NginX友好的PHP框架
伙计们,我正在寻找一个PHP框架,如果幸运的话,它可以在FastCGI下在nginx中工作,否则,不需要太多调整.
Hey Guys, I'm looking for a PHP framework that, if I'm lucky, just works in nginx under FastCGI, otherwise, one that doesn't take too much tweaking.
带有nginx的Symfony 1.4很棒.我已经进行了调整,这是我可以保证适合生产使用的生产配置的概括.
Symfony 1.4 with nginx is fantastic. I have already done the tweaking, here is a generalization of my production config that I can vouch is fit for production use.
server {
listen 80;
server_name mysite.com;
root /var/www/mysite.com/web;
access_log /var/log/nginx/mysite.com.access.log;
error_log /var/log/nginx/mysite.com.error.log;
location ~ ^/(index|frontend|frontend_dev|backend|backend_dev)\.php$ {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param HTTPS off;
fastcgi_pass 127.0.0.1:9000;
}
location / {
index index.php;
try_files $uri /index.php?$args;
}
}
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/certs/mysite.com.crt;
ssl_certificate_key /etc/ssl/private/mysite.com.key;
server_name mysite.com;
root /var/www/mysite.com/web;
access_log /var/log/nginx/mysite.com.access.log;
error_log /var/log/nginx/mysite.com.error.log;
location ~ ^/(index|frontend|frontend_dev|backend|backend_dev)\.php$ {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_pass 127.0.0.1:9000;
}
location / {
index index.php;
try_files $uri /index.php?$args;
}
}
PHP 5.4注意
dotdeb随附的 php5-fpm 5.4现在默认使用套接字而不是环回.如果您使用的是PHP 5.4,并且使用上述配置时遇到网关错误,请尝试将所有127.0.0.1:9000实例替换为unix:/var/run/php5-fpm.sock.
PHP 5.4 Note
php5-fpm 5.4 that comes with dotdeb now uses sockets instead of the loopback by default. If you are using PHP 5.4 and you are getting a bad gateway error with the above config, try replacing all instances of 127.0.0.1:9000 with unix:/var/run/php5-fpm.sock.
php-fpm 5.4还新限制了可以解析为PHP的文件扩展名,以security.limit_extensions中指定的文件扩展名为限.如果您修改了位置正则表达式以包含除.php以外的其他文件扩展名,这可能会引起您的兴趣.以下安全说明仍然适用.
php-fpm 5.4 also newly limits the file extensions that can be parsed as PHP to those specified in security.limit_extensions. This might be of interested if you have modified the location regex to include other file extensions than .php. The security note below still applies.
此配置仅使用PHP解析文件index.php,frontend.php,frontend_dev.php,backend.php和backend_dev.php.
This config only parses the files index.php, frontend.php, frontend_dev.php, backend.php and backend_dev.php with PHP.
通常使用php和nginx,而不仅仅是symfony,使用
With php and nginx in general, not just with symfony, using
location \.php$ {
...
}
导致与使用pathinfo的URL相关的安全漏洞,例如:/index.php/foo/bar.
causes a security vulnerability related to URLs that use pathinfo, like these: /index.php/foo/bar.
常见的解决方法是在php.ini中设置fix_pathinfo = 0.这会破坏pathinfo URL,并且symfony依赖于它们.此处使用的解决方案是显式指定要解析为php的文件.
The common workaround is to set fix_pathinfo=0 in php.ini. This breaks pathinfo URLs, and symfony relies on them. The solution used here is to explicitly specify the files that get parsed as php.
有关更多信息,请参见 nginx + php-cgi安全警报
For more information, see the nginx+php-cgi security alert
这在使用 dotdeb进行nginx和php-fpm 软件包以及 Ubuntu 10.04 Lucid Lynx 的 Debian Squeeze 系统上有效且安全. >使用 ppa/brianmercer for php-fpm 的系统.在其他系统上,它可能会起作用,也可能不会起作用.
This works and is secure on Debian Squeeze systems that use dotdeb for nginx and php-fpm packages, as well as Ubuntu 10.04 Lucid Lynx systems that use ppa/brianmercer for php-fpm. It might or might not work and be secure on other systems.
要添加另一个PHP文件extrafile.php进行解析,请在两个位置块中使用以下语法:
To add another PHP file additionalfile.php to get parsed, use this syntax in both location blocks:
位置〜^(index | frontend | frontend_dev | backend | backend_dev | additionalfile).php $ { ... }
location ~ ^(index|frontend|frontend_dev|backend|backend_dev|additionalfile).php$ { ... }
Symfony 2.0已发布!这是配置,改编自上面的1.4配置:
Symfony 2.0 is out! Here is the config, adapted from the 1.4 config above:
server {
listen 80;
server_name symfony2;
root /var/www/symfony2/web;
error_log /var/log/nginx/symfony2.error.log;
access_log /var/log/nginx/symfony2.access.log;
location / {
index app.php;
if (-f $request_filename) {
break;
}
rewrite ^(.*)$ /app.php last;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ (app|app_dev).php {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param HTTPS off;
fastcgi_pass 127.0.0.1:9000;
}
}
server {
listen 443;
server_name symfony2;
root /var/www/symfony2/web;
ssl on;
ssl_certificate /etc/ssl/certs/symfony2.crt;
ssl_certificate_key /etc/ssl/private/symfony2.key;
error_log /var/log/nginx/symfony2.error.log;
access_log /var/log/nginx/symfony2.access.log;
location / {
index app.php;
if (-f $request_filename) {
break;
}
rewrite ^(.*)$ /app.php last;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ (app|app_dev).php {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param HTTPS off;
fastcgi_pass 127.0.0.1:9000;
}
}