How to fix my nginx config to allow PHP files in Project


#1

Hello,

I filed an issue on GitHub for this https://github.com/go-gitea/gitea/issues/2729 when I found an interesting problem. The way nginx is configured, any files in a git repository that end with “.php” will not load and instead send a 404 from nginx. How can I amend my configuration so php files in a repository load correctly?

server {
        listen 80 default_server;
        listen [::]:80 default_server;

        root /var/www/html;
        index index.php index.html index.htm index.nginx-debian.html;

        server_name example.org;

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }

        location ~ /\.ht {
                deny all;
        }
        location /phpmyadmin {
                auth_basic "Admin Login";
                auth_basic_user_file /etc/nginx/pma_pass;
                root /usr/share/;
                index index.php index.html index.htm;
                location ~ ^/phpmyadmin/(.+\.php)$ {
                        try_files $uri =404;
                        root /usr/share/;
                        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
                        fastcgi_index index.php;
                        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                        include fastcgi_params;
                }
                location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
                        root /usr/share/;
                }
        }

        location /phpMyAdmin {
                rewrite ^/* /phpmyadmin last;
        }

        location /projects/ {
                proxy_pass http://localhost:3002/;
        }

        listen 443 ssl; # managed by Certbot
        ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/dhparams.pem;
}

Other info:

  • I am trying to load from a subdir, /projects/ and my install loads on port 3002. You can see the entry near the bottom.
  • This current config works, again, for everything except PHP files in a repository.

I believe the conflict is from this block:

location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }

Which is triggering it to try to load the non-existent project PHP files instead of showing them in the Gitea viewer. I can’t figure out though how to turn this line off for a subdirectory. I also can’t delete it, because I have real PHP files in my root directory I do want to serve.


#2

try something like:

location ~ ^/projects.*\.php$ {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}

#3

@ptman Where should I put this?

Remember, I want PHP to run in all folders except Gitea which is in the /projects/ subdir.


#4

I also encountered this issue, and it’s quite disturbing.
Luckily i’ve found a solution,
Make your gitea location rule have higer priority

location ^~ /git/ {
    proxy_pass              http://127.0.0.1:3000/;
}

That’s it. I found this solution on Understanding NGINX location rules


#5

Hi,
I am interested on this Nginx configuration with http basic authentication?

Is it workable?

I want to add this feature to my git server. Wish your kind feedback. Thanks.


#6

Hi,
I suggestion the book for you.

After reading, I correct my misconfiguration of Nginx.

I suggest to get rid of the configuration of https first and delicate to focus on the http configuration.

Your nest location directive is good way.

This article is also good reference.