我阅读了很多关于该主题的 stackoverflow 答案,但无法解决我的问题。
我有 3 个位置,我想要 3 个 URL:
http://www.example.com/ ---> /var/www/public_root
http://www.example.com/test1 ---> /var/www/public_test1
http://www.example.com/test2 ---> /var/www/public_test2
我已经在 stackoverflow 上测试了几种解决方案,但有时一种不起作用或全部不起作用。
我遵循以下步骤:
- 创建 3 个 nginx-avaliable
- 链接 3 ngnix-启用
- 创建 3 条路径
- 在此路径上建立权限(chmod,chown,...)
- 创建 3 个不同的 index.php
但总是错的.....
我需要限制对 test1 的访问到内网 ips,并且只允许
答案1
答案2
这是我的解决方案,它有效。
server {
listen 80; ## listen for ipv4;
listen [::]:80 default_server ipv6only=on;
server_name <my_server>;
# The location of our projects public directory.
root /var/www/public;
index index.php;
location / {
try_files $uri $uri/ /index.php?$query_string;
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
location /public_test1 {
location ~ /public_test1/(.+\.php)$ {
fastcgi_param PHP_VALUE "display_errors=Off";
fastcgi_split_path_info ^(.+\.php)(.*)$;
include fastcgi.conf;
fastcgi_send_timeout 600;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
include snippets/fastcgi-php.conf;
fastcgi_param SCRIPT_FILENAME /usr/share/public_test1/$1;
#fastcgi_index index.php;
}
# Deny some static files
location ~ ^/public_test1/(README|LICENSE|ChangeLog|DCO)$ {
deny all;
}
# Deny .md files
location ~ ^/public_test1/(.+\.md)$ {
deny all;
}
# Deny some directories
location ~ ^/public_test1/(doc|sql|setup)/ {
deny all;
}
# Begin - Security
# denyall direct access for these folders
location ~* /(.git|cache|bin|logs|backups|tests)/.*$ { return 403; }
# deny running scripts inside core system folders
location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny running scripts inside user folder
location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny access to specific files in the root folder
location ~ /(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) { return 403; }
## End - Security
#
}
# We don't need .ht files with nginx.
location ~ /\.ht {
deny all;
}
# Hide dot files/folders
location ~ .*/\. {
return 403;
}
# optimize static file serving
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml|JPG|svg|woff)$ {
access_log off;
log_not_found off;
expires 30d;
}
# Begin - Security
# denyall direct access for these folders
location ~* /(.git|cache|bin|logs|backups|tests)/.*$ { return 403; }
# deny running scripts inside core system folders
location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny running scripts inside user folder
location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny access to specific files in the root folder
location ~ /(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) { return 403; }
## End - Security
#
}