问题描述

我已经在这个问题上花了几个小时，尽管与此相关的帖子很多，但我无法解决.我有一个带有Nginx + PHP-FPM的Fedora 20包装盒，直到今天(我重新加载了php-fpm.service我猜)后效果还不错. Nginx正在提供静态文件，这没有问题，但是任何PHP文件都会触发错误403.

I have been spending few hours on that issue and despite the high number of posts related to it, I cannot solve it. I have a Fedora 20 box with Nginx + PHP-FPM that worked quite good until today (after I reloaded php-fpm.service I guess). Nginx is serving static files with no problem, but any PHP file triggers an error 403.

权限正常，nginx和php-fpm在用户"nginx"下运行:

The permissions are ok, nginx and php-fpm are running under the user "nginx":

root     13763  0.0  0.6 490428 24924 ?        Ss   15:47   0:00 php-fpm: master process (/etc/php-fpm.conf)
nginx    13764  0.0  0.1 490428  7296 ?        S    15:47   0:00 php-fpm: pool www
nginx    13765  0.0  0.1 490428  7296 ?        S    15:47   0:00 php-fpm: pool www
nginx    13766  0.0  0.1 490428  7296 ?        S    15:47   0:00 php-fpm: pool www
nginx    13767  0.0  0.1 490428  7296 ?        S    15:47   0:00 php-fpm: pool www
nginx    13768  0.0  0.1 490428  6848 ?        S    15:47   0:00 php-fpm: pool www

所提供的文件也已设置为nginx用户，我什至结束了chmoding 777这些文件的尝试，但仍然对任何PHP文件访问被拒绝".

The served files have been set to nginx user as well, I even ended chmoding 777 those files to try, but still "Access denied" for any PHP files.

以下是我的Nginx配置的服务器:

Below is a server of my Nginx config:

server {
        listen          80;
        server_name     localhost;

        root            /var/www/html;

         location ~ \.php$ {
            fastcgi_intercept_errors on;
            try_files $uri =404;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            include        fastcgi_params;
        }
}

PHP-FPM池:

[www]
...
listen = 127.0.0.1:9000
user = nginx
group = nginx
...

对于版本:

php-5.5.11 (当然还有 php-fpm-5.5.11 )

nginx-1.4.7

我正在添加Nginx错误日志:

I am adding the Nginx error log:

 FastCGI sent in stderr: "Access to the script '/var/www/html' has been denied (see security.limit_extensions)" while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: localhost, request: "GET /index.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "xxx.xxx.xxx.xxx"

精确地确定security.limit_extensions是正确的，将其设置为:security.limit_extensions = .php.

And precise that security.limit_extensions is correct, set to: security.limit_extensions = .php.

关于路径权限，可以遍历/var/www/html .我想念什么?

About the path permissions, /var/www/html can be traversed.What am I missing?

推荐答案

以下是一些可能的解决方案:

Here are some possible solutions:

1. 在您的php-fpm www.conf中，将security.limit_extensions设置为.php或.php5或任何适合您环境的内容.对于某些用户，完全删除所有值或将其设置为FALSE是使其工作的唯一方法.

1. In your php-fpm www.conf set security.limit_extensions to .php or .php5 or whatever suits your environment. For some users, completely removing all values or setting it to FALSE was the only way to get it working.

在nginx配置文件中，将fastcgi_pass设置为套接字地址(例如unix:/var/run/php-fpm/php-fpm.sock;)，而不是服务器地址和端口.

In your nginx config file set fastcgi_pass to your socket address (e.g. unix:/var/run/php-fpm/php-fpm.sock;) instead of your server address and port.

检查您的SCRIPT_FILENAME fastcgi参数，并根据文件的位置进行设置.

Check your SCRIPT_FILENAME fastcgi param and set it according to the location of your files.

在您的nginx配置文件中，在定义所有其他fastcgi参数的位置块中包含fastcgi_split_path_info ^(.+\.php)(/.+)$;.

In your nginx config file include fastcgi_split_path_info ^(.+\.php)(/.+)$; in the location block where all the other fastcgi params are defined.

在您的php.ini中，将cgi.fix_pathinfo设置为1

In your php.ini set cgi.fix_pathinfo to 1

这篇关于使用Nginx + PHP-FPM的PHP文件的访问被拒绝(403)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！