nginx - php-fpm 如果 index.php 不在 nginx 文件夹中则禁止
nginx - php-fpm Forbidden if the index.php is not present in nginx folder
我们正在尝试使用 kubernetes 在 GCP 上部署应用程序。我们只用 PHP-FPM 创建一个 container/pod,另一个用 NGINX 创建。
我们进行了部署并且一切正常,但是当我们尝试获取名为 index.php 的 'helloword' php 文件时,我们收到来自 NGINX 服务器的错误 403 Forbidden。
所以我尝试进入 NGINX pod 并在 php 项目 (/var/www/html/symfony/public) 的根目录下手动添加 index.php。当我这样做时,神奇的是 NGINX return PHP-FPM 脚本,而不是在 pod 中创建的文件。
为了让你明白我附上NGINX配置
server {
index index.php index.html;
server_name php-docker.local;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /var/www/html/symfony/public;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass symfony:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
NGINX 服务器使用 kubernetes DNS symfony:9000
将请求重定向到 PHP-FPM 服务器
[编辑]
是的,我还有一项服务允许 NGINX 与 PHP-FPM 通信:
apiVersion: apps/v1
kind: Deployment
metadata:
name: symfony
namespace: default
labels:
app: symfony
spec:
selector:
matchLabels:
app: symfony
replicas: 1
template:
metadata:
labels:
app: symfony
tier: back
spec:
containers:
- name: symfony
image: gcr.io/myphone-mmpk/symfony:v.80
#TODO: REMOVE THIS
imagePullPolicy: Always
ports:
- containerPort: 9000
resources:
requests:
memory: 16Mi
cpu: 1m
limits:
memory: 128Mi
cpu: 20m
---
kind: Service
apiVersion: v1
metadata:
name: symfony
namespace: default
spec:
selector:
app: symfony
type: NodePort
ports:
- protocol: TCP
port: 9000
targetPort: 9000
这是ku8的nginx清单:
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
namespace: default
labels:
app: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
volumes:
- name: html
emptyDir: {}
- name: nginx
configMap:
name: nginx-configmap
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
volumeMounts:
- mountPath: /etc/nginx/conf.d
name: nginx
- mountPath: /var/www/html/symfony/public
name: html
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-configmap
namespace: default
data:
default.conf: |
server {
index index.php index.html;
server_name php-docker.local;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /var/www/html/symfony/public;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass symfony:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
---
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
name: nginx-hpa
namespace: default
labels:
app: nginx
spec:
scaleTargetRef:
kind: Deployment
name: nginx
apiVersion: apps/v1
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx-service
namespace: default
labels:
app: nginx
spec:
ports:
- protocol: TCP
port: 80
selector:
app: nginx
type: LoadBalancer
loadBalancerIP: ~
您需要为每个描述应用程序公开端口的服务创建一个 kubernetes 服务。或者将容器放在同一个 pod 中并使用 localhost:9000
内部 kube DNS 看起来像 my-svc.my-namespace.svc.cluster.local
您不需要端口信息,因为这将在服务中描述。
见https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
我用这个 NGINX 配置解决了。不是kubernetes的问题...
server {
server_name php-docker.local;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /var/www/html/symfony/public;
proxy_buffering off;
location = /nginx-health {
access_log off;
return 200 "healthy\n";
}
location / {
try_files $uri /index.php$is_args$args;
}
location ~ \.php {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass symfony:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $document_root;
internal;
}
location ~ \.php$ {
return 404;
}
}
我们正在尝试使用 kubernetes 在 GCP 上部署应用程序。我们只用 PHP-FPM 创建一个 container/pod,另一个用 NGINX 创建。
我们进行了部署并且一切正常,但是当我们尝试获取名为 index.php 的 'helloword' php 文件时,我们收到来自 NGINX 服务器的错误 403 Forbidden。
所以我尝试进入 NGINX pod 并在 php 项目 (/var/www/html/symfony/public) 的根目录下手动添加 index.php。当我这样做时,神奇的是 NGINX return PHP-FPM 脚本,而不是在 pod 中创建的文件。 为了让你明白我附上NGINX配置
server {
index index.php index.html;
server_name php-docker.local;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /var/www/html/symfony/public;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass symfony:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
NGINX 服务器使用 kubernetes DNS symfony:9000
[编辑]
是的,我还有一项服务允许 NGINX 与 PHP-FPM 通信:
apiVersion: apps/v1
kind: Deployment
metadata:
name: symfony
namespace: default
labels:
app: symfony
spec:
selector:
matchLabels:
app: symfony
replicas: 1
template:
metadata:
labels:
app: symfony
tier: back
spec:
containers:
- name: symfony
image: gcr.io/myphone-mmpk/symfony:v.80
#TODO: REMOVE THIS
imagePullPolicy: Always
ports:
- containerPort: 9000
resources:
requests:
memory: 16Mi
cpu: 1m
limits:
memory: 128Mi
cpu: 20m
---
kind: Service
apiVersion: v1
metadata:
name: symfony
namespace: default
spec:
selector:
app: symfony
type: NodePort
ports:
- protocol: TCP
port: 9000
targetPort: 9000
这是ku8的nginx清单:
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
namespace: default
labels:
app: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
volumes:
- name: html
emptyDir: {}
- name: nginx
configMap:
name: nginx-configmap
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
volumeMounts:
- mountPath: /etc/nginx/conf.d
name: nginx
- mountPath: /var/www/html/symfony/public
name: html
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-configmap
namespace: default
data:
default.conf: |
server {
index index.php index.html;
server_name php-docker.local;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /var/www/html/symfony/public;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass symfony:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
---
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
name: nginx-hpa
namespace: default
labels:
app: nginx
spec:
scaleTargetRef:
kind: Deployment
name: nginx
apiVersion: apps/v1
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx-service
namespace: default
labels:
app: nginx
spec:
ports:
- protocol: TCP
port: 80
selector:
app: nginx
type: LoadBalancer
loadBalancerIP: ~
您需要为每个描述应用程序公开端口的服务创建一个 kubernetes 服务。或者将容器放在同一个 pod 中并使用 localhost:9000
内部 kube DNS 看起来像 my-svc.my-namespace.svc.cluster.local
您不需要端口信息,因为这将在服务中描述。
见https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
我用这个 NGINX 配置解决了。不是kubernetes的问题...
server {
server_name php-docker.local;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /var/www/html/symfony/public;
proxy_buffering off;
location = /nginx-health {
access_log off;
return 200 "healthy\n";
}
location / {
try_files $uri /index.php$is_args$args;
}
location ~ \.php {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass symfony:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $document_root;
internal;
}
location ~ \.php$ {
return 404;
}
}