Shopware mit Nginx Einstellungen mit Froxlor

[Pro-Webs]

Hallo,

ich bin gerade dabei einen Shopware Shop v.5 unter nginx mit froxlor einzurichten.

Das ist jedoch relativ problematisch.

Aktuell habe ich im Froxlor folgende vHost Einstellung zur Domain:

location @php {
   fastcgi_pass unix:/run/php/php7.2-fpm.sock;
   fastcgi_read_timeout 1500;
}

location ~ ^/(engine|files|templates|media/(archive|banner|image|music|pdf|unknown|video))/ {
   rewrite ^/files/documents/.* /engine last;
   location ~ \.(jpe?g|png|gif|css|js)$ {
   expires 1M;
   }
}

location / {
   index index.html index.php shopware.php;
   rewrite shopware.dll /shopware.php;
   rewrite files/documents/.* /engine last;
   #rewrite images/ayww/(.*) /images/banner/$1 last;
   rewrite backend/media/(.*) /media/$1 last;

   if (!-e $request_filename){
      rewrite . /shopware.php last;
   }

   location ~ \.(jpe?g|png|gif|css|js)$ {
   rewrite backend/media/(.*) /media/$1 last;
   expires 1M;
   }
}

location ~ \.(tpl|yml|ini)$ {
   deny all;
}

location /install/ {
   location /install/assets {
   }
   if (!-e $request_filename){
      rewrite . /install/index.php last;
   }
}

location /update/ {
   location /update/assets {
   }
   location /update/templates {
   }
   if (!-e $request_filename){
      rewrite . /update/index.php last;
   }
}

location /recovery/install/ {
   location /recovery/install/assets {
   }
   if (!-e $request_filename){
      rewrite . /recovery/install/index.php last;
   }
}

location /recovery/update/ {
   location /recovery/update/assets {
   }
   if (!-e $request_filename){
      rewrite . /recovery/update/index.php last;
   }
}

location ~ ^/(logs|media/temp|bin|cache)/ {
   deny all;
}

location ~ \.php$ {
   try_files $uri =404;
   include /etc/nginx/fastcgi_params;
   fastcgi_pass 127.0.0.1:9000;
   fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
   fastcgi_param HTTPS $fastcgi_https;
   fastcgi_param HTTP_AUTHORIZATION $http_authorization;
}

Diese Einstellung führt zu einem 500 error.

Meine 35_froxlor_ssl_vhost_studio-ausruestung.de.conf sieht damit leider wie folgt aus:

# 35_froxlor_ssl_vhost_studio-ausruestung.de.conf
# Created 02.01.2020 14:30
# Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.

server {
	listen 91.250.82.51:443 ssl;
	server_name studio-ausruestung.de www.studio-ausruestung.de xn--studio-ausrstung-tzb.de *.xn--studio-ausrstung-tzb.de studioausruestung.de *.studioausruestung.de priolite-shop.com www.priolite-shop.com sirui-shop.de www.sirui-shop.de shooting-gutschein.de *.shooting-gutschein.de shooting-gutscheine.de *.shooting-gutscheine.de;
	
	ssl_protocols TLSv1 TLSv1.2;
	ssl_ciphers ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH;
	ssl_ecdh_curve secp384r1;
	ssl_prefer_server_ciphers on;
	ssl_certificate /etc/ssl/froxlor-custom/studio-ausruestung.de.crt;
	ssl_certificate_key /etc/ssl/froxlor-custom/studio-ausruestung.de.key;
	add_header Strict-Transport-Security "max-age=0";
	ssl_stapling on;
	ssl_stapling_verify on;
	ssl_trusted_certificate /etc/ssl/froxlor-custom/studio-ausruestung.de.crt;
	
	include /etc/apache2/conf-enabled/acme.conf;
	access_log /var/customers/logs/klimek-studio-ausruestung.de-access.log combined;
	error_log /var/customers/logs/klimek-studio-ausruestung.de-error.log error;
	root /var/customers/webs/klimek/studio-ausruestung.de/shopware/;
	
	location / {
		index index.php index.html index.htm;
		try_files $uri $uri/ @rewrites;
		index index.html index.php shopware.php;
		rewrite shopware.dll /shopware.php;
		rewrite files/documents/.* /engine last;
		#rewrite images/ayww/(.*) /images/banner/$1 last;
		rewrite backend/media/(.*) /media/$1 last;
		if (!-e $request_filename){
			rewrite . /shopware.php last;
		}

		location ~ \.(jpe?g|png|gif|css|js)$ {
			rewrite backend/media/(.*) /media/$1 last;
			expires 1M;
		}

