Здравствуйте друзья.
Понимаю что вопрос скорее всего "заезженный", но факт есть факт.
Попробовал поискать отвт в поисковике. Всё что везде предлагается это только одно - закоментировать строку в конфиге NGINX - location ~ /\. {deny all;}.
Я не против это сделать, но её там нет. ))
Теперь по порядку. Вот что использую.
Настройки конфига в ней следующие
Nginx_1.19_server.conf
Это
Nginx_1.19_vhost.conf
Подключаю ещё свой для bitrix, хотя думаю возможно и без него и всё должно работать правильно со стандартными.
В браузере получаю соответственно ошибку к файлам папки - .default
Непосредственно с продуктом Битрекс работаю очень редко. И не могу сказать, что силён в экзотической настройке nginx? но так как потом переносить на сервер и настраивать мне, хотелось бы изначально понимать "где все подводные камни" )).
Что посоветуете, может кто ссылку скинет где почитать как исправить.
Заранее благодарен.
Понимаю что вопрос скорее всего "заезженный", но факт есть факт.
Попробовал поискать отвт в поисковике. Всё что везде предлагается это только одно - закоментировать строку в конфиге NGINX - location ~ /\. {deny all;}.
Я не против это сделать, но её там нет. ))
Теперь по порядку. Вот что использую.
Настройки конфига в ней следующие
Nginx_1.19_server.conf
Код |
---|
# ---------------------------- # General # ---------------------------- error_log '%sprogdir%/userdata/logs/%httpdriver%_error.log' warn; # debug, info, notice, warn, error, crit, alert, emerg pid '%sprogdir%/userdata/temp/nginx.pid'; worker_processes 1; events { multi_accept on; use poll; worker_connections 4096; } http { # ---------------------------- # MIME & charset # ---------------------------- include '%sprogdir%/userdata/config/nginx_mime_types.txt'; # charset utf-8; charset_types application/atom+xml application/json application/ld+json application/rss+xml application/geo+json application/xml application/rdf+xml application/javascript application/wasm application/manifest+json application/x-web-app-manifest+json text/cache-manifest text/css text/csv text/plain text/x-component text/markdown text/calendar text/vcard text/vtt application/rtf application/pdf application/x-x509-ca-cert application/xhtml+xml application/xslt+xml application/schema+json; default_type application/octet-stream; %httpcharset% # ---------------------------- # Logs # ---------------------------- log_format main '$host: $remote_addr [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"'; log_not_found on; log_subrequest off; #access_log /path/to/log combined buffer=32k flush=1s; %logstring% # ---------------------------- # Zones # ---------------------------- limit_conn_log_level warn; limit_conn_zone $binary_remote_addr zone=addr:16m; limit_req_log_level warn; limit_req_zone $binary_remote_addr zone=flood:16m rate=16r/s; # ---------------------------- # Buffers & hashes # ---------------------------- client_body_buffer_size 64k; client_header_buffer_size 2k; client_max_body_size 50m; http2_chunk_size 128k; large_client_header_buffers 8 4k; output_buffers 8 128k; postpone_output 1460; server_names_hash_bucket_size 64; server_names_hash_max_size 1024; types_hash_bucket_size 64; types_hash_max_size 1024; variables_hash_bucket_size 64; variables_hash_max_size 1024; # ---------------------------- # Cache # ---------------------------- # open_file_cache max=1000 inactive=60s; # open_file_cache_errors on; # open_file_cache_min_uses 1; # open_file_cache_valid 60s; open_log_file_cache max=10 inactive=1m valid=1m min_uses=1; # ---------------------------- # TCP & timeouts # ---------------------------- client_body_in_single_buffer on; client_body_timeout 30s; client_header_timeout 30s; http2_idle_timeout 2m; http2_recv_timeout 30s; ignore_invalid_headers off; keepalive_requests 1000; keepalive_timeout 2m 2m; max_ranges 1; reset_timedout_connection on; resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 valid=900s ipv6=off; resolver_timeout 10s; send_timeout 30s; server_name_in_redirect off; server_tokens off; tcp_nodelay on; tcp_nopush on; # ---------------------------- # Temp # ---------------------------- client_body_temp_path '%sprogdir%/userdata/temp' 1 2; fastcgi_temp_path '%sprogdir%/userdata/temp' 1 2; proxy_temp_path '%sprogdir%/userdata/temp' 1 2; scgi_temp_path '%sprogdir%/userdata/temp' 1 2; uwsgi_temp_path '%sprogdir%/userdata/temp' 1 2; # ---------------------------- # Gzip # ---------------------------- gzip on; gzip_buffers 128 4k; gzip_comp_level 6; gzip_min_length 1024; gzip_proxied any; gzip_static off; gzip_types application/atom+xml application/json application/ld+json application/rss+xml application/geo+json application/xml application/rdf+xml text/javascript application/wasm application/manifest+json application/x-web-app-manifest+json text/cache-manifest image/svg+xml font/woff font/woff2 application/vnd.ms-fontobject font/ttf font/collection font/otf text/css text/csv text/plain text/x-component text/markdown text/calendar text/vcard text/vtt application/rtf application/pdf application/x-x509-ca-cert application/xhtml+xml application/xslt+xml