使用 Nginx + PHP-FPM 访问 PHP 文件被拒绝 (403) [英] Access denied (403) for PHP files with Nginx + PHP-FPM

问题描述

我已经在这个问题上花费了几个小时，尽管与它相关的帖子数量很多，但我无法解决它.我有一个带有 Nginx + PHP-FPM 的 Fedora 20 机器，直到今天都运行良好(我猜是在我重新加载了 php-fpm.service 之后).Nginx 提供静态文件没有问题，但任何 PHP 文件都会触发错误 403.

权限没问题，nginx和php-fpm都在nginx"用户下运行:

root 13763 0.0 0.6 490428 24924 ?Ss 15:47 0:00 php-fpm:主进程(/etc/php-fpm.conf)nginx 13764 0.0 0.1 490428 7296?S 15:47 0:00 php-fpm:池 wwwnginx 13765 0.0 0.1 490428 7296?S 15:47 0:00 php-fpm:池 wwwnginx 13766 0.0 0.1 490428 7296?S 15:47 0:00 php-fpm:池 wwwnginx 13767 0.0 0.1 490428 7296?S 15:47 0:00 php-fpm:池 wwwnginx 13768 0.0 0.1 490428 6848?S 15:47 0:00 php-fpm:池 www

提供的文件也已设置为 nginx 用户，我什至结束 chmoding 777 这些文件来尝试，但对于任何 PHP 文件仍然拒绝访问".

下面是我的 Nginx 配置的服务器:

服务器{听80；server_name 本地主机；根/var/www/html;位置 ~ .php$ {fastcgi_intercept_errors 开启；try_files $uri =404;fastcgi_pass 127.0.0.1:9000；fastcgi_index index.php;fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;包括 fastcgi_params;}}

PHP-FPM 池:

[www]...听 = 127.0.0.1:9000用户 = nginx组 = nginx...

对于版本:

php-5.5.11(当然还有php-fpm-5.5.11)

nginx-1.4.7

我正在添加 Nginx 错误日志:

 FastCGI 在 stderr 中发送:访问脚本‘/var/www/html’已被拒绝(请参阅 security.limit_extensions)"同时从上游读取响应头，客户端:xxx.xxx.xxx.xxx, server: localhost, request: "GET/index.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "xxx.xxx.xxx.xxx"

并且准确地说 security.limit_extensions 是正确的，设置为:security.limit_extensions = .php.

关于路径权限，/var/www/html可以遍历.我错过了什么?

解决方案

以下是一些可能的解决方案:

1. 在您的 php-fpm www.conf 中将 security.limit_extensions 设置为 .php 或 .php5 或任何适合您环境的内容.对于某些用户，完全删除所有值或将其设置为 FALSE 是使其正常工作的唯一方法.

2. 在您的 nginx 配置文件中，将 fastcgi_pass 设置为您的套接字地址(例如 unix:/var/run/php-fpm/php-fpm.sock;) 而不是您的服务器地址和端口.

3. 检查您的 SCRIPT_FILENAME fastcgi 参数并根据您的文件位置进行设置.

4. 在您的 nginx 配置文件中，在定义所有其他 fastcgi 参数的位置块中包含 fastcgi_split_path_info ^(.+.php)(/.+)$;.p>

5. 在你的 php.ini 中将 cgi.fix_pathinfo 设置为 1

I have been spending few hours on that issue and despite the high number of posts related to it, I cannot solve it. I have a Fedora 20 box with Nginx + PHP-FPM that worked quite good until today (after I reloaded php-fpm.service I guess). Nginx is serving static files with no problem, but any PHP file triggers an error 403.

The permissions are ok, nginx and php-fpm are running under the user "nginx":

root     13763  0.0  0.6 490428 24924 ?        Ss   15:47   0:00 php-fpm: master process (/etc/php-fpm.conf)
nginx    13764  0.0  0.1 490428  7296 ?        S    15:47   0:00 php-fpm: pool www
nginx    13765  0.0  0.1 490428  7296 ?        S    15:47   0:00 php-fpm: pool www
nginx    13766  0.0  0.1 490428  7296 ?        S    15:47   0:00 php-fpm: pool www
nginx    13767  0.0  0.1 490428  7296 ?        S    15:47   0:00 php-fpm: pool www
nginx    13768  0.0  0.1 490428  6848 ?        S    15:47   0:00 php-fpm: pool www

The served files have been set to nginx user as well, I even ended chmoding 777 those files to try, but still "Access denied" for any PHP files.

Below is a server of my Nginx config:

server {
        listen          80;
        server_name     localhost;

        root            /var/www/html;

         location ~ .php$ {
            fastcgi_intercept_errors on;
            try_files $uri =404;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            include        fastcgi_params;
        }
}

The PHP-FPM pool:

[www]
...
listen = 127.0.0.1:9000
user = nginx
group = nginx
...

For the versions:

php-5.5.11 (as well as php-fpm-5.5.11 of course)

nginx-1.4.7

I am adding the Nginx error log:

 FastCGI sent in stderr: "Access to the script '/var/www/html' has been denied (see security.limit_extensions)" while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: localhost, request: "GET /index.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "xxx.xxx.xxx.xxx"

And precise that security.limit_extensions is correct, set to: security.limit_extensions = .php.

About the path permissions, /var/www/html can be traversed. What am I missing?

解决方案

Here are some possible solutions:

1. In your php-fpm www.conf set security.limit_extensions to .php or .php5 or whatever suits your environment. For some users, completely removing all values or setting it to FALSE was the only way to get it working.

2. In your nginx config file set fastcgi_pass to your socket address (e.g. unix:/var/run/php-fpm/php-fpm.sock;) instead of your server address and port.

3. Check your SCRIPT_FILENAME fastcgi param and set it according to the location of your files.

4. In your nginx config file include fastcgi_split_path_info ^(.+.php)(/.+)$; in the location block where all the other fastcgi params are defined.

5. In your php.ini set cgi.fix_pathinfo to 1

这篇关于使用 Nginx + PHP-FPM 访问 PHP 文件被拒绝 (403)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！