Docker 带标签 nginx:latest 的 nginx 似乎导致了一个主要问题 - 直接访问 web 目录
Docker ngnix with tag nginx:latest seems causes a major issue - direct acces to web directory
使用图像标签 Nginx:latest 升级 Nginx docker 导致不执行 PHP 文件并给予 直接访问 Web 目录 !
将 docker-compose.yml 从 nginx:1.18.0 升级到 Nginx:latest 似乎会导致一个重大问题。
Ngnix 容器不再执行 PHP 文件并提供对 Web 存储库所有内容的直接访问权限
- 详情:
docker-compose.yml 的摘录(下面的完整可复制示例)
webserver:
#image: nginx:1.8.0
image: nginx:latest
然后是“docker-composer up -d”
提出问题。
效果:
Nginx 1.18.0 不执行 PHP 文件(使用 php7.4-fpm)并直接访问 web 包含
eg: domain.com/index.php 就可以直接下载了!
第一个元素:
image nginx:latest 或 image nginx 产生相同的效果
image nginx:1.8.0(也没有任何明确的 x.y.z 标签)不会产生这个问题
令人不安的事实:
带标签的 nginx 镜像:nginx:mainline 下载版本 # nginx 版本:nginx/1.21.5
带有标签的 nginx 图像:nginx:latest 下载 1.8.0 版本 # nginx 版本:nginx/1.8.0
可能的问题:
图像 nginx:latest 具有以下文件(提取)
/etc/nginx/nginx.conf
html {
(...)
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*; # THIS LINE IS NEW - instantiated a default site
}
不知道这点有没有注意到
Is a Dockerfile with "rm /etc/nginx/sites-enabled/" cmd an acceptable workaround or a prerequisite?
可重现的例子
docker-compose.yml
version: "3"
services:
cms_php:
image: php:7.4-fpm
container_name: cms_php
restart: unless-stopped
networks:
- internal
- external
volumes:
- ./src:/var/www/html
webserver:
# image: nginx:1.18.0 # OK
# image: nginx:1.17.0 # OK
# image: nginx:mainline # OK
image: nginx:latest # NOK
# image: nginx # NOK
container_name: webserver
depends_on:
- cms_php
restart: unless-stopped
ports:
- 80:80
volumes:
- ./src:/var/www/html
- ./nginx-conf:/etc/nginx/conf.d/
networks:
- external
networks:
external:
driver: bridge
internal:
driver: bridge
nginx-conf/nginx.conf
server {
listen 80;
listen [::]:80;
server_name localhost;
index index.php index.html index.htm;
root /var/www/html;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass cms_php:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico {
log_not_found off; access_log off;
}
location = /robots.txt {
log_not_found off; access_log off; allow all;
}
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
}
src/index.php
<?php echo "Hi..."; ?>
通过以下设置,我可以获得所需的数据。我不必更改您的文件。您的 paths/setup 可能有问题。尝试模仿我的设置。我正在使用 nginx:latest.
$ curl localhost:80
Hi...
运行 docker 在此设置中处理
$ docker-compose ps
Name Command State Ports
-----------------------------------------------------------------------
cms_php docker-php-entrypoint php-fpm Up 9000/tcp
webserver /docker-entrypoint.sh ngin ... Up 0.0.0.0:80->80/tcp
文件夹结构
$ tree
.
├── docker-compose.yaml
├── nginx-conf
│ └── nginx.conf
└── src
└── index.php
2 directories, 3 files
src/index.php
$ cat src/index.php
<?php echo "Hi..."; ?>
docker-compose.yaml
$ cat docker-compose.yaml
version: "3"
services:
cms_php:
image: php:7.4-fpm
container_name: cms_php
restart: unless-stopped
networks:
- internal
- external
volumes:
- ./src:/var/www/html
webserver:
image: nginx:latest
container_name: webserver
depends_on:
- cms_php
restart: unless-stopped
ports:
- 80:80
volumes:
- ./src:/var/www/html
- ./nginx-conf:/etc/nginx/conf.d/
networks:
- external
networks:
external:
driver: bridge
internal:
driver: bridge
nginx-conf/nginx.conf
$ cat nginx-conf/nginx.conf
server {
listen 80;
listen [::]:80;
server_name localhost;
index index.php index.html index.htm;
root /var/www/html;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass cms_php:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico {
log_not_found off; access_log off;
}
location = /robots.txt {
log_not_found off; access_log off; allow all;
}
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
}
使用图像标签 Nginx:latest 升级 Nginx docker 导致不执行 PHP 文件并给予 直接访问 Web 目录 !
将 docker-compose.yml 从 nginx:1.18.0 升级到 Nginx:latest 似乎会导致一个重大问题。 Ngnix 容器不再执行 PHP 文件并提供对 Web 存储库所有内容的直接访问权限
- 详情:
docker-compose.yml 的摘录(下面的完整可复制示例)
webserver:
#image: nginx:1.8.0
image: nginx:latest
然后是“docker-composer up -d” 提出问题。
效果: Nginx 1.18.0 不执行 PHP 文件(使用 php7.4-fpm)并直接访问 web 包含 eg: domain.com/index.php 就可以直接下载了!
第一个元素: image nginx:latest 或 image nginx 产生相同的效果 image nginx:1.8.0(也没有任何明确的 x.y.z 标签)不会产生这个问题
令人不安的事实: 带标签的 nginx 镜像:nginx:mainline 下载版本 # nginx 版本:nginx/1.21.5 带有标签的 nginx 图像:nginx:latest 下载 1.8.0 版本 # nginx 版本:nginx/1.8.0
可能的问题: 图像 nginx:latest 具有以下文件(提取)
/etc/nginx/nginx.conf
html {
(...)
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*; # THIS LINE IS NEW - instantiated a default site
}
不知道这点有没有注意到
Is a Dockerfile with "rm /etc/nginx/sites-enabled/" cmd an acceptable workaround or a prerequisite?
可重现的例子
docker-compose.yml
version: "3"
services:
cms_php:
image: php:7.4-fpm
container_name: cms_php
restart: unless-stopped
networks:
- internal
- external
volumes:
- ./src:/var/www/html
webserver:
# image: nginx:1.18.0 # OK
# image: nginx:1.17.0 # OK
# image: nginx:mainline # OK
image: nginx:latest # NOK
# image: nginx # NOK
container_name: webserver
depends_on:
- cms_php
restart: unless-stopped
ports:
- 80:80
volumes:
- ./src:/var/www/html
- ./nginx-conf:/etc/nginx/conf.d/
networks:
- external
networks:
external:
driver: bridge
internal:
driver: bridge
nginx-conf/nginx.conf
server {
listen 80;
listen [::]:80;
server_name localhost;
index index.php index.html index.htm;
root /var/www/html;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass cms_php:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico {
log_not_found off; access_log off;
}
location = /robots.txt {
log_not_found off; access_log off; allow all;
}
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
}
src/index.php
<?php echo "Hi..."; ?>
通过以下设置,我可以获得所需的数据。我不必更改您的文件。您的 paths/setup 可能有问题。尝试模仿我的设置。我正在使用 nginx:latest.
$ curl localhost:80
Hi...
运行 docker 在此设置中处理
$ docker-compose ps
Name Command State Ports
-----------------------------------------------------------------------
cms_php docker-php-entrypoint php-fpm Up 9000/tcp
webserver /docker-entrypoint.sh ngin ... Up 0.0.0.0:80->80/tcp
文件夹结构
$ tree
.
├── docker-compose.yaml
├── nginx-conf
│ └── nginx.conf
└── src
└── index.php
2 directories, 3 files
src/index.php
$ cat src/index.php
<?php echo "Hi..."; ?>
docker-compose.yaml
$ cat docker-compose.yaml
version: "3"
services:
cms_php:
image: php:7.4-fpm
container_name: cms_php
restart: unless-stopped
networks:
- internal
- external
volumes:
- ./src:/var/www/html
webserver:
image: nginx:latest
container_name: webserver
depends_on:
- cms_php
restart: unless-stopped
ports:
- 80:80
volumes:
- ./src:/var/www/html
- ./nginx-conf:/etc/nginx/conf.d/
networks:
- external
networks:
external:
driver: bridge
internal:
driver: bridge
nginx-conf/nginx.conf
$ cat nginx-conf/nginx.conf
server {
listen 80;
listen [::]:80;
server_name localhost;
index index.php index.html index.htm;
root /var/www/html;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass cms_php:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico {
log_not_found off; access_log off;
}
location = /robots.txt {
log_not_found off; access_log off; allow all;
}
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
}