• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

Linux How do i configure Nginx sites-available default

  • Thread starter Thread starter Bjorn Laltarith
  • Start date Start date
B

Bjorn Laltarith

Guest
Hello there, ive used solution from HERE but for some reason my ZnoteAAC wont work, every time i get 404 error message (or whatever is configured there to be instead of plain and simple 404 message).
No matter what i try to change i can only make it worse and get 403 forbidden or nothing at all.
I cant even get the "info.php trick to work.

phpMyAdmin works just fine tho.

This is my "/etc/nginx/sites-available/default" code

Code:
limit_req_zone $binary_remote_addr zone=req_zone:10m rate=60r/m;

server {
    listen       80 default_server;
    listen       443 ssl default_server;
    listen         [::]:80 default_server;
    server_name  _;
    root /home/otsmanager/www/public_html;
    index index.html intex.htm index.nginx-debian.html index.php;

    ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
    ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers off;
    ssl_ciphers TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_ecdh_curve X25519:prime256v1:secp384r1;
    ssl_session_timeout  10m;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;

    # https://wiki.mozilla.org/Security/Server_Side_TLS#OCSP_Stapling
    # https://tools.ietf.org/html/rfc6066#section-8
    # https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling
    #
    # (1) Use Cloudflare 1.1.1.1 DNS resolver
    #     https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/
    #
    # (2) Use Google 8.8.8.8 DNS resolver
    #     https://developers.google.com/speed/public-dns/docs/using
    #
    # (3) Use Dyn DNS resolver
    #     https://help.dyn.com/internet-guide-setup/
    ssl_stapling on;
    ssl_stapling_verify on;

    resolver
    # (1)
      1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001]
    # (2)
      8.8.8.8 8.8.4.4 [2001:4860:4860::8888] [2001:4860:4860::8844]
    # (3)
      # 216.146.35.35 216.146.36.36
      valid=60s;
    resolver_timeout 2s;

    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";

    client_max_body_size 64M;
    error_page 404 @notfound;

    # mask known ZnoteAAC directories
    location /LUA {
        deny all;
        return 404;
    }

    location /engine/cache {
        deny all;
        return 404;
    }

    location /special {
        allow 127.0.0.1;
        deny all;
    }

    # mask known MyAAC directories
    location /cache {
        deny all;
        return 404;
    }

    location /logs {
        deny all;
        return 404;
    }

    location /migrations {
        deny all;
        return 404;
    }

    location /plugins {
        deny all;
        return 404;
    }

    location /system {
        deny all;
        return 404;
    }

    # our regular locations
    location /test {
        index index.html index.php;
        try_files $uri $uri/ /index.php?$args;
    }

    location ~* \.(gif|jpg|jpeg|png|bmp|js|css)$ {
        expires max;
    }

    location ~ \.php$ {
        limit_req zone=req_zone burst=10 nodelay;
        try_files               $fastcgi_script_name =404;
        fastcgi_pass            unix:/var/run/php/php-fpm-otsmanager.sock;
        fastcgi_param           SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_buffers         16 16k;
        fastcgi_buffer_size     32k;
        include                 fastcgi_params;
        # Bypass the fact that try_files resets $fastcgi_path_info
        # see: http://trac.nginx.org/nginx/ticket/321
        set $path_info $fastcgi_path_info;
        fastcgi_param PATH_INFO $path_info;
    }

    location @notfound {
        return 404 "The page or file you requested was not found. If this is your server, make sure you placed it in the right directory.";
        add_header Content-Type text/plain always;
    }

