Xenforo 1.5.2 Bug

[PlayStage]

Hello,

Firstly I'm using nginx 1.9.6 and PHP 5.6.
The problem is that I cannot use the friendly urls feature without breaking the basic functionalities: posting, reading topics.

The nginx vhost was configured to include [try_files $uri $uri/ /index.php?$uri&$args;]


Kind regards,
George.

 

[MattW]

        location / {
                try_files $uri $uri/ /index.php?$uri&$args;
                location /internal_data {
                        location ~ \.(data|html|php)$ {
                                internal;
                        }
                        internal;
                }
                location /library {
                        location ~ \.(default|html|php|txt|xml)$ {
                                internal;
                        }
                        internal;
                }
        }

Works fine.

 

[PlayStage]

Hello,

Using the rules you provided I'm getting 404 not found when posting something.

Kind regards,
George.

 

[Paul B]

Have you tried the config here https://xenforo.com/help/friendly-urls/ ?

I know we discussed it in the ticket but it wasn't clear whether you had or not.

 

[PlayStage]

Hello,

I did and the urls are properly rewritten but some software functions stopped working.
Disabling the url rewrite from ACP makes the post, moderate, read certain topics functions return to normal.

Kind regards,
George.

 

[Paul B]

I did and the urls are properly rewritten but some software functions stopped working.

Which functions?

If you mean any page other than the forum index fails to load, then that means the config isn't working.

Did you change the path to reflect where XenForo is installed, as it explains in the instructions?

 

[PlayStage]

Hello,

Here it is the full vhost content.

Spoiler: Vhost

server {
    listen        ***censored***:80;
    server_name    domain.tld www.domain.tld forum.domain.tld;
    return        301 https://www.domain.tld$request_uri;
}

server {
    listen ***censored***:443 ssl http2;
    server_name    forum.domain.tld;
    add_header    Strict-Transport-Security max-age=31536000;
    ssl on;
    ssl_certificate ***censored***;
    ssl_certificate_key ***censored***;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
    ssl_prefer_server_ciphers on;
    return        301 https://www.domain.tld$request_uri;
}

server {
    listen ***censored***:443 ssl http2;
    server_name    domain.tld;
    add_header    Strict-Transport-Security max-age=31536000;
    ssl on;
    ssl_certificate ***censored***;
    ssl_certificate_key ***censored***;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
    ssl_prefer_server_ciphers on;
    return        301 https://www.$server_name$request_uri;
}

server {
    listen ***censored***:443 ssl http2;
   
    root ***censored***;
    index index.php index.html index.htm;
    server_name    www.domain.tld;
   
    add_header    Strict-Transport-Security max-age=31536000;
    ssl on;
    ssl_certificate ***censored***;
    ssl_certificate_key ***censored***;
   
    #enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated.
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   
    #Disables all weak ciphers
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
    ssl_prefer_server_ciphers on;
   
    location / {
        try_files $uri $uri/ /index.php?$uri&$args;
        default_type text/html;
       
        if ($http_origin ~ "^(https://cdn.domain.tld|https://www.domain.tld)$") {
            add_header "Access-Control-Allow-Origin" $http_origin;
        }
       
        if ($query_string ~ "base64_encode.*\(.*\)") {
            return 403;
        }
       
        if ($query_string ~* "(\<|%3C).*script.*(\>|%3E)") {
            return 403;
        }
       
        if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") {
            return 403;
        }
       
        if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") {
            return 403;
        }
       
        location /internal_data {
            location ~ \.(data|html|php)$ {
                internal;
        }
            internal;
        }
       
        location /library {
            location ~ \.(default|html|php|txt|xml)$ {
                internal;
        }
            internal;
        }
    }
   
    location ~ /\. {
        deny all;
    }
   
    location ~* \.(?:manifest|appcache)$ {
        expires -1;
        open_file_cache off;
        access_log off;
    }
   
    location ~* ^.+\.(?:css|cur|js|jpeg|gif|htc|ico|png|otf|ttf|eot|woff|svg)$ {
        expires 15d;
        access_log off;
        add_header Pragma public;
        add_header Cache-Control "public, must-revalidate, proxy-revalidate";

        open_file_cache max=3000 inactive=120s;
        open_file_cache_valid 45s;
        open_file_cache_min_uses 3;
        open_file_cache_errors off;
    }
   
    location ~ \.php$ {
        try_files $uri =404;
       
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        include fastcgi_params;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_max_temp_file_size 0;
        fastcgi_buffer_size 4K;
        fastcgi_buffers 64 4k;
        fastcgi_pass unix:/***censored***/php-fpm.sock;
    }
}

Kind regards,
George.