How to fix my nginx config to allow PHP files in Project


#1

Hello,

I filed an issue on GitHub for this https://github.com/go-gitea/gitea/issues/2729 when I found an interesting problem. The way nginx is configured, any files in a git repository that end with “.php” will not load and instead send a 404 from nginx. How can I amend my configuration so php files in a repository load correctly?

server {
        listen 80 default_server;
        listen [::]:80 default_server;

        root /var/www/html;
        index index.php index.html index.htm index.nginx-debian.html;

        server_name example.org;

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }

        location ~ /\.ht {
                deny all;
        }
        location /phpmyadmin {
                auth_basic "Admin Login";
                auth_basic_user_file /etc/nginx/pma_pass;
                root /usr/share/;
                index index.php index.html index.htm;
                location ~ ^/phpmyadmin/(.+\.php)$ {
                        try_files $uri =404;
                        root /usr/share/;
                        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
                        fastcgi_index index.php;
                        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                        include fastcgi_params;
                }
                location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
                        root /usr/share/;
                }
        }

        location /phpMyAdmin {
                rewrite ^/* /phpmyadmin last;
        }

        location /projects/ {
                proxy_pass http://localhost:3002/;
        }

        listen 443 ssl; # managed by Certbot
        ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/dhparams.pem;
}

Other info:

  • I am trying to load from a subdir, /projects/ and my install loads on port 3002. You can see the entry near the bottom.
  • This current config works, again, for everything except PHP files in a repository.

I believe the conflict is from this block:

location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }

Which is triggering it to try to load the non-existent project PHP files instead of showing them in the Gitea viewer. I can’t figure out though how to turn this line off for a subdirectory. I also can’t delete it, because I have real PHP files in my root directory I do want to serve.


#2

try something like:

location ~ ^/projects.*\.php$ {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}

#3

@ptman Where should I put this?

Remember, I want PHP to run in all folders except Gitea which is in the /projects/ subdir.


#4

I also encountered this issue, and it’s quite disturbing.
Luckily i’ve found a solution,
Make your gitea location rule have higer priority

location ^~ /git/ {
    proxy_pass              http://127.0.0.1:3000/;
}

That’s it. I found this solution on Understanding NGINX location rules