Manage modules facing Nginx- 404 Not Found

Dhayananda_T · May 20, 2021, 4:52pm

Hi,

Deployed openemr-6.0.0 on Nginx web server instead of apache2.
Modules > manage modules
loading page for 1 second as I can see message “loading manage modules…” and page goes “Nginx 404 Not found”. attached screen-shots on same.

The same issue I cleared in apache2 by adding below lines in apache2 config file(000-default.conf)

<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted

Where as in Nginx webserver, how to enable such parameters like "AllowOverride " in nginx config file.

Regards,
Dhayananda

stephenwaite · May 20, 2021, 5:49pm

hi @Dhayananda_T, does this help? looks like the dockers use this block, a lot of the rest of this configuration file is specific to a crazy testing environment

Dhayananda_T · May 21, 2021, 9:11am

@stephenwaite, I have seen same reference link for nginx and still not familiar what to do and how to enable same. Below are the nginx config(default) file.

server {
listen 80 ;
listen 443 ssl ;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name abc.xxxx.com; # managed by Certbot

   #	location / {
	# First attempt to serve request as file, then
	# as directory, then fall back to displaying a 404.
   #	try_files $uri $uri/ =404;
   #}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
	include snippets/fastcgi-php.conf;

#	# With php7.0-cgi alone:
#	fastcgi_pass 127.0.0.1:9000;
#	# With php7.0-fpm:
	fastcgi_pass unix:/run/php/php7.3-fpm.sock;
}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
#	deny all;
#}

ssl_certificate /etc/letsencrypt/live/abc.xxxx.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/abc.xxxx.com/privkey.pem;
}

how to enable such parameters like “AllowOverride” to clear the Nginx-404 not found.

regards,

Dhayananda.T

Dhayananda_T · May 22, 2021, 7:03am

hi @stephenwaite,

thanks for support.

Regards,
Dhayananda.T

gutiersa · May 23, 2021, 10:26pm

Nginx works differently from apache. There is no equivalency in the lines. For starters, this block is required:

if (!-e $request_filename) {
        # Needed for zend to work
        rewrite ^(.*/zend_modules/public)(.*) $1/index.php?$is_args$args last;
        # Needed for patient portal to work
        rewrite ^(.*/portal/patient)(.*) $1/index.php?_REWRITE_COMMAND=$1$2 last;
        # Needed for REST API/FHIR to work
        rewrite ^(.*/apis/)(.*) $1/dispatch.php?_REWRITE_COMMAND=$2 last;
        # Needed for OAuth2 to work
        rewrite ^(.*/oauth2/)(.*) $1/authorize.php?_REWRITE_COMMAND=$2 last;
    }

You are missing the following line which tells nginx to serve all static content:

location / {
   try_files $uri $uri/ /index.php;
}

Finally, here you are passing the php scripts to the php-fpm:

location ~ \.php$ {
  include snippets/fastcgi-php.conf;
  # With php7.0-cgi alone:
  # fastcgi_pass 127.0.0.1:9000;
  # With php7.0-fpm:
  fastcgi_pass unix:/run/php/php7.3-fpm.sock;
  fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
}

This is very basic and extremely insecure.
In a production environment I would forward all requests coming in on port 80 to port 443.

Dhayananda_T · May 30, 2021, 12:51pm

Thanks for your support.

I can able to download the Continuity of Care Record (CCR) in Reports >

Report Content in the patient dashboard, the xxx-ccr.zip file is

downloaded. when I tried to Generate the Report, it shows blank page.

Regards,
Dhayananda.T

demontime · March 3, 2024, 10:21am

Try the nginx configuration for docker, with this the local virtual host file should look like:

server {
    listen 80;

    server_name  openemr;

    access_log  /var/log/nginx/openemr.access.log;
    error_log   /var/log/nginx/openemr.error.log;

    root /var/www/openemr;

    index index.php;

       # protect special files from outside openemer login, and restrict them to superAdmins only
        #location ~* ^/(admin|setup|acl_setup|acl_upgrade|sl_convert|sql_upgrade|gacl/setup|ippf_upgrade|sql_patch)\.php {
            #auth_basic 				"Restricted Access";
            #auth_basic_user_file 	/path/to/.htpasswd;
            #fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            #fastcgi_pass dev-php-fpm-7-1:9000;
            #include fastcgi_params;
        #}

        # Alternatively all access to these files can be denied
        #location ~* ^/(admin|setup|acl_setup|acl_upgrade|sl_convert|sql_upgrade|gacl/setup|ippf_upgrade|sql_patch)\.php {
            #deny all;
            #return 404;
        #}

        if (!-e $request_filename) {
            # Needed for zend to work
            rewrite ^(.*/zend_modules/public)(.*) $1/index.php?$is_args$args last;

            # Needed for patient portal to work
            rewrite ^(.*/portal/patient)(.*) $1/index.php?_REWRITE_COMMAND=$1$2 last;

            # Needed for REST API/FHIR to work
            rewrite ^(.*/apis/)(.*) $1/dispatch.php?_REWRITE_COMMAND=$2 last;

            # Needed for OAuth2 to work
            rewrite ^(.*/oauth2/)(.*) $1/authorize.php?_REWRITE_COMMAND=$2 last;
        }

        location / {
            # try as file ($uri), as directory ($uri/) if not found, send to index file
            # no php is touched for static content
            try_files $uri $uri/ /index.php;
        }

