|
Falsche redirects zu 404/not found bei einigen Unterordnern November 23, 2018 03:11AM |
Registered: 5 years ago Posts: 2 |
Hallo zusammen,
ich habe die Suche im Forum und großen weiten Web strapaziert aber zu meinem Thema konnte ich - wohl auch aufgrund mangelnder Erfahrung - keine passende Lösung finden.
Ich betreibe einen Heimserver mit Ubuntu 18.04, auf welchem Nginx und MariaDB laufen. Über nginx laufen derzeit einige Anwendungen. Ich habe dafür einen Gateway-Host und für jede Anwendung einen virtuellen Host.
Vor kurzem bin ich auf BookStack gestoßen, um gut dokumentieren zu können.
Ich habe derzeit das Problem, dass offensichtlich einige Aufrufe von Unterordnern nicht korrekt weitergeleitet werden und dann auf die Fehlerseite 404/nicht gefunden umgeleitet werde.
BookStack benutzt eine APP_URL, unter welcher die gewünschte Domain, unter der BookStack zu erreichen sein soll, eingetragen wird. Ich habe die APP_URL entsprechend angepasst. Ich möchte unter https://DynDNS.de/bookstack erreichbar sein. Ich habe die URL in das .env eingefügt, einschließlich des trailing slashs, welcher hier zum Aufruf eines Ordners nach der URL wichtig ist.
Nachfolgend sind meine aktuellen Host-Konfigurationen aufgeführt.
Gateway-Host
upstream php-handler {
server unix:/run/php/php7.2-fpm.sock;
}
server {
listen 80 default_server;
server_name domain.name.ltd server_ip;
root /var/www;
location ^~ /.well-known/acme-challenge {
proxy_pass http://127.0.0.1:port;
proxy_redirect off;
}
location / {
# Enforce HTTPS
# Use this if you always want to redirect to the DynDNS address (no local access).
return 301 https://$server_name$request_uri;
# Use this if you also want to access the server by local IP:
#return 301 https://$server_addr$request_uri;
}
}
server {
listen 443 ssl http2;
server_name noopiescloud.spdns.de 192.168.178.52;
# Certificates used
ssl_certificate ***;
ssl_certificate_key ***;
# Not using TLSv1 will break:
# Android <= 4.4.40
# IE <= 10
# IE mobile <=10
# Removing TLSv1.1 breaks nothing else!
# TLSv1.3 is not supported by most clients, but it should be enabled.
ssl_protocols TLSv1.2 TLSv1.3;
# Cipher suite from https://cipherli.st/
# Max. security, but lower compatibility
ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384';
# Cipher suite from https://wiki.mozilla.org/Security/Server_Side_TLS
#ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
# (Modern) cipher suite from https://mozilla.github.io/server-side-tls/ssl-config-generator/
#ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
# Diffie-Hellman parameter for DHE ciphersuites, recommended 4096 bits
# ssl_dhparam /etc/nginx/ssl/dhparams.pem;
# Use multiple curves.
# secp521r1: Not supported by Chrome
# secp384r1: Not supported by Android (DAVdroid)
ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
# Server should determine the ciphers, not the client
ssl_prefer_server_ciphers on;
# OCSP Stapling
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
# This should be chain.pem
# See here: https://certbot.eff.org/docs/using.html
ssl_trusted_certificate ***;
resolver 192.168.178.1;
# SSL session handling
ssl_session_timeout 24h;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
#
# Add headers to serve security related headers
#
# HSTS (ngx_http_headers_module is required)
# In order to be recoginzed by SSL test, there must be an index.hmtl in the server's root
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains" always;
add_header X-Content-Type-Options "nosniff" always;
# Usually this should be "DENY", but when hosting sites using frames, it has to be "SAMEORIGIN"
add_header Referrer-Policy "no-referrer" always;
