1

So I am trying to install a fresh drupal 6 site on nginx. I have successfully setup the conf files and db. When I try to access mysite.com so that I can follow the step by step installation guide, it properly redirects to mysite.com/install.php but returns a 403 forbidden error.

On my conf file, I tried to add my IP on the list of allowed IPs:

location = /install.php {
    allow 127.0.0.1;
    allow my_ip_address;
    deny all;
}

But then, when I try accessing mysite.com/install.php, the browser downloads the file instead of running it. What should I do?

I could use drush to install a fresh site, but I wanted to use drupal's install.php file instead (to show a friend how it is done).

Thank you.


server {
    server_name www.mysite.com;
    return 301 $scheme://mysite.com$request_uri;

} # server domain return.

server {
    server_name mysite.com;
    root /var/www/mysite.com;

    index index.html index.htm index.php;

    access_log /var/log/nginx/mysite.access.log;
    error_log /var/log/nginx/mysite.error.log;

    location = /favicon.ico {
            log_not_found off;
            access_log off;
    }

    location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
    }

    # For drush
    location = /backup {
            deny all;
    }

    # Prevent user from accessing settings.php directly
    location ~ ^/sites/[^/]+/settings.php$ {
            deny all;
    }

    ## Replicate the Apache <FilesMatch> directive of Drupal standard
    ## .htaccess. Disable access to any code files. Return a 404 to curtail
    ## information disclosure. Hide also the text files.
    location ~* ^(?:.+\.(?:htaccess|make|txt|log|engine|inc|info|install|module|profile|po|sh|.*sql|theme|tpl(?:\.php)?|xtmpl)|code-style\.pl|/Entries.*|/Repository|/Root|/Tag|/Template)$ {
            return 404;
    }

    location ~ \..*/.*\.php$ {
            return 403;
    }

    location / {
            # This is cool because no php is touched for static content
            try_files $uri @rewrite;
    }

    location @rewrite {
            # Some modules enforce no slash (/) at the end of the URL
            # Else this rewrite block wouldn't be needed (GlobalRedirect)
            #rewrite ^/(.*)$ /index.php?q=$1&$args;
            rewrite ^ /index.php last;
    }

    # Use an SSH tunnel to access those pages. They shouldn't be visible to
    # external peeping eyes.
    location = /install.php {
            allow 127.0.0.1;
            deny all;
    }

    location = /update.php {
            allow 127.0.0.1;
            deny all;
    }

    location ~ \.php$ {
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_intercept_errors on;
            #fastcgi_pass unix:/var/run/php5-cgi/php5.sock;
fastcgi_pass unix:/var/run/php5-fpm.sock;
    }

    ## Drupal 7 generated image handling, i.e., imagecache in core. See:
    ## https://drupal.org/node/371374
    location ~* /sites/.*/files/styles/ {
            access_log off;
            expires 30d;
            try_files $uri @rewrite;
    }

    # Fighting with ImageCache? This little gem is amazing.
    location ~ ^/sites/.*/files/imagecache/ {
            try_files $uri @rewrite;
    }

    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
            expires max;
            log_not_found off;
    }
}
Bibokid
  • 195
  • 2
  • 6

1 Answers1

2

Your explicit location = /install.php overrides any other location directives. Except in rare circumstances nginx only matches a request to a single location.

Thus, your request gets matched to location = /install.php. But, this doesn't contain any of the directives to send the request to php-fpm, so it's handled as a static file and sent to the browser.

There's little point in having this location at all. You're meant to delete the install.php file after doing the installation or upgrade anyway. So I would just remove those locations completely.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940