Support

Admin Tools

#28048 How do I enable access to login.php in nginx.conf?

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Tuesday, 01 August 2017 17:17 CDT

Friday, 30 June 2017 08:46 CDT

user91085
I'm using ActiveHelper which tries to access its server component at /components/com_activehelper_livehelp/server/services/login.php
I have put /components/com_activehelper_livehelp/server into the exceptions list for php execution

However, when I enter the full URL of the login.php file, my browser tries to download it instead of having it execute on the server.

What do I have to set in order to allow it to be executed?

Please use the same login information that you used for ticket 27980.

Thanks!

Friday, 30 June 2017 09:53 CDT

nicholas
I already replied to that since June 21st, in your other ticket. Let me remind you:

you should ask your host exactly WHAT the block to directly access a .php file is because it'd seem that just "fastcgi_pass unix:/var/run/php/php7.0-fpm.sock" doesn't cut it. This is the part that's 100% host specific and I cannot possibly guess. Also that's the first thing I'd try.


I can tell you what I needed to use for the NginX setup I create on Windows from scratch, just to reply to your ticket #27980, as I already told you on June 27th:

I wanted to be super extra sure so I set up NginX from scratch on my Windows 10 computer as well using the barebones official binaries. I still cannot reproduce this issue. I can tell you, however, that I noticed something interesting there. I had to change the fastcgi_pass code block setting to have both the fastcgi_pass localhost:9123 and the include fastcgi_params lines. Otherwise I'd get a 403 Forbidden. So, if you cannot find something that causes a redirection maybe try modifying the fastcgi_pass code block as well.


To cut a long story short, my FastCGI pass block reads:

fastcgi_pass 127.0.0.1:9170;
fastcgi_index index.php;
include fastcgi_params;


Remember that this was on Windows, hence the need to use a TCP/IP port instead of a UNIX pipe. You can use a UNIX pipe like you do without a problem. The differenciating factor for me was the need to include the fastcgi_params file. The fastcgi_params file is the one shipped with NginX and it's described in NginX's documentation page "PHP FastCGI Example". As we tell you in our documentation this is the only FastCGI setup we can test with and support. Anything else will require you to manually edit the generated NginX configuration file.

Do note that adding a file into the list for directly accessible .php files simply creates a location rule with an exact match to the file path you specified, the contents of with are the FastCGI pass block you have configured in NginX Conf Maker followed by a single break; directive to stop the processing of any further rules. In short, it doesn't have any logic that we have built in. It simply uses your defined path with your defined FastCGI block.

As I've been telling you for well over a week, your FastCGI block is wrong. Can you please stop asking us -who have NOT set up your server- and ask your host exactly what you should put in there? I can only tell you what you need to put in the servers I built and/or manage myself - including the MAMP Pro installations I told you about in the other ticket.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 30 June 2017 09:58 CDT

nicholas
BTW, port 9170 is from a later iteration of my NginX server on Windows 10. I am running PHP FastCGI for PHP 5.3, 5.4, 5.5, 5.6, 7.0 and 7.1 at ports 9153, 9154, 9155, 9156, 9170 and 9171 respectively. I use PHP 7.0 as the default, hence port 9170. The old reply mentioned port 9123 because that was the test port I had originally set up (again for PHP 7.0).

I am just mentioning that since it's an inconsistency in my reply that might throw you off or, worse, make you think that I don't know what I am saying. No, I just kept working on that server config to have multiple PHP versions switched automatically based on the hostname. If I access my site as dev3.local53.web it runs on PHP 5.3. If access it as dev3.local56.web it runs under PHP 5.6. You get the idea. The part between local and .web is extracted in a variable which is used in the FastCGI Pass Block to dynamically tell NginX which PHP FastCGI to connect to. It has a few kinks and gotchas (mostly because HTTPS requires loading the certificate before you can declare variables, making this solution only work for HTTP) hence me not having yet written a tutorial about it.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 30 June 2017 12:39 CDT

user91085
Nicholas,
I do not think you don't know what you're doing, in fact very grateful for your contributions to the Joomla ecosystem. However we do talk past each other apparently. For example the code snippet for your FastCGI block example of

fastcgi_pass 127.0.0.1:9170;
fastcgi_index index.php;
include fastcgi_params;

is actually the same (except for using a UNIX port) as the settings in my server, including the use of the distributed fastcgi_params file. It's just that I set mine at the site level instead of the location level, and Nginx uses a hierarchical setting model where that still applies. The reason I did this is that the location directives that serve up Joomla pages are now all in the nginx.conf file that your code creates. Based on how Nginx works, I could modify the setup easily to include the other two lines by entering them in the box in your wizard however I would expect no difference in behavior since there aren't any overrides in your file.

I'm including the latest versions of my config files where all that is visible, perhaps you're looking at something older from the start of my first ticket that is causing you think that I'm ignoring you. On your instructions I simplified everything and left it all up to your nginx.conf file.

I am the host here, there is no other host: enki is a cloud provider so we use our own VMs. I have an nginx expert on staff even if I'm not one. He sees no problems either in the setup of nginx or the server (yet.) He's working on the redirect issue that prevents the Front End Protection from working. However, neither of us has any idea why that login.php file is downloaded instead of run, which is why I asked your help in that since the nginx.conf file is what controls interpretation of files in the Joomla folder structure.

This weekend I'll change the log setting on my nginx to try to find the cause of the redirect.

Sunday, 02 July 2017 10:16 CDT

nicholas
Again, I have to repeat myself about what is obviously wrong. You have this DIRECTLY under server:
fastcgi_index index.php;
include fastcgi_params;

You also don't have anything in your server setup which tells NginX how to parse .php files. Compare that to my WORKING setup:
server {
	listen		80;
	server_name	my.server.name;
	root   		/path/to/root;
	
	include "/path/to/root/nginx.conf";

	location ~ \.php$ {
		fastcgi_pass   127.0.0.1:9170;
		fastcgi_index  index.php;
		fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
		include        fastcgi_params;
	}

	location ~ /\.ht {
		deny  all;
	}
}


Key point 1: Include the generated nginx.conf file right after defining the server hostname and root.

Key point 2: Immediately after include a block which tells NginX how to parse .php files.

Key point 3: Add all custom redirections, access control, etc right after.

That's how all my NginX servers are set up and I had no problem with any of them.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 01 August 2017 17:17 CDT

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!