nginx, php-fpm, 404

rainer at rainer at
Tue May 29 09:01:43 UTC 2018


I'm trying to setup pimcore5 with nginx + php-fpm (7.0 on FreeBSD 11.1 
amd64, for the record).

According to their documentation, this needs the following 

# pimcorev5
# mime types are covered in nginx.conf by:
# http {
#   include       mime.types;
# }

upstream php_pimcore_v5_nghsbrtest {
     server unix:/var/run/fastcgi//nghsbrtest.sock;

server {
     listen 80;
     server_name  nghsbrtest.bla.dom;
     access_log /home/nghsbrtest/logs/nginx_access_log ;
     error_log /home/nghsbrtest/logs/nginx_error_log;
     root /home/nghsbrtest/FTPROOT/web;
     client_max_body_size 200m;
     index app.php index.php;

     # Pimcore Head-Link Cache-Busting
     rewrite ^/cache-buster-(?:\d+)/(.*) /$1 last;

     # Stay secure
     # a) don't allow PHP in folders allowing file uploads
     location ~* /var/assets/*\.php(/|$) {
         return 404;
     # b) Prevent clients from accessing hidden files (starting with a 
     # Access to `/.well-known/` is allowed.
     location ~* /\.(?!well-known/) {
         deny all;
         log_not_found off;
         access_log off;
     # c) Prevent clients from accessing to backup/config/source files
     location ~* 
(?:\.(?:bak|conf(ig)?|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ {
         deny all;

     # Some Admin Modules need this:
     # Database Admin, Server Info
     location ~* ^/admin/(adminer|external) {
         access_log off;
         log_not_found off;
         add_header Cache-Control "public";

     # Installer
     # Remove this if you don't need the web installer (anymore)
     if (-f $document_root/install.php) {
         rewrite ^/install(/?.*) /install.php$1 last;
     location / {
         error_page 404 /meta/404;
         add_header "X-UA-Compatible" "IE=edge";
         try_files $uri /app.php$is_args$args;

     # Use this after initial install is done:
     #location ~ ^/app\.php(/|$) {
     location ~ /(app|install)\.php(/|$) {
         send_timeout 1800;
         fastcgi_read_timeout 1800;
         # regex to split $uri to $fastcgi_script_name and $fastcgi_path
         fastcgi_split_path_info ^(.+\.php)(/.+)$;
         # Check that the PHP script exists before passing it
         try_files $fastcgi_script_name =404;
         include fastcgi_params;
         # Bypass the fact that try_files resets $fastcgi_path_info
         # see:
         set $path_info $fastcgi_path_info;
         fastcgi_param PATH_INFO $path_info;

         # Activate these, if using Symlinks and opcache
         # these don't seem to work in case everything is chrooted
         #fastcgi_param SCRIPT_FILENAME 
         #fastcgi_param DOCUMENT_ROOT $realpath_root;
	# when chrooted:
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

         fastcgi_pass php_pimcore_v5_nghsbrtest;
         fastcgi_keep_conn on;
         # Prevents URIs that include the front controller. This will 
         # http://domain.tld/app.php/some-path
         # Remove the internal directive to allow URIs like this

     # PHP-FPM Status and Ping
     location /fpm- {
         access_log off;
         include fastcgi_params;
         location /fpm-status {
             # add additional IP's or Ranges
             deny all;
             fastcgi_pass php_pimcore_v5_nghsbrtest;
         location /fpm-ping {
             fastcgi_pass php_pimcore_v5_nghsbrtest;

However, when I call the URL /install as suggested by the documentation

I get redirected to /install/

and for that URL, I get a 404.

It seems, PHP-FPM isn't even called.

 From the error-log (with debug-option):

2018/05/29 11:01:17 [notice] 94022#0: *1805515 "^/install(/?.*)" matches 
"/install/", client: a.b.c.d, server: nghsbrtest.bla.dom, request: "GET 
/install/ HTTP/1.1", host: "nghsbrtest.bla.dom"
2018/05/29 11:01:17 [notice] 94022#0: *1805515 rewritten data: 
"/install.php/", args: "", client: a.b.c.d, server: nghsbrtest.bla.dom, 
request: "GET /install/ HTTP/1.1", host: "nghsbrtest.bla.dom"

I can't seem to get my head around this. It should match the 
php-location, shouldn't it?

Anyone got an idea?

Best Regards

More information about the nginx mailing list