Skip to content

Instantly share code, notes, and snippets.

@davidhamann
Last active August 14, 2022 20:49
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save davidhamann/f589b434071bb7e2a1502643d1dcd8fb to your computer and use it in GitHub Desktop.
Demo files for nginx alias traversal
<?php
$user = 'appuser';
$pass = 'secret';
$db = new PDO('mysql:host=localhost;dbname=test', $user, $pass);
// ...
?>
.
├── docker-compose.yml
├── nginx.conf
└── webapp
├── app
│   ├── db.php
│   └── webroot
│   └── index.php
└── static
└── sample.png
version: "3.7"
services:
web:
image: nginx:alpine
ports:
- 8081:80
networks:
- internal
volumes:
- ./webapp:/var/www/webapp
- ./nginx.conf:/etc/nginx/conf.d/default.conf
depends_on:
- php
php:
image: php:fpm-alpine
volumes:
- ./webapp:/var/www/webapp
networks:
- internal
networks:
internal:
driver: bridge
<?php
echo 'Here is the webroot';
?>
server {
server_name _;
root /var/www/webapp/app/webroot;
index index.php index.html index.htm;
access_log /var/log/nginx/php-access.log;
error_log /var/log/nginx/php-error.log;
location /assets {
alias /var/www/webapp/static/;
}
location / {
try_files $uri $uri/ /index.php?$query_string;
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass php:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment