分页: 1 / 1

3.1.10升级3.2后,faq部分access denied

发表于 : 2017年2月3日 15:13
h2dp
3.1.10升级3.2后,faq部分access denied
之前3.1.10的时候一切正常(php5.3)
网站 http://h2dp.com
环境:linux, 已升级php7.1,nginx

Re: 3.1.10升级3.2后,faq部分access denied

发表于 : 2017年2月3日 16:47
davidyin
可能你的 nginx 配置文件有问题?

在配置文件中加上这段

代码: 全选

location /app.php {
    try_files $uri $uri/ /app.php?$query_string;
}

Re: 3.1.10升级3.2后,faq部分access denied

发表于 : 2017年2月4日 23:09
h2dp
davidyin 写了: 2017年2月3日 16:47 可能你的 nginx 配置文件有问题?

在配置文件中加上这段

代码: 全选

location /app.php {
    try_files $uri $uri/ /app.php?$query_string;
}
已经加了,但是似乎没有用
https://h2dp.com/app.php/help/faq?sid=a ... f8078cdcd4
很奇怪,以前是可以的

nginx如下

代码: 全选

server {
  listen 80;
  listen 443 ssl http2;
  ssl_certificate /usr/local/nginx/conf/ssl/h2dp.com.crt;
  ssl_certificate_key /usr/local/nginx/conf/ssl/h2dp.com.key;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
  ssl_prefer_server_ciphers on;
  ssl_session_timeout 10m;
  ssl_session_cache builtin:1000 shared:SSL:10m;
  ssl_buffer_size 1400;
  add_header Strict-Transport-Security max-age=15768000;
  ssl_stapling on;
  ssl_stapling_verify on;
  server_name h2dp.com www.h2dp.com;
  access_log off;
  index index.html index.htm index.php;
  include /usr/local/nginx/conf/rewrite/h2dp.conf;
  root /data/wwwroot/h2dp.com;
  if ($ssl_protocol = "") { return 301 https://$host$request_uri; }
  #error_page 404 = /404.html;
  #error_page 502 = /502.html;
  if ($host != h2dp.com) {
    rewrite ^/(.*)$ $scheme://h2dp.com/$1 permanent;
  }
  location ~ .*\.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv|mp4)$ {
  valid_referers none blocked *.h2dp.com h2dp.com www.h2dp.com;
  if ($invalid_referer) {
      #rewrite ^/ http://www.example.com/403.html;
      return 403;
    }
  }
  location ~ [^/]\.php(/|$) {
    #fastcgi_pass remote_php_ip:9000;
    fastcgi_pass unix:/dev/shm/php-cgi.sock;
    fastcgi_index index.php;
  }
location /app.php {
    try_files $uri $uri/ /app.php?$query_string;
}
  location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
    expires 30d;
    access_log off;
  }
  location ~ .*\.(js|css)?$ {
    expires 7d;
    access_log off;
  }
  location ~ /\.ht {
    deny all;
  }
}

Re: 3.1.10升级3.2后,faq部分access denied

发表于 : 2017年2月5日 15:41
davidyin
那看看是不是 app.php 这个文件的权限有问题。

这里直接输入 app.php/
返回的页面显示
No route found for "GET /"

我是建议你直接看看 nginx 和 php 的 error log。

Re: 3.1.10升级3.2后,faq部分access denied

发表于 : 2017年2月5日 15:48
davidyin
或者你重写你的配置文件,参考一下官方的例子。

代码: 全选

# Sample nginx configuration file for phpBB.
# Global settings have been removed, copy them
# from your system's nginx.conf.
# Tested with nginx 0.8.35.

# If you want to use the X-Accel-Redirect feature,
# add the following to your config.php.
#
#  define('PHPBB_ENABLE_X_ACCEL_REDIRECT', true);
#
# See http://wiki.nginx.org/XSendfile for the details
# on X-Accel-Redirect.

http {
    # Compression - requires gzip and gzip static modules.
    gzip on;
    gzip_static on;
    gzip_vary on;
    gzip_http_version 1.1;
    gzip_min_length 700;
    
    # Compression levels over 6 do not give an appreciable improvement
    # in compression ratio, but take more resources.
    gzip_comp_level 6;
    
    # IE 6 and lower do not support gzip with Vary correctly.
    gzip_disable "msie6";
    # Before nginx 0.7.63:
    #gzip_disable "MSIE [1-6]\.";

    # Catch-all server for requests to invalid hosts.
    # Also catches vulnerability scanners probing IP addresses.
    server {
        # default specifies that this block is to be used when
        # no other block matches.
        listen 80 default;

        server_name bogus;
        return 444;
        root /var/empty;
    }

    # If you have domains with and without www prefix,
    # redirect one to the other.
    server {
        # Default port is 80.
        #listen 80;

        server_name myforums.com;

        # A trick from http://wiki.nginx.org/Pitfalls#Taxing_Rewrites:
        rewrite ^ http://www.myforums.com$request_uri permanent;
        # Equivalent to:
        #rewrite ^(.*)$ http://www.myforums.com$1 permanent;
    }

    # The actual board domain.
    server {
        #listen 80;
        server_name www.myforums.com;

        root /path/to/phpbb;

        location / {
            # phpBB uses index.htm
            index index.php index.html index.htm;
            try_files $uri $uri/ @rewriteapp;
        }

        location @rewriteapp {
            rewrite ^(.*)$ /app.php/$1 last;
        }

        # Deny access to internal phpbb files.
        location ~ /(config\.php|common\.php|includes|cache|files|store|images/avatars/upload) {
            deny all;
            # deny was ignored before 0.8.40 for connections over IPv6.
            # Use internal directive to prohibit access on older versions.
            internal;
        }

        # Pass the php scripts to fastcgi server specified in upstream declaration.
        location ~ \.php(/|$) {
            # Unmodified fastcgi_params from nginx distribution.
            include fastcgi_params;
            # Necessary for php.
            fastcgi_split_path_info ^(.+\.php)(/.*)$;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
            fastcgi_param DOCUMENT_ROOT $realpath_root;
            try_files $uri $uri/ /app.php$is_args$args;
            fastcgi_pass php;
        }

        # Correctly pass scripts for installer
        location /install/ {
            # phpBB uses index.htm
            try_files $uri $uri/ @rewrite_installapp;

            # Pass the php scripts to fastcgi server specified in upstream declaration.
            location ~ \.php(/|$) {
                # Unmodified fastcgi_params from nginx distribution.
                include fastcgi_params;
                # Necessary for php.
                fastcgi_split_path_info ^(.+\.php)(/.*)$;
                fastcgi_param PATH_INFO $fastcgi_path_info;
                fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
                fastcgi_param DOCUMENT_ROOT $realpath_root;
                try_files $uri $uri/ /install/app.php$is_args$args;
                fastcgi_pass php;
            }
        }

        location @rewrite_installapp {
            rewrite ^(.*)$ /install/app.php/$1 last;
        }

        # Deny access to version control system directories.
        location ~ /\.svn|/\.git {
            deny all;
            internal;
        }
    }

    # If running php as fastcgi, specify php upstream.
    upstream php {
        server unix:/tmp/php.sock;
    }
}

Re: 3.1.10升级3.2后,faq部分access denied

发表于 : 2017年2月5日 19:59
h2dp
davidyin 写了: 2017年2月5日 15:48 或者你重写你的配置文件,参考一下官方的例子。

代码: 全选

# Sample nginx configuration file for phpBB.
# Global settings have been removed, copy them
# from your system's nginx.conf.
# Tested with nginx 0.8.35.

# If you want to use the X-Accel-Redirect feature,
# add the following to your config.php.
#
#  define('PHPBB_ENABLE_X_ACCEL_REDIRECT', true);
#
# See http://wiki.nginx.org/XSendfile for the details
# on X-Accel-Redirect.

http {
    # Compression - requires gzip and gzip static modules.
    gzip on;
    gzip_static on;
    gzip_vary on;
    gzip_http_version 1.1;
    gzip_min_length 700;
    
    # Compression levels over 6 do not give an appreciable improvement
    # in compression ratio, but take more resources.
    gzip_comp_level 6;
    
    # IE 6 and lower do not support gzip with Vary correctly.
    gzip_disable "msie6";
    # Before nginx 0.7.63:
    #gzip_disable "MSIE [1-6]\.";

    # Catch-all server for requests to invalid hosts.
    # Also catches vulnerability scanners probing IP addresses.
    server {
        # default specifies that this block is to be used when
        # no other block matches.
        listen 80 default;

        server_name bogus;
        return 444;
        root /var/empty;
    }

    # If you have domains with and without www prefix,
    # redirect one to the other.
    server {
        # Default port is 80.
        #listen 80;

        server_name myforums.com;

        # A trick from http://wiki.nginx.org/Pitfalls#Taxing_Rewrites:
        rewrite ^ http://www.myforums.com$request_uri permanent;
        # Equivalent to:
        #rewrite ^(.*)$ http://www.myforums.com$1 permanent;
    }

    # The actual board domain.
    server {
        #listen 80;
        server_name www.myforums.com;

        root /path/to/phpbb;

        location / {
            # phpBB uses index.htm
            index index.php index.html index.htm;
            try_files $uri $uri/ @rewriteapp;
        }

        location @rewriteapp {
            rewrite ^(.*)$ /app.php/$1 last;
        }

        # Deny access to internal phpbb files.
        location ~ /(config\.php|common\.php|includes|cache|files|store|images/avatars/upload) {
            deny all;
            # deny was ignored before 0.8.40 for connections over IPv6.
            # Use internal directive to prohibit access on older versions.
            internal;
        }

        # Pass the php scripts to fastcgi server specified in upstream declaration.
        location ~ \.php(/|$) {
            # Unmodified fastcgi_params from nginx distribution.
            include fastcgi_params;
            # Necessary for php.
            fastcgi_split_path_info ^(.+\.php)(/.*)$;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
            fastcgi_param DOCUMENT_ROOT $realpath_root;
            try_files $uri $uri/ /app.php$is_args$args;
            fastcgi_pass php;
        }

        # Correctly pass scripts for installer
        location /install/ {
            # phpBB uses index.htm
            try_files $uri $uri/ @rewrite_installapp;

            # Pass the php scripts to fastcgi server specified in upstream declaration.
            location ~ \.php(/|$) {
                # Unmodified fastcgi_params from nginx distribution.
                include fastcgi_params;
                # Necessary for php.
                fastcgi_split_path_info ^(.+\.php)(/.*)$;
                fastcgi_param PATH_INFO $fastcgi_path_info;
                fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
                fastcgi_param DOCUMENT_ROOT $realpath_root;
                try_files $uri $uri/ /install/app.php$is_args$args;
                fastcgi_pass php;
            }
        }

        location @rewrite_installapp {
            rewrite ^(.*)$ /install/app.php/$1 last;
        }

        # Deny access to version control system directories.
        location ~ /\.svn|/\.git {
            deny all;
            internal;
        }
    }

    # If running php as fastcgi, specify php upstream.
    upstream php {
        server unix:/tmp/php.sock;
    }
}
非常感谢,这个可以用!
https://h2dp.com/app.php/help/faq
现在好了。

这个nginx配置很有参考价值

Re: 3.1.10升级3.2后,faq部分access denied

发表于 : 2017年2月5日 20:13
h2dp
改造了下nginx的配置

代码: 全选

	location / {
            # phpBB uses index.htm
            index index.php index.html index.htm;
            try_files $uri $uri/ @rewriteapp;
        }

        location @rewriteapp {
            rewrite ^(.*)$ /app.php/$1 last;
        }
        # Deny access to internal phpbb files.
        location ~ /(config\.php|common\.php|includes|cache|files|store|images/avatars/upload) {
            deny all;
            # deny was ignored before 0.8.40 for connections over IPv6.
            # Use internal directive to prohibit access on older versions.
            internal;
        }

        # Pass the php scripts to fastcgi server specified in upstream declaration.
        location ~ \.php(/|$) {
            # Unmodified fastcgi_params from nginx distribution.
            include fastcgi_params;
            # Necessary for php.
            fastcgi_split_path_info ^(.+\.php)(/.*)$;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
            fastcgi_param DOCUMENT_ROOT $realpath_root;
            try_files $uri $uri/ /app.php$is_args$args;
            fastcgi_pass unix:/dev/shm/php-cgi.sock;
        }
       # Correctly pass scripts for installer
        location /install/ {
            # phpBB uses index.htm
            try_files $uri $uri/ @rewrite_installapp;

            # Pass the php scripts to fastcgi server specified in upstream declaration.
            location ~ \.php(/|$) {
                # Unmodified fastcgi_params from nginx distribution.
                include fastcgi_params;
                # Necessary for php.
                fastcgi_split_path_info ^(.+\.php)(/.*)$;
                fastcgi_param PATH_INFO $fastcgi_path_info;
                fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
                fastcgi_param DOCUMENT_ROOT $realpath_root;
                try_files $uri $uri/ /install/app.php$is_args$args;
                fastcgi_pass unix:/dev/shm/php-cgi.sock;
            }
        }

        location @rewrite_installapp {
            rewrite ^(.*)$ /install/app.php/$1 last;
        }

        # Deny access to version control system directories.
        location ~ /\.svn|/\.git {
            deny all;
            internal;
        }

Re: 3.1.10升级3.2后,faq部分access denied

发表于 : 2017年2月6日 06:10
davidyin
nginx 的配置的确比 apache 的复杂一点。
很高兴,你的弄好了。