Nginx MediaWiki Short URL giving 404 on filename pages

• CentOS Version: CentOS 7 64bit
  
• Centmin Mod Version Installed: 123.09beta01
• Nginx Version Installed: 1.17
• PHP Version Installed: 7.4.6

I am attempting to turn on MediaWiki's Short URL feature. My MediaWiki is installed at /w/
Manual:Short URL/Nginx - MediaWiki

When I use short URLs and try to access a file page, e.g. /wiki/File:image.jpg Nginx returns 404.

---

When I *don't* enable short URLs and instead use /w/index.php?title=File:Image.jpg it works correctly.

I turned debug and rewrite log on, this is the relevant line from the error.log,

Code:

2020/10/22 21:39:23 [error] 55607#55607: *944 open() "/home/nginx/domains/domain.org/public/wiki/File:Common.jpg" failed (2: No such file or directory), client: 111.111.111.111, server: domain.org, request: "GET /wiki/File:Common.jpg HTTP/1.1", host: "domain.org"

Here's my nginx conf (the wiki block is near the bottom):

Code:

# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html
# For HTTP/2 SSL Setup
# read http://centminmod.com/nginx_configure_https_ssl_spdy.html

# redirect from www to non-www  forced SSL
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
server {
   server_name domain.org www.domain.org;
   return 302 https://$server_name$request_uri;
}

server {
  listen 443 ssl http2;
  server_name domain.org www.domain.org;

  ssl_dhparam /usr/local/nginx/conf/ssl/domain.org/dhparam.pem;
  ssl_certificate      /usr/local/nginx/conf/ssl/domain.org/domain.org-acme.cer;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/domain.org/domain.org-acme.key;
  include /usr/local/nginx/conf/ssl_include.conf;

  # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
  ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/domain.org/origin.crt;
  ssl_verify_client on;
  http2_max_field_size 16k;
  http2_max_header_size 32k;
  http2_max_requests 5000;
  # mozilla recommended
  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
  ssl_prefer_server_ciphers   on;
  #add_header Alternate-Protocol  443:npn-spdy/3;

  # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
  #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  #add_header X-Frame-Options SAMEORIGIN;
  add_header X-Xss-Protection "1; mode=block" always;
  add_header X-Content-Type-Options "nosniff" always;
  #add_header Referrer-Policy "strict-origin-when-cross-origin";
  #add_header Feature-Policy "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'";
  #spdy_headers_comp 5;
  ssl_buffer_size 1369;
  ssl_session_tickets on;
 
  # enable ocsp stapling
  resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m;
  resolver_timeout 10s;
  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_trusted_certificate /usr/local/nginx/conf/ssl/domain.org/domain.org-fullchain-acme.key;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/domain.org/log/access.log combined buffer=256k flush=5m;
  error_log /home/nginx/domains/domain.org/log/error.log debug;
  rewrite_log on;

#  include /usr/local/nginx/conf/autoprotect/domain.org/autoprotect-domain.org.conf;
  root /home/nginx/domains/domain.org/public;
  # uncomment cloudflare.conf include if using cloudflare for
  # server and/or vhost site
  #include /usr/local/nginx/conf/cloudflare.conf;
  include /usr/local/nginx/conf/503include-main.conf;

#  include /usr/local/nginx/conf/wpincludes/domain.org/wpcacheenabler_domain.org.conf;
  #include /usr/local/nginx/conf/wpincludes/domain.org/wpsupercache_domain.org.conf;
  # https://community.centminmod.com/posts/18828/
  #include /usr/local/nginx/conf/wpincludes/domain.org/rediscache_domain.org.conf;

#wiki block
# Location for wiki's entry points
    location ~ ^/w/(index|load|api|thumb|opensearch_desc)\.php$ {
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_pass 127.0.0.1:9000; # or whatever port your PHP-FPM listens on
    }

        location ~* \.(js|css|gif|ico)$ {
        try_files $uri /wiki/index.php;
        expires max;
        log_not_found off;
    }
 
    # Images
    location /w/images {
        # Separate location for images/ so .php execution won't apply
    }
    location /w/images/deleted {
        # Deny access to deleted images folder
        deny all;
    }
    # MediaWiki assets (usually images)
    location ~ ^/w/resources/(assets|lib|src) {
        try_files $uri 404;
        add_header Cache-Control "public";
        expires 7d;
    }
    # Assets, scripts and styles from skins and extensions
    location ~ ^/w/(skins|extensions)/.+\.(css|js|gif|jpg|jpeg|png|svg|wasm)$ {
        try_files $uri /wiki/index.php;
        add_header Cache-Control "public";
        expires 7d;
    }
 
