Join the community today
Register Now

Nginx fastcgi HTTPS 404

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by Guilherme Jaccoud, Feb 6, 2015.

  1. Guilherme Jaccoud

    Guilherme Jaccoud Member

    63
    30
    18
    May 29, 2014
    Ratings:
    +30
    Local Time:
    1:02 PM
    I'm knocking my head against the wall :banghead:

    This works:
    Code:
    location / {
    
        root /var/www/DOMAIN/html;
        try_files $uri $uri/ /index.php?$args;
        autoindex off;
    
        location ~* \.php$ {
            try_files $uri =404;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass   unix:/tmp/DOMAIN.sock;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME    $request_filename;
            include fastcgi_param.conf;
        }
    }
    
    This gives a 404 error:
    Code:
    location / {
        root /var/www/DOMAIN/html;
        try_files $uri $uri/ /index.php?$args;
        autoindex off;
    }
    
    location ~* \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass   unix:/tmp/DOMAIN.sock;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME    $request_filename;
        include fastcgi_param.conf;
    }
    
    fastcgi_param.conf
    Code:
    fastcgi_connect_timeout 60;
    fastcgi_send_timeout 180;
    fastcgi_read_timeout 180;
    fastcgi_buffer_size 256k;
    fastcgi_buffers 4 256k;
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;
    fastcgi_intercept_errors on;
    
    # old pre .03 method
    #fastcgi_param HTTPS on;
    
    #new .04+ map method
    fastcgi_param HTTPS $server_https;
    
    # comment out PATH_TRANSLATED line if /usr/local/lib/php.ini sets following:
    # cgi.fix_pathinfo=0 
    # as of centminmod v1.2.3-eva2000.01 default is set to cgi.fix_pathinfo=1
    
    fastcgi_param  PATH_INFO          $fastcgi_path_info;
    fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;
    fastcgi_param  QUERY_STRING       $query_string;
    fastcgi_param  REQUEST_METHOD     $request_method;
    fastcgi_param  CONTENT_TYPE       $content_type;
    fastcgi_param  CONTENT_LENGTH     $content_length;
    fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
    fastcgi_param  REQUEST_URI        $request_uri;
    fastcgi_param  DOCUMENT_URI       $document_uri;
    fastcgi_param  DOCUMENT_ROOT      $document_root;
    fastcgi_param  SERVER_PROTOCOL    $server_protocol;
    fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
    fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
    fastcgi_param  REMOTE_ADDR        $remote_addr;
    fastcgi_param  REMOTE_PORT        $remote_port;
    fastcgi_param  SERVER_ADDR        $server_addr;
    fastcgi_param  SERVER_PORT        $server_port;
    fastcgi_param  SERVER_NAME        $server_name;
    
    # PHP only, required if PHP was built with --enable-force-cgi-redirect
    fastcgi_param  REDIRECT_STATUS    200;
    
    
    I need to implement the second option since I'll be adding multiple locations with different root directories. I'm sure the solution is very simple, but what's wrong?
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,926
    6,911
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,407
    Local Time:
    1:02 AM
    Nginx 1.13.x
    MariaDB 5.5
    is this for Centmin Mod Nginx ? as this whole part isn't needed and can be removed

    Code:
    location ~* \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass   unix:/tmp/DOMAIN.sock;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME    $request_filename;
        include fastcgi_param.conf;
    }
    as include file for php.conf takes care of it
    Code:
      include /usr/local/nginx/conf/php.conf;
    Code:
    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass   127.0.0.1:9000;
        #fastcgi_pass   unix:/tmp/php5-fpm.sock;
        fastcgi_index  index.php;
        #fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param  SCRIPT_FILENAME    $request_filename;
    
    # might shave 200+ ms off PHP requests
    # which don't pass on a content length header
    # slightly faster page response time at the
    # expense of throughput / scalability
    sendfile on;
    tcp_nopush off;
    keepalive_requests 0;
    
    fastcgi_connect_timeout 60;
    fastcgi_send_timeout 180;
    fastcgi_read_timeout 180;
    fastcgi_buffer_size 512k;
    fastcgi_buffers 2048 16k;
    fastcgi_busy_buffers_size 8m;
    fastcgi_temp_file_write_size 32m;
    fastcgi_max_temp_file_size 32m;
    fastcgi_intercept_errors on;
    
    # next 3 lines when uncommented / enabled
    # pallow Nginx to handle uploads which then 
    # passes back the completed upload to PHP
    #fastcgi_pass_request_body off;
    #client_body_in_file_only clean;
    #fastcgi_param  REQUEST_BODY_FILE  $request_body_file;
    
    #new .04+ map method
    fastcgi_param HTTPS $server_https;
    
    # comment out PATH_TRANSLATED line if /usr/local/lib/php.ini sets following:
    # cgi.fix_pathinfo=0 
    # as of centminmod v1.2.3-eva2000.01 default is set to cgi.fix_pathinfo=1
    
    fastcgi_param  PATH_INFO          $fastcgi_path_info;
    fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;
    
    fastcgi_param  QUERY_STRING       $query_string;
    fastcgi_param  REQUEST_METHOD     $request_method;
    fastcgi_param  CONTENT_TYPE       $content_type;
    fastcgi_param  CONTENT_LENGTH     $content_length;
    
    fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
    fastcgi_param  REQUEST_URI        $request_uri;
    fastcgi_param  DOCUMENT_URI       $document_uri;
    fastcgi_param  DOCUMENT_ROOT      $document_root;
    fastcgi_param  SERVER_PROTOCOL    $server_protocol;
    
    fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
    fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
    
    fastcgi_param  REMOTE_ADDR        $remote_addr;
    fastcgi_param  REMOTE_PORT        $remote_port;
    fastcgi_param  SERVER_ADDR        $server_addr;
    fastcgi_param  SERVER_PORT        $server_port;
    fastcgi_param  SERVER_NAME        $server_name;
    
    # PHP only, required if PHP was built with --enable-force-cgi-redirect
    fastcgi_param  REDIRECT_STATUS    200;
    
                       }
    
     
  3. Guilherme Jaccoud

    Guilherme Jaccoud Member

    63
    30
    18
    May 29, 2014
    Ratings:
    +30
    Local Time:
    1:02 PM
    Actually I don't use the php.conf because each website (domain) is chrooted to it's own user and run on it's own socket and php-fpm pool. Individual pools are needed for NewRelic monitoring and chroot is needed to allow each website (user) to SFTP to it's home directory without having access to other sites contents.

    Here is the full (working) WP SSL server block...
    Code:
    server { listen 80; server_name DOMAIN; return 301 [URL]https://$server_name$request_uri;[/URL] }
    server {
    
        listen 443 ssl spdy;
        server_name DOMAIN;
    
        error_log     /var/www/DOMAIN/log/error.log;
        access_log     /var/www/DOMAIN/log/access.log combined buffer=32k;
    
        ssl_certificate            /var/www/DOMAIN/conf/ssl/DOMAIN.crt;
        ssl_certificate_key        /var/www/DOMAIN/conf/ssl/DOMAIN.key;
    
        ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
        ssl_session_cache        shared:SSL:10m;
        ssl_session_timeout        10m;
    
        add_header Alternate-Protocol 443:npn-spdy/2;
    
        rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;
        rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
    
    #    include /usr/local/nginx/conf/pagespeed.conf;
    #    include /usr/local/nginx/conf/pagespeedhandler.conf;
    #    include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
        include /usr/local/nginx/conf/wpsecure.conf;
        include /usr/local/nginx/conf/wpsupercache.conf;
    
        location ^~ /(google|bing|mu-|loaderio|favicon|robots.txt) { root /var/www/DOMAIN/public; }
        location ^~ /public { alias  /var/www/DOMAIN/public; index  index.htm index.html; }
    
        location / {
    
    #        auth_basic "Private";
    #        auth_basic_user_file /var/www/DOMAIN/conf/nginx/htpasswd;
            if (-f /var/www/DOMAIN/conf/nginx/maintenance) { return 503; }
    
            autoindex off;
            root /var/www/DOMAIN/wp;
            try_files /wp-content/cache/supercache/$http_host/$scheme$cache_uri/index.html $uri $uri/ /index.php?$args;
    
            location ~* \.php$ {
    
                try_files $uri =404;
    
