Discover Centmin Mod today
Register Now

Wordpress Any idea what might be wrong?

Discussion in 'Blogs & CMS usage' started by Jon Snow, Feb 8, 2019.

  1. Jon Snow

    Jon Snow Active Member

    401
    61
    28
    Jun 30, 2017
    Ratings:
    +93
    Local Time:
    11:10 AM
    Nginx 1.13.9
    MariaDB 10.1.31
    Moved a Wordpress site over from another host to CMM using this to set up LE SSL and VHOST.

    When I load the site on CMM, it returns a 500 internal error.

    Checking in the error log, the only thing I see is:
    Code:
    2019/02/07 20:18:31 [error] 3535#3535: *1141 directory index of "/home/nginx/domains/domain.com/public/" is forbidden, client: xx.xxx.xxx.xx, server: domain.com, request: "GET / HTTP/2.0", host: "domain.com"
    I see regular content fine if uploaded (eg. hello-world.txt or wp-content images).

    It's just when I try to load up a wordpress page (index.php), it returns a 500. Files are owned by nginx and .php files are 644. Not sure why the error is saying it's forbidden.
     
  2. eva2000

    eva2000 Administrator Staff Member

    38,023
    8,350
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,863
    Local Time:
    1:10 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    did you setup nginx wordpress rules in nginx vhost for your domain.com.ssl.conf config file ?

    if you create a second dummy domain via centmin.sh menu option 22 wordpress installer, you can inspect that created nginx domain.com.ssl.conf config file to see what wordpress rules are needed and you could also migrate your wordpress site to the centmin.sh menu option 22 wordpress auto installer vhost instead.

    In context of Wordpress caching for centmin.sh menu option 22 wordpress auto installer for Centmin Mod 123.09beta01 and newer, you have choice of 1 of 3 caching options automatically installed and configured and the following:
    1. Redis Nginx Level Caching - centmin.sh menu option 22 will auto install redis if not detected if you choose this in centmin.sh menu option 22 setup. Otherwise, need to install redis yourself. Best combined with Autoptimize WP plugin
    2. KeyCDN Cache Enabler for full page static html caching (safest choice for balance of performance and reliability). Best combined with Autoptimize WP plugin which is now automatically configured and installed when you choose KeyCDN Cache Enabler in latest 123.09beta01 version of centmin.sh menu option 22. Also configures Cache Enabler advanced caching which uses Nginx rules/config settings to bypass PHP usage for Nginx level caching and also automatically configures corresponding system level cronjob to clear the cache as advanced caching mode can't effectively use inbuilt admin panel set cache TTL purging which relies on PHP which is bypassed.
    3. WP Super Cache for full page static html caching. Best combined with Autoptimize WP plugin
    4. Tightened security with automatic rate limiting of wp-login.php, xmlrpc.php, wp-admin/load-scripts.php and wp-admin/load-styles.php. The latter 2 scripts are to workaround Wordpress DOS Attack Flaw Security CVE-2018-6389 which Wordpress refuse to fix on their end as they say the problem should be resolved at web server level which Centmin Mod Nginx has done via centmin.sh menu option 22
    5. Tightened security with inclusion of wpsecure include file for finer grain control over which Wordpress plugins you whitelist to operate on your wordpress install - see Wordpress - Wordpress 403 Permission Denied Errors
    6. Automatic randomisation of wordpress database prefix and database name and and database username and password.
    7. Automatic optimisation of wordpress database with additional indexing for performance/scaling.
    8. Automatic randomisation of Wordpress Admin userid within wordpress database instead of userid = 1
    9. Automatic install and activation of the following Wordpress plugins, Sucuri Security, disable XML RPC, and CDN Enabler (which you disable/remove if you don't need).
    10. Automatic creation and setup of system level cronjob for automatic Wordpress plugin updating every 8 hrs. The higher frequency of update/checks reduces the window of time a Wordpress plugin could be left vulnerable in terms of security updates needing an update. The /root/tools/wp_updater_yourdomain.com.sh auto generated cronjob scripts for each centmin.sh menu option 22 created Wordpress sites also optionally allow auto update of Wordpress core if you uncomment 4 lines within the cronjob script:
      Code (Text):
      #/usr/bin/wp core check-update --allow-root
      #/usr/bin/wp core update --allow-root
      #/usr/bin/wp core update-db --allow-root
      #/usr/bin/wp core update --allow-root
      
     
  3. Jon Snow

    Jon Snow Active Member

    401
    61
    28
    Jun 30, 2017
    Ratings:
    +93
    Local Time:
    11:10 AM
    Nginx 1.13.9
    MariaDB 10.1.31
    It's just the usual being added to the location context:
    Code (Text):
    location / {
        try_files $uri $uri/ /index.php?q=$request_uri;
    
        include /usr/local/nginx/conf/wpsecure.conf;
        include /usr/local/nginx/conf/wpnocache.conf;
      }

    I tried with and without the two includes too. Everything else from the ssl.conf file is default.

    The wp-config.php used a different table prefix to wp_ and db host was related to the specific server but I left the prefix and changed the host to localhost.
     
..