2

I am having trouble with the appropriate Nginx configuration of my server.

The deployed php app on It is OJS, a journal management and publishing system, originally developed to run on Apache1. Although OJS may runs on Nginx without further specific server configuration, a minor change on the OJS main config settings (disable_path_info ON) must be done because PATH_INFO doesn't seem to be supported by Nginx. However that generate non pretty URLs, which in turn cause some OJS features/plugins to work out of specifications, or not to work at all2.

I found some posts were people share successful experiences on that:

I am running Ubuntu 18.04.1 LTS (GNU/Linux 4.15.0-42-generic x86_64) on a Digital Ocean account configured by Laravel Forge.

I couldn't find the way to combine this blocks of code (the ones at examples on above links) with mine default Nginx settings. 

# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/evidenciaonojs.tk/before/*;

server {
    listen 80;
    listen [::]:80;
    server_name evidenciaonojs.tk;
    root /home/forge/evidenciaonojs.tk/;

    # FORGE SSL (DO NOT REMOVE!)
    # ssl_certificate;
    # ssl_certificate_key;

    ssl_protocols TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/nginx/dhparams.pem;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    index index.html index.htm index.php;

    charset utf-8;

    # FORGE CONFIG (DO NOT REMOVE!)
    include forge-conf/evidenciaonojs.tk/server/*;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/evidenciaonojs.tk-error.log error;

    error_page 404 /index.php;

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }

    location ~ /\.(?!well-known).* {
        deny all;
    }
}

# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/evidenciaonojs.tk/after/*;

I expect to change back OJS config file to disable_path_info Off and be able to use pretty URL while running on Nginx.

Any help on this will be truly appreciated!

GabeLon
  • 33
  • 1
  • 6

2 Answers2

3

I just now saw your message on the OJS3 forum.

For NginX try this configuration

# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/evidenciaonojs.tk/before/*;

server {
    listen 80;
    listen [::]:80;
    server_name evidenciaonojs.tk;
    root /home/forge/evidenciaonojs.tk/;

    # FORGE SSL (DO NOT REMOVE!)
    # ssl_certificate;
    # ssl_certificate_key;

    ssl_protocols TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/nginx/dhparams.pem;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    index index.html index.htm index.php;

    charset utf-8;

    # FORGE CONFIG (DO NOT REMOVE!)
    include forge-conf/evidenciaonojs.tk/server/*;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/evidenciaonojs.tk-error.log error;

    error_page 404 /index.php;

    location ~ ^(.+\.php)(.*)$ {
        set $path_info $fastcgi_path_info;
        fastcgi_split_path_info ^(.+\.php)(.*)$;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param PATH_TRANSLATED $document_root$path_info;

        if (!-f $document_root$fastcgi_script_name) {
            return 404;
        }
        include fastcgi_params;

        fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }

    location ~ /\.(?!well-known).* {
        deny all;
    }
}

# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/evidenciaonojs.tk/after/*;

Be sure to to set:
1. cgi.fix_pathinfo=1 in PHP-FPM (in /etc/php/7.2/fpm/php.ini probably).
2. security.limit_extensions = .php in your FPM pool config file (in /etc/php/7.2/fpm/pool.d/your_site.conf)
3. disable_path_info = Off (in OJS config.inc.php)

Restart PHP-FPM and NginX services. Then, if it works, read about the evils of NginX IF and 'cgi.fix_pathinfo'.

Alex Protopopescu
  • 425
  • 3
  • 11
1

Just con confirm that things that were useful in my case to run successfully OJS on Nginx (Ubuntu 18.04.1 LTS on a Digital Ocean account configured by Laravel Forge) included:

1) Modify cgi.fix_pathinfo=1 in PHP-FPM (in /etc/php/7.2/fpm/php.ini)

2) Uncomment (enable) security.limit_extensions = .php (in /etc/php/7.2/fpm/pool.d/www.conf)

3) Changed disable_path_info = Off (in OJS config.inc.php).

4) Replace nginx config with:

# FORGE CONFIG (DO NOT REMOVE!)
 include forge-conf/evidenciaonojs.tk/before/*;

 server {
     listen 80;
     listen [::]:80;
     server_name evidenciaonojs.tk;
     root /home/forge/evidenciaonojs.tk/;

 # FORGE SSL (DO NOT REMOVE!)
 # ssl_certificate;
 # ssl_certificate_key;

 ssl_protocols TLSv1.2;
 ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
 ssl_prefer_server_ciphers on;
 ssl_dhparam /etc/nginx/dhparams.pem;

 add_header X-Frame-Options "SAMEORIGIN";
 add_header X-XSS-Protection "1; mode=block";
 add_header X-Content-Type-Options "nosniff";

 index index.html index.htm index.php;

 charset utf-8;

 # FORGE CONFIG (DO NOT REMOVE!)
 include forge-conf/evidenciaonojs.tk/server/*;

 location / {
     try_files $uri $uri/ /index.php?$query_string;
 }

 location = /favicon.ico { access_log off; log_not_found off; }
 location = /robots.txt  { access_log off; log_not_found off; }

 access_log off;
 error_log  /var/log/nginx/evidenciaonojs.tk-error.log error;

 error_page 404 /index.php;

 location ~ ^(.+\.php)(.*)$ {
     set $path_info $fastcgi_path_info;
     fastcgi_split_path_info ^(.+\.php)(.*)$;
     fastcgi_param   PATH_INFO               $path_info;
     fastcgi_param   PATH_TRANSLATED         $document_root$path_info;
     fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
     fastcgi_index index.php;
     include fastcgi_params;
 }

 location ~ /\.(?!well-known).* {
     deny all;
 }
 }

 # FORGE CONFIG (DO NOT REMOVE!)
 include forge-conf/evidenciaonojs.tk/after/*;

5) And finally restart services (service php7.2-fpm restart AND sudo service nginx restart).

GabeLon
  • 33
  • 1
  • 6