|
|
|||||||
| OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
 |
|
|
Thread Tools | Display Modes |
11th March 2018
|
|||
|
|||
httpd.conf serving /location requests
I'm having some difficulty switching completely to OpenBSD httpd, and getting my httpd.conf correctly serving domain.tld/app requests from its location.
The PHP app resides in /var/www/app but domain.tld/app requests return a 404 not found error. This is my full httpd.conf. I've tried a number of different syntaxes for this but have only been successful when creating a new server "app.domain.tld" serving requests from root "/var/www/app", but would prefer being able to reach this app at /app. Code:
server "domain.tld" {
alias www.domain.tld
listen on * port 80
listen on * tls port 443
directory index index.php
tls {
key "/etc/ssl/private/domain.tld.key"
certificate "/etc/ssl/domain.tld.fullchain.pem"
}
connection max request body 5000000000
location "/*.php*" {
fastcgi socket "/run/php-fpm.sock"
}
location "/app*" {
root "/app"
}
location "/.well-known/acme-challenge/*" {
root "/acme"
root strip 2
}
}
server "cloud.domain.tld" {
listen on * tls port 443
root "/cloud/"
directory index index.php
tls {
key "/etc/ssl/private/domain.tld.key"
certificate "/etc/ssl/domain.tld.fullchain.pem"
}
hsts
location "/db_structure.xml" { block }
location "/.ht*" { block }
location "/README" { block }
location "/data*" { block }
location "/config*" { block }
location "/*.php*" {
fastcgi socket "/run/php-fpm.sock"
}
}
|
|
11th March 2018
|
||||
|
||||
|
Your application uses PHP, but that location (/app*) does not have a PHP socket. Remember, the purpose of location specifies specific server rules that are not applicable to the entire server{}.
|
|
13th March 2018
|
|||
|
|||
|
Ah! Thanks, jggimi. I thought the preceding fastcgi directive would cover this location too.
I'm making progress. The following now returns an "Access denied." Code:
location "/app*" {
root "/app"
authenticate itac with "/file"
fastcgi socket "/run/php-fpm.sock"
directory index index.php
}
Code:
Access to the script '/app' has been denied (see security.limit_extensions)
|
|
13th March 2018
|
||||
|
||||
|
From http://php.net/manual/en/install.fpm.configuration.php
security.limit_extensions string Limits the extensions of the main script FPM will allow to parse. This can prevent configuration mistakes on the web server side. You should only limit FPM to .php extensions to prevent malicious users to use other extensions to execute php code. Default value: .php .phar
|
|
14th March 2018
|
|||
|
|||
|
The "You should only limit FPM to .php extensions to prevent malicious users to use other extensions to execute php code." concerns me.
Interestingly, moving /app from /var/www/app to /var/www/htdocs/app makes domain.tld/app accessible. I don't get the security.limit_extensions error that I was getting with /app at the former location and the previously shown httpd.conf config; but I can't discern the difference in httpd.conf. Failed httpd.conf with /var/www/app: Code:
server "domain.tld" {
alias www.domain.tld
listen on * port 80
listen on * tls port 443
directory index index.php
tls {
key "/etc/ssl/private/domain.tld.key"
certificate "/etc/ssl/domain.tld.fullchain.pem"
}
connection max request body 5000000000
location "/*.php*" {
fastcgi socket "/run/php-fpm.sock"
}
location "/app*" {
root "/app"
authenticate itac with "/file"
fastcgi socket "/run/php-fpm.sock"
directory index index.php
}
location "/.well-known/acme-challenge/*" {
root "/acme"
root strip 2
}
}
server "cloud.domain.tld" {
listen on * tls port 443
root "/cloud/"
directory index index.php
tls {
key "/etc/ssl/private/domain.tld.key"
certificate "/etc/ssl/domain.tld.fullchain.pem"
}
hsts
location "/db_structure.xml" { block }
location "/.ht*" { block }
location "/README" { block }
location "/data*" { block }
location "/config*" { block }
location "/*.php*" {
fastcgi socket "/run/php-fpm.sock"
}
}
Code:
server "domain.tld" {
alias www.domain.tld
listen on * port 80
listen on * tls port 443
directory index index.php
tls {
key "/etc/ssl/private/domain.tld.key"
certificate "/etc/ssl/domain.tld.fullchain.pem"
}
connection max request body 5000000000
location "/*.php*" {
fastcgi socket "/run/php-fpm.sock"
}
location "/.well-known/acme-challenge/*" {
root "/acme"
root strip 2
}
}
server "cloud.domain.tld" {
listen on * tls port 443
root "/cloud/"
directory index index.php
tls {
key "/etc/ssl/private/domain.tld.key"
certificate "/etc/ssl/domain.tld.fullchain.pem"
}
hsts
location "/db_structure.xml" { block }
location "/.ht*" { block }
location "/README" { block }
location "/data*" { block }
location "/config*" { block }
location "/*.php*" {
fastcgi socket "/run/php-fpm.sock"
}
}
|
|
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| www/nextcloud and httpd.conf subdomain config | toprank | OpenBSD Packages and Ports | 31 | 2nd March 2018 10:50 AM |
| httpd rc.conf.local question | psypro | OpenBSD General | 3 | 30th October 2016 05:54 PM |
| httpd.conf chroot | morophla | OpenBSD General | 4 | 19th April 2015 02:07 PM |
| Update httpd.conf IPs from DNS zones. | bigb89 | Programming | 16 | 2nd December 2008 02:02 AM |
| httpd.conf | Snoop1990 | General software and network | 5 | 29th July 2008 04:30 AM |
Linear Mode
