Nginx:图像未通过 HTTPS 提供

tag-icon tag-icon nginx https
Nginx:图像未通过 HTTPS 提供

我的网站上有一个admin/子目录,我希望它位于 HTTPS 中,所以我尝试了以下配置,基于这个:

server {
    listen 80;

    server_name blob.tld;
    root /srv/www/blob;
    index index.php index.html index.htm;

    location /blog/admin/* {
        return 301 https://$server_name$request_uri;
    }

    location / {
        try_files $uri $uri/ $uri/index.php /index.html;
    }

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        include fastcgi_params;
    }
}

server {
    listen 443 ssl;
    server_name blob.tld;

    root /srv/www/blob/;
    index index.php index.html index.htm;

    ssl_certificate /srv/www/blob.tld.pem;
    ssl_certificate_key /srv/www/blob.tld.key;

    ssl_session_timeout 5m;

    ssl_protocols SSLv3 TLSv1;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
    ssl_prefer_server_ciphers on;

    location /blog/admin {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        try_files $uri $uri/index.php /index.html;
    }

    location / {
        return 301 http://$server_name$request_uri;
    }
}

admin/style/但随后不提供图像。

我查看了日志文件,上面写着:

/var/log/nginx/access.log:
127.0.0.1 - - [25/Apr/2014:15:06:27 +0200] "GET /blog/admin/style/lock.png HTTP/1.1" 403 46 "-" "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit (KHTML, like Gecko) Chrome/32.0"

/var/log/nginx/error.log:
2014/04/25 15:06:27 [error] 23629#0: *404 FastCGI sent in stderr: "Access to the script '/srv/www/blob/blog/admin/style/lock.png' has been denied (see security.limit_extensions)" while reading response header from upstream, client: 127.0.0.1, server: blob.tld, request: "GET /blog/admin/style/lock.png HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000"

鉴于error.log文件,我认为问题来自HTTPS服务器中的第一个位置指令(与HTTP的区别是~ \.php$)。所以我尝试使精确对称(与\.php$另一location条指令中的指令):

server {
    listen 443 ssl;
    [...]

    location /blog/admin/* {
        try_files $uri $uri/ $uri/index.php /index.html;
    }

    location / {
        return 301 http://$server_name$request_uri;
    }

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        include fastcgi_params;
    }
}

但是……根本就没有 HTTPS。

我仍然有让图像在 HTTP 中提供服务的解决方案,但这有点令人沮丧:

location  /blog/admin/style {
    return 301 http://$server_name$request_uri;
}

我有 nginx 1.1.19 和 php 5.3.10 以及 php-fpm。

答案1

您在 https 部分发送的任何原因一切在/blog/admin下到FastCGI?为什么不像 http 部分那样制定专门针对 *.php 的规则?

换句话说,在 http 下你有:

location ~ \.php$ {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    include fastcgi_params;
}

但在 https 下,你有:

location /blog/admin {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    include fastcgi_params;
    try_files $uri $uri/index.php /index.html;
}

我想如果你改变/博客/管理〜/blog/admin/.*\.php$你的问题就可以解决了...

相关内容