Thursday, August 4, 2016

php - nginx php5-fpm path_info urls and root location

Hello to all nginx & php gurus




I'm installing dotclear (a blogging software written in PHP) on my debian, and I have a hard time configuring nginx, php5-fpm and php so that :




  1. I can use PATH_INFO url rewriting since I'm following Tim Berneer's Lee advice that urls should'nt expose what particular technology you use right now http://www.w3.org/Provider/Style/URI.html

  2. satic-files are not parsed by PHP since it's terribly insecure to let example.org/uploads/image.jpg/index.php to be sent to PHP

  3. have a root location that just works example.com should be rewritten to something like example.com/index.php?start



It seems that until now, I have to choose 2, that's why I'm asking for help here.




So here is my current /etc/nginx/nginx.conf




server {
   server_name articles.eloge-de-la-folie.fr;
   root /srv/data1/articles.eloge-de-la-folie.fr  ;



index index.php?start ;
location / {
         try_files $uri $uri/ @pathinfo ;

         #try_files $uri $uri/ /index.php$uri?$args;
}


# Pretty URLs in dotclear
# activate PATH_INFO urls in /admin/blog_pref.php
location @pathinfo {
rewrite ^ /index.php$uri?$args last;
}
location = / {

rewrite ^ /index.php?start last;
}
location ~ ^(.+.php)(/.*)?$ {
include fastcgi_params_pathinfo ;
}



}



I put everything fastcgi related in a separate /etc/fastcgi_params_pathinfo config file





fastcgi_param   QUERY_STRING        $query_string;
fastcgi_param   REQUEST_METHOD      $request_method;
fastcgi_param   CONTENT_TYPE        $content_type;
fastcgi_param   CONTENT_LENGTH      $content_length;

#fastcgi_param  SCRIPT_FILENAME     $request_filename;
fastcgi_param   SCRIPT_NAME     $fastcgi_script_name;
fastcgi_param   PATH_INFO               $fastcgi_path_info;

fastcgi_param   REQUEST_URI     $request_uri;
fastcgi_param   DOCUMENT_URI        $document_uri;
fastcgi_param   DOCUMENT_ROOT       $document_root;
fastcgi_param   SERVER_PROTOCOL     $server_protocol;

fastcgi_param   GATEWAY_INTERFACE   CGI/1.1;
fastcgi_param   SERVER_SOFTWARE     nginx/$nginx_version;

fastcgi_param   REMOTE_ADDR     $remote_addr;
fastcgi_param   REMOTE_PORT     $remote_port;

fastcgi_param   SERVER_ADDR     $server_addr;
fastcgi_param   SERVER_PORT     $server_port;
fastcgi_param   SERVER_NAME     $server_name;

fastcgi_param   HTTPS           $https;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param   REDIRECT_STATUS     200;



# this is what I changed
fastcgi_pass    127.0.0.1:9000;
fastcgi_index   index.php;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;


Also in /etc/php5/fpm/pool.d/www.conf, I made sure to uncomment this 





security.limit_extensions = .php ;


What happen currently ?
- example.com/index.php and example.com/post/test are passed to the php interpretor and work
- example.com/css/style.css are not passed to php and works
- but when I go to example.com, the index.php is just downloaded, not interpreted.




My location = / { configuration here } is apparently never matched :(



Thanks in advance,



Jean-Michel

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...