我有一个nginx服务器,所有似乎工作finde但是当我为目录添加auth时,服务器返回php代码作为下载.
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl;
root /var/www/html;
index index.php index.html index.htm;
server_name _;
location ^~ /auth/ {
try_files $uri $uri/ =404;
auth_basic "Auth";
auth_basic_user_file /etc/nginx/.htpasswd;
}
location / {
try_files $uri $uri/ =404;
}
location ~ /\. {
deny all;
}
location ~ \.php${
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /(config\.php|common\.php|cache|files|images/avatars/upload|includes|store) {
deny all;
return 403;
}
location ~* \.(gif|jpe?g|png|css)${
expires 30d;
}
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header Strict-Transport-Security 'max-age=31536000; preload';
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'";
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 10s;
location ~ /\.ht {
deny all;
}
}
没有位置^〜/ auth /一切都还好.
我在不同的浏览器中体验过这一点.
解决方法:
nginx processes a request选择一个位置.新位置不包含执行PHP所需的代码.您应该在/ auth /目录中添加一个nested location block来处理PHP.
location ^~ /auth/ {
try_files $uri $uri/ =404;
auth_basic "Auth";
auth_basic_user_file /etc/nginx/.htpasswd;
location ~ \.php${
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}
...
location ~ \.php${ ... }
标签:php,nginx,authentication,configuration,webserver
来源: https://codeday.me/bug/20191009/1876995.html