application/schema+json; gzip_vary on; # ---------------------------- # SSL # ---------------------------- ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256; ssl_dhparam "%sprogdir%/userdata/config/cert_files/dhparam.pem"; ssl_prefer_server_ciphers on; ssl_protocols TLSv1.2 TLSv1.3; ssl_session_cache shared:SSL:16m; ssl_session_tickets off; ssl_session_timeout 1d; ssl_stapling off; ssl_stapling_verify off; # ---------------------------- # PHP FastCGI # ---------------------------- fastcgi_connect_timeout 1s; fastcgi_buffering off; fastcgi_ignore_client_abort off; fastcgi_index index.php; fastcgi_intercept_errors on; fastcgi_param TEMP '%sprogdir%/userdata/temp'; fastcgi_param TMP '%sprogdir%/userdata/temp'; fastcgi_param TMPDIR '%sprogdir%/userdata/temp'; fastcgi_read_timeout 5m; fastcgi_send_timeout 5m; %streams% # ---------------------------- # Default host config # ---------------------------- server { listen %ip%:%httpport%; listen %ip%:%httpsport% ssl http2; root '%sprogdir%/modules/system/html/default'; limit_conn addr 64; autoindex off; index index.php index.html index.htm; ssl_certificate '%sprogdir%/userdata/config/cert_files/server.crt'; ssl_certificate_key '%sprogdir%/userdata/config/cert_files/server.key'; # ssl_trusted_certificate ''; # Service configuration (do not edit!) # ---------------------------- location /openserver/ { root '%sprogdir%/modules/system/html'; autoindex off; index index.php index.html index.htm; %allow%allow all; allow 127.0.0.0/8; allow ::1/128; allow %ips%; deny all; location ~* ^/openserver/.+\.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv|svgz?|ttf|ttc|otf|eot|woff2?)$ { expires 1d; access_log off; } location /openserver/server-status { stub_status on; } location ~ ^/openserver/.*\.php$ { try_files $fastcgi_script_name =404; fastcgi_index index.php; fastcgi_pass backend; include '%sprogdir%/userdata/config/nginx_fastcgi_params.txt'; } } # End service configuration # ---------------------------- } # ---------------------------- # End default host config # ---------------------------- |
Это
Nginx_1.19_vhost.conf
Код |
---|
# ---------------------------- # Host config # ---------------------------- server { include /akg-aktiv.ru/*.conf; listen %ip%:%httpport%; listen %ip%:%httpsport% ssl http2; server_name %host% %aliases%; root '%hostdir%'; limit_conn addr 64; autoindex off; index index.php index.html index.htm; ssl_certificate '%sprogdir%/userdata/config/cert_files/server.crt'; ssl_certificate_key '%sprogdir%/userdata/config/cert_files/server.key'; # ssl_trusted_certificate ''; # Force HTTPS # add_header Strict-Transport-Security 'max-age=2592000' always; # if ($scheme ~* ^(?!https).*$) { # return 301 https://$host$request_uri; # } # Force www.site.com => site.com # if ($host ~* ^www\.(.+)$) { # return 301 $scheme://$1$request_uri; # } # Disable access to backup/config/command/log files # if ($uri ~* ^.+\.(?:bak|co?nf|in[ci]|log|orig|sh|sql|tar|sql|t?gz|cmd|bat)$) { # return 404; # } # Disable access to hidden files/folders if ($uri ~* /\.(?!well-known)) { return 404; } # Disable MIME sniffing add_header X-Content-Type-Options 'nosniff' always; location ~* ^.+\.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv|svgz?|ttf|ttc|otf|eot|woff2?)$ { expires 1d; access_log off; } location / { # Force index.php routing (if not found) # try_files $uri $uri/ /index.php?$query_string; # Force index.php routing (all requests) # rewrite ^/(.*)$ /index.php?/$1 last; location ~ \.php$ { try_files $fastcgi_script_name =404; # limit_conn addr 16; # limit_req zone=flood burst=32 nodelay; # add_header X-Frame-Options 'SAMEORIGIN' always; # add_header Referrer-Policy 'no-referrer-when-downgrade' always; # CSP syntax: <host-source> <scheme-source>(http: https: dat a: mediastream: blob: filesystem:) 'self' 'unsafe-inline' 'unsafe-eval' 'none' # Content-Security-Policy-Report-Only (report-uri https://site.com/csp/) # add_header Content-Security-Policy "default-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; base-uri 'none'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests" always; fastcgi_pass backend; include '%sprogdir%/userdata/config/nginx_fastcgi_params.txt'; } } # Service configuration (do not edit!) # ---------------------------- location /openserver/ { root '%sprogdir%/modules/system/html'; autoindex off; index index.php index.html index.htm; %allow%allow all; allow 127.0.0.0/8; allow ::1/128; allow %ips%; deny all; location ~* ^/openserver/.+\.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv|svgz?|ttf|ttc|otf|eot|woff2?)$ { expires 1d; access_log off; } location /openserver/server-status { stub_status on; } location ~ ^/openserver/.*\.php$ { try_files $fastcgi_script_name =404; fastcgi_index index.php; fastcgi_pass backend; include '%sprogdir%/userdata/config/nginx_fastcgi_params.txt'; } } # End service configuration # ---------------------------- } # ---------------------------- # End host config # ---------------------------- |
Подключаю ещё свой для bitrix, хотя думаю возможно и без него и всё должно работать правильно со стандартными.
Код |
---|
server { listen 127.0.0.1:80; ssi on; gzip on; gzip_comp_level 7; gzip_types application/x-javascript application/javascript text/css; server_name test.ru www.test.ru; charset off; #disable_symlinks if_not_owner from=$root_path; index index.php; root $root_path; set $root_path /var/www/www-user/data/www/test; set $php_sock unix:/var/www/php-fpm/www-user.sock; access_log /var/www/httpd-logs/west-test.ru.access.log; error_log /var/www/httpd-logs/west-test.ru.error.log notice; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; client_max_body_size 1024M; client_body_buffer_size 4M; #кому не надо убирать у домена www это не пишем. между http:// и test.ru убрать пробел, парсер дурит :) if ($host = 'www.test.ru' ) { rewrite ^(.*)$ http://test.ru$1 permanent; } location / { try_files $uri $uri/ @bitrix; } location ~* /upload/.*\.(php|php3|php4|php5|php6|phtml|pl|asp|aspx|cgi|dll|exe|shtm|shtml|fcg|fcgi|fpl|asmx|pht|py|psp|rb|var)$ { types { text/plain text/plain php php3 php4 php5 php6 phtml pl asp aspx cgi dll exe ico shtm shtml fcg fcgi fpl asmx pht py psp rb var; } } location ~ \.php$ { try_files $uri @bitrix; fastcgi_pass $php_sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f admin@west-test.ru"; include fastcgi_params; } location @bitrix { fastcgi_pass $php_sock; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root/bitrix/urlrewrite.php; fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f admin@west-test.ru"; } location ~* /bitrix/admin.+\.php$ { try_files $uri @bitrixadm; fastcgi_pass $php_sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f admin@west-test.ru"; include fastcgi_params; } location @bitrixadm{ fastcgi_pass $php_sock; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root/bitrix/admin/404.php; fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f admin@west-test.ru"; } location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } # # block this locations for any installation # # ht(passwd|access) location ~* /\.ht { deny all; } # repositories location ~* /\.(svn|hg|git) { deny all; } # bitrix internal locations location ~* ^/bitrix/(modules|local_cache|stack_cache|managed_cache|php_interface) { deny all; } # upload files location ~* ^/upload/1c_[^/]+/ { deny all; } # use the file system to access files outside the site (cache) #location ~* /\.\./ { deny all; } location ~* ^/bitrix/html_pages/\.config\.php { deny all; } location ~* ^/bitrix/html_pages/\.enabled { deny all; } # Intenal locations location ^~ /upload/support/not_image { internal; } # Cache location: composite and general site location ~* @.*\.html$ { internal; # disable browser cache, php manage file expires -1y; add_header X-Bitrix-Composite "Nginx (file)"; } # Player options, disable no-sniff location ~* ^/bitrix/components/bitrix/player/mediaplayer/player$ { add_header Access-Control-Allow-Origin *; } # Accept access for merged css and js location ~* ^/bitrix/cache/(css/.+\.css|js/.+\.js)$ { expires 30d; error_page 404 /404.html; } # Disable access for other assets in cache location location ~* ^/bitrix/cache { deny all; } # Use nginx to return static content from s3 cloud storage # /upload/bx_cloud_upload/<schema>.<backet_name>.<s3_point>.amazonaws.com/<path/to/file> location ^~ /upload/bx_cloud_upload/ { location ~ ^/upload/bx_cloud_upload/(http[s]?)\.([^/:]+)\.(s3|s3-us-west-1|s3-eu-west-1|s3-ap-southeast-1|s3-ap-northeast-1)\.amazonaws\.com/(.+)$ { internal; resolver 8.8.8.8; proxy_method GET; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Server $host; #proxy_max_temp_file_size 0; proxy_pass $1://$2.$3.amazonaws.com/$4; } location ~* .*$ { deny all; } } # Static content location ~* ^/(upload|bitrix/images|bitrix/tmp) { expires 30d; } location ~* \.(css|js|gif|png|jpg|jpeg|ico|ogg|ttf|woff|eot|otf)$ { error_page 404 /404.html; expires 30d; } location = /404.html { access_log off ; } } |
В браузере получаю соответственно ошибку к файлам папки - .default
Непосредственно с продуктом Битрекс работаю очень редко. И не могу сказать, что силён в экзотической настройке nginx? но так как потом переносить на сервер и настраивать мне, хотелось бы изначально понимать "где все подводные камни" )).
Что посоветуете, может кто ссылку скинет где почитать как исправить.
Заранее благодарен.