Get the most out of your Centmin Mod LEMP stack
Become a Member

NGINX Rules

Discussion in 'Other Web Apps usage' started by SFLC, Dec 4, 2016.

  1. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    12:39 AM
    1
    10
    Hello,

    I have a question relating to nginx rules as they are more complicated than what we are using to with nginx directly.

    I've installed a custom php script and need to add a few rules for it to work.

    This is my current domain conf file: (/usr/local/nginx/conf/conf.d/somedomain.com.conf)
    Code:
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    
    # redirect from non-www to www
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    #server {
    #            listen   80;
    #            server_name somedomain.com;
    #            return 301 $scheme://www.somedomain.com$request_uri;
    #       }
    
    server {
      server_name somedomain.com www.somedomain.com;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/somedomain.com/log/access.log combined buffer=256k flush=60m;
      error_log /home/nginx/domains/somedomain.com/log/error.log;
    
      root /home/nginx/domains/somedomain.com/public;
    
      # prevent access to ./directories and files
      location ~ (?:^|/)\. {
       deny all;
      }
    
      location / {
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Enable for vBulletin usage WITHOUT vbSEO installed
      # More example Nginx vhost configurations at
      # http://centminmod.com/nginx_configure.html
      #try_files            $uri $uri/ /index.php;
    
      }
    
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    
    and what i need to add in is this:
    Code:
        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        location ~ \.php$ {
            if (!-e $request_filename) { rewrite ^/(.*) /index.php?_page_url=$1 last; }
        }
    
        location / {
            if (!-e $request_filename) {
                rewrite ^/(.*) /index.php?_page_url=$1 last;
            }
        }
    
        location /files/ {
            internal;
        }
    
        # these locations would be hidden by .htaccess normally
        location /core/logs/ {
            deny all;
        }
    I have tried everything and it doesnt work, either nginx check conf says its all ok and starts but no joy or it fails and nginx errors out.

    thanks for your help in advance
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,178
    6,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,139
    Local Time:
    8:39 AM
    Nginx 1.13.x
    MariaDB 5.5
    what web app is this for ?

    the /usr/local/nginx/conf/php.conf include has a global *.php location context match which may interfere with
    Code (Text):
        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        location ~ \.php$ {
            if (!-e $request_filename) { rewrite ^/(.*) /index.php?_page_url=$1 last; }
        }

    so you might want to make a custom php.conf named php_yourdomain.com.conf to replace that specific vhost's include file as /usr/local/nginx/conf/php_yourdomain.com.conf

    make a copy of /usr/local/nginx/conf/php.conf as /usr/local/nginx/conf/php_yourdomain.com.conf
    Code (Text):
    cp -a /usr/local/nginx/conf/php.conf /usr/local/nginx/conf/php_yourdomain.com.conf
    

    then change in vhost the include file from
    Code (Text):
    include /usr/local/nginx/conf/php.conf;

    to
    Code (Text):
    include /usr/local/nginx/conf/php_yourdomain.com.conf;

    then edit /usr/local/nginx/conf/php_yourdomain.com.conf and add your specific line
    Code (Text):
    if (!-e $request_filename) { rewrite ^/(.*) /index.php?_page_url=$1 last; }
    

    though do you really need that in *.php location context at all ?

    you may need to remove a similiar no request_filename rule already in /usr/local/nginx/conf/php_yourdomain.com.conf
     
  3. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    12:39 AM
    1
    10
    Thanks @eva2000 for the unbelievably comprehensive post, i'll try it out and post my results.

    The webapp is yetishare, it's basically a file sharing script.
     
