UNA nginx rewrite rules

client_max_body_size 200M; # file upload limit

location / {
    index index.html index.htm index.php;

    rewrite "^/path-to-una/page/(.*)$" /path-to-una/page.php?i=$1 last;
    rewrite "^/path-to-una/m/(.*)$" /path-to-una/modules/index.php?r=$1 last;
    rewrite "^/path-to-una/s/([a-zA-Z0-9_]+)/([a-zA-Z0-9\.]+)" /path-to-una/storage.php?o=$1&f=$2 last;

    if (!-e $request_filename ) {
        rewrite  ^/path-to-una/(.+)$  /path-to-una/r.php?_q=$1  last;
        break;
    }
 }

# deny access to hidden files
location ~ /path-to-una/(\.ht|\.git) {
    deny  all;
}

# deny access to specific folders
location ~ ^/path-to-una/(cache/|storage/|logs/|plugins/|tmp/) {
    deny  all;
}

 #nginx

 

  • More
Replies (75)
    • Sorry:  I do not know where to look...

      • Hello UnitekSystemsLtd !

        The first step with error 504 - check the load of the processor and memory. Maybe there is a lack of resources.

        • UNA is a VM with 4 cores and 64GB Memory.  and 500GB SSD.  The Mysql {MariaDB} is on a separate VM with the same spec.  The CPUs are running at 0% in Hyper-V.  Should not be CPU or Memory

          I am running v12.0.0.0 - has anyone installed this version?

            • I have been through that code and there is no difference to what you are showing...

              • You loose this game) With Una you need to be more attentive and patience than other. 

                • I already tried that;  I get the same issue...does not make a diference

                  • I am getting 504 Gateway Time-out when I am trying to go into the Studio for the first time. 

                    Any ideas?

                    • Add full config I try to look.

                      • I can only copy a screen shot; as this is a VM on a remote server:  I am using RDP and Hyper-V to get the terminal windows...

                        image_transcoder.php?o=bx_froala_image&h=4812&dpx=1&t=1614727948

                        Also trying this as I am trying to get the SSL to work:  my problem here is I installed it with http:// on the installation.  I need to find the MySql table to I can change this to https://..........  

                        image_transcoder.php?o=bx_froala_image&h=4814&dpx=1&t=1614728579

                        • header.inc.php edit in /inc/

                          • Thanks for that :)

                            • Clear files on cache folder. Clear browser cache and try to login studio. 

                              • I cleared my browser cache.  

                                rm /var/www/xyz.com/html/cache/*.* has been executed

                                I still have the same issue

                                  • I fixed the 504 Gateway Time-out by adding fastcgi_read_timeout 300

                                    But The Studio is very slow... Why!?

                                    image_transcoder.php?o=bx_froala_image&h=4820&dpx=1&t=1614797551

                                    I ran a Server Audit:  and get this FAIL

                                    image_transcoder.php?o=bx_froala_image&h=4821&dpx=1&t=1614800141

                                    • If you look from rdp its normal to be slow! 

                                      • I am on my laptop; not via RDP.  The performance is very slow in Studio only.   so I need too add another location to the nginx configuration for studio?

                                        • check full audit clear cache idk Wharton be slow maybe you have old laptop) with bad cooling or another software

                                          • And if you use it on shared hosting!

                                            • nothing to do with the laptop...  this is a performance issue on the Debian server.  not the laptop I am using

                                              • Than concentrate on server settings i think that's not una. 

                                                • below is my current /etc/nginx/sites-available

                                                  Issues I am having - any ideas?:

                                                  • Performance in Studio:  this was fixed by adding 127.0.01 <domain name> in /etc/hosts/
                                                  • Images after uploaded are not displaying properly

                                                  image_transcoder.php?o=bx_froala_image&h=4829&dpx=1&t=1614918528

                                                  • the storage folder:  does that folder structure seem correct.  all the folders under bx_persons_pictures seem to go 3 folders deep.  and there is no images in any of the folders.  Any ideas?

                                                    image_transcoder.php?o=bx_froala_image&h=4832&dpx=1&t=1614931211

                                                    • Yes, it is. It was made to prevent the work of Linux limit on 32K of files in the 1 folder.

                                                      • Where do I put this rewrite code? What file do I change? I'm using cpanel.

                                                        I tried putting it in nginx.conf and it said that it rebuilt with errors

                                                        • Hello Genesis !

                                                          Usually, it is closed to edit the nginx.conf file via CPanel. You need to ask your hosting provider about it.

