gpt4 book ai didi

Nginx,臭名昭著的 "Input file not specified",包括解决方案以及有关所需解决方案的可能解释

转载 作者:行者123 更新时间:2023-12-02 21:44:42 27 4
gpt4 key购买 nike

很抱歉这么长的标题,没把握把它说得优雅

我根据这两个很棒的教程设置了我的第一个 nginx:

设置 http://fideloper.com/ubuntu-12-04-lemp-nginx-setup

安全 http://publications.jbfavre.org/web/php-fpm-apps-server-nginx.en

然后我遇到了这个臭名昭著的“未指定输入文件”

我设法修复了它,但我仍然不明白究竟出了什么问题,我希望你能帮助我理解这个问题。

vim/etc/nginx/sites-available/www.mysite.com

server {
#listen 80; ## listen for ipv4; this line is default and implied
#listen [::]:80 default ipv6only=on; ## listen for ipv6

root /var/www/vhosts/mysite.com/w/w/w/www/htdocs;
index index.php index.html index.htm;

# Make site accessible from http://www.mysite.com
server_name www.mysite.com;

access_log /var/www/vhosts/mysite.com/w/w/w/www/logs/access_mysite.log;
error_log /var/www/vhosts/mysite.com/w/w/w/www/logs/error_mysite.log;
# Specify a character set
charset utf-8;

# h5bp nginx configs
include conf/h5bp.conf;
#include /var/www/vhosts/mysite.com/w/w/w/www/config/nginx.conf

location / {
# First attempt to serve request as file, then
# as directory, then fall back to index.html
try_files $uri $uri/ /index.html;
#root /var/www/vhosts/mysite.com/w/w/w/www/htdocs/;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules


location /doc/ {
alias /usr/share/doc/;
autoindex on;
allow 127.0.0.1;
deny all;
}

# Don't log robots.txt or favicon.ico files
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { access_log off; log_not_found off; }

# 404 errors handled by our application, for instance Symfony
error_page 404 /app.php;

location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini

# With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# With php5-fpm:
fastcgi_pass unix:/var/run/nginx/www.mysite.com.sock;
fastcgi_index index.php;
include fastcgi_params;

# this specific line FIXED the no input file specified
fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
}

# Deny access to .htaccess
location ~ /\.ht {
deny all;
}

# Only for nginx-naxsi : process denied requests
#location /RequestDenied {
# For example, return an error code
#return 418;
#}

# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
}

vim/var/www/vhosts/mysite.com/w/w/w/www/config/fpm-pool.conf

[www.mysite.com]
listen = /var/run/nginx/www.mysite.com.sock
listen.backlog = -1
listen.allowed_clients = 127.0.0.1
listen.owner = www.mysite.com
listen.group = mysite.com
listen.mode = 0666

user = www.mysite.com
group = mysite.com

pm = dynamic
pm.max_requests = 0
pm.max_children = 2
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 1

pm.status_path = /php_pool_wwww.mysite.com_status
ping.path = /www.mysite.com_ping
ping.response = www.mysite.com_pong

request_terminate_timeout = 2
request_slowlog_timeout = 1
slowlog = /var/www/vhosts/mysite.com/w/w/w/www/logs/php-slow.log

;rlimit_files = 1024
;rlimit_core = 0

chroot = /var/www/vhosts/mysite.com/w/w/w/www/htdocs/
; Chdir to this directory at the start. This value must be an absolute path.
; Default Value: current directory or / when chroot
;chdir = /

catch_workers_output = yes

env[HOSTNAME] = $HOSTNAME
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp


; php_value/php_flag - you can set classic ini defines which can
; be overwritten from PHP call 'ini_set'.
; php_admin_value/php_admin_flag - these directives won't be overwritten by
; PHP call 'ini_set'
php_flag[display_errors] = on
php_admin_value[error_log] = /logs/php_err.log
php_admin_flag[log_errors] = on
php_admin_value[memory_limit] = 1M
php_value[max_execution_time] = 2

很抱歉发了这么长的帖子,只想提供尽可能多的细节。如您所见,行“fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;”帮助解决了这个问题。但为什么它首先会发生呢?我怀疑它与 chroot 有关,我怀疑 php 文件的绝对路径被认为是相对于 chroot 的某种方式?

-----编辑 1:

chroot = /var/www/vhosts/mysite.com/w/w/w/www/
; Chdir to this directory at the start. This value must be an absolute path.
; Default Value: current directory or / when chroot
chdir = /htdocs

我试图查看是否可以将 chroot 1 目录向上移动并使用 chdir 使其开始从 htdocs 文件夹加载,但随后我得到了未指定的输入文件。

PS:我有 cgi.fix_pathinfo=1 btw,按照建议 here使其与 SF2 一起运行

最佳答案

No Input File Specified 这意味着您没有将要执行的 php 文件的路径传递给 php-fpm。这是由 SCRIPT_FILENAME 参数传递的。

出于安全原因,最好有 cgi.fix_pathinfo=0 。 Symfony 会使用它,不用担心。

php block 是重要的部分。

位置 ~\.php$这意味着如果 uri 以“.php”结尾,它将被传递给 php。现在如果有一个图像并且一些攻击者添加了“.php”,启用 fix_pathinfo 它将被传递给 php 处理程序并可以在服务器中执行任意代码。所以我建议你在 php.ini 中添加 cgi.fix_pathinfo=0 并从 nginx 中删除 fastcgi_split_path_info ^(.+\.php)(/.+)$;

我为 symfony2 使用的配置是,

server {
listen 80;
server_name projectname.local;

root /Users/sarim/Sites/php55/projectname/web;
index app_dev.php index.html index.htm;

location / {
try_files $uri $uri/ /app_dev.php?$args;
}

location ~ ^/(app|app_dev|config)\.php(/|$) {
fastcgi_pass unix:/usr/local/var/run/php55.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}

}

这里检查 location/ block 。 try_files $uri $uri/确保提供静态文件。然后,如果它不是静态文件,则传递给/app_dev.php。

现在检查php location block ,只能访问app或app_dev或config.php。没有任意文件执行。现在是重要的 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 行。它应该始终是 $document_root$fastcgi_script_name。这样php就可以找到文件了。

关于Nginx,臭名昭著的 "Input file not specified",包括解决方案以及有关所需解决方案的可能解释,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/19739433/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com