I cant use my flarum website after updating Hestiacp to 1.7.0

Flarum NGİNX configuration is wrong. İt is broken after upgrade to 1.7.0 release of HestiaCP.

This is my configuration for Flarum website before update HestiaCP

server {
    listen      XXX.XX.XX.XX:443 ssl http2;
    server_name domain.com;
    root        /home/user/web/domain.com/public_html/public/;
    index       index.php index.html index.htm;
    access_log  /var/log/nginx/domains/domain.com.log combined;
    access_log  /var/log/nginx/domains/domain.com.bytes bytes;
    error_log   /var/log/nginx/domains/domain.com.error.log error;

    ssl_certificate      /home/user/conf/web/domain.com/ssl/domain.com.pem;
    ssl_certificate_key  /home/user/conf/web/domain.com/ssl/domain.com.key;
    ssl_stapling on;
    ssl_stapling_verify on;

    include /home/user/conf/web/domain.com/nginx.hsts.conf*;


    location / {

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP       $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass_request_headers on;

	try_files $uri $uri/ /index.php?$query_string;


        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
            expires     max;
            fastcgi_hide_header "Set-Cookie";
        }

        location ~ [^/]\.php(/|$) {
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            if (!-f $document_root$fastcgi_script_name) {
                return  404;
            }

            fastcgi_pass    unix:/run/php/php7.4-fpm-domain.com.sock;
            fastcgi_index   index.php;
            include         /etc/nginx/fastcgi_params;
        }

    }

#for wordpress (subfolder installation)
    location ^~ /vitrin {
        root        /home/user/web/domain.com/public_html;
        index index.php index.html index.htm;
        try_files $uri $uri/ /vitrin/index.php?$query_string;

        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
            expires     max;
            fastcgi_hide_header "Set-Cookie";
        }

        location ~ [^/]\.php(/|$) {
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            if (!-f $document_root$fastcgi_script_name) {
                return  404;
            }

            fastcgi_pass    unix:/run/php/php7.4-fpm-domain.com.sock;
            fastcgi_index   index.php;
            include         /etc/nginx/fastcgi_params;
        }
     }

    location /error/ {
        alias   /home/user/web/domain.com/document_errors/;
    }

    location ~* "/\.(htaccess|htpasswd)$" {
        deny    all;
        return  404;
    }

    location /vstats/ {
        alias   /home/user/web/domain.com/stats/;
        include /home/user/web/domain.com/stats/auth.conf*;
    }

    include     /etc/nginx/conf.d/phpmyadmin.inc*;
    include     /etc/nginx/conf.d/phppgadmin.inc*;
    include     /home/user/conf/web/domain.com/nginx.ssl.conf_*;
}

currently I can not use last default configuration for flarum of HestiaCP. I get too many redirections.

Also my ssl cert files removed after updating HestiaCP. Then O get Nginx restart failed error.
I solved this error by disable SSL click button web panel and change default nginx conf to no-php. I get ssl certicate by this way. after that I selected flarum nginx configuration but I get error " too many redirections"

server {
	listen      XXX.XX.XX.XX:443 ssl http2;
	server_name domain.com www.domain.com;
	root        /home/user/web/domain.com/public_html;
	index       index.php index.html index.htm;
	access_log  /var/log/nginx/domains/domain.com.log combined;
	access_log  /var/log/nginx/domains/domain.com.bytes bytes;
	error_log   /var/log/nginx/domains/domain.com.error.log error;


	include /home/user/conf/web/domain.com/nginx.forcessl.conf*;

	# Pass requests that don't refer directly to files in the filesystem to index.php
	location / {
	  try_files $uri $uri/ /index.php?$query_string;
	}

	location ~ \.php$ {
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
		try_files $uri =404;
		fastcgi_pass unix:/run/php/php8.2-fpm-domain.com.sock;
		fastcgi_index index.php;
		include /etc/nginx/fastcgi_params;
		include /home/user/conf/web/domain.com/nginx.fastcgi_cache.conf*;
	}

	#Uncomment the following lines if you are not using a `public` directory
	#to prevent sensitive resources from being exposed.
	location ~* ^/(\.git|composer\.(json|lock)|auth\.json|config\.php|flarum|storage|vendor) {
	   deny all;
	   return 404;
	}

	# The following directives are based on best practices from H5BP Nginx Server Configs
	# https://github.com/h5bp/server-configs-nginx

	# Expire rules for static content
	location ~* \.(?:manifest|appcache|html?|xml|json)$ {
	  add_header Cache-Control "max-age=0";
	}

	location ~* \.(?:rss|atom)$ {
	  add_header Cache-Control "max-age=3600";
	}

	location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|mp4|ogg|ogv|webm|htc)$ {
	  add_header Cache-Control "max-age=2592000";
	  access_log off;
	}

	location ~* \.(?:css|js)$ {
	  add_header Cache-Control "max-age=31536000";
	  access_log off;
	}

	location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ {
	  add_header Cache-Control "max-age=2592000";
	  access_log off;
	}

