1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Xenforo 1.5.2 Bug

Discussion in 'Server Configuration and Hosting' started by Set3sh, Nov 5, 2015.

  1. Set3sh

    Set3sh Active Member

    Hello,

    Firstly I'm using nginx 1.9.6 and PHP 5.6.
    The problem is that I cannot use the friendly urls feature without breaking the basic functionalities: posting, reading topics.

    The nginx vhost was configured to include [try_files $uri $uri/ /index.php?$uri&$args;]


    Kind regards,
    George.
     
  2. MattW

    MattW Well-Known Member

    Code:
            location / {
                    try_files $uri $uri/ /index.php?$uri&$args;
                    location /internal_data {
                            location ~ \.(data|html|php)$ {
                                    internal;
                            }
                            internal;
                    }
                    location /library {
                            location ~ \.(default|html|php|txt|xml)$ {
                                    internal;
                            }
                            internal;
                    }
            }
    Works fine.
     
  3. Set3sh

    Set3sh Active Member

    Hello,

    Using the rules you provided I'm getting 404 not found when posting something.

    Kind regards,
    George.
     
  4. Brogan

    Brogan XenForo Moderator Staff Member

  5. Set3sh

    Set3sh Active Member

    Hello,

    I did and the urls are properly rewritten but some software functions stopped working.
    Disabling the url rewrite from ACP makes the post, moderate, read certain topics functions return to normal.

    Kind regards,
    George.
     
  6. Brogan

    Brogan XenForo Moderator Staff Member

    Which functions?

    If you mean any page other than the forum index fails to load, then that means the config isn't working.

    Did you change the path to reflect where XenForo is installed, as it explains in the instructions?
     
  7. Set3sh

    Set3sh Active Member

    Hello,

    Here it is the full vhost content.

    Code:
    server {
        listen        ***censored***:80;
        server_name    domain.tld www.domain.tld forum.domain.tld;
        return        301 https://www.domain.tld$request_uri;
    }
    
    server {
        listen ***censored***:443 ssl http2;
        server_name    forum.domain.tld;
        add_header    Strict-Transport-Security max-age=31536000;
        ssl on;
        ssl_certificate ***censored***;
        ssl_certificate_key ***censored***;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
        ssl_prefer_server_ciphers on;
        return        301 https://www.domain.tld$request_uri;
    }
    
    server {
        listen ***censored***:443 ssl http2;
        server_name    domain.tld;
        add_header    Strict-Transport-Security max-age=31536000;
        ssl on;
        ssl_certificate ***censored***;
        ssl_certificate_key ***censored***;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
        ssl_prefer_server_ciphers on;
        return        301 https://www.$server_name$request_uri;
    }
    
    server {
        listen ***censored***:443 ssl http2;
       
        root ***censored***;
        index index.php index.html index.htm;
        server_name    www.domain.tld;
       
        add_header    Strict-Transport-Security max-age=31536000;
        ssl on;
        ssl_certificate ***censored***;
        ssl_certificate_key ***censored***;
       
        #enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated.
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
       
        #Disables all weak ciphers
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
        ssl_prefer_server_ciphers on;
       
        location / {
            try_files $uri $uri/ /index.php?$uri&$args;
            default_type text/html;
           
            if ($http_origin ~ "^(https://cdn.domain.tld|https://www.domain.tld)$") {
                add_header "Access-Control-Allow-Origin" $http_origin;
            }
           
            if ($query_string ~ "base64_encode.*\(.*\)") {
                return 403;
            }
           
            if ($query_string ~* "(\<|%3C).*script.*(\>|%3E)") {
                return 403;
            }
           
            if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") {
                return 403;
            }
           
            if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") {
                return 403;
            }
           
            location /internal_data {
                location ~ \.(data|html|php)$ {
                    internal;
            }
                internal;
            }
           
            location /library {
                location ~ \.(default|html|php|txt|xml)$ {
                    internal;
            }
                internal;
            }
        }
       
        location ~ /\. {
            deny all;
        }
       
        location ~* \.(?:manifest|appcache)$ {
            expires -1;
            open_file_cache off;
            access_log off;
        }
       
        location ~* ^.+\.(?:css|cur|js|jpeg|gif|htc|ico|png|otf|ttf|eot|woff|svg)$ {
            expires 15d;
            access_log off;
            add_header Pragma public;
            add_header Cache-Control "public, must-revalidate, proxy-revalidate";
    
            open_file_cache max=3000 inactive=120s;
            open_file_cache_valid 45s;
            open_file_cache_min_uses 3;
            open_file_cache_errors off;
        }
       
        location ~ \.php$ {
            try_files $uri =404;
           
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            include fastcgi_params;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_max_temp_file_size 0;
            fastcgi_buffer_size 4K;
            fastcgi_buffers 64 4k;
            fastcgi_pass unix:/***censored***/php-fpm.sock;
        }
    }
    


    Kind regards,
    George.
     

Share This Page