location ~ .php($|/) {
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/nginx/php-fcgi.socket;
fastcgi_index index.php;
}
index index.html index.php;
요런식으로 세팅하면 아파치에서 처럼 a.php/a/b/c 형식의 실행이 가능해집니다.
아래의 세팅을 적용하면
http://phpschool.com/gnuboard4/bbs/board.php?bo_table=qna_install&wr_id=98096
요 보안문제가 해결됩니다.
filename: /etc/nginx/fastcgi_params
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
set $fastcgi_script_realname $fastcgi_script_name;
set $path_info $fastcgi_path_info;
if ( $fastcgi_script_name ~ ^(.*.php)(/.*)$ ) {
set $fastcgi_script_realname $1;
set $path_info $2;
}
if (!-f $document_root$fastcgi_script_realname) {
return 404;
}
fastcgi_param PATH_INFO $path_info;
fastcgi_param SCRIPT_NAME $fastcgi_script_realname;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_realname;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root/;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with –enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
===========================================================
위키가 wiki.php/FrontPage 이런식으로 쓰는데, 안되서 .php$ 설정을 바꿔보다가 그 보안문제를 발견했습니다.
nginx 자체에서 해결책이 나오기전에는 이 방법으로…
기본 fastcgi_params 에서
set $fastcgi_script_realname $fastcgi_script_name;
if ( $fastcgi_script_name ~ ^(.*.php)(/.*)$ ) {
set $fastcgi_script_realname $1;
set $path_info $2;
}
if (!-f $document_root$fastcgi_script_realname) {
return 404;
}
fastcgi_param PATH_INFO $path_info;
fastcgi_param SCRIPT_NAME $fastcgi_script_realname;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_realname;
====================================================
- php.ini 에서 보안문제로 cgi.fix_pathinfo=0 를 설정했더니, 이런 일이 생긴 것 같습니다.
실제로 이 설정만 해주면, 위에 알려주신 Nginx 설정을 따로 안 해줘도 되는 것 같습니다.
http://cnedelcu.blogspot.com/2010/05/nginx-php-via-fastcgi-important.html
=======================================================
- CI 쪽은 전.
if (!-f $request_filename) {
rewrite ^/CI_forum/(.+)$ /CI_forum/index.php/$1 last;
}이런식으로 지정해서 사용하고 있습니다.
일단 동작은 하는데, 다른 문제가 있는지는 더 테스트해봐야 겠습니다.저는 CI_forum 폴더 아래에서 CI 를 돌리는데.
document_root 에서 돌린다면.
rewrite ^/(.+)$ /index.php/$1 last;
으로 하면 될 듯 하네요.
==============================================================
- 최신 nginx
fastcgi_split_path_info ^(.+.php)(/.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info if_not_empty;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root/;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param HTTPS $https if_not_empty;fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;# PHP only, required if PHP was built with –enable-force-cgi-redirect
#fastcgi_param REDIRECT_STATUS 200;
