嘿伙计们,我正在寻找一个PHP框架,如果我很幸运,只需在FastCGI下运行Nginx,否则,不需要太多调整.
解决方法:
使用Nginx的Symfony 1.4非常棒.我已经完成了调整,这里是我的生产配置的概括,我可以保证适合生产使用.
server {
listen 80;
server_name mysite.com;
root /var/www/mysite.com/web;
access_log /var/log/Nginx/mysite.com.access.log;
error_log /var/log/Nginx/mysite.com.error.log;
location ~ ^/(index|frontend|frontend_dev|backend|backend_dev)\.PHP${
include fastcgi_params;
fastcgi_split_path_info ^(.+\.PHP)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param HTTPS off;
fastcgi_pass 127.0.0.1:9000;
}
location / {
index index.PHP;
try_files $uri /index.PHP?$args;
}
}
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/certs/mysite.com.crt;
ssl_certificate_key /etc/ssl/private/mysite.com.key;
server_name mysite.com;
root /var/www/mysite.com/web;
access_log /var/log/Nginx/mysite.com.access.log;
error_log /var/log/Nginx/mysite.com.error.log;
location ~ ^/(index|frontend|frontend_dev|backend|backend_dev)\.PHP${
include fastcgi_params;
fastcgi_split_path_info ^(.+\.PHP)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_pass 127.0.0.1:9000;
}
location / {
index index.PHP;
try_files $uri /index.PHP?$args;
}
}
PHP 5.4注意事项
dotdeb附带的PHP5-fpm 5.4现在默认使用套接字而不是环回.如果您使用的是PHP 5.4并且使用上述配置时出现错误的网关错误,请尝试使用unix:/var/run/PHP5-fpm.sock替换127.0.0.1:9000的所有实例.
PHP-fpm 5.4还新近将可以解析为PHP的文件扩展名限制为security.limit_extensions中指定的文件扩展名.如果您修改了位置正则表达式以包含除.PHP之外的其他文件扩展名,则可能会感兴趣.以下安全说明仍适用.
安全说明
此配置仅使用PHP解析文件index.PHP,frontend.PHP,frontend_dev.PHP,backend.PHP和backend_dev.PHP.
location \.PHP${
...
}
导致与使用pathinfo的URL相关的安全漏洞,如:/index.PHP/foo/bar.
常见的解决方法是在PHP.ini中设置fix_pathinfo = 0.这打破了pathinfo URL,symfony依赖于它们.这里使用的解决方案是显式指定被解析为PHP的文件.
有关更多信息,请参阅nginx+php-cgi security alert
平台
这对于使用dotdeb用于Nginx和PHP-fpm软件包的Debian Squeeze系统以及使用ppa / brianmercer用于PHP-fpm的Ubuntu 10.04 Lucid Lynx系统来说是安全的.它可能或可能不起作用,并且在其他系统上是安全的.
使用说明
要添加另一个PHP文件additionalfile.PHP以进行解析,请在两个位置块中使用此语法:
location~ ^(index | frontend | frontend_dev | backend | backend_dev | additionalfile).PHP ${
…
}
编辑:Symfony 2.0已经发布!这是配置,改编自上面的1.4配置:
server {
listen 80;
server_name symfony2;
root /var/www/symfony2/web;
error_log /var/log/Nginx/symfony2.error.log;
access_log /var/log/Nginx/symfony2.access.log;
location / {
index app.PHP;
if (-f $request_filename) {
break;
}
rewrite ^(.*)$/app.PHP last;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ (app|app_dev).PHP {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.PHP)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param HTTPS off;
fastcgi_pass 127.0.0.1:9000;
}
}
server {
listen 443;
server_name symfony2;
root /var/www/symfony2/web;
ssl on;
ssl_certificate /etc/ssl/certs/symfony2.crt;
ssl_certificate_key /etc/ssl/private/symfony2.key;
error_log /var/log/Nginx/symfony2.error.log;
access_log /var/log/Nginx/symfony2.access.log;
location / {
index app.PHP;
if (-f $request_filename) {
break;
}
rewrite ^(.*)$/app.PHP last;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ (app|app_dev).PHP {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.PHP)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param HTTPS off;
fastcgi_pass 127.0.0.1:9000;
}
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 [email protected] 举报,一经查实,本站将立刻删除。
