3.1.10升级3.2后,faq部分access denied

phpBB 3.2.X 相关的使用、安装等话题
版面规则
《发帖时,请复制下列格式文本,提供完整的信息,勿简略发布》


###### 以下为“基本的提问格式” ######
  • 主机操作系统: Windows (XP, 7, 8, 10)、Linux(Redhat,Centos, Mandrake等等)、或者其他的(请务必注明版本)
  • 快速架站程序: AppServ、XAMPP 等等(请务必注明版本号)
  • 您的上网方式:ADSL、Cable、FTTB等等 (请务必留下 ISP 名称或 ISP 官网)
  • 您安装的程序: Apache + php + MySQL 或者其他的组合 (请务必留下版本号,如果使用上面的快速架站程序就不必写了)
  • 您的 phpBB 版本: phpBB 3.2.2
  • 您的域名: 比如 phpbbchinese.com
  • 您的 phpBB 网址: 比如 https://www.phpbbchinese.com/
###### 以上为“基本的提问格式” ######

  • 安装扩展: 请注明安装扩展的名称,版本以及参考链接(非扩展问题免填)
  • 安装风格: 请注明安装的风格名称,版本以及参考链接(非风格问题免填)
  • 错误代码: 请使用 Code 标签将错误代码标识出来,如下:

代码: 全选

错误代码
  • 错误状态:如果没有错误代码,请直接贴出截图,或者是详细叙述错误状态内容。
备注:
如果需要,请提供测试用的账号与密码
若是管理账号,请使用短信联系站长
回复
h2dp
注册用户
注册用户
帖子: 32
注册时间: 2016年11月20日 11:24

3.1.10升级3.2后,faq部分access denied

帖子 h2dp »

3.1.10升级3.2后,faq部分access denied
之前3.1.10的时候一切正常(php5.3)
网站 http://h2dp.com
环境:linux, 已升级php7.1,nginx
编程学习网 h2dp.com 每个人都应该学习如何设计程序!
头像
davidyin
网站管理员
网站管理员
帖子: 1431
注册时间: 2015年11月19日 01:50
联系:

Re: 3.1.10升级3.2后,faq部分access denied

帖子 davidyin »

可能你的 nginx 配置文件有问题?

在配置文件中加上这段

代码: 全选

location /app.php {
    try_files $uri $uri/ /app.php?$query_string;
}
居住在西八区,有时差,提问请按照“通用提问格式”提问,未必能及时回复,见谅。
提供 phpBB 服务
h2dp
注册用户
注册用户
帖子: 32
注册时间: 2016年11月20日 11:24

Re: 3.1.10升级3.2后,faq部分access denied

帖子 h2dp »

davidyin 写了: 2017年2月3日 16:47 可能你的 nginx 配置文件有问题?

在配置文件中加上这段

代码: 全选

location /app.php {
    try_files $uri $uri/ /app.php?$query_string;
}
已经加了,但是似乎没有用
https://h2dp.com/app.php/help/faq?sid=a ... f8078cdcd4
很奇怪,以前是可以的

nginx如下

代码: 全选

server {
  listen 80;
  listen 443 ssl http2;
  ssl_certificate /usr/local/nginx/conf/ssl/h2dp.com.crt;
  ssl_certificate_key /usr/local/nginx/conf/ssl/h2dp.com.key;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
  ssl_prefer_server_ciphers on;
  ssl_session_timeout 10m;
  ssl_session_cache builtin:1000 shared:SSL:10m;
  ssl_buffer_size 1400;
  add_header Strict-Transport-Security max-age=15768000;
  ssl_stapling on;
  ssl_stapling_verify on;
  server_name h2dp.com www.h2dp.com;
  access_log off;
  index index.html index.htm index.php;
  include /usr/local/nginx/conf/rewrite/h2dp.conf;
  root /data/wwwroot/h2dp.com;
  if ($ssl_protocol = "") { return 301 https://$host$request_uri; }
  #error_page 404 = /404.html;
  #error_page 502 = /502.html;
  if ($host != h2dp.com) {
    rewrite ^/(.*)$ $scheme://h2dp.com/$1 permanent;
  }
  location ~ .*\.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv|mp4)$ {
  valid_referers none blocked *.h2dp.com h2dp.com www.h2dp.com;
  if ($invalid_referer) {
      #rewrite ^/ http://www.example.com/403.html;
      return 403;
    }
  }
  location ~ [^/]\.php(/|$) {
    #fastcgi_pass remote_php_ip:9000;
    fastcgi_pass unix:/dev/shm/php-cgi.sock;
    fastcgi_index index.php;
  }
location /app.php {
    try_files $uri $uri/ /app.php?$query_string;
}
  location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
    expires 30d;
    access_log off;
  }
  location ~ .*\.(js|css)?$ {
    expires 7d;
    access_log off;
  }
  location ~ /\.ht {
    deny all;
  }
}
上次由 h2dp 在 2017年2月5日 20:14,总共编辑 1 次。
编程学习网 h2dp.com 每个人都应该学习如何设计程序!
头像
davidyin
网站管理员
网站管理员
帖子: 1431
注册时间: 2015年11月19日 01:50
联系:

