Menu
I'm trying to serve CachetHQ in nginx + php-fpm in a specific location. The docs gives this as example that serves in status.example.com (which works):
server {
listen 80;
server_name status.example.com;
root /var/www/Cachet/public;
index index.php;
location / {
try_files $uri /index.php$is_args$args;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
fastcgi_keep_conn on;
}
}
However, instead of serving in status.example.com, I would like to serve in example.com/status.
I was expecting that this would work, but from error.log I see it's trying /etc/nginx/htmlindex.php, but it should be /mnt/data/site/www-cachet/public/index.php:
location /status/ {
index index.php;
root /mnt/data/site/www-cachet/public;
try_files $uri index.php$is_args$args;
location ~ ^/status/.+\.php$ {
root /mnt/data/site/www-cachet/public;
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
fastcgi_keep_conn on;
}
}
385
For security reasons, the NGINX Open Source ports in this solution cannot be accessed over a public IP address. To connect to NGINX Open Source from a different machine, you must open port 80, 443 for remote access. Refer to the FAQ for more information on this.
By default, the Nginx HTTP server listens for inbound connections and connects to port 80, which is the default web port. However, the TLS configuration, which is not supported in Nginx by default, listens to port 443 for secure connections.
To find a location match for an URI, NGINX first scans the locations that is defined using the prefix strings (without regular expression). Thereafter, the location with regular expressions are checked in order of their declaration in the configuration file.
By using the nginx forward proxy we can masking the location and IP for gaining access to services. Nginx forward proxy will continuing the request on behalf of the client. At the time when the host server will accept the request then only we can see the IP of the nginx proxy server.
Let me start with the original configuration that you claim works, and try to modify it for your requirements, results below:
location ^~ /status {
alias /var/www/Cachet/public;
index index.php;
location = /status {
return 302 /status/;
}
location / {
try_files $uri /status/index.php$is_args$args;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
rewrite ^/status/(.*) /$1;
rewrite ^(.*)/ $1/index.php; # who knows what fastcgi_index is for?
fastcgi_param SCRIPT_FILENAME $document_root$uri;
fastcgi_keep_conn on;
}
}
Basically, you want to use alias instead of root here, and probably also have an absolute path in the final try_files as well. I don't think adding extra prefixes within nested locations is needed, but you might want to make sure that the root location is a final match with the ^~ modifier.
The main trick, I guess, is that even with the alias directive things aren't as dandy as with a proper root, so, you have to make sure that the SCRIPT_FILENAME is set correctly. This part doesn't seem to be documented very clearly, and I'm too lazy to test out whether $fastcgi_script_name ngx variable and fastcgi_index directive play nice with alias -- instead of trying to determine how those work (or not), we simply do a couple of rewrite rules as applicable, and construct SCRIPT_FILENAME based on the results of our rewrite rules instead. :-)
However, with that said, I'd think the second rewrite rule (as well as the fastcgi_index it replaces) might as well be a no-op, because how were we supposed to end up in a \.php$ location if $uri didn't end in .php already?
(Likewise, you're free to try to remove the first rewrite rule, too, and replace $uri in SCRIPT_FILENAME with $fastcgi_script_name, and see if things still work, but the internet from 2009 may indicate that they didn't.)
111
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
