Issues with my nginx config / aliases / errors

I have a VPS running CentOS 7, and I’m having some trouble with a few pieces of software that I’m trying to run. My miniflux instance is working, but all the other software I’m trying to setup with aliases is not working. I know the config is a mess as I’ve just copy and pasted from various install documentations.

Errors

Misc:

directive “index” is not terminated by “;” in /etc/nginx/sites-enabled/mysite.conf:54

Not sure why as index.php is followed by a semicolon

mysite.tld/budget (firefly-iii):

FastCGI sent in stderr: “Access to the script ‘/var/www/mysite/firefly-iii/public/index.php/login’ has been denied (see security.limit_extensions)” while reading response header from upstream, client: myip, server: mysite.tld, request: “GET /budget/login HTTP/1.1”, upstream: “fastcgi://unix:/var/run/php-fpm/php-fpm.sock:”, host: “www.mysite.tld”

Not sure how to get around this without disabling security.limit_extensions which seems to be a bad idea

mysite.tld/walla (Wallabag):

FastCGI sent in stderr: “Unable to open primary script: /var/www/mysite/app.php (No such file or directory)” while reading response header from upstream, client: 24.246.175.35, server: drewski.xyz, request: “GET /walla HTTP/1.1”, upstream: “fastcgi://unix:/var/run/php-fpm/php-fpm.sock:”, host: “www.mysite.tld”

For some reason it’s trying to find app.php in the wrong folder

mysite.tld/wiki (Bookstack):

directory index of “/var/www/drewski.xyz/BookStack/public” is forbidden, client: myip, server: mysite.tld, request: “GET /wiki/ HTTP/1.1”, host: “www.mysite.tld”

It’s trying to list the directory index here instead of the index.php file for some reason

Here is my nginx config (with a few identifying infos changed)

server {           root /var/www/mysite;          # Add index.php to the list if you are using PHP         index index.html index.htm index.nginx-debian.html index.php;          server_name mysite.tld www.mysite.tld;          location / {                 # First attempt to serve request as file, then                 # as directory, then fall back to displaying a 404.                 try_files $  uri $  uri/ =404;                 # proxy_pass http://localhost:8080;                 # proxy_http_version 1.1;                 # proxy_set_header Upgrade $  http_upgrade;                 # proxy_set_header Connection 'upgrade';                 # proxy_set_header Host $  host;                 # proxy_cache_bypass $  http_upgrade;         }      # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000         #     location ~ \.php$   {                include fastcgi.conf;         #     #   # With php7.0-cgi alone:         #   fastcgi_pass 127.0.0.1:9000;         #   # With php7.0-fpm:         fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;         }      # deny access to .htaccess files, if Apache's document root         # concurs with nginx's one         #     #location ~ /\.ht {         #   deny all;         #}  location /flux/ {     proxy_pass http://127.0.0.1:8080/flux/;     proxy_set_header Host $  host;     proxy_redirect off;     proxy_set_header X-Real-IP $  remote_addr;     proxy_set_header X-Forwarded-For $  proxy_add_x_forwarded_for;     proxy_set_header X-Forwarded-Proto $  scheme; }  location /wiki/ {    alias /var/www/mysite/BookStack/public;    try_files $  uri $  uri/ /index.php?$  query_string;     } location ^~ /firefly-iii/ {    deny all; }  location ^~ /budget {    alias /var/www/mysite/firefly-iii/public;    try_files $  uri $  uri/ @budget;      location ~* \.php(?:$  |/) {       include fastcgi.conf;       fastcgi_param SCRIPT_FILENAME $  request_filename;       fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice       fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;    } }  location @budget {    rewrite ^/budget/(.*)$   /budget/index.php/$  1 last; }      location ^~ /walla {         # try to serve file directly, fallback to app.php    alias /var/www/mysite/wallabag/web;          try_files $  uri /app.php$  is_args$  args;     }     location ~ ^/app\.php(/|$  ) {         fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;         fastcgi_split_path_info ^(.+\.php)(/.*)$  ;         include fastcgi_params;         fastcgi_param  SCRIPT_FILENAME  $  realpath_root$  fastcgi_script_name;         fastcgi_param DOCUMENT_ROOT $  realpath_root;         # Prevents URIs that include the front controller. This will 404:         # http://domain.tld/app.php/some-path         # Remove the internal directive to allow URIs like this         internal;     }      listen 443 ssl; # managed by Certbot     ssl_certificate /etc/letsencrypt/live/mysite/fullchain.pem; # managed by Certbot     ssl_certificate_key /etc/letsencrypt/live/mysite/privkey.pem; # managed by Certbot     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot   }  server {     if ($  host = www.mysite.tld) {         return 301 https://$  host$  request_uri;     } # managed by Certbot       if ($  host = mysite.tld) {         return 301 https://$  host$  request_uri;     } # managed by Certbot           listen 80;          server_name mysite.tld www.mysite.tld;     return 404; # managed by Certbot     }