donglvchu9143 2013-08-29 11:16
浏览 111
已采纳

PHP无法在location指令中工作

I've set up a test Virtualbox/Debian Wheezy7.1 machine with a bare net-install machine + nginx + php-fpm

I've got SSL, php , basic_auth and allow/deny to work on a server level.

However, If i want the auth stuff to be for one path only, the auth works, but the PHP stuff does not (the index.php gets downloaded in the web browser)

I know it has something to do with how nginx matches location directives, but i'm not sure what it is...

Here is my config file:

server {
       listen         80;
       server_name    www.test.com;
       rewrite        ^ https://$server_name$request_uri? permanent;
}



# HTTPS server

server
{
    listen 443;
    server_name www.test.com;

    root /srv/vhosts/www.test.com/html;
    index index.php ;

    ssl on;
    ssl_certificate /etc/nginx/certs/STAR.test.com.crt;
    ssl_certificate_key /etc/nginx/certs/STAR.test.com.key;

    ssl_session_timeout 5m;

    ssl_protocols SSLv3 TLSv1;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
    ssl_prefer_server_ciphers on;


    location / {
        try_files $uri $uri/ =404;
    }
        location ~ \.php$ {
                try_files $uri =404;
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini

                # With php5-fpm:
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                include fastcgi_params;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        location ~ /\.ht {
                deny all;
        }   

    location ^~ /testdir/ {
        auth_basic "gib login";
        auth_basic_user_file /etc/nginx/htpasswd/www.test.com.htpasswd;
        allow 192.168.1.3;   # my workstation ip
        deny all;
    }
}

Edit: Look at first comment, thanks!

  • 写回答

1条回答 默认 最新

  • doudilin1225 2013-08-29 21:26
    关注

    According to the nginx documentation, the order of location directives matters.

    To determine which location directive matches a particular query, the literal strings are checked first. Literal strings match the beginning portion of the query - the most specific match will be used. Afterwards, regular expressions are checked in the order defined in the configuration file. The first regular expression to match the query will stop the search. If no regular expression matches are found, the result from the literal string search is used.

    Try organizing your location directives so that the directory you want to protect comes first, followed by PHP, followed by your try__files directive. I did a quick test on my system and structuring the location blocks in the following order allowed testdir to be protected and for index.php to still be executed.

    location ^~ /testdir/ {
    auth_basic "gib login";
    auth_basic_user_file /etc/nginx/htpasswd/www.test.com.htpasswd;
    allow 192.168.1.3;   # my workstation ip
    deny all;
}

location ~ \.php$ {

}

location ~ / {
    try_files $uri $uri/ 404;
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 delphi webbrowser组件网页下拉菜单自动选择问题
  • ¥15 wpf界面一直接收PLC给过来的信号,导致UI界面操作起来会卡顿
  • ¥15 init i2c:2 freq:100000[MAIXPY]: find ov2640[MAIXPY]: find ov sensor是main文件哪里有问题吗
  • ¥15 运动想象脑电信号数据集.vhdr
  • ¥15 三因素重复测量数据R语句编写,不存在交互作用
  • ¥15 微信会员卡等级和折扣规则
  • ¥15 微信公众平台自制会员卡可以通过收款码收款码收款进行自动积分吗
  • ¥15 随身WiFi网络灯亮但是没有网络,如何解决?
  • ¥15 gdf格式的脑电数据如何处理matlab
  • ¥20 重新写的代码替换了之后运行hbuliderx就这样了