[bitfolk] Configuration problem - nginx I think

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
 
 

Reply to this message
Author: Ian Hobson
Date:  
To: users
Subject: [bitfolk] Configuration problem - nginx I think
Hi All,

My VPN hosts a small selection of web sites. I have noticed a LOT of
attacks recently.

The errors in the log file is typically something like this.
2020/04/29 11:08:12 [error] 831#831: *99107 FastCGI sent in stderr: "PHP
message: PHP Fatal error: Reseller record not found for
in /var/www/exampleone/htsecure/Classes/ApplicationFactory.php on line
86" while reading response header from upstream, client: 209.17.96.218,
server: exampleone.co.uk, request: "GET / HTTP/1.1", upstream:
"fastcgi://127.0.0.1:9000", host: "exampletwo"

This is very puzzling because exampletwo is any website I host, (except
exampleon) - including a site that DNS points to my server, but I don't
host!

The PHP error is caused because the value in $_SERVER['HTTP_HOST'] is
not something expected. I think it may be "\n" or missing.

It would appear that I have something screwy in my configuration for php
requests to one site to be passed to another - but I can't see it. 

The default configuration is:
# Statements for default virtual host
server {
     listen   80 default ;
     #  server name is catch all for unknown names#
     server_name _ ;
     root /etc/nginx/html;
     index index.html;
     # access_log /var/www/access_log;
     try_files $uri =404;
}


This would be triggered when exampletwo is the domain pointed at my
server, that I don't (yet) host.

The only file in /etc/nginx/html is index.html and reports "the domain
you requested does not exist on this server". There are no php files. 

The config for exampleone is (redacted for security).
# Statements for exampleone  virtual host
#   switched to letsencrypt cert  30/6/2019
server {
    listen 80;
    server_name exampleone.co.uk  www.exampleone.co.uk;
    rewrite ^(.*) https://exampleone .co.uk$1 permanent;
}
server {
     listen 443 ssl http2;
     server_name exampleone.co.uk  www.exampleone.co.uk;
     ## SSL Certs
     ssl_certificate 
/etc/letsencrypt/live/coachmaster.co.uk-0001/fullchain.pem;
     ssl_certificate_key 
/etc/letsencrypt/live/coachmaster.co.uk-0001/privkey.pem;
     ssl_prefer_server_ciphers on;
     ssl_protocols TLSv1.2;
     ssl_ciphers 
"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
     ssl_session_timeout 10m;
     # Aditional Security Headers
     # ref: 
https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
     add_header Strict-Transport-Security "max-age=31536000; 
includeSubDomains";


     # ref: 
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
     add_header X-Frame-Options DENY always;


     # ref: 
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
     add_header X-Content-Type-Options nosniff always;


     # ref: 
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
     add_header X-Xss-Protection "1; mode=block" always;


     # Enable OCSP stapling
     # ref. 
http://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox
     ssl_stapling on;
     ssl_stapling_verify on;
     ssl_trusted_certificate 
/etc/letsencrypt/live/exampleone.co.uk/fullchain.pem;


     root /var/www/exampleone/htsecure;
     access_log /var/log/nginx/exampleone.co.uk.access.log;
     error_log  /var/log/nginx/error.log;
     index index.php;
     location = / {
         rewrite ^ /index.php last;
     }
     location /easyrtc {
         proxy_pass http://localhost:5006;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection 'upgrade';
         proxy_set_header Host $host;
         proxy_cache_bypass $http_upgrade;
     }
     location /socket.io {
         proxy_pass http://localhost:5006;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection 'upgrade';
         proxy_set_header Host $host;
         proxy_cache_bypass $http_upgrade;
     }
     # serve php files via fastcgi if the file exists
     location ~ \.php$ {
         try_files $uri =404;
         include /etc/nginx/fastcgi.conf;
         fastcgi_pass 127.0.0.1:9000;
         fastcgi_param  SCRIPT_FILENAME 
$document_root$fastcgi_script_name;
         fastcgi_param  CENTRAL_ROOT       $document_root;
         fastcgi_param  RESELLER_ROOT      $document_root;
         fastcgi_param  ENVIRONMENT        production;
         fastcgi_param  HTTPS ON;
     }
     # serve static files
     try_files $uri $uri/ /index.php;
     expires 30m;
     # now to configure the long polling
     location /publish {
         nchan_publisher;
         nchan_channel_id $arg_id;
         nchan_message_buffer_length 10;
         nchan_message_timeout 90s;
     }
     # public long-polling endpoint
     location /activity {
         nchan_subscriber;
         nchan_channel_id $arg_id;
     }
}


Sorry about the extra line breaks borking the layout. SNAFU. :)

Any idea why or how, a request to a site that does not exist, gets
switched to exampleone, when default is present?

I am running fail2ban, and that locks them out for an hour at the third
attempt, so it does not matter much, except that my nightly report of
errors is so full of this junk, I can't see any real problems. :(

Thanks for any insights.

Ian


--
Ian Hobson
Tel (+351) 910 418 473

--
This email has been checked for viruses by AVG.
https://www.avg.com


This message was posted to the following mailing lists:
users
Mailing List Info | Nearby Messages		<-Re: [bitfolk] Debian 10 upgrade and udev network nameRe: [bitfolk] Do not try to upgrade a BitFolk VM to Ubuntu 20.04 yet->
Bitfolk Mailing List Archive administrated by List AdminLurker (version 2.3)