I was running a vBulletin site under a standard LAMP stack.

I spun up a new Linode to try LEMP instead, to see if it offered better performance.

I'm running into trouble trying to get the recommended "security enhancement" installed.

here's my php location block:

location ~ \.php$ {
                try_files $uri  =404;

                include /etc/nginx/fastcgi_params;
                fastcgi_pass 127.0.0.1:9000;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME /home/mouseowners-test/public_html$fastcgi_script_name;

        }

If I leave this as-is, every single PHP page I try and load (so, any of the vBulletin stuff) returns a 404. If I comment out the try_files line, everything seems to be working.

Any clues?

Can I see your entire vhost configuration?

Here's the entire file from sites-enabled:

# You may add here your
# server {
#       ...
# }
# statements for each of your virtual hosts

server {
        listen   80 default;
        server_name  mouseowners-test.com www.mouseoweners-test.com;

        access_log  /var/log/nginx/mouseowners-test.com.access.log;

        location / {
                root   /home/mouseowners-test/public_html;
                index  index.html index.htm index.php;
        }

        #error_page  404  /404.html;

        # redirect server error pages to the static page /50x.html
        #
        #error_page   500 502 503 504  /50x.html;
        #location = /50x.html {
        #       root   /var/www/nginx-default;
        #}

        # proxy the PHP scripts to Apache listening on 127.0.0.1:81
        #
        #location ~ \.php$ {
                #proxy_pass   http://127.0.0.1:81;
                #proxy_set_header Host $http_host;
                #proxy_set_header X-Real-IP $remote_addr;
                #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        location ~ \.php$ {
                try_files $uri  =404;

                include /etc/nginx/fastcgi_params;
                fastcgi_pass 127.0.0.1:9000;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME /home/mouseowners-test/public_html$fastcgi_script_name;

        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
                #deny  all;
        #}
}

and here's nginx.conf:

user www-data;
worker_processes  1;

error_log  /var/log/nginx/error.log;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
    # multi_accept on;
}

http {
    include       /etc/nginx/mime.types;

    access_log  /var/log/nginx/access.log;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;
    tcp_nodelay        on;

    gzip  on;
    gzip_disable "MSIE [1-6]\.(?!.*SV1)";

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

Thanks for looking!

Hey,

Sorry for the late response. Took some time off to recharge my batteriers.

Anyways. I don't see anything that stands out as an issue but I could make some guesses...

Have you tried using a home directory name without a dash in your path?

fastcgi_param SCRIPT_FILENAME /home/mouseowners-test/public_html$fastcgi_script_name;

This line right here may or may not be problematic with try files. All my paths don't have dashes in them...

Also I am curious as to what version of Nginx you are using so I can try to reproduce the problem. I am also curious... Did you disable the default vhost?

Also I believe nginx -t checks your configuration. Did you try running that?

[snip] Some rubbish deleted! [/snip]

NB: Must engage brain

I was using it to prevent this security hole:

https://nealpoole.com/blog/2011/04/sett ... iguration/

I'm still getting the error.

Sigh. Maybe I'll try varnish in front of apache.

I'm being a dolt. I was trying to simplify the problem and making stupid assumptions. I should pay more attention.

I can only see 1 root declaration, namely inside your try_files[} block. Try either to move it out of there to give it a greater scope, or duplicate it inside your php block.

Everything works if I just comment out the "try_files", so I don't think the path is the problem



0.7.65, and mouseowners-test.com is the only file in sites-enabled.



That comes up clean.

Try moving root out of location / and to the server scope under access_log.

I don't use vbulletin, but this might serve:

server {
  listen   80 default;
  server_name  mouseowners-test.com www.mouseoweners-test.com;

  access_log  /var/log/nginx/mouseowners-test.com.access.log; 
  root   /home/mouseowners-test/public_html;
  index  index.html index.htm index.php; 

  location / {
    try_files $uri $uri/ index.php;
  }

  # deny access to .htaccess files, .git, .svn, etc
  location ~ /\. {
    deny  all;
  }

  location ~ ^.+\.(jpg|jpeg|gif|png|ico|css|js)$ {
    access_log      off;
    expires         45d;
  }

  location ~ \.php$ {
    try_files $uri  =404;

    include /etc/nginx/fastcgi_params;
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME /home/mouseowners-test/public_html$fastcgi_script_name;

  }
}

If you use fancier urls that don't include the php file then you'll need rewrites. vbseo.php probably requires something different, as well.

Hey, that works, thanks!

Now I'll have to see if nginx + fast_cgi is better than varnish + apache.