Server Setup:
VPS
Plesk 12.5
Centos 7
NGINX as reverse proxy to Apache 2.4
Path to NGINX config: /etc/nginx/nginx.conf
Plesk provides a GUI Apache & nginx Settings dialog box, but is unable to accept server{} blocks from there.
I've tried the following, and several variations thereof, without success:
server {
server_name xx.xx.xx.xx;
return 301 https://domain.com$request_uri
}
Here's another example of what we are trying to do and need to know where to place the code so NGINX reads and honors the instruction for execution.
server {
server_name newdomain.com www.newdomain.com;
# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;
# limit_conn limit_per_ip 16;
# ssi on;
access_log /home/nginx/domains/newdomain.com/log/access.log combined buffer=32k;
error_log /home/nginx/domains/newdomain.com/log/error.log;
root /home/nginx/domains/newdomain.com/public;
location / {
# block common exploits, sql injections etc
#include /usr/local/nginx/conf/block.conf;
# Enables directory listings when index file not found
#autoindex on;
}
location /forums {
try_files $uri $uri/ /index.php;
}
location ~^(/forums/page/).*(\.php)$ {
try_files $uri $uri/ /index.php;
}
# Mask fake admin directory
location ~^/forums/admin/(.*)$ {
deny all;
}
# Secure real admin directory
location ~^(/forums/mynewadmin/).*(\.php) {
#allow 127.0.0.1;
#deny all;
#auth_basic "Restricted Area";
#auth_basic_user_file $document_root/forums/mynewadmin/.htpasswd;
include /usr/local/nginx/conf/php.conf;
}
# IP.Board PHP/CGI Protection
location ~^(/forums/uploads/).*(\.php)$ {
deny all;
}
location ~^(/forums/hooks/).*(\.php)$ {
deny all;
}
location ~^(/forums/cache/).*(\.php)$ {
deny all;
}
location ~^(/forums/screenshots/).*(\.php)$ {
deny all;
}
location ~^(/forums/downloads/).*(\.php)$ {
deny all;
}
location ~^(/forums/blog/).*(\.php)$ {
deny all;
}
location ~^(/forums/public/style_).*(\.php)$ {
deny all;
}
include /usr/local/nginx/conf/staticfiles.conf;
include /usr/local/nginx/conf/php.conf;
include /usr/local/nginx/conf/drop.conf;
#include /usr/local/nginx/conf/errorpage.conf;
}
Where do I need to place this or similar directing in this scenario to direct all direct IP traffic to the domain name? I've tried placing the snippet in various NGINX config files so far without success.
Thanks.
You can try to add this into Nginx's "additional directives" in UI:
location /forums {
try_files $uri $uri/ /index.php;
}
location ~^(/forums/page/).*(\.php)$ {
try_files $uri $uri/ /index.php;
}
# Mask fake admin directory
location ~^/forums/admin/(.*)$ {
deny all;
}
# IP.Board PHP/CGI Protection
location ~^(/forums/uploads/).*(\.php)$ {
deny all;
}
location ~^(/forums/hooks/).*(\.php)$ {
deny all;
}
location ~^(/forums/cache/).*(\.php)$ {
deny all;
}
location ~^(/forums/screenshots/).*(\.php)$ {
deny all;
}
location ~^(/forums/downloads/).*(\.php)$ {
deny all;
}
location ~^(/forums/blog/).*(\.php)$ {
deny all;
}
location ~^(/forums/public/style_).*(\.php)$ {
deny all;
}
I've ignore all system-wide and commented settings. Also you can try to add content from
include /usr/local/nginx/conf/staticfiles.conf;
include /usr/local/nginx/conf/php.conf;
include /usr/local/nginx/conf/drop.conf;
Pay attention that your web site root is placed into /httpdocs folder, according to this config I've see that you web root was in public directory.
Most easy way is to set default domain for IP xx.xx.xx.xx to domain.com in Tools & Settings > IP addreses > xx.xx.xx.xx
Also you can create .htaccess file in web root of domain.com with content:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^xx\.xx\.xx\.xx
RewriteRule (.*) http://domain.com/$1 [R=302,L]
Why it does not work via Additional directives?
plesk include custom directives inside of nginx domain's server{} - so server inside server is not possible. It's by design.
custom directives includinв at the end of nginx domain's server{} so if request was catch by some upper rule or location all other will be ignored for this request.
Related
When I enable ssl on the website the pages won't load without index.php in the url. I have set Use Web Server Rewrites, Use Secure URLs in Frontend, and Use Secure URLs in Admin to Yes. Offloader header is set to SSL_OFFLOADED. I have cleared the cache on the website and my browser. I have checked phpinfo() and mod_rewrite is enabled. The secure and unsecure url both have https://. I have also replaced the .htaccess file with a fresh copy and it different make any difference.
That is what I have tried from various posts on Stackoverflow and I am unsure what to try next.
Are you using Apache or Nginx? Nginx does not read/use the .htaccess file. You need to use something like this in Nginx config:
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires 14d;
log_not_found off;
}
location / {
index index.php;
try_files $uri $uri/ #handler;
}
location #handler {
rewrite / /index.php;
}
location ^~ /app/ { deny all; }
location ^~ /includes/ { deny all; }
location ^~ /lib/ { deny all; }
location ^~ /media/downloadable/ { deny all; }
location ^~ /pkginfo/ { deny all; }
location ^~ /report/config.xml { deny all; }
location ^~ /var/ { deny all; }
location /var/export/ {
auth_basic 'Restricted';
auth_basic_user_file htpasswd;
autoindex on;
}
location /. {
return 404;
}
location ~ .php/ {
rewrite ^(.*.php)/ $1 last;
}
rewrite ^/minify/([0-9]+)(/.*.(js|css))$ /lib/minify/m.php?f=$2&d=$1 last;
rewrite ^/skin/m/([0-9]+)(/.*.(js|css))$ /lib/minify/m.php?f=$2&d=$1 last;
location /lib/minify/ {
allow all;
}
I have a setup where a server running nginx will be the front-end and also a load balancer that will upstream to a number of other servers which will be backend.
What I currently have is the webservers running nginx and reverse proxying to apache2 running on port 8000.
The idea is to have visitors first log in to the subdomain apps.xxxx.xxx which contains a list of all the companies applications. Upon clicking on one, then you get redirected to one of the apps which also has it's own login credentials that will be provided to potential customers to have a test run before purchasing.
All these apps are required to run from the one domain but from different paths.
Eg. apps.xxxx.xxx/app1 appps.xxxx.xxx/app2
Find attached my nginx config on the app servers
server {
listen 80 default_server;
root /home/MY_NAME/myapp/public;
index index.html index.htm index.php;
server_name _;
#location / {
# try_files $uri $uri/ /index.php$is_args$args;
#}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
}
location / {
proxy_pass http://SAME_SERVER:8000;
include proxy_params;
#try_files $uri $uri/ /index.php$is_args$args;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
sendfile off;
client_max_body_size 100m;
location ~ /\.ht {
deny all;
}
location ~ /.well-known {
allow all;
}
}
I'm setting up a mail server using iRedMail and have everything installed and running. Now trying to change the self signed certificate for a Lets Encrypt using the certbot-auto client. I have added
location ~ /.well-known {
allow all;
}
into /etc/nginx/templates/misc.tmpl like this
location ~ /.well-known {
allow all;
}
# Deny all attempts to access hidden files such as .htaccess.
#location ~ /\. { deny all; }
# Handling noisy messages
location = ^/favicon.ico { access_log off; log_not_found off; }
location = ^/robots.txt { log_not_found off; access_log off; allow all; }
However when I restart nginx and browse to the URL, I get a 404, and certbot-auto also reports a 404.
I've placed it above the rule to restrict access to hidden files, so this should work.
Any ideas would be massively appreciated. Thanks in advance.
location /.well-known {
alias /opt/www/iredadmin/.well-known/;
}
I need to make url rewrite rules (server blocks) in nginx server same like in my previous apache server.
This is code from .htaccess what I need to implement (convert) into my existing one:
RewriteRule ^([A-Za-z0-9-]+)/([A-Za-z0-9-/_]+)$ admin/index.php?hotelname=$1&do=$2 [QSA]
RewriteRule ^(([A-Za-z0-9-/]+)+)$ admin/index.php?hotelname=$1 [L]
This code is in my website because I need to hide in adress bar folder(/admin/) where is located files after login. And when somebody is already login, adress bar is like www.domain.com/username and when you click to menu adress is like www.domain.com/username/page1, www.domain.com/username/page2, www.domain.com/username/page3.
This is what I need to achive in nginx. Because now is complete backend without function. When I login to backend, I'm redirected to www.domain.com/username but on screen I can see only File not found. In backend working only when I manualy add www.domain.com/admin/index.php.
This is my actual config for nginx :
server_names_hash_bucket_size 64;
server {
listen 80;
server_name example.com;
return 301 $scheme://www.example.com$request_uri;
}
server {
listen 80;
root /usr/share/nginx/www;
index index.php;
server_name www.example.com;
error_page 404 http://www.example.com/404.php;
autoindex off;
location / {
rewrite ^([^\.]*)$ /$1.php;
}
location = / {
rewrite ^ /index.php;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
When I try to change my block to:
location / {
rewrite ^([^\.]*)$ /$1.php;
rewrite ^/([A-Za-z0-9-]+)/([A-Za-z0-9-/_]+)$ /admin/index.php?hotelname=$1&do=$2;
rewrite ^/(([A-Za-z0-9-/]+)+)$ /admin/index.php?hotelname=$1 break;
}
Each my css file have error 500...