    ## Uncomment the following code if you wish to use the installer/updater
    ## installer/updater
    #location /w/mw-config/ {
    #    # Do this inside of a location so it can be negated
    #    location ~ \.php$ {
    #        include /etc/nginx/fastcgi_params;
    #        fastcgi_param SCRIPT_FILENAME $document_root/w/mw-config/$fastcgi_script_name;
    #        fastcgi_pass 127.0.0.1:9000; # or whatever port your PHP-FPM listens on
    #    }
    #}
 
    # Handling for the article path (pretty URLs)
    location /wiki/ {
        rewrite ^/wiki/(?<pagename>.*)$ /w/index.php;
    }
    # Explicit access to the root website, redirect to main page (adapt as needed)
    location = / {
        return 301 /wiki/Main_Page;
    }

    # Every other entry point will be disallowed.
    # Add specific rules for other entry points/images as needed above this
    location / {
        return 404;
    }
#end wiki block
 
  include /usr/local/nginx/conf/php-wpsc.conf;
 
  # https://community.centminmod.com/posts/18828/
  #include /usr/local/nginx/conf/php-rediscache.conf;
  include /usr/local/nginx/conf/pre-staticfiles-local-domain.org.conf;
  include /usr/local/nginx/conf/pre-staticfiles-global.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

 

I found the culprit: staticfiles.conf

I don't want to disable it, as (I believe) it's giving us some great cache control & compression for other static files. But how could I make it work with Mediawiki?

Code:

    # prepare for letsencrypt
    # https://community.centminmod.com/posts/17774/
    location ~ /.well-known { location ~ /.well-known/acme-challenge/(.*) { more_set_headers    "Content-Type: text/plain"; } }

    location ~* \.(gif|jpg|jpeg|png|ico)$ {
      gzip_static off;
      #add_header Pragma public;
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      add_header Access-Control-Allow-Origin *;
      add_header Cache-Control "public, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800";
      access_log off;
      expires 30d;
      break;
    }

    location ~* \.(3gp|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|test|bin)$ {
      gzip_static off;
      sendfile off;
      sendfile_max_chunk 1m;
      #add_header Pragma public;
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      add_header Access-Control-Allow-Origin *;
      add_header Cache-Control "public, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800";
      access_log off;
      expires 30d;
      break;
    }

    location ~* \.(js|json)$ {
  #add_header Pragma public;
  #add_header X-Frame-Options SAMEORIGIN;
  #add_header X-Xss-Protection "1; mode=block" always;
  #add_header X-Content-Type-Options "nosniff" always;
  #add_header Referrer-Policy "strict-origin-when-cross-origin";
  add_header Access-Control-Allow-Origin *;
  add_header Cache-Control "public, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800";
    access_log off;
    expires 30d;
    break;
        }

    location ~* \.(css)$ {
  #add_header Pragma public;
  #add_header X-Frame-Options SAMEORIGIN;
  #add_header X-Xss-Protection "1; mode=block" always;
  #add_header X-Content-Type-Options "nosniff" always;
  #add_header Referrer-Policy "strict-origin-when-cross-origin";
  add_header Access-Control-Allow-Origin *;
  add_header Cache-Control "public, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800";
    access_log off;
    expires 30d;
    break;
        }

  #  location ~* \.(html|htm|txt)$ {
  #add_header Pragma public;
  #add_header X-Frame-Options SAMEORIGIN;
  #add_header X-Xss-Protection "1; mode=block" always;
  #add_header X-Content-Type-Options "nosniff" always;
  #add_header Referrer-Policy "strict-origin-when-cross-origin";
    #add_header Cache-Control "public, must-revalidate, proxy-revalidate";
    #access_log off;
    #expires 1d;
    #break;
  #      }

    location ~* \.(eot|svg|ttf|woff|woff2)$ {
  #add_header Pragma public;
  #add_header X-Frame-Options SAMEORIGIN;
  #add_header X-Xss-Protection "1; mode=block" always;
  #add_header X-Content-Type-Options "nosniff" always;
  #add_header Referrer-Policy "strict-origin-when-cross-origin";
  add_header Access-Control-Allow-Origin *;
  add_header Cache-Control "public, must-revalidate, proxy-revalidate";
    access_log off;
    expires 365d;
    break;
        }

 

I run much more software than Mediawiki on that domain, so I'd rather not lose all the benefits of staticfiles.conf. I'm hoping to make it just ignore the mediawiki/w/ folder