I've installed a PHP web application using a LEMP stack and I need to port some Apache .htaccess rewrite rules to the Nginx equivalents.
.htaccess
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* index.php?/$0 [PT,L]
I've tried these two services as recommended in other Stackoverflow answers:
http://winginx.com/en/htaccess
http://www.anilcetin.com/convert-apache-htaccess-to-nginx/
This is my server block:
server {
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES$
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/ssl/dhp-2048.pem;
root /var/www/example;
index index.php index.html index.htm index.nginx-debian.html;
server_name example.com;
# return 302 https://example.com$request_uri;
access_log /var/log/nginx/example.access.log;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
The first converter generated this which I added as an addition location stanza before the last curly bracket. A syntax check nginx -t checks out but Nginx fails to restart.
location / {
if (!-e $request_filename){
rewrite ^(.*)$ /index.php?/$0 break;
}
}
The second converter generated a different rule (below) which I added inside the first location stanza (under try_files) but that also breaks the configuration as Nginx won't restart.
if (!-f $request_filename){
set $rule_0 1$rule_0;
}
if (!-d $request_filename){
set $rule_0 2$rule_0;
}
if ($rule_0 = "21"){
rewrite /.* /index.php?/$0 last;
}
What am I doing wrong? Any help to fix this is appreciated and welcome.
Update:
I still need help with this. I've not been able to get the first solution posted to work for me.
Change the =404 term in your try_files statement to /index.php?$uri.
For example:
location / {
try_files $uri $uri/ /index.php?$uri;
}
Your try_files statement was only missing the final rewrite rule. Note that all URIs in nginx contain a leading /. Substituting $uri for $0 should work for you.
See this document for more.
Related
I've just configured this site to use a Let's Encrypt certificate: https://secureshop.dnd1.com But the browser bar show the site as not secure. What I'm I doing wrong here?
This is my NGINX config file:
server {
listen 80;
server_name secureshop.dnd1.com;
return 301 https://$host$request_uri;
}
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
#listen 80;
# SSL configuration
#
# listen 443 ssl default_server;
listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
#root /var/www/html;
root /usr/share/nginx/html/secureshop;
# Add index.php to the list if you are using PHP
index index.html index.php index.htm index.nginx-debian.html;
server_name secureshop.dnd1.com;
#SSL
ssl_certificate /etc/letsencrypt/live/secureshop.dnd1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/secureshop.dnd1.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# Logs
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location ~ /.well-known {
allow all;
}
location = /robots.txt {
auth_basic off;
allow all;
log_not_found off;
access_log off;
}
# Gzip Settings
#gzip on;
#gzip_disable "msie6";
#gzip_vary on;
#gzip_proxied any;
#gzip_comp_level 1;
#gzip_buffers 16 8k;
#gzip_http_version 1.0;
#gzip_types application/json text/css application/javascript;
rewrite ^/api/?(.*)$ /webservice/dispatcher.php?url=$1 last;
rewrite ^/([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$1$2$3.jpg last;
rewrite ^/([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$1$2$3$4.jpg last;
rewrite ^/([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$1$2$3$4$5.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg last;
rewrite ^/c/([0-9]+)(-[.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+.jpg$ /img/c/$1$2$3.jpg last;
rewrite ^/c/([a-zA-Z_-]+)(-[0-9]+)?/.+.jpg$ /img/c/$1$2.jpg last;
rewrite ^/images_ie/?([^/]+).(jpe?g|png|gif)$ /js/jquery/plugins/fancybox/images/$1.$2 last;
rewrite ^/order$ /index.php?controller=order last;
# Admin URL
location /admin-dev/ { #Change this to your admin folder
if (!-e $request_filename) {
rewrite ^/.*$ /admin-dev/index.php last; #Change this to your admin folder
}
}
location / {
if (!-e $request_filename) {
rewrite ^/.*$ /index.php last;
}
}
# location / {
# # First attempt to serve request as file, then
# # as directory, then fall back to displaying a 404.
# try_files $uri $uri/ =404;
# }
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
client_max_body_size 10M;
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
I don't get why this certificate makes my site appear "Not Secure". Do I have to do something else?
The red bar indicates that the certificate is self signed.
Probably you have non installed the let's encrypt certificate correctly.
Depending of your system configuration, you can find a lot of tutorials on how to install a Ssl manually on nginx.
Have a nice day,
Vlad
After installing Owncloud on my server, on a subdomain (let's say) cloud.motherboard.fr, I have the issue that all my https requests (like https://hey.motherboard.fr) redirect to the following Owncloud page :
while going to https://hey.motherboard.fr
So I guess that my Nginx configuration redirect all https connections to Owncloud. Here is my configuration file :
upstream php-handler {
server 127.0.0.1:9000;
# server unix:/var/run/php5-fpm.sock;
}
server {
listen 80;
server_name cloud.motherboard.fr; #YourIP or domain
return 301 https://$server_name$request_uri; # redirect all to use ssl
}
server {
listen 443 ssl;
server_name cloud.motherboard.fr; #YourIP or domain
#SSL Certificate you created
ssl_certificate /etc/nginx/cert/owncloud.crt;
ssl_certificate_key /etc/nginx/cert/owncloud.key;
# owncloud path
root /var/www/cloud/owncloud/;
client_max_body_size 10G; # set max upload size
fastcgi_buffers 64 4K;
rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
deny all;
}
location / {
# The following 2 rules are only needed with webfinger
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
try_files $uri $uri/ index.php;
}
location ~ ^(.+?\.php)(/.*)?$ {
try_files $1 = 404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$1;
fastcgi_param PATH_INFO $2;
fastcgi_param HTTPS on;
fastcgi_pass php-handler;
}
# Optional: set long EXPIRES header on static assets
location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
expires 30d;
# Optional: Don't log access to assets
access_log off;
}
}
It looks like it comes from the two first server block, but I didn't managed to change it. Can it have a link with php-pfm ?
My hey.motherboard.fr configuration is pretty simple :
server {
server_name hey.motherboard.fr;
location / {
root /var/www/hey;
index index.html index.htm;
}
}
I want to configure nginx to behave in this way :
[OK] If i browse to domain.com/, the /var/www/index.php file is called
[HOW ?] If i browse to domain.com/blah, /var/www/controller.php is called
On apache, is done by a rewrite condition :
RewriteRule (.*) controller.php [L,QSA]
[HOW ?] If i browse to domain.com/api/someMethod, /var/www/api/controller.php is called
On apache, is done by a rewrite condition :
RewriteRule ^api api/controller.php [L,NC]
[HOW ?] If i browse to domain.com/image.png, nginx display the image /var/www/image.png
On apache, is done by a rewrite condition :
RewriteRule \.(js|css|gif|png|jpg|ico|txt|woff|woff2)$ - [L,NC]
And my nginx config :
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl;
listen [::]:443 ssl;
server_name _;
root /var/www;
index index.php;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
location ~ {
try_files $uri $uri/ /index.php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
The significant parts of the configuration would be:
root /var/www;
index index.php;
location = / { }
location / {
try_files $uri $uri/ /controller.php;
}
location /api {
try_files $uri $uri/ /api/controller.php;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
The first two lines are from your original configuration.
The location = will ensure that the URI / obeys the index index.php rather than the try_files rule next.
The location / defines the default action, serving image.png, index.php on subdirectories and controller.php on anything else.
The location /api modifies this behaviour with respect to controller.php.
The location ~ \.php$ block implements the fastcgi interface. Notice that include fastcgi_params; should come before any fastcgi_param directives to avoid the latter being silently overridden.
If you would like the URI domain.com/blah.php to call controller.php instead of throwing a 404, then change the =404 to /controller.php.
Please see this for a list of nginx directives.
I have problem with implement my rewrite code from htaccess file into nginx config.
I've already tried generator : http://winginx.com/htaccess for generate my rewrite
code.