                                                          • A quick late add on this, if you are using plesk, from your site, go to your websites and then Hosting and DNS and then Apache & nginx Settings and put them in the Additional nginx directives

                                                            • Alex T⚜️ I am using plesk with apache proxy off. I got everything working, but when I open Apps market it will take forever to install an app and sometimes it will be done, I will see the fastcgi error in the log, wheel still going, and refresh and module will be there,. Also if I go into notifications I sometimes get 504 when it goes to load the settings. This lets me know I am still dealing with an issue. Here are my current NGINX directives: 

                                                              location / {

                                                                  index index.html index.htm index.php;

                                                                  rewrite "^/page/(.*)$" /page.php?i=$1 last;

                                                                  rewrite "^/m/(.*)$" /modules/index.php?r=$1 last;

                                                                  rewrite "^/s/([a-zA-Z0-9_]+)/([a-zA-Z0-9\.]+)" /storage.php?o=$1&f=$2 last;

                                                                  if (!-e $request_filename ) {

                                                                      rewrite  ^/(.+)$  /r.php?_q=$1  last;

                                                                      break;

                                                                  }

                                                              }

                                                              # PROXY SETTINGS

                                                              proxy_buffer_size          128k;

                                                              proxy_buffers              4 256k;

                                                              proxy_busy_buffers_size    256k;

                                                              # FASTCGI

                                                              fastcgi_buffers 16 16k;

                                                              fastcgi_buffer_size 32k;

                                                              sesion time

                                                              proxy_connect_timeout 900;

                                                              proxy_send_timeout 900;

                                                              fastcgi_send_timeout 900;

                                                              fastcgi_read_timeout 900;

                                                              gzip off;

                                                              brotli on;

                                                              Is there anything I may be missing. You can see everything I have done in my plesk discussion here: https://una.io/page/view-discussion?id=8594 the error what I get with this is the fastcgi upstream error when it is installing apps from the studio. Or if anyone else has had experience with PLESK and NGINX that has ran into similar issues. 

                                                              • Kyle it maybe outgoing connections are restricted on your server, this maybe a reason, while you get connection timeout in Studio > Apps Market

                                                                • Alex T⚜️ It is after it is downloaded. They download fine and quick, it is when you are going to install them after. It will just spin past my 900S timeout it seems and when I refresh it will be there and show installed. The other area I get an issue is in profile notification settings. When going to load it, it takes forever and then 504 error. These are the only two areas thankfully I noticed an issue. I want to reinstall notifications again but afraid to, I do not want to mess anything up at this point. Got the site finally up to a workable state. I did add proxy_buffering on; to my directive just in case. Seen some fixes and that one was what I had but with the added line of it being on. I figured it would be on by default. Should I be safe to uninstall notifications and reinstall it? 

                                                                  • hello, i have installed the NGINX module, but i dont know what i have to do or were i get the Infos, what the module need , maybe someone can help me please

                                                                    • In settings you have to enter the URL to the server that runs nginx. nginx listens to port 1935. Make sure that this port is open and not blocked by a firewall for in and out communication. The application name is the name which configures your nginx server. In the examle config for nginx server of UNA its name is "app". https://github.com/unaio/una/wiki/Streams

                                                                      Source pattern is nothing else as the then following configuration for the nginx server as given in the example, I guess.

                                                                      mpeg-dash streaming and hls streaming are optional if you configure them in source pattern. You don't need them, if you don't want those options.

                                                                      nginx stats can also be configured as described in the wiki of UNA, in the lower part of the description.

                                                                      "General" is for configuration of the UNA streaming module in frontend.

                                                                      • Sources Pattern does only fit for OME and has no effect on nginx, right @Alex T⚜️ ? nginx has to be setup in its server config file directly, also right?

                                                                        Just for clarification.

                                                                        • it isn't correct, Sources Pattern need to be always specified for both OME and Nginx.

                                                                          If you want to discuss it further, please create separate discussion, since it's separate subject.

                                                                          • I'll do so, because eplanation in your wiki entry about the difference between streaming server config and sources pattern in Stream module settings is confusing.

                                                                            • ‍ I'm trying to make a complete example for UNA app nginx web server, everyone is invited to join. It seems that UNA employees are not willing to post a complete and functional example of nginx web server. Any suggestion is welcome

                                                                              ‍ ‍

                                                                              • Hello @Olariu Romeo Vicentiu !

                                                                                Could you plz provide us with any examples of not-working things from the @Alex T⚜️ solutions?

                                                                                • I didn't say that the example wouldn't be good, I just said that it's not complete, and a complete configuration example is needed, it only offers the nginx rewrite rules, not a full config

                                                                                  • CORS Configuration for NGINX and S3 Integration

                                                                                    We are currently working on integrating Amazon S3 with our NGINX server configuration, specifically for the /storage location. To ensure that we can load resources from both our own site and S3 without encountering CORS issues, we need your guidance on the correct CORS header configuration.

                                                                                    Could you please provide us with detailed instructions on how to set up the necessary CORS headers in NGINX? Specifically, we would like to know how to:

                                                                                    1. Allow requests from our website as well as the S3 bucket from the origin we setup in our websites
                                                                                    2. Specify the appropriate HTTP methods and headers that should be permitted.
                                                                                    3. Properly handle preflight requests.

