UNA nginx rewrite rules

client_max_body_size 200M; # file upload limit

location / {
    index index.html index.htm index.php;

    rewrite "^/path-to-una/page/(.*)$" /path-to-una/page.php?i=$1 last;
    rewrite "^/path-to-una/m/(.*)$" /path-to-una/modules/index.php?r=$1 last;
    rewrite "^/path-to-una/s/([a-zA-Z0-9_]+)/([a-zA-Z0-9\.]+)" /path-to-una/storage.php?o=$1&f=$2 last;

    if (!-e $request_filename ) {
        rewrite  ^/path-to-una/(.+)$  /path-to-una/r.php?_q=$1  last;
        break;
    }
 }

# deny access to hidden files
location ~ /path-to-una/(\.ht|\.git) {
    deny  all;
}

# deny access to specific folders
location ~ ^/path-to-una/(cache/|storage/|logs/|plugins/|tmp/) {
    deny  all;
}

 #nginx

 

  • 7708
  • More
Replies (65)
    • Try to play with chmod/chown and look to error log

      • Hi everyone. I'm trying to install una on my cloud host and the audit gave the green light on everything except the rewrite (which admittedly - I'm completely lost on). I don't know where I'm supposed to put the rewrite code and what of that code I'm supposed to change to my info. I have access through the SSH, but don't want to break anything since I don't know what I'm doing with that part... is there  somewhere that shows more documentation or guidance than just the rule?

        • Hello Danielle !

          If your site has the working links like UNA_url/page/discussions-home then no need to worry about this message of rewrite module, because it is often to hard the detect it with PHP tools.

          • Hi - wondering if you can help -- have installed UNA on a AWS nginx server --all good -  have run the scrip and ran the rewrite rules -- my UNA application files are in the "opt/bitnami/nginx/html" folder and my code below to set the rewrite rules was added to replace the original "location" block in the "nginx.conf" file within the "opt/bitnami/nginx/conf" folder - the added code is as follow:

            location / {
            index index.html index.htm index.php;
            rewrite "^/html/page/(.*)$" /html/page.php?i=$1 last;
            rewrite "^/html/m/(.*)$" /html/modules/index.php?r=$1 last;
            rewrite "^/html/s/([a-zA-Z0-9_]+)/([a-zA-Z0-9\.]+)" /html/storage.php?o=$1&f=$2 last;
            if (!-e $request_filename ) {
            rewrite ^/html/(.+)$ /html/r.php?_q=$1 last;
            break;
            }
            }

            All works fine when I point to //myserver/index.php - I see the homepage and can login to my "Studio" page as well -- but every time I try to do something else, it points me to a "/page/....." location - for example if I go to "Dashboard' then it points me to //myserver/page/dashboard and I get a "404 Not Found"

            Is there anything I am missing - how can I make it so it loads all pages requested without the error? - is there anything wrong in the code?

            Thank you

            • Please try to remove "html/" from your rewrite rules.

              • Thanks Alex it works!

                • Just another quick question Alex  - all is working fine now and have been able to get some users on and posting away - I noticed that if I try to "customize" my Design Protean with new design it causes nginx error "502 bad gateway"  - this happens after changing the design to another Protean style which I have created (PS I have also clear the CSS cache as per instrutions) -- is there anything wrong in the settings that I need to adjust?  - thanks again

                  • Just another quick question Alex  - all is working fine now and have been able to get some users on and posting away - I noticed that if I try to "customize" my Design Protean with new design it causes nginx error "502 bad gateway"  - this happens after changing the design to another Protean style which I have created (PS I have also clear the CSS cache as per instrutions) -- is there anything wrong in the settings that I need to adjust?  - thanks again

                    Please create separate thread for another problem, and also specify more info, such as php error log, and what you changed particularly.

                    • I am getting 504 Gateway Time-out when I am trying to go into the Studio for the first time.

                      image_transcoder.php?o=bx_froala_image&h=4807&dpx=1&t=1614679822

                      Please advise

                      • I remember the problem in lost space in rule code. Just read it careful you find it.

                        • Sorry:  I do not know where to look...

                          • Hello UnitekSystemsLtd !

                            The first step with error 504 - check the load of the processor and memory. Maybe there is a lack of resources.

                            • UNA is a VM with 4 cores and 64GB Memory.  and 500GB SSD.  The Mysql {MariaDB} is on a separate VM with the same spec.  The CPUs are running at 0% in Hyper-V.  Should not be CPU or Memory

                              I am running v12.0.0.0 - has anyone installed this version?

