0

Nginx 1.6.2 on Debian Jessie

I want to map all example.com/forum/ requests to /path/to/htdocs/phpbb and cut off the /forum/ part in the URI. Someone on Stackoverflow recommended the "rewrite" solution instead of "alias", because there are some bugs.

server
{
    listen [::]:80;
    server_name example.com;
    root /var/www/html;

    index index.php index.html;
    #try_files $uri $uri/ =404;

    location /forum/
    {
        root /path/to/htdocs/phpbb;
        rewrite ^/forum/(.*)$ /$1 break;

        location ~ .+\.php$
        {
            rewrite ^/forum/(.*)$ /$1 break;
            include snippets/fastcgi-php.conf;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
        }
    }
}

The example configuration works fine – example.com/forum/viewtopic.php executes the script /path/to/htdocs/phpbb/viewtopic.php – but example.com/ (index.php) doesn't work:

"/var/www/html/index.php" failed (2: No such file or directory)

After removing the "index" line from server block:

directory index of "/path/to/htdocs/phpbb/" is forbidden

After moving the "index" and/or "try_files" line(s) into the location block:

index.php served without passing over to php-fpm…

Ok, what's wrong with my config? Any hints?

Improve this question

1 Answer 1

Reset to default
0

Ok, alias is buggy (rewrite too…), but if you avoid try_files and use if instead (even if evil…) it should work!

server
{
    listen [::]:80;
    server_name example.com;
    root /var/www/html;

    location /forum/
    {
        alias /path/to/htdocs/phpbb/;
        index index.php index.html;

        location ~ "^(/forum/)(.+\.php)(/.+){0,1}$"
        {
            if (!-f $document_root$2)
            {
                return 404;
            }

            fastcgi_index index.php;
            include fastcgi.conf;

            fastcgi_param  SCRIPT_FILENAME    $document_root$2;
            fastcgi_param  SCRIPT_NAME        $1$2;
            fastcgi_param  PATH_INFO          $3;

            fastcgi_pass unix:/var/run/php5-fpm.sock;
        }
    }
}

phpinfo() looks fine, but one question remains: Is it secure?

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.