Score:1

Nginx Server with multiple applications on sub-directories

ph flag

My team has a server we use for internal tools and tests. It has a subdomain pointing to it: myserver.mycompany.com. What we're trying to achieve is to have multiple applications, each with under a sub-directory. I.e.:

  • myserver.mycompany.com - generic entry page
  • myserver.mycompany.com/redmine our internal redmine (a ruby on rails server)
  • myserver.mycompany.com/opensocial a drupal website we are currently testing (a php-fpm application)

I've managed to get redmine to work under the sub-directory but not the drupal website on the sub-directory.

Any suggestions?

Here's a simplified version of my default vhost:

server {
    
    # server name and ssl stuff

    root /var/www/html;

    ## REDMINE
    location ~ ^/redmine(/.*|$) {
            alias /opt/redmine/public$1;
            passenger_base_uri /redmine;
            passenger_app_root /opt/redmine;
            passenger_document_root /opt/redmine/public;
            passenger_enabled on;
    }
    ## END REDMINE


    ## START Open Social
    location ~ ^/opensocial(/.*|$) {

            alias /var/www/opensocial/html$1;
            index index.php;

            location ~ ^/opensocial(/.*|$) {
                    try_files $uri /index.php?$query_string; # For Drupal >= 7
            }

            # From nginx's drupal config
            location ~ '\.php$|^/update.php' {
                    fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
                    # Ensure the php file exists. Mitigates CVE-2019-11043
                    try_files $fastcgi_script_name =404;
                    # Security note: If you're running a version of PHP older than the
                    # latest 5.3, you should have "cgi.fix_pathinfo = 0;" in php.ini.
                    # See http://serverfault.com/q/627903/94922 for details.
                    include fastcgi_params;
                    # Block httpoxy attacks. See https://httpoxy.org/.
                    fastcgi_param HTTP_PROXY "";
                    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                    fastcgi_param PATH_INFO $fastcgi_path_info;
                    fastcgi_param QUERY_STRING $query_string;
                    fastcgi_intercept_errors on;
                    # PHP 7 socket location.
                    fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
            }

    }
    ## END OF Open Social

Thanks

Score:0
ph flag

Based on @symcbean answer, I created a proxy server for each application.

My problem now is 404s on internal links and resources from the drupal website, but I guess that's an application problem.

Here's my new vhost:

server {

        # server name and ssl stuff

        root /var/www/html;

        location /redmine {
                proxy_pass http://127.0.0.1:8000;
        }

        location /opensocial {
                proxy_pass http://127.0.0.1:8001;
        }

}

## REDMINE
server {
        listen 127.0.0.1:8000;
        root /opt/redmine/public;
        passenger_base_uri /redmine;
        passenger_app_root /opt/redmine;
        passenger_document_root /opt/redmine/public;
        passenger_enabled on;
}


## OPEN SOCIAL
server {
        listen 127.0.0.1:8001;
        root /var/www/opensocial/html;

        location / {
                try_files $uri /index.php?$query_string;
        }

        location ~ '\.php$|^/update.php' {
                fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
                # Ensure the php file exists. Mitigates CVE-2019-11043
                try_files $fastcgi_script_name =404;
                # Security note: If you're running a version of PHP older than the
                # latest 5.3, you should have "cgi.fix_pathinfo = 0;" in php.ini.
                # See http://serverfault.com/q/627903/94922 for details.
                include fastcgi_params;
                # Block httpoxy attacks. See https://httpoxy.org/.
                fastcgi_param HTTP_PROXY "";
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param PATH_INFO $fastcgi_path_info;
                fastcgi_param QUERY_STRING $query_string;
                fastcgi_intercept_errors on;
                # PHP 7 socket location.
                fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        }


}

Please comment if you there's anything I can do better.

Score:0
ws flag

This is mostly comment (but space limited in the comment box)

I've managed to get redmine to work under the sub-directory but not the drupal website

What happened at the browser when you tried to access the drupal URLs? What did your logs say?

location ~ ^/opensocial(/.*|$) {
            alias /var/www/opensocial/html$1;

this is horrible. I'm guessing that you really REALLY want to manage the paths to the 2 applications independently. Is there a VERY GOOD reason you don't just use

location /opensocial {

?

While you're using a similar pattern for redmine you do have it installed in a different location. I'm not familiar with how passenger works, but would have expected the passenger_base_uri to make the regex and alias redundant.

Personally I would have gone with 3 separate server{} instances and put a proxy on ports 80 & 443 - the overhead from the additional hop is negligible and there are benefits of scaling, security and management.

RAMIREZ avatar
ph flag
For the error and logs: I get a 404 with ```*1 open() "/var/www/html/index.php" failed (2: No such file or directory)```. For the horrible part: no good reason, just plain noobness. xD Idk how to configure the 3 servers + proxy: I'll investigate and revert back. Thanks for your answer
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.