Join the community today
Become a Member

Nginx nginx config

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by Oxide, May 2, 2015.

Tags:
  1. Oxide

    Oxide Active Member

    534
    29
    28
    Mar 19, 2015
    Ratings:
    +59
    Local Time:
    9:45 PM
    Hello.

    Basically I am having this limit requests within the php.conf, however this makes it work all over my site. Are there a way to exclude a certain folder?

    I want to exclude the administration panel, because of the amount of ajax request it makes.. It literally blocks my admins.

    Code:
    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass   127.0.0.1:9000;
        #fastcgi_pass   unix:/tmp/php5-fpm.sock;
        fastcgi_index  index.php;
        #fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param  SCRIPT_FILENAME    $request_filename;
        limit_req zone=one burst=5;
    this is what i use now, works fine but it even limits my administrators.. is there a way to exclude a certain part from getting it limited?


    i want it to do it on all php documents, but exclude a certain folder
     
  2. eva2000

    eva2000 Administrator Staff Member

    53,866
    12,160
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,712
    Local Time:
    9:45 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    have a separate /usr/local/nginx/conf/php.conf file for admin without the limit_req by copying /usr/local/nginx/conf/php.conf to /usr/local/nginx/conf/phpadmin.conf or something and include that for admin or folder locations you don't want to limit requests for

    Code:
       location /admin {
            #include /usr/local/nginx/conf/php.conf;
            include /usr/local/nginx/conf/phpadmin.conf;
            allow 127.0.0.1;
            allow myip;
            deny all;
    }
     
  3. Oxide

    Oxide Active Member

    534
    29
    28
    Mar 19, 2015
    Ratings:
    +59
    Local Time:
    9:45 PM
    yeah if i did that, wouldnt that conflict? if i had two php.conf and phpadmin.conf load inside admin? because php.conf is global, means it will load there
     
  4. eva2000

    eva2000 Administrator Staff Member

    53,866
    12,160
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,712
    Local Time:
    9:45 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    no you do not load admin instead the php.conf and phpadmin.conf, you just have the limit_req zone=one burst=5; line in php.conf and don't use it in phpadmin.conf which is only loaded for /admin location.
     
  5. Oxide

    Oxide Active Member

    534
    29
    28
    Mar 19, 2015
    Ratings:
    +59
    Local Time:
    9:45 PM
    Any example?

    I have mydomain.conf inside conf.d

    this is default installation

    then inside php.conf i have limit requests
    inside nginx.conf i also have a rule that are needed to limit requests..

    if inside mydomain.conf i make a location rule, wouldn't the normal php.conf also be loaded there? because that one gets loaded glbally.

    i want the limit requests to work on all php documents but in certain folder /admin
     
  6. eva2000

    eva2000 Administrator Staff Member

    53,866
    12,160
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,712
    Local Time:
    9:45 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    /usr/local/nginx/conf/php.conf with limit_req
    Code:
    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass   127.0.0.1:9000;
        #fastcgi_pass   unix:/tmp/php5-fpm.sock;
        fastcgi_index  index.php;
        #fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param  SCRIPT_FILENAME    $request_filename;
        limit_req zone=one burst=5;
    
    snipped rest of default contents
    /usr/local/nginx/conf/phpadmin.conf without limit_req
    Code:
    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass   127.0.0.1:9000;
        #fastcgi_pass   unix:/tmp/php5-fpm.sock;
        fastcgi_index  index.php;
        #fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param  SCRIPT_FILENAME    $request_filename;
    
    snipped rest of default contents
    in in vhost you want to exclude /admin
    Code:
       location /admin {
            #include /usr/local/nginx/conf/php.conf;
            include /usr/local/nginx/conf/phpadmin.conf;
            allow 127.0.0.1;
            allow myip;
            deny all;
    }
     
  7. Oxide

    Oxide Active Member

    534
    29
    28
    Mar 19, 2015
    Ratings:
    +59
    Local Time:
    9:45 PM
    sorry but this

    [​IMG]

    [Nginx] eee - Pastebin.com
     
  8. eva2000

    eva2000 Administrator Staff Member

    53,866
    12,160
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,712
    Local Time:
    9:45 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yup that's correct just you have 2x /admin locations with a deny all one too, you can remove that one
     
  9. Oxide

    Oxide Active Member

    534
    29
    28
    Mar 19, 2015
    Ratings:
    +59
    Local Time:
    9:45 PM
    Okay.

    So inside php.conf i have limit requests

    and inside phpadmin I don't.. i feel this would conflict with each other :/ (would i duplicate the php.conf into phpadmin.conf, then remove limit requests? )
     
  10. eva2000

    eva2000 Administrator Staff Member

    53,866
    12,160
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,712
    Local Time:
    9:45 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    there's no conflicts, /admin will use phpadmin.conf while everything else uses php.conf. This is what I do on this very forum as I have 8x PHP-FPM pools load balanced along with assigning specific location and php paths a dedicated PHP-FPM pool with different php.conf with different php settings and values :)

    just duplicate php.conf and edit the copy to your needs
     
  11. Oxide

    Oxide Active Member

    534
    29
    28
    Mar 19, 2015
    Ratings:
    +59
    Local Time:
    9:45 PM
    okay so it basically overrides the second one? because it's before it.
     
  12. Oxide

    Oxide Active Member

    534
    29
    28
    Mar 19, 2015
    Ratings:
    +59
    Local Time:
    9:45 PM
    cheers it works, was just skeptical in case you didnt understand
     
  13. eva2000

    eva2000 Administrator Staff Member

    53,866
    12,160
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,712
    Local Time:
    9:45 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yup should work, been doing it on this forum for a while :D Handy if you want different php.conf content settings and values for particular parts of your site, directory paths or files.
     
  14. Oxide

    Oxide Active Member

    534
    29
    28
    Mar 19, 2015
    Ratings:
    +59
    Local Time:
    9:45 PM
    does the image php exploit for nginx still work or is it patched?
     
  15. eva2000

    eva2000 Administrator Staff Member

    53,866
    12,160
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,712
    Local Time:
    9:45 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    that's handled in /usr/local/nginx/conf/php.conf and any copies of the file via
    Code:
                                                     
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
    i.e.
    Code:
    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass   127.0.0.1:9000;
        #fastcgi_pass   unix:/tmp/php5-fpm.sock;
        fastcgi_index  index.php;