我很遗憾这么长的头衔,不确定地说得很优雅
我根据这两个很棒的教程设置了我的第一个nginx:
设置 http://fideloper.com/ubuntu-12-04-lemp-nginx-setup
安全 http://publications.jbfavre.org/web/php-fpm-apps-server-nginx.en
然后我遇到了这个臭名昭着的“没有输入文件指定”
我设法修复了它,但我仍然不明白到底出了什么问题,我希望你能帮助我理解这个问题。
vim /etc/nginx/sites-available/www.mysite.com
server {
#listen 80; ## listen for ipv4; this line is default and implied
#listen [::]:80 default ipv6only=on; ## listen for ipv6
root /var/www/vhosts/mysite.com/w/w/w/www/htdocs;
index index.php index.html index.htm;
# Make site accessible from http://www.mysite.com
server_name www.mysite.com;
access_log /var/www/vhosts/mysite.com/w/w/w/www/logs/access_mysite.log;
error_log /var/www/vhosts/mysite.com/w/w/w/www/logs/error_mysite.log;
# Specify a character set
charset utf-8;
# h5bp nginx configs
include conf/h5bp.conf;
#include /var/www/vhosts/mysite.com/w/w/w/www/config/nginx.conf
location / {
# First attempt to serve request as file, then
# as directory, then fall back to index.html
try_files $uri $uri/ /index.html;
#root /var/www/vhosts/mysite.com/w/w/w/www/htdocs/;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
location /doc/ {
alias /usr/share/doc/;
autoindex on;
allow 127.0.0.1;
deny all;
}
# Don't log robots.txt or favicon.ico files
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { access_log off; log_not_found off; }
# 404 errors handled by our application, for instance Symfony
error_page 404 /app.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
# With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# With php5-fpm:
fastcgi_pass unix:/var/run/nginx/www.mysite.com.sock;
fastcgi_index index.php;
include fastcgi_params;
# this specific line FIXED the no input file specified
fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
}
# Deny access to .htaccess
location ~ /\.ht {
deny all;
}
# Only for nginx-naxsi : process denied requests
#location /RequestDenied {
# For example, return an error code
#return 418;
#}
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
}
vim /var/www/vhosts/mysite.com/w/w/w/www/config/fpm-pool.conf
[www.mysite.com]
listen = /var/run/nginx/www.mysite.com.sock
listen.backlog = -1
listen.allowed_clients = 127.0.0.1
listen.owner = www.mysite.com
listen.group = mysite.com
listen.mode = 0666
user = www.mysite.com
group = mysite.com
pm = dynamic
pm.max_requests = 0
pm.max_children = 2
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 1
pm.status_path = /php_pool_wwww.mysite.com_status
ping.path = /www.mysite.com_ping
ping.response = www.mysite.com_pong
request_terminate_timeout = 2
request_slowlog_timeout = 1
slowlog = /var/www/vhosts/mysite.com/w/w/w/www/logs/php-slow.log
;rlimit_files = 1024
;rlimit_core = 0
chroot = /var/www/vhosts/mysite.com/w/w/w/www/htdocs/
; Chdir to this directory at the start. This value must be an absolute path.
; Default Value: current directory or / when chroot
;chdir = /
catch_workers_output = yes
env[HOSTNAME] = $HOSTNAME
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
; php_value/php_flag - you can set classic ini defines which can
; be overwritten from PHP call 'ini_set'.
; php_admin_value/php_admin_flag - these directives won't be overwritten by
; PHP call 'ini_set'
php_flag[display_errors] = on
php_admin_value[error_log] = /logs/php_err.log
php_admin_flag[log_errors] = on
php_admin_value[memory_limit] = 1M
php_value[max_execution_time] = 2
我很抱歉这篇长篇文章,只想尽可能详细地说明。如您所见,行“fastcgi_param SCRIPT_FILENAME $ fastcgi_script_name;”帮助解决了这个问题。但为什么它首先发生?我怀疑它与chroot有关,我怀疑php文件的绝对路径是以某种方式被认为是相对于chroot?
-----编辑1:
chroot = /var/www/vhosts/mysite.com/w/w/w/www/
; Chdir to this directory at the start. This value must be an absolute path.
; Default Value: current directory or / when chroot
chdir = /htdocs
我试着看看我是否可以移动chroot 1 dir并使用chdir使其从htdocs文件夹开始加载,但后来我得到了指定的无输入文件。
PS:我有cgi.fix_pathinfo = 1 btw,按照建议here使其与SF2一起运行
答案 0 :(得分:5)
No Input File Specified这意味着你没有将要执行的php文件的路径传递给php-fpm。这是由SCRIPT_FILENAME参数传递的。
出于安全考虑,拥有cgi.fix_pathinfo=0是件好事。 Symfony将与它合作不用担心。
php块是重要的部分。
location ~ \.php$
这意味着如果uri以“.php”结尾,它将被传递给php。现在如果有一个图像并且一些攻击者用它添加“.php”,启用了fix_pathinfo它将被传递给php处理程序并且可以在服务器中执行任意代码。所以我建议你在php.ini中添加cgi.fix_pathinfo=0并从nginx中删除fastcgi_split_path_info ^(.+\.php)(/.+)$;。
我用于symfony2的配置是,
server {
listen 80;
server_name projectname.local;
root /Users/sarim/Sites/php55/projectname/web;
index app_dev.php index.html index.htm;
location / {
try_files $uri $uri/ /app_dev.php?$args;
}
location ~ ^/(app|app_dev|config)\.php(/|$) {
fastcgi_pass unix:/usr/local/var/run/php55.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
这里检查location /块。 try_files $ uri $ uri /确保提供静态文件。然后如果它不是静态文件,则传递给/app_dev.php。
现在检查php位置块,只能访问app或app_dev或config.php。没有任意文件执行。
现在是重要的fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;行。它应该始终是$ document_root $ fastcgi_script_name。这样php可以找到该文件。
答案 1 :(得分:2)
我有同样的错误,我的问题是我在我的加密主目录中有我的php文件。并且我使用www-data用户运行我的fpm,即使文件的权限正确,该用户也无法读取php文件。
解决方案是与拥有主目录的用户一起运行fpm。这可以在下面的文件中更改:
/etc/php5/fpm/pool.d/www.conf
答案 2 :(得分:-2)
我的情况是,使用NGINX提供JavaScript应用程序,并获取未指定输入文件。
解决方案非常简单:
编辑NGINX配置文件,让它始终提供索引文件,而不是搜索PHP文件。例如:
改变这个:
location / {
try_files $uri $uri/ /index.php?$query_string;
}
对此:you can change the index file extension
location / {
try_files $uri $uri/ /index.html;
}