    # phpMyAdmin
    location /pma3380 {
        alias /usr/share/phpmyadmin;
        client_max_body_size 64M;

        index index.html index.php;
        try_files $uri $uri/ /index.php?$args;

        location ~ \.php$ {
            limit_req zone=req_zone burst=10 nodelay;
            try_files                 $fastcgi_script_name =404;
            fastcgi_split_path_info   ^(.+\.php)(/.+)$;
            fastcgi_index             index.php;
            fastcgi_pass              unix:/var/run/php/php8.1-fpm.sock;
            fastcgi_param             SCRIPT_FILENAME $request_filename;
            include                   fastcgi_params;
            # Bypass the fact that try_files resets $fastcgi_path_info
            # see: http://trac.nginx.org/nginx/ticket/321
            set $path_info $fastcgi_path_info;
            fastcgi_param PATH_INFO $path_info;
        }

        location ~* \.(gif|jpg|jpeg|png|js|css)$ {
            expires max;
        }

        location /pma3380/libraries {
            deny all;
        }

        location /pma3380/setup {
            deny all;
        }
    }

    # Cloudflare
    real_ip_header CF-Connecting-IP;

    set_real_ip_from 173.245.48.0/20;
    set_real_ip_from 103.21.244.0/22;
    set_real_ip_from 103.22.200.0/22;
    set_real_ip_from 103.31.4.0/22;
    set_real_ip_from 141.101.64.0/18;
    set_real_ip_from 108.162.192.0/18;
    set_real_ip_from 190.93.240.0/20;
    set_real_ip_from 188.114.96.0/20;
    set_real_ip_from 197.234.240.0/22;
    set_real_ip_from 198.41.128.0/17;
    set_real_ip_from 162.158.0.0/15;
    set_real_ip_from 104.16.0.0/13;
    set_real_ip_from 104.24.0.0/14;
    set_real_ip_from 172.64.0.0/13;
    set_real_ip_from 131.0.72.0/22;
    set_real_ip_from 2400:cb00::/32;
    set_real_ip_from 2606:4700::/32;
    set_real_ip_from 2803:f800::/32;
    set_real_ip_from 2405:b500::/32;
    set_real_ip_from 2405:8100::/32;
    set_real_ip_from 2a06:98c0::/29;
    set_real_ip_from 2c0f:f248::/32;

    include /etc/nginx/default.d/*.conf;
}

Help please :D
 
Last edited by a moderator:
Hello there, ive used solution from HERE but for some reason my ZnoteAAC wont work, every time i get 404 error message (or whatever is configured there to be instead of plain and simple 404 message).
No matter what i try to change i can only make it worse and get 403 forbidden or nothing at all.
I cant even get the "info.php trick to work.

phpMyAdmin works just fine tho.

This is my "/etc/nginx/sites-available/default" code

Code:
limit_req_zone $binary_remote_addr zone=req_zone:10m rate=60r/m;

server {
    listen       80 default_server;
    listen       443 ssl default_server;
    listen         [::]:80 default_server;
    server_name  _;
    root /home/otsmanager/www/public_html;
    index index.html intex.htm index.nginx-debian.html index.php;

    ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
    ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers off;
    ssl_ciphers TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_ecdh_curve X25519:prime256v1:secp384r1;
    ssl_session_timeout  10m;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;

    # https://wiki.mozilla.org/Security/Server_Side_TLS#OCSP_Stapling
    # https://tools.ietf.org/html/rfc6066#section-8
    # https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling
    #
    # (1) Use Cloudflare 1.1.1.1 DNS resolver
    #     https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/
    #
    # (2) Use Google 8.8.8.8 DNS resolver
    #     https://developers.google.com/speed/public-dns/docs/using
    #
    # (3) Use Dyn DNS resolver
    #     https://help.dyn.com/internet-guide-setup/
    ssl_stapling on;
    ssl_stapling_verify on;

    resolver
    # (1)
      1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001]
    # (2)
      8.8.8.8 8.8.4.4 [2001:4860:4860::8888] [2001:4860:4860::8844]
    # (3)
      # 216.146.35.35 216.146.36.36
      valid=60s;
    resolver_timeout 2s;

    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";

    client_max_body_size 64M;
    error_page 404 @notfound;

    # mask known ZnoteAAC directories
    location /LUA {
        deny all;
        return 404;
    }

    location /engine/cache {
        deny all;
        return 404;
    }

    location /special {
        allow 127.0.0.1;
        deny all;
    }

    # mask known MyAAC directories
    location /cache {
        deny all;
        return 404;
    }

    location /logs {
        deny all;
        return 404;
    }

    location /migrations {
        deny all;
        return 404;
    }

    location /plugins {
        deny all;
        return 404;
    }

    location /system {
        deny all;
        return 404;
    }

    # our regular locations
    location /test {
        index index.html index.php;
        try_files $uri $uri/ /index.php?$args;
    }

    location ~* \.(gif|jpg|jpeg|png|bmp|js|css)$ {
        expires max;
    }

    location ~ \.php$ {
        limit_req zone=req_zone burst=10 nodelay;
        try_files               $fastcgi_script_name =404;
        fastcgi_pass            unix:/var/run/php/php-fpm-otsmanager.sock;
        fastcgi_param           SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_buffers         16 16k;
        fastcgi_buffer_size     32k;
        include                 fastcgi_params;
        # Bypass the fact that try_files resets $fastcgi_path_info
        # see: http://trac.nginx.org/nginx/ticket/321
        set $path_info $fastcgi_path_info;
        fastcgi_param PATH_INFO $path_info;
    }

    location @notfound {
        return 404 "The page or file you requested was not found. If this is your server, make sure you placed it in the right directory.";
        add_header Content-Type text/plain always;
    }

    # phpMyAdmin
    location /pma3380 {
        alias /usr/share/phpmyadmin;
        client_max_body_size 64M;

        index index.html index.php;
        try_files $uri $uri/ /index.php?$args;

        location ~ \.php$ {
            limit_req zone=req_zone burst=10 nodelay;
            try_files                 $fastcgi_script_name =404;
            fastcgi_split_path_info   ^(.+\.php)(/.+)$;
            fastcgi_index             index.php;
            fastcgi_pass              unix:/var/run/php/php8.1-fpm.sock;
            fastcgi_param             SCRIPT_FILENAME $request_filename;
            include                   fastcgi_params;
            # Bypass the fact that try_files resets $fastcgi_path_info
            # see: http://trac.nginx.org/nginx/ticket/321
            set $path_info $fastcgi_path_info;
            fastcgi_param PATH_INFO $path_info;
        }

        location ~* \.(gif|jpg|jpeg|png|js|css)$ {
            expires max;
        }

        location /pma3380/libraries {
            deny all;
        }

        location /pma3380/setup {
            deny all;
        }
    }

    # Cloudflare
    real_ip_header CF-Connecting-IP;

    set_real_ip_from 173.245.48.0/20;
    set_real_ip_from 103.21.244.0/22;
    set_real_ip_from 103.22.200.0/22;
    set_real_ip_from 103.31.4.0/22;
    set_real_ip_from 141.101.64.0/18;
    set_real_ip_from 108.162.192.0/18;
    set_real_ip_from 190.93.240.0/20;
    set_real_ip_from 188.114.96.0/20;
    set_real_ip_from 197.234.240.0/22;
    set_real_ip_from 198.41.128.0/17;
    set_real_ip_from 162.158.0.0/15;
    set_real_ip_from 104.16.0.0/13;
    set_real_ip_from 104.24.0.0/14;
    set_real_ip_from 172.64.0.0/13;
    set_real_ip_from 131.0.72.0/22;
    set_real_ip_from 2400:cb00::/32;
    set_real_ip_from 2606:4700::/32;
    set_real_ip_from 2803:f800::/32;
    set_real_ip_from 2405:b500::/32;
    set_real_ip_from 2405:8100::/32;
    set_real_ip_from 2a06:98c0::/29;
    set_real_ip_from 2c0f:f248::/32;

    include /etc/nginx/default.d/*.conf;
}

Help please :D


Just check that you are using the correct FPM on this part:

Code:
fastcgi_pass              unix:/var/run/php/php8.1-fpm.sock;

and in these cases I would recommend using nginx-full and not normal nginx, so you could reinstall it with that parameter.

It is the most common problem that nginx does not work, that the FPM is incorrect.
 
Welp, case closed...
Nginx-full didnt fix it, but doin the same steps from mentioned tutorial on Ubuntu 20 instead of 22 did...
 
Back
Top