#add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
location = / {
# Disable access to the web root, otherwise nginx will show the default site here.
deny all;
}
#
#app1
#
location ^~ /app1 {
proxy_pass http://127.0.0.1:port;
proxy_read_timeout 90;
}
#
#app2
#
location ^~ /app2 {
proxy_pass http://127.0.0.1:port;
}
#
# app3
#
location ^~ /app3 {
proxy_pass http://127.0.0.1:port;
}
#
# BookStack
#
location ^~ /bookstack/ {
rewrite ^/bookstack/(.*) /$1 break;
proxy_pass http://127.0.0.1:port/;
return 301 https://$server_name$request_uri;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
BookStack Virtual Host
server {
listen port;
root /var/www/bookstack/public;
index index.php index.html index.htm;
server_name 127.0.0.1;
access_log /var/log/nginx/bookstack_access.log;
error_log /var/log/nginx/bookstack_error.log;
client_max_body_size 100M;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README) {
deny all;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
}
}
Auch ein Auszug aus den Logs:
2018/11/22 13:27:27 [error] 3067#3067: *504 open() "/usr/share/nginx/html/login" failed (2: No such file or directory), client: IP, server: domain.name.com, request: "GET /login HTTP/1.1", host: "domain.name.com"
2018/11/22 13:27:34 [error] 3067#3067: *504 open() "/usr/share/nginx/html/login" failed (2: No such file or directory), client: IP, server: domain.name.com, request: "GET /login HTTP/1.1", host: "domain.name.com"
2018/11/22 13:30:24 [error] 3067#3067: *603 open() "/usr/share/nginx/html/translations" failed (2: No such file or directory), client: IP, server: domain.name.com, request: "GET /translations HTTP/1.1", host: "domain.name.com"
2018/11/22 13:30:29 [error] 3066#3066: *677 open() "/usr/share/nginx/html/translations" failed (2: No such file or directory), client: IP, server: domain.name.com, request: "GET /translations HTTP/1.1", host: "domain.name.com"
2018/11/22 13:31:41 [error] 3066#3066: *817 open() "/usr/share/nginx/html/books/ufw/create-page" failed (2: No such file or directory), client: IP, server: domain.name.com, request: "GET /books/ufw/create-page HTTP/1.1", host: "domain.name.com"
2018/11/22 13:31:59 [error] 3066#3066: *677 open() "/usr/share/nginx/html/books/ufw/create-page" failed (2: No such file or directory), client: IP, server: domain.name.com, request: "GET /books/ufw/create-page HTTP/1.1", host: "domain.name.com"
Habt ihr hier möglicherweise eine Idee, warum bei manchen Redirects /bookstack/ aus der URL gezogen wird?
Vielen Dank vorab für eure Hilfe!
ich habe die Suche im Forum und großen weiten Web strapaziert aber zu meinem Thema konnte ich - wohl auch aufgrund mangelnder Erfahrung - keine passende Lösung finden.
Ich betreibe einen Heimserver mit Ubuntu 18.04, auf welchem Nginx und MariaDB laufen. Über nginx laufen derzeit einige Anwendungen. Ich habe dafür einen Gateway-Host und für jede Anwendung einen virtuellen Host.
Vor kurzem bin ich auf BookStack gestoßen, um gut dokumentieren zu können.
Ich habe derzeit das Problem, dass offensichtlich einige Aufrufe von Unterordnern nicht korrekt weitergeleitet werden und dann auf die Fehlerseite 404/nicht gefunden umgeleitet werde.
BookStack benutzt eine APP_URL, unter welcher die gewünschte Domain, unter der BookStack zu erreichen sein soll, eingetragen wird. Ich habe die APP_URL entsprechend angepasst. Ich möchte unter https://DynDNS.de/bookstack erreichbar sein. Ich habe die URL in das .env eingefügt, einschließlich des trailing slashs, welcher hier zum Aufruf eines Ordners nach der URL wichtig ist.
Nachfolgend sind meine aktuellen Host-Konfigurationen aufgeführt.
Gateway-Host
upstream php-handler {
server unix:/run/php/php7.2-fpm.sock;
}
server {
listen 80 default_server;
server_name domain.name.ltd server_ip;
root /var/www;
location ^~ /.well-known/acme-challenge {
proxy_pass http://127.0.0.1:port;
proxy_redirect off;
}
location / {
# Enforce HTTPS
# Use this if you always want to redirect to the DynDNS address (no local access).
return 301 https://$server_name$request_uri;
# Use this if you also want to access the server by local IP:
#return 301 https://$server_addr$request_uri;
}
}
server {
listen 443 ssl http2;
server_name noopiescloud.spdns.de 192.168.178.52;
# Certificates used
ssl_certificate ***;
ssl_certificate_key ***;
