3.1.10升级3.2后,faq部分access denied
发表于 : 2017年2月3日 15:13
3.1.10升级3.2后,faq部分access denied
之前3.1.10的时候一切正常(php5.3)
网站 http://h2dp.com
环境:linux, 已升级php7.1,nginx
之前3.1.10的时候一切正常(php5.3)
网站 http://h2dp.com
环境:linux, 已升级php7.1,nginx
代码: 全选
location /app.php {
try_files $uri $uri/ /app.php?$query_string;
}
已经加了,但是似乎没有用
代码: 全选
server {
listen 80;
listen 443 ssl http2;
ssl_certificate /usr/local/nginx/conf/ssl/h2dp.com.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/h2dp.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_buffer_size 1400;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
server_name h2dp.com www.h2dp.com;
access_log off;
index index.html index.htm index.php;
include /usr/local/nginx/conf/rewrite/h2dp.conf;
root /data/wwwroot/h2dp.com;
if ($ssl_protocol = "") { return 301 https://$host$request_uri; }
#error_page 404 = /404.html;
#error_page 502 = /502.html;
if ($host != h2dp.com) {
rewrite ^/(.*)$ $scheme://h2dp.com/$1 permanent;
}
location ~ .*\.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv|mp4)$ {
valid_referers none blocked *.h2dp.com h2dp.com www.h2dp.com;
if ($invalid_referer) {
#rewrite ^/ http://www.example.com/403.html;
return 403;
}
}
location ~ [^/]\.php(/|$) {
#fastcgi_pass remote_php_ip:9000;
fastcgi_pass unix:/dev/shm/php-cgi.sock;
fastcgi_index index.php;
}
location /app.php {
try_files $uri $uri/ /app.php?$query_string;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
expires 30d;
access_log off;
}
location ~ .*\.(js|css)?$ {
expires 7d;
access_log off;
}
location ~ /\.ht {
deny all;
}
}
代码: 全选
# Sample nginx configuration file for phpBB.
# Global settings have been removed, copy them
# from your system's nginx.conf.
# Tested with nginx 0.8.35.
# If you want to use the X-Accel-Redirect feature,
# add the following to your config.php.
#
# define('PHPBB_ENABLE_X_ACCEL_REDIRECT', true);
#
# See http://wiki.nginx.org/XSendfile for the details
# on X-Accel-Redirect.
http {
# Compression - requires gzip and gzip static modules.
gzip on;
gzip_static on;
gzip_vary on;
gzip_http_version 1.1;
gzip_min_length 700;
# Compression levels over 6 do not give an appreciable improvement
# in compression ratio, but take more resources.
gzip_comp_level 6;
# IE 6 and lower do not support gzip with Vary correctly.
gzip_disable "msie6";
# Before nginx 0.7.63:
#gzip_disable "MSIE [1-6]\.";
# Catch-all server for requests to invalid hosts.
# Also catches vulnerability scanners probing IP addresses.
server {
# default specifies that this block is to be used when
# no other block matches.
listen 80 default;
server_name bogus;
return 444;
root /var/empty;
}
# If you have domains with and without www prefix,
# redirect one to the other.
server {
# Default port is 80.
#listen 80;
server_name myforums.com;
# A trick from http://wiki.nginx.org/Pitfalls#Taxing_Rewrites:
rewrite ^ http://www.myforums.com$request_uri permanent;
# Equivalent to:
#rewrite ^(.*)$ http://www.myforums.com$1 permanent;
}
# The actual board domain.
server {
#listen 80;
server_name www.myforums.com;
root /path/to/phpbb;
location / {
# phpBB uses index.htm
index index.php index.html index.htm;
try_files $uri $uri/ @rewriteapp;
}
location @rewriteapp {
rewrite ^(.*)$ /app.php/$1 last;
}
# Deny access to internal phpbb files.
location ~ /(config\.php|common\.php|includes|cache|files|store|images/avatars/upload) {
deny all;
# deny was ignored before 0.8.40 for connections over IPv6.
# Use internal directive to prohibit access on older versions.
internal;
}
# Pass the php scripts to fastcgi server specified in upstream declaration.
location ~ \.php(/|$) {
# Unmodified fastcgi_params from nginx distribution.
include fastcgi_params;
# Necessary for php.
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
try_files $uri $uri/ /app.php$is_args$args;
fastcgi_pass php;
}
# Correctly pass scripts for installer
location /install/ {
# phpBB uses index.htm
try_files $uri $uri/ @rewrite_installapp;
# Pass the php scripts to fastcgi server specified in upstream declaration.
location ~ \.php(/|$) {
# Unmodified fastcgi_params from nginx distribution.
include fastcgi_params;