Re: 3.1.10升级3.2后,faq部分access denied

帖子 davidyin »

那看看是不是 app.php 这个文件的权限有问题。

这里直接输入 app.php/
返回的页面显示
No route found for "GET /"

我是建议你直接看看 nginx 和 php 的 error log。
居住在西八区,有时差,提问请按照“通用提问格式”提问,未必能及时回复,见谅。
提供 phpBB 服务
头像
davidyin
网站管理员
网站管理员
帖子: 1431
注册时间: 2015年11月19日 01:50
联系:

Re: 3.1.10升级3.2后,faq部分access denied

帖子 davidyin »

或者你重写你的配置文件,参考一下官方的例子。

代码: 全选

# Sample nginx configuration file for phpBB.
# Global settings have been removed, copy them
# from your system's nginx.conf.
# Tested with nginx 0.8.35.

# If you want to use the X-Accel-Redirect feature,
# add the following to your config.php.
#
#  define('PHPBB_ENABLE_X_ACCEL_REDIRECT', true);
#
# See http://wiki.nginx.org/XSendfile for the details
# on X-Accel-Redirect.

http {
    # Compression - requires gzip and gzip static modules.
    gzip on;
    gzip_static on;
    gzip_vary on;
    gzip_http_version 1.1;
    gzip_min_length 700;
    
    # Compression levels over 6 do not give an appreciable improvement
    # in compression ratio, but take more resources.
    gzip_comp_level 6;
    
    # IE 6 and lower do not support gzip with Vary correctly.
    gzip_disable "msie6";
    # Before nginx 0.7.63:
    #gzip_disable "MSIE [1-6]\.";

    # Catch-all server for requests to invalid hosts.
    # Also catches vulnerability scanners probing IP addresses.
    server {
        # default specifies that this block is to be used when
        # no other block matches.
        listen 80 default;

        server_name bogus;
        return 444;
        root /var/empty;
    }

    # If you have domains with and without www prefix,
    # redirect one to the other.
    server {
        # Default port is 80.
        #listen 80;

        server_name myforums.com;

        # A trick from http://wiki.nginx.org/Pitfalls#Taxing_Rewrites:
        rewrite ^ http://www.myforums.com$request_uri permanent;
        # Equivalent to:
        #rewrite ^(.*)$ http://www.myforums.com$1 permanent;
    }

    # The actual board domain.
    server {
        #listen 80;
        server_name www.myforums.com;

        root /path/to/phpbb;

        location / {
            # phpBB uses index.htm
            index index.php index.html index.htm;
            try_files $uri $uri/ @rewriteapp;
        }

        location @rewriteapp {
            rewrite ^(.*)$ /app.php/$1 last;
        }

        # Deny access to internal phpbb files.
        location ~ /(config\.php|common\.php|includes|cache|files|store|images/avatars/upload) {
            deny all;
            # deny was ignored before 0.8.40 for connections over IPv6.
            # Use internal directive to prohibit access on older versions.
            internal;
        }

        # Pass the php scripts to fastcgi server specified in upstream declaration.
        location ~ \.php(/|$) {
            # Unmodified fastcgi_params from nginx distribution.
            include fastcgi_params;
            # Necessary for php.
            fastcgi_split_path_info ^(.+\.php)(/.*)$;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
            fastcgi_param DOCUMENT_ROOT $realpath_root;
            try_files $uri $uri/ /app.php$is_args$args;
            fastcgi_pass php;
        }

        # Correctly pass scripts for installer
        location /install/ {
            # phpBB uses index.htm
            try_files $uri $uri/ @rewrite_installapp;

            # Pass the php scripts to fastcgi server specified in upstream declaration.
            location ~ \.php(/|$) {
                # Unmodified fastcgi_params from nginx distribution.
                include fastcgi_params;
                # Necessary for php.
                fastcgi_split_path_info ^(.+\.php)(/.*)$;
                fastcgi_param PATH_INFO $fastcgi_path_info;
                fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
                fastcgi_param DOCUMENT_ROOT $realpath_root;
                try_files $uri $uri/ /install/app.php$is_args$args;
                fastcgi_pass php;
            }
        }

        location @rewrite_installapp {
            rewrite ^(.*)$ /install/app.php/$1 last;
        }

        # Deny access to version control system directories.
        location ~ /\.svn|/\.git {
            deny all;
            internal;
        }
    }

    # If running php as fastcgi, specify php upstream.
    upstream php {
        server unix:/tmp/php.sock;
    }
}
居住在西八区,有时差,提问请按照“通用提问格式”提问,未必能及时回复,见谅。
提供 phpBB 服务
h2dp
注册用户
注册用户
帖子: 32
注册时间: 2016年11月20日 11:24

Re: 3.1.10升级3.2后,faq部分access denied

帖子 h2dp »

davidyin 写了: 2017年2月5日 15:48 或者你重写你的配置文件,参考一下官方的例子。

代码: 全选

# Sample nginx configuration file for phpBB.
# Global settings have been removed, copy them
# from your system's nginx.conf.
# Tested with nginx 0.8.35.

# If you want to use the X-Accel-Redirect feature,
# add the following to your config.php.
#
#  define('PHPBB_ENABLE_X_ACCEL_REDIRECT', true);
#
# See http://wiki.nginx.org/XSendfile for the details
# on X-Accel-Redirect.

http {
    # Compression - requires gzip and gzip static modules.
    gzip on;
    gzip_static on;
    gzip_vary on;
    gzip_http_version 1.1;
    gzip_min_length 700;
    
    # Compression levels over 6 do not give an appreciable improvement
    # in compression ratio, but take more resources.
    gzip_comp_level 6;
    
    # IE 6 and lower do not support gzip with Vary correctly.
    gzip_disable "msie6";
    # Before nginx 0.7.63:
    #gzip_disable "MSIE [1-6]\.";

    # Catch-all server for requests to invalid hosts.
    # Also catches vulnerability scanners probing IP addresses.
    server {
        # default specifies that this block is to be used when
        # no other block matches.
        listen 80 default;

        server_name bogus;
        return 444;
        root /var/empty;
    }

    # If you have domains with and without www prefix,
    # redirect one to the other.
    server {
        # Default port is 80.
        #listen 80;

        server_name myforums.com;

        # A trick from http://wiki.nginx.org/Pitfalls#Taxing_Rewrites:
        rewrite ^ http://www.myforums.com$request_uri permanent;
        # Equivalent to:
        #rewrite ^(.*)$ http://www.myforums.com$1 permanent;
    }

    # The actual board domain.
    server {
        #listen 80;
        server_name www.myforums.com;

        root /path/to/phpbb;

        location / {
            # phpBB uses index.htm
            index index.php index.html index.htm;
            try_files $uri $uri/ @rewriteapp;
        }

        location @rewriteapp {
            rewrite ^(.*)$ /app.php/$1 last;
        }

        # Deny access to internal phpbb files.
        location ~ /(config\.php|common\.php|includes|cache|files|store|images/avatars/upload) {
            deny all;
            # deny was ignored before 0.8.40 for connections over IPv6.
            # Use internal directive to prohibit access on older versions.
            internal;
        }

        # Pass the php scripts to fastcgi server specified in upstream declaration.
        location ~ \.php(/|$) {
            # Unmodified fastcgi_params from nginx distribution.
            include fastcgi_params;
            # Necessary for php.
            fastcgi_split_path_info ^(.+\.php)(/.*)$;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
            fastcgi_param DOCUMENT_ROOT $realpath_root;
            try_files $uri $uri/ /app.php$is_args$args;
            fastcgi_pass php;
        }

