使用Nginx + PHP-FPM的PHP文件的访问被拒绝(403) [英] Access denied (403) for PHP files with Nginx + PHP-FPM
问题描述
我已经在这个问题上花了几个小时,尽管与此相关的帖子很多,但我无法解决.我有一个带有Nginx + PHP-FPM的Fedora 20包装盒,直到今天(我重新加载了php-fpm.service我猜)后效果还不错. Nginx正在提供静态文件,这没有问题,但是任何PHP文件都会触发错误403.
I have been spending few hours on that issue and despite the high number of posts related to it, I cannot solve it. I have a Fedora 20 box with Nginx + PHP-FPM that worked quite good until today (after I reloaded php-fpm.service I guess). Nginx is serving static files with no problem, but any PHP file triggers an error 403.
权限正常,nginx和php-fpm在用户"nginx"下运行:
The permissions are ok, nginx and php-fpm are running under the user "nginx":
root 13763 0.0 0.6 490428 24924 ? Ss 15:47 0:00 php-fpm: master process (/etc/php-fpm.conf)
nginx 13764 0.0 0.1 490428 7296 ? S 15:47 0:00 php-fpm: pool www
nginx 13765 0.0 0.1 490428 7296 ? S 15:47 0:00 php-fpm: pool www
nginx 13766 0.0 0.1 490428 7296 ? S 15:47 0:00 php-fpm: pool www
nginx 13767 0.0 0.1 490428 7296 ? S 15:47 0:00 php-fpm: pool www
nginx 13768 0.0 0.1 490428 6848 ? S 15:47 0:00 php-fpm: pool www
所提供的文件也已设置为nginx用户,我什至结束了chmoding 777这些文件的尝试,但仍然对任何PHP文件访问被拒绝".
The served files have been set to nginx user as well, I even ended chmoding 777 those files to try, but still "Access denied" for any PHP files.
以下是我的Nginx配置的服务器:
Below is a server of my Nginx config:
server {
listen 80;
server_name localhost;
root /var/www/html;
location ~ \.php$ {
fastcgi_intercept_errors on;
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
PHP-FPM池:
[www]
...
listen = 127.0.0.1:9000
user = nginx
group = nginx
...
对于版本:
php-5.5.11 (当然还有 php-fpm-5.5.11 )
nginx-1.4.7
我正在添加Nginx错误日志:
I am adding the Nginx error log:
FastCGI sent in stderr: "Access to the script '/var/www/html' has been denied (see security.limit_extensions)" while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: localhost, request: "GET /index.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "xxx.xxx.xxx.xxx"
精确地确定security.limit_extensions是正确的,将其设置为:security.limit_extensions = .php.
And precise that security.limit_extensions is correct, set to: security.limit_extensions = .php.
关于路径权限,可以遍历/var/www/html . 我想念什么?
About the path permissions, /var/www/html can be traversed. What am I missing?
推荐答案
以下是一些可能的解决方案:
Here are some possible solutions:
-
在您的php-fpm www.conf中,将
security.limit_extensions设置为.php或.php5或任何适合您环境的内容.对于某些用户,完全删除所有值或将其设置为FALSE是使其工作的唯一方法.
In your php-fpm www.conf set
security.limit_extensionsto.phpor.php5or whatever suits your environment. For some users, completely removing all values or setting it toFALSEwas the only way to get it working.
在nginx配置文件中,将fastcgi_pass设置为套接字地址(例如unix:/var/run/php-fpm/php-fpm.sock;),而不是服务器地址和端口.
In your nginx config file set fastcgi_pass to your socket address (e.g. unix:/var/run/php-fpm/php-fpm.sock;) instead of your server address and port.
检查您的SCRIPT_FILENAME fastcgi参数,并根据文件的位置进行设置.
Check your SCRIPT_FILENAME fastcgi param and set it according to the location of your files.
在您的nginx配置文件中,在定义所有其他fastcgi参数的位置块中包含fastcgi_split_path_info ^(.+\.php)(/.+)$;.
In your nginx config file include fastcgi_split_path_info ^(.+\.php)(/.+)$; in the location block where all the other fastcgi params are defined.
在您的php.ini中,将cgi.fix_pathinfo设置为1
In your php.ini set cgi.fix_pathinfo to 1
这篇关于使用Nginx + PHP-FPM的PHP文件的访问被拒绝(403)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
