Welcome to Centmin Mod Community
Become a Member

Help witch convert htaccess to nginx

Discussion in 'Blogs & CMS usage' started by RootPass, Jan 10, 2018.

  1. RootPass

    RootPass New Member

    23
    3
    3
    Mar 22, 2017
    Ratings:
    +4
    Local Time:
    7:56 AM
    CentMin
    CentMin
    hey
    im using centminmod and really love it
    i try to get a tool on centmin vhost to work on nginx however it using an htaccess and can't work with the server.
    i tried to talk to the tool support and they telling me that i need to convert the htaccess to nginx to make .php file opened by php (however it's not set as default?)

    the htaccess code:
    Code:
    RewriteEngine On
    
    #RewriteCond %{HTTPS} off
    #RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    
    #RewriteCond %{HTTP_HOST} !^www\.
    #RewriteRule .* http://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    
    Options +FollowSymLinks
    Options -Indexes
    
    RewriteCond %{SCRIPT_FILENAME} !-d 
    RewriteCond %{SCRIPT_FILENAME} !-f
    RewriteRule . index.php [L,QSA]
    
    
    
    # Performace optimization
    
    # BEGIN Compress text files
    <ifModule mod_deflate.c>
      AddOutputFilterByType DEFLATE text/html text/xml text/css text/plain
      AddOutputFilterByType DEFLATE image/svg+xml application/xhtml+xml application/xml
      AddOutputFilterByType DEFLATE application/rdf+xml application/rss+xml application/atom+xml
      AddOutputFilterByType DEFLATE text/javascript application/javascript application/x-javascript application/json
      AddOutputFilterByType DEFLATE application/x-font-ttf application/x-font-otf
      AddOutputFilterByType DEFLATE font/truetype font/opentype
    </ifModule>
    # END Compress text files
    
    # BEGIN Expire headers
    <ifModule mod_expires.c>
      ExpiresActive On
      ExpiresDefault "access plus 5 seconds"
      ExpiresByType image/x-icon "access plus 31536000 seconds"
      ExpiresByType image/jpeg "access plus 31536000 seconds"
      ExpiresByType image/png "access plus 31536000 seconds"
      ExpiresByType image/gif "access plus 31536000 seconds"
      ExpiresByType application/x-shockwave-flash "access plus 31536000 seconds"
      ExpiresByType text/css "access plus 31536000 seconds"
      ExpiresByType text/javascript "access plus 31536000 seconds"
      ExpiresByType application/javascript "access plus 31536000 seconds"
      ExpiresByType application/x-javascript "access plus 31536000 seconds"
    </ifModule>
    # END Expire headers
    
    # BEGIN Cache-Control Headers
    <ifModule mod_headers.c>
      <filesMatch ".(ico|jpe?g|png|gif|swf)$">
        Header set Cache-Control "public"
      </filesMatch>
      <filesMatch ".(css)$">
        Header set Cache-Control "public"
      </filesMatch>
      <filesMatch ".(js)$">
        Header set Cache-Control "private"
      </filesMatch>
      <filesMatch ".(x?html?|php)$">
        Header set Cache-Control "private, must-revalidate"
      </filesMatch>
    
      <filesMatch ".(woff|woff2|ttf|otf|eot)$">
        Header set Cache-Control "max-age=31536000 private, must-revalidate"
      </filesMatch>
    </ifModule>
    # END Cache-Control Headers

     
  2. eva2000

    eva2000 Administrator Staff Member

    35,086
    7,745
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,944
    Local Time:
    2:56 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Centmin Mod is provide as is, so short of scripted related bugs or issues, any further optimisation to the web stack components - nginx, php-fpm, mariadb mysql, csf firewall etc or web app specific configurations are left to the Centmin Mod user to deal with. So I do not provide any free support for such rewrite rules.

    However, Centmin Mod users are free to help each other out and ask questions or give answers on this community forum. My hopes are that this community forum evolves so that more veteran long time Centmin Mod users help new Centmin Mod users out :)

    What tool/script ?

    all static/expires is already handled by centmin mod nginx out of box so only relevant part to convert is
    Code (Text):
    RewriteCond %{SCRIPT_FILENAME} !-d
    RewriteCond %{SCRIPT_FILENAME} !-f
    RewriteRule . index.php [L,QSA]
    

    IIRC, which is wordpress permalinks ?

    just edit your domain.com.conf and/or domain.com.ssl.conf and uncomment the wordpress permalink rewrite rule
    Code (Text):
    # Wordpress Permalinks example
    try_files $uri $uri/ /index.php?q=$uri&$args;
    

    then restart nginx + php-fpm
    Code (Text):
    nprestart
    
     
  3. RootPass

    RootPass New Member

    23
    3
    3
    Mar 22, 2017
    Ratings:
    +4
    Local Time:
    7:56 AM
    CentMin
    CentMin
    Thanks @eva2000 !
    when i uncomment i get this error:

    Restarting nginx (via systemctl): Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
    [FAILED]
    Gracefully shutting down php-fpm . done
    Starting php-fpm done
     
  4. eva2000

    eva2000 Administrator Staff Member

    35,086
    7,745
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,944
    Local Time:
    2:56 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Check nginx config via test config command
    Code (Text):
    nginx -t
    

    what output do you get ?

    When you create a new nginx vhost domain via centmin.sh menu option 2 or menu option 22 or via /usr/bin/nv cli command line, you will create the Nginx vhost files and directories. You will get an outputted the path location where it will create the domain name's vhost conf file named newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL)
    • Nginx vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.conf
    • Nginx HTTP/2 SSL vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf
    • Nginx Self-Signed SSL Certificate Directory at /usr/local/nginx/conf/ssl/newdomain.com
    • Vhost public web root will be at /home/nginx/domains/newdomain.com/public
    • Vhost log directory will be at /home/nginx/domains/newdomain.com/log
    Please post the contents of /usr/local/nginx/conf/conf.d/newdomain.com.conf and if applicable /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf wrapped in CODE tags (outlined at How to use forum BBCODE code tags)

    what is output of these commands in ssh
    Code (Text):
    curl -I https://domain.com
    

    Code (Text):
    curl -I https://www.domain.com
    

    Code (Text):
    curl -I http://domain.com
    

    Code (Text):
    curl -I http://www.domain.com
    

    wrap output in CODE tags
     
    • Like Like x 1
  5. RootPass

    RootPass New Member

    23
    3
    3
    Mar 22, 2017
    Ratings:
    +4
    Local Time:
    7:56 AM
    CentMin
    CentMin
    @eva2000 probably the error came from the duplicate try_files command (centmin by default have the first one):
    Code:
    try_files $uri $uri/ /index.php?$query_string;
      # Wordpress Permalinks example
      try_files $uri $uri/ /index.php?q=$uri&$args;
    i uncommented the first one and place the wordpress one u said and error is gone but code is still not working (404)
    the tool is Instagram Auto Post & Scheduler

    this is the conf file (replaced domain with domain.com)
    Code:
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    
    # redirect from non-www to www
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    #server {
    #            listen   80;
    #            server_name domain.com;
    #            return 301 $scheme://www.domain.com$request_uri;
    #       }
    
    server {
      server_name domain.com www.domain.com;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/domain.com/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/domain.com/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf;
      root /home/nginx/domains/domain.com/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      location / {
      #try_files $uri $uri/ /index.php?$query_string;
      include /usr/local/nginx/conf/503include-only.conf;
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Wordpress Permalinks example
      try_files $uri $uri/ /index.php?q=$uri&$args;
      }
     
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
     
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    curl commands: (not using ssl)
    curl -I domain.com:
    Code:
    curl -I http://domain.com
    HTTP/1.1 403 Forbidden
    Date: Tue, 09 Jan 2018 20:54:28 GMT
    Content-Type: text/html; charset=utf-8
    Connection: keep-alive
    Set-Cookie: __cfduid=d3f535eb6c321ed432fd156ebf8b980431515531268; expires=Wed, 09-Jan-19 20:54:28 GMT; path=/; domain=.domain.com; HttpOnly
    X-Powered-By: CF
    Server: cloudflare
    CF-RAY: 3daa4aba97d52c00-AMS
    
    You have new mail in /var/spool/mail/root
    curl -I www.domain.com
    Code:
    curl -I http://www.domain.com
    HTTP/1.1 403 Forbidden
    Date: Tue, 09 Jan 2018 20:55:03 GMT
    Content-Type: text/html; charset=utf-8
    Connection: keep-alive
    Set-Cookie: __cfduid=d4b5b295cb9dcc0b8fd246fcc079f0b041515531303; expires=Wed, 09-Jan-19 20:55:03 GMT; path=/; domain=.domain.com; HttpOnly
    X-Powered-By: CF
    Server: cloudflare
    CF-RAY: 3daa4b9965027325-AMS
    *I need to mention that the script is not located in domain.com, its in a directory. let me know if i need to change the curl to the directory
     
    Last edited: Jan 10, 2018
  6. eva2000

    eva2000 Administrator Staff Member

    35,086
    7,745
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,944
    Local Time:
    2:56 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Centmin Mod values security and puts additional measures in place so that end users are also mindful of security. So in your case, you might need to whitelist or unblock the WP plugins related to your 403 permission denied messages.

    If you used centmin.sh menu option 22 auto installer Wordpress Nginx Auto Installer, the default wpsecure conf file at /usr/local/nginx/conf/wpsecure_${vhostname}.conf where vhostname is your domain name, blocks php scripts from executing in wp-content for security

    Below links you can see examples of setting up specific wordpress location matches to punch a hole in the wpsecure blocking to whitelist specific php files that need to be able to run.
    If on Centmin Mod 123.09beta01, you may have ran into the new tools/autoprotect.sh cronjob feature outlined at Beta Branch - autoprotect.sh - apache .htaccess check & migration to nginx deny all | Centmin Mod Community You uploaded scripts may have .htaccess deny from all type files in their directories which may need bypassing autoprotect. It's a security feature that no other nginx based stack has as far as I know :)

    So instead, all .htaccess 'deny from all' detected directories now get auto generated Nginx equivalent location match and deny all setups except if you want to manually bypass the directory from auto protection via a .autoprotect-bypass file - details below here.

    You can read a few threads below on how autoprotect.sh may have caught some folks web apps falsely and the workarounds or improvements made to autoprotect.sh with the help of users feedback and troubleshooting.
     
    • Like Like x 1
  7. RootPass

    RootPass New Member

    23
    3
    3
    Mar 22, 2017
    Ratings:
    +4
    Local Time:
    7:56 AM
    CentMin
    CentMin
    @eva2000 thanks man i added .autoprotect-bypass
    to the directories that autoprotect found and now the autoprotect file is empty but script still not working :(
    any ideas? thanks so much for ur responses!!!
     
  8. RootPass

    RootPass New Member

    23
    3
    3
    Mar 22, 2017
    Ratings:
    +4
    Local Time:
    7:56 AM
    CentMin
    CentMin
    edit:
    after HOURS of trying things and script i FINALLY found the problem (it's the silliest one u'll ever see)
    it was the root missing the folder so i had to change it like this:
    root /home/nginx/domains/domain.com/public/scriptfolder

    when it was
    root /home/nginx/domains/domain.com/public

    Thanks @eva2000 !
     
  9. eva2000

    eva2000 Administrator Staff Member

    35,086
    7,745
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,944
    Local Time:
    2:56 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    so this isn't a wordpress site ? it's fully just this script/tool site ? if it is then

    just revert root path to previous default public and add a new location context for script directory and add the php.conf include file so you can process php
    Code (Text):
    location /scriptfolder {
      include /usr/local/nginx/conf/php.conf;
      try_files $uri $uri/ /index.php?q=$uri&$args;
      }
    
     
..