I'm trying to configure the site to work with Nginx and Apache. When I try to reach the site, I get a 403 error.
In the file /etc/httpd/conf/httpd.conf I set the default port 8089 (since 8080 is already busy):
Listen 127.0.0.1:8089
Next, I create a config for Apache (/etc/httpd/conf.d/site.conf):
<VirtualHost 127.0.0.1:8089>
ServerName site.com
ServerAlias www.site.com
DocumentRoot "/usr/share/site/public"
ErrorLog /var/log/httpd/error.log
CustomLog /var/log/httpd/access.log combined
<Directory "/usr/share/site/public">
Require all granted
AllowOverride all
</Directory>
</VirtualHost>
Finally, I create a config for Nginx (/etc/nginx/conf.d/site.conf):
server {
listen 80;
server_name site.com www.site.com;
root /usr/share/site/public;
charset utf-8;
gzip on;
gzip_types
text/css
application/javascript
text/javascript
application/x-javascript
image/svg+xml
text/plain
text/xsd
text/xsl
text/xml
image/x-icon;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php {
proxy_pass http://localhost:8089;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~ /\.ht {
deny all;
}
}
What could be the problem?
Good Day!
try this original config by laravel ref link https://laravel.com/docs/7.x/deployment
server {
listen 80;
server_name site.com www.site.com;
root /usr/share/site/public;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.php;
charset utf-8;
gzip on;
gzip_types
text/css
application/javascript
text/javascript
application/x-javascript
image/svg+xml
text/plain
text/xsd
text/xsl
text/xml
image/x-icon;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
NOTE: fastcgi_pass u need to change php{version}-fpm.sock; based on your version
Related
I want to deploy my laravel application in my server with nginx as reverse proxy with apache, i have a problem with URLs and page links that start with index.php. I tried the url without index.php and it works, but all links in page are with index.php. This is my configuration :
Nginx :
server {
listen 80;
server_name dev.exemple.com;
root /var/www/laravel-app/public/;
index index.php index.htm index.html;
location / {
try_files $uri $uri/ /index.php$uri;
}
location ~ \.php {
proxy_pass http://MY-SERVER-IP-ADDRESS:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~ /\. {
deny all;
}
location ~* \.(jpg|jpeg|gif|css|png|js|ico|html)$ {
access_log off;
expires max;
log_not_found off;
}
}
Apache
<VirtualHost *:8080>
ServerName dev.exemple.com
DocumentRoot /var/www/laravel-app/public/
<Directory /var/www/laravel-app/>
AllowOverride All
</Directory>
</VirtualHost>
Hello check this solution from https://laravel.io/forum/10-25-2014-configuration-for-running-laravel-with-nginx-and-apache
server {
listen 80;
access_log /var/www/site.com/logs/nginx.access.log;
error_log /var/www/site.com/logs/nginx.error.log;
root /var/www/site.com/public_html/public;
index index.php index.html;
server_name site.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080;
}
location ~* ^.*\.php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080;
}
location ~ /\.(ht|git) {
deny all;
}
}
I want to access a laravel 5.5 api endpoint https://foo.bar.com/api/v1.0/foo/bar from another origin. Thus I need to allow cross origin requests. I've added the header to my nginx config. Yet my browser still complains about it not being present.
This is my nginx config:
server {
listen *:443 ssl;
server_name foo.bar.com ;
ssl on;
ssl_certificate /etc/nginx/nxv_bhxwewp1idzm.crt;
ssl_certificate_key /etc/nginx/nxv_bhxwewp1idzm.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "...";
ssl_prefer_server_ciphers on;
client_max_body_size 1m;
index index.html index.htm index.php;
access_log /var/log/nginx/ssl-nxv_bhxwewp1idzm.access.log;
error_log /var/log/nginx/ssl-nxv_bhxwewp1idzm.error.log;
root /var/www/share/foo.bar.com;
location ~ ^/index\.php(/|$) {
set $path_info $fastcgi_path_info;
root /var/www/share/foo.bar.com/public/;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
try_files $uri $uri/ /index.php$is_args$args;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
add_header 'Access-Control-Allow-Origin' '*';
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location / {
root /var/www/share/foo.bar.com/public/;
try_files $uri $uri/ /index.php$is_args$args;
autoindex off;
index index.html index.php;
add_header 'Access-Control-Allow-Origin' '*';
}
sendfile off;
}
I already took the info from the link #DigitalDrifter has posted. But it seems just adding the Access-Control-Allow-Origin isn't enough to get it to work. Although I don't care about access methods and such.