                                                                                    Your expertise on this matter would be greatly appreciated, as we want to ensure a smooth integration without any CORS-related problems.

                                                                                    I already tray:

                                                                                    location /storage {
                                                                                      # Proxy requests to your S3 bucket
                                                                                      proxy_pass https://your-s3-bucket.s3.amazonaws.com;
                                                                                    
                                                                                      # Set CORS headers
                                                                                      add_header 'Access-Control-Allow-Origin' 'https://your-website.com https://your-s3-bucket.s3.amazonaws.com';
                                                                                      add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
                                                                                      add_header 'Access-Control-Allow-Headers' '*';
                                                                                      add_header 'Access-Control-Allow-Credentials' 'true';
                                                                                    
                                                                                      # Handle preflight requests
                                                                                      if ($request_method = OPTIONS) {
                                                                                        add_header 'Access-Control-Allow-Origin' 'https://your-website.com https://your-s3-bucket.s3.amazonaws.com';
                                                                                        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
                                                                                        add_header 'Access-Control-Allow-Headers' '*';
                                                                                        add_header 'Content-Length' 0;
                                                                                        return 204;
                                                                                      }
                                                                                    }
                                                                                    

                                                                                    o also tray with caddy this config:

                                                                                    # CORS Config Block Directive
                                                                                    (cors) {
                                                                                        @cors_preflight {
                                                                                            method OPTIONS
                                                                                        }
                                                                                        @corsOrigin {
                                                                                            header_regexp Origin ^https?://({$AWS_CUSTOM_DOMAIN}|[a-zA-Z0-9-]+\.)*{$AWS_BUCKET}\.{$AWS_REGION}\.{$AWS_ENDPOINT}$|^https?://localhost(:[0-9]+)?$|^https?://({$DOMAIN_WHITELIST})$
                                                                                        }
                                                                                    
                                                                                        handle @cors_preflight {
                                                                                            header {
                                                                                                Access-Control-Allow-Origin "{http.request.header.Origin}"
                                                                                                Access-Control-Allow-Credentials true
                                                                                                Access-Control-Allow-Headers "*"
                                                                                                Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE"
                                                                                                Access-Control-Max-Age "3600"
                                                                                                Vary Origin
                                                                                                defer
                                                                                            }
                                                                                            respond "" 204
                                                                                        }
                                                                                    
                                                                                        handle @corsOrigin {
                                                                                            header {
                                                                                                Access-Control-Allow-Origin "{http.request.header.Origin}"
                                                                                                Access-Control-Allow-Credentials true
                                                                                                Access-Control-Expose-Headers "*"
                                                                                                Vary Origin
                                                                                                defer
                                                                                            }
                                                                                        }
                                                                                    }
                                                                                    

                                                                                    then:

                                                                                    www.exemple.com
                                                                                          # Reverse Proxy
                                                                                          handle {
                                                                                                encode zstd gzip
                                                                                    			import cors
                                                                                                reverse_proxy localhost:8080 {
                                                                                                      header_up X-Forwarded-Port {http.request.port}
                                                                                                      header_up X-Real-IP {remote_host}
                                                                                                }
                                                                                          }
                                                                                    

                                                                                    in

                                                                                    .env

                                                                                    DOMAIN_WHITELIST="www.exemple.com|onesignal.com|google.com|www.google.com|youtube.com|www.youtube.coms|s3.us-east-005.backblazeb2.com"
                                                                                    ################################################################################
                                                                                    ### AWS/CDN-SPECIFIC SETTINGS
                                                                                    ################################################################################
                                                                                    
                                                                                    # The name of your AWS S3 bucket (or equivalent bucket name for another provider)
                                                                                    # Example: "your_bucket_name"
                                                                                    AWS_BUCKET=mybucket
                                                                                    
                                                                                    # The endpoint for your bucket (Amazon S3 or alternative services like Wasabi, Backblaze, etc.)
                                                                                    # Example: "s3.us-east-1.amazonaws.com"
                                                                                    AWS_ENDPOINT=s3.us-east-005.backblazeb2.com
                                                                                    
                                                                                    # The region where your bucket is located
                                                                                    # Example: "us-east-1"
                                                                                    AWS_REGION=us-east-005
                                                                                    

                                                                                    but I have a message in google chrome from CORB blocking requests

                                                                                    Thank you for your help!

                                                                                    Best regards,

                                                                                    • You don't need to configure AWS S3 this way, UNA already has S3 storage support, for details please refer this doc:

                                                                                      https://unacms.com/wiki/Remote-Storage

                                                                                      • I am particularly interested in the configuration for Caddy as a reverse proxy and Nginx as a proxy. My goal is to limit requests to only what is necessary to enhance security. I will provide a complete configuration on GitHub and share the link for you to review.

