Join the community today
Become a Member

Nginx MediaWiki Short URL giving 404 on filename pages

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by redbot, Oct 23, 2020.

  1. redbot

    redbot Dreaming of Debmin Mod Premium Member

    39
    6
    8
    Mar 30, 2020
    Ratings:
    +18
    Local Time:
    7:06 PM
    • CentOS Version: CentOS 7 64bit
    • Centmin Mod Version Installed: 123.09beta01
    • Nginx Version Installed: 1.17
    • PHP Version Installed: 7.4.6
    I am attempting to turn on MediaWiki's Short URL feature. My MediaWiki is installed at /w/
    Manual:Short URL/Nginx - MediaWiki

    When I use short URLs and try to access a file page, e.g. /wiki/File:image.jpg Nginx returns 404.

    When I *don't* enable short URLs and instead use /w/index.php?title=File:Image.jpg it works correctly.

    I turned debug and rewrite log on, this is the relevant line from the error.log,
    Code:
    2020/10/22 21:39:23 [error] 55607#55607: *944 open() "/home/nginx/domains/domain.org/public/wiki/File:Common.jpg" failed (2: No such file or directory), client: 111.111.111.111, server: domain.org, request: "GET /wiki/File:Common.jpg HTTP/1.1", host: "domain.org"
    Here's my nginx conf (the wiki block is near the bottom):

    Code:
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For HTTP/2 SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    server {
       server_name domain.org www.domain.org;
       return 302 https://$server_name$request_uri;
    }
    
    server {
      listen 443 ssl http2;
      server_name domain.org www.domain.org;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/domain.org/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/domain.org/domain.org-acme.cer;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/domain.org/domain.org-acme.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
      ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/domain.org/origin.crt;
      ssl_verify_client on;
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      http2_max_requests 5000;
      # mozilla recommended
      ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      add_header X-Xss-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      #add_header Feature-Policy "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'";
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
     
      # enable ocsp stapling
      resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m;
      resolver_timeout 10s;
      ssl_stapling on;
      ssl_stapling_verify on;
      ssl_trusted_certificate /usr/local/nginx/conf/ssl/domain.org/domain.org-fullchain-acme.key;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/domain.org/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/domain.org/log/error.log debug;
      rewrite_log on;
    
    #  include /usr/local/nginx/conf/autoprotect/domain.org/autoprotect-domain.org.conf;
      root /home/nginx/domains/domain.org/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
    #  include /usr/local/nginx/conf/wpincludes/domain.org/wpcacheenabler_domain.org.conf;
      #include /usr/local/nginx/conf/wpincludes/domain.org/wpsupercache_domain.org.conf;
      # https://community.centminmod.com/posts/18828/
      #include /usr/local/nginx/conf/wpincludes/domain.org/rediscache_domain.org.conf;
    
    #wiki block
    # Location for wiki's entry points
        location ~ ^/w/(index|load|api|thumb|opensearch_desc)\.php$ {
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_pass 127.0.0.1:9000; # or whatever port your PHP-FPM listens on
        }
    
            location ~* \.(js|css|gif|ico)$ {
            try_files $uri /wiki/index.php;
            expires max;
            log_not_found off;
        }
     
        # Images
        location /w/images {
            # Separate location for images/ so .php execution won't apply
        }
        location /w/images/deleted {
            # Deny access to deleted images folder
            deny all;
        }
        # MediaWiki assets (usually images)
        location ~ ^/w/resources/(assets|lib|src) {
            try_files $uri 404;
            add_header Cache-Control "public";
            expires 7d;
        }
        # Assets, scripts and styles from skins and extensions
        location ~ ^/w/(skins|extensions)/.+\.(css|js|gif|jpg|jpeg|png|svg|wasm)$ {
            try_files $uri /wiki/index.php;
            add_header Cache-Control "public";
            expires 7d;
        }
     
        ## Uncomment the following code if you wish to use the installer/updater
        ## installer/updater
        #location /w/mw-config/ {
        #    # Do this inside of a location so it can be negated
        #    location ~ \.php$ {
        #        include /etc/nginx/fastcgi_params;
        #        fastcgi_param SCRIPT_FILENAME $document_root/w/mw-config/$fastcgi_script_name;
        #        fastcgi_pass 127.0.0.1:9000; # or whatever port your PHP-FPM listens on
        #    }
        #}
     
        # Handling for the article path (pretty URLs)
        location /wiki/ {
            rewrite ^/wiki/(?<pagename>.*)$ /w/index.php;
        }
        # Explicit access to the root website, redirect to main page (adapt as needed)
        location = / {
            return 301 /wiki/Main_Page;
        }
    
        # Every other entry point will be disallowed.
        # Add specific rules for other entry points/images as needed above this
        location / {
            return 404;
        }
    #end wiki block
     
      include /usr/local/nginx/conf/php-wpsc.conf;
     
      # https://community.centminmod.com/posts/18828/
      #include /usr/local/nginx/conf/php-rediscache.conf;
      include /usr/local/nginx/conf/pre-staticfiles-local-domain.org.conf;
      include /usr/local/nginx/conf/pre-staticfiles-global.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    
     
    Last edited: Oct 23, 2020
  2. redbot

    redbot Dreaming of Debmin Mod Premium Member

    39
    6
    8
    Mar 30, 2020
    Ratings:
    +18
    Local Time:
    7:06 PM
    I found the culprit: staticfiles.conf

    I don't want to disable it, as (I believe) it's giving us some great cache control & compression for other static files. But how could I make it work with Mediawiki?

    Code:
        # prepare for letsencrypt
        # https://community.centminmod.com/posts/17774/
        location ~ /.well-known { location ~ /.well-known/acme-challenge/(.*) { more_set_headers    "Content-Type: text/plain"; } }
    
        location ~* \.(gif|jpg|jpeg|png|ico)$ {
          gzip_static off;
          #add_header Pragma public;
          #add_header X-Frame-Options SAMEORIGIN;
          #add_header X-Xss-Protection "1; mode=block" always;
          #add_header X-Content-Type-Options "nosniff" always;
          add_header Access-Control-Allow-Origin *;
          add_header Cache-Control "public, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800";
          access_log off;
          expires 30d;
          break;
        }
    
        location ~* \.(3gp|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|test|bin)$ {
          gzip_static off;
          sendfile off;
          sendfile_max_chunk 1m;
          #add_header Pragma public;
          #add_header X-Frame-Options SAMEORIGIN;
          #add_header X-Xss-Protection "1; mode=block" always;
          #add_header X-Content-Type-Options "nosniff" always;
          add_header Access-Control-Allow-Origin *;
          add_header Cache-Control "public, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800";
          access_log off;
          expires 30d;
          break;
        }
    
        location ~* \.(js|json)$ {
      #add_header Pragma public;
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      add_header Access-Control-Allow-Origin *;
      add_header Cache-Control "public, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800";
        access_log off;
        expires 30d;
        break;
            }
    
        location ~* \.(css)$ {
      #add_header Pragma public;
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      add_header Access-Control-Allow-Origin *;
      add_header Cache-Control "public, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800";
        access_log off;
        expires 30d;
        break;
            }
    
      #  location ~* \.(html|htm|txt)$ {
      #add_header Pragma public;
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
        #add_header Cache-Control "public, must-revalidate, proxy-revalidate";
        #access_log off;
        #expires 1d;
        #break;
      #      }
    
        location ~* \.(eot|svg|ttf|woff|woff2)$ {
      #add_header Pragma public;
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      add_header Access-Control-Allow-Origin *;
      add_header Cache-Control "public, must-revalidate, proxy-revalidate";
        access_log off;
        expires 365d;
        break;
            }
    
     
  3. eva2000

    eva2000 Administrator Staff Member

    45,652
    10,358
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,076
    Local Time:
    11:06 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    you'd have to remove staticfiles.conf as your Mediawiki Nginx rules for static assets already has expires/browser cache settings setup. You could possibly change expires from 7d to 30d if assets are suited to longer browser cache times
     
  4. redbot

    redbot Dreaming of Debmin Mod Premium Member

    39
    6
    8
    Mar 30, 2020
    Ratings:
    +18
    Local Time:
    7:06 PM
    I run much more software than Mediawiki on that domain, so I'd rather not lose all the benefits of staticfiles.conf. I'm hoping to make it just ignore the mediawiki/w/ folder
     
  5. eva2000

    eva2000 Administrator Staff Member

    45,652
    10,358
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,076
    Local Time:
    11:06 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    You'd have to modify a separate staticfiles.conf include version specific to each software on that domain then