Fresh install, 'The requested resource was not found'

MoshBit

Okay, so I'm coming over from the centminmod LEMP stack system, so composer and a lot of this is unfamiliar territory for me. I'm really struggling to get a working flarum install going in my LEMP server using the official documentation.

the server directory of my public folder before installing flarum is:

/home/nginx/domains/beta.squattheplanet.com/public

my nginx conf file is located at:

/usr/local/nginx/conf/conf.d/beta.squattheplanet.com.ssl.conf

the contents of that file:

#x# HTTPS-DEFAULT
 server {
   listen   80;
#x#   listen   [::]:80;
   server_name beta.squattheplanet.com www.beta.squattheplanet.com;
   return 302 https://beta.squattheplanet.com$request_uri;
   root /home/nginx/domains/beta.squattheplanet.com/public;
   include /usr/local/nginx/conf/staticfiles.conf;
 }


server {
  listen 443 ssl http2;
  server_name beta.squattheplanet.com www.beta.squattheplanet.com;

  include /usr/local/nginx/conf/ssl/beta.squattheplanet.com/beta.squattheplanet.com.crt.key.conf;
  include /usr/local/nginx/conf/ssl_include.conf;

  # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
  #ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/beta.squattheplanet.com/origin.crt;
  #ssl_verify_client on;
  
  
  
  # mozilla recommended
  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
  ssl_prefer_server_ciphers   on;
  #add_header Alternate-Protocol  443:npn-spdy/3;

  # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
  #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  #add_header X-Frame-Options SAMEORIGIN;
  add_header X-Xss-Protection "1; mode=block" always;
  add_header X-Content-Type-Options "nosniff" always;
  #add_header Referrer-Policy "strict-origin-when-cross-origin";
  #add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()";
  #spdy_headers_comp 5;
  ssl_buffer_size 1369;
  ssl_session_tickets on;
  
  # enable ocsp stapling
  resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m;
  resolver_timeout 10s;
  ssl_stapling on;
  ssl_stapling_verify on;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/beta.squattheplanet.com/log/access.log combined buffer=256k flush=5m;
  error_log /home/nginx/domains/beta.squattheplanet.com/log/error.log;

  include /usr/local/nginx/conf/autoprotect/beta.squattheplanet.com/autoprotect-beta.squattheplanet.com.conf;
  root /home/nginx/domains/beta.squattheplanet.com/public;
  # uncomment cloudflare.conf include if using cloudflare for
  # server and/or vhost site
  include /usr/local/nginx/conf/cloudflare.conf;
  include /usr/local/nginx/conf/503include-main.conf;

  location / {
  include /usr/local/nginx/conf/503include-only.conf;

# block common exploits, sql injections etc
#include /usr/local/nginx/conf/block.conf;

  # Enables directory listings when index file not found
  #autoindex  on;

  # Shows file listing times as local time
  #autoindex_localtime on;

  # Wordpress Permalinks example
  #try_files $uri $uri/ /index.php?q=$uri&$args;

  }

  include /usr/local/nginx/conf/php.conf;
  
  include /usr/local/nginx/conf/pre-staticfiles-local-beta.squattheplanet.com.conf;
  include /usr/local/nginx/conf/pre-staticfiles-global.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
  include /home/nginx/domains/beta.squattheplanet.com/public/.nginx.conf;
}

by default, this install results in beta.squattheplanet.com/public for a URL, and /home/nginx/domains/beta.squattheplanet.com/public/public for a server directory, so I followed the instructions for customizing paths:

$site = require './site.php';
'base' => __DIR__, 'public' => __DIR__, 'storage' => __DIR__.'/storage',

i uncommented lines 8-11 of the nginx.conf.

I ran the install, used the flarum_ table prefix, and all seems well, until I click on a tag, then I get the 'The requested resource was not found' error.

Turning on debug in config.php, I get:

GET https://beta.squattheplanet.com/api/tags/general

<html>
<head><title>404 Not Found</title><script src="/cdn-cgi/apps/head/0IuqbACX7hAbYIIEPmwItu71Tss.js"></script></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>

I don't have an api or cdn-cgi folder in my public directory.

The only other thing I can think of is that I did install flarum using composer as root. I understand this is frowned upon, but it's just for testing purposes while I figure out the installation and migration of my community to flarum.

I'm really not sure what to do at this point, so any help would be appreciated.

luceos

MoshBit under normal circumstances files owned by root cannot be used by any other user on the system including www-data. Although this seems to an issue, I'm not sure sure this is the issue. Can you chown the files and folders to www-data? Or whatever user the site runs as.

MoshBit

luceos ah, yes, that is something i did forget. the centminmod setup runs things in the nginx user and group (nginx:nginx) so I ran:

chown -R nginx:nginx *

in the home directory. unfortunately im still having the same result when i click on the 'general' link:

GET https://beta.squattheplanet.com/api/discussions

<html>
<head><title>404 Not Found</title><script src="/cdn-cgi/apps/head/0IuqbACX7hAbYIIEPmwItu71Tss.js"></script></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>

luceos

MoshBit so the error you have now relates to any requests apart from / not hitting the index.php; the rewrite rules you included from the flarum root don't work.

As I don't see any proxy configuration to php in your posted config I can't really tell what is happening, but I do know the rewrites are the issue.

MoshBit

So, I did get this to work (it was easier than I thought it would be), so I figured I should follow up for anyone that might be using the same system (centminmod).

The short version is that I removed the default location / reference from the centminmod nginx conf file (beta.squattheplanet.com.ssl.conf) and included the reference to the .nginx.conf file in the flarum directory and put any custom settings there:

beta.squattheplanet.com.ssl.conf:

#x# HTTPS-DEFAULT
 server {
   listen   80;
#x#   listen   [::]:80;
   server_name beta.squattheplanet.com www.beta.squattheplanet.com;
   return 302 https://beta.squattheplanet.com$request_uri;
   root /home/nginx/domains/beta.squattheplanet.com/public;
   include /usr/local/nginx/conf/staticfiles.conf;
 }


server {
  listen 443 ssl http2;
  server_name beta.squattheplanet.com www.beta.squattheplanet.com;

  include /usr/local/nginx/conf/ssl/beta.squattheplanet.com/beta.squattheplanet.com.crt.key.conf;
  include /usr/local/nginx/conf/ssl_include.conf;

  # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
  #ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/beta.squattheplanet.com/origin.crt;
  #ssl_verify_client on;
  
  
  
  # mozilla recommended
  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
  ssl_prefer_server_ciphers   on;
  #add_header Alternate-Protocol  443:npn-spdy/3;

  # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
  #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  #add_header X-Frame-Options SAMEORIGIN;
  add_header X-Xss-Protection "1; mode=block" always;
  add_header X-Content-Type-Options "nosniff" always;
  #add_header Referrer-Policy "strict-origin-when-cross-origin";
  #add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()";
  #spdy_headers_comp 5;
  ssl_buffer_size 1369;
  ssl_session_tickets on;
  
  # enable ocsp stapling
  resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m;
  resolver_timeout 10s;
  ssl_stapling on;
  ssl_stapling_verify on;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/beta.squattheplanet.com/log/access.log combined buffer=256k flush=5m;
  error_log /home/nginx/domains/beta.squattheplanet.com/log/error.log;

  include /usr/local/nginx/conf/autoprotect/beta.squattheplanet.com/autoprotect-beta.squattheplanet.com.conf;
  root /home/nginx/domains/beta.squattheplanet.com/public;
  # uncomment cloudflare.conf include if using cloudflare for
  # server and/or vhost site
  include /usr/local/nginx/conf/cloudflare.conf;
  include /usr/local/nginx/conf/503include-main.conf;

  #location / { try_files $uri $uri/ /index.php?$query_string; }

  include /usr/local/nginx/conf/php.conf;
  
  include /usr/local/nginx/conf/pre-staticfiles-local-beta.squattheplanet.com.conf;
  include /usr/local/nginx/conf/pre-staticfiles-global.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
  include /home/nginx/domains/beta.squattheplanet.com/public/.nginx.conf;
}

flarum .nginx.conf:

# Pass requests that don't refer directly to files in the filesystem to index.php
location / {
  try_files $uri $uri/ /index.php?$query_string;
}

# Uncomment the following lines if you are not using a `public` directory
# to prevent sensitive resources from being exposed.
 location ~* ^/(\.git|composer\.(json|lock)|auth\.json|config\.php|flarum|storage|vendor) {
   deny all;
   return 404;
 }

# The following directives are based on best practices from H5BP Nginx Server Configs
# https://github.com/h5bp/server-configs-nginx

# Expire rules for static content
location ~* \.(?:manifest|appcache|html?|xml|json)$ {
  add_header Cache-Control "max-age=0";
}

location ~* \.(?:rss|atom)$ {
  add_header Cache-Control "max-age=3600";
}

location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|mp4|ogg|ogv|webm|htc)$ {
  add_header Cache-Control "max-age=2592000";
  access_log off;
}

location ~* \.(?:css|js)$ {
  add_header Cache-Control "max-age=31536000";
  access_log off;
}

location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ {
  add_header Cache-Control "max-age=2592000";
  access_log off;
}

# Gzip compression
gzip on;
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
    application/atom+xml
    application/javascript
    application/json
    application/ld+json
    application/manifest+json
    application/rss+xml
    application/vnd.geo+json
    application/vnd.ms-fontobject
    application/x-font-ttf
    application/x-web-app-manifest+json
    application/xhtml+xml
    application/xml
    font/opentype
    image/bmp
    image/svg+xml
    image/x-icon
    text/cache-manifest
    text/css
    text/javascript
    text/plain
    text/vcard
    text/vnd.rim.location.xloc
    text/vtt
    text/x-component
    text/x-cross-domain-policy;

I figured this out by following some of the suggestions listed in these two threads on the centminmod forums:

https://community.centminmod.com/threads/centmin-mod-09-flarum.4910/#post-20230
https://community.centminmod.com/threads/flarum-0-1-0-and-nginx-1-7-4-rewrite-rules.18539/

As suggested there, I'll probably cut out the gzip stuff and some other things that are already covered by centminmod's nginx conf file, but it seems to all be working so far as-is on my test server.