nginx+php-fpm manual vhost problem

Discussion in 'Installation/Configuration' started by cfoe, Aug 7, 2012.

  1. cfoe

    cfoe ISPConfig Developer ISPConfig Developer

    Hi guys,

    I am using my first ISPConfig 3 slave server with nginx+php-fpm and everything is running fine.
    The server is mainly a platform for WordPress MU. It is running smoothly in a "website" created by the ISPConfig panel on the master/admin server.

    Due to some limitations that do not concern the problem I want to use manually generated vhosts on the slave machine. Here is my config + logs:

    Paths:
    Code:
    /var/www/apps/mysql -> vhost: mysql.foe-services.de
    /var/www/apps/webftp -> vhost: webftp.foe-services.de (not tested yet, because of the problems with the first vhost)
    
    /etc/nginx/sites-enabled/000-apps-mysql.vhost
    Code:
    server {
            listen 85.214.213.134:80;		        
            server_name mysql.foe-services.de;
    
            root /var/www/apps/mysql;			
            index	index.php index.html index.htm;
    		
            error_log /var/log/ispconfig/httpd/apps/mysql/error.log;
            access_log /var/log/ispconfig/httpd/apps/mysql/access.log combined;
    
            ## Disable .htaccess and other hidden files
            location ~ /\. {
                	deny all;
                	access_log off;
                	log_not_found off;
            }
    		
            location = /favicon.ico {
            	log_not_found off;
                	access_log off;
            }
    
            location = /robots.txt {
            	allow all;
                	log_not_found off;
                	access_log off;
            }
    
    	error_page 400 /error/400.html;
    	error_page 401 /error/401.html;
    	error_page 403 /error/403.html;
    	error_page 404 /error/404.html;
    	error_page 405 /error/405.html;
    	error_page 500 /error/500.html;
    	error_page 502 /error/502.html;
    	error_page 503 /error/503.html;
    		
            location ~ \.php$ {
                	try_files $uri =404;
                	include /etc/nginx/fastcgi_params;
                	fastcgi_pass 127.0.0.1:9041;
                	fastcgi_index index.php;
                	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                	fastcgi_param PATH_INFO $fastcgi_script_name;
                	fastcgi_intercept_errors on;
            }
    
    	# Directives to send expires headers and turn off 404 error logging.
    	location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
           	expires 24h;
           	log_not_found off;
        	}
    }
    
    /etc/php-fpm.d/apps-mysql.conf
    Code:
    [apps-mysql]
    
    listen = 127.0.0.1:9041
    listen.allowed_clients = 127.0.0.1
    listen.owner = ispapps
    listen.group = ispapps
    listen.mode = 0660
    
    user = ispapps
    group = ispapps
    
    pm = dynamic
    pm.max_children = 50
    pm.start_servers = 20
    pm.min_spare_servers = 5
    pm.max_spare_servers = 35
    
    chdir = /
    
    php_admin_value[open_basedir] = /var/www/apps/mysql:/srv/www/apps/mysql:/usr/share
    php_admin_value[session.save_path] = /var/www/apps/mysql_tmp
    php_admin_value[upload_tmp_dir] = /var/www/apps/mysql_tmp
    
    /var/log/ispconfig/httpd/apps/mysql/access.log
    Code:
    109.XXX - - [07/Aug/2012:11:00:25 +0200] "GET /phpmyadmin/index.php HTTP/1.1" 500 4412 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101 Firefox/14.0.1"
    109.XXX - - [07/Aug/2012:11:00:59 +0200] "GET /phpmyadmin/123 HTTP/1.1" 404 1152 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101 Firefox/14.0.1"
    
    /var/log/ispconfig/httpd/apps/mysql/error.log

    Code:
    2012/08/07 10:49:29 [error] 23426#0: *139 directory index of "/var/www/apps/mysql/" is forbidden, client: 109.xxx, server: mysql.foe-services.de, request: "GET / HTTP/1.1", host: "85.214.213.134"
    2012/08/07 11:00:59 [error] 25141#0: *42 open() "/var/www/apps/mysql/phpmyadmin/123" failed (2: No such file or directory), client: 109.xxx, server: mysql.foe-services.de, request: "GET /phpmyadmin/123 HTTP/1.1", host: "mysql.foe-services.de"
    2012/08/07 11:12:42 [error] 25141#0: *100 open() "/var/www/apps/mysql/phpmyadmin/123" failed (2: No such file or directory), client: 109.xxx, server: mysql.foe-services.de, request: "GET /phpmyadmin/123 HTTP/1.1", host: "mysql.foe-services.de"
    
    No errors in "/var/log/php-fpm/error.log" :-(

    http://mysql.foe-services.de/phpmyadmin/
    The phpmyadmin files are present. Static files are delivered without problems: http://mysql.foe-services.de/phpmyadmin/Documentation.html

    AS you can see the php files generate a 500 Error. In the progress of testing and modifying there was some configuration very similar to the described current one that worked in a way. The logs showed the same but the phpmyadmin in index.php was generated 1 or 2 times out of 10 refreshes :mad:

    Hope I am just too stupid to see it.
    Do I need to set another config file somewhere?

    ADDITION: I had to remove the whole manual stuff because the WordPress site got unstable! It also generated 500 Errors on every 5-10 reloads.
    My manual vhosts seem to screw up some things with php-fpm? :confused:
     
    Last edited: Aug 7, 2012
  2. falko

    falko Super Moderator ISPConfig Developer

    Is port 9041 used only by this pool, or is some other pool using the same port?
     
