nginx, php-fpm, 404
rainer at ultra-secure.de
rainer at ultra-secure.de
Tue May 29 09:01:43 UTC 2018
Hi,
I'm trying to setup pimcore5 with nginx + php-fpm (7.0 on FreeBSD 11.1
amd64, for the record).
According to their documentation, this needs the following
configuration:
# pimcorev5
# mime types are covered in nginx.conf by:
# http {
# include mime.types;
# }
upstream php_pimcore_v5_nghsbrtest {
server unix:/var/run/fastcgi//nghsbrtest.sock;
}
server {
listen 80;
server_name nghsbrtest.bla.dom;
access_log /home/nghsbrtest/logs/nginx_access_log ;
error_log /home/nghsbrtest/logs/nginx_error_log;
root /home/nghsbrtest/FTPROOT/web;
client_max_body_size 200m;
index app.php index.php;
# Pimcore Head-Link Cache-Busting
rewrite ^/cache-buster-(?:\d+)/(.*) /$1 last;
# Stay secure
#
# a) don't allow PHP in folders allowing file uploads
location ~* /var/assets/*\.php(/|$) {
return 404;
}
# b) Prevent clients from accessing hidden files (starting with a
dot)
# Access to `/.well-known/` is allowed.
# https://www.mnot.net/blog/2010/04/07/well-known
# https://tools.ietf.org/html/rfc5785
location ~* /\.(?!well-known/) {
deny all;
log_not_found off;
access_log off;
}
# c) Prevent clients from accessing to backup/config/source files
location ~*
(?:\.(?:bak|conf(ig)?|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ {
deny all;
}
# Some Admin Modules need this:
# Database Admin, Server Info
location ~* ^/admin/(adminer|external) {
access_log off;
log_not_found off;
add_header Cache-Control "public";
}
# Installer
# Remove this if you don't need the web installer (anymore)
if (-f $document_root/install.php) {
rewrite ^/install(/?.*) /install.php$1 last;
}
location / {
error_page 404 /meta/404;
add_header "X-UA-Compatible" "IE=edge";
try_files $uri /app.php$is_args$args;
}
# Use this after initial install is done:
#location ~ ^/app\.php(/|$) {
location ~ /(app|install)\.php(/|$) {
send_timeout 1800;
fastcgi_read_timeout 1800;
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;
include fastcgi_params;
# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
# Activate these, if using Symlinks and opcache
# these don't seem to work in case everything is chrooted
#fastcgi_param SCRIPT_FILENAME
$realpath_root$fastcgi_script_name;
#fastcgi_param DOCUMENT_ROOT $realpath_root;
# when chrooted:
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass php_pimcore_v5_nghsbrtest;
fastcgi_keep_conn on;
# Prevents URIs that include the front controller. This will
404:
# http://domain.tld/app.php/some-path
# Remove the internal directive to allow URIs like this
internal;
}
# PHP-FPM Status and Ping
location /fpm- {
access_log off;
include fastcgi_params;
location /fpm-status {
allow 127.0.0.1;
# add additional IP's or Ranges
deny all;
fastcgi_pass php_pimcore_v5_nghsbrtest;
}
location /fpm-ping {
fastcgi_pass php_pimcore_v5_nghsbrtest;
}
}
}
However, when I call the URL /install as suggested by the documentation
https://pimcore.com/docs/5.x/Development_Documentation/Getting_Started/Installation.html
I get redirected to /install/
and for that URL, I get a 404.
It seems, PHP-FPM isn't even called.
From the error-log (with debug-option):
2018/05/29 11:01:17 [notice] 94022#0: *1805515 "^/install(/?.*)" matches
"/install/", client: a.b.c.d, server: nghsbrtest.bla.dom, request: "GET
/install/ HTTP/1.1", host: "nghsbrtest.bla.dom"
2018/05/29 11:01:17 [notice] 94022#0: *1805515 rewritten data:
"/install.php/", args: "", client: a.b.c.d, server: nghsbrtest.bla.dom,
request: "GET /install/ HTTP/1.1", host: "nghsbrtest.bla.dom"
I can't seem to get my head around this. It should match the
php-location, shouldn't it?
Anyone got an idea?
Best Regards
Rainer
More information about the nginx
mailing list