This configuration may work in any version prior to Mautic 3.3, but for higher versions, you may encounter an error in the console if you try to add a new email, landing page or any other feature using the builder.
Here’s what I get in my console as an error:
After 2 weeks of searching, I finally found this on Github that helped me better understand the error:
opened 11:38PM - 28 Apr 17 UTC
closed 10:00AM - 29 Jul 20 UTC
T2
bug
pending-feedback
What type of report is this:
| Q | A
| ---| ---
| Bug report? | yes
| Fe… ature request? | no
| Enhancement? | no
## Description:
When attempting to edit a form with an incorrect nginx/webserver configuration, the user receives the error `You do not have access to the requested area/action.` as a javascript alert, indicating that the user is attempting to access something that they do not have the permissions to receive. After long investigation, it seems that this error message is misleading, and it is in-fact an issue with server configuration.
I believe that this configuration error should be checked ahead of time, so as to catch the error during the installation process, instead of having the user run into the error in production.
The issue seems to have something to do with the way that the webserver redirects PHP traffic to FastCGI.
[Line 50 of mautic/app/bundles/FormBundle/Controller/FieldController.php](https://github.com/mautic/mautic/blob/staging/app/bundles/FormBundle/Controller/FieldController.php#L50):
```php
//ajax only for form fields
if (!$fieldType || // not an access check
!$this->request->isXmlHttpRequest() ||
!$this->get('mautic.security')->isGranted(['form:forms:editown', 'form:forms:editother', 'form:forms:create'], 'MATCH_ONE')
) {
return $this->modalAccessDenied();
}
```
In the above code, `fieldType` is a blank string due to your codebase being unable to pick up GET parameters from this non-functioning server configuration, even though $_GET gets the parameters just fine.
The issue is fixed by changing the way that PHP files are accessed in the nginx config. This is the config I ended up with:
```conf
server {
# see: http://wiki.nginx.org/Pitfalls
# see: http://wiki.nginx.org/IfIsEvil
listen 80;
root /var/www/html;### change this to your app root ###
index index.html index.htm index.php;
error_page 404 /index.php;
# Make site accessible from http://set-ip-address.xip.io
server_name ### your external domain here ###;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log error;
charset utf-8;
# redirect index.php to root
rewrite ^/index.php/(.*) /$1 permanent;
#######################################
## Start Mautic Specific config #####
#######################################
# redirect some entire folders
rewrite ^/(vendor|translations|build)/.* /index.php break;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to index.html
# one option: try_files $uri $uri/ /index.php$is_args$args;
try_files $uri /index.php$is_args$args;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
# Deny everything else in /app folder except Assets folder in bundles
location ~ /app/bundles/.*/Assets/ {
allow all;
access_log off;
}
location ~ /app/ { deny all; }
# Deny everything else in /addons or /plugins folder except Assets folder in bundles
location ~ /(addons|plugins)/.*/Assets/ {
allow all;
access_log off;
}
location ~ /(addons|plugins)/ { deny all; }
# Deny all php files in themes folder
location ~* ^/themes/(.*)\.php {
deny all;
}
# Don't log favicon
location = /favicon.ico {
log_not_found off;
access_log off;
}
# Don't log robots
location = /robots.txt {
access_log off;
log_not_found off;
}
# Deny yml, twig, markdown, init file access
location ~* /(.*)\.(?:markdown|md|twig|yaml|yml|ht|htaccess|ini)$ {
deny all;
access_log off;
log_not_found off;
}
# Deny all attempts to access hidden files/folders such as .htaccess, .htpasswd, .DS_Store (Mac), etc...
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# Deny all grunt, composer files
location ~* (Gruntfile|package|composer)\.(js|json)$ {
deny all;
access_log off;
log_not_found off;
}
#######################################
## End Mautic Specific config #####
#######################################
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
# try_files $uri =403;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/html/$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
include fastcgi_params;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
}
}
```
Mostly taken from: https://gist.github.com/that0n3guy/905c812c0f65e7ffb5ec
To resolve this issue, the resolver should create a new error message for if `fieldType` is empty, and preferably create a check for a working config at install time.
## If a bug:
| Q | A
| --- | ---
| Mautic version | 2.8.0
| PHP version | 5.6.30-0+deb8u1
### Steps to reproduce:
1. Use this config or equiv:
```conf
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html ### your application root ###;
index index.php;
server_name ### your external domain ###;
location / {
try_files $uri $uri/ /index.php/$uri;
}
# pass the PHP scripts to FastCGI server
location ~ ^(.+\.php)(.*)$
{
fastcgi_split_path_info ^(.+\.php)?(.*)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/html/$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
}
}
```
2. Create a new form
3. Attempt to add a new field to said form
4. Upon selecting an item from the drop down menu, you should be presented with a javascript alert giving you the error message: `You do not have access to the requested area/action.`, and the field will fail to create.
### Log errors:
in the form of a Javascript alert: "You do not have access to the requested area\/action."
Notably nothing in the error log of NGiNX or fpg-php.
They suggested updating the nginx configuration so that it could take into account requests from the builder :
server {
# see: http://wiki.nginx.org/Pitfalls
# see: http://wiki.nginx.org/IfIsEvil
listen 80;
root /var/www/html;### change this to your app root ###
index index.html index.htm index.php;
error_page 404 /index.php;
# Make site accessible from http://set-ip-address.xip.io
server_name ### your external domain here ###;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log error;
charset utf-8;
# redirect index.php to root
rewrite ^/index.php/(.*) /$1 permanent;
#######################################
## Start Mautic Specific config #####
#######################################
# redirect some entire folders
rewrite ^/(vendor|translations|build)/.* /index.php break;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to index.html
# one option: try_files $uri $uri/ /index.php$is_args$args;
try_files $uri /index.php$is_args$args;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
# Deny everything else in /app folder except Assets folder in bundles
location ~ /app/bundles/.*/Assets/ {
allow all;
access_log off;
}
location ~ /app/ { deny all; }
# Deny everything else in /addons or /plugins folder except Assets folder in bundles
location ~ /(addons|plugins)/.*/Assets/ {
allow all;
access_log off;
}
location ~ /(addons|plugins)/ { deny all; }
# Deny all php files in themes folder
location ~* ^/themes/(.*)\.php {
deny all;
}
# Don't log favicon
location = /favicon.ico {
log_not_found off;
access_log off;
}
# Don't log robots
location = /robots.txt {
access_log off;
log_not_found off;
}
# Deny yml, twig, markdown, init file access
location ~* /(.*)\.(?:markdown|md|twig|yaml|yml|ht|htaccess|ini)$ {
deny all;
access_log off;
log_not_found off;
}
# Deny all attempts to access hidden files/folders such as .htaccess, .htpasswd, .DS_Store (Mac), etc...
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# Deny all grunt, composer files
location ~* (Gruntfile|package|composer)\.(js|json)$ {
deny all;
access_log off;
log_not_found off;
}
#######################################
## End Mautic Specific config #####
#######################################
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
# try_files $uri =403;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
fastcgi_pass unix:/var/run/php7-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/html/$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
include fastcgi_params;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
}
}
