NginX友好PHP框架

带nginx的Symfony 1.4非常棒。我已经做了调整,这里是我的生产配置的一个概括,我可以保证是适合生产使用。

server {
  listen 80;

  server_name mysite.com;

  root /var/www/mysite.com/web;
  access_log /var/log/nginx/mysite.com.access.log;
  error_log /var/log/nginx/mysite.com.error.log;

  location ~ ^/(index|frontend|frontend_dev|backend|backend_dev)\.php$ {
    include fastcgi_params;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
    fastcgi_param HTTPS off;
    fastcgi_pass   127.0.0.1:9000;
  }

  location / {
    index index.php;
    try_files $uri /index.php?$args;
  }
}

server {
  listen 443;

  ssl on;
  ssl_certificate      /etc/ssl/certs/mysite.com.crt;
  ssl_certificate_key  /etc/ssl/private/mysite.com.key;

  server_name mysite.com;

  root /var/www/mysite.com/web;
  access_log /var/log/nginx/mysite.com.access.log;
  error_log /var/log/nginx/mysite.com.error.log;
  location ~ ^/(index|frontend|frontend_dev|backend|backend_dev)\.php$ {
    include fastcgi_params;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
    fastcgi_param HTTPS on;
    fastcgi_pass   127.0.0.1:9000;
  }

  location / {
    index index.php;
    try_files $uri /index.php?$args;
  }
}

PHP5.4注释

dotdeb附带的php5 fpm 5.4现在默认使用套接字而不是环回。如果您使用的是PHP 5.4,并且使用上述配置得到一个坏的网关错误,请尝试替换 127.0.0.1:9000 具有 unix:/var/run/php5-fpm.sock .

security.limit_extensions . 如果您修改了位置regex以包含 .php . 以下安全说明仍然适用。

安全说明

此配置只解析index.php、frontend.php、frontend_dev.php、backend.php和backend_dev.php文件。

使用php和nginx,而不仅仅是symfony,使用

location \.php$ {
  ...
}

导致与使用pathinfo的url相关的安全漏洞,如/index.php/foo/bar。

有关详细信息,请参见 nginx+php-cgi security alert

平台

这很管用而且很安全 德比安挤压 使用的系统 用于nginx和php fpm的dotdeb 包,以及 Ubuntu10.04露西德林克斯 使用的系统 . 它可能工作,也可能不工作,在其他系统上是安全的。

使用说明

要添加另一个PHP文件additionalfile.PHP以进行解析,请在两个位置块中使用此语法:

... }

Symfony 2.0出局了!以下是根据上述1.4配置改编的配置:

server {
  listen 80;

  server_name symfony2;
  root /var/www/symfony2/web;

  error_log /var/log/nginx/symfony2.error.log;
  access_log /var/log/nginx/symfony2.access.log;

  location / {
    index app.php;
    if (-f $request_filename) {
      break;
    }
    rewrite ^(.*)$ /app.php last;
  }

  # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
  #
  location ~ (app|app_dev).php {
    include fastcgi_params;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
    fastcgi_param HTTPS off;
    fastcgi_pass   127.0.0.1:9000;
  }
}

server {
  listen 443;

  server_name symfony2;
  root /var/www/symfony2/web;

  ssl on;
  ssl_certificate      /etc/ssl/certs/symfony2.crt;
  ssl_certificate_key  /etc/ssl/private/symfony2.key;

  error_log /var/log/nginx/symfony2.error.log;
  access_log /var/log/nginx/symfony2.access.log;

  location / {
    index app.php;
    if (-f $request_filename) {
      break;
    }
    rewrite ^(.*)$ /app.php last;
  }

  # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
  #
  location ~ (app|app_dev).php {
    include fastcgi_params;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
    fastcgi_param HTTPS off;
    fastcgi_pass   127.0.0.1:9000;
  }
}

Here's a post that sets up nginx for codeigniter .

[ https://raw.githubusercontent.com/korjavin/docker-nginx-symfony/my/default][1]