出于安全考虑,它有好处cgi.fix_pathinfo=0.Symfony将与它互助不用担心.
php块是主要的部分.
location ~ \.php$ 这意味着如果uri以".php"结尾,它将被通报给php.现在如果有一个图像并且一些攻击者用它添加".php",启用了fix_pathinfo它将被通报给php处理程序并且可以在做事器中实行任意代码.以是我建议你添加cgi.fix_pathinfo=0php.ini并fastcgi_split_path_info ^(.+\.php)(/.+)$;从nginx中删除.
我用于symfony2的配置是,
server { listen 80; server_name projectname.local; root /Users/sarim/Sites/php55/projectname/web; index app_dev.php index.html index.htm; location / { try_files $uri $uri/ /app_dev.php?$args; } location ~ ^/(app|app_dev|config)\.php(/|$) { fastcgi_pass unix:/usr/local/var/run/php55.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; }}
在这里检讨location /块.try_files $ uri $ uri /确保供应静态文件.然后如果它不是静态文件,则通报给/app_dev.php.
现在检讨php位置块,只能访问app或app_dev或config.php.没有任意文件实行.现在主要的fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;路线.它该当始终是$ document_root $ fastcgi_script_name.这样php可以找到该文件.
常见的Nginx + PHP缺点“未指定输入文件。”
nginx.conf
http { include mime.types; default_type application/octet-stream; server { listen 80; server_name localhost; location / { root www; index index.html index.htm; } location ~ \.php$ {fastcgi_pass 127.0.0.1:9999;fastcgi_index index.php;fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;include fastcgi_params;} } }
经由Nginx 1.12.1 + PHP 7.1测试
解PHP无法找到要实行的.php文件,由于location / {}中的根文件路径不适用于location ~ \.php$ 。
要办理此问题,请将根文件路径移动到做事器块,如下所示:
nginx.conf
http { include mime.types; default_type application/octet-stream; server { listen 80; server_name localhost; # Move the root file path to server block.root www; location / {#root www; index index.html index.htm; } location ~ \.php$ {fastcgi_pass 127.0.0.1:9999;fastcgi_index index.php;fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;include fastcgi_params;} } }
