0

I have a problem where my laravel project is accessed by my static IP on Azure but not from the domain that I linked it with:

I use nginx and ufw

This is the error.log for my Nginx:

nginx configuration server { listen 80; listen [::]:80; server_name domain; root /var/www/app/public; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff"; index index.php; charset utf-8; location / { try_files $uri /index.php?$query_string; } location = /favicon.ico { access_log off; log_not_found off; } location = /robots.txt { access_log off; log_not_found off; } error_page 404 /index.php; location ~ \.php$ { fastcgi_pass unix:/var/run/php/php8.1-fpm.sock; fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; include fastcgi_params; } location ~ /\.(?!well-known).* { deny all; } }

What should I do? what rule should I add?

2022/05/19 11:25:42 [error] 586486#586486: *1562 access forbidden by rule, client: 51.79.29.48, server: domain, request: "GET /.env HTTP/1.1", host: "ip" 2022/05/19 11:32:22 [error] 586486#586486: *1563 access forbidden by rule, client: 69.162.243.124, server: domain, request: "GET /.env HTTP/1.1", host: "ip" 2022/05/19 11:45:07 [error] 586486#586486: *1604 access forbidden by rule, client: 185.254.196.223, server: domain, request: "GET /.env HTTP/1.1", host: "ip" 2022/05/19 12:38:43 [notice] 600838#600838: signal process started``` To Action From -- ------ ---- 22/tcp (OpenSSH) ALLOW IN Anywhere 80/tcp (Nginx HTTP) ALLOW IN Anywhere 80 ALLOW IN Anywhere 443 ALLOW IN Anywhere 22/tcp (OpenSSH (v6)) ALLOW IN Anywhere (v6) 80/tcp (Nginx HTTP (v6)) ALLOW IN Anywhere (v6) 80 (v6) ALLOW IN Anywhere (v6) 443 (v6) ALLOW IN Anywhere (v6)
Improve this question
8
  • This isn't related to firewall, looks like some location denying access to hidden files, e.g. location /. { deny all; } Commented May 30, 2022 at 12:25
  • @IvanShatsky I removed it and restarted nginx and still the same problem Commented May 31, 2022 at 8:00
  • Please provide your nginx configuration. We can't guess. Commented Jun 1, 2022 at 8:49
  • @GeraldSchneider done Commented Jun 1, 2022 at 9:02
  • I just noticed: The log entries only mention /.env. Are you sure you want to make your .env file publicly available? This seems like a pretty good precaution to prevent leaks of your configuration. Commented Jun 1, 2022 at 9:20

1 Answer 1

Reset to default
1

You should add all the index files in your configuration,

sudo nano etc/nginx/sites-enabled index index.php index.html index.hml;

And the configuration should be like this:

server { listen 80; server_name server_domain_or_IP; root /var/www/app/public; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff"; index index.html index.htm index.php; charset utf-8; location / { try_files $uri $uri/ /index.php?$query_string; } location = /favicon.ico { access_log off; log_not_found off; } location = /robots.txt { access_log off; log_not_found off; } error_page 404 /index.php; location ~ \.php$ { fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; include fastcgi_params; } location ~ /\.(?!well-known).* { deny all; } }

To confirm that your configuration doesn’t contain any syntax errors, use

sudo nginx -t

Note: If you are maintaining a firewall from your console then don't use ufw to allow port.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.