问题描述

在上一个问题中，我试图使用Nginx和.htpasswd和regex对我的/admin/和子文件夹目录进行密码保护.

In a previous question, I was trying to password protect my /admin/ and sub-folders directory using Nginx with .htpasswd and regex.

这已经成功完成，但是现在，密码验证完成后，Nginx提示下载" php文件，而不是简单地加载它们.

That was done successfully, but now, after password authentication was completed, Nginx prompts to "download" php files, rather than simply loading them.

当新位置身份验证"块被注释掉时，不会发生这种情况.例如，在此代码示例中，PHP页面加载没有任何问题:

This doesn't happen when the new location "authentication" block is commented out. For instance, in this code sample, PHP pages load without any issue:

    location / {
            try_files $uri $uri/ =404;
    }

    #location "~^/admin/.*$" {
    #       try_files $uri $uri/ =404;
    #       auth_basic "Restricted";
    #       auth_basic_user_file /etc/nginx/.htpasswd;
    #}

    location ~ \.php$ {
            try_files $uri =404;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
    }

我该如何解决这些(显然有冲突的)位置块，因此/admin/部分受密码保护，但php文件仍然加载?

How can I resolve these (apparently conflicting) location blocks, so the /admin/ section is password protected yet php files still load?

推荐答案

问题是对 nginx如何处理请求.基本上，nginx选择一个位置来处理请求.

The problem is a fundamental misunderstanding as to how nginx processes a request. Basically, nginx chooses one location to process a request.

您希望nginx在需要auth_basic的位置块中处理以/admin开头的URI.另外，需要将以.php结尾的URI发送到PHP7.

You want nginx to process URIs that begin with /admin in a location block that requires auth_basic. In addition, URIs that end with .php need to be sent to PHP7.

因此，您需要两个fastcgi块，一个用于处理普通的PHP文件，另一个用于处理受限制的PHP文件.

So you need two fastcgi blocks, one to process normal PHP files and one to process restricted PHP files.

location指令有几种形式.您已经发现正则表达式的位置是有序的，因此您的location "~^/admin/.*$"块有效地防止了location ~ \.php$块看到任何以/admin开头并以.php结尾的URI.

There are several forms of location directive. You have already discovered that the regex locations are ordered and therefore your location "~^/admin/.*$" block effectively prevents the location ~ \.php$ block from seeing any URI beginning with /admin and ending with .php.

一个干净的解决方案是使用嵌套的位置块并使用^~修饰符，该修饰符强制前缀位置优先于正则表达式位置:

A clean solution would be to use nested location blocks and employ the ^~ modifier which forces a prefix location to take precedence over a regex location:

location / {
    try_files $uri $uri/ =404;
}

location ~ \.php$ {
    try_files $uri =404;

    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
}

location ^~ /admin/ {
    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/.htpasswd;

    try_files $uri $uri/ =404;

    location ~ \.php$ {
        try_files $uri =404;

        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
    }
}

请注意，location ^~是前缀位置，而不是正则表达式位置.

Note that location ^~ is a prefix location and not a regex location.

还要注意，在location ~ \.php$块中不需要fastcgi_split_path_info和fastcgi_index指令.

Note also that the fastcgi_split_path_info and fastcgi_index directives are not required in a location ~ \.php$ block.

这篇关于Nginx成功地用密码保护了PHP文件，但随后提示您下载它们的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！