douningzhi1991
2015-02-19 02:47
浏览 106
已采纳

在Nginx / php-fpm上启用HTTPS后,无法执行PHP文件

I am enabling HTTPS on Nginx/php-fpm server, the server still running well but i can't access php file, it'll be downloaded instead of running it, and if i disabling HTTPS block then the php files can be accessible. I'm new to HTTPS and this is the first time i have an SSL certificate so i want to setup to my server. any idea ?

My /etc/nginx/nginx.conf:

user www-data;
worker_processes 1;
pid /run/nginx.pid;

worker_rlimit_nofile 10240;
events {
        use epoll;
        worker_connections 10240;
        # multi_accept on;
}
timer_resolution 500ms;

http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        server_tokens off;

        client_header_buffer_size 64;
        client_max_body_size 6m;

        server_names_hash_bucket_size 64;
        server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

    output_buffers 1 32k;
    postpone_output 1460;

    open_file_cache max=1000 inactive=20s;
    open_file_cache_valid 30s;
    open_file_cache_min_uses 2;
    open_file_cache_errors on;


    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 32k;
    fastcgi_buffers 4 32k;
    fastcgi_busy_buffers_size 32k;
    fastcgi_temp_file_write_size 32k;

    ##
    # Gzip Settings
    ##

    gzip on;
    gzip_disable "MSIE [1-6]\.(?!.*SV1)";
    gzip_proxied expired no-cache no-store private auth;
    gzip_min_length 0;
    gzip_comp_level 2;
    gzip_buffers 4 16k;
    gzip_http_version 1.1;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;


    proxy_cache_path  /var/lib/nginx/cache  levels=1:2   keys_zone=staticfilecache:80m inactive=1d  max_size=2500m;
    proxy_temp_path /var/lib/nginx/proxy;
    proxy_connect_timeout 300;
    proxy_read_timeout 120;
    proxy_send_timeout 120;
    proxy_buffer_size  16k;
    proxy_buffers      4 16k;
    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

This is my /etc/nginx/sites-available/default:

server {
        listen 80 default_server;
        # listen [::]:80 default_server ipv6only=on;

        root /usr/share/nginx/html;
        index index.php index.html index.htm;

        # Make site accessible from http://localhost/
        server_name repodev.com;
        return 301 https://$host$request_uri; #rewrite http to https

        location / {
               try_files $uri $uri/ =404;
        }

        error_page 404 /404.html;

        # redirect server error pages to the static page /50x.html
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
                root /usr/share/nginx/html;
        }

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000

        location ~ \.php$ {
                try_files $uri =404;
        #       fastcgi_split_path_info ^(.+\.php)(/.+)$;
        #       # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
        #
        #       # With php5-cgi alone:
        #       fastcgi_pass 127.0.0.1:9000;

        #       # With php5-fpm:
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
        }
        location ~ /\.ht {
                deny all;
        }
}

cgi.fix_pathinfo = 0 has been set on /etc/php5/fpm/php.ini, and this is my SSL configuration file, /etc/nginx/conf.d/ssl.conf:

server {
       listen 443 default_server ssl;
       server_name repodev.com;

       ssl_certificate /etc/ssl/unified.crt;
       ssl_certificate_key /etc/ssl/my-private-decrypted.key;

       ssl_session_cache shared:SSL:10m;
       ssl_session_timeout 10m;
       keepalive_timeout 70;

       ssl_prefer_server_ciphers on;
       ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNU$
       ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

       location / {
               root /usr/share/nginx/html;
               index index.php index.html index.htm;
       }

}
  • 写回答
  • 好问题 提建议
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • down_load1117 2015-02-19 02:51
    已采纳

    Please understand, that the SSL server is a completely separate object from the non-SSL one. This means, that you have to add the location ~ \.php$ { ... } block to the SSL version, if you want it to use PHP, it is not inherited from the non-SSL server.

    EDIT

    THis is ofcourse also true for your error_page and everything else.

    已采纳该答案
    评论
    解决 无用
    打赏 举报

相关推荐 更多相似问题