View Single Post
  #1  
Old 26th June 2013, 15:45
cbj4074 cbj4074 is offline
Senior Member
 
Join Date: Nov 2010
Posts: 392
Thanks: 29
Thanked 58 Times in 50 Posts
Default Trouble adding /pma location to all virtual hosts

I posted the same question to the nginx mailing list, but have not received a reply.

I'm trying to accomplish something that feels like it should be very simple, yet I'm struggling. I'm new to nginx, and I feel a bit lost as I try to "translate" everything that I've done in Apache over the years to nginx. So, please bear with me. I've done my research and asking this list for help is a last-resort.

I have an application, phpMyAdmin, installed in /var/www/pma. I would like to modify the nginx configuration such that every virtual-host whose configuration file is located in /etc/nginx/sites-available/ has access to the files in this directory by browsing to the location /pma/, relative to the domain root.

The filesystem information for /var/www/pma is as follows (the permissions are set recursively on the entire directory -- for now):

Code:
# ls -lah /var/www | grep "pma"
drwxrwxr-x  9 www-data www-data 4.0K Jun 17 16:37 pma
I figured that it might be simpler to get phpMyAdmin working for a single vhost before attempting the same move server-wide.

On the surface, it looks to be this simple:

Code:
location /pma/ {
    alias /var/www/pma/;
    include /etc/nginx/fastcgi_params;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_intercept_errors on;
}
When I try this configuration, I have the following in error.log:

Code:
2013/06/25 14:04:07 [error] 29741#0: *21 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 1.2.3.4, server: example.com, request: "GET /pma/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "example.com"
While researching the cause of this error, I have seen others state that SCRIPT_FILENAME has to be modified when using an alias in this way, e.g.

fastcgi_param SCRIPT_FILENAME $request_filename;

but the error messages are the same with this line, too.

So, I tried to use the "root" directive, instead of "alias", as I have no particular reason for using one over the other in this scenario.

Code:
location /pma/ {
    #alias /var/www/pma/;
    root /var/www;
    include /etc/nginx/fastcgi_params;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_intercept_errors on;
}
This "kind of works". The index file at location /pma/index.php is parsed via PHP, but requests for all other resources on the page yield "403 Forbidden". The log states:

Code:
2013/06/25 14:21:46 [error] 30343#0: *12 FastCGI sent in stderr: "Access to the script '/var/www/pma/favicon.ico' has been denied (see security.limit_extensions)" while reading response header from upstream, client: 1.2.3.4, server: example.com, request: "GET /pma/favicon.ico HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "example.com"
Obviously, the aim here is not to execute '/var/www/pma/favicon.ico' as a PHP script.

I found a thread at http://serverfault.com/questions/486...-403-forbidden which seems to address this intended behavior (the rationale is sound). So, I split my configuration up into the following sections, so that PHP scripts would be handled via php-fpm and static content would be handled directly:

Code:
location ~ /pma/.*\.php$ {
    root /var/www;
    include /etc/nginx/fastcgi_params;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_intercept_errors on;
}

location /pma/ {
    root /var/www;
    # Adding the following line makes no difference:
    index index.php;
}
With this configuration, PMA's index page won't even load. The location /pma/ returns a 404, as does /pma/index.php.

Nothing is written to the vhost's error.log when /pma/ or /pma/index.php is requested. Only the following (I've omitted the irrelevant bits) is written to access.log:

Code:
"GET /pma/ HTTP/1.1" 404 200 "-"
"GET /pma/index.php HTTP/1.1" 404 200 "-"
I must be doing something completely asinine.

Other misc. details:

- PHP's open_basedir directive includes the path /var/www/pma.

- nginx is executing the request as the user "web2" who is in the group "client2" (this is configured via ISPConfig).

- The group "client2" is in the group "www-data", and /var/www/pma's user:group is www-data:www-data and the permissions on the directory are 0775, recursively.

Thanks in advance for any help here!
Reply With Quote
Sponsored Links