Learn about Centmin Mod LEMP Stack today
Register Now

Flarum .0.1.0 and Nginx 1.7.4 rewrite rules

Discussion in 'Forum software usage' started by andybond, Oct 26, 2019.

  1. andybond

    andybond New Member

    20
    7
    3
    Jun 1, 2017
    Ratings:
    +9
    Local Time:
    6:48 PM
    1.13.4
    10
    Hi

    I have the default install "working" on flarum.exiges.com/public

    I cannot get to anywhere but the main page without 404 errors.

    I followed the documentation listed here : Installation | Flarum Documentation and have the nginx rewrite in place

    I appear to be devoid of knowledge on how to do code snippets to demonstrate my nginx configs so I have bunged them on pastebin.

    Main config that declares the site :

    Code:
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For HTTP/2 SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
     
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    # server {
    #       listen   80;
    #       server_name flarum.exiges.com www.flarum.exiges.com;
    #       return 302 https://$server_name$request_uri;
    # }
     
    server {
      listen 443 ssl http2 reuseport;
      server_name flarum.exiges.com www.flarum.exiges.com;
     
      ssl_dhparam /usr/local/nginx/conf/ssl/flarum.exiges.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/flarum.exiges.com/flarum.exiges.com.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/flarum.exiges.com/flarum.exiges.com.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    include /home2/nginx/domains/flarum.exiges.com/public/.nginx.conf;
     
     
     
      # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
      #ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/flarum.exiges.com/origin.crt;
      #ssl_verify_client on;
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # mozilla recommended
      ssl_ciphers TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
     
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      add_header X-Xss-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
     
      # enable ocsp stapling
      #resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m;
      #resolver_timeout 10s;
      #ssl_stapling on;
      #ssl_stapling_verify on;
      #ssl_trusted_certificate /usr/local/nginx/conf/ssl/flarum.exiges.com/flarum.exiges.com-trusted.crt;
     
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
     
      # limit_conn limit_per_ip 16;
      # ssi  on;
     
      access_log /home2/nginx/domains/flarum.exiges.com/log/access.log combined buffer=256k flush=5m;
      error_log /home2/nginx/domains/flarum.exiges.com/log/error.log;
     
      include /usr/local/nginx/conf/autoprotect/flarum.exiges.com/autoprotect-flarum.exiges.com.conf;
      root /home2/nginx/domains/flarum.exiges.com/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
     
      #location / {
      #include /usr/local/nginx/conf/503include-only.conf;
     
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
     
      # Enables directory listings when index file not found
      #autoindex  on;
     
      # Shows file listing times as local time
      #autoindex_localtime on;
     
      # Wordpress Permalinks example
      #try_files $uri $uri/ /index.php?q=$uri&$args;
     
      #}
     
      include /usr/local/nginx/conf/pre-staticfiles-local-flarum.exiges.com.conf;
      include /usr/local/nginx/conf/pre-staticfiles-global.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
     
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    Standard rewrite as issued by site :
    Code:
    # Pass requests that don't refer directly to files in the filesystem to index.php
    location / {
      try_files $uri $uri/ /index.php?$query_string;
    }
     
    # The following directives are based on best practices from H5BP Nginx Server Configs
    # https://github.com/h5bp/server-configs-nginx
     
    # Expire rules for static content
    location ~* \.(?:manifest|appcache|html?|xml|json)$ {
      add_header Cache-Control "max-age=0";
    }
     
    location ~* \.(?:rss|atom)$ {
      add_header Cache-Control "max-age=3600";
    }
     
    location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|mp4|ogg|ogv|webm|htc)$ {
      add_header Cache-Control "max-age=2592000";
      access_log off;
    }
     
    location ~* \.(?:css|js)$ {
      add_header Cache-Control "max-age=31536000";
      access_log off;
    }
     
    location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ {
      add_header Cache-Control "max-age=2592000";
      access_log off;
    }
     
    # Gzip compression
    gzip on;
    gzip_comp_level 5;
    gzip_min_length 256;
    gzip_proxied any;
    gzip_vary on;
    gzip_types
        application/atom+xml
        application/javascript
        application/json
        application/ld+json
        application/manifest+json
        application/rss+xml
        application/vnd.geo+json
        application/vnd.ms-fontobject
        application/x-font-ttf
        application/x-web-app-manifest+json
        application/xhtml+xml
        application/xml
        font/opentype
        image/bmp
        image/svg+xml
        image/x-icon
        text/cache-manifest
        text/css
        text/plain
        text/vcard
        text/vnd.rim.location.xloc
        text/vtt
        text/x-component
        text/x-cross-domain-policy;

    Any help or pointers will be hugely appreciated.

    I am getting 404 on everything but the homepage:

    HTML:
    <html>
    <head><title>404 Not Found</title><script type="text/javascript" src="https://gc.kis.v2.scr.kaspersky-labs.com/FD126C42-EBFA-4E12-B309-BB3FDD723AC1/main.js" charset="UTF-8"></script></head>
    <body>
    <center><h1>404 Not Found</h1></center>
    <hr><center>nginx</center>
    </body>
    </html>
    <!-- a padding to disable MSIE and Chrome friendly error page -->
    <!-- a padding to disable MSIE and Chrome friendly error page -->
    <!-- a padding to disable MSIE and Chrome friendly error page -->
    <!-- a padding to disable MSIE and Chrome friendly error page -->
    <!-- a padding to disable MSIE and Chrome friendly error page -->
    <!-- a padding to disable MSIE and Chrome friendly error page -->
    

     
  2. eva2000

    eva2000 Administrator Staff Member

    42,078
    9,497
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,613
    Local Time:
    4:48 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    see my post at Centmin Mod .09 + Flarum

    only thing you need is something like below for starters where first location / {} context is replacing your existing one
    Code (Text):
       location / { try_files $uri $uri/ /index.php?$query_string; }
       location /api { try_files $uri $uri/ /api.php?$query_string; }
       location /admin { try_files $uri $uri/ /admin.php?$query_string; }
    
       location /flarum {
           deny all;
           return 404;
       }
    

    but i've never used flarum myself so use the above as starters for your testing
     
  3. andybond

    andybond New Member

    20
    7
    3
    Jun 1, 2017
    Ratings:
    +9
    Local Time:
    6:48 PM
    1.13.4
    10

    Thanks for the pointers. Since 0.8.0 you dont need to declare the api and admin apparently.
     
  4. andybond

    andybond New Member

    20
    7
    3
    Jun 1, 2017
    Ratings:
    +9
    Local Time:
    6:48 PM
    1.13.4
    10
    Just tested with the above and exactly the same error.
     
  5. andybond

    andybond New Member

    20
    7
    3
    Jun 1, 2017
    Ratings:
    +9
    Local Time:
    6:48 PM
    1.13.4
    10
    I had a domain free ( as you do ) and started again on a clean domain , no subdomain

    Same issue.

    I must have something wrong somewhere. The weird thing is on the silly WAMP stack I have on my dev machine it works first time.
     
  6. eva2000

    eva2000 Administrator Staff Member

    42,078
    9,497
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,613
    Local Time:
    4:48 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    clue might be in 404 page, it mentions https://gc.kis.v2.scr.kaspersky-labs.com/FD126C42-EBFA-4E12-B309-BB3FDD723AC1/main.js - you might be using Kaspersky anti-virus software on your local computer ? and it's doing man in the middle interception of your HTTPS requests as there might be an option in the software and their client/software might not support the same level of HTTPS ssl ciphers or protocols as your Centmin Mod Nginx web server. You can verify by turning off the MITM interception of HTTPS requests which isn't advisable anyway.

    see HTTPS scanning in Kaspersky antivirus exposed users to MITM attacks and Kaspersky in the Middle - what could possibly go wrong?

     
    • Informative Informative x 1
  7. andybond

    andybond New Member

    20
    7
    3
    Jun 1, 2017
    Ratings:
    +9
    Local Time:
    6:48 PM
    1.13.4
    10

    Good shout.

    Ill check that out.

    In the meantime I tried it on yet another domain and got it working. Ill do a little guide if its any use?
     
    • Informative Informative x 1
  8. eva2000

    eva2000 Administrator Staff Member

    42,078
    9,497
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,613
    Local Time:
    4:48 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    you can download both non-working and working domain.com.ssl.conf or domain.com.conf nginx vhosts and then use a diff comparison tool to compare them side by side to see what differences there are or use online diff comapre tools Diff Checker
     
    • Like Like x 1
  9. andybond

    andybond New Member

    20
    7
    3
    Jun 1, 2017
    Ratings:
    +9
    Local Time:
    6:48 PM
    1.13.4
    10
    There are two key differences between the working and none.


    In the non working version : Root has been specified as /home2/nginx/domains/nonworkingdomain.com/public
    In the working version : Root has been specified as /hone2/nginx/domains/workingdomain.com/public/public

    The duplicated public isnt really a duplicate. Its just it dumps the non secured stuff in there. I could not for the life of me get it to work when I moved the /public/public to /public and changed every variable known to man in the config files.

    The addition of these little lines in the workingdomain.conf file

    location / {
    include /usr/local/nginx/conf/503include-only.conf;

    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;

    # Enables directory listings when index file not found
    #autoindex on;

    # Shows file listing times as local time
    #autoindex_localtime on;

    # Wordpress Permalinks example
    try_files $uri $uri/ /index.php?q=$uri&$args;

    }