LEMP 堆栈上的 Nginx 配置:try_files 真的有必要吗?

LEMP 堆栈上的 Nginx 配置:try_files 真的有必要吗?

我在网上读到的每个 LEMP 堆栈 Nginx 配置教程都说你需要将此代码添加到 try_files 指令中

try_files $uri $uri/ /index.php$is_args$args;

但这段代码的问题在于我的自定义 404 页面将不再显示。显然,问题是由于 try_files 回退到 index.php - 但我不喜欢 example.com/nothing/to/see/here 被重定向到主页的行为

如果我将 try_files 指令更改为......

try_files $uri $uri/ =404;

...它完全按照预期运行。我的 PHP 脚本仍可运行,因为我的配置中也有这个:

location ~* \.php$ {
  fastcgi_pass unix:/run/php/php7.2-fpm.sock;
  include         fastcgi_params;
  fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
  fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
}

我的问题是,为什么所有在线教程都坚持:

try_files $uri $uri/ /index.php$is_args$args;        ????

我甚至注释掉了 try_files,我的网站仍然正常运行

#try_files $uri $uri/ /index.php$is_args$args;

考虑到 try_files 在注释掉之后仍能按预期工作,它是否有必要?

我正在尝试组织我的 nginx.conf 和 site.conf 文件,以便在设置新服务器时有一个主文件可以作为工作依据。

完整的 nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 768;
    # multi_accept on;
}

http {
    # Basic Settings
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    server_tokens off;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 128k;
    fastcgi_intercept_errors on;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    # SSL Settings
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;
     # Logging Settings
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    #Gzip Compression
    gzip on;
    gzip_buffers 16 8k;
    gzip_comp_level 6;
    gzip_http_version 1.1;
    gzip_min_length 256;
    gzip_proxied any;
    gzip_vary on;
    gzip_types
      text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml
      text/javascript application/javascript application/x-javascript
      text/x-json application/json application/x-web-app-manifest+json
      text/css text/plain text/x-component
      font/opentype application/x-font-ttf application/vnd.ms-fontobject
      image/x-icon;
    gzip_disable "MSIE [1-6]\.(?!.*SV1)";

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

还有我的完整 site.conf

server {
    listen         80;
    server_name    example.com www.example.com;
    return 301     https://example.com$request_uri;
}

server {
    listen         443;
    server_name    www.example.com;
    ssl            on;
    ssl_certificate_key /etc/sslmate/example.com.key;
    ssl_certificate /etc/sslmate/example.com.chained.crt;
    return 301     https://example.com$request_uri;
}

server {
    listen         443;
    server_name    example.com;
    root           /home/garrett/domains/example.com/public_html;
    access_log     /home/garrett/domains/example.com/logs/access.log;
    error_log      /home/garrett/domains/example.com/logs/error.log;
    index          index.php index.html index;
    error_page     404 /404.php;

    ssl on;
    ssl_certificate_key /etc/sslmate/example.com.key;
    ssl_certificate /etc/sslmate/example.com.chained.crt;

    # Recommended security settings from https://wiki.mozilla.org/Securit/Server_Side_TLS
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES1$
    ssl_prefer_server_ciphers on;
    ssl_dhparam /usr/share/sslmate/dhparams/dh2048-group14.pem;
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:5m;

    # Enable this if you want HSTS (recommended)
    add_header Strict-Transport-Security max-age=15768000;

location / {
     #try_files $uri $uri/ /index.php$is_args$args;
     try_files $uri $uri/ =404;
}
location ~* \.php$ {
     fastcgi_pass unix:/run/php/php7.2-fpm.sock;
     include         fastcgi_params;
     fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
     fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
}

location = /favicon.ico {
     log_not_found off;
     access_log off;
}

location = /robots.txt {
     allow all;
     log_not_found off;
     access_log off;
}

location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
     expires max;
     log_not_found off;
}

}

答案1

此特定调用try_files(以及类似的调用)支持前端控制器模式,其中无论 URL 如何都会调用单个 PHP 文件,因此您设计的 URL 路径可以是任意的(并且对搜索引擎友好)。

听起来你没有使用这种模式,而只是为每个 URL 创建不同的 PHP 文件。只有最简单的程序才应该这样做。现在就停下来,重新设计你的应用程序,趁你还可以轻松做到这一点。

相关内容