My nginx config code:
server {
listen 80;
server_name example.com;
return 301 $scheme://www.example.com$request_uri;
}
server {
listen 80;
root /usr/share/nginx/www;
index index.php;
server_name www.example.com;
error_page 404 http://www.example.com/404.php;
autoindex off;
error_log /usr/share/nginx/www/nginx_error.log warn;
location / {
rewrite ^([^\.]*)$ /$1.php;
}
location = / {
rewrite ^ /index.php;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
}
I wanna implement this from my .htaccess:
RewriteRule ^([A-Za-z0-9-]+)/([A-Za-z0-9-/_]+)$ admin/index.php?hotelname=$1&do=$2 [QSA]
RewriteRule ^(([A-Za-z0-9-/]+)+)$ admin/index.php?hotelname=$1 [L]
Generated code from tool:
location / {
rewrite ^/([A-Za-z0-9-]+)/([A-Za-z0-9-/_]+)$ /admin/index.php?hotelname=$1&do=$2;
rewrite ^/(([A-Za-z0-9-/]+)+)$ /admin/index.php?hotelname=$1 break;
}
I have alredy tried implement this last lines of code to my location blocks but not working at all..
I will be very greateful for every opinion!
Regards
Makromat
The blind kind of conversion would be
rewrite ^([A-Za-z0-9-]+)/([A-Za-z0-9-/_]+)$ admin/index.php?hotelname=$1&do=$2&$query_string last;
rewrite ^(([A-Za-z0-9-/]+)+)$ admin/index.php?hotelname=$1 last;
But I would prefer if I understand the question more to produce a more optimum rewrite.
When do I know if the URL should be passed to /admin or not, give me an actual URI for backend and for frontend.
Usually rewrites are better managed in nginx using nginx way of thinking. And this new way of thinking is more based on try_file.
So you may try something like that (untested):
location ^~ "/([A-Za-z0-9-]+)/([A-Za-z0-9-/_]+)" {
try_files $uri admin/index.php?hotelname=$1&do=$2&$args;
}
location ^~ "(([A-Za-z0-9-/]+)+)" {
try_files $uri /admin/index.php?hotelname=$1;
}
location = / {
rewrite ^ /index.php;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
If direct access on given $urishould never happen, then remove that part from the try_files. Now I'm also unsure of your second regex (([A-Za-z0-9-/]+)+), why not using:
location ^~ "/([A-Za-z0-9-/])+"
Or
location ^~ "/([A-Za-z0-9-])+/"
So there's maybe something I do not see, even in your apache rewrites.
I have a nginx server running with ssl enabled.
Currently I have https enabled for all directories.
How enable ssl only for www.example.com/shop/* directory and disable for other??
here is my conf file :
# Redirect everything to the main site.
server {
server_name *.example.com;
listen 80;
ssl on;
ssl_certificate /opt/nginx/conf/server.crt;
ssl_certificate_key /opt/nginx/conf/server.key;
keepalive_timeout 70;
access_log /home/example/nginx_logs/access.log ;
error_log /home/example/nginx_logs/error.log ;
root /home/example/public_html/example.com;
location ~ \.php$ {
try_files $uri $uri/ /index.php?q=$uri&$args;
root /home/example/public_html/example.com/;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include /opt/nginx/conf/fastcgi_params;
#fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param SCRIPT_FILENAME /home/example/public_html/example.com$fastcgi_script_name;
index index.php index.html index.htm;
}
if ($http_host != "example.com") {
rewrite ^ http://example.com$request_uri permanent;
}
include global/restrictions.conf;
# Additional rules go here.
#Only include one of the files below.
include global/wordpress.conf;
# include global/wordpress-ms-subdir.conf;
# include global/wordpress-ms-subdomain.conf;
}
tnanks,
D
It is easy to achieve in Nginx. There are two steps involved in it.
Port 443 will be used only when yourdomain.com/shop is accessed. All other requests would be redirected to port 80 (HTTP)
Port 80 will check for yourdomain.com/shop. If found, it'd be redirected to port 443 (HTTPS).
Here is a quick overview of how it could be done...
server {
listen 443;
server_name yourdomain.com;
# directives for SSL certificates
# root, index, error_log, access_log directives
location /shop {
# directives to handle what's inside /shop, for example
# try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
# directives to handle PHP files
}
# leave everything else to port 80
location / {
rewrite ^ http://$host$request_uri permanent;
}
}
server {
listen 80;
server_name yourdomain.com;
# root, index, error_log, access_log directives
# redirect yourdomain.com/shop to port 443
# Please put this before location / block as
# nginx stops after seeing the first match
location /shop {
rewrite ^ https://$host$request_uri permanent;
}
location / {
# directives to handle what's inside /, for example
# try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
# directives to handle PHP files
}
}