Author Topic: Please Help me fix my webserver (wordpress, 500 error & 404 error)  (Read 247 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
I had a wordpress site that was working on nginx-only with php-fpm80, and I stupidly wanted to install wireguard on the same vps and it bricked my site.
I used this auto script: https://github.com/Nyr/wireguard-install

I'm now getting 500 internal error on homepage and login page, and 404 error on article pages.
I obviously removed wireguard and all iptables rules.
I've tried rebuilding vhosts and webserver, also I've tried rebuilding php-fpm, I've rebooted a million times and deleted cloudflare cache and browser cache.
Here's my nginx conf file:
Quote
user nobody;
worker_processes auto;
#worker_rlimit_nofile    65535;
error_log               /var/log/nginx/error.log crit;
pid                     /var/run/nginx.pid;

events {
   worker_connections  1024;
   use                 epoll;
   multi_accept        on;

}
http {
   sendfile on;
   tcp_nopush on;
   tcp_nodelay on;
   client_header_timeout 3m;
   client_body_timeout 3m;
   client_max_body_size 256m;
   client_header_buffer_size 4k;
   client_body_buffer_size 256k;
   large_client_header_buffers 4 32k;
   send_timeout 3m;
   keepalive_timeout 60 60;
   reset_timedout_connection       on;
   server_names_hash_max_size 1024;
   server_names_hash_bucket_size 1024;
   ignore_invalid_headers on;
   connection_pool_size 256;
   request_pool_size 4k;
   output_buffers 4 32k;
   postpone_output 1460;

   include mime.types;
   default_type application/octet-stream;

   # Compression gzip
   gzip on;
   gzip_vary on;
   gzip_disable "MSIE [1-6]\.";
   gzip_proxied any;
   gzip_min_length 512;
   gzip_comp_level 6;
   gzip_buffers 8 64k;
   gzip_types text/plain text/xml text/css text/js application/x-javascript application/xml image/png image/x-icon image/gif image/jpeg image/svg+xml application/xml+rss text/javascript application/atom+xml application/javascript application/json application/x-font-ttf font/opentype;

   # Proxy settings
   proxy_redirect      off;
   proxy_set_header    Host            $host;
   proxy_set_header    X-Real-IP       $remote_addr;
   proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_pass_header   Set-Cookie;
   proxy_connect_timeout   300;
   proxy_send_timeout  300;
   proxy_read_timeout  300;
   proxy_buffers       32 4k;
   proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=512m;
   proxy_cache_key "$host$request_uri $cookie_user";
   proxy_temp_path  /var/cache/nginx/temp;
   proxy_ignore_headers Expires Cache-Control;
   proxy_cache_use_stale error timeout invalid_header http_502;
   proxy_cache_valid any 1d;

   open_file_cache_valid 120s;
   open_file_cache_min_uses 2;
   open_file_cache_errors off;
   open_file_cache max=5000 inactive=30s;
   open_log_file_cache max=1024 inactive=30s min_uses=2;

   # SSL Settings
   ssl_session_cache   shared:SSL:10m;
   ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
   ssl_prefer_server_ciphers on;
   ssl_ciphers        "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS";

   # Logs
   log_format  main    '$remote_addr - $remote_user [$time_local] $request '
                      '"$status" $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
   log_format  bytes   '$body_bytes_sent';
   #access_log          /var/log/nginx/access.log main;
   access_log off;

   # Cache bypass
   map $http_cookie $no_cache {
      default 0;
      ~SESS 1;
      ~wordpress_logged_in 1;
   }

   # Include additional configuration
   include /etc/nginx/cloudflare.inc;
   include /etc/nginx/conf.d/*.conf;
}

And here's the content of mydomain.ssl.conf:
Quote
server {
   listen ip ssl ;
   server_name domain  www.domain.com;
   root /home/user/public_html;
   index index.php index.html index.htm;
   access_log /usr/local/apache/domlogs/domain.bytes bytes;
   access_log /usr/local/apache/domlogs/domain.log combined;
   error_log /usr/local/apache/domlogs/domain.error.log error;

   ssl_certificate      /etc/pki/tls/certs/domain.bundle;
   ssl_certificate_key  /etc/pki/tls/private/domain.key;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
   ssl_prefer_server_ciphers   on;

   ssl_session_cache   shared:SSL:10m;
   ssl_session_timeout 60m;

   location / {

      add_header Strict-Transport-Security "max-age=31536000";
      add_header X-XSS-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;

      location ~.*\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {         
         expires max;
      }
      
      location ~ [^/]\.php(/|$) {
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         if (!-f $document_root$fastcgi_script_name) {
            return  404;
         }

         fastcgi_pass    unix:/opt/alt/php-fpm74/usr/var/sockets/user.sock;
         fastcgi_index   index.php;
         include         /etc/nginx/fastcgi_params;
      }

