我的网站上有一个admin/
子目录,我希望它位于 HTTPS 中,所以我尝试了以下配置,基于这个:
server {
listen 80;
server_name blob.tld;
root /srv/www/blob;
index index.php index.html index.htm;
location /blog/admin/* {
return 301 https://$server_name$request_uri;
}
location / {
try_files $uri $uri/ $uri/index.php /index.html;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
}
}
server {
listen 443 ssl;
server_name blob.tld;
root /srv/www/blob/;
index index.php index.html index.htm;
ssl_certificate /srv/www/blob.tld.pem;
ssl_certificate_key /srv/www/blob.tld.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
location /blog/admin {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
try_files $uri $uri/index.php /index.html;
}
location / {
return 301 http://$server_name$request_uri;
}
}
admin/style/
但随后不提供图像。
我查看了日志文件,上面写着:
/var/log/nginx/access.log:
127.0.0.1 - - [25/Apr/2014:15:06:27 +0200] "GET /blog/admin/style/lock.png HTTP/1.1" 403 46 "-" "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit (KHTML, like Gecko) Chrome/32.0"
/var/log/nginx/error.log:
2014/04/25 15:06:27 [error] 23629#0: *404 FastCGI sent in stderr: "Access to the script '/srv/www/blob/blog/admin/style/lock.png' has been denied (see security.limit_extensions)" while reading response header from upstream, client: 127.0.0.1, server: blob.tld, request: "GET /blog/admin/style/lock.png HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000"
鉴于error.log文件,我认为问题来自HTTPS服务器中的第一个位置指令(与HTTP的区别是~ \.php$
)。所以我尝试使精确对称(与\.php$
另一location
条指令中的指令):
server {
listen 443 ssl;
[...]
location /blog/admin/* {
try_files $uri $uri/ $uri/index.php /index.html;
}
location / {
return 301 http://$server_name$request_uri;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
}
}
但是……根本就没有 HTTPS。
我仍然有让图像在 HTTP 中提供服务的解决方案,但这有点令人沮丧:
location /blog/admin/style {
return 301 http://$server_name$request_uri;
}
我有 nginx 1.1.19 和 php 5.3.10 以及 php-fpm。
答案1
您在 https 部分发送的任何原因一切在/blog/admin下到FastCGI?为什么不像 http 部分那样制定专门针对 *.php 的规则?
换句话说,在 http 下你有:
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
}
但在 https 下,你有:
location /blog/admin {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
try_files $uri $uri/index.php /index.html;
}
我想如果你改变/博客/管理到〜/blog/admin/.*\.php$你的问题就可以解决了...