Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
VladlenO2020-12-13 17:30:15
Nginx
VladlenO, 2020-12-13 17:30:15

How to isolate directories in nginx?

Good day and night.

Nowhere can I find such a feature as in Apache, where in one line a function is written that prohibits listing and adding files to a directory higher than the registered directory in virtual hosts. I tried to create different users in the system itself and assign directories to them, but listing and adding files via upload works above the assigned hosts in nginx.

here is an example of one of the virtual hosts

server {
        server_name ****.****net;
        root  /var/www/shop;
        index index.php;
        # add_header Access-Control-Allow-Origin *;
        # serve static files directly
        add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
  set_real_ip_from  192.168.0.102;
  real_ip_header    X-Real-IP;
    location = /sitemap.xml {
    	rewrite ^(.*)$ /index.php?route=feed/google_sitemap break; 
  	} 

  location = /googlebase.xml {
    rewrite ^(.*)$ /index.php?route=feed/google_base break; 
  } 

  location / {
  # This try_files directive is used to enable SEO-friendly URLs for OpenCart
  try_files $uri $uri/ @opencart;
  }

  location @opencart {
    rewrite ^/(.+)$ /index.php?_route_=$1 last;
  }

        location ~* \.php$ {
        try_files $uri = 404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }

    location ~ /\.ht {
                deny all;
        }

#    listen 443 ssl; # managed by Certbot
#    ssl_certificate /etc/letsencrypt/live/****.****.net/fullchain.pem; # managed by Certbot
#    ssl_certificate_key /etc/letsencrypt/live/****.****.net/privkey.pem; # managed by Certbot
#    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
#    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
server {
  listen 80;
  listen [::]:80;
    return 301 https://$server_name;
  server_name ****.****.net);
  root /var/www/shop;
  index index.html;

  location / {
    try_files $uri $uri/ =404;
  }
}
server {
    if ($host = ****.****.net) {
        return 301 https://$host$request_uri;
    } # managed by Certbot
        listen 443;
        server_name ****;
    return 404; # managed by Certbot
}

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
R
Roman Sokolov, 2020-12-13
@jimquery

Those. you have root /var/www/shop, and files are uploaded via php to /var/www?
At a minimum, in this case, check the owner and rights to the /var/www directory and from which user the nginx, php-fpm processes are running (should not be root).

Similar questions
M
Maxim2018-01-19 14:57:23
What are null commands in mysql? 2Reply
D
Daniel Newman2017-07-06 17:58:58
No more static in nginx, what should I do? 0Reply
V
Vadim2015-08-01 01:43:51
How to select one route with http on a site with https? 2Reply
R
redersmp2019-12-08 16:07:35
Convert htaccess to nginx config? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question