0

I'm trying to configure nginx to serve up FreshRSS at https://myserver/rss/ rather than https://rss.myserver/.

I've read the documentation and am trying to adapt the example nginx config.

Currently I have dokuwiki installed and working fine and a simple location defined for my users ~/www directory. I'm wondering if there is a conflict between what I have defined for DokuWiki and what I'm adding for FreshRSS.

###################################################################
## myserver.info                                                 ##
###################################################################
server {
    server_name  myserver.info;
    root   /usr/share/nginx/html/myserver;
    index doku.php;
    #####################################
    ## LetsEncrypt Certificate renewal ##
    #####################################
    # Uncomment the following two lines when renewing certificates (reverse once done!)
    # listen 80;
    # listen [::]:80;

    # LetsEncrypt : ACME challenge
    location ^~ /.well-known/acme-challenge/ {
        default_type "text/plain";
        root /var/lib/letsencrypt;
    }

    ## LestEncrypt : Certificates
    ssl_certificate /etc/letsencrypt/live/myserver.info/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/myserver.info/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/myserver.info/chain.pem;



    #####################################
    ## Normal server config            ##
    #####################################
    # Comment the following lines when renewing certificates (reverse once done!)
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    #####################################
    ## Security Headers                ##
    #####################################
    # Add Content Security Policy (see https://lollyrock.com/posts/content-security-policy/)
    # but currently using a striped form james.alssopp@gmail.com suggested and
    # an option to block X-frame (see https://infosec.mozilla.org/guidelines/web_security#x-frame-options)
    add_header Content-Security-Policy  "default-src 'self' always; frame-ancestors 'none'; img-src *";
    # Add Strict Transport Security (see https://infosec.mozilla.org/guidelines/web_security#http-strict-transport-security
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload;";
    add_header X-Content-Type-Options "nosniff";
    add_header Referrer-Policy "no-referrer";

    #####################################
    ## Dokuwiki                        ##
    #####################################
    # Remember to comment the below out when you're installing DokuWiki, and uncomment it when you're done.
    location ~ /(data/|conf/|bin/|inc/|install.php) { deny all; } # secure Dokuwiki

    location ~^/\.ht { deny all; } # also secure the Apache .htaccess files
    location @dokuwiki {
        #rewrites "doku.php/" out of the URLs if you set the userewrite setting to .htaccess in dokuwiki config page
        rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
        rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
        rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
        rewrite ^/(.*) /doku.php?id=$1&$args last;
    }
    location / { try_files $uri $uri/ @dokuwiki; }
    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        include fastcgi.conf;
    }

    #####################################
    ## User '~/www/'                   ##
    #####################################
    location ~ ^/~(.+?)(/.*)?$ {
        alias /home/$1/www$2;
        index index.html index.htm;
        autoindex on;
    }
    ######################################
    ## FreshRSS (https://freshrss.org/) ##
    ######################################
    location ~ ^/rss/.+?\.php(/.*)?$ {
        alias /usr/share/webapps/freshrss/p/;
        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
    # By default, the variable PATH_INFO is not set under PHP-FPM
    # But FreshRSS API greader.php need it. If you have a “Bad Request” error, double check this var!
    # NOTE: the separate $path_info variable is required. For more details, see:
    # https://trac.nginx.org/nginx/ticket/321
        set $path_info $fastcgi_path_info;
        fastcgi_param PATH_INFO $path_info;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
}

The files under /usr/share/webapps/freshrss/p/ are...

root@vps410177/usr/share/webapps/freshrss 84 l /usr/share/webapps/freshrss/p/
total 68K
drwxr-xr-x  6 http http 4.0K Oct  5 07:09 .
drwxr-xr-x  8 root root 4.0K Oct  5 07:09 ..
drwxr-xr-x  2 http http 4.0K Oct  5 07:09 api
-rw-r--r--  1 http http 2.7K Oct  5 07:08 ext.php
-rw-r--r--  1 http http  18K Oct  5 07:08 favicon.ico
-rw-r--r--  1 http http 1.6K Oct  5 07:08 f.php
-rw-r--r--  1 root root 1.2K Oct  5 07:08 .htaccess
drwxr-xr-x  2 http http 4.0K Oct  5 07:09 i
-rw-r--r--  1 http http  774 Oct  5 07:08 index.html
-rw-r--r--  1 http http   26 Oct  5 07:08 robots.txt
drwxr-xr-x  2 http http 4.0K Oct  5 07:09 scripts
drwxr-xr-x 16 http http 4.0K Oct  5 07:09 themes
-rw-r--r--  1 http http 1.7K Oct  5 07:08 Web.config

