SSL only in admin.php nginx

[Sheratan]

I'm trying to get SSL only in admin.php So far the nginx configuration is work. admin.php serve in SSL. But there is a problem.

When I try to disable addon in admin.php SSL mode, the addon cannot be disabled. The search box is somehow broken too.



This is a snip from my nginx conf (server block)

server {
...
    location ~/admin\.php$ {
        rewrite ^ https://$http_host$request_uri? permanent;
    }
...
}

server {
    listen 443;
    server_name localhost;

    root /usr/share/nginx/html;
    index index.php index.html index.htm;
    server_tokens off;

    ssl on;
    ssl_certificate /tempat_ssl/server.crt;
    ssl_certificate_key /tempat_ssl/server.key;

    ssl_session_timeout 5m;

    ssl_protocols SSLv3 TLSv1;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
    ssl_prefer_server_ciphers on;


    location ~/admin\.php$ {
        auth_basic "Staff Only";
        auth_basic_user_file /htpasswd/path;
        try_files $uri =404;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }

    location / {
        rewrite ^ http://$http_host$request_uri? permanent;
        #try_files $uri $uri/ =404;
    }

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }

...
}

Debian 7, nginx 1.4.4 dotdeb

Anyway, it's a self signed SSL

 

[Floren]

That looks like a lot of copy/paste from Internet, without understanding what you are doing.
For starters... you are using regex and an expensive rewrite rule, when you already know exactly what you need to do as action:

location ~/admin\.php$ {
    rewrite ^ https://$http_host$request_uri? permanent;
}

Should be:

location = /admin.php {
    return 301 https://www.mydomain.com$request_uri;
}

You are doing a redirect loop for location /, inside your SSL server.
You are defining fastcgi_index, when you deal with admin.php as well any .php file.
Also, some bad person reading your configuration could hack your server if they know what they are doing.
80% of your configuration is wrong, unfortunately. I strongly recommend you to stop guessing and start reading the Nginx documentation. Yes, you do need to read a lot, if you want to use Nginx properly. Start with a local server where you can test your configurations and look at the data sent in between your browser and server. There is no such thing as "copy/paste and get it working in 5 minutes" solution in Nginx.

 

[Sheratan]

That looks like a lot of copy/paste from Internet, without understanding what you are doing.
For starters... you are using regex and an expensive rewrite rule, when you already know exactly what you need to do as action:

location ~/admin\.php$ {
    rewrite ^ https://$http_host$request_uri? permanent;
}

Should be:

location = /admin.php {
    return 301 https://www.mydomain.com$request_uri;
}

You are doing a redirect loop for location /, inside your SSL server.
You are defining fastcgi_index, when you deal with admin.php as well any .php file.
Also, some bad person reading your configuration could hack your server if they know what they are doing.
80% of your configuration is wrong, unfortunately. I strongly recommend you to stop guessing and start reading the Nginx documentation. Yes, you do need to read a lot, if you want to use Nginx properly. There is no such thing as "copy/paste and get it working in 5 minutes" solution in Nginx.

Well it's a closed server (virtualbox inside my home computer)

But thanks for the information.

 

[Floren]

Great, you did the right thing testing it locally. Bravo, not many people do this.