Updated efforts
Today attempt 1: installing Processwire on MyWebApp
Result 1: has same error
Steps taken:
- updating Yunohost to 11.2.9.1
- installing processwire via MyWebApp
This tells me:
- @ericg Your package nginx has similar trouble to the default PW install
- Confims this is a Processwire-Yunohost Nginx config compatibility issue
Today attempt 2: edit nginx file to add recommended specs from this forum post
Result 2: has same error
Steps taken:
- tinkered with the nginx config at
/etc/nginx/conf.d/subdomain.tld/processwire.conf
I left @ericg’s code intact, but added comments and extra instructions from the recommended nginx config on the processwire forums (linked in earlier post).
Here is the full processwire.conf as I ended up using it:
#sub_path_only rewrite ^/$ / permanent;
location / {
# Path to source
alias /var/www/processwire/;
index index.php index.html;
# Common parameter to increase upload size limit in conjunction with dedicated php-fpm file
client_max_body_size 100M;
try_files $uri $uri/ index.php;
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php/php8.2-fpm-processwire.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $request_filename;
}
# Block access to any file or directory that begins with a period
location ~ /\. {
deny all;
}
location ~ /(COPYRIGHT|LICENSE|README|htaccess)\.txt {
deny all;
}
# Block access to protected assets directories
location ~ ^/site(-[^/]+)?/assets/(.*\.php|backups|cache|config|install|logs|sessions) {
deny all;
}
# Block access to the /site/install/ directory
location ~ ^/site(-[^/]+)?/install {
deny all;
}
# Block access to /wire/config.php, /site/config.php, /site/config-dev.php, and /wire/index.config.php
location ~ ^/(site(-[^/]+)?|wire)/(config(-dev)?|index\.config)\.php {
deny all;
}
# Block access to any PHP files in core or core module directories
location ~ ^/wire/(core|modules)/.*\.(php|inc|tpl|module)$ {
deny all;
}
location ~ ^/(site(-[^/]+)?|wire)/templates(-admin)?/.*\.(inc|html?|php|tpl) {
deny all;
}
# -----------------------------------------------------------------------------------------------
# Access Restrictions: Protect ProcessWire system files
# -----------------------------------------------------------------------------------------------
# Block access to ProcessWire system files
location ~ \.(inc|info|module|sh|sql)$ {
deny all;
}
# Block access to the /site/install/ directory
location ~ ^/(site|site-[^/]+)/install($|/.*$) {
deny all;
}
# Block dirs in /site/assets/ dirs that start with a hyphen
location ~ ^/(site|site-[^/]+)/assets.*/-.+/.* {
deny all;
}
# Block access to any PHP-based files in /templates-admin/
location ~ ^/(wire|site|site-[^/]+)/templates-admin($|/|/.*\.(php|html?|tpl|inc))$ {
deny all;
}
# Block access to any PHP or markup files in /site/templates/
location ~ ^/(site|site-[^/]+)/templates($|/|/.*\.(php|html?|tpl|inc))$ {
deny all;
}
# Block access to any PHP files in /site/assets/
location ~ ^/(site|site-[^/]+)/assets($|/|/.*\.php)$ {
deny all;
}
# Block access to any PHP files in core or core module directories
location ~ ^/wire/(core|modules)/.*\.(php|inc|tpl|module)$ {
deny all;
}
# Block access to any PHP files in /site/modules/
location ~ ^/(site|site-[^/]+)/modules/.*\.(php|inc|tpl|module)$ {
deny all;
}
# Block access to any software identifying txt files
location ~ ^/(COPYRIGHT|INSTALL|README|htaccess)\.(txt|md)$ {
deny all;
}
# Block all http access to the default/uninstalled site-default directory
location ~ ^/site-default/ {
deny all;
}
# Amplify dashboard
location /nginx_status {
stub_status on;
allow 127.0.0.1;
deny all;
}
# -----------------------------------------------------------------------------------------------
# If the request is for a static file, then set expires header and disable logging.
# Give control to ProcessWire if the requested file or directory is non-existing.
# -----------------------------------------------------------------------------------------------
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|eot|woff|ttf)$ {
expires 15d;
log_not_found off;
access_log off;
try_files $uri $uri/ /index.php?it=$uri&$query_string;
}
# -----------------------------------------------------------------------------------------------
# ProCache Rules
# -----------------------------------------------------------------------------------------------
set $cache_uri $request_uri;
if ($request_method = POST) {
set $cache_uri 'nocache';
}
if ($http_cookie ~* "wires_challenge") {
set $cache_uri 'nocache';
}
if ($http_cookie ~* "persist") {
set $cache_uri 'nocache';
}
# -----------------------------------------------------------------------------------------------
# This location processes all other requests. If the request is for a file or directory that
# physically exists on the server, then load the file. Else give control to ProcessWire.
# -----------------------------------------------------------------------------------------------
location / {
expires -1;
try_files /site/assets/ProCache-b3d534d...d/$cache_uri/index.html $uri $uri/ /index.php?it=$uri&$args;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/example.com-error.log error;
error_page 404 /index.php;
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
}
Next planned steps
This post My Webapp: Pointing domain to /public subfolder - #2 by tituspijean by @Nadine seems to have a similar issue, which was resolved with some re-write rules. Perhaps I’ll do some digging around rewrite rules next. idk.
My questions
- Does anything jump out in the nginx config above as definitely wrong or broken?
- Could a re-write rule help nginx find the admin login at
mydomain.tld/processwire
Thank you for reading.
Any ideas you have about what might be worth exploring would be very welcome.