Here are my configurations for comparison. I have sanitized them.
nginx.conf
user www-data;
worker_processes 1;
load_module modules/ngx_http_modsecurity_module.so;
load_module modules/ngx_http_fancyindex_module.so;
pid /var/run/nginx/nginx.pid;
error_log /var/log/nginx/error.log info;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 180;
types_hash_max_size 2048;
client_max_body_size 32M;
# Detect when HTTPS is used
map $scheme $fastcgi_https {
default off;
https on;
}
# SSL
ssl_protocols TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
gzip on;
gzip_min_length 256;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 5;
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
upstream php {
server unix:/run/php/php7.0-fpm.sock;
}
upstream domainUser {
server unix:/run/php/domainUser.sock;
}
# This include loads the website server blocks.
include /etc/nginx/sites-enabled/*;
# Cloudflare IPs
set_real_ip_from 204.93.240.0/24;
set_real_ip_from 204.93.177.0/24;
set_real_ip_from 199.27.128.0/21;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
real_ip_header CF-Connecting-IP;
# include /etc/nginx/conf.d/*.conf;
}
domain.conf
# This is stored in /etc/nginx/sites-available/ and is activated through a symlink in /etc/nginx/sites-enabled/.
server {
listen 80;
listen [::]:80;
server_name domain.tld www.domain.tld;
return 301 https://www.domain.tld$request_uri;
}
server {
listen 443 ssl;
server_name www.domain.tld;
# Begin SSL Config
...
# End SSL Config
root /var/www/user/public/web;
index index.html index.php;
# Begin Error Pages
...
# End Error Pages
# Begin Additional Configurations
...
# End Additional Configurations
# Begin Various Directory, Rewrite, and Nginx Extension Configurations
...
# End Various Configurations
# This line points to the PHP configuration I am using, which is included in the next spoiler.
include /etc/nginx/conf.d/domain.conf;
## Begin Grav
## Begin - Index
# for subfolders, simply adjust:
# `location /subfolder {`
# and the rewrite to use `/subfolder/index.php`
location / {
try_files $uri $uri/ /index.php?$query_string;
}
## End - Index
## Begin - Security
# deny all direct access for these folders
location ~* /(\.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
# deny running scripts inside core system folders
location ~* /(system|vendor) /.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny running scripts inside user folder
location ~* /user/.*\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny access to specific files in the root folder
location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; }
## End - Security
}
PHP FPM conf
# This is located in /etc/nginx/conf.d/ and points to the nginx.conf's upstream domainUser.
location ~ \.php$ {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi.conf;
fastcgi_intercept_errors on;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass domainUser;
}
I hope this helps provide some reference. Once more, these configurations are implemented on an Ubuntu 16.04 server running Nginx 1.13.8 and PHP-FPM 7.
Are the configurations you’ve given above extracted from a server block?
An Nginx server block is denoted by a server {} section within the configuration files. Usually, there is one for the Nginx default website and then several others either within that same nginx.conf file or within a directory, perhaps called conf.d or sites-available/sites-enabled. The server blocks within conf.d/sites-available are then included in the main nginx.conf file.
A possible explanation could be that the server is serving up the default server block, which loads the base page, but can’t process the PHP, thus causing everything else to 404. We would want to make sure that our Nginx service is loading the specific site’s, or marcruemekorf.local’s, server block. This could happen because the default document root and the site’s document root could be one and the same, thus serving the same page, but having different configurations (or none) for PHP.
Based off of what is provided above, specifically:
Quote
You would want to adjust your location / {} block to the following.
Location /
location / {
try_files $uri $uri/ /index.php?$query_string;
}
The PHP configuration looks proper. Once more, I am not sure if your PHP sock actually exists (as I am not looking at the machine’s terminal myself), but you could verify it by running something like the following.
ls -lah /Applications/MAMP/Library/logs/fastcgi/nginxFastCGI_php7.1.8.sock
If you get output of the file’s statistics such as owner, group, permissions, modified date, then the file should exist. You could also try the following.
stat /Applications/MAMP/Library/logs/fastcgi/nginxFastCGI_php7.1.8.sock
That should provide statistics on the file as well. If either command reports directory or file not found, then the server has not generated a PHP .sock, which would mean PHP requests are not being sent to be processed. (I only bring this up for thoroughness. If WordPress has been working fine, I am assuming this socket is being created and is serving PHP requests.)
I would start by modifying your root location block and adding it the other security-related location blocks (those which return a 403). If the site loads, then we know that was this simple configuration issue of missing the appropriate Nginx configurations for the software.
Grav Nginx Documentations
Sample Nginx Config: https://github.com/getgrav/grav/blob/master/webserver-configs/nginx.conf
Other links
Nginx | Grav Documentation
Beginner’s Guide
Beginner’s Guide
Beginner’s Guide
Verifying the services are running
The following is not necessary as it would appear that in general, your site is working. (That is to say, a request is received by Nginx and it serves up the an index file.) This would be more to verify the correct port and answer a question such as, “Is PHP-FPM actually running on port 9000?”
While I am not sure if this command exists on Mac, you could verify your services are up and running with the following command.
netstat -plnt
To get a specific port, you could pipe this to grep. So for Nginx, we might do the following.
netstat -plnt | grep 80