0

我正在设置一个在vestaCP+NGINX+php-fpm 和 laravel 后端上运行的新服务器,在安装letsencrypt 后,我​​在除主页外的所有路由器上都遇到404 错误。laravel .env 没问题,我的 nginx 配置如下,另外,控制面板还为 ssl 创建了另一个 nginx 配置文件。该站点在 http 协议上没有任何问题。 

server {
    listen      xx.xxx.xxx.xx:443;
    server_name example.com www.example.com;
    root        /home/admin/web/example.com/public_html;
    index       index.php index.html index.htm;
    access_log  /var/log/nginx/domains/example.com.log combined;
    access_log  /var/log/nginx/domains/example.com.bytes bytes;
    error_log   /var/log/nginx/domains/example.com.error.log error;


    ssl         on;
    ssl_certificate      /home/admin/conf/web/ssl.example.com.pem;
    ssl_certificate_key  /home/admin/conf/web/ssl.example.com.key;

    location / {
             try_files $uri $uri/ /index.php$is_args$args;
    location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
        expires     max;
    }
    location ~ [^/]\.php(/|$) {
        fastcgi_param SCRIPT_FILENAME    $document_root$fastcgi_script_name;
        if (!-f $document_root$fastcgi_script_name) {
        fastcgi_pass    127.0.0.1:9001;

        fastcgi_index   index.php;
        include         /etc/nginx/fastcgi_params;
    }
}

error_page  403 /error/404.html;
error_page  404 /error/404.html;
error_page  500 502 503 504 /error/50x.html;

location /error/ {
    alias   /home/admin/web/example.com/document_errors/;
}

location ~* "/\.(htaccess|htpasswd)$" {
    deny    all;
    return  404;
}
location /vstats/ {
    alias   /home/admin/web/example.com/stats/;
    include /home/admin/conf/web/example.com.auth*;
}

include     /etc/nginx/conf.d/phpmyadmin.inc*;
include     /etc/nginx/conf.d/phppgadmin.inc*;
include     /etc/nginx/conf.d/webmail.inc*;

include     /home/admin/conf/web/nginx.example.com.conf*;
}
4

1 回答 1

1

问题

我不是 Nginx 专家,但在我看来,所有location指令都应该在server指令内,而目前它们不是。你也有嵌套location的指令,我认为它们不是必需的......

首先尝试用这个来解决这个问题:

server {
    listen      xx.xxx.xxx.xx:443;
    server_name example.com www.example.com;
    root        /home/admin/web/example.com/public_html;
    index       index.php index.html index.htm;
    access_log  /var/log/nginx/domains/example.com.log combined;
    access_log  /var/log/nginx/domains/example.com.bytes bytes;
    error_log   /var/log/nginx/domains/example.com.error.log error;


    ssl         on;
    ssl_certificate      /home/admin/conf/web/ssl.example.com.pem;
    ssl_certificate_key  /home/admin/conf/web/ssl.example.com.key;

    location / {
        try_files $uri $uri/ /index.php$is_args$args;
    }

    location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
        expires     max;
    }

    location ~ \.php$ {
        # https://nealpoole.com/blog/2011/04/setting-up-php-fastcgi-and-nginx-dont-trust-the-tutorials-check-your-configuration/
        #try_files $uri =404;
        #try index.php =404;

        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        #fastcgi_pass php:9000;
        fastcgi_pass  127.0.0.1:9001;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_intercept_errors off;
        fastcgi_buffer_size 16k;
        fastcgi_buffers 4 16k;
    }

    error_page  403 /error/404.html;
    error_page  404 /error/404.html;
    error_page  500 502 503 504 /error/50x.html;

    location /error/ {
        alias   /home/admin/web/example.com/document_errors/;
    }

    location ~* "/\.(htaccess|htpasswd)$" {
        deny    all;
        return  404;
    }

    location /vstats/ {
        alias   /home/admin/web/example.com/stats/;
        include /home/admin/conf/web/example.com.auth*;
    }

    include     /etc/nginx/conf.d/phpmyadmin.inc*;
    include     /etc/nginx/conf.d/phppgadmin.inc*;
    include     /etc/nginx/conf.d/webmail.inc*;

    include     /home/admin/conf/web/nginx.example.com.conf*;
}

注意:这未经测试,因此在开发中尝试它,如果您修复文件中的任何语法或错误,请告诉我,以便我可以更新答案。如果您无法修复,请告诉我们出了什么问题,以便我们尝试进一步的帮助。

可能的改进

使用 Laravel 后,您可以尝试遵循 Nginx 配置Php Docker 堆栈,该堆栈可直接与 Laravel 一起使用。

您需要复制以替换 Nginx confserver{}指令中当前的位是这一位:


    # In Laravel we only need serve index.php
    location @proxyphp {
        rewrite (.*) /index.php;
    }

    # serving only index.php increases the security in your application. 
    location ~ /index\.php$ {
        # https://nealpoole.com/blog/2011/04/setting-up-php-fastcgi-and-nginx-dont-trust-the-tutorials-check-your-configuration/
        #try_files $uri =404;
        #try index.php =404;

        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass php:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_intercept_errors off;
        fastcgi_buffer_size 16k;
        fastcgi_buffers 4 16k;
    }

    # Deny access to all php files that are not index.php
    location ~ \.php$ {
        deny all;
    }

安全改进

在 Laravel 中,我们只需要提供 index.php 并且这样做可以提高应用程序的安全性,因为它只有 1 个公共入口点,而不是Laravel 应用程序文件夹中*.php的任何人都可以访问。public

于 2019-02-10T11:52:30.427 回答