Hello,

I am having some issues running Nginx for Joomla, specifically in the administrator section, herafter are two use cases:

1- Opening the page http://www.mysite.com/administrator works, but when I enter my username and password to log into to the administrator section, I get sent back to http://www.mysite.com. It looks like the "administrator" part of the address has been removed after the POST request when clicking the "Login" button. The interesting part is that when clicking "BACK" in my browser I get sent to the administration panel.

2- Once in the administration panel, I go to edit one of my articles, then when clicking on the "CANCEL" button to discard the changes and get back to the list of articles, I get a 404 error.

The Nginx configuration I'm using is the following:

[code]
server {
listen 80;
server_name mysite.com www.mysite.com;
server_name_in_redirect off;
access_log /var/log/nginx/mysite.access_log main;
error_log /var/log/nginx/mysite.error_log info;

location / {
index index.html index.htm index.php;
root /home/www/mysite;
}

location ~ .*\.php$ {
include /etc/nginx/fastcgi_params;
if ($uri !~ "^/images|cache|media/") {
fastcgi_pass 127.0.0.1:9000;
}
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /home/www/mysite/$fastcgi_script_name;
}
}
[/code]

Anyone has this problem with Nginx ?

Thanks

I'm not quite sure why this is happening.

What are you trying to accomplish with the "if" clause in the php block? If those locations refer to static files on the disk then they should be served from the location block above it. If they aren't, then how are they being served?

If you are using a recent version of nginx ( 0.6.36+, 0.7.27+, 0.8.x) you can use "try_files":

[code]
location / {
try_files $uri $uri/ @joomla;
}

location ~ \.php$ {
try_files $uri @joomla;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}

location @joomla {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME /path/to/index.php;
include /etc/nginx/fastcgi_params;
}
[/code]

This is adapted from example on wiki.

--
Jim Ohlstein

Hi,

Actually the directories in the if ($uri !~ "^/images|cache|media/") statement are owned by the fast_cgi user and correspond to images and files uploaded via the Joomla CMS when creating new articles and content, this way an attacker cannot upload malicious php code and run it in those directories. This said, you are right because the server won't serve any static content anymore from those directories... the if statement should have probably been: "any php file" in images|cache|media directory, instead of "anything" in images|cache|media.

Tonight I will try removing this if statement and will test "try_files", then post back the results,

Thanks

Ah, I see. You're securing your upload directories. Wise move. It should work as written. You shouldn't need to specify "any php file" since that condition is already satisfied in that location.

A better way might to code the app to only allow specified file types, or to specifically not allow php files. That way you won't need an "if" statement to be evaluated for every fastcgi_pass. Is this not an option within Joomla?

--
Jim Ohlstein



Edited 1 time(s). Last edit at 10/01/2009 09:11AM by Jim Ohlstein.

Concerning the upload directories, I prefer to secure this from the server side, as the Joomla cvs might have security holes even after disabling php file uploads, not to mention if I install any additional addons.

As for the try_files statement, it didn't work. I spent a lot of time looking for a solution, and try to understand why Nginx forwards the login POST data from mysite.com/administrator/index.php to mysite.com/index.php ...

Now I'm trying to create a rule: if the request is POST then rewrite the uri to administrator/$uri

If anyone has the same issue with Nginx+Joomla, any help is welcome, this issue is a showstopper for using Nginx instead of apache. Or if anyone could explain to me the mechanics behind this behavior would be great.

Hello,

Well I post back here to give a feedback of my situation. I haven't found yet a way to fix the Joomla issue, so I'm dropping Nginx for now, the documentation and information is so scarce concerning rewrite rules for Joomla (even help on this official forum is not easy to get) -- I'm not talking about special rewrite rules, just the necessary ones to make Joomla work. Apache works just out of the box... I really don't understand where the problem is with Nginx...

Regards

Problem SOLVED !

Ok I got back to this issue and after a lot of debugging, source code reading, and wireshark http request monitoring... the issue was in the php parameters. Joomla uses $_SERVER['PHP_SELF'] and $_SERVER['SCRIPT_NAME'] to retrieve the path to files. In some nginx installation guides, it is said to comment out the "fastcgi_param SCRIPT_NAME $fastcgi_script_name;" line in the /etc/nginx/fastcgi_params file, I had the line commented.

I just uncommented the line and everything works great now!!

Do you know why some guides say to comment this line?



Edited 2 time(s). Last edit at 10/25/2009 05:06PM by Revy.