• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved nginx doesn't respect location settings

C

conformist

New Pleskian
Hi! I'm setting up redmine with telegram plugin which required of manually setup nginx rules for specific location.
Here is the project GitHub - centosadmin/redmine_telegram_common: Redmine Telegram Common plugin
I have to add this block into apache&nginx settings in Additional nginx directives:
Code: 
server {
  ...

  # Setup redmine public page
  root /var/www/redmine/public;

  # closing webogram from external queries
  location /plugin_assets/redmine_telegram_common/webogram {   
    allow   127.0.0.1; 
    deny    all;
  }
}
while this block is nested by server I need to delete server section and adding only location (without root). So, if I save this — from server itself curl this address drove me to 403 forbidden by nginx rules. If I comment `deny all;` — all works perfect, but this is insecure. I don't understand what I'm doing wrong.
 
@conformist

There are two matters that you have to distinguish:

1 - a potential issue with your location block and the allow/deny directives, (and)
2 - the server block setup, especially the hidden part (see "..."),

and the hidden part makes it actually quite difficult to come to a solid conclusion.

However, given the odd result associated with the deny directive AND the nature of behaviour of Nginx, I am pretty sure that I can safely assume the following:

- you should not omit the root directive: you can place it in the location directive
- you are placing the redmine config in a domain that has been created with Plesk: this is not always the best solution!

In essence, there are two solutions:

A - Apply additional Nginx directives via Plesk Panel

Go to "Domains > [domain] (select) > Apache & nginx Settings (click) > Additional nginx directives", add the root to the location directive and place the entire location directive (without any server block directive) in the textbox and click "OK" to save and test the Nginx config.

This solution should work, but it is not optimal.

B - Custom setup (recommended)

Open a SSH terminal and go to /etc/nginx/conf.d and a file with the name redmine.conf and contents:

server {
...

# Setup redmine public page
root /var/www/redmine/public;

# closing webogram from external queries
location /plugin_assets/redmine_telegram_common/webogram {
allow 127.0.0.1;
deny all;
}
}

and make sure that the server name declared in this directive is identical to the server name declared in the normal Nginx conf for the domain created with Plesk.

Nginx will now match requests for the redmine application with the directives in redmine.conf, while all other functionality of Plesk is handled in the default way.

This method allows you to have a better control over redmine, reduce conflicts (between redmine and standard Nginx config for Plesk), while still being able to serve some standard tasks/requests/applications via Plesk and the associated default Nginx config.

One of the many reasons why this is the better approach, can be made clear with a small example: in the case of repairing a config issue with a standard Plesk tool and/or an update that affects default config structure, there is the chance that your config will be overwritten. The custom setup will never be overwritten, unless you will explicitly remove packages with a package installer and a "purge" flag.

This (second) method should work, but I have not tested it.


In summary, just try option B and let me know what happens!

Regards.........

PS Even the (second) method is working directly, you should still be aware of the fact that you would have to do some tweaking to get an optimal Nginx config for redmine.
 
Additional nginx directives in Plesk panel is the wrong place for this.
Just use the folder /etc/nginx/conf.d and place a complete nginx config file there for a site.
I have several of those and they are outside the scope of Plesk.

I know this was mentioned as an alternative by Trialotto, but I think it's the only way.
 
Thanks for the quick reply! I investigated nginx conf's and what I'm find out:
in all server directives in /etc/nginx/plesk.conf.d/vhosts/redmine.domain.tld.conf last line is: include "/var/www/vhosts/system/redmine.domain.tld/conf/vhost_nginx.conf"; and this file (vhost_nginx.conf) is writed by plesk Additional nginx directives. So, root dir is right in all directives and I just include another location /plugin_assets/redmine_telegram_common/webogram and this has effect, deny all works, but it doesn't allow anything.
 
OK, problem solved. My Firefox used cached version of required page and in incognito mode nginx denied correctly. After restart redmine plugin also reached target location. Thank you, guys, you are awesome :)
 
You must log in or register to reply here.

Similar threads

P
Resolved "502 Bad Gateway" with nginx reverse proxy for openhab cloud
Replies
10
Views
3K
Maarten.
M
E
Resolved NGinx deny rules and Firewall (iptables?)
Replies
4
Views
1K
epertinez
E
B
Question Can not add nginx custom directive
Replies
1
Views
788
mow
M
D
Input How to run Magento 2 on Plesk Obsidian 18 without Docker
Replies
6
Views
3K
WebHostingAce
WebHostingAce
T
Issue Host settings and htaccess behavior in nginx proxy mode
Replies
3
Views
2K
Peter Debik
P
Back
Top