If I go to https://myserver.info/rss/ I'm redirected to the Dokuwiki site and informed that the topic does not exist. If I try https://myserver.info/rss/f.php I get a 404 not found and I think this is because of the location definition...

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        include fastcgi.conf;
    }

...which is conflicting with the FreshRSS alias which has location ~ ^/rss/.+?\.php(/.*)?$ {...} ...

    ######################################
    ## FreshRSS (https://freshrss.org/) ##
    ######################################
    location ~ ^/rss/.+?\.php(/.*)?$ {
        alias /usr/share/webapps/freshrss/p/;
        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
    # By default, the variable PATH_INFO is not set under PHP-FPM
    # But FreshRSS API greader.php need it. If you have a “Bad Request” error, double check this var!
    # NOTE: the separate $path_info variable is required. For more details, see:
    # https://trac.nginx.org/nginx/ticket/321
        set $path_info $fastcgi_path_info;
        fastcgi_param PATH_INFO $path_info;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }

I found this solution on nesting location so have tried...

        location ~ \.php$ {
        #####################################################################
        ## FreshRSS (https://freshrss.org/)                                ##
        #####################################################################
                location ~ ^/rss/.+?\.php(/.*)?$ {
                    alias /usr/share/webapps/freshrss/p/;
                    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
                    fastcgi_split_path_info ^(.+\.php)(/.*)$;
        # By default, the variable PATH_INFO is not set under PHP-FPM
        # But FreshRSS API greader.php need it. If you have a “Bad Request” error, double check this var!
        # NOTE: the separate $path_info variable is required. For more details, see:
        # https://trac.nginx.org/nginx/ticket/321
                    set $path_info $fastcgi_path_info;
                    fastcgi_param PATH_INFO $path_info;
                    include fastcgi_params;
                    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                }
            try_files $uri =404;
            fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
            fastcgi_index index.php;
            include fastcgi.conf;
        }

...but with the same results as described above if I go to https://myserver/rss/ if they are not nested, but if I go to https://myserver/rss/f.php I get a 502 Bad Gateway error which is some progress but I'm unsure where I've gone wrong.

Is there a way to configure Nginx to serve up PHP from different locations/aliases?

EDIT :

In light of feedback from @Derek Held I've attempted to set a locationas follows using root rather than alias under its own block (and not nested within the dokuwiki configuration)...

        location ~ ^/rss/$ {
                root /usr/share/webapps/freshrss/p/;
                fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
                fastcgi_split_path_info ^(.+\.php)(/.*)$;
        # By default, the variable PATH_INFO is not set under PHP-FPM
        # But FreshRSS API greader.php need it. If you have a “Bad Request” error, double check this var!
        # NOTE: the separate $path_info variable is required. For more details, see:
        # https://trac.nginx.org/nginx/ticket/321
                 set $path_info $fastcgi_path_info;
                 fastcgi_param PATH_INFO $path_info;
                 include fastcgi_params;
                 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;                   
        }

But without success pointing to https://myserver/rss/ and https://myserver/rss/f.php gives 502 Bad Gateway (even though perimissions are for the user that nginx is running as).

slackline
  • 133
  • 1
  • 1
  • 11

1 Answers1

0

The alias directive does not override the value for $document_root, which you have specified in your server block to be /usr/share/nginx/html/myserver. You need to replace alias with root to change the value of $document_root within the location block for FreshRSS.

Derek Held
  • 41
  • 2
  • Thanks for the pointer, I've tried modifying `alias` to `root` but without success. Is there perhaps a heirarchy by which `location` definitions are ordered or is it defined by order in the config file? – slackline Oct 25 '20 at 20:44