        # Correctly pass scripts for installer
        location /install/ {
            # phpBB uses index.htm
            try_files $uri $uri/ @rewrite_installapp;

            # Pass the php scripts to fastcgi server specified in upstream declaration.
            location ~ \.php(/|$) {
                # Unmodified fastcgi_params from nginx distribution.
                include fastcgi_params;
                # Necessary for php.
                fastcgi_split_path_info ^(.+\.php)(/.*)$;
                fastcgi_param PATH_INFO $fastcgi_path_info;
                fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
                fastcgi_param DOCUMENT_ROOT $realpath_root;
                try_files $uri $uri/ /install/app.php$is_args$args;
                fastcgi_pass php;
            }
        }

        location @rewrite_installapp {
            rewrite ^(.*)$ /install/app.php/$1 last;
        }

        # Deny access to version control system directories.
        location ~ /\.svn|/\.git {
            deny all;
            internal;
        }
    }

    # If running php as fastcgi, specify php upstream.
    upstream php {
        server unix:/tmp/php.sock;
    }
}
非常感谢,这个可以用!
https://h2dp.com/app.php/help/faq
现在好了。

这个nginx配置很有参考价值
编程学习网 h2dp.com 每个人都应该学习如何设计程序!
h2dp
注册用户
注册用户
帖子: 32
注册时间: 2016年11月20日 11:24

Re: 3.1.10升级3.2后,faq部分access denied

帖子 h2dp »

改造了下nginx的配置

代码: 全选

	location / {
            # phpBB uses index.htm
            index index.php index.html index.htm;
            try_files $uri $uri/ @rewriteapp;
        }

        location @rewriteapp {
            rewrite ^(.*)$ /app.php/$1 last;
        }
        # Deny access to internal phpbb files.
        location ~ /(config\.php|common\.php|includes|cache|files|store|images/avatars/upload) {
            deny all;
            # deny was ignored before 0.8.40 for connections over IPv6.
            # Use internal directive to prohibit access on older versions.
            internal;
        }

        # Pass the php scripts to fastcgi server specified in upstream declaration.
        location ~ \.php(/|$) {
            # Unmodified fastcgi_params from nginx distribution.
            include fastcgi_params;
            # Necessary for php.
            fastcgi_split_path_info ^(.+\.php)(/.*)$;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
            fastcgi_param DOCUMENT_ROOT $realpath_root;
            try_files $uri $uri/ /app.php$is_args$args;
            fastcgi_pass unix:/dev/shm/php-cgi.sock;
        }
       # Correctly pass scripts for installer
        location /install/ {
            # phpBB uses index.htm
            try_files $uri $uri/ @rewrite_installapp;

            # Pass the php scripts to fastcgi server specified in upstream declaration.
            location ~ \.php(/|$) {
                # Unmodified fastcgi_params from nginx distribution.
                include fastcgi_params;
                # Necessary for php.
                fastcgi_split_path_info ^(.+\.php)(/.*)$;
                fastcgi_param PATH_INFO $fastcgi_path_info;
                fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
                fastcgi_param DOCUMENT_ROOT $realpath_root;
                try_files $uri $uri/ /install/app.php$is_args$args;
                fastcgi_pass unix:/dev/shm/php-cgi.sock;
            }
        }

        location @rewrite_installapp {
            rewrite ^(.*)$ /install/app.php/$1 last;
        }

        # Deny access to version control system directories.
        location ~ /\.svn|/\.git {
            deny all;
            internal;
        }
编程学习网 h2dp.com 每个人都应该学习如何设计程序!
头像
davidyin
网站管理员
网站管理员
帖子: 1431
注册时间: 2015年11月19日 01:50
联系:

Re: 3.1.10升级3.2后,faq部分access denied

帖子 davidyin »

nginx 的配置的确比 apache 的复杂一点。
很高兴,你的弄好了。
居住在西八区,有时差,提问请按照“通用提问格式”提问,未必能及时回复,见谅。
提供 phpBB 服务
回复