Skip to content

Instantly share code, notes, and snippets.

@SimonSimCity
Last active December 15, 2015 19:18
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save SimonSimCity/5309891 to your computer and use it in GitHub Desktop.
You can use php_inkl_pathinfo for websites that want to support pathinfo - otherwise you can use php and just drop the pathinfo stuff ;) The php-configuration is
server {
server_name localhost linos;
root /srv/http/$host/www;
index index.php index.html index.htm;
access_log /srv/http/$host/log/nginx.access.log;
error_log /srv/http/localhost/log/nginx.error.log;
location / {
try_files $uri $uri/ =404;
}
location ~ ^.+\.php {
set $fpmkey localhost;
include global/php_inkl_pathinfo;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
# Zero-day exploit defense.
# http://forum.nginx.org/read.php?2,88845,page=3
# Won't work properly (404 error) if the file is not stored on this server, which is entirely possible with php-fpm/php-fcgi.
# Comment the 'try_files' line out if you set up php-fpm/php-fcgi on another machine. And then cross your fingers that you won't get hacked.
try_files $uri =404;
include fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.$fpmkey.sock;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi_params;
# Override settings according to pathinfo
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
# Zero-day exploit defense.
# http://forum.nginx.org/read.php?2,88845,page=3
# Deny execution of the script if it does not end with .php
if ( $fastcgi_script_name !~* .php ) {
return 403;
}
fastcgi_pass unix:/var/run/php5-fpm.$fpmkey.sock;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment