0

I have a 2 folders with different sites on my server

One is /var/www/html which I want to be accessible by my IP:80 other is denny

One is /var/www/cats which I want to be accessible by my localhost:80 and other is denny

How could I figure out it in my nginx settings?

UPD. 1

Well I have 2 configs

sudo nano /etc/nginx/sites-enabled/default
server {
        listen 122.111.111.40:80;
        root /var/www/html/;
        index /;
        server_name 122.111.111.40;
        location / {
                allow 122.111.111.40;
                deny all;
                autoindex on;
                index index.php;
                try_files $uri /index.html /index.php;
        }
        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }
        location ~ /\.ht {
                deny all;
        }
}



sudo nano /etc/nginx/sites-enabled/cats
server {
        listen   127.0.0.1:80;
        root /var/www/cats/;
        index /index.php;
        server_name localhost;
        location / {
                allow 127.0.0.1;
                deny all;
                autoindex on;
                index index.php;
                try_files $uri /index.html /index.php;
        }
        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }
        location ~ /\.ht {
                deny all;
        }
}

While I access localhost it's okay. I have my route to cats/index.php folder working fine. While I route to my IP I have 403 Forbidden It's says

2020/09/22 05:44:02 [error] 17563#17563: *853 access forbidden by rule, client: 115.111.11.111, server: localhost, request: "GET / HTTP/1.1", host: "122.111.111.40".

So some problem with my config. But I could not understand which one. If I will request my IP/index.php I will see an index page of cats/index.php but that's should be html/index.php. Right?

UPD. 2

Adding sudo nano /etc/nginx/snippets/fastcgi-php.conf

# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+\.php)(/.+)$;

# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;

# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;

fastcgi_index index.php;
include fastcgi.conf;

UPD. 3

Adding sudo nano /etc/nginx/fastcgi.conf

fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REQUEST_SCHEME     $scheme;
fastcgi_param  HTTPS              $https if_not_empty;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;
Arthur Yakovlev
  • 8,933
  • 8
  • 32
  • 48

1 Answers1

1

Assuming you don't have any other sites, following config should work:

server {
    listen <ip>:80;
    root /var/www/html;
    ...
}
server {
    listen 127.0.0.1:80;
    root /var/www/cats;
    ...
}
Ivan Shatsky
  • 13,267
  • 2
  • 21
  • 37
  • 1
    Because the author wants to deny other types of requests, he should add another server block to capture those requests and reject them. Otherwise, those requests will be captured by one of two server blocks above. – Tom Nguyen Sep 22 '20 at 01:39
  • 1
    @TomNguyen My example would serve any request at with first `server` block and any request at `127.0.0.1` with second one no matter of HTTP `Host` header value. If OPs server is multihomed system with some other IP addresses, requests on that addresses won't be served with this config. If he want to filter served requests by HTTP `Host` value, [here](https://stackoverflow.com/questions/60362642/nginx-doesnt-listen-on-port-80-twice/60362700#60362700) I gave an answer on this subject (though it was not mentioned in OPs question). – Ivan Shatsky Sep 22 '20 at 02:44
  • The author did not specify what should be rejected. So let him try and give feedback if necessary. – Tom Nguyen Sep 22 '20 at 03:14
  • @IvanShatsky well, I made UPD 1 of my question. Thank you for your answer. However I have an issue that was before. I did almost as in your answer but problem is different. I clarified that. Check please UPD 1 in the question – Arthur Yakovlev Sep 22 '20 at 09:52
  • @Tom Nguyen pls check the UPD 1 – Arthur Yakovlev Sep 22 '20 at 09:52
  • 1
    @ArthurYakovlev please include the contents of the file `snippets/fastcgi-php.conf` into your question too. There is probably something wrong with that file. Otherwise, requesting `IP/index.php` will not get the result of `cats/index.php`. Anyway, your configuration has some problems. I will fix them once I know the contents of the file `snippets/fastcgi-php.conf` – Tom Nguyen Sep 22 '20 at 11:42
  • @Tom Nguyen done. UPD 3 in the questions. Check that please – Arthur Yakovlev Sep 22 '20 at 15:19
  • 1
    @ArthurYakovlev, I don't see any problems with the file `snippets/fastcgi-php.conf`. But, it includes `fastcgi.conf`. So please include the contents of the file `fastcgi.conf` into your question too. – Tom Nguyen Sep 23 '20 at 01:12
  • 1
    Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/221903/discussion-between-tom-nguyen-and-arthur-yakovlev). – Tom Nguyen Sep 23 '20 at 02:47