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
    #            fastcgi_pass   127.0.0.1:9000;
                fastcgi_pass   unix:/tmp/DOMAIN.sock;
                fastcgi_index  index.php;
    #            fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
                fastcgi_param  SCRIPT_FILENAME    $request_filename;
    
                # NinjaFirewall PHPRC
                fastcgi_param  PHPRC /var/www/DOMAIN/wp/.user.ini;
    
                include fastcgi_param.conf;
    #            include fastcgi_cache.conf;
            }
        }
    
        include /usr/local/nginx/conf/block.conf;
        include /usr/local/nginx/conf/drop.conf;
        include /usr/local/nginx/conf/staticfiles.conf;
        include /usr/local/nginx/conf/errorpage.conf;
    }
    

    Obs. Just learned about spoilers :D
     
    Last edited: Feb 6, 2015
  4. eva2000

    eva2000 Administrator Staff Member

    30,926
    6,911
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,407
    Local Time:
    1:02 AM
    Nginx 1.13.x
    MariaDB 5.5
    best to enclose the code within spoiler tags also in CODE tags much cleaner to read

    however, I can only really help with Centmin Mod Nginx default setup, if you change it you'd be on your own. Only thing is if you have different roots paths defined for each location context within same Nginx vhost, then yes you would need to define php location context within that individual location which defines it's own root location. Moving the php location context out would break it = 404 as it's looking for main root location defined in server {} context outside of any location context usually. AFAIK that is :)
     
  5. Guilherme Jaccoud

    Guilherme Jaccoud Member

    63
    30
    18
    May 29, 2014
    Ratings:
    +30
    Local Time:
    1:02 PM
    got it! now I understand my mistake.
    let's see what I can think about it.
    thanks Eva!
     
  6. Guilherme Jaccoud

    Guilherme Jaccoud Member

    63
    30
    18
    May 29, 2014
    Ratings:
    +30
    Local Time:
    1:02 PM
    :banghead: :banghead: :dead:

    Well, even with CentminMod defaults, I can't get this working. To be honest (you can laugh) I try to find a solution for this for a couple of years. I've gave up in the past (more than once), but this time I will not. That's the situation...

    Imagine you have a website composed of multiple applications, each in it's own directory...
    1. Main Site (/var/www/wordpress)
      location = /
    2. Blog Site (/var/www/ghost)
      location ^~ /news
    3. Billing System (/var/www/whmcs)
      location ^~ /member
    Of course you can use subdomains for each application (which is easy and cleaner), however, if for some reason you can't use subdomains, how would you accomplish this using NGINX locations on a single server block?
     
  7. eva2000

    eva2000 Administrator Staff Member

    30,926
    6,911
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,407
    Local Time:
    1:02 AM
    Nginx 1.13.x
    MariaDB 5.5
    subdomains or subdirectories usually the approach unless you're 100% sure none of the individual web apps would have urls or directory paths that overlap i.e. mainsite.com/images that exist on main site, blog site and billing system. If you did have overlap, having separate root paths won't make a difference as how would Nginx tell which root path to use if all 3 web app sites called same overlapping url ?

    subdomains easiest and makes moving each site in the future to their own servers much easier down the line
     
    Last edited: Feb 6, 2015
  8. Guilherme Jaccoud

    Guilherme Jaccoud Member

    63
    30
    18
    May 29, 2014
    Ratings:
    +30
    Local Time:
    1:02 PM
    You're right. I did found a workaround to have only one php block serving multiple locations, but then I found the overlap error you just mentioned. Beside this, as the NGINX wiki says, if is evil :devil:

    I'm sticking with subdomains, but just for the sake of information, that's what I was trying...
    Code:
    ...
    root /var/www/wordpress
    
    location / {
        try_files $uri $uri/ /index.php?$args;
        autoindex off;
    }
    location ^~ /member {
        root /var/www/whmcs;
        try_files $uri $uri/ /index.php?$args;
        autoindex off;
    }
    location ~* \.php$ {
    
        if ($request_uri ~* /member) { root /var/www/whmcs; }
    
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass   unix:/tmp/$server_name.sock;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME    $request_filename;
        include fastcgi_param.conf;
    }
    ...
    
    I'm feeling childish :ROFLMAO: