Nginx Common Configuration Error
1. Use the root command in location
The good habit should be to configure the root command in the server block
server {server_name www.domain.com; root/var/www/nginx-default/; Location/{[...] } location/foo {[...] } location/bar {[...] }}
2. Multiple index directives
The good habit is to use the index once in the HTTP block, why use multiple times?
HTTP {index index.php index.htm index.html; server {server_name www.domain.com; Location/{[...] }} server {server_name domain.com; Location/{[...] } location/foo {[...] } }}
3. Using the IF directive
Wrong configuration:
server {server_name domain.com *.domain.com; if ($host ~* ^www\. +) {set $raw _domain $; Rewrite ^/(. *) $ $raw _domain/$1 permanent; [...] }}
The IF directive at this time forces the detection of every request for all domains, which is inefficient and can be replaced with two server directives
The correct configuration:
server {server_name www.domain.com; Return 301 $scheme://domain.com$request_uri;} server {server_name domain.com; [...]}
4. Check the existence of the file
Using the If detection file exists is very bad and you should use Try_files
Wrong configuration:
server {root/var/www/domain.com; Location/{if ' (!-f $request _filename) {break; } }}
The correct configuration:
server {root/var/www/domain.com; Location/{try_files $uri $uri//index.html; }}
5. Pass an uncontrolled request to PHP
Wrong configuration:
Location ~* \.php$ {Fastcgi_pass backend; ...}
In this case, each request that ends with PHP is passed to PHP, and the default PHP configuration will guess if the file you requested exists.
For example, a request like /forum/avatar/1232.jpg/file.php
this, the file does not exist, but /forum/avatar/1232.jpg
the file exists, so PHP will handle the replacement processing this file, if the file is embedded in the PHP code, PHP will execute the corresponding code.
The following methods can be used to avoid:
*. Set cgi.fix_pathinfo=0 in PHP.ini, which will allow PHP to process only the requested file and stop processing if the file does not exist.
*. Make sure Nginx only handles schema-matching PHP files
Location ~* (file_a|file_b|file_c) \.php$ {Fastcgi_pass backend; ...}
*. prohibit execution of PHP files in directories uploaded by specified users
Location/uploaddir {Location ~ \.php$ {return 403;} ...}
*. Use Try_files to filter non-existent pages
Location ~* \.php$ {try_files $uri = 404; Fastcgi_pass backend; ...}
*. Use nested location to filter problematic pages
Location ~* \.php$ {location ~ \. */.*\.php$ {return 404;} Fastcgi_pass backend; ...}
fastcgi path in 6.script filename
Do not use the absolute root path, use the variable
Wrong configuration:
Fastcgi_param script_filename/var/www/yoursite.com/$fastcgi _script_name;
The correct configuration:
Fastcgi_param script_filename $document _root$fastcgi_script_name;
The $document_root here is the value of the root command in the server block.
7. Rewrite the relevant
Wrong configuration:
Rewrite ^/(. *) $ http://domain.com/$1 permanent;
Rewrite ^ Http://domain.com$request_uri? Permanent
Correct configuration: No need to detect regular expressions, more efficient
return 301 Http://domain.com$request_uri;
8. Overwrite lost / http
Wrong configuration:
Rewrite ^/blog (/.*) $ blog.domain.com$1 permanent;
The correct configuration:
Rewrite ^/blog (/.*) $ http://blog.domain.com$1 permanent;
9. Agent-related
Wrong configuration: All pages Tong Tong to PHP
server {server_name example.org; Root/var/www/site; Location/{include fastcgi_params; Fastcgi_param script_filename $document _root$fastcgi_script_name; Fastcgi_pass Unix:/tmp/phpcgi.socket; }}
Correct configuration: Priority to handle static pages, and then hand over to PHP processing
server {server_name example.org; Root/var/www/site; Location/{try_files $uri $uri/@proxy; } location @proxy {include fastcgi.conf; Fastcgi_pass Unix:/tmp/php-fpm.sock; }}
Or
server {server_name example.org; Root/var/www/site; Location/{try_files $uri $uri//index.php; } location ~ \.php$ {include fastcgi.conf; Fastcgi_pass Unix:/tmp/php-fpm.sock; }}
This article is from the "Linux is belong to You" blog, make sure to keep this source http://jwh5566.blog.51cto.com/7394620/1691032
Common pitfalls in Nginx configuration