Welcome! Log In Create A New Profile

Advanced

Re: PHP below server root not served

January 09, 2014 12:14PM
Hello,

On 1/9/14, 9:42 AM, nano wrote:
>
> I have attempted several variations of this format[1] you recommend and
> continue to produce a broken site; dialog to download
> application/octet-stream from the main servername.com and a 'File not
> found.' from https://servername.com/phpmyadmin.
>
> [1]
> location / {
> try_files $uri $uri/ /index.php?$args;
> }
>
> location ^~ /phpmyadmin {
> alias /usr/local/www/phpMyAdmin/;
> index index.php index.html;
>
> location ~ \.php$ {
> fastcgi_pass unix:/var/run/php-fpm.locatsock;
> fastcgi_param DOCUMENT_ROOT /usr/local/www/phpMyAdmin;
> fastcgi_param SCRIPT_FILENAME /usr/local/www/phpMyAdmin/$1;
> fastcgi_param SCRIPT_FILENAME
> /usr/local/www/site1/wordpress$fastcgi_script_name;
> fastcgi_param PATH_INFO $fastcgi_script_name;
> include fastcgi_params;
> }
> }
>
> I eagerly anticipate a working example if and when you can provide one.
> Thank you.
>

Next to "IfIsEvil" there should be a "DoNotUseAlias (unless necessary)".
Use the "root" directive and nested locations

location /phpMyAdmin {
root /usr/local/www;
index index.php;
# above probably not necessary as it is inherited from above
location ~ \.php$ {
fastcgi_pass ...;
...
}
}


A few notes, in no particular order:

You *should* use auth_basic [0] at the very least as exposing this
functionality the world is a very bad idea.

You should consider using "https only" for this script.

If you want to enter phpmyadmin in all lower case in the URL (it is
easier), do it via rewrite.

Consider turning off access log on at least rewritten requests once you
know it's working.

Consider using your server's FQDN, not your server name. It's less
likely potential intruders would guess it, though far from impossible.

Something like (not tested but should get you very close if not there):

server {
listen 80;
server_name foo;

location ^~ /phpmyadmin {
access_log off;
rewrite ^ /phpMyAdmin/ permanent;
}

location /phpMyAdmin {
access_log off;
rewrite ^ https://foo$request_uri? break;
}
...

}

server {
listen 443 ssl;
server name foo;

ssl_certificate /path/to/cert;
ssl_certificate_key /path/to/key;

...

location ^~ /phpmyadmin {
access_log off;
rewrite ^ /phpMyAdmin/ permanent;
}

location /phpMyAdmin {
auth_basic "Blah";
auth_basic_usr_file /path/to/auth/file;
# access_log off; # optional
location ~ \.php$ {
fastcgi_pass ...;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param HTTPS on;
}
}
}


[0] http://nginx.org/en/docs/http/ngx_http_auth_basic_module.html

--
Jim Ohlstein

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

SSL ciphers, disable or not to disable RC4?

Anonymous User January 09, 2014 04:30AM

Re: SSL ciphers, disable or not to disable RC4?

nano January 09, 2014 04:44AM

Re: SSL ciphers, disable or not to disable RC4?

Jeffrey Walton January 09, 2014 04:54AM

RE: SSL ciphers, disable or not to disable RC4?

Lukas Tribus January 09, 2014 04:54AM

Re: SSL ciphers, disable or not to disable RC4?

Jeffrey Walton January 09, 2014 05:06AM

PHP below server root not served

nano January 09, 2014 05:26AM

Re: PHP below server root not served

Richard Stanway January 09, 2014 05:30AM

Re: PHP below server root not served

nano January 09, 2014 05:34AM

Re: PHP below server root not served

Francis Daly January 09, 2014 05:56AM

Re: PHP below server root not served

nano January 09, 2014 06:46AM

Re: PHP below server root not served

nano January 09, 2014 07:42AM

Re: PHP below server root not served

B.R. January 09, 2014 08:00AM

Re: PHP below server root not served

nano January 09, 2014 08:52AM

Re: PHP below server root not served

Francis Daly January 09, 2014 04:00PM

Re: PHP below server root not served

nano January 09, 2014 10:08PM

Re: PHP below server root not served

Francis Daly January 10, 2014 04:38AM

Re: PHP below server root not served

nano January 10, 2014 06:40AM

Re: PHP below server root not served

Francis Daly January 10, 2014 10:36AM

Re: PHP below server root not served

nano January 12, 2014 05:28AM

Re: PHP below server root not served

Francis Daly January 14, 2014 05:14PM

Re: PHP below server root not served

Valentin V. Bartenev January 15, 2014 02:20PM

Re: PHP below server root not served

nano January 10, 2014 04:38AM

Re: PHP below server root not served

nano January 09, 2014 09:44AM

Re: PHP below server root not served

Jim Ohlstein January 09, 2014 12:14PM

Re: PHP below server root not served

nano January 09, 2014 12:30PM

Re: SSL ciphers, disable or not to disable RC4?

Axel January 12, 2014 12:44PM

Re: SSL ciphers, disable or not to disable RC4?

Darren Pilgrim January 12, 2014 02:10PM

Re: SSL ciphers, disable or not to disable RC4?

Axel January 13, 2014 04:02AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 131
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready