如果 nginx 中缺少尾部斜杠，请添加

Question 1

我找到了解决方案：我在“location /”块中的“try_files”指令上方添加了以下行：

rewrite ^([^.]*[^/])$ $1/ permanent;

这真是神奇。

Answer

我找到了解决方案：我在“location /”块中的“try_files”指令上方添加了以下行：

rewrite ^([^.]*[^/])$ $1/ permanent;

这真是神奇。

Question 2

这非常非常棘手，因为您必须考虑 URL 中的所有可能性。让我们仔细看看您在此处发布的配置，并在尝试实现您的愿望的同时对其进行优化。我必须更正整个配置，因为它对您的网站包含多个安全风险（配置后继续阅读）。

server {
    server_name    DOMAIN.com;
    return         301 $scheme://www.$server_name$request_uri;
}

server {
    index          index.html index.php;
    listen         80 default;
    root           /var/www;
    server_name    www.DOMAIN.com;

    location / {

        # Hide ALL kind of hidden stuff.
        location ~ /\. {
            return 403;
        }

        # Protect Magento's special directories in document root.
        location ~* ^/(app|includes|lib|media/downloadable|pkginfo|report/config\.xml|var)/? {
            return 403;
        }

        # Directly deliver known file types.
        location ~* \.(css|gif|ico|jpe?g|js(on)?|png|svg|webp)$ {
            access_log      off;
            add_header      Cache-Control   "public";
            add_header      Pragma          "public";
            expires         30d;
            log_not_found   off;
            tcp_nodelay     off;
            try_files       $uri =404;
        }

        # Do not allow direct access to index.php
        location ~* ^(.*)index\.php$ {
            return 301 $1;
        }

        # Extremely risky ... oh boy!
        location ~* \.php/ {
            rewrite ^(.*\.php)/ $1 last;
        }

        # Not direct index.php access and not one of those ultra
        # risky php files with a path appended to their script name,
        # let's try to add a slash if it's missing.
        location ~* ^(.*)[^/]+$ {
            return 301 $1/;
        }

        location ~* \.php$ {
          include          fastcgi_params;
          fastcgi_index    index.php;
          fastcgi_param    PATH_INFO          $fastcgi_path_info;
          fastcgi_param    PATH_TRANSLATED    $document_root$fastcgi_path_info;
          fastcgi_param    SCRIPT_NAME        $fastcgi_script_name;
          fastcgi_param    SCRIPT_FILENAME    $document_root$fastcgi_script_name;
          fastcgi_param    MAGE_RUN_CODE      "default";
          fastcgi_param    MAGE_RUN_TYPE      "store";
          fastcgi_pass     127.0.0.1:9000;

          # Ensure it's an actual PHP file!
          try_files        $uri =404;
        }
    }

    location ^~ /var/export/ {
        auth_basic              "Restricted";
        auth_basic_user_file    htpasswd;
        autoindex               on;
    }
}

重要！重要！重要！重要！

我无法测试此配置，我已尽我所能将其记录下来。请nginx -t在尝试使用reloadnginx 之前执行此操作，如果报告任何错误，请报告。不要，我再说一遍，不要在您的生产站点上测试此配置，并测试您能想到的一切。

Answer

这非常非常棘手，因为您必须考虑 URL 中的所有可能性。让我们仔细看看您在此处发布的配置，并在尝试实现您的愿望的同时对其进行优化。我必须更正整个配置，因为它对您的网站包含多个安全风险（配置后继续阅读）。

server {
    server_name    DOMAIN.com;
    return         301 $scheme://www.$server_name$request_uri;
}

server {
    index          index.html index.php;
    listen         80 default;
    root           /var/www;
    server_name    www.DOMAIN.com;

    location / {

        # Hide ALL kind of hidden stuff.
        location ~ /\. {
            return 403;
        }

        # Protect Magento's special directories in document root.
        location ~* ^/(app|includes|lib|media/downloadable|pkginfo|report/config\.xml|var)/? {
            return 403;
        }

        # Directly deliver known file types.
        location ~* \.(css|gif|ico|jpe?g|js(on)?|png|svg|webp)$ {
            access_log      off;
            add_header      Cache-Control   "public";
            add_header      Pragma          "public";
            expires         30d;
            log_not_found   off;
            tcp_nodelay     off;
            try_files       $uri =404;
        }

        # Do not allow direct access to index.php
        location ~* ^(.*)index\.php$ {
            return 301 $1;
        }

        # Extremely risky ... oh boy!
        location ~* \.php/ {
            rewrite ^(.*\.php)/ $1 last;
        }

        # Not direct index.php access and not one of those ultra
        # risky php files with a path appended to their script name,
        # let's try to add a slash if it's missing.
        location ~* ^(.*)[^/]+$ {
            return 301 $1/;
        }

        location ~* \.php$ {
          include          fastcgi_params;
          fastcgi_index    index.php;
          fastcgi_param    PATH_INFO          $fastcgi_path_info;
          fastcgi_param    PATH_TRANSLATED    $document_root$fastcgi_path_info;
          fastcgi_param    SCRIPT_NAME        $fastcgi_script_name;
          fastcgi_param    SCRIPT_FILENAME    $document_root$fastcgi_script_name;
          fastcgi_param    MAGE_RUN_CODE      "default";
          fastcgi_param    MAGE_RUN_TYPE      "store";
          fastcgi_pass     127.0.0.1:9000;

          # Ensure it's an actual PHP file!
          try_files        $uri =404;
        }
    }

    location ^~ /var/export/ {
        auth_basic              "Restricted";
        auth_basic_user_file    htpasswd;
        autoindex               on;
    }
}

重要！重要！重要！重要！

我无法测试此配置，我已尽我所能将其记录下来。请nginx -t在尝试使用reloadnginx 之前执行此操作，如果报告任何错误，请报告。不要，我再说一遍，不要在您的生产站点上测试此配置，并测试您能想到的一切。

如果 nginx 中缺少尾部斜杠，请添加

答案1

答案2

重要！重要！重要！重要！

相关内容