nginx 服务器块配置用于同时进行反向代理和提供 php 文件

tag-icon tag-icon nginx
nginx 服务器块配置用于同时进行反向代理和提供 php 文件

我有通过 nginx 反向代理的 icecast2 服务器配置,因为 icecast 不完全支持 ssl。我希望能够反向代理 icecast 提供的文件,同时从同一域名内的另一个位置运行 php。例如,proxiedicecast.org 显示 icecast 提供的文件,在 proxiedicecast.org/status 中我可以提供其他内容。我有适用于 icecast 的默认服务器块配置,但当我尝试从“proxiedicecast.org/status”浏览器访问 php 文件时,只会下载 php 文件而不是执行它们。

server
{
    listen 80;
    server_name proxiedicecast.org;
    index index.php index.html index.htm index.nginx-debian.html;
    location ~ /.well-known {
        allow all;
    }

    location / {
        if ($ssl_protocol = "") {
          rewrite ^ https://$server_name$request_uri? permanent;
        }
    }
    # php
    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    }

    location ~ /\.ht {
        deny all;
    }
}

#### SSL ######################################################

server {
    #ssl on;

    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/proxiedicecast.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/proxiedicecast.org/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

    # Recommended security settings from https://wiki.mozilla.org/Security  /Server_Side_TLS
    # ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ecdh_curve secp384r1;
    # ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:5m;
    ssl_session_tickets off;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8 8.8.4.4 valid=300s;
    resolver_timeout 5s;
    # Enable this if you want HSTS (recommended)
    # With or without preload (without very secure but not recommended)
    #  add_header Strict-Transport-Security "max-age=15768000; includeSubdomains;"
    #  add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload;"
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;

    root /var/www/html;

    server_name proxiedicecast.org;
    location ~ /.well-known {
        allow all;
    }


    location ~ /status {
        root /var/www/html;
        index index.php index.html index.htm index.nginx-debian.html;
        try_files $uri $uri/ =404;
    }

    location / {
        #access_log /var/log/icecast/access_https.log icecast_combined;
        proxy_pass http://127.0.0.1:8000/;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

     # php
    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    }

    location ~ /\.ht {
        deny all;
    }
}

答案1

我建议您将此location块用于您的状态页面:

location /status {
    rewrite ^ /status/index.php last;
}

也就是说,如果您的状态index.php位于/var/www/html/status/index.php

这里不需要使用正则表达式修饰符来location修饰块,因为您不需要匹配*/status*/,以 开头的任何内容的简单前缀匹配/status就足够了。

然后,在location块内,我们将请求重写为index.php,并且 nginx 将开始与重写的 URI 匹配的位置。现在将传递给location ~ \.php$,因为对于同一请求,没有其他冲突的正则表达式匹配。

有关 nginx 如何处理location指令的更多信息,请查看http://nginx.org/en/docs/http/ngx_http_core_module.html#location

相关内容