Tired from nginx non-sense

LTniger · February 15

So, I have migrated from Apache to wonderful world of Nginx. And of course it was a darn mistake... Simple problem on my hands provided on the snippet bellow:

server {
    listen              443 ssl http2;
    server_name         domain.tld;
    set                 $base /var/www/domain.tld;
    root                $base/;

        # restrict methods
    if ($request_method !~ ^(GET|POST|HEAD|OPTIONS|TRACE)$) {
        return '405';
    }

    # index.php
    index      index.php;

   # index.php fallback
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    # handle .php
    location ~ \.php$ {
        include nginxconfig.io/php_fastcgi.conf;
    }

        location ~ /superfolder {
           allow  127.0.0.1;
           deny all;
           return 404;
        }

        location ~ /\.ht {
                deny  all;
        }
}

Now that "superfolder" access restriction part is not working. I mean, yes, I can't access domain.tld/superfolder but I can access domain.tld/superfolder/superscript.php

It drives me nuts! I tried these variations:

location ^~ /superfolder {
           allow  127.0.0.1;
           deny all;
           return 404;
}

And:

location ~ /superfolder/.*\.(php)$ {
           allow  127.0.0.1;
           deny all;
           return 404;
}

Anyone who has more experience with Nginx - help, I'am stuck.

rm_ · February 15

Nginx configs are indeed the single worst thing about that server, check out Lighttpd instead.

I can't access domain.tld/superfolder but I can access domain.tld/superfolder/superscript.php

As for the question, try replacing

location ~ /superfolder {
with
location /superfolder/ {

And then if you want PHP to work in there also (but for 127.0.0.1) you will likely need to
include nginxconfig.io/php_fastcgi.conf;
in that secton too. Yes, hard to call this anything else than nonsense.

LTniger · February 15

fastcgi.conf is included, I just cut it out and left important bits in example .

So, I should include fastcgi like so:

location /superfolder/ {
           include nginxconfig.io/php_fastcgi.conf;
           allow  127.0.0.1;
           deny all;
           return 404;
}

nfn · February 15

Try to use internal; inside the superfolder

rm_ · February 15

So, I should include fastcgi like so:

I'd say yes, and why not just try it and return with does it work or not, instead of "should I"

LTniger · February 15

Problem resolved. I just had to move this portion of config to the bottom:

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

dominame · February 15

Revert to Apache, no earlier than v.2.4. Add in the PHP-FPM module. You'll then find Apache is at least as fast as NginX whilst retaining all the versatility of Apache, including htaccess.

It's not quite as simple as installing the module but not much more to do. Use a search including the name and release of your distro. It does vary slightly from distro to distro.

yoursunny · February 15

I switched to Caddy last year. Everything is so intuitive.
https://yoursunny.com/t/2021/yoursunny-com-caddy/

team_traitor · February 15

location ~ /(superfolder) {
deny all;
return 401;
}

orion504 · February 15

Envoy https://www.envoyproxy.io/

0xbkt · February 15

The heck is all of this? Use Caddy.

Jona4s · February 16

Unless you have the IQ of a golden retriever, I suggest you stop using PHP and Nginx.

jon617 · February 16

Did this transition many years ago. Apache seemed so much easier to config, but nginx is so much more lightweight.

notarobo · February 16

how about openlitespeed

ericls · February 16

How about cowboy?

Boogeyman · February 16

@yoursunny said: I switched to Caddy last year. Everything is so intuitive.

TL;DR, Would this be sensible to make a control panel around Caddy?

LTniger · February 16

Does caddy support mod_security, cloudflare ip resolution, cloudflare origin verification?

Boogeyman · February 16

@LTniger said: Does caddy support mod_security, cloudflare ip resolution, cloudflare origin verification?

I think you will have figure on your own. I couldn't find any good tutorials about that either. Looks like there is no built in support for that.
https://caddyserver.com/docs/extending-caddy#complete-example
https://caddy.community/t/tutorial-for-extending-caddy/7065/5
https://caddy.community/search?q=mod security

yoursunny · February 16

@Boogeyman said:

@yoursunny said: I switched to Caddy last year. Everything is so intuitive.

TL;DR, Would this be sensible to make a control panel around Caddy?

No, you should not use ANY control panel.
cPanel, Direct Admin, … should all be avoided.

Infrastructure should be defined in code and committed to source control.
When you make the webapp, it comes with the exact web server configuration needed to serve the webapp.

This is the configuration of my website:
https://bitbucket.org/yoursunny/yoursunny-website/src/0616b70e484bbb736185a7debb2e3addf8153fe5/http-server/?at=master

Caddyfile and nginx config for development and production environments
test script
build steps

Howdy, Stranger!

Categories

In this Discussion

Tired from nginx non-sense

Comments

Howdy, Stranger!

Quick Links

Categories

In this Discussion

Tired from nginx non-sense

Comments