	}

	
	
	location @rewrites {
		rewrite ^ /index.php last;
	}

	
	location /webalizer {
		alias /var/customers/webs/klimek/webalizer/studio-ausruestung.de/;
		auth_basic "Restricted Area";
		auth_basic_user_file /etc/nginx/htpasswd/1-c3d3ffdab2b8342809d19524c21b98c1.htpasswd;
	}

	
	location ~ \.php {
		try_files /333c3697df6a41bcc37bccd05271f644.htm @php;
	}

	
	location @php {
		fastcgi_split_path_info ^(.+\.php)(/.+)$;
		include /etc/nginx/fastcgi_params;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
		fastcgi_param PATH_INFO $fastcgi_path_info;
		try_files $fastcgi_script_name =404;
		fastcgi_index index.php;
		fastcgi_param HTTPS on;
		fastcgi_pass unix:/run/php/php7.2-fpm.sock;
		fastcgi_read_timeout 1500;
	}

	location ~ ^/(engine|files|templates|media/(archive|banner|image|music|pdf|unknown|video))/ {
		rewrite ^/files/documents/.* /engine last;
		location ~ \.(jpe?g|png|gif|css|js)$ {
			expires 1M;
		}

	}

	location ~ \.(tpl|yml|ini)$ {
		deny all;
	}

	location /install/ {
		location /install/assets {
		}

		if (!-e $request_filename){
			rewrite . /install/index.php last;
		}

	}

	location /update/ {
		location /update/assets {
		}

		location /update/templates {
		}

		if (!-e $request_filename){
			rewrite . /update/index.php last;
		}

	}

	location /recovery/install/ {
		location /recovery/install/assets {
		}

		if (!-e $request_filename){
			rewrite . /recovery/install/index.php last;
		}

	}

	location /recovery/update/ {
		location /recovery/update/assets {
		}

		if (!-e $request_filename){
			rewrite . /recovery/update/index.php last;
		}

	}

	location ~ ^/(logs|media/temp|bin|cache)/ {
		deny all;
	}

}

Man bemerkt u.a. das einige Konfigurationen doppelt vorhanden sind, da floxlor diese auch selbst generiert. Das könnte natürlich schon die Ursache des Fehler sein. Ich weiß nur leider nicht, wie ich es "besser" lösen kann.

Die original .htaccess für den appache sieht folgende Konfiguration vor:

php_value memory_limit 1024M
php_value max_execution_time 600
php_value upload_max_filesize 20M
php_value post_max_size 20M


<IfModule mod_rewrite.c>
    RewriteEngine on

    #RewriteBase /shopware/

    # Https config for the backend
    #RewriteCond %{HTTPS} !=on
    #RewriteRule backend/(.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    RewriteRule shopware.dll shopware.php
    RewriteRule files/documents/.* engine [NC,L]
    RewriteRule backend/media/(.*) media/$1 [NC,L]
    RewriteRule custom/.*(config|menu|services|plugin)\.xml$ ./shopware.php?controller=Error&action=pageNotFoundError [NC,L]

    RewriteCond %{REQUEST_URI} !(\/(engine|files|templates|themes|web)\/)
    RewriteCond %{REQUEST_URI} !(\/media\/(archive|banner|image|music|pdf|unknown|video)\/)
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)$ shopware.php [PT,L,QSA]

    # Fix missing authorization-header on fast_cgi installations
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
</IfModule>

<IfModule mod_alias.c>
    # Restrict access to VCS directories
    RedirectMatch 404 /\\.(svn|git|hg|bzr|cvs)(/|$)

    # Restrict access to root folder files
    RedirectMatch 404 /(autoload\.php|composer\.(json|lock|phar)|README\.md|UPGRADE-(.*)\.md|CONTRIBUTING\.md|eula.*\.txt|\.gitignore|.*\.dist|\.env.*)$

