I'm trying to get the following code to work:
location = /test-site/wp-login.php {
allow 192.168.0.56;
include /etc/nginx/fastcgi_params;
fastcgi_pass php;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/test-site.com/html$fastcgi_script_name;
deny all;
}
The problem is, due to the multisite configuration on Wordpress, there are 3 rewrites that need to be performed in order to get to the right subsite. Even with the rewrites, the above block doesn't work because with the rewrite, it's stripping out the /test-site/ part.
Instead, it matches this and uses this nginx configuration:
location = /wp-login.php {
#allow 192.168.0.0/16;
allow 192.168.0.56;
include /etc/nginx/fastcgi_params;
fastcgi_pass php;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/test-site.com/html$fastcgi_script_name;
deny all;
}
I've had some success changing the rewrite to ignore /test-site/ and keep it, but then it changes the $fastcgi_script_name variable to be /var/www/site.com/html/test-site/wp-login and the /test-site/ directory doesn't exist because it's actually a subsite.
If I take out the $fastcgi_script_name variable and hardcode /var/www/site.com/html/wp-login.php to be there instead, it gets me to the site, but it doesn't set the variable back to the proper value to find and of the image or style files.
Anyone have any experience with this? I'm basically trying to allow everyone access to wp-login.php on one subsite, but block them from any of the other subsites in my wordpress environment.
Related
I generate a dynamic image on http://example.com/image/some_param1/some_param2/
I do:
HttpResponse(img.image, content_type=magic.from_file(img.image.path, mime=True))
It is displaying image fine, however, it is not cached in browser. I tried adding:
location /image {
uwsgi_pass django;
include /home/tomas/Desktop/natali_reality/uwsgi_params;
expires 365d;
}
But it doesn't work. Is there a solution for this?
How to change request header value conditionally depending on another header value in nginx reverse proxy?
You can use the nginx ngx_http_map_module.
A good example is here - Mapping Headers in Nginx.
Basically you need to map the requested header (I used the from_header in the configuration below)to the new header (to_header in the example) and later use proxy_set_header.
map $http_from_header $to_header {
default a;
value_1 b;
value_2 c;
}
server {
....
location / {
include proxy_params;
proxy_set_header To_Header $to_header;
}
}
Nginx takes any HTTP headers, lower-cases them, and converts dashes to underscores. They become accessible as variables starting with $http_.
That way you should get what you need.
Good luck
Is there a way to check if a specific cookie exist in nginx?
For now I have a section like below to set header from cookie:
proxy_set_header x-client-id $cookie_header_x_client_id;
I want to check if that cookie exist then set the header, otherwise do not override header.
I've tried:
if ($cookie_header_x_client_id) {
proxy_set_header x-client-id $cookie_header_x_client_id;
}
But it does not work and gives the error below:
"proxy_set_header" directive is not allowed here in /etc/nginx/sites-enabled/website:45
Any solution?
There are only a limited number of directives that are allowed within an if context in nginx. This is related to the fact that if is part of the rewrite module; as such, within its context, you can only use the directives that are specifically outlined within the documentation of the module.
The common way around this "limitation" is to build up state using intermediate variables, and then use directives like proxy_set_header using such intermediate variables:
set $xci $http_x_client_id;
if ($cookie_header_x_client_id) {
set $xci $cookie_header_x_client_id;
}
proxy_set_header x-client-id $xci;
Now that I have nginx setup I need to be able to hide my .git directories. What kind of rewrite would I need to stop prying eyes? And where in the server {} or http {} block would it go?
http {
server {
location ~ /\.git {
deny all;
}
}
}
This location directive will deny access to any .git directory in any subdirectory.
Note: This location block must be before your main location block, so that it can be evaluated first.
Hidden directories and files should never be web accessible. The general answer to your question is:
location ~ /\. { return 403; }
This denies access to .git, .svn, .htaccess and similar files in any subdirectory.
With other solutions I could download /.git/config and others, just /.git was protected. This one denies everything starting with a dot, regardless how deep the requested URL is:
location ~ /\.(.*)/?(.*)? {
return 404;
}
This will prevent someone from hitting the http://example.com/.git but if your working in a subdirectory like this http://example.com/example/.git it will fail. You really need:
location ~ .*/\.git {
deny all;
}
I'm trying to redirect traffic to our new server but the old server (Mac OS) used case insensitive file names while the new (embedded) one uses Linux (case sensitive).
My problem is to redirect traffic from:
http://server.com/NEW/variable_url
to
http://server.com/new/variable_url
(note the lower 'new').
I would like to be able to do this for nginx without using perl or lua or other modules as this server is running in an embedded environment.
So far I tried:
location ~* ^/new/ {
access_log /var/log/nginx/new.log combined;
rewrite ^/new/(.*)$ $1 permanent;
}
without success.
Solved it myself. I was missing the root directive which points to the root of the web server. So for anyone interested the solution is:
location ~* ^/NEW/ {
root /etc/nginx/html/;
rewrite /NEW/(.*)$ /new/$1 permanent;
}
Maybe something like this?
location /NEW {
rewrite ^/NEW/(.*)$ /new;
}
If you want to redirect traffic from the specific link /NEW/exampe1, you could try
location =/NEW/example1
{
rewrite ^ /new/example1 last;
}