我遇到了一个奇怪的错误,我的nginx / php5-fpmconfiguration。 我已经在自己的云论坛上发布了这个问题,并且问了nginx论坛,但是他们不知道。 当我searchserverfault时,关于这个主题的build议并不直接适用于我的问题,因为他们都共享一个错误configuration的位置块,我认为,在这里是不是这种情况(我从自己的云文档直接configuration)。
那么问题是什么?
我的nginx error.log填充了这些:
"FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: MY IP, server: MY DOMAIN, request: "GET /core/img/actions/history.svg HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "MY HOSTNAME/DOMAIN", referrer: "MY DOMAIN"
Owncloud运行在一个子目录/srv/www/owncloud,根目录指向/srv/www 。 如果我把相同的configuration指向root /srv/www/owncloud ; 同样的错误是造成,但这次它读取:
FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: IP, server: HOSTNAME, request: "GET /owncloud/owncloud/status.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "HOSTNAME"
注意重复的“owncloud”path… php正在寻找的文件位于/srv/www/owncloud/status.php(也可能是上面错误的.gif,它是一种随机的) ,而不是在/owncloud/owncloud…但是当我将文档根恢复到/ src / www时,php完全忽略了/ owncloudpath! 这让我疯狂…
我的nginxconfiguration看起来是这样的:
user nginx; worker_processes auto; pid /var/run/nginx.pid; events { worker_connections 1024; multi_accept on; use epoll; } http { include /etc/nginx/sites-enabled/*; include mime.types; default_type application/octet-stream; error_log /var/log/nginx/error.log; access_log /var/log/nginx/access.log; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; }
而我自己的云 – 网站configuration:
upstream php-handler { server unix:/var/run/php5-fpm.sock; } server { listen MY IP:4433 ssl; server_name MY DOMAIN; ssl_certificate /etc/ssl/owncloud/owncloud_full.crt; ssl_certificate_key /etc/ssl/owncloud/owncloud.key; ssl_dhparam /etc/ssl/owncloud/dhparam.pem; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/ssl/owncloud/comodo_full_chain.pem; resolver DNS SERVERS valid=300s; resolver_timeout 10s; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_prefer_server_ciphers on; ssl_trusted_certificate /etc/ssl/owncloud/comodo_full_chain.pem; resolver 95.129.51.51 80.244.244.244 valid=300s; resolver_timeout 10s; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_ciphers *LIST OF SECURE CIPHERS*; ssl_session_timeout 10m; ssl_session_cache off; ssl_session_tickets on; ssl_session_ticket_key /etc/nginx/ticketkey; # Add headers to serve security related headers add_header Strict-Transport-Security 'max-age=15768000; includeSubDomains; preload' always; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; # Path to the root of your installation root /srv/www; # set max upload size client_max_body_size 10G; fastcgi_buffers 64 4K; # Disable gzip to avoid the removal of the ETag header gzip off; index index.php; error_page 403 /core/templates/403.php; error_page 404 /core/templates/404.php; rewrite ^/.well-known/carddav /remote.php/carddav/ permanent; rewrite ^/.well-known/caldav /remote.php/caldav/ permanent; # set max upload size client_max_body_size 10G; fastcgi_buffers 64 4K; # Disable gzip to avoid the removal of the ETag header gzip off; index index.php; error_page 403 /core/templates/403.php; error_page 404 /core/templates/404.php; rewrite ^/.well-known/carddav /remote.php/carddav/ permanent; rewrite ^/.well-known/caldav /remote.php/caldav/ permanent; location = /robots.txt { allow all; log_not_found off; access_log off; } location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ { deny all; } location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } location = /robots.txt { allow all; log_not_found off; access_log off; } location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ { deny all; } location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } location / { rewrite ^/remote/(.*) /remote.php last; rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; try_files $uri $uri/ =404; } location ~ \.php(?:$|/) { fastcgi_split_path_info ^(.+\.php)(/.+)$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param HTTPS on; fastcgi_param modHeadersAvailable true; fastcgi_pass php-handler; fastcgi_intercept_errors on; } # Adding the cache control header for js and css files # Make sure it is BELOW the location ~ \.php(?:$|/) { block location ~* \.(?:css|js)$ { add_header Cache-Control "public, max-age=7200"; # Add headers to serve security related headers add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; # Optional: Don't log access to assets access_log off; } location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ { access_log off; } }
如果有人有想法,我会很高兴。
我的环境是:Ubuntu 14.04 VPS,nginx 1.9.11,PHP5-FPM(最新的Ubuntu),apparmorclosures(关掉,因为我遇到这个错误),/ srv文件是可读的nginx用户,我什至把他们为了解决这个错误,但是它没有效果。 在php中的Open_basedir没有任何作用(包括所有相关的位置,但不能解决closures时的错误)。
我想知道如果svg请求被发送到PHP。 尝试改变你的最后一个位置
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf|svg)$ { access_log off; }
我怀疑的原因是这个块,这是所有的请求/发送到PHP,这可能是不必要的
location ~ \.php(?:$|/) {
如果这不能帮助你想知道什么位置阻止请求正在经历。 添加类似这样的每个位置块,并查看请求/响应与Live HTTP头和Firefox(或curl,我认为这是“curl -i”来获取标题,但我可能是错的)
location (whatever) { add_header Z_LOCATION "DESCRIBE LOCATION"; }