Want more timely Centmin Mod News Updates?
Become a Member

Laravel App Error

Discussion in 'Other Web Apps usage' started by iekamburoglu, May 7, 2020.

  1. iekamburoglu

    iekamburoglu New Member

    10
    1
    3
    Apr 27, 2018
    Turkey
    Ratings:
    +1
    Local Time:
    9:47 PM
    1.17.10
    Hello, I am here again but for a problem unfortunately :/ I am try isntall a Laravel 7 app on Centmin but it says 404. The official guid from @eva2000 unluckily won't work for me.

    There is my nginx conf;

    Code:
    #x# HTTPS-DEFAULT
     server {
     
       server_name hotelta.com www.hotelta.com;
       return 302 https://hotelta.com$request_uri;
       include /usr/local/nginx/conf/staticfiles.conf;
     }
    
    
    server {
      listen 443 ssl http2 reuseport;
      server_name hotelta.com www.hotelta.com;
    
      include /usr/local/nginx/conf/ssl/hotelta.com/hotelta.com.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
      #ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/hotelta.com/origin.crt;
      #ssl_verify_client on;
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      http2_max_requests 5000;
      # mozilla recommended
      ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      add_header X-Frame-Options SAMEORIGIN;
      add_header X-Xss-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      #add_header Feature-Policy "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'";
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
      index index.html index.htm index.php;
      charset utf-8;
     
      # enable ocsp stapling
      resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m;
      resolver_timeout 10s;
      ssl_stapling on;
      ssl_stapling_verify on;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/hotelta.com/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/hotelta.com/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/hotelta.com/autoprotect-hotelta.com.conf;
      root /home/nginx/domains/hotelta.com/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
      try_files $uri $uri/ /index.php?$query_string;
        }
      location = /favicon.ico { access_log off; log_not_found off; }
      location = /robots.txt  { access_log off; log_not_found off; }
     
      error_page 404 /index.php;
      location ~ \.php$ {
            fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
            include fastcgi_params;
        }
    
      location ~ /\.(?!well-known).* {
            deny all;
        }
    }
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Wordpress Permalinks example
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      }
    
      include /usr/local/nginx/conf/pre-staticfiles-local-hotelta.com.conf;
      include /usr/local/nginx/conf/pre-staticfiles-global.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
     
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    
    And also link of my app's web site.
    What can I do to work?
     
  2. eva2000

    eva2000 Administrator Staff Member

    44,163
    10,066
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,556
    Local Time:
    4:47 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    You nginx vhost looks nothing like the one I outlined in Laravel guide at Install Laravel 5 on Nginx - CentminMod.com LEMP Nginx web stack for CentOS. Though I am still not familiar with Laravel actual usage beyond installation. But I see you have unneeded .php location context in your vhost which guide at Install Laravel 5 on Nginx - CentminMod.com LEMP Nginx web stack for CentOS doesn't have. You can see the discussion thread that the guide is based on at How to install Laravel? for more clues.

    so probably change
    Code (Text):
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
      try_files $uri $uri/ /index.php?$query_string;
       }
      location = /favicon.ico { access_log off; log_not_found off; }
      location = /robots.txt  { access_log off; log_not_found off; }
    
      error_page 404 /index.php;
      location ~ \.php$ {
           fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
           fastcgi_index index.php;
           fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
           include fastcgi_params;
       }
    
      location ~ /\.(?!well-known).* {
           deny all;
       }
    }
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Wordpress Permalinks example
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      }
    
    

    to
    Code (Text):
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
      try_files $uri $uri/ /index.php?$query_string;
      }
    
    
     
    • Like Like x 1
  3. iekamburoglu

    iekamburoglu New Member

    10
    1
    3
    Apr 27, 2018
    Turkey
    Ratings:
    +1
    Local Time:
    9:47 PM
    1.17.10
    I have folloed your way and it still won't work says 403 Forbidden
     
  4. eva2000

    eva2000 Administrator Staff Member

    44,163
    10,066
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,556
    Local Time:
    4:47 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    If on Centmin Mod 123.09beta01, you may have ran into the new tools/autoprotect.sh cronjob feature outlined at Beta Branch - autoprotect.sh - apache .htaccess check & migration to nginx deny all | Centmin Mod Community You uploaded scripts may have .htaccess deny from all type files in their directories which may need bypassing autoprotect. It's a security feature that no other nginx based stack has as far as I know :)

    So instead, all .htaccess 'deny from all' detected directories now get auto generated Nginx equivalent location match and deny all setups except if you want to manually bypass the directory from auto protection via a .autoprotect-bypass file - details below here.

    You can read a few threads below on how autoprotect.sh may have caught some folks web apps falsely and the workarounds or improvements made to autoprotect.sh with the help of users feedback and troubleshooting.
    Check if your nginx vhost at either or both /usr/local/nginx/conf/conf.d/domain.com.conf and/or /usr/local/nginx/conf/conf.d/domain.com.ssl.conf has include file for autoprotect example
    Code (Text):
    include /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf;
    

    see if your directory for the script which has issues is caught in an autoprotect include entry in /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf which has a deny all entry
    Code (Text):
    cat /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf
    

    i.e.
    Code (Text):
    # /home/nginx/domains/domain.com/public/subdirectory/js
    location ~* ^/subdirectory/js/ { allow 127.0.0.1; deny all; }
    

    If caught you can whitelist it by autoprotect bypass .autoprotect-bypass file - details below here. So if problem js file is at domain.com/subdirectory/js/file.js then it is likely /subdirectory/js has a .htaccess with deny all in it - make sure that directory is meant to be publicly accessible by contacting author of script and if so, you can whitelist it and re-run autoprotect script to regenerate your /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf include file
    Code (Text):
    cd /home/nginx/domains/domain.com/public/subdirectory/js
    touch .autoprotect-bypass
    /usr/local/src/centminmod/tools/autoprotect.sh
    nprestart
    

    it maybe you need to also whitelist /subdirectory then it would be as follows creating bypass files at /home/nginx/domains/domain.com/public/subdirectory/.autoprotect-bypass and /home/nginx/domains/domain.com/public/subdirectory/js/.autoprotect-bypass
    Code (Text):
    cd /home/nginx/domains/domain.com/public/subdirectory/
    touch .autoprotect-bypass
    cd /home/nginx/domains/domain.com/public/subdirectory/js
    touch .autoprotect-bypass
    /usr/local/src/centminmod/tools/autoprotect.sh
    nprestart
    

    then double check to see if updated /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf include file now doesn't show an entry for /subdirectory/js
     
  5. iekamburoglu

    iekamburoglu New Member

    10
    1
    3
    Apr 27, 2018
    Turkey
    Ratings:
    +1
    Local Time:
    9:47 PM
    1.17.10
    My hotelta.com.ssl.conf file includes;
    Code:
    include /usr/local/nginx/conf/autoprotect/hotelta.com/autoprotect-hotelta.com.conf;
    but autoprotect-hotelta.com.conf is empty.
    And there is .htaccess

    Code:
    <IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteCond %{REQUEST_URI} !^public
        RewriteRule ^(.*)$ public/$1 [L]
    </IfModule>
     
  6. eva2000

    eva2000 Administrator Staff Member

    44,163
    10,066
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,556
    Local Time:
    4:47 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    what does the updated domain.com.ssl.conf nginx vhost config file look like now ?