LINUX.ORG.RU

nginx 403, если добавить $uri/

 


0

1

Всем привет.

Не могу понять причину.

Если контекст такого вида, то 403 Forbidden

location / {
			try_files $uri $uri/ /index.php?q=$uri&$args;
			location ~ [^/]\.ph(p\d*|tml)$ {
                        try_files /does_not_exists @php;
		}
		     }

Есть убрать $uri/, то сайт работает, но nginx ругается nginx: [emerg] "try_files" directive is duplicate in /etc/nginx/vhosts/012447/my-site.ru.conf:17 nginx: configuration file /etc/nginx/nginx.conf test failed

Я понимаю, что "try_files" directive is duplicate, но почему тогда с $uri/ такой ругани нет?

Сам конфиг

server {
	server_name my-site.ru www.my-site.ru;
	charset UTF-8;
	index index.php, index.html;
	disable_symlinks if_not_owner from=$root_path;
        include /etc/nginx/vhosts-includes/*.conf;
        include /etc/nginx/vhosts-resources/my-site.ru/*.conf;
	access_log /home/httpd-logs/my-site.ru.access.log;
	error_log /home/httpd-logs/my-site.ru.error.log notice;
	ssi on;
	set $root_path /home/012447/data/www/my-site.ru;
	root $root_path;
	listen 11.22.33.44:80;
	include /etc/nginx/vhosts-resources/012447/*.conf;
	location / {
			try_files $uri $uri/ /index.php?q=$uri&$args;
			location ~ [^/]\.ph(p\d*|tml)$ {
                        try_files /does_not_exists @php;
		}
		     }
	return 301 https://$host:443$request_uri;
	location ~* /wp-includes/.*.php$ {
	deny all;
	access_log off;
	log_not_found off;
	}
	location ~* /wp-content/.*.php$ {
	deny all;
	access_log off;
	log_not_found off;
	}	
	location ~* /(?:uploads|files)/.*.php$ {
	deny all;
	access_log off;
	log_not_found off;
	}
	location ~* /themes/.*.php$ {
	deny all;
	access_log off;
	log_not_found off;
	}
	location ~* /plugins/.*.php$ {
	deny all;
	access_log off;
	log_not_found off;
	}	
	location = /xmlrpc.php {
	deny all;
	access_log off;
	log_not_found off;
	}
	location ~* wp-config.php {
    	deny all;
	}
	location ~ ^/\.user\.ini {
	deny all;
	}
#	}
	location ~* ^/wp-content/uploads/.+\.php{
	deny all;
	}
	location ~* .ini$ {
	deny all;
	}
	location ~ \.user\.ini$ {
        deny all;
	}
	 	location @php {	
		fastcgi_index index.php;
                fastcgi_pass unix:/var/www/php-fpm/012447.sock;
		fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f webmaster@my-site.ru";
		fastcgi_split_path_info ^((?U).+\.ph(?:p\d*|tml))(/?.+)$;
                try_files $uri =404;
                include fastcgi_params;
		}
#	location ~* ^/wp-json/ {
#	deny all;
}
server {
	server_name my-site.ru www.my-site.ru;
	ssl_certificate "/var/www/httpd-cert/012447/my-site.ru_le2.crtca";
	ssl_certificate_key "/var/www/httpd-cert/012447/my-site.ru_le2.key";
	ssl_ciphers E!RC4;
	ssl_prefer_server_ciphers on;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_dhparam /etc/ssl/certs/dhparam4096.pem;
	charset UTF-8;
	index index.php, index.html;
	disable_symlinks if_not_owner from=$root_path;
        include /etc/nginx/vhosts-includes/*.conf;
        include /etc/nginx/vhosts-resources/my-site.ru/*.conf;
	access_log /home/httpd-logs/my-site.ru.access.log;
	error_log /home/httpd-logs/my-site.ru.error.log notice;
	ssi on;
	set $root_path /home/012447/data/www/my-site.ru;
	root $root_path;
	include /etc/nginx/vhosts-resources/012447/*.conf;
	location / {
                        try_files $uri $uri/ /index.php?q=$uri&$args;
                        location ~ [^/]\.ph(p\d*|tml)$ {
                        try_files /does_not_exists @php;
                }
                     }
        location ~* /wp-includes/.*.php$ {
        deny all;
        access_log off;
        log_not_found off;
        }
        location ~* /wp-content/.*.php$ {
        deny all;
        access_log off;
        log_not_found off;
        }
        location ~* /(?:uploads|files)/.*.php$ {
        deny all;
        access_log off;
        log_not_found off;
        }
        location ~* /themes/.*.php$ {
        deny all;
        access_log off;
        log_not_found off;
        }
        location ~* /plugins/.*.php$ {
        deny all;
        access_log off;
        log_not_found off;
        }
        location = /xmlrpc.php {
        deny all;
        access_log off;
        log_not_found off;
        }
        location ~* wp-config.php {
        deny all;
        }
        location ~ ^/\.user\.ini {
        deny all;
        }
#        }
        location ~* ^/wp-content/uploads/.+\.php{
        deny all;
        }
        location ~* .ini$ {
        deny all;
        }
        location ~ \.user\.ini$ {
        deny all;
        }
                location @php {
                fastcgi_index index.php;
                fastcgi_pass unix:/var/www/php-fpm/012447.sock;
                fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f webmaster@my-site.ru";
		fastcgi_split_path_info ^((?U).+\.ph(?:p\d*|tml))(/?.+)$;
                try_files $uri =404;
                include fastcgi_params;
		}
	listen 11.22.33.44:443 ssl;
#        location ~* ^/wp-json/ {
#        deny all;
}

Проблему решил правкой в контексте server.

Директива была такой index index.php, index.html;

strace показывал

strace -p 23581 -p 19579 -e trace=file -f

strace: Process 23581 attached
strace: Process 19579 attached
[pid 19579] open("/home/012447/data/www/my-site.ru", O_RDONLY|O_NONBLOCK|O_PATH|O_DIRECTORY) = 71
[pid 19579] openat(71, ".", O_RDONLY|O_NONBLOCK) = 72
[pid 19579] open("/home/012447/data/www/my-site.ru", O_RDONLY|O_NONBLOCK|O_PATH|O_DIRECTORY) = 71
[pid 19579] openat(71, ".", O_RDONLY|O_NONBLOCK) = 72
[pid 19579] open("/home/012447/data/www/my-site.ru", O_RDONLY|O_NONBLOCK|O_PATH|O_DIRECTORY) = 71
[pid 19579] openat(71, "index.php,", O_RDONLY|O_NONBLOCK) = -1 ENOENT (No such file or directory)
[pid 19579] stat("/home/012447/data/www/my-site.ru", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
[pid 19579] open("/home/012447/data/www/my-site.ru", O_RDONLY|O_NONBLOCK|O_PATH|O_DIRECTORY) = 71
[pid 19579] openat(71, "index.html", O_RDONLY|O_NONBLOCK) = -1 ENOENT (No such file or directory)
^Cstrace: Process 23581 detached
strace: Process 19579 detached

Если размещаю файл index.html, то только он и открывается, а index.php по прежнему -1 ENOENT (No such file or directory)

В директиве index оставил только index.php index index.php и nginx начал находить index.php - соответственно сайт заработал.

WTF?

yatakoi ()
Ограничение на отправку комментариев: только для зарегистрированных пользователей