Nginx 没有选择正确的 php-stack 位置

Nginx 没有选择正确的 php-stack 位置

更新时间:2019.02.28

问题出在我的服务器块中的以下部分:

        # Don't use `$uri` here, see https://github.com/yandex/gixy/issues/77
        rewrite /wp-admin$ $scheme://$host$request_uri/ permanent;
        rewrite ^(/[^/]+)?(/wp-.*) $2 last;
        rewrite ^(/[^/]+)?(/.*\.php) $2 last;
    }

没有它,一切最终都会按预期进行。问题是,这个是必需的部分运行 Wordpress-Multisite 安装。没有它,就无法使用 wp-admin。

找到问题后 - 有人知道如何解决吗?(除了正常的 Wordpress 安装和通过代理分离论坛,正如下面有人建议的那样)

总结

我在 nginx 根文件夹外创建了一个位置块 (/de/forums/),但 php 被发送到根文件夹内的 php 编译器,因此目录不匹配。它不会将定义的 php 堆栈放入新的位置块中。救命!

位置块 /de/forums/ 有效,但仅适用于文件,不适用于 php。使用 php 时,我收到“文件未找到”消息,因为它使用主根文件夹作为基础,而不是新别名。

而且我无法弄清楚如何强制 nginx 使用具有正确“fastcgi_param SCRIPT_FILENAME $request_filename;”的更具体的 php。

以下情况:

带有 php7.2-fpm 的 LEMP 堆栈

在 domain.com 上安装 Wordpress 多站点 - 配置为使用子目录。此域有两个子目录:domain.com/de/ 和 domain.com/en/。您可能已经猜到了博客的不同语言版本。示例页面是 domain.com/en/contact-us,博客文章将是 domain.com/en/this-is-a-blog-1451

因此我们有:

domain.com/de/
domain.com/en/
domain.com/en/contact-us
domain.com/en/this-is-a-blog-1451

我们想补充一点:

domain.com/de/forums/
domain.com/en/forums/

文件夹结构如下:

/var/www/domain.com/
/var/www/domain.com/html/
/var/www/domain.com/html/index.php #(Wordpress)
/var/www/domain.com/forum-de/index.php #(Xenforo)
/var/www/domain.com/forum-en/index.php #(Xenforo)
/var/www/domain.com/logs/
/var/www/domain.com/ssl/
/var/www/domain.com/wp-config.php

因此我们需要为论坛文件夹创建一个位置博客。理论上,更具体的位置块 (/de/forums/) 应优先于一般的 /,因此该块应始终指向论坛而不是 Wordpress。

这是我的完整服务器块 - 并附有您的评论:

server {

listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name domain.com;

root /var/www/domain.com/html;
error_log /var/www/domain.com/logs/error.log warn;
access_log /var/www/domain.com/logs/access.log;
index index.php;

location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
    expires max;
    log_not_found off;
}
# denies all hidden files
location ~ /\. {
    deny all;
}
# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
    deny all;
}

add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";



    location / {
            # This is cool because no php is touched for static content.
            # include the "?$args" part so non-default permalinks doesn't break when using query string
            try_files $uri $uri/ /index.php?$args;
    }

    if (!-e $request_filename) {
    rewrite /wp-admin$ $scheme://$host$uri/ permanent;  
    rewrite ^(/[^/]+)?(/wp-.*) $2 last;                     
    rewrite ^(/[^/]+)?(/.*\.php) $2 last;                   
    }




# indicate locations of SSL key files.
ssl_certificate /var/www/domain.com/ssl/ssl.crt;
ssl_certificate_key /var/www/domain.com/ssl/ssl.key;

# Enable HSTS. This forces SSL on clients that respect it, most modern browsers. The includeSubDomains flag is optional.
# see https://hstspreload.org/
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ecdh_curve X25519:P-256:P-384:P-224:P-521;

ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';


# generate by "openssl dhparam -outform PEM -out dhparam2048.pem 2048"
ssl_dhparam /etc/nginx/ssl/dhparam2048.pem;
#ssl_ecdh_curve secp384r1; SEEMS NOT TO WORK WITH CLOUDFLARE
ssl_prefer_server_ciphers on;

# Enable HSTS. This forces SSL on clients that respect it, most modern browsers. The includeSubDomains flag is optional.
# see https://hstspreload.org/
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

# DO NOT USE!!!!
# DO NOT USEadd_header Public-Key-Pins 'pin-sha256="AKTUELLER-KEY-HASH"; pin-sha256="BACKUP-KEY-HASH"; max-age=31536000; includeSubDomains';
# DO NOT USE!!!!


ssl_session_cache shared:SSL:30m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_session_tickets on;
# generate with "head -c 48 /dev/urandom > /etc/nginx/ssl/nginx_ticketkey"
ssl_session_ticket_key /etc/nginx/ssl/nginx_ticketkey;
ssl_session_timeout 41m;


