Search code examples
nginxphpmyadminnginx-locationubuntu-20.04

Nginx 403 Forbidden for location and localhost

My target is to access to a specific location (i.e. phpmyadmin) using an SSH tunnel http://localhost/phpmyadmin

I have just installed Ubuntu 20.04 with Nginx. The following configuration was working fine with Ubuntu 18.04.

I edited /etc/nginx/sites-available/default adding:

  location /phpmyadmin {
    #Allow localhost
    allow 127.0.0.1;
    #deny all the others ip
    deny all;
  }

when I access to http://localhost/phpmyadmin I receive the error message:

403 Forbidden nginx/1.17.10 (Ubuntu)

Just for testing I have removed "deny all;" everything it is working fine, but every ip address can access the location phpmyadmin.

error log nginx:

2020/05/05 23:52:13 [error] 21905#21905: *1 access forbidden by rule, client: ::1, server: _, request: "GET /phpmyadmin/ HTTP/1.1", host: "localhost"

server {
    listen 80 default_server;
    listen [::]:80 default_server;


    root /var/www/html;

    # Add index.php to the list if you are using PHP
    index index.html index.htm index.nginx-debian.html index.php;

    server_name _;

    location / {
            # First attempt to serve request as file, then
            # as directory, then fall back to displaying a 404.
            try_files $uri $uri/ =404;
    }

   # pass PHP scripts to FastCGI server
    #
    location ~ \.php$ {
            include snippets/fastcgi-php.conf;

            # With php-fpm (or other unix sockets):
            fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
            # With php-cgi (or other tcp sockets):
            #fastcgi_pass 127.0.0.1:9000;
    }


location /phpmyadmin {
    satisfy all;
    allow 127.0.0.1;
    deny all;
    }


   }

Any idea why this configuration is not working anymore with ubuntu 20.04 and nginx 1.17.10?

Solution

  • You need to allow ::1 too... And add the parameters for the php inside the location block too.

    Try like this

    server {
    listen 80 default_server;
    listen [::]:80 default_server;

    root /var/www/html;

    # Add index.php to the list if you are using PHP
    index index.html index.htm index.nginx-debian.html index.php;

    server_name _;

    location / {
            # First attempt to serve request as file, then
            # as directory, then fall back to displaying a 404.
            try_files $uri $uri/ =404;
    }

   # pass PHP scripts to FastCGI server
    #
    location ~ \.php$ {
            include snippets/fastcgi-php.conf;

            # With php-fpm (or other unix sockets):
            fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
            # With php-cgi (or other tcp sockets):
            #fastcgi_pass 127.0.0.1:9000;
    }


    location ^~ /phpmyadmin/ {
            allow 127.0.0.1;
            allow ::1;
            deny all;
            include snippets/fastcgi-php.conf;
            fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
    }


}