I will be very grateful with any help!
Thanks a lot.
You are putting this in your / location, that means that all your requests not matched before you drop here. You have to create a location role specific for this entry before the location /
location ^/([A-Za-z0-9-]+)/([A-Za-z0-9-/_]+)$ {
rewrite ^/([A-Za-z0-9-]+)/([A-Za-z0-9-/_]+)$ /admin/index.php?hotelname=$1&do=$2;
}
I have a server that runs both development and staging instances of a site and each version has to answer on ports 80 & 443. The staging instance -- there's only one -- works exactly as I'd expect, but the development instances -- configured for each user -- loads a given page on either protocol directly just fine, but if I'm on a page on one port and try to link to the other it fails.
My Config
server {
listen 80;
server_name ~^dev\.(?<username>[^.]+)\.client\.tld\.net$
~^(?<username>[^.]+)\.client\.dev\.tld\.net$
~^(?<username>[^.]+)\.dev\.client\.tld\.net$;
location / {
rewrite ^(.*) http://$username.client.tld.net$1 permanent;
}
}
# This is the primary host that will ultimately answer requests.
server {
listen 80;
server_name ~^(?<username>[^.]+)\.client\.tld\.net$;
root /home/$username/client/www/app/webroot;
index index.php;
access_log /var/log/nginx/client.sandbox.access.log;
error_log /var/log/nginx/client.sandbox.error.log;
location / {
try_files $uri $uri/ /index.php?url=$uri;
}
location ~ \.php$ {
include /etc/nginx/conf/php;
}
include /etc/nginx/conf/expire_content;
include /etc/nginx/conf/ignore;
}
server {
listen 443 ssl;
server_name ~^dev\.(?<username>[^.]+)\.client\.tld\.net$
~^(?<username>[^.]+)\.client\.dev\.tld\.net$
~^(?<username>[^.]+)\.dev\.client\.tld\.net$;
location / {
rewrite ^(.*) https://$username.client.tld.net$1 permanent;
}
}
# This is the primary host that will ultimately answer requests.
server {
listen 443 ssl;
server_name ~^(?<username>[^.]+)\.client\.tld\.net$;
root /home/$username/client/www/app/webroot;
index index.php;
include /etc/nginx/conf/ssl;
access_log /var/log/nginx/client.sandbox.access.log;
error_log /var/log/nginx/client.sandbox.error.log;
location / {
try_files $uri $uri/ /index.php?url=$uri;
}
location ~ \.php$ {
include /etc/nginx/conf/php;
}
include /etc/nginx/conf/expire_content;
include /etc/nginx/conf/ignore;
}
Any idea where I've borked up my config?
First of all, there is no need to create four separate configurations, as both your servers (HTTP and HTTPS) have exactly the same body. You can use the $scheme variable which contains either http or https according to the context your're just working in (for the redirects). Secondly I don't see any root declaration in your dev configuration, also no certificates which might cause problems with browsers.
Other then that the configuration looks okay to me (well, you could move the index declaration to your http configuration; so you don't have to repeat it all the time).
Please check out the following (commented) example configuration I made up for you. Maybe it helps.
# Put this in http context!
index index.php;
server {
# One server configuration to rule them all!
listen 80;
listen 443 ssl;
# Seems legit.
server_name ~^dev\.(?<username>[^.]+)\.client\.tld\.net$
~^(?<username>[^.]+)\.client\.dev\.tld\.net$
~^(?<username>[^.]+)\.dev\.client\.tld\.net$;
# Where am I?
#root /home/$username/client/www/app/webroot;
# No wildcard certificate? No need to specify /etc/nginx as all paths
# in the configuration are relative to the installation path.
#include conf/ssl;
location / {
# May work as well, can't test.
#rewrite ^(.*) $scheme://$server_name$1 permanent;
rewrite ^(.*) $scheme://$username.client.tld.net$1 permanent;
}
}
server {
listen 80;
listen 443 ssl;
server_name ~^(?<username>[^.]+)\.client\.tld\.net$;
root /home/$username/client/www/app/webroot;
include conf/ssl;
access_log /var/log/nginx/client.sandbox.access.log;
error_log /var/log/nginx/client.sandbox.error.log;
location / {
try_files $uri $uri/ /index.php?url=$uri;
}
location ~ \.php$ {
include conf/php;
}
include conf/expire_content;
include conf/ignore;
}