我有一个 API 服务器,它将所有流量传输到 index.php 脚本,该脚本使用 PHP$_SERVER['REQUEST_URI']变量来解释 URL 并提供正确的响应。
这对于所有事情都完美无缺,除了我有一个脚本,它临时为未经身份验证的端点提供文件供公众使用。因此浏览器正确地解释了文件数据,文件扩展名包含在 URL 的末尾。
两个例子:
示例 1
此请求通过管道传输到$server_root/index.php,PHP 脚本从 S3 提取文件数据,并使用正确的 mime 类型标头传输二进制数据。浏览器启动下载,一切正常。(这对 .doc 和 .pdf 文件也有效)
示例 2
此 JPEG 文件无法正确提供,而是显示 NGINX 生成的 404 页面。经过一些测试,我确定 NGINX 未将请求传输到$server_root/index.php
NGINX 配置
主要配置
server {
listen 80;
server_name myapi.com;
set_real_ip_from 0.0.0.0/0;
real_ip_header CF-Connecting-IP;
index index.php index.html index.htm;
access_log /var/log/nginx/myapi.com_access.log;
error_log /var/log/nginx/myapi.com_error.log;
root /var/www/vhosts/myapi.com/public;
client_max_body_size 25m;
include /etc/nginx/conf/include_template.conf;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload";
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "no-referrer";
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ .php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param HTTPS 'on';
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_read_timeout 1800;
fastcgi_connect_timeout 1800;
fastcgi_send_timeout 1800;
proxy_read_timeout 1800;
proxy_connect_timeout 1800;
proxy_send_timeout 1800;
send_timeout 1800;
include fastcgi_params;
}
}
/etc/nginx/conf/include_template.conf
include /etc/nginx/conf/gzip.conf;
include /etc/nginx/conf/restrictions.conf;
include /etc/nginx/conf/cors.conf;
include /etc/nginx/conf/browsercache.conf;
/etc/nginx/conf/gzip.conf
# Enable Gzip compression.
gzip on;
# Disable Gzip on IE6.
gzip_disable "msie6";
# Allow proxies to cache both compressed and regular version of file.
# Avoids clients that don't support Gzip outputting gibberish.
gzip_vary on;
# Compress data, even when the client connects through a proxy.
gzip_proxied any;
# The level of compression to apply to files. A higher compression level increases
# CPU usage. Level 5 is a happy medium resulting in roughly 75% compression.
gzip_comp_level 5;
# The minimum HTTP version of a request to perform compression.
gzip_http_version 1.1;
# Don't compress files smaller than 256 bytes, as size reduction will be negligible.
gzip_min_length 256;
# Compress the following MIME types.
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
# text/html is always compressed when enabled.
/etc/nginx/conf/restrictions.conf
location /.git { deny all; }
location /.htaccess { deny all; }
location /.htpasswd { deny all; }
location /.user.ini { deny all; }
location ~ ^/\. { deny all; }
location ~ ~$ { deny all; }
location ~* \.sql { deny all; }
location ~* config\.json { deny all; }
#if ($request_method !~ ^(GET|HEAD|POST)$ )
#if ($request_method !~ ^(GET|HEAD|POST|PUT|DELETE|OPTIONS)$ )
#{
# return 405;
#}
/etc/nginx/conf/cors.conf
location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff|woff2)$ {
add_header Access-Control-Allow-Origin "*";
expires 8d;
}
/etc/nginx/conf/browsercache.conf
location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
expires 7d;
}
问题
我如何修改我的配置以便将每个请求(包括图像文件扩展名)传送到 index.php?