nano
January 09, 2014 07:42AM
On 9/01/2014 9:23 PM, nano wrote:
> I am having trouble configuring nginx to serve up PHP from outside of
> the server document root. For example, this site's root is
> /usr/local/www/site1/wordpress and phpMyAdmin is located in
> /usr/local/www/phpMyAdmin. I cannot access servername.com/phpmyadmin.
> nginx logs the following error:
>
> ====================================================================
> 2014/01/09 09:56:20 [error] 39387#0: *6160 FastCGI sent in stderr:
> "Primary script unknown" while reading response header from upstream,
> client: clientIP, server: serverhostname, request: "GET /phpmyadmin/
> HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.sock:", host:
> "serverhostname"
> ====================================================================
>
> The WordPress site, however, is served without error. Therefore, nginx
> is refusing to serve PHP from outside of the server document root.
> Please see the following configuration:
>
>
> nginx.conf
> ====================================================================
> user www www;
> worker_processes 1;
> pid /var/run/nginx.pid;
> error_log logs/error.log info;
>
> events {
> worker_connections 768;
> use kqueue;
> }
>
> http {
> include mime.types;
> default_type application/octet-stream;
>
> access_log logs/access.log main;
> sendfile on;
> keepalive_timeout 65;
> gzip on;
>
> server {
> listen 80;
> listen 443 ssl;
> server_name servername.com;
> ssl_certificate crt-chain.pem;
> ssl_certificate_key key.pem;
> ssl_dhparam dhparam4096.pem;
> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
> ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM
> EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384
> EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !a
> NULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
> ssl_prefer_server_ciphers on;
>
> root /usr/local/www/site1/wordpress;
> index index.php;
>
> location / {
> try_files $uri $uri/ /index.php?$args;
> }
>
> location ~ \.php$ {
> fastcgi_pass unix:/var/run/php-fpm.sock;
> fastcgi_param SCRIPT_FILENAME
> /usr/local/www/site1/wordpress$fastcgi_script_name;
> fastcgi_param PATH_INFO $fastcgi_script_name;
> include fastcgi_params;
> }
>
> #----------------------PROBLEM AREA----------------------#
>
> location /phpmyadmin/ {
> alias /usr/local/www/phpMyAdmin/;
> index index.php index.html;
> }
>
> location ~ ^/phpmyadmin/(.*\.php)$ {
> fastcgi_param PHP_ADMIN_VALUE
> open_basedir=/usr/local/www/phpMyAdmin;
> fastcgi_pass unix:/tmp/php-fpm.sock;
> fastcgi_index index.php;
> fastcgi_param SCRIPT_FILENAME
> /usr/local/www/phpMyAdmin$fastcgi_script_name;
> include fastcgi_params;
>
> #----------------------PROBLEM AREA----------------------#
>
> }
> }
> }
> ====================================================================
>
>
> I am obviously lacking some required configuration. Perhaps in
> nginx.conf, php-fpm.conf, or php.ini. Could someone please advise me of
> my error and how to correct it? Thank you.
>
> Strangely, in Apache, I simply required an alias entry, such as:
>
> Alias /phpmyadmin "/usr/local/www/phpMyAdmin"
> <Directory "/usr/local/www/phpMyAdmin">
> Options None
> AllowOverride None
> Require all granted
> </Directory>
>
> in my httpd.conf file even when the server root was above this location
> and with the exact same PHP settings (php.ini) as I now have with nginx.
>
> Server intel:
> # uname -a
> FreeBSD hostname 9.2-RELEASE FreeBSD 9.2-RELEASE #0 r255898: Thu Sep 26
> 22:50:31 UTC 2013
> root@bake.isc.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64
>
> # nginx -V
> nginx version: nginx/1.5.7
> TLS SNI support enabled
> configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I
> /usr/local/include' --with-ld-opt='-L /usr/local/lib'
> --conf-path=/usr/local/etc/nginx/nginx.conf
> --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid
> --error-log-path=/var/log/nginx-error.log --user=www --group=www
> --with-ipv6 --with-google_perftools_module
> --http-client-body-temp-path=/var/tmp/nginx/client_body_temp
> --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp
> --http-proxy-temp-path=/var/tmp/nginx/proxy_temp
> --http-scgi-temp-path=/var/tmp/nginx/scgi_temp
> --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp
> --http-log-path=/var/log/nginx-access.log --with-http_addition_module
> --with-http_auth_request_module --with-http_dav_module
> --with-http_flv_module --with-http_geoip_module
> --with-http_gzip_static_module --with-http_gunzip_module
> --with-http_image_filter_module --with-http_mp4_module
> --with-http_perl_module --with-http_random_index_module
> --with-http_realip_module --with-http_secure_link_module
> --with-http_stub_status_module --with-http_sub_module
> --with-http_xslt_module --with-pcre --with-http_spdy_module --with-mail
> --with-mail_ssl_module --with-http_ssl_module
>
>

I seem to have fixed this problem.

