1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL only in admin.php nginx

Discussion in 'Server Configuration and Hosting' started by Sheratan, Dec 20, 2013.

  1. Sheratan

    Sheratan Well-Known Member

    I'm trying to get SSL only in admin.php So far the nginx configuration is work. admin.php serve in SSL. But there is a problem.

    When I try to disable addon in admin.php SSL mode, the addon cannot be disabled. The search box is somehow broken too.

    upload_2013-12-20_9-52-3.png

    This is a snip from my nginx conf (server block)
    Code:
    server {
    ...
        location ~/admin\.php$ {
            rewrite ^ https://$http_host$request_uri? permanent;
        }
    ...
    }
    
    server {
        listen 443;
        server_name localhost;
    
        root /usr/share/nginx/html;
        index index.php index.html index.htm;
        server_tokens off;
    
        ssl on;
        ssl_certificate /tempat_ssl/server.crt;
        ssl_certificate_key /tempat_ssl/server.key;
    
        ssl_session_timeout 5m;
    
        ssl_protocols SSLv3 TLSv1;
        ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
        ssl_prefer_server_ciphers on;
    
    
        location ~/admin\.php$ {
            auth_basic "Staff Only";
            auth_basic_user_file /htpasswd/path;
            try_files $uri =404;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
        }
    
        location / {
            rewrite ^ http://$http_host$request_uri? permanent;
            #try_files $uri $uri/ =404;
        }
    
        location ~ \.php$ {
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_index index.php;
            include fastcgi_params;
        }
    
    ...
    }
    Debian 7, nginx 1.4.4 dotdeb

    Anyway, it's a self signed SSL
     
  2. Floren

    Floren Well-Known Member

    That looks like a lot of copy/paste from Internet, without understanding what you are doing.
    For starters... you are using regex and an expensive rewrite rule, when you already know exactly what you need to do as action:
    Code:
    location ~/admin\.php$ {
        rewrite ^ https://$http_host$request_uri? permanent;
    }
    Should be:
    Code:
    location = /admin.php {
        return 301 https://www.mydomain.com$request_uri;
    }
    You are doing a redirect loop for location /, inside your SSL server.
    You are defining fastcgi_index, when you deal with admin.php as well any .php file.
    Also, some bad person reading your configuration could hack your server if they know what they are doing.
    80% of your configuration is wrong, unfortunately. I strongly recommend you to stop guessing and start reading the Nginx documentation. Yes, you do need to read a lot, if you want to use Nginx properly. Start with a local server where you can test your configurations and look at the data sent in between your browser and server. There is no such thing as "copy/paste and get it working in 5 minutes" solution in Nginx.
     
    Sheratan likes this.
  3. Sheratan

    Sheratan Well-Known Member

    Well it's a closed server (virtualbox inside my home computer)

    But thanks for the information. :)
     
    Floren likes this.
  4. Floren

    Floren Well-Known Member

    Great, you did the right thing testing it locally. Bravo, not many people do this. :)
     

Share This Page