nginx config handles routes with embedded `.php` in them differently than apache config

pled commented 3 months ago

Using Power Ampache 2 android client to connect to my Nextcloud Music App, I was unable to connect due to nginx error.

92.xxx.yyy.zzz - - [23/Jun/2024:18:11:56 +0200] "GET /apps/music/ampache/server/json.server.php?action=handshake&auth=0dc8eab854xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx289e9ded5423&user=xxxxxxx&timestamp=1719159117 HTTP/2.0" 404 146 "-" "PowerAmpache2-1.00-60-fdroid"

It appears that issue is related to try_files directive in the nginx configuration file when using Ampache API, like described here : Ampache api with nextcloud served by nginx gets 404 when following nextcloud admin docs.

After some help from Ampache dev (see here), adding a new location for /apps/music/ampache/server/ like below setting in nginx configuration file solves the issue :

    location ~ ^/apps/music/ampache/server/.*\.php$ {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        set $path_info $fastcgi_path_info;

        try_files $fastcgi_script_name /index.php$fastcgi_script_name?$args;

        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param HTTPS on;

        fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice
        fastcgi_param front_controller_active true;     # Enable pretty urls
        fastcgi_pass php-handler;

        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

    # Ensure this block, which passes PHP files to the PHP process, is above the blocks
    # which handle static assets (as seen below). If this block is not declared first,
    # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
    # to the URI, resulting in a HTTP 500 error response.
    location ~ \.php(?:$|/) {
        # Required for legacy support
        rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;

        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        set $path_info $fastcgi_path_info;

        try_files $fastcgi_script_name =404;

        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param HTTPS on;

        fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice
        fastcgi_param front_controller_active true;     # Enable pretty urls
        fastcgi_pass php-handler;

        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

So it would probably be good to amend the following documentation with the above example, probably in the following documentation : https://docs.nextcloud.com/server/21/admin_manual/installation/nginx.html#nextcloud-in-the-webroot-of-nginx, in the Tips and Tricks section, when using Nextcloud Music App from Ampache client and using nginx as proxy server.

Note I was using the following versions when experiencing this issue :

Nextcloud 29.0.1
Music 2.0.0
Operating system and version: Armbian 24.5.1 bookworm (x32)
Apache or nginx version : 1.20.2
PHP version : 8.1.16
Power Apache 2 version : 1.00-60-fdroid

Running docker images provided by Linuxserver.io . File modified is Nextcloud/config/nginx/site-confs/default.conf

pled commented 2 months ago

After investigating another issue with album art (covers) not displayed in Power Ampache 2, it appears new location should be changed from "location ~ ^/apps/music/ampache/server/.*\.php$" to "location ~ ^/apps/music/ampache/.*\.php$".

As album art may retrieved using such URL : https://xxx.yyyy/apps/music/ampache/image.php?

See this issue for more information : https://github.com/owncloud/music/issues/1156

joshtrichards commented 2 months ago

Looks like the fundamental matter is two-fold:

The Ampache API (exposed by Music app) has routes that embed .php in them here:

https://github.com/owncloud/music/blob/eb9a0987eb59af007748f253d2f47887f1d8ad48/appinfo/routes.php#L127-L137

The Nginx config doesn't handle this in the same way as the Apache config for some reason.

Preferably we find an an approach that doesn't such a app specific rule to the general config if we can avoid it.

Let's try to figure out what we're doing different in the nginx config versus the Apache configs since apparently it works there?

The closest counterpart I can think of is the richdocumentscode proxy.php URL handling which, admittedly, does have an app specific rule:

https://github.com/nextcloud/documentation/blob/e9dd877fc5585a3948e91dafa352cfb4bc18d48b/admin_manual/installation/nginx-root.conf.sample#L145

Out of curiosity, does the following also work fix this?

rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy|.+\/music?\/ampache) /index.php$request_uri;

Still would prefer a generic way, so just gathering info at the moment.

pled commented 2 months ago

Hi, Thank you for your reply and taking care of that.

The rewrite rules proposed does work. Tested for both connecting from Ampache client and also displaying cover art : /apps/music/ampache/server... or /apps/music/ampache/image...

pled commented 2 months ago

I am sorry, I did a mistake : Actually, I used the default rewrite rule from the documentation :

And this one works : the Ampache client can connect. NOTE : this line was not present in my default configuration file (Nextcloud/config/nginx/site-confs/default.conf) provided by the nextcloud+swag container.

But using the one proposed and modified for ampache :

I initially thought both lines were the same (read to fast). Sorry for the misunderstanding.

nextcloud / documentation

nginx config handles routes with embedded `.php` in them differently than apache config #11951