Amended nginx.conf file:
====================================================================
user www www;
worker_processes 1;
pid /var/run/nginx.pid;
error_log logs/error.log info;

events {
worker_connections 768;
use kqueue;
}

http {
include mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log logs/access.log main;
sendfile on;
keepalive_timeout 65;
gzip on;

server {
listen 80;
listen 443 ssl;
server_name srvname.com www.srvname.com;

ssl_certificate crt-chain.pem;
ssl_certificate_key key.pem;
ssl_dhparam dhparam4096.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM
EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384
EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW
!3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
ssl_prefer_server_ciphers on;

root /usr/local/www/site1/wordpress;
index index.php;

location /phpmyadmin {
alias /usr/local/www/phpMyAdmin/;
index index.php index.html;
}

location ~ ^/phpmyadmin/(.*\.php)$ {
root /usr/local/www/phpMyAdmin/;
fastcgi_pass unix:/var/run/php-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /usr/local/www/phpMyAdmin/$1;
fastcgi_param DOCUMENT_ROOT /usr/local/www/phpMyAdmin;
}

location / {
try_files $uri $uri/ /index.php?$args;
}

location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME
/usr/local/www/site1/wordpress$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
include fastcgi_params;
}

error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/www/nginx-dist;
}
}
}
====================================================================

Admittedly, I don't know *why* what I changed fixed the problem, but it
did. I relocated the phpMyAdmin entries to above the "location /" block
from beneath the "location /" block.

From:
http {
server {
root;
location / {
try_files; ... }
location ~ \.php$ {
fastcgi_pass ... }
location /phpmyadmin {
alias; ... }
location ~ ^/phpmyadmin/(.*\.php)$ {
root; ... }
location = /50x.html; {
root; ... }
}
}
}

to:
http {
server {
root;
location /phpmyadmin {
alias; ... }
location ~ ^/phpmyadmin/(.*\.php)$ {
root; ... }
location / {
try_files; ... }
location ~ \.php$ {
fastcgi_pass ... }
location = /50x.html; {
root; ... }
}
}
}

The syntax is identical, just those two location blocks are in a
different place. I would like to know why this works, but am just happy
that it does. I look forward to better understanding this great program.

Thank you, all, for your participation.

--
syn.bsdbox.co

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

SSL ciphers, disable or not to disable RC4?

Anonymous User January 09, 2014 04:30AM

Re: SSL ciphers, disable or not to disable RC4?

nano January 09, 2014 04:44AM

Re: SSL ciphers, disable or not to disable RC4?

Jeffrey Walton January 09, 2014 04:54AM

RE: SSL ciphers, disable or not to disable RC4?

Lukas Tribus January 09, 2014 04:54AM

Re: SSL ciphers, disable or not to disable RC4?

Jeffrey Walton January 09, 2014 05:06AM

PHP below server root not served

nano January 09, 2014 05:26AM

Re: PHP below server root not served

Richard Stanway January 09, 2014 05:30AM

Re: PHP below server root not served

nano January 09, 2014 05:34AM

Re: PHP below server root not served

Francis Daly January 09, 2014 05:56AM

Re: PHP below server root not served

nano January 09, 2014 06:46AM

Re: PHP below server root not served

nano January 09, 2014 07:42AM

Re: PHP below server root not served

B.R. January 09, 2014 08:00AM

Re: PHP below server root not served

nano January 09, 2014 08:52AM

Re: PHP below server root not served

Francis Daly January 09, 2014 04:00PM

Re: PHP below server root not served

nano January 09, 2014 10:08PM

Re: PHP below server root not served

Francis Daly January 10, 2014 04:38AM

Re: PHP below server root not served

nano January 10, 2014 06:40AM

Re: PHP below server root not served

Francis Daly January 10, 2014 10:36AM

Re: PHP below server root not served

nano January 12, 2014 05:28AM

Re: PHP below server root not served

Francis Daly January 14, 2014 05:14PM

Re: PHP below server root not served

Valentin V. Bartenev January 15, 2014 02:20PM

Re: PHP below server root not served

nano January 10, 2014 04:38AM

Re: PHP below server root not served

nano January 09, 2014 09:44AM

Re: PHP below server root not served

Jim Ohlstein January 09, 2014 12:14PM

Re: PHP below server root not served

nano January 09, 2014 12:30PM

Re: SSL ciphers, disable or not to disable RC4?

Axel January 12, 2014 12:44PM

Re: SSL ciphers, disable or not to disable RC4?

Darren Pilgrim January 12, 2014 02:10PM

Re: SSL ciphers, disable or not to disable RC4?

Axel January 13, 2014 04:02AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 158
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready