|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
httpd.conf serving /location requests
I'm having some difficulty switching completely to OpenBSD httpd, and getting my httpd.conf correctly serving domain.tld/app requests from its location.
The PHP app resides in /var/www/app but domain.tld/app requests return a 404 not found error. This is my full httpd.conf. I've tried a number of different syntaxes for this but have only been successful when creating a new server "app.domain.tld" serving requests from root "/var/www/app", but would prefer being able to reach this app at /app. Code:
server "domain.tld" { alias www.domain.tld listen on * port 80 listen on * tls port 443 directory index index.php tls { key "/etc/ssl/private/domain.tld.key" certificate "/etc/ssl/domain.tld.fullchain.pem" } connection max request body 5000000000 location "/*.php*" { fastcgi socket "/run/php-fpm.sock" } location "/app*" { root "/app" } location "/.well-known/acme-challenge/*" { root "/acme" root strip 2 } } server "cloud.domain.tld" { listen on * tls port 443 root "/cloud/" directory index index.php tls { key "/etc/ssl/private/domain.tld.key" certificate "/etc/ssl/domain.tld.fullchain.pem" } hsts location "/db_structure.xml" { block } location "/.ht*" { block } location "/README" { block } location "/data*" { block } location "/config*" { block } location "/*.php*" { fastcgi socket "/run/php-fpm.sock" } } |
|
|||
Ah! Thanks, jggimi. I thought the preceding fastcgi directive would cover this location too.
I'm making progress. The following now returns an "Access denied." Code:
location "/app*" { root "/app" authenticate itac with "/file" fastcgi socket "/run/php-fpm.sock" directory index index.php } Code:
Access to the script '/app' has been denied (see security.limit_extensions) |
|
||||
From http://php.net/manual/en/install.fpm.configuration.php
security.limit_extensions string Limits the extensions of the main script FPM will allow to parse. This can prevent configuration mistakes on the web server side. You should only limit FPM to .php extensions to prevent malicious users to use other extensions to execute php code. Default value: .php .phar |
|
|||
The "You should only limit FPM to .php extensions to prevent malicious users to use other extensions to execute php code." concerns me.
Interestingly, moving /app from /var/www/app to /var/www/htdocs/app makes domain.tld/app accessible. I don't get the security.limit_extensions error that I was getting with /app at the former location and the previously shown httpd.conf config; but I can't discern the difference in httpd.conf. Failed httpd.conf with /var/www/app: Code:
server "domain.tld" { alias www.domain.tld listen on * port 80 listen on * tls port 443 directory index index.php tls { key "/etc/ssl/private/domain.tld.key" certificate "/etc/ssl/domain.tld.fullchain.pem" } connection max request body 5000000000 location "/*.php*" { fastcgi socket "/run/php-fpm.sock" } location "/app*" { root "/app" authenticate itac with "/file" fastcgi socket "/run/php-fpm.sock" directory index index.php } location "/.well-known/acme-challenge/*" { root "/acme" root strip 2 } } server "cloud.domain.tld" { listen on * tls port 443 root "/cloud/" directory index index.php tls { key "/etc/ssl/private/domain.tld.key" certificate "/etc/ssl/domain.tld.fullchain.pem" } hsts location "/db_structure.xml" { block } location "/.ht*" { block } location "/README" { block } location "/data*" { block } location "/config*" { block } location "/*.php*" { fastcgi socket "/run/php-fpm.sock" } } Code:
server "domain.tld" { alias www.domain.tld listen on * port 80 listen on * tls port 443 directory index index.php tls { key "/etc/ssl/private/domain.tld.key" certificate "/etc/ssl/domain.tld.fullchain.pem" } connection max request body 5000000000 location "/*.php*" { fastcgi socket "/run/php-fpm.sock" } location "/.well-known/acme-challenge/*" { root "/acme" root strip 2 } } server "cloud.domain.tld" { listen on * tls port 443 root "/cloud/" directory index index.php tls { key "/etc/ssl/private/domain.tld.key" certificate "/etc/ssl/domain.tld.fullchain.pem" } hsts location "/db_structure.xml" { block } location "/.ht*" { block } location "/README" { block } location "/data*" { block } location "/config*" { block } location "/*.php*" { fastcgi socket "/run/php-fpm.sock" } } |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
www/nextcloud and httpd.conf subdomain config | toprank | OpenBSD Packages and Ports | 31 | 2nd March 2018 10:50 AM |
httpd rc.conf.local question | psypro | OpenBSD General | 3 | 30th October 2016 05:54 PM |
httpd.conf chroot | morophla | OpenBSD General | 4 | 19th April 2015 02:07 PM |
Update httpd.conf IPs from DNS zones. | bigb89 | Programming | 16 | 2nd December 2008 02:02 AM |
httpd.conf | Snoop1990 | General software and network | 5 | 29th July 2008 04:30 AM |