So this got the deal working:
server {
listen *:443 ssl;
server_name foo.bar.com ;
ssl on;
ssl_certificate /etc/nginx/nxv_bhxwewp1idzm.crt;
ssl_certificate_key /etc/nginx/nxv_bhxwewp1idzm.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "...";
ssl_prefer_server_ciphers on;
client_max_body_size 1m;
index index.html index.htm index.php;
access_log /var/log/nginx/ssl-nxv_bhxwewp1idzm.access.log;
error_log /var/log/nginx/ssl-nxv_bhxwewp1idzm.error.log;
root /var/www/share/foo.bar.com;
location ~ ^/index\.php(/|$) {
set $path_info $fastcgi_path_info;
root /var/www/share/foo.bar.com/public/;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
try_files $uri $uri/ /index.php$is_args$args;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'X-Frame-Options' 'ALLOW-FROM *';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location / {
root /var/www/share/foo.bar.com/public/;
try_files $uri $uri/ /index.php$is_args$args;
autoindex off;
index index.html index.php;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'X-Frame-Options' 'ALLOW-FROM *';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
sendfile off;
}
add both lines into below file
/etc/nginx/sites-available/yours_conf_file
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' 'Content-Type';
and restart nginx server
sudo systemctl restart nginx
On my local machine doesn't work nginx config from official laravel documentation
server {
listen 80;
server_name example.com;
root /example.com/public;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
But it worked with changes in a few lines
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
changed to
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
and everything works fine. Can anyone explane me the difference in that piece of code and is it unsecure ?
Only reasonable diff I see inclusion of files: snippets/fastcgi-php.conf and fastcgi_params
You issue could be fixed simply by adding:
fastcgi_param SCRIPT_FILENAME $request_filename;
to /etc/nginx/fastcgi_params file.
In old versions of nginx that line existed.
But from 1.10.x it was removed and become reason of blank screen.
i've an nginx container, on port 9200, that acts as load balancer. This is config file:
proxy_ignore_headers Set-Cookie;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' 'Range';
upstream backend {
server 192.168.99.103:9500 weight=3;
server 192.168.99.104:9500;
server 192.168.99.105:9500;
}
server {
listen 80;
server_name 172.17.0.1;
location = /LynyrdSkynyrdFreebirdAudio.mp4 {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' 'Range';
if ($request_method = OPTIONS ) {
add_header Access-Control-Allow-Methods "GET, OPTIONS";
add_header Content-Length 0;
add_header Content-Type text/plain;
return 200;
}
proxy_pass http://backend/;
add_header X-Upstream $upstream_addr;
}
location = /LynyrdSkynyrdFreebirdVideo.mp4 {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' 'Range';
if ($request_method = OPTIONS ) {
add_header Access-Control-Allow-Methods "GET, OPTIONS";
add_header Content-Length 0;
add_header Content-Type text/plain;
return 200;
}
proxy_pass http://backend;
add_header X-Upstream $upstream_addr;
}
}
This container load balance requests in the following way: when arrives a request localhost:9200/LynyrdSkynyrdFreebirdVideo.mp4 or localhost:9200/LynyrdSkynyrdFreebirdAudio.mp4, it balances requests across 3 servers.
These 3 servers are 3 nginx containers that acts as cache.
This is config file of nginx caches:
proxy_cache_path /tmp/nginx levels=1:2 keys_zone=my_zone:10m inactive=60m;
proxy_cache_key "$scheme$request_method$host$request_uri";
proxy_cache_methods GET HEAD POST;
proxy_cache_valid 200 206 100m;
proxy_ignore_headers Set-Cookie;
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Headers' 'Range';
server {
listen 80;
server_name 172.17.0.1;
#charset koi8-r;
#access_log /var/log/nginx/log/host.access.log main;
location / {
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
location /demo/ {
proxy_cache my_zone;
add_header X-Proxy-Cache $upstream_cache_status;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://172.17.0.1:8700/shaka-player-master/demo/index1.html ;
}
location /media {
proxy_cache my_zone;
add_header X-Proxy-Cache $upstream_cache_status;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://172.17.0.1:8700/shaka-player-master/media/example-av.mpd ;
}
location = /example-av1.mpd {
add_header 'Access-Control-Allow-Origin' '*';
proxy_cache my_zone;
add_header X-Proxy-Cache $upstream_cache_status;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://192.168.99.103:9600/shaka-player/media/example-av1.mpd;
}
location = /LynyrdSkynyrdFreebirdVideo.mp4 {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' 'Range';
proxy_cache my_zone;
add_header X-Proxy-Cache $upstream_cache_status;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://192.168.99.103:9600/shaka-player/media/LynyrdSkynyrdFreebirdVideo.mp4 ;
}
location = /LynyrdSkynyrdFreebirdAudio.mp4 {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' 'Range';
proxy_cache my_zone;
add_header X-Proxy-Cache $upstream_cache_status;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://192.168.99.103:9600/shaka-player/media/LynyrdSkynyrdFreebirdAudio.mp4;
}
}
If i point to load balancer, i.e. localhost:9200/LynyrdSkynyrdFreebirdVideo.mp4 or localhost:9200/LynyrdSkynyrdFreebirdAudio.mp4, there is 404 not found. I expect that, if i point to this URL, load balancer balances request to 192.168.99.103(or 104, or 105):9500/LynyrdSkynyrdFreebirdVideo.mp4 or 192.168.99.103(or 104, or 105):9500/LynyrdSkynyrdFreebirdAudio.mp4.
