Block direct access to php files (only rewrited) using nginx - url-rewriting

I have files like Ucp.php Somesite.php and i want to create a rewrite rules for nginx. This is not problematic.
But i also want to block direct access to those php files, so that enetring http://mysite.com/Ucp.php will return 404 Not Found.
There is a solution for apache (using THE_REQUEST), but how can I do this on nginx?
server
{
listen 80;
server_name site.com;
root /home/site/public_html;
index Main.php;
rewrite ^/SomeAddr/$ /SomeAddr.php last;
rewrite ^/SomeOtherAddr/$ /SomeOtherAddr.php last;
location ~ \.php$
{
fastcgi_pass unix:/var/run/php-fpm/site_com.sock;
include fastcgi.conf;
}
include security.conf;
}

You can use internal directive for this purpose.
location ~ \.php$
{
internal;
fastcgi_pass unix:/var/run/php-fpm/site_com.sock;
include fastcgi.conf;
}

location ~ \.php$ {
return 404;
}

Related

Laravel + NGINX CSS/JS 404 not found

Laravel 5.5 fresh
nginx version: nginx/1.10.3 (Ubuntu)
When I go to: http://<my-ip>/crm/ all is working great, I get the Laravel welcome page, all js and css are loading correctly.
When I go to http://<my-ip>/crm/register - I get 404 for css and js.
This is my conf:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm;
server_name _;
rewrite ^/((?!en)[a-z]*)/home$ /index.php?lang=$1&$args last;
rewrite ^/((?!en)[a-z]*)/sitemap.xml$ /sitemap.xml last;
rewrite /pigeon/(.*)$ /pigeon/index.php?/ last;
rewrite /crm/(.*)$ /crm/index.php?/ last;
if (!-f $request_filename){
set $rule_52 1$rule_52;
}
if ($rule_52 = "1"){
rewrite ^/(.*)(?<!php)$ /$1.php last;
}
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location /pigeon {
alias /var/www/html/pigeon/public;
try_files $uri $uri/ #pigeon;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
}
}
location /crm {
alias /var/www/html/crm/public;
try_files $uri $uri/ /index.php?$query_string;
location /crm.(jpg|jpeg|gif|css|png|js|ico|html)$ {
access_log off;
expires max;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
}
}
How do I fix this conf file to catch css and js files correctly?
Thanks
I had a similar issue. It seems allright what you have there in the server block.Although you might be better off if you add a proper server name.
Check this question and see if it helps. It has to do with the symlink to var/www/html for your crm, if you used one.
Laravel 8 + nginx - app.css and app.js resources from public/ not loading - 404 not found
And if not you could still use the online CDN's from bootstrap.Also in the question.

404 errors with controller files using CodeIgniter 3 and NGINX

I have a server running NGINX 1.10.0 and installed CodeIgniter 3 in a subdirectory /ci/. The welcome page renders when I go to the subdirectory but any other controller gives a 404 error.
Here is the code in /etc/nginx/sites-available/default configuration file:
server {
server_name mydomain.org;
root /home/username/mydomain/;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php;
}
location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|xml)$ {
expires 15d;
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /home/username/mydomain/ci/index.php;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;;
}
}
I created a Hello World Controller file (Hello.php)
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
class Hello extends CI_Controller {
public function __construct() {
parent::__construct();
}
public function index(){
$this->load->view('helloworld');
}
}
In my config.php file, I have the following:
$config['base_url'] = '';
$config['index_page'] = 'index.php';
$config['uri_protocol'] = 'REQUEST_URI';
I have tried the approaches here:
NGINX CodeIgniter Recipe: https://www.nginx.com/resources/wiki/start/topics/recipes/codeigniter/
CodeIgniter NGINX Rewrite Rules:
http://www.farinspace.com/codeigniter-nginx-rewrite-rules/
Codeigniter nginx 404 error:
Codeigniter nginx 404 error
Most of everything that I've read is based on PHP5 or an older version of CodeIgniter.
Use this config in Nginx (Source):
server {
server_name domain.tld;
root /your/web/root/path
index index.html index.php;
# set expiration of assets to MAX for caching
location ~* \.(ico|css|js|gif|jpe?g|png)(\?[0-9]+)?$ {
expires max;
log_not_found off;
}
location / {
# Check if a file or directory index file exists, else route it to index.php.
try_files $uri $uri/ /index.php;
}
location ~* \.php$ {
fastcgi_pass 127.0.0.1:9000;
include fastcgi.conf;
}
}
Also you need to make a change in your php-fpm config. Edit this file:
/etc/php/7.0/fpm/pool.d/www.conf
Find this line:
listen = /run/php/php7.0-fpm.sock
Change to this:
listen = 127.0.0.1:9000
This changes should solve your issue.
Here is the final working versions of the default, www.conf and config files. Another issue I found out I was having is that the controller and file name have to be the same capitalization. The controller class Hello needs to have the filename be Hello. Some of my controllers were not the same capitalization, this however was not the sole cause of the 404 as I tried that before fixing the default file.
/etc/nginx/sites-available/default:
server {
server_name example.org;
root /home/username/example/;
index index.php index.html index.htm;
location / {
# Check if a file or directory index file exists, else route it to index.php
try_files $uri $uri/ /index.php;
# Handle PHP files
location ~* \.php$ {
root /home/username/example/ci;
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
include fastcgi.conf;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files $uri $uri/ ci/index.php;
}
}
# set expiration of assets to MAX for caching
location ~* \.(ico|css|js|gif|jpe?g|png)(\?[0-9]+)?$ {
expires max;
log_not_found off;
}
}
/etc/php/7.0/fpm/pool.d/www.conf:
listen = 127.0.0.1:9000
Finally, in my config file:
$config['base_url'] = 'http://example.org/ci/';
This configuration changes any CI links from
http://example.org/ci/Hello
to
http://example.org/Hello