  3. cfoe

    cfoe ISPConfig Developer ISPConfig Developer

    that might be the problem. I abandoned the topic and used an ispconfig website.
    sorry but I couldnt delete the topic
     
  4. cfoe

    cfoe ISPConfig Developer ISPConfig Developer

    My thinking was completely wrong.
    As I said I abandoned the "manual" part. Adding nginx directives via ISPConfig to the vhost is all you (ever) need :)

    Another question came up today:

    Shouldn't I be able to access resources outside the "pool" if they have the right owner?
    OR
    Is it safe enough if I secure folders/config-files by a nginx directive like
    Code:
    location /phpmyadmin/libraries {
            deny all;
            return 403;
    }
    On Apache + mod_php I always moved export folders and config-files "outside" the web folder.
     
  5. falko

    falko Super Moderator ISPConfig Developer

    I guess this is an open_basedir problem. Make sure you've added all necessary directories to open_basedir in ISPConfig.
     
  6. cfoe

    cfoe ISPConfig Developer ISPConfig Developer

    And one more:

    My vhost looks like follows but the short/clean url rewrites for the Mediawiki do not work this way. There are soo many different solutions on the net but none work :mad:

    "Should" be simple to redirect

    wiki.foe-services.de/de/wiki/* -> wiki.foe-services.de/de/index.php?title=*

    Code:
    server {
            listen 85.214.213.134:80;
    		
            
            server_name wiki.foe-services.de ;
    
            root   /var/www/wiki.foe-services.de/web;
    		
    		
    		
            index index.html index.htm index.php index.cgi index.pl index.xhtml;
    		
    
    		
            error_log /var/log/ispconfig/httpd/wiki.foe-services.de/error.log;
            access_log /var/log/ispconfig/httpd/wiki.foe-services.de/access.log combined;
    
            ## Disable .htaccess and other hidden files
            location ~ /\. {
                deny all;
                access_log off;
                log_not_found off;
            }
    		
            location = /favicon.ico {
                log_not_found off;
                access_log off;
            }
    
            location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
            }
    		
            location /stats {
                index index.html index.php;
                auth_basic "Members Only";
                auth_basic_user_file /var/www/clients/client1/web45/.htpasswd_stats;
            }
    
            location ^~ /awstats-icon {
                alias /usr/share/awstats/icon;
            }
    
            location ~ \.php$ {
                try_files $uri =404;
                include /etc/nginx/fastcgi_params;
                fastcgi_pass unix:/var/lib/php5-fpm/web45.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param PATH_INFO $fastcgi_script_name;
                fastcgi_intercept_errors on;
            }
    		
    
            location /de {
            	index index.php;
            	error_page 404 = @dewiki;
                    }
            location @dewiki {
            	rewrite ^/de/([^?]*)(?:\?(.*))? /index.php?title=$1&$2 last;
                    }
            
            location /en {
                    index index.php;
                    rewrite "^/wiki/([^?]*)(?:\?(.*))?" /en/index.php?title=$1&$args last;
                    }
            location /pool {
                    index index.php;
                    rewrite "^/wiki/([^?]*)(?:\?(.*))?" /pool/index.php?title=$1&$args last;
                    }
    
    	
    }
    Mediawiki config
    Code:
    $wgScriptPath = "/de";
    $wgArticlePath = /wiki/$1;
    $wgUsePathInfo = true;
    $wgScriptExtension  = ".php";
     
  7. falko

    falko Super Moderator ISPConfig Developer

    Have you tried this?

    Code:
    location /de/wiki/ {
      rewrite /de/wiki/(.*) /de/index.php?title=$1 last;
    }
     
  8. cfoe

    cfoe ISPConfig Developer ISPConfig Developer

    My nginx-Directives are now:
    Code:
    location /de/wiki/ {
      rewrite /de/wiki/(.*) /de/index.php?title=$1 last;
    }
    location /en/wiki/ {
      rewrite /en/wiki/(.*) /en/index.php?title=$1 last;
    }
    
    You can see how this screws u up the wikis:

    /de/
    Config:
    Code:
    $wgScriptPath = "/de";
    # $wgArticlePath = /wiki/$1;
    # $wgUsePathInfo = true;
    $wgScriptExtension  = ".php";
    
    http://wiki.foe-services.de/de/index.php?title=Hauptseite +
    http://wiki.foe-services.de/de/wiki/Hauptseite
    -> no skin is loaded

    http://wiki.foe-services.de/de/index.php?title=Foe_Services_Wiki_DE:Gemeinschafts-Portal +
    http://wiki.foe-services.de/de/wiki/
    -> infinite loop error



    /en/
    Config:
    Code:
    $wgScriptPath = "/en";
    $wgArticlePath = /wiki/$1;
    $wgUsePathInfo = true;
    $wgScriptExtension  = ".php";
    
    http://wiki.foe-services.de/en/* -> infinite loop error


    /pool/
    (no directives)

    Code:
    $wgScriptPath = "/pool";
    # $wgArticlePath = /wiki/$1;
    # $wgUsePathInfo = true;
    $wgScriptExtension  = ".php";
    
    http://wiki.foe-services.de/pool/index.php?title=Hauptseite +
    http://wiki.foe-services.de/pool/index.php?title=Spezial:Letzte_Ă„nderungen -> working

    http://wiki.foe-services.de/pool/index.php?title=Foe_Service_Wiki_Pool:Impressum +
    http://wiki.foe-services.de/pool/wiki/Hauptseite +
    http://wiki.foe-services.de/pool/index.php?title=Foe_Service_Wiki_Pool:Aktuelle_Ereignisse
    -> infinite loop error

    Is no one using MediaWiki on nginx? Crap!!
     

Share This Page