13

This was a dev site. Pushed to live environment was working as of my backup this morning.

System

  1. Ubuntu 18.04

  2. Nginx

  3. PHP 7.2

  4. MYSQL

Was working on removing TLSv1 form Certificate path. Removed it and tested worked fine. Was working with a plugin to re-apply API so it would call back on the correct url. Now I am just getting default Nginx page. I have restored from backup onto a new server and site is running. I am in the process of doing triage and can't seem to figure out what the hell happened.

Here are the error logs for NGINX:

2018/07/13 19:37:01 [error] 4593#4593: *206 open() "/usr/share/nginx/html/wp-admin/admin-ajax.php" failed (2: No such file or directory), client: 65.152.214.10, server: , request: "POST /wp-admin/admin-ajax.php HTTP/1.1", host: "smokingquartz.com", referrer: "https://smokingquartz.com/wp-admin/plugins.php"
2018/07/13 19:39:01 [error] 4593#4593: *211 open() "/usr/share/nginx/html/wp-admin/admin-ajax.php" failed (2: No such file or directory), client: 65.152.214.10, server: , request: "POST /wp-admin/admin-ajax.php HTTP/1.1", host: "smokingquartz.com", referrer: "https://smokingquartz.com/wp-admin/plugins.php"
2018/07/13 19:41:02 [error] 4593#4593: *213 open() "/usr/share/nginx/html/wp-admin/admin-ajax.php" failed (2: No such file or directory), client: 65.152.214.10, server: , request: "POST /wp-admin/admin-ajax.php HTTP/1.1", host: "smokingquartz.com", referrer: "https://smokingquartz.com/wp-admin/plugins.php"
2018/07/13 19:43:03 [error] 4593#4593: *215 open() "/usr/share/nginx/html/wp-admin/admin-ajax.php" failed (2: No such file or directory), client: 65.152.214.10, server: , request: "POST /wp-admin/admin-ajax.php HTTP/1.1", host: "smokingquartz.com", referrer: "https://smokingquartz.com/wp-admin/plugins.php"
2018/07/13 19:44:09 [error] 4593#4593: *218 open() "/usr/share/nginx/html/phpmyadmin/index.php" failed (2: No such file or directory), client: 96.88.66.233, server: , request: "POST /phpmyadmin/index.php HTTP/1.1", host: "smokingquartz.com"
2018/07/13 19:45:03 [error] 4593#4593: *220 open() "/usr/share/nginx/html/wp-admin/admin-ajax.php" failed (2: No such file or directory), client: 65.152.214.10, server: , request: "POST /wp-admin/admin-ajax.php HTTP/1.1", host: "smokingquartz.com", referrer: "https://smokingquartz.com/wp-admin/plugins.php"
2018/07/13 19:47:03 [error] 4593#4593: *222 open() "/usr/share/nginx/html/wp-admin/admin-ajax.php" failed (2: No such file or directory), client: 65.152.214.10, server: , request: "POST /wp-admin/admin-ajax.php HTTP/1.1", host: "smokingquartz.com", referrer: "https://smokingquartz.com/wp-admin/plugins.php"

It appears that my root folder has been changed to /usr/share/nginx/html. This is not what is configured in my sites available/enabled.

sites-available:

server {
## Basic Info ##
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name smokingquartz.com www.smokingquartz.com;
    index index.php index.html index.htm index.nginx-debian.html;
    root /var/www/html/smokingquartz/;

## WP Defender - Prevent PHP Execution ##
    # Stop php access except to needed files in wp-includes
    location ~* ^/wp-includes/.*(?<!(js/tinymce/wp-tinymce))\.php$ {
        internal; #internal allows ms-files.php rewrite in multisite to work
    }

    # Specifically locks down upload directories in case full wp-content rule below is skipped
    location ~* /(?:uploads|files)/.*\.php$ {
        deny all;
        }

    # Deny direct access to .php files in the /wp-content/ directory (including sub-folders).
    #  Note this can break some poorly coded plugins/themes, replace the plugin or remove this block if it causes trouble
    location ~* ^/wp-content/.*\.php$ {
        deny all;
    }            
## WP Defender - End ##

## Rewrite for sitemap ##
    rewrite ^/(.*/)?sitemap.xml /wp-content/uploads/sitemap.xml last;

## exact-matching loctation blocks ##
    location = /favicon.ico { log_not_found off; access_log off; }
    location = /robots.txt { log_not_found off; access_log off; allow all; }
    location ~* \.(txt|xml|js)$ {expires 8d;}
    location ~* \.(css)$ {expires 8d;}
    location ~* \.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|svg)$ {expires 8d;}
    location ~* \.(jpg|jpeg|png|gif|swf|webp)$ {expires 8d;}
    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        #try_files $uri $uri/ =404;
        try_files $uri $uri/ /index.php$is_args$args;
    }

## pass PHP scripts to FastCGI server ##
    location ~ \.php$ {
        include snippets/fastcgi-php.conf;

        # With php-fpm (or other unix sockets):
        fastcgi_pass unix:/run/php/php7.2-fpm.sock;
        # With php-cgi (or other tcp sockets):
        #fastcgi_pass 127.0.0.1:9000;
    }

## deny access to .htaccess files, if Apache's document root ##
## concurs with nginx's one ##
    location ~ /\.ht {
        deny all;
    }
## GZIP ##  
    gzip on;
        gzip_comp_level    5;
        gzip_min_length    256;
        gzip_proxied       any;
        gzip_vary          on;

    gzip_types
        application/atom+xml
        application/javascript
        application/json
        application/ld+json
        application/manifest+json
        application/rss+xml
        application/vnd.geo+json
        application/vnd.ms-fontobject
        application/x-font-ttf
        application/x-web-app-manifest+json
        application/xhtml+xml
        application/xml
        font/opentype
        image/bmp
        image/svg+xml
        image/x-icon
        text/cache-manifest
        text/css
        text/plain
        text/vcard
        text/vnd.rim.location.xloc
        text/vtt
        text/x-component
        text/x-cross-domain-policy;
        # text/html is always compressed by gzip module}server{
listen [::]:443 ssl ipv6only=on ; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/smokingquartz.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/smokingquartz.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot}

I have compared this to the backups files and they are the same.

