nginx configuration with FastCGI for osTicket

This article is from 2016 and has been archived. It's old and probably outdated.

I set up osTicket on a FreeBSD server and wanted to have it served by nginx and FastCGI. I ran into some problems with the approaches other people described and even with the recipe found on the nginx website. These problems resulted in errors logged as FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream when I tried to upload an attachment to a ticket that I created on the client's side (not on the agent's side, i.e. /scp). The client/reporter received something like File Upload error <filename-here> undefined400 in an alert box. Additionally the WYSIWYG icons in the issue description area were missing. Some things need to be added to the corresponding server-block of the nginx configuration to fix these issues. I will only show the relevant parts of that block.

/path/to/nginx/conf/nginx.conf:

# ... more server block options ...

root   /usr/local/www/myhost/osticket/;

set $path_info "";

location ~ /include {
    deny all;
    return 403;
}

location / {
    try_files   $uri $uri/ index.php;
    index  index.php;
}

if ($request_uri ~ "^/api(/[^\?]+)") {
    set $path_info $1;
}

if ($request_uri ~ "^/scp/.*\.php(/[^\?]+)") {
    set $path_info $1;
}

if ($request_uri ~ "^/.*\.php(/[^\?]+)") {
    set $path_info $1;
}

location ~ ^/scp/ajax.php/.*$ {
    try_files $uri $uri/ /scp/ajax.php?$query_string;
}

location ~ ^/ajax.php/.*$ {
    try_files $uri $uri/ /ajax.php?$query_string;
}

location ~ ^/api/(?:tickets|tasks).*$ {
    try_files $uri $uri/ /api/http.php?$query_string;
}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
# or a unix socket.
#
location ~ \.php$ {
    include             fastcgi_params;
    fastcgi_param       SCRIPT_FILENAME  $request_filename;
    # fastcgi_pass        127.0.0.1:9000;
    # The socket approach requires the module php5-fpm
    fastcgi_pass        unix:/var/run/php-fpm.sock;
}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
    deny  all;
}

/path/to/nginx/conf/fastcgi_params:

fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;
fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  PATH_INFO          $path_info;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  HTTPS              $https if_not_empty;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;
Jan Beilicke

About the author

Long-time IT professional and full-time nerd. Open source enthusiast, advocating security and privacy. Sees the cloud as other people's computers. Find me on Mastodon or Twitter.