                                                                                        • Great point. Very interested in seeing how this is going to work. Thanks @Coozila! Lab for bringing this up and @Alex T⚜️ for your input on this.

                                                                                          • So I'm having a problem with this. It does not seem to work at all, and I can't understand why. It's the only thing I'm having trouble with. I would love any help anyone can give me.

                                                                                            Here's a link to my config: https: // pastebin . com/EBkuBNKm

                                                                                            (remove the spaces, as my membership won't allow me to post links)

                                                                                            image_transcoder.php?o=sys_images_editor&h=2397&dpx=1&t=1735612668

                                                                                            • Path to UNA means path to UNA in query string, for example

                                                                                              Please replace the following in you nginx config

                                                                                                  location / {
                                                                                                    index index.html index.htm index.php;
                                                                                               
                                                                                                    rewrite "^/var/www/tavrn.social/page/(.*)$" /var/www/tavrn.social//page.php?i=$1 last;
                                                                                                    rewrite "^/var/www/tavrn.social/m/(.*)$" /var/www/tavrn.social/modules/index.php?r=$1 last;
                                                                                                    rewrite "^/var/www/tavrn.social/s/([a-zA-Z0-9_]+)/([a-zA-Z0-9\.]+)" /var/www/tavrn.social/storage.php?o=$1&f=$2 last;
                                                                                               
                                                                                                    if (!-e $request_filename ) {
                                                                                                      rewrite ^/var/www/tavrn.social/(.+)/var/www/tavrn.social/r.php?_q=$1 last;
                                                                                                      break;
                                                                                                    }
                                                                                                   }
                                                                                               
                                                                                                  # deny access to hidden files
                                                                                                  location ~ /var/www/tavrn.social/(\.ht|\.git) {
                                                                                                    deny all;
                                                                                                  }
                                                                                               
                                                                                                  # deny access to specific folders
                                                                                                  location ~ ^/var/www/tavrn.social/(cache/|storage/|logs/|plugins/|tmp/) {
                                                                                                    deny all;
                                                                                                  }
                                                                                              

                                                                                              with the following

                                                                                                  location / {
                                                                                                    index index.html index.htm index.php;
                                                                                               
                                                                                                    rewrite "^/page/(.*)$" /page.php?i=$1 last;
                                                                                                    rewrite "^/m/(.*)$" /modules/index.php?r=$1 last;
                                                                                                    rewrite "^/s/([a-zA-Z0-9_]+)/([a-zA-Z0-9\.]+)" /storage.php?o=$1&f=$2 last;
                                                                                               
                                                                                                    if (!-e $request_filename) {
                                                                                                      rewrite ^/(.+)/r.php?_q=$1 last;
                                                                                                      break;
                                                                                                    }
                                                                                                   }
                                                                                               
                                                                                                  # deny access to hidden files
                                                                                                  location ~ /(\.ht|\.git) {
                                                                                                    deny all;
                                                                                                  }
                                                                                               
                                                                                                  # deny access to specific folders
                                                                                                  location ~ ^/(cache/|storage/|logs/|plugins/|tmp/) {
                                                                                                    deny all;
                                                                                                  }
                                                                                              
                                                                                              • That fixed that issue. Now on to the image transcoder not working lol

                                                                                                Thank you very much :)

                                                                                                • I guess you need to apply this solution now: https://unacms.com/cmts-view/1nzuaie?sys=bx_forum&cmt_id=48562

                                                                                                  • Hi, everybody! Thanks to the UNA TEAM! And also thanks to all the people that are helping others! In my case I install everything, and follow the instructions but always the CSS doesn´t appear, any ideas why it is showing that way? Really appreciate your help!

                                                                                                    image_transcoder.php?o=sys_images_editor&h=2481&dpx=2&t=1738763756

                                                                                                    This is my nginx:

                                                                                                    Can´t pass my config file: Your current membership (Standard) doesn't allow you to 'Post links'.

                                                                                                    image_transcoder.php?o=sys_images_editor&h=2482&dpx=2&t=1738764562

                                                                                                    Any ideas?

                                                                                                    Thanks!

                                                                                                    • Hello @Test Socraci !

                                                                                                      It appears that this situation frequently occurs when the installation has been configured for an HTTPS domain, but the site is currently operating over HTTP. Could you kindly verify if the site URL specified in the inc/header.inc.php file reflects the correct and current value?

                                                                                                      • Hi @LeonidS ! Thank you so much for your answer! Yes, it is configured well:

                                                                                                        image_transcoder.php?o=sys_images_editor&h=2483&dpx=2&t=1738844030

                                                                                                        something else?

                                                                                                        Again thanks a lot!

                                                                                                        Login or Join to comment.