But in the upstream block i don't know if in server directive i can add a path.
In fact, this is, i think, the very problem: in fact, if i point to 192.168.99.103(or104, or105):9500/LynyrdSkynyrdFreebirdAudio(or Video).mp4, i get the content correctly.
Can anyone helps me?
Solved:
i have added path to http://backend, like:
proxy_pass http://backend/LynyrdSkynyrdFreebirdVideo.mp4;
Im having an error ERR_TOO_MANY_REDIRECTS
Im implement the ssl and i get the errors
In Magento i have the sites with ssl
web/unsecure/base_url https://pontebuso.com/
web/secure/base_url https://pontebuso.com/
------------------nginx.conf--------------
user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
sendfile on;
autoindex off;
tcp_nopush on;
tcp_nodelay on;
types_hash_max_size 2048;
fastcgi_param HTTPS on;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
#include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_comp_level 2;
gzip_proxied any;
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
include /etc/nginx/mime.types;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/default;
log_format main '$remote_addr - $remote_user [$time_local] "$request "'
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
map $scheme $fastcgi_https { ## Detect when HTTPS is used
default off;
https on;
}
------------------site------------------
server {
listen 80;
server_name pontebuso.com;
rewrite ^/(.*) https://pontebuso.com/$1 permanent;
}
server {
listen 443 ssl;
server_name pontebuso.com;
ssl on;
ssl_certificate /etc/nginx/ssl/pontebuso.com.chained.crt;
ssl_certificate_key /etc/nginx/ssl/pontebuso.key;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_prefer_server_ciphers on;
add_header Access-Control-Allow-Origin sub.pontebuso.com;
root /home/sites/pontebuso/;
autoindex off;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
proxy_set_header X-Forwarded-Proto $scheme;
fastcgi_param HTTPS on;
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
access_log off;
#expires max;
}
## These locations would be hidden by .htaccess normally
location ^~ /app/ { deny all; }
location ^~ /includes/ { deny all; }
location ^~ /lib/ { deny all; }
location ^~ /media/downloadable/ { deny all; }
location ^~ /pkginfo/ { deny all; }
location ^~ /report/config.xml { deny all; }
location ^~ /var/ { deny all; }
location /var/export/ {
auth_basic "Restricted";
auth_basic_user_file htpasswd;
autoindex on;
}
location /. {
return 404;
}
location #handler {
rewrite / /index.php;
}
location ~ .php/ {
rewrite ^(.*.php)/ $1 last;
}
location ~ .php$ {
if (!-e $request_filename) { rewrite / /index.php last; }
expires off;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS $fastcgi_https;
fastcgi_param MAGE_RUN_CODE default;
fastcgi_param MAGE_RUN_TYPE store;
include fastcgi_params;
}
location ~ \.css {
add_header Content-Type text/css;
}
location ~ \.js {
add_header Content-Type application/x-javascript;
}
}
---------------------default--------------------
server {
listen 80;
server_name pontebuso.com;
add_header Access-Control-Allow-Origin sub.pontebuso.com;
root /home/sites/pontebuso/;
autoindex off;
location / {
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
access_log off;
expires max;
}
## These locations would be hidden by .htaccess normally
location ^~ /app/ { deny all; }
location ^~ /includes/ { deny all; }
location ^~ /lib/ { deny all; }
location ^~ /media/downloadable/ { deny all; }
location ^~ /pkginfo/ { deny all; }
location ^~ /report/config.xml { deny all; }
location ^~ /var/ { deny all; }
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location /var/export/ {
auth_basic "Restricted";
auth_basic_user_file htpasswd;
autoindex on;
}
location /. {
return 404;
}
location #handler {
rewrite / /index.php;
}
location ~ .php/ {
rewrite ^(.*.php)/ $1 last;
}
location ~ .php$ {
if (!-e $request_filename) { rewrite / /index.php last; }
expires off;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS $fastcgi_https;
fastcgi_param MAGE_RUN_CODE default;
fastcgi_param MAGE_RUN_TYPE store;
include fastcgi_params;
}
location ~ .php/ {
rewrite ^(.*.php)/ $1 last;
}
location ~ .php$ {
if (!-e $request_filename) { rewrite / /index.php last; }
expires off; ## Do not cache dynamic content
fastcgi_pass 127.0.0.1:9000;
fastcgi_param HTTPS $fastcgi_https;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param MAGE_RUN_CODE default;
fastcgi_param MAGE_RUN_TYPE store;
include fastcgi_params; ## See /etc/nginx/fastcgi_params
}
location ~ \.css {
add_header Content-Type text/css;
}
location ~ \.js {
add_header Content-Type application/x-javascript;
}
}
As i can see css is not loading appropriately with https. so please use https with only base secure url.