Fresh Magento 2 installation only shows HTML content without styling

I just completed a fresh Magento 2 installation without any errors, but when I go to home page or /admin page I only see HTML content without any styling.
Any idea why? I use the same nginx config for Magento 1 which worked fine.
PHP 7.0.8
nginx/1.10.0
MySQL 5.7.16
Home page:
Console errors:
nginx config:
server {
root /var/www/html/magento2/;
index index.php;
server_name magento2.dev;
location / {
index index.html index.php;
try_files $uri $uri/ #handler;
expires 30d;
}
location ~ ^/(app|includes|lib|media/downloadable|pkginfo|report/config.xml|var)/ { internal; }
location /var/export/ { internal; }
location /. { return 404; }
location #handler { rewrite / /index.php; }
location ~* .php/ { rewrite ^(.*.php)/ $1 last; }
location ~* .php$ {
if (!-e $request_filename) { rewrite / /index.php last; }
expires off;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param MAGE_RUN_CODE default;
fastcgi_param MAGE_RUN_TYPE store;
include fastcgi_params;
}
}
EDIT:
After messing around with it now when I go to /admin page I get this:
There has been an error processing your request
Exception printing is disabled by default for security reasons.
Error log record number: 846002728319
You should deploy static content by running php bin/magento setup:static-content:deploy.
I believe that this step is in installation instruction of Magento.
Also you should make sure that your files have correct ownership and permissions so web server can access them. To make sure that everything is correct (if your web server is running as www-data) open your Magento directory in console and type:
chown www-data:www-data -R *
That should change ownership of all files to web server.

Nginx/PHP-FPM: Returning 404s for CSS and JS

I can't access PHP files placed in sub-directories and my CSS/JS files return a 404 in browser. Yes, I have seen many others experiencing a 404 issue but their fixes don't seem to be my solution. I've also swapped out my configuration with several online. Here is my configuration:
server {
# Port that the web server will listen on.
listen 80;
# Host that will serve this project.
server_name .stackoverflow.com;
# Useful logs for debug.
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
rewrite_log on;
# The location of our projects public directory.
root /usr/share/nginx/html/public;
# Point index to the Laravel front controller.
index index.php;
location / {
# URLs to attempt, including pretty ones.
try_files $uri $uri/ /index.php?$query_string;
}
# Remove trailing slash to please routing system.
if (!-d $request_filename) {
rewrite ^/(.+)/$ /$1 permanent;
}
# PHP FPM configuration.
location ~* \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(.*)$;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
# We don't need .ht files with nginx.
location ~ /\.ht {
deny all;
}
# Set header expirations on per-project basis
location ~* \.(?:ico|css|js|jpe?g|JPG|png|svg|woff)$ {
expires 365d;
}
}
Is there something wrong with my configuration?

Removing index.php from Magento URL While Using Nginx

My current setup is running Ubuntu 12.04 LTS, Nginx 1.4.1, with Magento 1.7.0.2.
Earlier today, I set up a basic Magento store. I haven't installed any modules and I haven't made any configuration changes. I'm just looking to get the groundwork laid before delving further into the system. I am looking to remove the "index.php" that appears between the domain name and the file path.
My vhost is taken from the nginx website:
server {
root /path/to/root/domain/html;
index index.php;
error_log /path/to/error/log/error.log;
access_log /path/to/transfer/log/transfer.log;
server_name servername.com;
location / {
index index.html index.php;
try_files $uri $uri/ #handler;
expires 30d;
}
location ^~ /(app|includes|lib|media/downloadable|pkginfo|report/config.xml|var)/ { internal; }
location /var/export/ { internal; }
location /. { return 404; }
location #handler { rewrite / /index.php; }
location ~* .php/ { rewrite ^(.*.php)/ $1 last; }
location ~* .php$ {
if (!-e $request_filename) { rewrite / /index.php last; }
expires off;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param MAGE_RUN_CODE default;
fastcgi_param MAGE_RUN_TYPE store;
include fastcgi_params;
}
}
I see that other people have have been searching for the answer to this question, there are code snippets to solutions, but none of these appear to work with my system. When I make changes to my Nginx vhost, I always restart nginx, but index.php still shows up in the URL.
Nginx config looks fine. In system > configuration > general > web in your admin panel set Use Web Server Rewrites to yes and clear the cache in magento.
Add this to magento nginx vhost.
location / {
if (!-e $request_filename) {
rewrite ^/([^?]*)(?:\?(.*))? /index.php?title=$1&$2 last;
}
if ($uri ~* "\.(ico|css|js|gif|jpe?g|png)(\?[0-9]+)?$") {
expires max;
break;
}
}

Resources