastcgi_params.conf;
    fastcgi_index index.php;
    fastcgi_pass 127.0.0.1:9000;
  }
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.