Nginx friendly PHP framework

By Nginx

Hey guys, I’m looking for a PHP framework, if I’m lucky, just run nginx under FastCGI, otherwise, no need to adjust too much.
Symfony 1.4 using nginx is great. I have completed the adjustment, here is a summary of my production configuration, I can guarantee it is suitable for production use. < p>

server {
 listen 80;

 server_name mysite.com;

 root /var/ www/mysite.com/web;
 access_log /var/log/nginx/mysite.com.access.log;
 error_log /var/log/nginx/mysite.com.error.log;

 location ~ ^/(index|frontend|frontend_dev|backend|backend_dev)\.php${
 include fastcgi_params;
 fastcgi_split_path_info ^(.+\.php)(/.+ )$;
 fastcgi_param PATH_INFO $fastcgi_path_info;
 fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
 fastcgi_param HTTPS off;
 fastcgi_pass 127.0.0.1:9000;
 }

 location / {
 index index.php;
 try_files $uri /index.php?$args;
 }
}

 server {
 listen 443;

 ssl on;
 ssl_certificate /etc/ssl/certs/mysite.com.crt;
 ssl_certificate_key /etc/ssl/private/mysite.com.key;

 server_name mysite.com;
< br /> root /var/www/mysite.com/web;
 access_log /var/log/nginx/mysite.com.access.log;
 error_log /var/log/nginx/mysite.com .error.log;
 location ~ ^/(index|frontend|frontend_dev|backend|backend_dev)\.php${
 include fastcgi_params;
 fastcgi_split_path_info ^(.+\.php)( /.+)$;
 fastcgi_param PATH_INFO $fastcgi_path_info;
 fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
 fastcgi_param HTTPS on;
 fastcgi_pass 127.0.0.1:9000;
} 

 location / {
 index index.php;
 try_files $uri /index.php?$args;
 }
}

< p>Notes for PHP 5.4

The php5-fpm 5.4 that comes with dotdeb now uses sockets instead of loopback by default. If you are using PHP 5.4 and there is a wrong gateway error when using the above configuration, please Try to use unix: /var/run/php5-fpm.sock to replace all instances of 127.0.0.1:9000.

php-fpm 5.4 also recently restricted the file extension that can be parsed as PHP to security. limit_extension The file extension specified in s. If you modify the location regular expression to include file extensions other than .php, you may be interested. The following security instructions still apply.

Security instructions

This configuration only uses PHP to parse the files index.php, frontend.php, frontend_dev.php, backend.php and backend_dev.php.

Use php and nginx, not just use symfony

location \.php${
 ...
}

Lead to security vulnerabilities related to URLs using pathinfo , Such as: /index.php/foo/bar.

The common solution is to set fix_pathinfo = 0 in php.ini. This breaks the pathinfo URL and symfony depends on them. The solution used here It is a file that is explicitly specified to be parsed as php.

For more information, please refer to nginx+php-cgi security alert

Platform

This is safe for Debian Squeeze systems using dotdeb for nginx and php-fpm packages and Ubuntu 10.04 Lucid Lynx systems using ppa/brianmercer for php-fpm. It may or may not work, and in other It is safe on the system.

Instructions for use

To add another PHP file additionalfile.php for parsing, please use this syntax in two location blocks:

location~ ^(index | frontend | frontend_dev | backend | backend_dev | additionalfile).php ${

}

Edit: Symfony 2.0 has been released! This is the configuration, adapted from the 1.4 configuration above:

server {
 listen 80;

 server_name symfony2;
 root /var/www/symfony2/web;

 error_log /var/log/nginx/symfony2.error.log;
 access_log /var/log/nginx/symfony2.access.log;< br />
 location / {
 index app.php;
 if (-f $request_filename) {
 break;
 }
 rewrite ^(. *)$/app.php last;
 }

 # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
 #
 location ~ (app |app_dev).php {
 include fastcgi_params;
 fastcgi_split_path_info ^(.+\.php)(/.+)$;
 fastcgi_param PATH_INFO $fastcgi_path_info;
 fastcgi_param PATH_TRANSLATED $document_root $fastcgi_path_info;
 fastcgi_param HTTPS off;
 fastcgi_pass 127.0.0.1:9000;
 }
}

server {
 listen 443;< br />
 server_name symfony2;
 root /var/www/symfony2/web;

 ssl on;
 ssl_certificate /etc /ssl/certs/symfony2.crt;
 ssl_certificate_key /etc/ssl/private/symfony2.key;

 error_log /var/log/nginx/symfony2.error.log;
 access_log /var/log/nginx/symfony2.access.log;

 location / {
 index app.php;
 if (-f $request_filename) {
 break;
 }
 rewrite ^(.*)$/app.php last;
 }

 # pass the PHP scripts to FastCGI server listening on 127.0. 0.1:9000
 #
 location ~ (app|app_dev).php {
 include fastcgi_params;
 fastcgi_split_path_info ^(.+\.php)(/.+)$;< br /> fastcgi_param PATH_INFO $fastcgi_path_info;
 fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
 fastcgi_param HTTPS off;
 fastcgi_pass 127.0.0.1:9000;
 }
}

Hey guys, I’m looking for a PHP framework, if I’m lucky, just run nginx under FastCGI, otherwise, no need for much adjustment.