# Necessary for php.
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
try_files $uri $uri/ /install/app.php$is_args$args;
fastcgi_pass php;
}
}
location @rewrite_installapp {
rewrite ^(.*)$ /install/app.php/$1 last;
}
# Deny access to version control system directories.
location ~ /\.svn|/\.git {
deny all;
internal;
}
}
# If running php as fastcgi, specify php upstream.
upstream php {
server unix:/tmp/php.sock;
}
}
非常感谢,这个可以用!davidyin 写了: ↑2017年2月5日 15:48 或者你重写你的配置文件,参考一下官方的例子。代码: 全选
# Sample nginx configuration file for phpBB. # Global settings have been removed, copy them # from your system's nginx.conf. # Tested with nginx 0.8.35. # If you want to use the X-Accel-Redirect feature, # add the following to your config.php. # # define('PHPBB_ENABLE_X_ACCEL_REDIRECT', true); # # See http://wiki.nginx.org/XSendfile for the details # on X-Accel-Redirect. http { # Compression - requires gzip and gzip static modules. gzip on; gzip_static on; gzip_vary on; gzip_http_version 1.1; gzip_min_length 700; # Compression levels over 6 do not give an appreciable improvement # in compression ratio, but take more resources. gzip_comp_level 6; # IE 6 and lower do not support gzip with Vary correctly. gzip_disable "msie6"; # Before nginx 0.7.63: #gzip_disable "MSIE [1-6]\."; # Catch-all server for requests to invalid hosts. # Also catches vulnerability scanners probing IP addresses. server { # default specifies that this block is to be used when # no other block matches. listen 80 default; server_name bogus; return 444; root /var/empty; } # If you have domains with and without www prefix, # redirect one to the other. server { # Default port is 80. #listen 80; server_name myforums.com; # A trick from http://wiki.nginx.org/Pitfalls#Taxing_Rewrites: rewrite ^ http://www.myforums.com$request_uri permanent; # Equivalent to: #rewrite ^(.*)$ http://www.myforums.com$1 permanent; } # The actual board domain. server { #listen 80; server_name www.myforums.com; root /path/to/phpbb; location / { # phpBB uses index.htm index index.php index.html index.htm; try_files $uri $uri/ @rewriteapp; } location @rewriteapp { rewrite ^(.*)$ /app.php/$1 last; } # Deny access to internal phpbb files. location ~ /(config\.php|common\.php|includes|cache|files|store|images/avatars/upload) { deny all; # deny was ignored before 0.8.40 for connections over IPv6. # Use internal directive to prohibit access on older versions. internal; } # Pass the php scripts to fastcgi server specified in upstream declaration. location ~ \.php(/|$) { # Unmodified fastcgi_params from nginx distribution. include fastcgi_params; # Necessary for php. fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; fastcgi_param DOCUMENT_ROOT $realpath_root; try_files $uri $uri/ /app.php$is_args$args; fastcgi_pass php; } # Correctly pass scripts for installer location /install/ { # phpBB uses index.htm try_files $uri $uri/ @rewrite_installapp; # Pass the php scripts to fastcgi server specified in upstream declaration. location ~ \.php(/|$) { # Unmodified fastcgi_params from nginx distribution. include fastcgi_params; # Necessary for php. fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; fastcgi_param DOCUMENT_ROOT $realpath_root; try_files $uri $uri/ /install/app.php$is_args$args; fastcgi_pass php; } } location @rewrite_installapp { rewrite ^(.*)$ /install/app.php/$1 last; } # Deny access to version control system directories. location ~ /\.svn|/\.git { deny all; internal; } } # If running php as fastcgi, specify php upstream. upstream php { server unix:/tmp/php.sock; } }
代码: 全选
location / {
# phpBB uses index.htm
index index.php index.html index.htm;
try_files $uri $uri/ @rewriteapp;
}
location @rewriteapp {
rewrite ^(.*)$ /app.php/$1 last;
}
# Deny access to internal phpbb files.
location ~ /(config\.php|common\.php|includes|cache|files|store|images/avatars/upload) {
deny all;
# deny was ignored before 0.8.40 for connections over IPv6.
# Use internal directive to prohibit access on older versions.
internal;
}
# Pass the php scripts to fastcgi server specified in upstream declaration.
location ~ \.php(/|$) {
# Unmodified fastcgi_params from nginx distribution.
include fastcgi_params;
# Necessary for php.
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
try_files $uri $uri/ /app.php$is_args$args;
fastcgi_pass unix:/dev/shm/php-cgi.sock;
}
# Correctly pass scripts for installer
location /install/ {
# phpBB uses index.htm
try_files $uri $uri/ @rewrite_installapp;
# Pass the php scripts to fastcgi server specified in upstream declaration.
location ~ \.php(/|$) {
# Unmodified fastcgi_params from nginx distribution.
include fastcgi_params;
# Necessary for php.
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
try_files $uri $uri/ /install/app.php$is_args$args;
fastcgi_pass unix:/dev/shm/php-cgi.sock;
}
}
location @rewrite_installapp {
rewrite ^(.*)$ /install/app.php/$1 last;
}
# Deny access to version control system directories.
location ~ /\.svn|/\.git {
deny all;
internal;
}