FastCGI 在 stderr 中发送:“主要脚本未知”+ Owncloud

FastCGI 在 stderr 中发送:“主要脚本未知”+ Owncloud

我的 nginx/php5-fpm 配置出现了一个奇怪的错误。我已经在 owncloud 论坛上发布了这个问题,并询问了 nginx 论坛,但他们也不知道。当我搜索 serverfault 时,关于这个主题的建议并不直接适用于我的问题,因为它们都共享一个错误配置的位置块,而我认为这里的情况并非如此(我直接从 owncloud 文档中获取了配置)。

那么问题是什么?

我的 nginxerror.log充满了这些:

"FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: MY IP, server: MY DOMAIN, request: "GET /core/img/actions/history.svg HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "MY HOSTNAME/DOMAIN", referrer: "MY DOMAIN"

Owncloud 在子目录中运行,/srv/www/owncloud,根目录指向/srv/www。如果我将相同的配置指向根目录/srv/www/owncloud;会导致相同的错误,但这次它显示为:

FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: IP, server: HOSTNAME, request: "GET /owncloud/owncloud/status.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "HOSTNAME"

注意重复的“owncloud”路径...php 正在寻找的文件位于 /srv/www/owncloud/status.php(也可能是上述错误中的 .gif,它有点随机),而不是 /owncloud/owncloud...但是当我将文档根目录恢复为 /src/www 时,php 完全省略了 /owncloud 路径!这让我很抓狂...

我的 nginx 配置如下:

user  nginx;
worker_processes auto;

pid /var/run/nginx.pid;

events {
    worker_connections 1024;
    multi_accept on;
    use epoll;
}


http {
    include /etc/nginx/sites-enabled/*;
    include mime.types;
    default_type application/octet-stream;

    error_log /var/log/nginx/error.log;
    access_log /var/log/nginx/access.log;

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
}

还有我的 owncloud-站点配置:

upstream php-handler {
    server unix:/var/run/php5-fpm.sock;
}

server {
    listen MY IP:4433 ssl;
    server_name MY DOMAIN;

    ssl_certificate /etc/ssl/owncloud/owncloud_full.crt;
    ssl_certificate_key /etc/ssl/owncloud/owncloud.key;
    ssl_dhparam /etc/ssl/owncloud/dhparam.pem;

    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/ssl/owncloud/comodo_full_chain.pem;
    resolver DNS SERVERS valid=300s;
    resolver_timeout 10s;

    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_prefer_server_ciphers on;
    ssl_trusted_certificate /etc/ssl/owncloud/comodo_full_chain.pem;
    resolver 95.129.51.51 80.244.244.244 valid=300s;
    resolver_timeout 10s;

    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_ciphers *LIST OF SECURE CIPHERS*;

    ssl_session_timeout 10m;
    ssl_session_cache off;
    ssl_session_tickets on;
    ssl_session_ticket_key /etc/nginx/ticketkey;

    # Add headers to serve security related headers
  add_header Strict-Transport-Security 'max-age=15768000; includeSubDomains; preload' always;
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;

    # Path to the root of your installation
    root /srv/www;

    # set max upload size
    client_max_body_size 10G;
    fastcgi_buffers 64 4K;

    # Disable gzip to avoid the removal of the ETag header
    gzip off;

    index index.php;
    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;

    rewrite ^/.well-known/carddav /remote.php/carddav/ permanent;
    rewrite ^/.well-known/caldav /remote.php/caldav/ permanent;

    # set max upload size
    client_max_body_size 10G;
    fastcgi_buffers 64 4K;

    # Disable gzip to avoid the removal of the ETag header
    gzip off;

    index index.php;
    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;

    rewrite ^/.well-known/carddav /remote.php/carddav/ permanent;
    rewrite ^/.well-known/caldav /remote.php/caldav/ permanent;

location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
}

location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
    deny all;
}

location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
    deny all;
}

location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
}

location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
    deny all;
}

location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
    deny all;
}

location / {

    rewrite ^/remote/(.*) /remote.php last;
    rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
    try_files $uri $uri/ =404;
}

location ~ \.php(?:$|/) {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param HTTPS on;
    fastcgi_param modHeadersAvailable true;
    fastcgi_pass php-handler;
    fastcgi_intercept_errors on;
}

# Adding the cache control header for js and css files
# Make sure it is BELOW the location ~ \.php(?:$|/) { block

location ~* \.(?:css|js)$ {
    add_header Cache-Control "public, max-age=7200";
    # Add headers to serve security related headers
    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    # Optional: Don't log access to assets
    access_log off;
}


location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
    access_log off;
}
}    

如果你们当中有人有想法,我会很高兴。

我的环境是:Ubuntu 14.04 VPS、nginx 1.9.11、PHP5-FPM(Ubuntu 最新版本),apparmor 已关闭(遇到此错误时将其关闭),/srv 中的文件可供 nginx 用户读取,我甚至更改了它们的所有者以解决此错误,但不起作用。php 中的 Open_basedir 不起作用(无论如何都包括所有相关位置,但关闭时不会解决错误)。

答案1

我想知道 svg 请求是否已发送到 PHP。尝试将您的最后位置更改为此

location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf|svg)$ {
  access_log off;
}

我怀疑的原因是这个块,它将所有对 / 的请求发送到 PHP,这可能是不必要的

location ~ \.php(?:$|/) {

如果这没有帮助,你想知道请求正在通过哪个位置块。将类似这样的内容添加到每个位置块,然后使用以下代码查看请求/响应:实时 HTTP 标头和 Firefox(或 curl,我认为是“curl -i”来获取标题,但我可能错了)

location (whatever) {
  add_header Z_LOCATION "DESCRIBE LOCATION";
}

相关内容