HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   HOWTO-Related Questions (http://www.howtoforge.com/forums/forumdisplay.php?f=2)
-   -   Access denied on nginx (http://www.howtoforge.com/forums/showthread.php?t=58115)

poolet 29th July 2012 11:26

Access denied on nginx
 
Well another small issues here::

First I follow all that tutorial says, step-by-step

http://www.howtoforge.com/how-to-sav...debian-squeeze

Gzip was working perfect and I have a small decrease of load time data,

after that I had try to follow this tutorial::

http://www.howtoforge.com/why-you-sh...h-microcaching

I get no errors, just 3 warnings when I reload nginx

1. duplicate MIME type "text/html" in /etc/nginx/nginx.conf:65
2. conflicting server name "_" on 0.0.0.0:8080, ignored
3. conflicting server name "_" on 0.0.0.0:8081, ignored

when I try to reach the website I get Access denied not by file permissions, seems that this kind of error came out from the security.limit_extensions directive that has been added to php-fpm and limits the extensions that can be parsed by PHP.. So I have add them to security.limit_extensions in your php-fpm configuration but still nothing I get the blank white Access denied message..

Any ideas??
Thank you !!

falko 30th July 2012 09:42

Quote:

Originally Posted by poolet (Post 282920)
after that I had try to follow this tutorial::

http://www.howtoforge.com/why-you-sh...h-microcaching

I get no errors, just 3 warnings when I reload nginx

1. duplicate MIME type "text/html" in /etc/nginx/nginx.conf:65
2. conflicting server name "_" on 0.0.0.0:8080, ignored
3. conflicting server name "_" on 0.0.0.0:8081, ignored

What exactly did you modify?

Quote:

Originally Posted by poolet (Post 282920)
So I have add them to security.limit_extensions in your php-fpm configuration but still nothing I get the blank white Access denied message..

Are there any errors in the nginx error log?

poolet 30th July 2012 12:46

I have modify default.conf in /etc/nginx/conf.d/default.conf as follow:::

Code:

server {
    listen      80;
    server_name  www.domain.com;
    access_log  /var/log/nginx/access.log  main;
    error_log /var/log/nginx/error.log;
    root  /usr/share/nginx/html;

    location / {
        index  index.php index.html index.htm;
    }
    if (!-e $request_filename) {
        rewrite ^(.+)$ /index.php?q=$1 last;
    }
    location ~ \.php$ {
        set $no_cache "";
        if ($request_method !~ ^(GET|HEAD)$) {
            set $no_cache "1";
        }
        if ($no_cache = "1") {
            add_header Set-Cookie "_mcnc=1; Max-Age=2; Path=/";
            add_header X-Microcachable "0";
        }
        if ($http_cookie ~* "_mcnc") {
                    set $no_cache "1";}

        fastcgi_no_cache $no_cache;
        fastcgi_cache_bypass $no_cache;
        access_log /var/log/nginx/access.log cache;
        fastcgi_cache microcache;
        fastcgi_cache_key $server_name|$request_uri;
        fastcgi_cache_valid 404 30m;
        fastcgi_cache_valid any 5m;
        fastcgi_max_temp_file_size 1M;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_param  PATH_INFO          $fastcgi_path_info;
        fastcgi_param  PATH_TRANSLATED    $document_root          $fastcgi_path_info;
        include fastcgi_params;
location ~ /\.ht {
        deny  all;
    }
}

server {
  listen          80;
  server_name    static-css.domain.com;
  index          index.php;
  root  /usr/share/nginx/html;}

And I have also modify nginx.conf at /etc/nginx/nginx.conf as::

Code:

user              nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log;
#error_log  /var/log/nginx/error.log  notice;
#error_log  /var/log/nginx/error.log  info;

pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {

fastcgi_cache_path /var/cache/nginx2 levels=1:2 keys_zone=microcache:5m max_size=1000m;
log_format cache '$remote_addr - $remote_user [$time_local] "$request" '
'$status $upstream_cache_status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

    include      /etc/nginx/mime.types;
    access_log  /var/log/nginx/access.log;
    sendfile        on;
    #tcp_nopush    on;
    #keepalive_timeout  0;
    keepalive_timeout  2;
    tcp_nodelay        on;
    gzip  on;
    gzip_http_version 1.1;
    gzip_vary on;
    gzip_comp_level 6;
    gzip_proxied any;
    gzip_types text/plain text/html text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript text/x-js;
    gzip_buffers 16 8k;
    gzip_disable "MSIE [1-6]\.(?!.*SV1)";
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}


falko 31st July 2012 18:16

Not sure if this is a problem, but can you place
Code:

fastcgi_cache_path /var/cache/nginx2 levels=1:2 keys_zone=microcache:5m max_size=1000m;
log_format cache '$remote_addr - $remote_user [$time_local] "$request" '
'$status $upstream_cache_status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

right after the gzip directives and before the include lines?

poolet 1st August 2012 01:52

Hello again falko, and thanks for all of your help. I think, I have solved the problem After that I spend almost 48 hours I took line by line the whole edited coding and figure out that I should comment the following line::

Code:

fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;
and also at the beginning and for some reason the following line doesn't work for me...

Code:

access_log /var/log/nginx/access.log main;
To be clear, seems that's microcaching are perfect since seems to be work fine to me (i don't know if there is anyway to confirm that ) I just make a test load time test, and the results was amazing, website loads almost 3 times faster than before got from 890ms to 433ms..

if someone has a problem with that, don't bother to check the security access on php-fpm doesn't make sense, since you set PATH_TRANSLATED into your own root you must specify your root folder, or either you can just comment the line. Third solution, is to create an extra conf file for php-fpm (that you will allow access to .php and .html file ) but outside of the php-fpm file and you should declared the values in the main conf file so php-fpm call file that I non-root users can read... ( the final solution isn't tested, I mentioned just in case if someone isn't able to fix this kind of problem by the other ways)

at the end, for access_log ......... remove the "main"; for some reason that I am trying to understand, nginx isn't able to restart or reload!!

Special thanks to falko for all help!!!


All times are GMT +2. The time now is 00:14.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.