nginx + passenger + phpmyadmin = Access denied

Question

I'm confused, i read a lot of information, but still get same error, when i call ../phpmyadmin/index.php

Access denied.

my nginx configuration file:

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    passenger_root /usr/local/rvm/gems/ruby-1.9.3-p484/gems/passenger-4.0.35;
    passenger_ruby /usr/local/rvm/gems/ruby-1.9.3-p484/wrappers/ruby;
    client_max_body_size 150m;
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       80;
        server_name  localhost;
    location / { 
         alias /home/prog/someapp/public;
     passenger_enabled on;
     rails_spawn_method smart;
     rails_env production;
    }

    location /phpmyadmin/ {
         alias /var/www/html/phpMyAdmin/;
         passenger_enabled off;
         index index.php;
        }
    location /mail/{
     alias /var/www/html/roundcube/;
     passenger_enabled off;
     index index.php;
    }
        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        #location / {
         #   root   html;
          #  index  index.html index.htm;
        #}

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        # error_page   500 502 503 504  /50x.html;
        # location = /50x.html {
         #   root   html;
        #}

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #aliassxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        location ~ \.php$ {
            alias         html;
            fastcgi_pass  127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME $request_filename;# scripts$fastcgi_script_name;
            include        fastcgi_params;
        }
    #location ~ .php$ { alias html; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $request_filename; include fastcgi_params; }
        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443;
    #    server_name  localhost;

    #    ssl                  on;
    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_timeout  5m;

    #    ssl_protocols  SSLv2 SSLv3 TLSv1;
    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers   on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}

in

/etc/php5/fpm/pool.d/www.conf

i add

limit_extensions = .php .php3 .php4 .php5 .html

.html work's great, but nothing is with php

also i try to set in php.ini to 1 cgi.fix_pathinfo and nothing(

what i do wrong?

part of log:

2014/01/19 19:25:01 [error] 5354#0: *11 FastCGI sent in stderr: "Access to the script '/opt/nginx/html' has been denied (see security.limit_extensions)" while reading response header from upstream, client: *, server: localhost, request: "GET /phpmyadmin/index.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: ""

who is so funny and voted for close? nobody know solution, i try all what could be/.. — brabertaser19, Jan 19 '14 at 15:26
This question does not involve programing in any way so it belongs to superuser or serverfault. — Daniel W., Jan 20 '14 at 12:58

Jens A. Koch · Accepted Answer · 2014-01-20T12:43:36.240

1

the problem is, that you defined aliases inside location blocks.

but what you might do is, to define root paths for your locations...

try switching from "alias /var/www/html/phpMyAdmin/;" to "root /var/www/html/phpMyAdmin/;"

You might use the root directive! Either on the server block or on location blocks.

Also you might define the index directive for the whole http block.

http {
  index index.php index.htm index.html;

  server {
    server_name www.domain.com;
    root /var/www/html;

    location /phpmyadmin {
      [..]
    }
  }
}

edited Jan 20 '14 at 12:43

answered Jan 20 '14 at 10:42

Jens A. Koch

39,862
13
113
141

it is bad to use multiple root ! after that i get 404 – brabertaser19 Jan 20 '14 at 11:49
putting root inside of a location block will work and it's perfectly valid. just look at your source, there is not a single root defined... no even for server. you could define one for server, then remove the roots on locations for good practice. – Jens A. Koch Jan 20 '14 at 12:36
i've added an example – Jens A. Koch Jan 20 '14 at 12:43
so i didn't need to write any alias or root in location? – brabertaser19 Jan 20 '14 at 13:19
not, if you have a root in your server block, because location is then build relative to that.(path would be "/var/www/html" + "/phpmyadmin") you might take a look at http://wiki.nginx.org/Pitfalls#Root_inside_Location_Block . this is also the reason for the error, because nginx uses default path: "/opt/nginx/html" – Jens A. Koch Jan 20 '14 at 14:21
if i write location /phpmyadmin it will catch by rails app, so i need /phpmyadmin/ also.. – brabertaser19 Jan 20 '14 at 16:08
please drop the alias directive in the fastcgi upstream location block. doesn't make any sense to have alias /html there. – Jens A. Koch Jan 20 '14 at 17:23
maybe this helps: http://pastebin.com/3qwL66Rh .. ah, ok seems to work now. i'm, glad i could help. – Jens A. Koch Jan 20 '14 at 17:33
one more question: if i have vimbadmin in /var/www/html/vimbadmin/public and in locate i set location /vimbadmin/ what to write in root alias? or how to do? – brabertaser19 Jan 20 '14 at 19:23
hello, if you see this, please give answer) – brabertaser19 Jan 20 '14 at 21:22
you may try this: location /vimbadmin { root /var/www/html/vimbadmin/public; passenger_enabled off; } – Jens A. Koch Jan 20 '14 at 22:12
maybe the document_root is not set correctly (in the .php fastcgi upstream block). something like: detect if vimbadmin is requested, then set document_root accordingly.. but you would see that in the logs. dunno. guess i'm out of luck.. – Jens A. Koch Jan 21 '14 at 16:19

nginx + passenger + phpmyadmin = Access denied

1 Answers1