   }

   location ~* "/\.(htaccess|htpasswd)$" {deny all;return 404;}

   disable_symlinks if_not_owner from=/home/user/public_html;

   location /.well-known/acme-challenge {
      default_type "text/plain";
      alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
   }
}

server {
   listen ip ssl ;   
   server_name webmail.domain;

   access_log /usr/local/apache/domlogs/domain.bytes bytes;
   access_log /usr/local/apache/domlogs/domain.log combined;
   error_log /usr/local/apache/domlogs/domain.error.log error;

   ssl_certificate      /etc/pki/tls/certs/domain.bundle;
   ssl_certificate_key  /etc/pki/tls/private/domain.key;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
   ssl_prefer_server_ciphers   on;

   ssl_session_cache   shared:SSL:10m;
   ssl_session_timeout 60m;

   location / {
      proxy_pass  http://127.0.0.1:2095;
      include proxy.inc;
   }

   location ~ /\.ht    {deny all;}
   location ~ /\.svn/  {deny all;}
   location ~ /\.git/  {deny all;}
   location ~ /\.hg/   {deny all;}
   location ~ /\.bzr/  {deny all;}

   disable_symlinks if_not_owner from=/home/sexmot/public_html;

   location /.well-known/acme-challenge {
      default_type "text/plain";
      alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
   }
}

server {
   listen ip ssl ;   
   server_name mail.domain;

   access_log /usr/local/apache/domlogs/domain.bytes bytes;
   access_log /usr/local/apache/domlogs/domain.log combined;
   error_log /usr/local/apache/domlogs/domain.error.log error;

   ssl_certificate      /etc/pki/tls/certs/domain.bundle;
   ssl_certificate_key  /etc/pki/tls/private/domain.key;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
   ssl_prefer_server_ciphers   on;

   ssl_session_cache   shared:SSL:10m;
   ssl_session_timeout 60m;

   location / {
      proxy_pass  http://127.0.0.1:2095;
      include proxy.inc;
   }

   location ~ /\.ht    {deny all;}
   location ~ /\.svn/  {deny all;}
   location ~ /\.git/  {deny all;}
   location ~ /\.hg/   {deny all;}
   location ~ /\.bzr/  {deny all;}

   disable_symlinks if_not_owner from=/home/user/public_html;

   location /.well-known/acme-challenge {
      default_type "text/plain";
      alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
   }
}

server {
   listen ip ssl ;   
   server_name cpanel.domain;

   access_log /usr/local/apache/domlogs/domain.bytes bytes;
   access_log /usr/local/apache/domlogs/domain.log combined;
   error_log /usr/local/apache/domlogs/domain.error.log error;

   ssl_certificate      /etc/pki/tls/certs/domain.bundle;
   ssl_certificate_key  /etc/pki/tls/private/domain.key;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
   ssl_prefer_server_ciphers   on;

   ssl_session_cache   shared:SSL:10m;
   ssl_session_timeout 60m;

   location / {
      proxy_pass  https://127.0.0.1:2083;
      include proxy.inc;
   }

   location /pma {
      proxy_pass  https://127.0.0.1:2031;
      include proxy.inc;
   }

   location /roundcube {
      proxy_pass  https://127.0.0.1:2031;
      include proxy.inc;
   }

   location ~ /\.ht    {deny all;}
   location ~ /\.svn/  {deny all;}
   location ~ /\.git/  {deny all;}
   location ~ /\.hg/   {deny all;}
   location ~ /\.bzr/  {deny all;}

   disable_symlinks if_not_owner from=/home/user/public_html;

   location /.well-known/acme-challenge {
      default_type "text/plain";
      alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
   }
}
I changed my ip to "ip" and my domain to "domain" and username to "user" for anonymity reason
« Last Edit: March 16, 2021, 04:04:13 PM by Tunis0101 »