更新时间:2019.02.28
问题出在我的服务器块中的以下部分:
# Don't use `$uri` here, see https://github.com/yandex/gixy/issues/77
rewrite /wp-admin$ $scheme://$host$request_uri/ permanent;
rewrite ^(/[^/]+)?(/wp-.*) $2 last;
rewrite ^(/[^/]+)?(/.*\.php) $2 last;
}
没有它,一切最终都会按预期进行。问题是,这个是必需的部分运行 Wordpress-Multisite 安装。没有它,就无法使用 wp-admin。
找到问题后 - 有人知道如何解决吗?(除了正常的 Wordpress 安装和通过代理分离论坛,正如下面有人建议的那样)
总结
我在 nginx 根文件夹外创建了一个位置块 (/de/forums/),但 php 被发送到根文件夹内的 php 编译器,因此目录不匹配。它不会将定义的 php 堆栈放入新的位置块中。救命!
位置块 /de/forums/ 有效,但仅适用于文件,不适用于 php。使用 php 时,我收到“文件未找到”消息,因为它使用主根文件夹作为基础,而不是新别名。
而且我无法弄清楚如何强制 nginx 使用具有正确“fastcgi_param SCRIPT_FILENAME $request_filename;”的更具体的 php。
。
以下情况:
带有 php7.2-fpm 的 LEMP 堆栈
在 domain.com 上安装 Wordpress 多站点 - 配置为使用子目录。此域有两个子目录:domain.com/de/ 和 domain.com/en/。您可能已经猜到了博客的不同语言版本。示例页面是 domain.com/en/contact-us,博客文章将是 domain.com/en/this-is-a-blog-1451
因此我们有:
domain.com/de/
domain.com/en/
domain.com/en/contact-us
domain.com/en/this-is-a-blog-1451
我们想补充一点:
domain.com/de/forums/
domain.com/en/forums/
文件夹结构如下:
/var/www/domain.com/
/var/www/domain.com/html/
/var/www/domain.com/html/index.php #(Wordpress)
/var/www/domain.com/forum-de/index.php #(Xenforo)
/var/www/domain.com/forum-en/index.php #(Xenforo)
/var/www/domain.com/logs/
/var/www/domain.com/ssl/
/var/www/domain.com/wp-config.php
因此我们需要为论坛文件夹创建一个位置博客。理论上,更具体的位置块 (/de/forums/) 应优先于一般的 /,因此该块应始终指向论坛而不是 Wordpress。
这是我的完整服务器块 - 并附有您的评论:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name domain.com;
root /var/www/domain.com/html;
error_log /var/www/domain.com/logs/error.log warn;
access_log /var/www/domain.com/logs/access.log;
index index.php;
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
# denies all hidden files
location ~ /\. {
deny all;
}
# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
if (!-e $request_filename) {
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
rewrite ^(/[^/]+)?(/wp-.*) $2 last;
rewrite ^(/[^/]+)?(/.*\.php) $2 last;
}
# indicate locations of SSL key files.
ssl_certificate /var/www/domain.com/ssl/ssl.crt;
ssl_certificate_key /var/www/domain.com/ssl/ssl.key;
# Enable HSTS. This forces SSL on clients that respect it, most modern browsers. The includeSubDomains flag is optional.
# see https://hstspreload.org/
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ecdh_curve X25519:P-256:P-384:P-224:P-521;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
# generate by "openssl dhparam -outform PEM -out dhparam2048.pem 2048"
ssl_dhparam /etc/nginx/ssl/dhparam2048.pem;
#ssl_ecdh_curve secp384r1; SEEMS NOT TO WORK WITH CLOUDFLARE
ssl_prefer_server_ciphers on;
# Enable HSTS. This forces SSL on clients that respect it, most modern browsers. The includeSubDomains flag is optional.
# see https://hstspreload.org/
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
# DO NOT USE!!!!
# DO NOT USEadd_header Public-Key-Pins 'pin-sha256="AKTUELLER-KEY-HASH"; pin-sha256="BACKUP-KEY-HASH"; max-age=31536000; includeSubDomains';
# DO NOT USE!!!!
ssl_session_cache shared:SSL:30m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_session_tickets on;
# generate with "head -c 48 /dev/urandom > /etc/nginx/ssl/nginx_ticketkey"
ssl_session_ticket_key /etc/nginx/ssl/nginx_ticketkey;
ssl_session_timeout 41m;
# resolver conf
resolver 8.8.8.8 8.8.4.4 valid=1200s;
resolver_timeout 5s;
location ~* \.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso)$ {
# gzip_static off;
add_header Access-Control-Allow-Origin *;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
access_log off;
expires 30d;
break;
}
location ~* \.(js)$ {
add_header Access-Control-Allow-Origin *;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
access_log off;
expires 30d;
break;
}
location ~* \.(css)$ {
add_header Access-Control-Allow-Origin *;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
access_log off;
expires 30d;
break;
}
location ~* \.(html|htm|txt)$ {
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
access_log off;
expires 1d;
break;
}
location ~* \.(eot|svg|ttf|woff|woff2)$ {
add_header Access-Control-Allow-Origin *;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
access_log off;
expires 30d;
break;
}
location ^~ /de/forums/ {
alias /var/www/domain.com/forum-de/;
#also tried root
index index.php index.html index.htm;
try_files $uri $uri/ /de/forums/index.php?$uri&$args;
#also tried just /index.php?$uri&$args;
}
location ~ ^/de/forums/(.+\.php)$ {
alias var/www/domain.com/forum-de/;
#also tried root
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
include fastcgi.conf;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
#also tried using the full path here
}
#cloudflare stuff - cut out for shortness sake
set_real_ip_from 103.21.244.0/22;
#many more here
# use any of the following two
real_ip_header CF-Connecting-IP;
#real_ip_header X-Forwarded-For;
location ~ [^/]\.php(/|$) {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi.conf;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 512k;
fastcgi_buffers 512 16k;
fastcgi_busy_buffers_size 1m;
fastcgi_temp_file_write_size 4m;
fastcgi_max_temp_file_size 4m;
fastcgi_intercept_errors off;
}
}
。
我试过:
- 使用位置 php 作为 /de/forums/ 下的子位置
- 使用 root 而不是别名(这是错的,但我很绝望)
- 不使用 fastcgi.conf 链接
- 使用 $request_filename 或 /var/www/domain.com/html/forum-de/$fastcgi_script_name 以及 /var/www/domain.com/html/forum-de$fastcgi_script_name
- 删除 /php 块,仍然没有使用特定于位置 /de/forums/
唯一可行的方法是创建一个实际的文件夹,例如 /var/www/domain.com/html/de/forums/index.php。但是,如果我想访问 /de/ 及其所有页面,由于 try_files,我使用 wordpress 时会得到 404 错误。我可能可以使用 if,但据我所知,不建议这样做。
另外,我可以通过位置博客访问文件(例如 jpg) - 因此位置块可以工作,但 php 不行。
错误消息是文件未找到。因此论坛 phps 被发送到 php 编译器,但我认为,通用根目录和新位置根目录的地址不匹配。我甚至无法访问 phpinfo 文件。
请帮忙!
进一步阅读: (也就是说我在这里找到了有用的东西,但没有解决我的问题)
- https://stackoverflow.com/questions/17808787/file-not-found-when-running-php-with-nginx
- https://stackoverflow.com/questions/42827222/file-not-found-nginx-php-fpm
- 还有更多——因为沮丧而关闭了大多数标签……
正如大多数人所建议的那样,fastcgi_param SCRIPT_FILENAME $request_filename; 应该可以解决我的问题。但是……nginx 只是不使用正确设置 SCRIPT_FILENAME 的 php 位置 - 它一直使用“主”php 位置 /
答案1
看起来这只是错误root
和location
价值观的组合。
改变这个:
location ^~ /de/forums/ { alias /var/www/domain.com/forum-de/; #also tried root index index.php index.html index.htm; try_files $uri $uri/ /de/forums/index.php?$uri&$args; #also tried just /index.php?$uri&$args; }
更改为:
location /de/forums/ { root /var/www/domain.com/forum-de/; index index.php index.html index.htm; try_files $uri $uri/ /de/forum/index.php?$args; }
并将其更改为:
location ~ ^/de/forums/(.+\.php)$ { alias var/www/domain.com/forum-de/; #also tried root fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; include fastcgi.conf; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $request_filename; #also tried using the full path here }
更改为:
location ~ ^/de/forums/(.+\.php)$ { fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; include fastcgi.conf; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param HTTPS on; }
如果上述解决方案适用于 /de/forums/ ,则复制并适应 /en/forums/ 。
额外提示:
如果有更sever
具体的配置需要针对每个应用程序以不同的方式工作,请考虑构建一个解决方案,其中论坛位于反向代理之后,以便它可以拥有自己的 vhost 文件。
该解决方案背后的逻辑是为论坛创建一个单独的 vhost 文件,监听 127.0.0.1:8001(例如),然后在原始 vhost 文件中添加位置 /de/forum 的 proxy_pass 以http://127.0.0.1:8001。
这样,您就可以为论坛提供单独的 vhost 配置。