我的 nginx/php5-fpm 配置出现了一个奇怪的错误。我已经在 owncloud 论坛上发布了这个问题,并询问了 nginx 论坛,但他们也不知道。当我搜索 serverfault 时,关于这个主题的建议并不直接适用于我的问题,因为它们都共享一个错误配置的位置块,而我认为这里的情况并非如此(我直接从 owncloud 文档中获取了配置)。
那么问题是什么?
我的 nginxerror.log充满了这些:
"FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: MY IP, server: MY DOMAIN, request: "GET /core/img/actions/history.svg HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "MY HOSTNAME/DOMAIN", referrer: "MY DOMAIN"
Owncloud 在子目录中运行,/srv/www/owncloud,根目录指向/srv/www。如果我将相同的配置指向根目录/srv/www/owncloud;会导致相同的错误,但这次它显示为:
FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: IP, server: HOSTNAME, request: "GET /owncloud/owncloud/status.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "HOSTNAME"
注意重复的“owncloud”路径...php 正在寻找的文件位于 /srv/www/owncloud/status.php(也可能是上述错误中的 .gif,它有点随机),而不是 /owncloud/owncloud...但是当我将文档根目录恢复为 /src/www 时,php 完全省略了 /owncloud 路径!这让我很抓狂...
我的 nginx 配置如下:
user nginx;
worker_processes auto;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
multi_accept on;
use epoll;
}
http {
include /etc/nginx/sites-enabled/*;
include mime.types;
default_type application/octet-stream;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
}
还有我的 owncloud-站点配置:
upstream php-handler {
server unix:/var/run/php5-fpm.sock;
}
server {
listen MY IP:4433 ssl;
server_name MY DOMAIN;
ssl_certificate /etc/ssl/owncloud/owncloud_full.crt;
ssl_certificate_key /etc/ssl/owncloud/owncloud.key;
ssl_dhparam /etc/ssl/owncloud/dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/ssl/owncloud/comodo_full_chain.pem;
resolver DNS SERVERS valid=300s;
resolver_timeout 10s;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_trusted_certificate /etc/ssl/owncloud/comodo_full_chain.pem;
resolver 95.129.51.51 80.244.244.244 valid=300s;
resolver_timeout 10s;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers *LIST OF SECURE CIPHERS*;
ssl_session_timeout 10m;
ssl_session_cache off;
ssl_session_tickets on;
ssl_session_ticket_key /etc/nginx/ticketkey;
# Add headers to serve security related headers
add_header Strict-Transport-Security 'max-age=15768000; includeSubDomains; preload' always;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
# Path to the root of your installation
root /srv/www;
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
rewrite ^/.well-known/carddav /remote.php/carddav/ permanent;
rewrite ^/.well-known/caldav /remote.php/caldav/ permanent;
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
rewrite ^/.well-known/carddav /remote.php/carddav/ permanent;
rewrite ^/.well-known/caldav /remote.php/caldav/ permanent;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location / {
rewrite ^/remote/(.*) /remote.php last;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
try_files $uri $uri/ =404;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the location ~ \.php(?:$|/) { block
location ~* \.(?:css|js)$ {
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
access_log off;
}
}
如果你们当中有人有想法,我会很高兴。
我的环境是:Ubuntu 14.04 VPS、nginx 1.9.11、PHP5-FPM(Ubuntu 最新版本),apparmor 已关闭(遇到此错误时将其关闭),/srv 中的文件可供 nginx 用户读取,我甚至更改了它们的所有者以解决此错误,但不起作用。php 中的 Open_basedir 不起作用(无论如何都包括所有相关位置,但关闭时不会解决错误)。
答案1
我想知道 svg 请求是否已发送到 PHP。尝试将您的最后位置更改为此
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf|svg)$ {
access_log off;
}
我怀疑的原因是这个块,它将所有对 / 的请求发送到 PHP,这可能是不必要的
location ~ \.php(?:$|/) {
如果这没有帮助,你想知道请求正在通过哪个位置块。将类似这样的内容添加到每个位置块,然后使用以下代码查看请求/响应:实时 HTTP 标头和 Firefox(或 curl,我认为是“curl -i”来获取标题,但我可能错了)
location (whatever) {
add_header Z_LOCATION "DESCRIBE LOCATION";
}