Hello, I have been struggling to find a solution to this and could uses some help please. I created a webserver using wordpress and added phpmyadmin. I am able to login to phpmyadmin and created a symbolic link however, it redirects me to the main page. This is a website that I made to try and learn about web development. (If you see anything else wrong with the config file, please point it out.)
The address bar displays: https://example.com/?token=a token is here.
The address I need to access is https://example.com/newsymboliclink or
https://example.com/newsymboliclink/?token=a token is here. or
https://example.com/newsymboliclink/index.php?token=a token is here.
(Im not sure which one is the best one to use).
Ive been trying to due try_files and returns but can figure that out. Hoping someone can help.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
The nginx configuration is:
# HTTP SERVER
server {
listen 80;
server_name example.com www.example.com;
return 301 https://$host$request;
}
server {
listen 443 ssl http2;
server_name example.com www.example.com;
root /var/www/example.com/html;
index index.php;
access_log /var/log/nginx/example.com.access.log;
error_log /var/log/nginx/example.com.error.log;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# enable session resumption to improve https performance
# http://vincent.bernat.im/en/blog/2011-ssl-session-reuse-rfc5077.html
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# enables server-side protection from BEAST attacks
# http://blog.ivanristic.com/2013/09/is-beast-still-a-threat.html
ssl_prefer_server_ciphers on;
# disable SSLv3(enabled by default since nginx 0.8.19) since it's less secure then $
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ciphers chosen for forward secrecy and compatibility
# http://blog.ivanristic.com/2013/08/configuring-apache-nginx-and-openssl-for-forwar$
ssl_ciphers 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESG$
# config to enable HSTS(HTTP Strict Transport Security) https://developer.mozilla.or$
# to avoid ssl stripping https://en.wikipedia.org/wiki/SSL_stripping#SSL_stripping
# also https://hstspreload.org/
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as$
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
# WORDPRESS PERMALINKS
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.0-fpm-giga.sock;
}
# HTACCESS DENY ALL RULE
location ~/\.ht {
deny all;
}
}
The address bar displays: https://example.com/?token=a token is here.
The address I need to access is https://example.com/newsymboliclink or
https://example.com/newsymboliclink/?token=a token is here. or
https://example.com/newsymboliclink/index.php?token=a token is here.
(Im not sure which one is the best one to use).
Ive been trying to due try_files and returns but can figure that out. Hoping someone can help.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
The nginx configuration is:
# HTTP SERVER
server {
listen 80;
server_name example.com www.example.com;
return 301 https://$host$request;
}
server {
listen 443 ssl http2;
server_name example.com www.example.com;
root /var/www/example.com/html;
index index.php;
access_log /var/log/nginx/example.com.access.log;
error_log /var/log/nginx/example.com.error.log;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# enable session resumption to improve https performance
# http://vincent.bernat.im/en/blog/2011-ssl-session-reuse-rfc5077.html
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# enables server-side protection from BEAST attacks
# http://blog.ivanristic.com/2013/09/is-beast-still-a-threat.html
ssl_prefer_server_ciphers on;
# disable SSLv3(enabled by default since nginx 0.8.19) since it's less secure then $
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ciphers chosen for forward secrecy and compatibility
# http://blog.ivanristic.com/2013/08/configuring-apache-nginx-and-openssl-for-forwar$
ssl_ciphers 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESG$
# config to enable HSTS(HTTP Strict Transport Security) https://developer.mozilla.or$
# to avoid ssl stripping https://en.wikipedia.org/wiki/SSL_stripping#SSL_stripping
# also https://hstspreload.org/
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as$
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
# WORDPRESS PERMALINKS
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.0-fpm-giga.sock;
}
# HTACCESS DENY ALL RULE
location ~/\.ht {
deny all;
}
}