欢迎各位兄弟 发布技术文章
这里的技术是共享的
A typical Nginx setup uses fastcgi_pass
directives to pass the request to the PHP-FPM daemon. If you would be running an Apache setup, Apache would automatically set the HTTPS
server variable, that PHP code can check via $_SERVER['HTTPS']
to determine if the request is HTTP or HTTPs.
In fact, that’s how most CMS’s (WordPress, Drupal, …) determine the server environment. They’ll also use it for redirects from HTTP-to-HTTPs or vica versa, depending on the config. So the existence of the $_SERVER['HTTPS']
variable is pretty crucial.
Nginx doesn’t pass the variable by default to the PHP-FPM daemon when you use fastcgi_pass
, but it is easily added.
A basic example in Nginx looks like this.
include fastcgi_params; fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # Check if the PHP source file exists (prevents the cgi.fix_pathinfo=1 exploits) if (-f $request_filename) { fastcgi_pass backend_php; # This backend is defined elsewhere in your Nginx configs }
The example above is a classic one, that just passes all to PHP. In order to make PHP-FPM aware of your HTTPs setup, you need to add a fastcgi_param
environment variable to the config.
include fastcgi_params; fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # Make PHP-FPM aware that this vhost is HTTPs enabled fastcgi_param HTTPS 'on'; # Check if the PHP source file exists (prevents the cgi.fix_pathinfo=1 exploits) if (-f $request_filename) { fastcgi_pass backend_php; # This backend is defined elsewhere in your Nginx configs }
The solution is in the fastcgi_param HTTPS 'on';
line, which passes the HTTPS
variable to the PHP-FPM daemon.
来自 https://ma.ttias.be/setting-https-server-variables-in-php-fpm-with-nginx/
背景: 最近在搭建Discuz X
,因为考虑支持HTTPS
,所以按照经验来部署证书,服务器用的是阿里云的云服务,选择了LNMP
。但是chrome
一直都提示不安全,还提示此网页正试图从未经验证的来源加载脚本 。这说明我页面上加载的资源不纯粹是https
的,有部分是http
的或者有些资源不支持https
却用了https
。打开浏览器控制台找到提示的源,发现基本都是功能组件加载的时候是以http
加载的。
在搜索学习之后,才定位到问题所在,例如在source/class/discuz/discuz_application.php
文件中
使用$_SERVER['HTTPS']
来判断是http
还是https
,但在Nginx+PHP-FPM
架构下,nginx
使用fastcgi_pass
指令将请求传递给PHP-FPM
,但是在使用fastcgi_pass
时,Nginx
默认不会将HTTPS
传递给PHP-FPM
。如果你使用的是Apache
,它就会自动设置HTTPS
服务器变量,PHP代码可以通过$ _SERVER ['HTTPS']
检查以确定请求是HTTPS
还是HTTP
。那现在就需要需改nginx
配置或者discuz
程序来解决问题。基于服务器的兼容性考虑,还是修改nginx
配置。因为很多CMS程序(WordPress,Drupal,...)都是使用$ _SERVER ['HTTPS']
来确定请求是HTTPS
还是HTTP
。修改方法如下:
方法1:增加 一个fastcgi_param 环境变量即可。
将上述代码添加至网站对应的Nginx
配置文件中。但要注意,按我理解,这样也会导致一个问题。因为这种方式属于写死环境变量,在此环境变量生效的区域,服务器无法判断是http
请求还是https
请求。如果你的站点两种请求都支持,建议把两种请求的配置分开写,类似与人工预设请求的类型。我的网站决定已经只支持https
,所以这种方式问题不大,http
的请求也设置了跳转至https
。所以我只需要是写在虚拟机配置文件中即可。
方法2:修改web程序的判断方式,不要只根据环境变量来判断,增加一个请求的端口的判断条件。我们一般HTTP请求都使用80端口,而HTTPS则使用443端口。按照这个思路,可以将上诉文件中的代码改为如下所示。
方法3:你要把代理程序改成Apache我也是没办法啊。
后记:记得检查其他引用资料是否为https
比如模板中备案号查询地址等处。有问题欢迎留言讨论!
来自 https://www.jianshu.com/p/b51ac3bec677