3.1.10升级3.2后,faq部分access denied
之前3.1.10的时候一切正常(php5.3)
网站 http://h2dp.com
环境:linux, 已升级php7.1,nginx
3.1.10升级3.2后,faq部分access denied
版面规则
《发帖时,请复制下列格式文本,提供完整的信息,勿简略发布》
###### 以下为“基本的提问格式” ######
如果需要,请提供测试用的账号与密码
若是管理账号,请使用短信联系站长
《发帖时,请复制下列格式文本,提供完整的信息,勿简略发布》
###### 以下为“基本的提问格式” ######
- 主机操作系统: Windows (XP, 7, 8, 10)、Linux(Redhat,Centos, Mandrake等等)、或者其他的(请务必注明版本)
- 快速架站程序: AppServ、XAMPP 等等(请务必注明版本号)
- 您的上网方式:ADSL、Cable、FTTB等等 (请务必留下 ISP 名称或 ISP 官网)
- 您安装的程序: Apache + php + MySQL 或者其他的组合 (请务必留下版本号,如果使用上面的快速架站程序就不必写了)
- 您的 phpBB 版本: phpBB 3.2.2
- 您的域名: 比如 phpbbchinese.com
- 您的 phpBB 网址: 比如 https://www.phpbbchinese.com/
- 安装扩展: 请注明安装扩展的名称,版本以及参考链接(非扩展问题免填)
- 安装风格: 请注明安装的风格名称,版本以及参考链接(非风格问题免填)
- 错误代码: 请使用 Code 标签将错误代码标识出来,如下:
代码: 全选
错误代码
- 错误状态:如果没有错误代码,请直接贴出截图,或者是详细叙述错误状态内容。
如果需要,请提供测试用的账号与密码
若是管理账号,请使用短信联系站长
3.1.10升级3.2后,faq部分access denied
编程学习网 h2dp.com 每个人都应该学习如何设计程序!
Re: 3.1.10升级3.2后,faq部分access denied
可能你的 nginx 配置文件有问题?
在配置文件中加上这段
在配置文件中加上这段
代码: 全选
location /app.php {
try_files $uri $uri/ /app.php?$query_string;
}
Re: 3.1.10升级3.2后,faq部分access denied
已经加了,但是似乎没有用
https://h2dp.com/app.php/help/faq?sid=a ... f8078cdcd4
很奇怪,以前是可以的
nginx如下
代码: 全选
server {
listen 80;
listen 443 ssl http2;
ssl_certificate /usr/local/nginx/conf/ssl/h2dp.com.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/h2dp.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_buffer_size 1400;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
server_name h2dp.com www.h2dp.com;
access_log off;
index index.html index.htm index.php;
include /usr/local/nginx/conf/rewrite/h2dp.conf;
root /data/wwwroot/h2dp.com;
if ($ssl_protocol = "") { return 301 https://$host$request_uri; }
#error_page 404 = /404.html;
#error_page 502 = /502.html;
if ($host != h2dp.com) {
rewrite ^/(.*)$ $scheme://h2dp.com/$1 permanent;
}
location ~ .*\.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv|mp4)$ {
valid_referers none blocked *.h2dp.com h2dp.com www.h2dp.com;
if ($invalid_referer) {
#rewrite ^/ http://www.example.com/403.html;
return 403;
}
}
location ~ [^/]\.php(/|$) {
#fastcgi_pass remote_php_ip:9000;
fastcgi_pass unix:/dev/shm/php-cgi.sock;
fastcgi_index index.php;
}
location /app.php {
try_files $uri $uri/ /app.php?$query_string;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
expires 30d;
access_log off;
}
location ~ .*\.(js|css)?$ {
expires 7d;
access_log off;
}
location ~ /\.ht {
deny all;
}
}
上次由 h2dp 在 2017年2月5日 20:14,总共编辑 1 次。
编程学习网 h2dp.com 每个人都应该学习如何设计程序!
