2

很抱歉这么长的标题,不确定是否优雅

我正在根据这两个很棒的教程设置我的第一个 nginx:

设置 http://fideloper.com/ubuntu-12-04-lemp-nginx-setup

安全 http://publications.jbfavre.org/web/php-fpm-apps-server-nginx.en

然后我遇到了这个臭名昭著的“未指定输入文件”

我设法解决了它,但我仍然不明白到底出了什么问题,我希望你能帮助我理解这个问题。

vim /etc/nginx/sites-available/www.mysite.com

server {
        #listen   80; ## listen for ipv4; this line is default and implied
        #listen   [::]:80 default ipv6only=on; ## listen for ipv6

        root /var/www/vhosts/mysite.com/w/w/w/www/htdocs;
        index index.php index.html index.htm;

        # Make site accessible from http://www.mysite.com
        server_name www.mysite.com;

        access_log /var/www/vhosts/mysite.com/w/w/w/www/logs/access_mysite.log;
        error_log /var/www/vhosts/mysite.com/w/w/w/www/logs/error_mysite.log;
        # Specify a character set
        charset utf-8;

        # h5bp nginx configs
        include conf/h5bp.conf;
        #include /var/www/vhosts/mysite.com/w/w/w/www/config/nginx.conf

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to index.html
                try_files $uri $uri/ /index.html;
                #root /var/www/vhosts/mysite.com/w/w/w/www/htdocs/;
                # Uncomment to enable naxsi on this location
                # include /etc/nginx/naxsi.rules


        location /doc/ {
                alias /usr/share/doc/;
                autoindex on;
                allow 127.0.0.1;
                deny all;
        }

        # Don't log robots.txt or favicon.ico files
        location = /favicon.ico { log_not_found off; access_log off; }
        location = /robots.txt  { access_log off; log_not_found off; }

        # 404 errors handled by our application, for instance Symfony
        error_page 404 /app.php;

        location ~ \.php$ {
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini

            # With php5-cgi alone:
            # fastcgi_pass 127.0.0.1:9000;
            # With php5-fpm:
            fastcgi_pass unix:/var/run/nginx/www.mysite.com.sock;
            fastcgi_index index.php;
            include fastcgi_params;

            # this specific line FIXED the no input file specified
            fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
        }

        # Deny access to .htaccess
        location ~ /\.ht {
            deny all;
        }

        # Only for nginx-naxsi : process denied requests
        #location /RequestDenied {
                # For example, return an error code
                #return 418;
        #}

        # redirect server error pages to the static page /50x.html
        #
        #error_page 500 502 503 504 /50x.html;
}

vim /var/www/vhosts/mysite.com/w/w/w/www/config/fpm-pool.conf

[www.mysite.com]
    listen                 = /var/run/nginx/www.mysite.com.sock
    listen.backlog         = -1
    listen.allowed_clients = 127.0.0.1
    listen.owner           = www.mysite.com
    listen.group           = mysite.com
    listen.mode            = 0666

    user  = www.mysite.com
    group = mysite.com

    pm                   = dynamic
    pm.max_requests      = 0
    pm.max_children      = 2
    pm.start_servers     = 1
    pm.min_spare_servers = 1
    pm.max_spare_servers = 1

    pm.status_path       = /php_pool_wwww.mysite.com_status
    ping.path            = /www.mysite.com_ping
    ping.response        = www.mysite.com_pong

    request_terminate_timeout = 2
    request_slowlog_timeout   = 1
    slowlog                   = /var/www/vhosts/mysite.com/w/w/w/www/logs/php-slow.log

    ;rlimit_files = 1024
    ;rlimit_core = 0

    chroot = /var/www/vhosts/mysite.com/w/w/w/www/htdocs/
    ; Chdir to this directory at the start. This value must be an absolute path.
    ; Default Value: current directory or / when chroot
    ;chdir = /

    catch_workers_output = yes

    env[HOSTNAME] = $HOSTNAME
    env[TMP]      = /tmp
    env[TMPDIR]   = /tmp
    env[TEMP]     = /tmp