	# Gzip compression
	gzip on;
	gzip_comp_level 5;
	gzip_min_length 256;
	gzip_proxied any;
	gzip_vary on;
	gzip_types
		application/atom+xml
		application/javascript
		application/json
		application/ld+json
		application/manifest+json
		application/rss+xml
		application/vnd.geo+json
		application/vnd.ms-fontobject
		application/x-font-ttf
		application/x-web-app-manifest+json
		application/xhtml+xml
		application/xml
		font/opentype
		image/bmp
		image/svg+xml
		image/x-icon
		text/cache-manifest
		text/css
		text/javascript
		text/plain
		text/vcard
		text/vnd.rim.location.xloc
		text/vtt
		text/x-component
		text/x-cross-domain-policy;

	location /error/ {
		alias   /home/user/web/domain.com/document_errors/;
	}

	location /vstats/ {
		alias   /home/user/web/domain.com/stats/;
		include /home/user/web/domain.com/stats/auth.conf*;
	}

	include     /etc/nginx/conf.d/phpmyadmin.inc*;
	include     /etc/nginx/conf.d/phppgadmin.inc*;
	include     /home/user/conf/web/domain.com/nginx.conf_*;
}

I solved my problem by editing wordpress tpl.

This works with flarum that is work on public folder. Also I use subfolder wordpress installation.

server {
    listen      XXX.XX:XX.XX:443 ssl http2;
    server_name domain.com www.domain.com;
    root        /home/user/web/domain.com/public_html/public;
    index       index.php index.html index.htm;
    access_log  /var/log/nginx/domains/domain.com.log combined;
    access_log  /var/log/nginx/domains/domain.com.bytes bytes;
    error_log   /var/log/nginx/domains/domain.com.error.log error;

    ssl_certificate      /home/user/conf/web/domain.com/ssl/domain.com.pem;
    ssl_certificate_key  /home/user/conf/web/domain.com/ssl/domain.com.key;
    ssl_stapling on;
    ssl_stapling_verify on;

    include /home/user/conf/web/domain.com/nginx.hsts.conf*;

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location ~ /\.(?!well-known\/) {
        deny all;
        return 404;
    }

    location / {
        try_files $uri $uri/ /index.php?$args;
        location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|webp|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
            expires 30d;
            fastcgi_hide_header "Set-Cookie";
        }

        location ~* /(?:uploads|files)/.*.php$ {
            deny all;
            return 404;
        }

        location ~ [^/]\.php(/|$) {
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            try_files $uri =404;
            fastcgi_pass unix:/run/php/php8.2-fpm-domain.com.sock;
            fastcgi_index index.php;
            include /etc/nginx/fastcgi_params;
            include /home/user/conf/web/domain.com/nginx.fastcgi_cache.conf*;
            if ($request_uri ~* "/wp-admin/|/wp-json/|wp-.*.php|xmlrpc.php|index.php|/store.*|/cart.*|/my-account.*|/checkout.*") {
                set $no_cache 1;
            }
            if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart|woocommerce_cart_hash|PHPSESSID") {
                set $no_cache 1;
            }
        }
    }


    location ^~ /vitrin {
        root        /home/user/web/domain.com/public_html;
        index index.php index.html index.htm;
        try_files $uri $uri/ /vitrin/index.php?$query_string;

        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
            expires     max;
            fastcgi_hide_header "Set-Cookie";
        }

        location ~ [^/]\.php(/|$) {
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            try_files $uri =404;
            fastcgi_pass unix:/run/php/php8.2-fpm-domain.com.sock;
            fastcgi_index index.php;
            include /etc/nginx/fastcgi_params;
            include /home/user/conf/web/domain.com/nginx.fastcgi_cache.conf*;
            if ($request_uri ~* "/wp-admin/|/wp-json/|wp-.*.php|xmlrpc.php|index.php|/store.*|/cart.*|/my-account.*|/checkout.*") {
                set $no_cache 1;
            }
            if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart|woocommerce_cart_hash|PHPSESSID") {
                set $no_cache 1;
            }
        }
     }


    location /error/ {
        alias   /home/user/web/domain.com/document_errors/;
    }

    location /vstats/ {
        alias   /home/user/web/domain.com/stats/;
        include /home/user/web/domain.com/stats/auth.conf*;
    }

    proxy_hide_header Upgrade;

    include /etc/nginx/conf.d/phpmyadmin.inc*;
    include /etc/nginx/conf.d/phppgadmin.inc*;
    include /home/user/conf/web/domain.com/nginx.ssl.conf_*;
}

Don’t edit a existing template create a new one and select that one…

2 Likes

Yes I will create as flarum2 for me by using last conf.

Does anyone know what is supposed to be wrong with the official flarum template? with nginx only setups it doesn’t seem to work at all, I’d be happy to do the PR to fix it, but I can’t find the problem.

For context, when selecting the template, it fails “nginx restart failed”.

I have found the problem, it was related to SSL, with this, the issue disappears:

    ssl_certificate      %ssl_pem%;
    ssl_certificate_key  %ssl_key%;
    ssl_stapling on;
    ssl_stapling_verify on;

Is this line necessary?

	include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;

If someone confirms me that this change would be ok I will do the PR (hestiacp/install/deb/templates/web/nginx/php-fpm/flarum.stpl at main · hestiacp/hestiacp · GitHub) in the repo.