/ Register

Learn about Centmin Mod LEMP Stack today
Register Now

yum update question + nginx question

Discussion in 'System Administration' started by hitman, May 29, 2016.

Previous Thread Next Thread
Loading...
  1. May 29, 2016 #1
    hitman

    hitman Member

    126
    11
    18
    Jul 18, 2014
    Ratings:
    +15
    Local Time:
    9:29 PM
    hello
    i hope it is not a problem that i ask 2 questions together and i am not opening a separate topic.

    1) I have the path for the uploads on my site like this domain.com/uploads and through the domain.com.conf file in /usr/local/nginx/conf/conf.d i have blocked the execution of php in this path. Now if someone visits this path domain.com/uploads it shows a white page and i believe that it should not, it should throw an error or something there. Could you please let me know if i have done something wrong or if i should add something there for extra security ?

    2) When i try to update through yum (yum -y update) i get the following error
    Code:
    ---> Package ImageMagick-last-c++.x86_64 0:6.9.4.3-1.el6.remi will be updated
--> Processing Dependency: ImageMagick-last-c++(x86-64) = 6.9.4.3-1.el6.remi for package: ImageMagick-last-c++-devel-6.9.4.3-1.el6.remi.x86_64
---> Package ImageMagick-last-libs.x86_64 0:6.9.4.3-1.el6.remi will be updated
--> Processing Dependency: ImageMagick-last-libs(x86-64) = 6.9.4.3-1.el6.remi for package: ImageMagick-last-6.9.4.3-1.el6.remi.x86_64
---> Package libxml2-python.x86_64 0:2.7.6-21.el6 will be installed
--> Finished Dependency Resolution
Error: Package: ImageMagick-last-c++-devel-6.9.4.3-1.el6.remi.x86_64 (@remi)
           Requires: ImageMagick-last-c++(x86-64) = 6.9.4.3-1.el6.remi
           Removing: ImageMagick-last-c++-6.9.4.3-1.el6.remi.x86_64 (@remi)
               ImageMagick-last-c++(x86-64) = 6.9.4.3-1.el6.remi
           Updated By: ImageMagick-last-c++-6.9.4.4-1.el6.remi.x86_64 (remi-safe)
               ImageMagick-last-c++(x86-64) = 6.9.4.4-1.el6.remi
Error: Package: ImageMagick-last-6.9.4.3-1.el6.remi.x86_64 (@remi)
           Requires: ImageMagick-last-libs(x86-64) = 6.9.4.3-1.el6.remi
           Removing: ImageMagick-last-libs-6.9.4.3-1.el6.remi.x86_64 (@remi)
               ImageMagick-last-libs(x86-64) = 6.9.4.3-1.el6.remi
           Updated By: ImageMagick-last-libs-6.9.4.4-1.el6.remi.x86_64 (remi-safe)
               ImageMagick-last-libs(x86-64) = 6.9.4.4-1.el6.remi
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
    please note that in order to update as soon i had run
    Code:
    yum -y update --enablerepo=remi --disableplugin=priorities
    how can i fix this?

    thank you in advance
     
  2. May 29, 2016 #2
    eva2000

    eva2000 Administrator Staff Member

    55,189
    12,251
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,829
    Local Time:
    4:29 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    2nd fixed by disabling remi-safe repo if you update to latest 123.09beta01 and run centmin.sh once after Beta Branch - disable remi-safe repo by default | Centmin Mod Community

    or just disable it manually via cmd
    Code (Text):
    sed -i 's|enabled=1|enabled=0|' /etc/yum.repos.d/remi-safe.repo


    1st need the syntax you used for blocking php in /upload

    When you create a new nginx vhost domain via centmin.sh menu option 2 or menu option 22 or via /usr/bin/nv cli command line, you will create the Nginx vhost files and directories. You will get an outputted the path location where it will create the domain name's vhost conf file named newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL)
    • Nginx vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.conf
    • Nginx HTTP/2 SSL vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf
    • Nginx Self-Signed SSL Certificate Directory at /usr/local/nginx/conf/ssl/newdomain.com
    • Vhost public web root will be at /home/nginx/domains/newdomain.com/public
    • Vhost log directory will be at /home/nginx/domains/newdomain.com/log
    Please post the contents of /usr/local/nginx/conf/conf.d/newdomain.com.conf and if applicable /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf wrapped in CODE tags (outlined at How to use forum BBCODE code tags)
     
  3. May 30, 2016 #3
    hitman

    hitman Member

    126
    11
    18
    Jul 18, 2014
    Ratings:
    +15
    Local Time:
    9:29 PM
    Code:
    # Prevent access to ./directories and files
    location ~ (?:^|/)\. {
        deny all;
    }

    location / {

        # block common exploits, sql injections etc
        include /usr/local/nginx/conf/block.conf;

        # Enables directory listings when index file not found
        # autoindex  on;

        # Shows file listing times as local time
        autoindex_localtime on;

        try_files    $uri $uri/ /index.php;

    }
   


    location ~^(/upload/).*(\.php)$ {
        deny     all;
    }
    this is the part that blocks php execution in upload path
     
  4. May 30, 2016 #4
    eva2000

    eva2000 Administrator Staff Member

    55,189
    12,251
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,829
    Local Time:
    4:29 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    looks good if you have a blank /upload/index.html it will show as it's not a .php file
     
Previous Thread Next Thread
Loading...

.