CodeIgniter not setting csrf cookie with Nginx - codeigniter

I'm using nginx and I can't login to the admin panel. It's using https so that may be a part of it.
Here are the relevant portions of my nginx.conf
server {
listen 80;
listen 443 ssl;
ssl_certificate /ssl.crt;
ssl_certificate_key /ssl.key;
server_name mysite.com;
root /var/www/mysite;
index index.php;
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log;
client_max_body_size 200M;
...
location ~ \.php {
fastcgi_pass 127.0.0.1:6000;
fastcgi_split_path_info ^(.+.php)(.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
fastcgi_param PYRO_ENV production;
include fastcgi_params;
}

Turns out I had to use www.mysite.com for server_name instead of just mysite.com.

Related

Redirect to subdomain on http request or request without protocol on https website

I have a subdomain at
https://numan-rest.allrestaurants.us/
however if I try to open it with http like
http://numan-rest.allrestaurants.us/
or with www www.numan-rest.allrestaurants.us
I am getting redirected to the main domain at allrestaurants.us/
I want to stay in subdomain even if I request with HTTP, without any protocol and with WWW
this is how my nginx conf looks like in /etc/nginx/sites-available/default
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /var/www/allrest/public;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
charset utf-8;
index index.html index.htm index.php;
# Enable nginx status page for Zabbix
location = /basic_status {
stub_status;
allow 127.0.0.1;
allow ::1;
deny all;
}
# Enable php-fpm status page for Zabbix
location ~ ^/(status|ping)$ {
## disable access logging for request if you prefer
access_log off;
## Only allow trusted IPs for security, deny everyone else
allow 127.0.0.1;
deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
## Now the port or socket of the php-fpm pool we want the status of
# fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
}
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_connect_timeout 3600;
fastcgi_send_timeout 3600;
fastcgi_read_timeout 3600;
fastcgi_buffering off;
}
location ~ /\.(?!well-known).* {
deny all;
}
location ~* \.(png|jpg|jpeg|gif|svg|ico)$ {
expires 30d;
add_header Cache-Control "public, no-transform";
}
error_log /var/log/nginx/allrest_error.log;
access_log /var/log/nginx/allrest_access.log;
}
and this is laravel routes
Route::group(['domain' => '{subdomain}.' . config('allrest.app_domain')], function () {
Route::get('/', 'SubdomainController#show');
});
Route::group(['domain' => 'www.{subdomain}.' . config('allrest.app_domain')], function () {
Route::get('/', 'SubdomainController#show');
});
I tried with adding
return 301 https://$host$request_uri;
at the end of nginx conf but that prevent accessing the website completetly
and chrome give error To many redirects
and this is how my digital ocean DNS rules are
digitalocean Dns Records
No load balancer at digital ocean
Load Balancer Digital ocean
However I found some rules in firewall setting I don't know if it has something to do with these rules
Here is the picture Firewall rules Digital ocean

Nginx give error ERR_TOO_MANY_REDIRECTS when accessing website from outside network

I'm trying to deploy my laravel app to ubuntu using nginx, everything was fine before I using ssl. But after I using ssl, it's not working anymore if I'm accessing my website using outside network (still working if I access it using server network).
this is my nginx configuration:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name kopidw.id www.kopidw.id;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl on;
ssl_certificate /etc/nginx/ssl/certificate_kopinedw.crt; #path to your public key
ssl_certificate_key /etc/nginx/ssl/private_kopinedw.key; #path to your private key
ssl_client_certificate /etc/nginx/ssl/ca-bundle.crt;
ssl_verify_client optional;
root /var/www/html/kopinedw-cms/public;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
This is my first time using nginx, so I don't have any Idea why I got ERR_TOO_MANY_REDIRECTS.
Any help would be very helpful for me, thanks

How to check what is inside nginx root

I am facing a problem where try_files can't recognize static files in my root directory.
I have already checked my root, which is /var/www/public , all the CSS and js files are inside this directory and is not empty. However, nginx fails to recognize and serve my files. It fails to recognize the files, so it passed the request to the .php location block to process uri, which I don't want. I want it to serve the static files directly. Therefore, I would like to check is nginx looking at the same root directory as I think.
Is there any way I can check what is in the directory that nginx check for files? or any way I can figure out what's the problem?
Here is my nginx.conf:
server {
server_name example.com;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
return 301 https://$host$request_uri;
}
server {
server_name example.com;
listen 443 ssl http2;
access_log /var/log/nginx/access.log vhost;
error_log /var/log/nginx/error_log;
include /etc/nginx/mime.types;
root /var/www/public;
ssl_certificate {ssl_certificate location};
ssl_certificate_key {ssl_certificate_key location};
add_header Strict-Transport-Security "max-age=31536000" always;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.php;
charset utf-8;
location / {
root /var/www/public;
try_files $uri $uri/ /index.php?$is_args$args;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass {my_container_name}:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
Please note that I have changed the server name, ssl_certificate info and docker container name for privacy purpose.
I am answering my own question.
The problem was I didn't mount my app volume(the volume that has all code&resources in it) to my nginx container.
Problem solved after I mounted the volume.

Laradock - Remove port from the url not working

I´ve been searching a lot and found a lot of answers but unfortunately non of the answers is working, my scenario is below:
In my project folder i have laradock and laravel folders. In the .env(inside laradock) i have:
NGINX_HOST_HTTP_PORT=8080
and this is because my 80 is ocuppied. and inside the nginx folder, in the default.conf i have:(note that the code below is pratically the default, i have putted here many things but it didn´t work)
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
# For https
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server ipv6only=on;
# ssl_certificate /etc/nginx/ssl/default.crt;
# ssl_certificate_key /etc/nginx/ssl/default.key;
server_name mam1.test;
root /var/www/laravelProject/public;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_pass php-upstream;
fastcgi_index index.php;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fixes timeouts
fastcgi_read_timeout 600;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
location /.well-known/acme-challenge/ {
root /var/www/letsencrypt/;
log_not_found off;
}
}
Meanwhile i have to edit the hosts file on my mac and put: 127.0.0.1 laravelProject. If i acess laravelProject on my url it shows a message saying, it works which is not what i want, bu if i access with laravelProject:8080 it works great!. but how do i remove the port? i have tried many things, the last one was this but if it keeps NOT redirecting to the correct url.
How do i do this?
Regards

Deploying Vuejs and Laravel App on SSL nginx

I have working Vuejs + Laravel App behing NGINX proxy. All my Laravel request are rest based and at www./app/$. It was working fine at separte ports. But when i switched to SSL. My frontend (Vuejs) still working fine but whenever I tried to send post request to backend (laravel), I receive [error] 8#8: *80 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream.
In 443 ssl block I am diverting all rest api calls to phpfpm but its not working somehow. What is recommended way of deploying these vuejs+ laravel on SSL nginx.
In the past, I've tried moving phpfpm in the ssl server block. I tried adding http on in fastcgi setting. After all changes, Following code:
Following is my Conf file.
server {
listen 81; # backend at laravel
index index.php index.html;
root /var/www/public;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location / {
try_files $uri /index.php?$args;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass app:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
server {
listen 88; # frontend vuejs build app
index index.html;
server_name app.lookahead.com www.app.lookahead.com;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /var/www/front;
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name app.lookahead.com;
ssl_certificate /etc/certs/app.lookahead.com/cert.crt;
ssl_certificate_key /etc/certs/app.lookahead.com/cert.key;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8088;
proxy_read_timeout 90;
return 301 https://www.app.lookahead.com$request_uri;
}
location ^~ /api {
root /var/www/public; #backend api at this root
try_files $uri $uri/ /api/index.php$is_args$args;
location ~* \.php(/|$) {
fastcgi_pass app:9000;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
}
##https://www.app.lookahead.com
server {
server_name www.app.lookahead.com;
listen 443;
ssl_certificate /etc/certs/app.lookahead.com/cert.crt;
ssl_certificate_key /etc/certs/app.lookahead.com/cert.key;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
root /var/www/front; #frontend static vuejs files at this root
index index.html;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
location ^~ /api {
root /var/www/public; # backend api is at this root
try_files $uri $uri/ /api/index.php$is_args$args;
location ~* \.php(/|$) {
fastcgi_pass app:9000;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
# nginx serving frontend
location / {
try_files $uri $uri/ #rewrites;
}
location #rewrites {
rewrite ^(.+)$ /index.html last;
}
}

Resources