# Not using TLSv1 will break:
# Android <= 4.4.40
# IE <= 10
# IE mobile <=10
# Removing TLSv1.1 breaks nothing else!
# TLSv1.3 is not supported by most clients, but it should be enabled.
ssl_protocols TLSv1.2 TLSv1.3;
# Cipher suite from https://cipherli.st/
# Max. security, but lower compatibility
ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384';
# Cipher suite from https://wiki.mozilla.org/Security/Server_Side_TLS
#ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
# (Modern) cipher suite from https://mozilla.github.io/server-side-tls/ssl-config-generator/
#ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
# Diffie-Hellman parameter for DHE ciphersuites, recommended 4096 bits
# ssl_dhparam /etc/nginx/ssl/dhparams.pem;
# Use multiple curves.
# secp521r1: Not supported by Chrome
# secp384r1: Not supported by Android (DAVdroid)
ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
# Server should determine the ciphers, not the client
ssl_prefer_server_ciphers on;
# OCSP Stapling
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
# This should be chain.pem
# See here: https://certbot.eff.org/docs/using.html
ssl_trusted_certificate ***;
resolver 192.168.178.1;
# SSL session handling
ssl_session_timeout 24h;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
#
# Add headers to serve security related headers
#
# HSTS (ngx_http_headers_module is required)
# In order to be recoginzed by SSL test, there must be an index.hmtl in the server's root
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains" always;
add_header X-Content-Type-Options "nosniff" always;
# Usually this should be "DENY", but when hosting sites using frames, it has to be "SAMEORIGIN"
add_header Referrer-Policy "no-referrer" always;
#add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
location = / {
# Disable access to the web root, otherwise nginx will show the default site here.
deny all;
}
#
#app1
#
location ^~ /app1 {
proxy_pass http://127.0.0.1:port;
proxy_read_timeout 90;
}
#
#app2
#
location ^~ /app2 {
proxy_pass http://127.0.0.1:port;
}
#
# app3
#
location ^~ /app3 {
proxy_pass http://127.0.0.1:port;
}
#
# BookStack
#
location ^~ /bookstack/ {
rewrite ^/bookstack/(.*) /$1 break;
proxy_pass http://127.0.0.1:port/;
return 301 https://$server_name$request_uri;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
BookStack Virtual Host
server {
listen port;
root /var/www/bookstack/public;
index index.php index.html index.htm;
server_name 127.0.0.1;
access_log /var/log/nginx/bookstack_access.log;
error_log /var/log/nginx/bookstack_error.log;
client_max_body_size 100M;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README) {
deny all;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
}
}
Auch ein Auszug aus den Logs:
2018/11/22 13:27:27 [error] 3067#3067: *504 open() "/usr/share/nginx/html/login" failed (2: No such file or directory), client: IP, server: domain.name.com, request: "GET /login HTTP/1.1", host: "domain.name.com"
2018/11/22 13:27:34 [error] 3067#3067: *504 open() "/usr/share/nginx/html/login" failed (2: No such file or directory), client: IP, server: domain.name.com, request: "GET /login HTTP/1.1", host: "domain.name.com"
2018/11/22 13:30:24 [error] 3067#3067: *603 open() "/usr/share/nginx/html/translations" failed (2: No such file or directory), client: IP, server: domain.name.com, request: "GET /translations HTTP/1.1", host: "domain.name.com"
2018/11/22 13:30:29 [error] 3066#3066: *677 open() "/usr/share/nginx/html/translations" failed (2: No such file or directory), client: IP, server: domain.name.com, request: "GET /translations HTTP/1.1", host: "domain.name.com"
2018/11/22 13:31:41 [error] 3066#3066: *817 open() "/usr/share/nginx/html/books/ufw/create-page" failed (2: No such file or directory), client: IP, server: domain.name.com, request: "GET /books/ufw/create-page HTTP/1.1", host: "domain.name.com"
2018/11/22 13:31:59 [error] 3066#3066: *677 open() "/usr/share/nginx/html/books/ufw/create-page" failed (2: No such file or directory), client: IP, server: domain.name.com, request: "GET /books/ufw/create-page HTTP/1.1", host: "domain.name.com"
Habt ihr hier möglicherweise eine Idee, warum bei manchen Redirects /bookstack/ aus der URL gezogen wird?
Vielen Dank vorab für eure Hilfe!
Sorry, only registered users may post in this forum.
Online Users
Guests:
281
Record Number of Users:
8
on April 13, 2023
Record Number of Guests:
421
on December 02, 2018
This forum is powered by Phorum.
 |
 |
 |
 |
|