nginx reverse proxy and apache2 Access denied

June 29, 2018 114 views
Nginx Apache

Hi guys
I got stuck on a problem since long time now. here is the error I get

[Sat Jun 30 04:44:55.379880 2018] [proxy_fcgi:error] [pid 5671] [client 192.168.1.6:46876] AH01071: Got error 'Access to the script 'redirect:/index.php/catalog' has been denied (see security.limit_extensions)\n', referer: https://akii.nc/admin85/index.php?controller=AdminInvoices&token=9f29e159a770e5fcbb43cf0b2a87f947

So to explain about my infrastructure, I'm running nginx as reverse proxy on edge of my network, I am hosting a Prestashop website on a apache2 server runing php7.0-fpm.

After investigations I found this :

cat /etc/php/7.0/fpm/pool.d/www.conf|grep security.limit_extensions
security.limit_extensions = .php .php3 .php4 .php5 .php7 .php7.0 .html .htm .shtml

But still not working.
Here are my nginx conf :

server {
    listen   80;
        server_name     akii.nc;
        return 301 https://akii.nc$request_uri;
}
server {
    listen 443;
    server_name akii.nc;

    error_log /var/log/nginx/nar.access.log;

    ssl on;
    ssl_certificate /etc/nginx/ssl/akii_net/ssl-bundle.crt;
    ssl_certificate_key /etc/nginx/ssl/akii_net/_akii_net.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # dont use SSLv3 ref: POODLE

    set $upstream 192.168.1.5;

    location / {
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass_header Authorization;
        proxy_pass http://$upstream:8880;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        proxy_buffering off;
        client_max_body_size 0;
        proxy_read_timeout 36000s;
        proxy_redirect off;
    }
}

And here are my Apache conf:

000-default.conf
<VirtualHost *:8080>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        ProxyPassMatch ^/(.*\.php(/.*)?)$ unix:/run/php/php7.0-fpm.sock|fcgi://localhost:8880/var/www/nar
</VirtualHost>

akii.nc.conf
<VirtualHost *:8880>
    ServerName akii.nc
    DocumentRoot /var/www/nar
        ErrorLog ${APACHE_LOG_DIR}/nar_error.log
        CustomLog ${APACHE_LOG_DIR}/nar_access.log combined
    <Directory /var/www/nar>
        AllowOverride All
    </Directory>
</VirtualHost>

Any help on that problem would be appreciate.

1 Answer

@akaiispam

I think you need to remove proxy_redirect off; from your nginx configuration file, restart nginx and try again.

  • same result. the error message is in apache2 logs don't know if it helps

    • Why is the other vhost in apache2? You need to configure the vhost with port 8880 to serve php files using php-fpm, this page might help, check step 5.

      • I forgot to mention that I m running web server apache on a raspbian stretch and where I can't install libapache2-mod-fastcgi which is not present in stretch repo.
        I tried to follow your advice but still get the Access Denied error

Have another answer? Share your knowledge.