  4. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    12:39 AM
    1
    10
    I don't get it, i literally followed your guide to the t and still no joy, not sure what's wrong.

    nginx -t says all conf is ok however any pages that go through the index through a rewrite won't work so in essence this rule is not being applied for some reason:
    if (!-e $request_filename) { rewrite ^/(.*) /index.php?_page_url=$1 last; }

    this is my /usr/local/nginx/conf/conf.d/somedomain.com.conf

    Code:
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    
    # redirect from non-www to www
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    #server {
    #            listen   80;
    #            server_name somedomain.com;
    #            return 301 $scheme://www.somedomain.com$request_uri;
    #       }
    
    server {
      server_name somedomain.com www.somedomain.com;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/somedomain.com/log/access.log combined buffer=256k flush=60m;
      error_log /home/nginx/domains/somedomain.com/log/error.log;
    
      root /home/nginx/domains/somedomain.com/public;
    
      # prevent access to ./directories and files
      location ~ (?:^|/)\. {
       deny all;
      }
    
      location / {
    
    if (!-e $request_filename) {
                rewrite ^/(.*) /index.php?_page_url=$1 last;
            }
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Enable for vBulletin usage WITHOUT vbSEO installed
      # More example Nginx vhost configurations at
      # http://centminmod.com/nginx_configure.html
      #try_files            $uri $uri/ /index.php;
    
      }
    
    
    location /files/ {
            internal;
        }
    
        # these locations would be hidden by .htaccess normally
        location /core/logs/ {
            deny all;
        }
    
    
      include /usr/local/nginx/conf/staticfiles.conf;
      #include /usr/local/nginx/conf/php.conf;
       include /usr/local/nginx/conf/php_somedomain.com.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    and this is /usr/local/nginx/conf/php_somedomain.com.conf

    Code:
    location ~ [^/]\.php(/|$) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
       #if (!-f $document_root$fastcgi_script_name) {
        #    return 404;
        #}
    if (!-e $request_filename) { rewrite ^/(.*) /index.php?_page_url=$1 last; }
    
        fastcgi_pass   127.0.0.1:9000;
        #fastcgi_pass   unix:/tmp/php5-fpm.sock;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        #fastcgi_param  SCRIPT_FILENAME    $request_filename;
        #fastcgi_param PHP_ADMIN_VALUE open_basedir=$document_root/:/usr/local/lib/php/:/tmp/;
    
    # might shave 200+ ms off PHP requests
    # which don't pass on a content length header
    # slightly faster page response time at the
    # expense of throughput / scalability
    sendfile on;
    #tcp_nopush off;
    #keepalive_requests 0;
    
    fastcgi_connect_timeout 60;
    fastcgi_send_timeout 180;
    fastcgi_read_timeout 180;
    fastcgi_buffer_size 512k;
    fastcgi_buffers 512 16k;
    fastcgi_busy_buffers_size 1m;
    fastcgi_temp_file_write_size 4m;
    fastcgi_max_temp_file_size 4m;
    fastcgi_intercept_errors on;
    
    # next 3 lines when uncommented / enabled
    # allow Nginx to handle uploads which then
    # passes back the completed upload to PHP
    #fastcgi_pass_request_body off;
    #client_body_in_file_only clean;
    #fastcgi_param  REQUEST_BODY_FILE  $request_body_file;
    
    #new .04+ map method
    fastcgi_param HTTPS $server_https;
    
    # comment out PATH_TRANSLATED line if /usr/local/lib/php.ini sets following:
    # cgi.fix_pathinfo=0
    # as of centminmod v1.2.3-eva2000.01 default is set to cgi.fix_pathinfo=1
    
    fastcgi_param  PATH_INFO          $fastcgi_path_info;
    fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;
    
    fastcgi_param  QUERY_STRING       $query_string;
    fastcgi_param  REQUEST_METHOD     $request_method;
    fastcgi_param  CONTENT_TYPE       $content_type;
    fastcgi_param  CONTENT_LENGTH     $content_length;
    
    fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
    fastcgi_param  REQUEST_URI        $request_uri;
    fastcgi_param  DOCUMENT_URI       $document_uri;
    fastcgi_param  DOCUMENT_ROOT      $document_root;
    fastcgi_param  SERVER_PROTOCOL    $server_protocol;
    fastcgi_param  REQUEST_SCHEME     $scheme;
    fastcgi_param  HTTPS              $https if_not_empty;
    fastcgi_param  HTTP_PROXY         "";
    
    fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
    fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
    
    fastcgi_param  REMOTE_ADDR        $remote_addr;
    fastcgi_param  REMOTE_PORT        $remote_port;
    fastcgi_param  SERVER_ADDR        $server_addr;
    fastcgi_param  SERVER_PORT        $server_port;
    fastcgi_param  SERVER_NAME        $server_name;
    
    # Set php-fpm geoip variables
    fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
    fastcgi_param GEOIP_COUNTRY_CODE3 $geoip_country_code3;
    fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;
    fastcgi_param GEOIP_CITY_COUNTRY_CODE $geoip_city_country_code;
    fastcgi_param GEOIP_CITY_COUNTRY_CODE3 $geoip_city_country_code3;
    fastcgi_param GEOIP_CITY_COUNTRY_NAME $geoip_city_country_name;
    fastcgi_param GEOIP_REGION $geoip_region;
    fastcgi_param GEOIP_CITY $geoip_city;
    fastcgi_param GEOIP_POSTAL_CODE $geoip_postal_code;
    fastcgi_param GEOIP_CITY_CONTINENT_CODE $geoip_city_continent_code;
    fastcgi_param GEOIP_LATITUDE $geoip_latitude;
    fastcgi_param GEOIP_LONGITUDE $geoip_longitude;
    
    # PHP only, required if PHP was built with --enable-force-cgi-redirect
    fastcgi_param  REDIRECT_STATUS    200;
    
                       }
     
  5. eva2000

    eva2000 Administrator Staff Member

    30,178
    6,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,139
    Local Time:
    8:39 AM
    Nginx 1.13.x
    MariaDB 5.5
    Latest update on September 14, 2015 to Centmin Mod 1.2.3-eva2000.08 stable (123.08stable) and higher has added Nginx debug mode support. Nginx debug mode is disabled by default.

    To enable, edit centmin.sh and change variable NGINX_DEBUG=n default to NGINX_DEBUG=y and recompile Nginx via centmin.sh menu option 4 and then setting error_log in nginx vhosts to debug as outlined at nginx.org/en/docs/debugging_log.html & wiki.nginx.org/Debugging.

    You do not want to leave Nginx debug mode running forever, so after debugging, set NGINX_DEBUG=n in centmin.sh and recompile Nginx again via centmin.sh menu option 4 and remove error_log debugging mode to disable Nginx debug mode again.

    To update your Centmin Mod builds code for Nginx debug mode support if you do not have a NGINX_DEBUG variable in centmin.sh, follow instructions at centminmod.com/upgrade.html and respective version threads below:

    Centmin Mod is provided as is, but you can try debugging mode for Nginx for further troubleshooting if you have problems with Nginx (i.e. segfaults / signal 11 issues) as outlined at nginx.org/en/docs/debugging_log.html & wiki.nginx.org/Debugging.
     
  6. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    12:39 AM
    1
    10
    thanks @eva2000, I'll give that a shot, I hate nginx with a passion, unfortunately, it' a better fit for what I intend to build. I'm fairly convinced the original developer of nginx built it to screw over the world.
     
  7. pamamolf

    pamamolf Well-Known Member

    2,725
    243
    63
    May 31, 2014
    Ratings:
    +434
    Local Time:
    1:39 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    That's what Apache developers did and not Nginx developers as htaccess is killing performance :)

    Like Apache: .htaccess | NGINX
     
  8. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    12:39 AM
    1
    10
    fair enough @pamamolf, but c'mon there's hundreds of better ways to deal with conf files vs the current method, no one wants to deal with include city, maybe i should rent the nasa control room so i can use all their screens :woot: