![Drupal 9.3 中的私有文件存储区域设置 ($settings['file_private_path'] =)](https://linux22.com/image/773489/Drupal%209.3%20%E4%B8%AD%E7%9A%84%E7%A7%81%E6%9C%89%E6%96%87%E4%BB%B6%E5%AD%98%E5%82%A8%E5%8C%BA%E5%9F%9F%E8%AE%BE%E7%BD%AE%20(%24settings%5B'file_private_path'%5D%20%3D).png)
我使用 Drupal 9.3,并在根目录外创建了一个私人文件夹。我按照文档[关联]并在 drupal 中的 settings.php 文件中添加以下行:
$settings['file_private_path'] = '../private';
私人文件存在于我的网络根目录之外,如下所示:/var/www/example.com/private网络根目录位于/var/www/example.com/html。
我正在使用 nginx,我想确保我已经正确保护了私有文件。为此,我添加了此块:
location ^~ {
internal;
alias /var/www/example.com/private;
}
这是正确的吗?我是否已正确保护私人文件/文件夹?文档中提到了这一点:请注意,非 Apache Web 服务器可能需要额外的配置来保护私有文件目录。
我的完整Nginx虚拟主机(即配置文件)如下:
server {
root /var/www/example.com/html;
index index.html index.htm index.nginx-debian.html index.php;
server_name example.com www.example.com;
location / {
try_files $uri $uri/ /index.php?$args;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
location ^~ {
internal;
alias /var/www/example.com/private;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name example.com www.example.com;
return 404; # managed by Certbot
}
答案1
经过彻底的测试,我可以确认在这种情况下不需要添加块来限制对私人文件的访问,因为访问已被限制并返回 404。如果您仍然想添加一个块来限制对此私人文件夹的访问(如上所述),我测试了下面的方法并且有效。您可以使用或root两者alias同时有效:
## Secure access to private files
location ^~ /private {
# alias /var/www/example.com; ## This option also works
root /var/www/example.com;
internal;
}
应该从上面的块中删除它,因为它不正确并且没有任何效果:
location ^~ {
internal;
alias /var/www/example.com/private;
}