                                • I have been through that code and there is no difference to what you are showing...

                                  • You loose this game) With Una you need to be more attentive and patience than other. 

                                    • I already tried that;  I get the same issue...does not make a diference

                                      • I am getting 504 Gateway Time-out when I am trying to go into the Studio for the first time. 

                                        Any ideas?

                                        • Add full config I try to look.

                                          • I can only copy a screen shot; as this is a VM on a remote server:  I am using RDP and Hyper-V to get the terminal windows...

                                            image_transcoder.php?o=bx_froala_image&h=4812&dpx=1&t=1614727948

                                            Also trying this as I am trying to get the SSL to work:  my problem here is I installed it with http:// on the installation.  I need to find the MySql table to I can change this to https://..........  

                                            image_transcoder.php?o=bx_froala_image&h=4814&dpx=1&t=1614728579

                                            • header.inc.php edit in /inc/

                                              • Thanks for that :)

                                                • Clear files on cache folder. Clear browser cache and try to login studio. 

                                                  • I cleared my browser cache.  

                                                    rm /var/www/xyz.com/html/cache/*.* has been executed

                                                    I still have the same issue

                                                      • I fixed the 504 Gateway Time-out by adding fastcgi_read_timeout 300

                                                        But The Studio is very slow... Why!?

                                                        image_transcoder.php?o=bx_froala_image&h=4820&dpx=1&t=1614797551

                                                        I ran a Server Audit:  and get this FAIL

                                                        image_transcoder.php?o=bx_froala_image&h=4821&dpx=1&t=1614800141

                                                        • If you look from rdp its normal to be slow! 

                                                          • I am on my laptop; not via RDP.  The performance is very slow in Studio only.   so I need too add another location to the nginx configuration for studio?

                                                            • check full audit clear cache idk Wharton be slow maybe you have old laptop) with bad cooling or another software

                                                              • And if you use it on shared hosting!

                                                                • nothing to do with the laptop...  this is a performance issue on the Debian server.  not the laptop I am using

                                                                  • Than concentrate on server settings i think that's not una. 

                                                                    • below is my current /etc/nginx/sites-available

                                                                      Issues I am having - any ideas?:

                                                                      • Performance in Studio:  this was fixed by adding 127.0.01 <domain name> in /etc/hosts/
                                                                      • Images after uploaded are not displaying properly

                                                                      image_transcoder.php?o=bx_froala_image&h=4829&dpx=1&t=1614918528

                                                                      • the storage folder:  does that folder structure seem correct.  all the folders under bx_persons_pictures seem to go 3 folders deep.  and there is no images in any of the folders.  Any ideas?

                                                                        image_transcoder.php?o=bx_froala_image&h=4832&dpx=1&t=1614931211

                                                                        • Yes, it is. It was made to prevent the work of Linux limit on 32K of files in the 1 folder.

                                                                          • Where do I put this rewrite code? What file do I change? I'm using cpanel.

                                                                            I tried putting it in nginx.conf and it said that it rebuilt with errors

                                                                            • Hello Genesis !

                                                                              Usually, it is closed to edit the nginx.conf file via CPanel. You need to ask your hosting provider about it.

                                                                              • A quick late add on this, if you are using plesk, from your site, go to your websites and then Hosting and DNS and then Apache & nginx Settings and put them in the Additional nginx directives

                                                                                • Alex T⚜️ I am using plesk with apache proxy off. I got everything working, but when I open Apps market it will take forever to install an app and sometimes it will be done, I will see the fastcgi error in the log, wheel still going, and refresh and module will be there,. Also if I go into notifications I sometimes get 504 when it goes to load the settings. This lets me know I am still dealing with an issue. Here are my current NGINX directives: 

                                                                                  location / {

                                                                                      index index.html index.htm index.php;

                                                                                      rewrite "^/page/(.*)$" /page.php?i=$1 last;

                                                                                      rewrite "^/m/(.*)$" /modules/index.php?r=$1 last;

                                                                                      rewrite "^/s/([a-zA-Z0-9_]+)/([a-zA-Z0-9\.]+)" /storage.php?o=$1&f=$2 last;

                                                                                      if (!-e $request_filename ) {

                                                                                          rewrite  ^/(.+)$  /r.php?_q=$1  last;

                                                                                          break;

                                                                                      }

                                                                                  }

                                                                                  # PROXY SETTINGS

                                                                                  proxy_buffer_size          128k;

                                                                                  proxy_buffers              4 256k;

                                                                                  proxy_busy_buffers_size    256k;

                                                                                  # FASTCGI

                                                                                  fastcgi_buffers 16 16k;

                                                                                  fastcgi_buffer_size 32k;

                                                                                  sesion time

                                                                                  proxy_connect_timeout 900;

                                                                                  proxy_send_timeout 900;

                                                                                  fastcgi_send_timeout 900;

                                                                                  fastcgi_read_timeout 900;

                                                                                  gzip off;

                                                                                  brotli on;

                                                                                  Is there anything I may be missing. You can see everything I have done in my plesk discussion here: https://una.io/page/view-discussion?id=8594 the error what I get with this is the fastcgi upstream error when it is installing apps from the studio. Or if anyone else has had experience with PLESK and NGINX that has ran into similar issues. 

                                                                                  • Kyle it maybe outgoing connections are restricted on your server, this maybe a reason, while you get connection timeout in Studio > Apps Market

                                                                                    • Alex T⚜️ It is after it is downloaded. They download fine and quick, it is when you are going to install them after. It will just spin past my 900S timeout it seems and when I refresh it will be there and show installed. The other area I get an issue is in profile notification settings. When going to load it, it takes forever and then 504 error. These are the only two areas thankfully I noticed an issue. I want to reinstall notifications again but afraid to, I do not want to mess anything up at this point. Got the site finally up to a workable state. I did add proxy_buffering on; to my directive just in case. Seen some fixes and that one was what I had but with the added line of it being on. I figured it would be on by default. Should I be safe to uninstall notifications and reinstall it? 

                                                                                      • hello, i have installed the NGINX module, but i dont know what i have to do or were i get the Infos, what the module need , maybe someone can help me please

                                                                                        • In settings you have to enter the URL to the server that runs nginx. nginx listens to port 1935. Make sure that this port is open and not blocked by a firewall for in and out communication. The application name is the name which configures your nginx server. In the examle config for nginx server of UNA its name is "app". https://github.com/unaio/una/wiki/Streams

                                                                                          Source pattern is nothing else as the then following configuration for the nginx server as given in the example, I guess.

                                                                                          mpeg-dash streaming and hls streaming are optional if you configure them in source pattern. You don't need them, if you don't want those options.

                                                                                          nginx stats can also be configured as described in the wiki of UNA, in the lower part of the description.

                                                                                          "General" is for configuration of the UNA streaming module in frontend.

                                                                                          • Sources Pattern does only fit for OME and has no effect on nginx, right @Alex T⚜️ ? nginx has to be setup in its server config file directly, also right?

                                                                                            Just for clarification.

                                                                                            • it isn't correct, Sources Pattern need to be always specified for both OME and Nginx.

                                                                                              If you want to discuss it further, please create separate discussion, since it's separate subject.

                                                                                              • I'll do so, because eplanation in your wiki entry about the difference between streaming server config and sources pattern in Stream module settings is confusing.

                                                                                                • ‍ I'm trying to make a complete example for UNA app nginx web server, everyone is invited to join. It seems that UNA employees are not willing to post a complete and functional example of nginx web server. Any suggestion is welcome

                                                                                                  ‍ ‍

                                                                                                  • Hello @Olariu Romeo Vicentiu !

                                                                                                    Could you plz provide us with any examples of not-working things from the @Alex T⚜️ solutions?

                                                                                                    • I didn't say that the example wouldn't be good, I just said that it's not complete, and a complete configuration example is needed, it only offers the nginx rewrite rules, not a full config

                                                                                                      • CORS Configuration for NGINX and S3 Integration

                                                                                                        We are currently working on integrating Amazon S3 with our NGINX server configuration, specifically for the /storage location. To ensure that we can load resources from both our own site and S3 without encountering CORS issues, we need your guidance on the correct CORS header configuration.

                                                                                                        Could you please provide us with detailed instructions on how to set up the necessary CORS headers in NGINX? Specifically, we would like to know how to:

                                                                                                        1. Allow requests from our website as well as the S3 bucket from the origin we setup in our websites
                                                                                                        2. Specify the appropriate HTTP methods and headers that should be permitted.
                                                                                                        3. Properly handle preflight requests.

                                                                                                        Your expertise on this matter would be greatly appreciated, as we want to ensure a smooth integration without any CORS-related problems.

                                                                                                        I already tray:

                                                                                                        location /storage {
                                                                                                          # Proxy requests to your S3 bucket
                                                                                                          proxy_pass https://your-s3-bucket.s3.amazonaws.com;
                                                                                                        
                                                                                                          # Set CORS headers
                                                                                                          add_header 'Access-Control-Allow-Origin' 'https://your-website.com https://your-s3-bucket.s3.amazonaws.com';
                                                                                                          add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
                                                                                                          add_header 'Access-Control-Allow-Headers' '*';
                                                                                                          add_header 'Access-Control-Allow-Credentials' 'true';
                                                                                                        
                                                                                                          # Handle preflight requests
                                                                                                          if ($request_method = OPTIONS) {
                                                                                                            add_header 'Access-Control-Allow-Origin' 'https://your-website.com https://your-s3-bucket.s3.amazonaws.com';
                                                                                                            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
                                                                                                            add_header 'Access-Control-Allow-Headers' '*';
                                                                                                            add_header 'Content-Length' 0;
                                                                                                            return 204;
                                                                                                          }
                                                                                                        }
                                                                                                        

                                                                                                        o also tray with caddy this config:

                                                                                                        # CORS Config Block Directive
                                                                                                        (cors) {
                                                                                                            @cors_preflight {
                                                                                                                method OPTIONS
                                                                                                            }
                                                                                                            @corsOrigin {
                                                                                                                header_regexp Origin ^https?://({$AWS_CUSTOM_DOMAIN}|[a-zA-Z0-9-]+\.)*{$AWS_BUCKET}\.{$AWS_REGION}\.{$AWS_ENDPOINT}$|^https?://localhost(:[0-9]+)?$|^https?://({$DOMAIN_WHITELIST})$
                                                                                                            }
                                                                                                        
                                                                                                            handle @cors_preflight {
                                                                                                                header {
                                                                                                                    Access-Control-Allow-Origin "{http.request.header.Origin}"
                                                                                                                    Access-Control-Allow-Credentials true
                                                                                                                    Access-Control-Allow-Headers "*"
                                                                                                                    Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE"
                                                                                                                    Access-Control-Max-Age "3600"
                                                                                                                    Vary Origin
                                                                                                                    defer
                                                                                                                }
                                                                                                                respond "" 204
                                                                                                            }
                                                                                                        
                                                                                                            handle @corsOrigin {
                                                                                                                header {
                                                                                                                    Access-Control-Allow-Origin "{http.request.header.Origin}"
                                                                                                                    Access-Control-Allow-Credentials true
                                                                                                                    Access-Control-Expose-Headers "*"
                                                                                                                    Vary Origin
                                                                                                                    defer
                                                                                                                }
                                                                                                            }
                                                                                                        }
                                                                                                        

                                                                                                        then:

                                                                                                        www.exemple.com
                                                                                                              # Reverse Proxy
                                                                                                              handle {
                                                                                                                    encode zstd gzip
                                                                                                        			import cors
                                                                                                                    reverse_proxy localhost:8080 {
                                                                                                                          header_up X-Forwarded-Port {http.request.port}
                                                                                                                          header_up X-Real-IP {remote_host}
                                                                                                                    }
                                                                                                              }
                                                                                                        

                                                                                                        in

                                                                                                        .env

                                                                                                        DOMAIN_WHITELIST="www.exemple.com|onesignal.com|google.com|www.google.com|youtube.com|www.youtube.coms|s3.us-east-005.backblazeb2.com"
                                                                                                        ################################################################################
                                                                                                        ### AWS/CDN-SPECIFIC SETTINGS
                                                                                                        ################################################################################
                                                                                                        
                                                                                                        # The name of your AWS S3 bucket (or equivalent bucket name for another provider)
                                                                                                        # Example: "your_bucket_name"
                                                                                                        AWS_BUCKET=mybucket
                                                                                                        
                                                                                                        # The endpoint for your bucket (Amazon S3 or alternative services like Wasabi, Backblaze, etc.)
                                                                                                        # Example: "s3.us-east-1.amazonaws.com"
                                                                                                        AWS_ENDPOINT=s3.us-east-005.backblazeb2.com
                                                                                                        
                                                                                                        # The region where your bucket is located
                                                                                                        # Example: "us-east-1"
                                                                                                        AWS_REGION=us-east-005
                                                                                                        

                                                                                                        but I have a message in google chrome from CORB blocking requests

                                                                                                        Thank you for your help!

                                                                                                        Best regards,

                                                                                                        Login or Join to comment.