    # Restrict access to shop configs files
    RedirectMatch 404 /(web\/cache\/(config_\d+\.json|all.less))$

    # Restrict access to theme configurations
    RedirectMatch 404 /themes/(.*)(.*\.lock|package\.json|\.gitignore|Gruntfile\.js|all\.less|node_modules\/.*)$
</IfModule>

# Staging environment
#SetEnvIf Host "staging.test.shopware.in" SHOPWARE_ENV=staging

# Development environment
#SetEnvIf Host "dev.shopware.in" SHOPWARE_ENV=dev
#SetEnv SHOPWARE_ENV dev

DirectoryIndex index.html
DirectoryIndex index.php
DirectoryIndex shopware.php

# Disables download of configuration
<Files ~ "\.(tpl|yml|ini)$">
    # Deny all requests from Apache 2.4+.
    <IfModule mod_authz_core.c>
          Require all denied
    </IfModule>

    # Deny all requests from Apache 2.0-2.2.
    <IfModule !mod_authz_core.c>
        Deny from all
    </IfModule>
</Files>

# Enable gzip compression
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/xml text/plain text/css text/javascript application/javascript application/json application/font-woff application/font-woff2 image/svg+xml
</IfModule>

<Files ~ "\.(jpe?g|png|gif|css|js|woff|woff2|ttf|svg|webp|eot|ico)$">
    <IfModule mod_expires.c>
        ExpiresActive on
        ExpiresDefault "access plus 1 month"
    </IfModule>

    <IfModule mod_headers.c>
        Header append Cache-Control "public"
        Header unset ETag
    </IfModule>

    FileETag None
</Files>

# Match generated files like:
# 1429684458_t22_s1.css
# 1429684458_t22_s1.js
<FilesMatch "([0-9]{10})_(.+)\.(js|css)$">
    <ifModule mod_headers.c>
        Header set Cache-Control "max-age=31536000, public"
    </ifModule>

    <IfModule mod_expires.c>
        ExpiresActive on
        ExpiresDefault "access plus 1 year"
    </IfModule>
</FilesMatch>

# Disables auto directory index
<IfModule mod_autoindex.c>
    Options -Indexes
</IfModule>

<IfModule mod_negotiation.c>
    Options -MultiViews
</IfModule>

<IfModule mod_php5.c>
#  php_value memory_limit 256M
#  php_value max_execution_time 120
#  php_value upload_max_filesize 20M
   php_flag phar.readonly off
   php_flag magic_quotes_gpc off
   php_flag session.auto_start off
   php_flag suhosin.session.cryptua off
   php_flag zend.ze1_compatibility_mode off
   php_value always_populate_raw_post_data -1
</IfModule>

#   AddType x-mapp-php5 .php
#   AddHandler x-mapp-php5 .php

<IfModule mod_headers.c>
    Header append X-Frame-Options SAMEORIGIN
</IfModule>

 

Für Ideen und Vorschläge wäre ich wie immer sehr dankbar

[d00p]

Doppelte Location Blöcke führt Froxlor eigentlich zusammen. Allerdings kann halt Froxlor nicht die komplette Komplexität die nginx erlaubt abdecken. Im zweifel erstelle den vhost so wir du ihn brauchst und mache ihn schreibgeschützt (chattr +i [Datei]) damit froxlor diese nicht mehr überschreibt

[Tealk]

Habe eine bessere Möglichkeit gefunden, da ich ein ähnliches Problem hatte. Ich nutze include um das einzufügen was Froxlor umschreiben würde.

Damit kann ich zwar die Config nicht mehr über das WI ändern aber es gibt keine hässlichen Fehlermeldungen.

[Pro-Webs]

Unser Problem war auch dabei, dass die Blöcke in für uns falscher Reihenfolge zusammengefasst wurden. Du meinst den Include bei vHost Eintrag im Froxlor oder wo setzt du diesen an?

[Tealk]

Also ich hab einfach nen Ordner "/etc/nginx/includes" erstellt und dort dann das eingetragen was in die config soll. Bei mir sind das 2 Dateien, folgendes steht dann in Froxlor:

location / {

	include include/framadate.conf;
}

include include/framadate2.conf;