Re: 3.1.10升级3.2后,faq部分access denied
那看看是不是 app.php 这个文件的权限有问题。
这里直接输入 app.php/
返回的页面显示
No route found for "GET /"
我是建议你直接看看 nginx 和 php 的 error log。
这里直接输入 app.php/
返回的页面显示
No route found for "GET /"
我是建议你直接看看 nginx 和 php 的 error log。
Re: 3.1.10升级3.2后,faq部分access denied
或者你重写你的配置文件,参考一下官方的例子。
代码: 全选
# Sample nginx configuration file for phpBB.
# Global settings have been removed, copy them
# from your system's nginx.conf.
# Tested with nginx 0.8.35.
# If you want to use the X-Accel-Redirect feature,
# add the following to your config.php.
#
# define('PHPBB_ENABLE_X_ACCEL_REDIRECT', true);
#
# See http://wiki.nginx.org/XSendfile for the details
# on X-Accel-Redirect.
http {
# Compression - requires gzip and gzip static modules.
gzip on;
gzip_static on;
gzip_vary on;
gzip_http_version 1.1;
gzip_min_length 700;
# Compression levels over 6 do not give an appreciable improvement
# in compression ratio, but take more resources.
gzip_comp_level 6;
# IE 6 and lower do not support gzip with Vary correctly.
gzip_disable "msie6";
# Before nginx 0.7.63:
#gzip_disable "MSIE [1-6]\.";
# Catch-all server for requests to invalid hosts.
# Also catches vulnerability scanners probing IP addresses.
server {
# default specifies that this block is to be used when
# no other block matches.
listen 80 default;
server_name bogus;
return 444;
root /var/empty;
}
# If you have domains with and without www prefix,
# redirect one to the other.
server {
# Default port is 80.
#listen 80;
server_name myforums.com;
# A trick from http://wiki.nginx.org/Pitfalls#Taxing_Rewrites:
rewrite ^ http://www.myforums.com$request_uri permanent;
# Equivalent to:
#rewrite ^(.*)$ http://www.myforums.com$1 permanent;
}
# The actual board domain.
server {
#listen 80;
server_name www.myforums.com;
root /path/to/phpbb;
location / {
# phpBB uses index.htm
index index.php index.html index.htm;
try_files $uri $uri/ @rewriteapp;
}
location @rewriteapp {
rewrite ^(.*)$ /app.php/$1 last;
}
# Deny access to internal phpbb files.
location ~ /(config\.php|common\.php|includes|cache|files|store|images/avatars/upload) {
deny all;
# deny was ignored before 0.8.40 for connections over IPv6.
# Use internal directive to prohibit access on older versions.
internal;
}
# Pass the php scripts to fastcgi server specified in upstream declaration.
location ~ \.php(/|$) {
# Unmodified fastcgi_params from nginx distribution.
include fastcgi_params;
# Necessary for php.
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
try_files $uri $uri/ /app.php$is_args$args;
fastcgi_pass php;
}
# Correctly pass scripts for installer
location /install/ {
# phpBB uses index.htm
try_files $uri $uri/ @rewrite_installapp;
# Pass the php scripts to fastcgi server specified in upstream declaration.
location ~ \.php(/|$) {
# Unmodified fastcgi_params from nginx distribution.
include fastcgi_params;
# Necessary for php.
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
try_files $uri $uri/ /install/app.php$is_args$args;
fastcgi_pass php;
}
}
location @rewrite_installapp {
rewrite ^(.*)$ /install/app.php/$1 last;
}
# Deny access to version control system directories.
location ~ /\.svn|/\.git {
deny all;
internal;
}
}
# If running php as fastcgi, specify php upstream.
upstream php {
server unix:/tmp/php.sock;
}
}
Re: 3.1.10升级3.2后,faq部分access denied
非常感谢,这个可以用!davidyin 写了: ↑2017年2月5日 15:48 或者你重写你的配置文件,参考一下官方的例子。代码: 全选
# Sample nginx configuration file for phpBB. # Global settings have been removed, copy them # from your system's nginx.conf. # Tested with nginx 0.8.35. # If you want to use the X-Accel-Redirect feature, # add the following to your config.php. # # define('PHPBB_ENABLE_X_ACCEL_REDIRECT', true); # # See http://wiki.nginx.org/XSendfile for the details # on X-Accel-Redirect. http { # Compression - requires gzip and gzip static modules. gzip on; gzip_static on; gzip_vary on; gzip_http_version 1.1; gzip_min_length 700; # Compression levels over 6 do not give an appreciable improvement # in compression ratio, but take more resources. gzip_comp_level 6; # IE 6 and lower do not support gzip with Vary correctly. gzip_disable "msie6"; # Before nginx 0.7.63: #gzip_disable "MSIE [1-6]\."; # Catch-all server for requests to invalid hosts. # Also catches vulnerability scanners probing IP addresses. server { # default specifies that this block is to be used when # no other block matches. listen 80 default; server_name bogus; return 444; root /var/empty; } # If you have domains with and without www prefix, # redirect one to the other. server { # Default port is 80. #listen 80; server_name myforums.com; # A trick from http://wiki.nginx.org/Pitfalls#Taxing_Rewrites: rewrite ^ http://www.myforums.com$request_uri permanent; # Equivalent to: #rewrite ^(.*)$ http://www.myforums.com$1 permanent; } # The actual board domain. server { #listen 80; server_name www.myforums.com; root /path/to/phpbb; location / { # phpBB uses index.htm index index.php index.html index.htm; try_files $uri $uri/ @rewriteapp; } location @rewriteapp { rewrite ^(.*)$ /app.php/$1 last; } # Deny access to internal phpbb files. location ~ /(config\.php|common\.php|includes|cache|files|store|images/avatars/upload) { deny all; # deny was ignored before 0.8.40 for connections over IPv6. # Use internal directive to prohibit access on older versions. internal; } # Pass the php scripts to fastcgi server specified in upstream declaration. location ~ \.php(/|$) { # Unmodified fastcgi_params from nginx distribution. include fastcgi_params; # Necessary for php. fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; fastcgi_param DOCUMENT_ROOT $realpath_root; try_files $uri $uri/ /app.php$is_args$args; fastcgi_pass php; } # Correctly pass scripts for installer location /install/ { # phpBB uses index.htm try_files $uri $uri/ @rewrite_installapp; # Pass the php scripts to fastcgi server specified in upstream declaration. location ~ \.php(/|$) { # Unmodified fastcgi_params from nginx distribution. include fastcgi_params; # Necessary for php. fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; fastcgi_param DOCUMENT_ROOT $realpath_root; try_files $uri $uri/ /install/app.php$is_args$args; fastcgi_pass php; } } location @rewrite_installapp { rewrite ^(.*)$ /install/app.php/$1 last; } # Deny access to version control system directories. location ~ /\.svn|/\.git { deny all; internal; } } # If running php as fastcgi, specify php upstream. upstream php { server unix:/tmp/php.sock; } }
https://h2dp.com/app.php/help/faq
现在好了。
这个nginx配置很有参考价值
编程学习网 h2dp.com 每个人都应该学习如何设计程序!
Re: 3.1.10升级3.2后,faq部分access denied
改造了下nginx的配置
代码: 全选
location / {
# phpBB uses index.htm
index index.php index.html index.htm;
try_files $uri $uri/ @rewriteapp;
}
location @rewriteapp {
rewrite ^(.*)$ /app.php/$1 last;
}
# Deny access to internal phpbb files.
location ~ /(config\.php|common\.php|includes|cache|files|store|images/avatars/upload) {
deny all;
# deny was ignored before 0.8.40 for connections over IPv6.
# Use internal directive to prohibit access on older versions.
internal;
}
# Pass the php scripts to fastcgi server specified in upstream declaration.
location ~ \.php(/|$) {
# Unmodified fastcgi_params from nginx distribution.
include fastcgi_params;
# Necessary for php.
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
try_files $uri $uri/ /app.php$is_args$args;
fastcgi_pass unix:/dev/shm/php-cgi.sock;
}
# Correctly pass scripts for installer
location /install/ {
# phpBB uses index.htm
try_files $uri $uri/ @rewrite_installapp;
# Pass the php scripts to fastcgi server specified in upstream declaration.
location ~ \.php(/|$) {
# Unmodified fastcgi_params from nginx distribution.
include fastcgi_params;
# Necessary for php.
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
try_files $uri $uri/ /install/app.php$is_args$args;
fastcgi_pass unix:/dev/shm/php-cgi.sock;
}
}
location @rewrite_installapp {
rewrite ^(.*)$ /install/app.php/$1 last;
}
# Deny access to version control system directories.
location ~ /\.svn|/\.git {
deny all;
internal;
}
编程学习网 h2dp.com 每个人都应该学习如何设计程序!
Re: 3.1.10升级3.2后,faq部分access denied
nginx 的配置的确比 apache 的复杂一点。
很高兴,你的弄好了。
很高兴,你的弄好了。