10

I'm setting up my blog on a new EC2 instance because one of the sites on the server that's currently hosting it is being DDoSed. I'm having some trouble with nginx, because I can either see all the pages fine but 403 on the index, or see the index but 404 on the pages (depending on the config I'm using)

Here's my nginx config: 

server {
    listen       80;

    server_name  www.test.com;
    server_name  test.com;
    root /www/blog;

    include conf.d/wordpress/simple.conf;
}

And simple.conf:

location = /favicon.ico {
            log_not_found off;
            access_log off;
    }

    location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
    }

    location / {
            # This is cool because no php is touched for static content. 
            # include the "?$args" part so non-default permalinks doesn't break when using query string
            try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
            #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
            include fastcgi.conf;
            fastcgi_intercept_errors on;
            fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
    }

    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
            expires max;
            log_not_found off;
    }

if I change the try_files $uri $uri/ /index.php?$args; to index index.php, the front page will work fine and the rest will be 404. If I leave it like that, the front page is 403.

Here's the error log: 

2013/08/07 19:19:41 [error] 25333#0: *1 directory index of "/www/blog/" is forbidden, client: 64.129.X.X, server: test.com, request: "GET / HTTP/1.1", host: "www.test.com"

That directory is 755 on the nginx user:

drwxr-xr-x 6 nginx nginx  4096 Aug  7 18:42 blog

Is there anything obvious I'm doing wrong ?

Thanks !

Alb Dum
  • 1,121
  • 3
  • 11
  • 26

3 Answers3

26

Add index index.php; In the server block, if it doesn't work then you need to remove the $uri/ because you don't want to do a autoindex on

EDIT: Just noticed that you already figured out your problem, so I'll add the reasoning behind it, the reason why you needed autoindex on; is because without it nginx will follow the try_files rules,
  1. Check if there's a file called /, and of course it fails.
  2. Check if there's a directory called / (by adding root it would = /www/blog/), this check will succeed, so it tries to list the content of the folder.
  3. Since you didn't specify autoindex on; so by default nginx should forbid directory listing, thus it would return a 403 forbidden error.
  4. The rest of the site works fine because it fails the $uri/ test or doesn't reach it, because you probably don't have a folder called image.jpg or stylesheet.css etc.
Mohammad AbuShady
  • 40,884
  • 11
  • 78
  • 89
  • You can have two different configurations, one for the root of the domain and other for every other directory. So, the root doesn't need to test `$uri/`, and only when trying to match other potential directories you do. Just add `location = / { try_files $uri /index.php?$args; }` before the `location / { try_files $uri $uri/ /index.php?$args; }` – JesusIniesta Aug 18 '22 at 15:46
1

Looks like I needed the inded index.php in the server {} definition and not in the location {}

Alb Dum
  • 1,121
  • 3
  • 11
  • 26
0

It seems that you are not allowing arguments to be sent to the CMS so this will not show this uris that would bring information from the database and redirect you to the 403 page.

Jose Villalobos
  • 373
  • 3
  • 9