< p>

Symfony 1.4 using nginx is great. I have completed the adjustment, here is a summary of my production configuration, I can guarantee it is suitable for production use.

< /p> 

server {
 listen 80;

 serv er_name mysite.com;

 root /var/www/mysite.com/web;
 access_log /var/log/nginx/mysite.com.access.log;
 error_log /var/log/nginx/mysite.com.error.log;

 location ~ ^/(index|frontend|frontend_dev|backend|backend_dev)\.php${
 include fastcgi_params; 
 fastcgi_split_path_info ^(.+\.php)(/.+)$;
 fastcgi_param PATH_INFO $fastcgi_path_info;
 fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
 fastcgi_path_info;
 fastcgi_path_info;
 fastcgi_param PATH_INFO $fastcgi_path_info; /> fastcgi_pass 127.0.0.1:9000;
 }

 location / {
 index index.php;
 try_files $uri /index.php?$args;< br /> }
}

server {
 listen 443;

 ssl on;
 ssl_certificate /etc/ssl/certs/mysite .com.crt;
 ssl_certificate_key /etc/ssl/private/mysite.com.key;

 server_name mysite.com;

 root /var/www/ mysite.com/web;
 access_log /var/log/nginx/mysite.com.access.log;
 error_log /var/log /nginx/mysite.com.error.log;
 location ~ ^/(index|frontend|frontend_dev|backend|backend_dev)\.php${
 include fastcgi_params;
 fastcgi_split_path_info ^(. +\.php)(/.+)$;
 fastcgi_param PATH_INFO $fastcgi_path_info;
 fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
 fastcgi_param HTTPS on;
 fastcgi_pass 127.0.0.1:9000 ;
 }

 location / {
 index index.php;
 try_files $uri /index.php?$args;
 }
 }

Notes for PHP 5.4

The php5-fpm 5.4 included with dotdeb now uses sockets instead of loopback by default. It appears if you are using PHP 5.4 and the above configuration is used Wrong gateway error, please try to use unix: /var/run/php5-fpm.sock to replace all instances of 127.0.0.1:9000.

php-fpm 5.4 will also be parsed as PHP files recently The extension is limited to the file extension specified in security.limit_extensions. If you modify the location regular expression to include file extensions other than .php, you may be interested. The following security instructions still apply.

Security instructions

This configuration only uses PHP to parse the files index.php, frontend.php, frontend_dev.php, backend.php and backend_dev.php.

Use php and nginx, not just using symfony

location \.php${
 ...
}

Causing and using pathinfo URL related Security vulnerabilities, such as: /index.php/foo/bar.

The common solution is to set fix_pathinfo = 0 in php.ini. This breaks the pathinfo URL, and symfony depends on them. The one used here The solution is to explicitly specify the files that are parsed as php.

For more information, please refer to nginx+php-cgi security alert

Platform

< p> This is safe for Debian Squeeze systems using dotdeb for nginx and php-fpm packages and Ubuntu 10.04 Lucid Lynx systems using ppa/brianmercer for php-fpm. It may or may not work, and It is safe on other systems.

Instructions for use

To add another PHP file additionalfile.php for parsing, please use this syntax in two location blocks:

p>

location~ ^(index | frontend | frontend_dev | backend | backend_dev | additionalfile).php ${

}

Edit: Symfony 2.0 has been released! This is the configuration, adapted from the 1.4 configuration above:

server {
 listen 80;


 server_name symfony2;
 root /var/www/symfony2/web;


 error_log /var/log/nginx/symfony2.error.log;
 access_log /var/log/nginx/symfony2.access.log;< br />
 location / {
 index app.php;
 if (-f $request_filename) {
 break;
 }
 rewrite ^(. *)$/app.php last;
 }


 # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
 #
 location ~ (app |app_dev).php {
 include fastcgi_params;
 fastcgi_split_path_info ^(.+\.php)(/.+)$;
 fastcgi_param PATH_INFO $fastcgi_path_info;
 fastcgi_param PATH_TRANSLATED $document_root $fastcgi_path_info;
 fastcgi_param HTTPS off;
 fastcgi_pass 127.0.0.1:9000;
 }
}


server {
 listen 443;< br />
 server_name symfony2;
 root /var/www/symfony2/web;


 ssl on;
 ssl_certificate /etc/s sl/certs/symfony2.crt;
 ssl_certificate_key /etc/ssl/private/symfony2.key;


 error_log /var/log/nginx/symfony2.error.log;
 access_log /var/log/nginx/symfony2.access.log;


 location / {
 index app.php;
 if (-f $request_filename) {
 break;
 }
 rewrite ^(.*)$/app.php last;
 }


 # pass the PHP scripts to FastCGI server listening on 127.0.0.1 :9000
 #
 location ~ (app|app_dev).php {
 include fastcgi_params;
 fastcgi_split_path_info ^(.+\.php)(/.+)$;
 fastcgi_param PATH_INFO $fastcgi_path_info;
 fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
 fastcgi_param HTTPS off;
 fastcgi_pass 127.0.0.1:9000;
 }
}

, , ,

Leave a Comment

Your email address will not be published.