Home / server / Questions / 748634
In Process
ffxsam
Asked: 2016-01-13 14:21:01 +0800 CST

How to alias directories in nginx?

  • 772

I for the life of me cannot figure out how to make aliases for locations.

Basically, I have /var/www on my server, which could contain any number of folders (for different applications). One of those is ViMbAdmin, located in /var/www/vimbadmin, and the actual web files that should be served to the client are in /var/www/vimbadmin/public. Here's what I have so far, which is failing:

server {
    listen      80;
    server_name myserver.com;
    root        /var/www;

    index index.php;

    # Logs
    access_log  /var/log/nginx/vimbadmin.access.log;
    error_log   /var/log/nginx/vimbadmin.error.log;

    location /vimbadmin/public {
        try_files $uri $uri/ /index.php?$args;
    }

    location /mail2admin {
      alias /vimbadmin/public;
    }

    # Pass the PHP scripts to FastCGI server
    location ~ \.php$ {
        # Prevent Zero-day exploit
        try_files $uri =404;

        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini

        fastcgi_pass    unix:/var/run/php5-fpm.sock;
        fastcgi_index   index.php;
        fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include         fastcgi_params;
    }
}

My goal is to set it up so that hackers can't just try to go to http://myserver.com/vimbadmin, so the actual URL will be http://myserver.com/mail2admin. What am I doing wrong? I'm really confused about the relationships between root, location, and alias.

nginx

2 Answers

  1. The location directive matches against the uri in the request. The root directive and alias directives are both used to indicate where in the filesystem to serve resources from, the difference being that when using root, the entire URI is still appended to the root; whereas when using alias, the location part is dropped. See the answer to https://stackoverflow.com/questions/10631933/nginx-static-file-serving-confusion-with-root-alias

    So in your case, what you want probably looks like:

    server {

    listen      80;
    server_name myserver.com;
    root        /var/www;

    index index.php;

    ...

    location /vimbadmin/ {
       return 404;
    }

    location /mail2admin/ {
      alias /var/www/vimbadmin/public;
      try_files $uri $uri/ /index.php?$args;
    }

    ...
}

    This prevents anyone from going to myserver.com/vimbadmin/, but if they go to myserver.com/mail2admin/, nginx maps to /var/www/vimbadmin/public (if you used root /var/www/vimbadmin/public, nginx would be trying to serve the files from /var/www/vimbadmin/public/mail2admin, which is not what you want).

    Generally speaking however trivial url obfuscation like this should not be considered any kind of defence against hackers. If you want to keep this admin panel safe you should rely on authentication of some kind, and potentially lock it down so it only allows access from approved IPs if that's viable for you. The application itself might offer some user authentication, and you can always add basic http auth. SSL would also be recommended (self-signed if it's something you're only using yourself, or now easy to do for free with LetsEncrypt.org if you want it to be trusted by other people's browsers in the general case).

    • 12

  2. This should do it:

    location ~ ^/foo/.* {
            root /path/to/foo;
}
    • 0