Ssl PHP文件可以';在Nginx/php fpm上启用HTTPS后无法执行
我在Nginx/php fpm服务器上启用了HTTPS,服务器仍然运行良好,但我无法访问php文件,它将被下载而不是运行,如果我禁用HTTPS块,则可以访问php文件。我是HTTPS新手,这是我第一次拥有SSL证书,所以我想安装到我的服务器。 有什么想法吗 My/etc/nginx/nginx.conf:Ssl PHP文件可以';在Nginx/php fpm上启用HTTPS后无法执行,ssl,nginx,https,php,Ssl,Nginx,Https,Php,我在Nginx/php fpm服务器上启用了HTTPS,服务器仍然运行良好,但我无法访问php文件,它将被下载而不是运行,如果我禁用HTTPS块,则可以访问php文件。我是HTTPS新手,这是我第一次拥有SSL证书,所以我想安装到我的服务器。 有什么想法吗 My/etc/nginx/nginx.conf: user www-data; worker_processes 1; pid /run/nginx.pid; worker_rlimit_nofile 10240; events {
user www-data;
worker_processes 1;
pid /run/nginx.pid;
worker_rlimit_nofile 10240;
events {
use epoll;
worker_connections 10240;
# multi_accept on;
}
timer_resolution 500ms;
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
client_header_buffer_size 64;
client_max_body_size 6m;
server_names_hash_bucket_size 64;
server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
output_buffers 1 32k;
postpone_output 1460;
open_file_cache max=1000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 32k;
fastcgi_buffers 4 32k;
fastcgi_busy_buffers_size 32k;
fastcgi_temp_file_write_size 32k;
##
# Gzip Settings
##
gzip on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
gzip_proxied expired no-cache no-store private auth;
gzip_min_length 0;
gzip_comp_level 2;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
proxy_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=staticfilecache:80m inactive=1d max_size=2500m;
proxy_temp_path /var/lib/nginx/proxy;
proxy_connect_timeout 300;
proxy_read_timeout 120;
proxy_send_timeout 120;
proxy_buffer_size 16k;
proxy_buffers 4 16k;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
server {
listen 80 default_server;
# listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html;
index index.php index.html index.htm;
# Make site accessible from http://localhost/
server_name repodev.com;
return 301 https://$host$request_uri; #rewrite http to https
location / {
try_files $uri $uri/ =404;
}
error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
try_files $uri =404;
# fastcgi_split_path_info ^(.+\.php)(/.+)$;
# # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
#
# # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
user www-data;
worker_processes 1;
pid /run/nginx.pid;
worker_rlimit_nofile 10240;
events {
use epoll;
worker_connections 10240;
# multi_accept on;
}
timer_resolution 500ms;
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
client_header_buffer_size 64;
client_max_body_size 6m;
server_names_hash_bucket_size 64;
server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
output_buffers 1 32k;
postpone_output 1460;
open_file_cache max=1000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 32k;
fastcgi_buffers 4 32k;
fastcgi_busy_buffers_size 32k;
fastcgi_temp_file_write_size 32k;
##
# Gzip Settings
##
gzip on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
gzip_proxied expired no-cache no-store private auth;
gzip_min_length 0;
gzip_comp_level 2;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
proxy_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=staticfilecache:80m inactive=1d max_size=2500m;
proxy_temp_path /var/lib/nginx/proxy;
proxy_connect_timeout 300;
proxy_read_timeout 120;
proxy_send_timeout 120;
proxy_buffer_size 16k;
proxy_buffers 4 16k;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
server {
listen 80 default_server;
# listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html;
index index.php index.html index.htm;
# Make site accessible from http://localhost/
server_name repodev.com;
return 301 https://$host$request_uri; #rewrite http to https
location / {
try_files $uri $uri/ =404;
}
error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
try_files $uri =404;
# fastcgi_split_path_info ^(.+\.php)(/.+)$;
# # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
#
# # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
server {
listen 443 default_server ssl;
server_name repodev.com;
ssl_certificate /etc/ssl/unified.crt;
ssl_certificate_key /etc/ssl/my-private-decrypted.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
keepalive_timeout 70;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNU$
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
root /usr/share/nginx/html;
index index.php index.html index.htm;
}
}
请理解,SSL服务器是与非SSL服务器完全不同的对象。这意味着,您必须将
location~\.php${…}当然,您的
错误页面和其他所有内容也是如此。请理解,SSL服务器与非SSL服务器是完全独立的对象。这意味着,您必须将location~\.php${…}
块添加到SSL版本中,如果您希望它使用php,则它不是从非SSL服务器继承的
编辑
当然,您的错误页面和其他所有内容也是如此。噢,谢谢您的快速回复。所以我需要在我的/etc/nginx/conf.d/ssl.conf中设置location ~\.php${…}块,不是吗?至少-我会从另一个方向开始,从非ssl conf的副本开始,然后添加ssl内容。非常感谢,我已经在我的ssl.conf中设置location ~\.php${…},现在我的服务器可以使用https访问php文件,提前谢谢,先生。@kaichi您应该将此答案标记为正确,因为它解决了您的问题。谢谢您的快速回复。所以我需要在我的/etc/nginx/conf.d/ssl.conf中设置location ~\.php${…}块,不是吗?至少-我会从另一个方向开始,从非ssl conf的副本开始,然后添加ssl内容。非常感谢,我已经在我的ssl.conf中设置location ~\.php${…},现在我的服务器可以使用https访问php文件,提前谢谢,先生。@kaichi您应该将此答案标记为正确,因为它解决了您的问题。请将最正确的答案标记为已接受,而不是将最正确的答案标记为已接受。