Nginx

Nginx : 未在 HTTPS 中提供的圖像

  • May 8, 2014

我的網站上有一個admin/子目錄,我想在 HTTPS 中,所以我嘗試了以下配置,基於這個

server {
   listen 80;

   server_name blob.tld;
   root /srv/www/blob;
   index index.php index.html index.htm;

   location /blog/admin/* {
       return 301 https://$server_name$request_uri;
   }

   location / {
       try_files $uri $uri/ $uri/index.php /index.html;
   }

   location ~ \.php$ {
       fastcgi_split_path_info ^(.+\.php)(/.+)$;
       fastcgi_pass 127.0.0.1:9000;
       fastcgi_index index.php;
       include fastcgi_params;
   }
}

server {
   listen 443 ssl;
   server_name blob.tld;

   root /srv/www/blob/;
   index index.php index.html index.htm;

   ssl_certificate /srv/www/blob.tld.pem;
   ssl_certificate_key /srv/www/blob.tld.key;

   ssl_session_timeout 5m;

   ssl_protocols SSLv3 TLSv1;
   ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
   ssl_prefer_server_ciphers on;

   location /blog/admin {
       fastcgi_split_path_info ^(.+\.php)(/.+)$;
       fastcgi_pass 127.0.0.1:9000;
       fastcgi_index index.php;
       include fastcgi_params;
       try_files $uri $uri/index.php /index.html;
   }

   location / {
       return 301 http://$server_name$request_uri;
   }
}

但隨後admin/style/不提供圖像。

我查看了日誌文件,上面寫著:

/var/log/nginx/access.log:
127.0.0.1 - - [25/Apr/2014:15:06:27 +0200] "GET /blog/admin/style/lock.png HTTP/1.1" 403 46 "-" "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit (KHTML, like Gecko) Chrome/32.0"

/var/log/nginx/error.log:
2014/04/25 15:06:27 [error] 23629#0: *404 FastCGI sent in stderr: "Access to the script '/srv/www/blob/blog/admin/style/lock.png' has been denied (see security.limit_extensions)" while reading response header from upstream, client: 127.0.0.1, server: blob.tld, request: "GET /blog/admin/style/lock.png HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000"

鑑於 error.log 文件,我認為問題來自 HTTPS 伺服器中的第一個位置指令(與 HTTP 的區別是~ \.php$)。所以我試圖做出精確的對稱\.php$在另一location條指令中使用指令):

server {
   listen 443 ssl;
   [...]

   location /blog/admin/* {
       try_files $uri $uri/ $uri/index.php /index.html;
   }

   location / {
       return 301 http://$server_name$request_uri;
   }

   location ~ \.php$ {
       fastcgi_split_path_info ^(.+\.php)(/.+)$;
       fastcgi_pass 127.0.0.1:9000;
       fastcgi_index index.php;
       include fastcgi_params;
   }
}

但是……根本沒有HTTPS。

我仍然有讓圖像在 HTTP 中提供的解決方案,但這有點令人沮喪:

location  /blog/admin/style {
   return 301 http://$server_name$request_uri;
}

我有帶有 php-fpm 的 nginx 1.1.19 和 php 5.3.10。

為什麼在 https 部分中將/blog/admin 下的**所有內容髮送到 FastCGI?**為什麼不像 http 部分那樣為 *.php 制定一個特定的規則?

換句話說,在 http 你有:

location ~ \.php$ {
   fastcgi_split_path_info ^(.+\.php)(/.+)$;
   fastcgi_pass 127.0.0.1:9000;
   fastcgi_index index.php;
   include fastcgi_params;
}

但在 https 下,您有:

location /blog/admin {
   fastcgi_split_path_info ^(.+\.php)(/.+)$;
   fastcgi_pass 127.0.0.1:9000;
   fastcgi_index index.php;
   include fastcgi_params;
   try_files $uri $uri/index.php /index.html;
}

我認為如果您將**/blog/admin更改為~ /blog/admin/.*.php$**您的問題將得到解決…

引用自:https://unix.stackexchange.com/questions/126662

相關問答

Docker

Nextcloud容器無法訪問

  • September 22, 2021
檢視問答
Nginx

具有單獨 Nginx HTTPS SSL 的 Gitlab 無法正常工作

  • August 6, 2016
檢視問答
Systemd

系統配置重置?

  • November 28, 2022
檢視問答
Systemd

systemd 語法變化和差異

  • September 27, 2022
檢視問答
Linux

nginx 如何在屬於 root 的目錄及其所有文件中提供站點服務?

  • July 3, 2022
檢視問答
Scripting

如何測試 nginx 配置文件在 Bash 腳本中是否有效?

  • May 3, 2022
檢視問答