Here is NGINX.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
worker_connections 768;
# multi_accept on;
}

http {
client_max_body_size 32M;
##
# Basic Settings
##

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;

server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

##
# SSL Settings
##

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;

##
# Logging Settings
##

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Humming Bird Cache
##


server{

rewrite ^/(.*/)?sitemap.xml /wp-content/uploads/sitemap.xml last;

location ~* \.(txt|xml|js)$ {
   expires 8d;
}

location ~* \.(css)$ {
    expires 8d;
}

location ~* \.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|svg)$ {
    expires 10d;
}

location ~* \.(jpg|jpeg|png|gif|swf|webp)$ {
    expires 8d;
}
}
##
# Gzip Settings
##

# Enable Gzip compression
gzip          on;

# Compression level (1-9)
gzip_comp_level     5;

# Don't compress anything under 256 bytes
gzip_min_length     256;

# Compress output of these MIME-types
gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/x-font-opentype
application/x-font-truetype
application/x-javascript
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/eot
font/opentype
font/otf
image/svg+xml
image/x-icon
image/vnd.microsoft.icon
text/css
text/plain
text/javascript
text/x-component;

# Disable gzip for bad browsers
gzip_disable  "MSIE [1-6]\.(?!.*SV1)";

# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

##
# Virtual Host Configs
##

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}

IF you need anything else let me know this issues has got me stumped.

****Edit Corrected Typos: "Nginix" to Nginx****

Tim
  • 30,383
  • 6
  • 47
  • 77
William Ford
  • 131
  • 1
  • 1
  • 6
  • This is resolved. – William Ford Jul 13 '18 at 21:52
  • I ended up deleting the index.html in the directory /usr//share/nginx/html/. – William Ford Jul 13 '18 at 22:02
  • 1
    Please put the solution as an answer, and then 24 hours later accept the answer. – Tim Jul 14 '18 at 01:28
  • Actually deleting the index.html file there is not the solution. That file will probably be recreated when Nginx is updated/upgraded. You are listing sites-available instead of enabled. Did you check you didn't leave *default* virtualhost with the document root in /user/share/nginx/html enabled? – Leo Jul 14 '18 at 04:32
  • This is the only site enabled. /sites-enabled/smokingquartz It is symlinked to the same one in /sites-available/. The default site was deleted on install. – William Ford Jul 14 '18 at 17:31

4 Answers4

13

In Nginx if there is no matching location for a uri then it usually defaults to looking in /usr/share/nginx/html/ (likewise with OpenResty /usr/openresty/nginx/html/). So it would seem that it's not matching one of your URIs and falling back to the default location.

The simplest way to find out the default location is to run (as commented by @Snidhi the -V option now supersedes the -h option for this purpose):

nginx -V

The default location may be found by taking the path shown in response at --prefix and appending 'html' to it.

You can see this behaviour if you just create a minimal nginx.conf file without any location entries and run it with debug mode on:

# Put in file /tmp/nginx-test.conf
error_log /dev/stderr debug;
daemon off;

events {
    worker_connections 1024;
}
http {
    server {
        listen 8080;
    }
}

Then run the server:

sudo nginx  -c /tmp/nginx-test.conf

And you'll see that all requests (e.g. in another window:)

curl http://127.0.0.1:8080/test

attempt to open() files from /usr/share/nginx/html/

Pierz
  • 553
  • 6
  • 9
  • 4
    For future readers of this thread: To find the default prefix, $ nginx -V (& look for the value for --prefix. It would show something like /usr/share/nginx/html/). – Snidhi Sofpro Sep 18 '20 at 17:30
1

You have two distinct server blocks there. One serves your WordPress web site on HTTP. The other was created by certbot and serves nothing on HTTPS. You can add the relevant configuration to the second server block, or combine them, to solve the immediate problem.

Unfortunately certbot is not very good at writing web server configurations, and I always recommend people put together the nginx configurations themselves and run certbot in certonly webroot mode. I've posted a sample configuration in another answer on this site, which you may find useful.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
-1

You should disable the default site that comes preconfigured in sites-enabled:

/etc/nginx/sites-enabled/default

On your question, you are listing sites-available, not enabled.

Unless you used the same default file and overwrote the parameters for your own virtualhost you should simply remove the symlink from sites-enabled:

sudo rm /etc/nginx/sites-enabled/default

And reload nginx:

sudo systemctl reload nginx
Leo
  • 1,833
  • 8
  • 17
  • /etc/nginx/sites-enabled/default was already disabled at install. The only enabled site is /etc/nginx/sites-enabled/smokingquartz – William Ford Jul 14 '18 at 17:18
  • If nginx is serving content from ```/usr/share/nginx/html/``` then the documentroot for something is pointing there. Try the follwoing: ```sudo grep -R root /etc/nginx/*``` to see if you find the file responsible. – Leo Jul 15 '18 at 22:30
-1

i found soultions

after delete default or disable, is still root diferently, so you need also delete, or update the file

/etc/nginx/conf.d/default

and change root, or #### the lines of server.

CHeers

Kamil Dąbrowski
  • 99
  • 2