    ;   php_value/php_flag             - you can set classic ini defines which can
    ;                                    be overwritten from PHP call 'ini_set'.
    ;   php_admin_value/php_admin_flag - these directives won't be overwritten by
    ;                                     PHP call 'ini_set'
    php_flag[display_errors]            = on
    php_admin_value[error_log]          = /logs/php_err.log
    php_admin_flag[log_errors]          = on
    php_admin_value[memory_limit]       = 1M
    php_value[max_execution_time]       = 2

很抱歉发了这么长的帖子,只是想尽可能多地提供细节。如您所见,“fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;”行 帮助解决了这个问题。但为什么它首先会发生?我怀疑它与chroot有关,我怀疑php文件的绝对路径被认为是相对于chroot的?

-----编辑1:

chroot = /var/www/vhosts/mysite.com/w/w/w/www/
; Chdir to this directory at the start. This value must be an absolute path.
; Default Value: current directory or / when chroot
chdir = /htdocs

我试图查看是否可以将 chroot 1 目录向上移动并使用 chdir 使其开始从 htdocs 文件夹加载,但随后我得到了指定的无输入文件。

PS:我有 cgi.fix_pathinfo=1 btw,按照这里的建议让它与 SF2 一起运行

4

3 回答 3

5

No Input File Specified这意味着您没有将要执行的 php 文件的路径传递给 php-fpm。这是由 SCRIPT_FILENAME 参数传递的。

出于安全原因,拥有cgi.fix_pathinfo=0. Symfony 可以使用它,不用担心。

php 块是重要的部分。

location ~ \.php$ 这意味着如果 uri 以“.php”结尾,它将被传递给 php。现在,如果有一个图像并且一些攻击者在其中添加了“.php”,则启用 fix_pathinfo 它将被传递给 php 处理程序并可以在服务器中执行任意代码。所以我建议你添加cgi.fix_pathinfo=0php.ini 并fastcgi_split_path_info ^(.+\.php)(/.+)$;从 nginx 中删除。

我用于 symfony2 的配置是,

server {
    listen       80;
    server_name projectname.local;

    root /Users/sarim/Sites/php55/projectname/web;
    index app_dev.php index.html index.htm;

    location / {
    try_files $uri $uri/ /app_dev.php?$args;
    }

    location ~ ^/(app|app_dev|config)\.php(/|$) {
        fastcgi_pass   unix:/usr/local/var/run/php55.sock;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }

}

在这里检查location /块。try_files $uri $uri/ 确保提供静态文件。然后如果它不是静态文件,则传递给 /app_dev.php。

现在检查 php 位置块,只有 app 或 app_dev 或 config.php 可以访问。没有任意文件执行。现在是重要的fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;线。它应该始终是 $document_root$fastcgi_script_name。这样php可以找到文件。

于 2013-11-02T06:37:13.067 回答
2

我有同样的错误,我的问题是我的 php 文件在我的加密主目录中。我使用 www-data 用户运行我的 fpm,即使文件的权限正确,该用户也无法读取 php 文件。

解决方案是与拥有主目录的用户一起运行 fpm。这可以在以下文件中更改:

/etc/php5/fpm/pool.d/www.conf

于 2015-02-11T17:16:41.177 回答
-2

我的情况是,使用 NGINX 为 JavaScript 应用程序提供服务,并且没有指定输入文件。

解决方案非常简单:

编辑你的 NGINX 配置文件,让它始终服务于索引文件,而不是搜索 PHP 文件。例子:

改变这个:

location / {
    try_files $uri $uri/ /index.php?$query_string;
}

对此:you can change the index file extension

location / {
    try_files $uri $uri/ /index.html;
}
于 2017-05-02T16:58:47.053 回答