    # Pass PHP Scripts To FastCGI Server
    location ~* \.php$ {
        try_files $uri =404;
        fastcgi_index  index.php;
        fastcgi_pass unix:/run/php/php8.2-fpm.sock; # Depends On The PHP Version
        fastcgi_param SCRIPT_FILENAME  $realpath_root$fastcgi_script_name;
        fastcgi_param DOCUMENT_ROOT $realpath_root;
        include fastcgi_params;
    }

    # deny access to writable files/directories
    location ~* ^/sites/*/(documents|edi|era) {
        deny all;
        return 404;
    }

    # deny access to certain directories
    location ~* ^/(contrib|tests) {
	    deny all;
        return 404;
    }

    # Alternatively all access to these files can be denied
    location ~* ^/(admin|setup|acl_setup|acl_upgrade|sl_convert|sql_upgrade|gacl/setup|ippf_upgrade|sql_patch)\.php {
        deny all;
        return 404;
    }

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt  {
        log_not_found off;
        access_log off;
    }

    location ~ /\. {
        deny all;
    }
}

The above works for me on localhost, note that on a production environment, follow recommendations by @gutiersa.

CalvinTy · March 27, 2024, 8:48pm

I fix the above problem by using suggestion from this link. Basically, we manage the module
with line autoindex on; # as suggested from How To Serve Static File Directory Over HTTP Using NGINX - Server Fault

Marco_Meza · March 27, 2024, 11:35pm

I was facing same issue, I have added this block to /etc/nginx/openemr.conf,

if (!-e $request_filename) {
            # Needed for zend to work
            rewrite ^(.*/zend_modules/public)(.*) $1/index.php?$is_args$args last;

            # Needed for patient portal to work
            rewrite ^(.*/portal/patient)(.*) $1/index.php?_REWRITE_COMMAND=$1$2 last;

            # Needed for REST API/FHIR to work
            rewrite ^(.*/apis/)(.*) $1/dispatch.php?_REWRITE_COMMAND=$2 last;

            # Needed for OAuth2 to work
            rewrite ^(.*/oauth2/)(.*) $1/authorize.php?_REWRITE_COMMAND=$2 last;
        }

My complete openemr.conf is as follows

server {
    listen       443 ssl http2;
    listen       [::]:443 ssl http2;
    server_name  openemr.example.com;

    access_log  /var/log/nginx/openemr.access.log;
    error_log   /var/log/nginx/openemr.error.log;

    # SSL
    ssl_certificate         /etc/letsencrypt/live/openemr.example.com/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/openemr.example.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/openemr.example.com/chain.pem;
    ssl_session_timeout  1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    # use https://blog.cloudflare.com/announcing-1111 Cloudfare+Apnic labs, It is free and secure
    resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] valid=300s;

    root /var/www/html/openemr;

    index index.php;

    location / {
        try_files $uri $uri/ /index.php;
    }

    # Pass PHP Scripts To FastCGI Server
    location ~* \.php$ {
        try_files $uri =404;
        fastcgi_index  index.php;
        fastcgi_pass unix:/run/php/php8.2-fpm.sock; # Depends On The PHP Version
        fastcgi_param SCRIPT_FILENAME  $realpath_root$fastcgi_script_name;
        fastcgi_param DOCUMENT_ROOT $realpath_root;
        include fastcgi_params;
    }

    # deny access to writable files/directories
    location ~* ^/sites/*/(documents|edi|era) {
        deny all;
        return 404;
    }

    # deny access to certain directories
    location ~* ^/(contrib|tests) {
	    deny all;
        return 404;
    }

    # Alternatively all access to these files can be denied
    location ~* ^/(admin|setup|acl_setup|acl_upgrade|sl_convert|sql_upgrade|gacl/setup|ippf_upgrade|sql_patch)\.php {
        deny all;
        return 404;
    }
#enable rewrite
if (!-e $request_filename) {
            # Needed for zend to work
            rewrite ^(.*/zend_modules/public)(.*) $1/index.php?$is_args$args last;

            # Needed for patient portal to work
            rewrite ^(.*/portal/patient)(.*) $1/index.php?_REWRITE_COMMAND=$1$2 last;

            # Needed for REST API/FHIR to work
            rewrite ^(.*/apis/)(.*) $1/dispatch.php?_REWRITE_COMMAND=$2 last;

            # Needed for OAuth2 to work
            rewrite ^(.*/oauth2/)(.*) $1/authorize.php?_REWRITE_COMMAND=$2 last;
        }
    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt  {
        log_not_found off;
        access_log off;
    }

    location ~ /\. {
        deny all;
    }
}

# enforce HTTPS
server {
    listen       80;
    listen       [::]:80;
    server_name  openemr.example.com;
    return 301   https://$host$request_uri;
}

It is needed to set server_name to your domain, so please replace to your domain.

openemr.example.com

Also, there is need to update root folder, in this example it is

/var/www/html/openemr

Thanks to everyone who helped to solve this issue.