# resolver conf
resolver 8.8.8.8 8.8.4.4 valid=1200s;
resolver_timeout 5s;



    location ~* \.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso)$ {
        # gzip_static off;
        add_header Access-Control-Allow-Origin *;
        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
        access_log off;
        expires 30d;
        break;
    }

    location ~* \.(js)$ {
        add_header Access-Control-Allow-Origin *;
        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
        access_log off;
        expires 30d;
        break;
    }

    location ~* \.(css)$ {
        add_header Access-Control-Allow-Origin *;
        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
        access_log off;
        expires 30d;
        break;
    }

    location ~* \.(html|htm|txt)$ {
        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
        access_log off;
        expires 1d;
        break;
    }

    location ~* \.(eot|svg|ttf|woff|woff2)$ {
        add_header Access-Control-Allow-Origin *;
        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
        access_log off;
        expires 30d;
        break;
    }   




    location ^~ /de/forums/ {
        alias /var/www/domain.com/forum-de/;
        #also tried root
        index index.php index.html index.htm;
        try_files $uri $uri/ /de/forums/index.php?$uri&$args;
          #also tried just /index.php?$uri&$args;


    }

location ~  ^/de/forums/(.+\.php)$ { 
    alias var/www/domain.com/forum-de/; 
     #also tried root    
    fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
    include fastcgi.conf;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME  $request_filename;
    #also tried using the full path here
}   


#cloudflare stuff - cut out for shortness sake
set_real_ip_from 103.21.244.0/22;
#many more here

# use any of the following two
real_ip_header CF-Connecting-IP;
#real_ip_header X-Forwarded-For;



    location ~ [^/]\.php(/|$)  {
        #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
        include fastcgi.conf;
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        fastcgi_index index.php;

        fastcgi_connect_timeout 60;
        fastcgi_send_timeout 180;
        fastcgi_read_timeout 180;
        fastcgi_buffer_size 512k;
        fastcgi_buffers 512 16k;
        fastcgi_busy_buffers_size 1m;
        fastcgi_temp_file_write_size 4m;
        fastcgi_max_temp_file_size 4m;
        fastcgi_intercept_errors off;


}

}

我试过:

  • 使用位置 php 作为 /de/forums/ 下的子位置
  • 使用 root 而不是别名(这是错的,但我很绝望)
  • 不使用 fastcgi.conf 链接
  • 使用 $request_filename 或 /var/www/domain.com/html/forum-de/$fastcgi_script_name 以及 /var/www/domain.com/html/forum-de$fastcgi_script_name
    • 删除 /php 块,仍然没有使用特定于位置 /de/forums/

唯一可行的方法是创建一个实际的文件夹,例如 /var/www/domain.com/html/de/forums/index.php。但是,如果我想访问 /de/ 及其所有页面,由于 try_files,我使用 wordpress 时会得到 404 错误。我可能可以使用 if,但据我所知,不建议这样做。

另外,我可以通过位置博客访问文件(例如 jpg) - 因此位置块可以工作,但 php 不行。

错误消息是文件未找到。因此论坛 phps 被发送到 php 编译器,但我认为,通用根目录和新位置根目录的地址不匹配。我甚至无法访问 phpinfo 文件。

请帮忙!

进一步阅读: (也就是说我在这里找到了有用的东西,但没有解决我的问题)

正如大多数人所建议的那样,fastcgi_param SCRIPT_FILENAME $request_filename; 应该可以解决我的问题。但是……nginx 只是不使用正确设置 SCRIPT_FILENAME 的 php 位置 - 它一直使用“主”php 位置 /

答案1

看起来这只是错误rootlocation价值观的组合。

  1. 改变这个:

    location ^~ /de/forums/ {
        alias /var/www/domain.com/forum-de/;
        #also tried root
        index index.php index.html index.htm;
        try_files $uri $uri/ /de/forums/index.php?$uri&$args;
          #also tried just /index.php?$uri&$args;
    
    
    }
    

    更改为:

    location /de/forums/ {
        root /var/www/domain.com/forum-de/;
        index index.php index.html index.htm;
        try_files $uri $uri/ /de/forum/index.php?$args;
    }
    
  2. 并将其更改为:

    location ~ ^/de/forums/(.+\.php)$ { 
        alias var/www/domain.com/forum-de/; 
         #also tried root    
        fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        include fastcgi.conf;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $request_filename;
        #also tried using the full path here
    }
    

    更改为:

    location ~ ^/de/forums/(.+\.php)$ { 
        fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        include fastcgi.conf;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME    $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO          $fastcgi_path_info;
        fastcgi_param HTTPS on;
    }
    
  3. 如果上述解决方案适用于 /de/forums/ ,则复制并适应 /en/forums/ 。

额外提示:

如果有更sever具体的配置需要针对每个应用程序以不同的方式工作,请考虑构建一个解决方案,其中论坛位于反向代理之后,以便它可以拥有自己的 vhost 文件。

该解决方案背后的逻辑是为论坛创建一个单独的 vhost 文件,监听 127.0.0.1:8001(例如),然后在原始 vhost 文件中添加位置 /de/forum 的 proxy_pass 以http://127.0.0.1:8001

这样,您就可以为论坛提供单独的 vhost 配置。

相关内容