Talk:Nginx: Difference between revisions
Urs Hunkler (talk | contribs) mNo edit summary |
(→Support installations in a subpath (subdirectory): new section) |
||
(One intermediate revision by one other user not shown) | |||
Line 14: | Line 14: | ||
http://serverfault.com/questions/627903/is-the-php-option-cgi-fix-pathinfo-really-dangerous-with-nginx-php-fpm | http://serverfault.com/questions/627903/is-the-php-option-cgi-fix-pathinfo-really-dangerous-with-nginx-php-fpm | ||
I want to propose to add the information how to get Nginx working in MAMP. | I want to propose to add the information how to get Nginx working in MAMP to be able to develop with the same server potentially used on a live site. I needed to research a long time to find this information. | ||
For MAMP add the following two Lines on the Nginx settings page for »Additional parameters ...« | For MAMP add the following two Lines on the Nginx settings page for »Additional parameters ...« | ||
Line 21: | Line 21: | ||
rewrite ^/(.*)/(.*\.php)(/)(.*)$ /$1/$2?file=/$4 last; | rewrite ^/(.*)/(.*\.php)(/)(.*)$ /$1/$2?file=/$4 last; | ||
rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last;</code> | rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last;</code> | ||
== Support installations in a subpath (subdirectory) == | |||
The directives and the examples assume that Moodle is installed at the top directory: | |||
- it is available at https://www.example.com | |||
- and not at https://www.example.com/lms2023 | |||
In the latter case the nginx rules will fail to match. |
Latest revision as of 17:24, 15 February 2023
I've removed the lines from this page instructing users to set the php configuration parameter cgi.fix-pathinfo=0
This line is included in a lot of on-line how-to guides for Nginx/PHP and is explained as a security restriction, see, here and here
In summary, within the context of Nginx and php-fpm the best(?) way to handle potential PATH_INFO vulnerabilities as described in those articles is to use the default behaviour of php-fpm, i.e. within,
/etc/php5/fpm/pool.d/www.conf (debianised)
security.limit_extensions = .php
Either way will work just fine, but this is one step less with no real down sides...
Links:
https://nealpoole.com/blog/2011/04/setting-up-php-fastcgi-and-nginx-dont-trust-the-tutorials-check-your-configuration/
http://serverfault.com/questions/627903/is-the-php-option-cgi-fix-pathinfo-really-dangerous-with-nginx-php-fpm
I want to propose to add the information how to get Nginx working in MAMP to be able to develop with the same server potentially used on a live site. I needed to research a long time to find this information.
For MAMP add the following two Lines on the Nginx settings page for »Additional parameters ...«
rewrite ^/(.*)/(.*\.php)(/)(.*)$ /$1/$2?file=/$4 last;
rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last;
Support installations in a subpath (subdirectory)
The directives and the examples assume that Moodle is installed at the top directory: - it is available at https://www.example.com - and not at https://www.example.com/lms2023
In the latter case the nginx rules will fail to match.