Nginx 1.18.0不执行php文件，使用php7.4-fpm

应用程序，这是一个相当长的描述，请跳到下面的问题以了解我的实际问题，也请参阅配置文件

我正在为我工作的地方建立一组内部网站，我决定使用nginx作为我使用的主要应用程序(GitLab)在下面使用它。尽管我现在认为这可能不太明智！)。

我可以让GitLab正常工作。我暂时"关闭"了它，这样我就可以运行页面的入口点。

背景计划。

运行单个页面进行输入，然后在子域上运行各种"应用程序"。

所以主服务器被称为reslab，然后我们将在子域上运行gitlab.reslab，然后在其他子域上运行我们需要的任何其他项目。

因此，我们计划将所有文档放入mediawiki中，以便在wiki.reslab上运行此外，我们希望运行单元网站的测试版本，该网站将位于testweb.reslab上。最终，我预计会有更多的东西出现在这里，比如特定项目的子网站。

由于主站点运行在WordPress上，我决定使用WordPress作为所有可能创建的页面的主要开发选项。

问题

每当我打开一个php文件链接时，就会下载该文件，而不是执行该文件。

起初，我意识到文档根目录中的文件是不可执行的，但这并没有帮助。我已经检查了php配置中套接字文件的位置，它显示在下面的配置文件中。我本来想把配置文件拆分成更小的peices，但在用nginx -t测试配置时，我遇到了持续的错误。我把文件放错地方了吗？它们应该都在nginx.conf文件中吗(而不是在relab.conf文件中吗。有没有办法输出所包含文件的详细信息，这样我就可以确定我错过了一个配置文件。

系统正在运行debian:Linux reslab 5.10.0-8-amd64 #1 SMP Debian 5.10.46-5 (2021-09-23) x86_64 GNU/Linux

我安装了php和nginx，两者都在运行

php:

sudo service php7.4-fpm status
● php7.4-fpm.service - The PHP 7.4 FastCGI Process Manager
Loaded: loaded (/lib/systemd/system/php7.4-fpm.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2021-10-04 13:34:06 CEST; 7s ago
Docs: man:php-fpm7.4(8)
Process: 434953 ExecStartPost=/usr/lib/php/php-fpm-socket-helper install /run/php/php-fpm.sock /etc/php/7.4/fpm/pool.d/www.conf 74 (code=exited, status=0/SUCCESS)
Main PID: 434950 (php-fpm7.4)
Status: "Ready to handle connections"
Tasks: 3 (limit: 43238)
Memory: 9.8M
CPU: 56ms
CGroup: /system.slice/php7.4-fpm.service
├─434950 php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
├─434951 php-fpm: pool www
└─434952 php-fpm: pool www

nginx:

sudo service nginx status
[sudo] password for davem: 
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2021-10-04 12:08:34 CEST; 1h 51min ago
Docs: man:nginx(8)
Process: 425978 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 425979 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Main PID: 425980 (nginx)
Tasks: 13 (limit: 43238)
Memory: 11.7M
CPU: 73ms
CGroup: /system.slice/nginx.service
├─425980 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
├─425981 nginx: worker process
├─425982 nginx: worker process
├─425983 nginx: worker process
├─425984 nginx: worker process
├─425985 nginx: worker process
├─425986 nginx: worker process
├─425987 nginx: worker process
├─425988 nginx: worker process
├─425989 nginx: worker process
├─425990 nginx: worker process
├─425991 nginx: worker process
└─425992 nginx: worker process

设置

我打算将主站点命名为服务器，这是它的nginx配置。

/etc/nginx/nginx.conf

sudo more nginx.conf 
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
#######################################################
### Config for Wordpress multi sites      ########
#######################################################
worker_cpu_affinity auto; #worpress
##
# For Virtual Host Configs
##
#        include /etc/nginx/conf.d/*.conf;
#        include /etc/nginx/sites-enabled/*.conf; # I do this later on ...

events {
worker_connections 1024;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
# it may be internal, but I want to set up good practice
# internal pages using a self signed certificate
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
#error log levels are : warn, error crit, alert, and emerg
# just add one to the end of the below line before the ';'
# eg    error_log /var/log/nginx/error.log warn;
error_log /var/log/nginx/error.log debug;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

#for the inclusion of other sites config files
include /etc/nginx/sites-enabled/*.conf;
# for wordpress to use php
# Upstream to abstract backend connection(s) for PHP.
upstream php {
#this should match value of "listen" directive in php-fpm pool
server unix:/var/run/php/php7.4-fpm.sock;
server 127.0.0.1:9000;
}

# below is for gitlab config that cannot be in the main server section.
upstream gitlab-workhorse {
server unix://var/opt/gitlab/gitlab-workhorse/sockets/socket fail_timeout=0;
}
}

启用站点

/etc/nginx/sites-enabled/reslab.conf：

# This will be our default landing page configuration
# All the sub sites, and this one, are using wordpress
# the exception is the gitlab subdomain
server {
listen 80 default_server;
listen [::]:80 default_server;

# SSL configuration
#
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
## Strong SSL Security
## see https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
# ssl on; # this line is deprecated and replaced by the listen 0.0.0.0:443 directive above (just after the start of the server section)
ssl_certificate /etc/nginx/ssl/reslab.crt;
ssl_certificate_key /etc/nginx/ssl/reslab.key;
#Some extra ssl wordpress stuff
# Set caches, protocols, and accepted ciphers. This config will merit an A+ SSL Labs score as of Sept 2015.
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5';
# Enable HSTS. This forces SSL on clients that respect it, most modern browsers. The includeSubDomains flag is optional.
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
#document root for the main langing page
root /var/www/reslab/wordpress;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html index.php;
#ensure that all the sub server are considered equally using the '.reslab'
server_name 10.69.60.18  reslab .reslab *.reslab;

location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
#add specific logging for this server.
access_log /var/log/nginx/reslab_access.log;
#set to debug whilst troubleshooting php problems
error_log /var/log/nginx/reslab_error.log debug;

}
#set the mapping of this site to its relevant blog pages
# this needs to be outside of the server block (but in the http block)
map $http_host $blogid {
default       -999;

#Ref: https://wordpress.org/extend/plugins/nginx-helper/
#include /var/www/wordpress/wp-content/plugins/nginx-helper/map.conf ;

}

#here is the wordpress specific stuff, that should be copied into most subdomains.
#remember to modify as required the server root if you have just made a simple copy of this file
server {
location = /favicon.ico {
log_not_found off;
access_log off;
}

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?rt=$uri&$args;
}

# load the nginx php / fastCGI support module
include /etc/nginx/fcgiwrap.conf;
# this is required to tell nginx to run php files on the server not as a downloadable file !
location ~ .php$ {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
try_files $uri /index.php =404;
fastcgi_split_path_info ^(.+.php)(/.+)$;
# lots of the lines below can be included in the following file(s)
include fastcgi.conf;
include snippets/fastcgi-php.conf;
fastcgi_intercept_errors on;
# the fastci_index is included via the snippets/fastcgi_php.conf file so is not needed here
# the line is left here for reference
#fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
# can run php through a file socket or via an ip
#fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}

location ~* .(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
#WPMU Files
location ~ ^/files/(.*)$ {
try_files /wp-content/blogs.dir/$blogid/$uri /wp-includes/ms-files.php?file=$1 ;
access_log off; log_not_found off;      expires max;
}

#WPMU x-sendfile to avoid php readfile()
location ^~ /blogs.dir {
internal;
alias /var/www/example.com/htdocs/wp-content/blogs.dir;
access_log off;     log_not_found off;      expires max;
}

# ensure that no one is able to write directly to the server from the web page.
location ~ /.ht {
deny all;
}
#add some rules for static content expiry-headers here

}

/etc/nginx/fastcgi.conf

fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;
fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REQUEST_SCHEME     $scheme;
fastcgi_param  HTTPS              $https if_not_empty;
fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  REMOTE_USER        $remote_user;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

/etc/nginx/fastcgi_params(与fastcgi.conf完全相同？我需要两者吗？)

fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;
fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REQUEST_SCHEME     $scheme;
fastcgi_param  HTTPS              $https if_not_empty;
fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  REMOTE_USER        $remote_user;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

/etc/nginx/snippet/fastcgi-hp.conf

# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+?.php)(/.*)$;
# Check that the PHP script exists before passing it
# we do this in the sites config file, so no need for duplication
#try_files $fastcgi_script_name =404;
# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_index index.php;
#this looks back at the earlier file, does this circular reference cause a problem ?
include fastcgi.conf;

/etc/php/7.4/fpm/php.ini没有从安装的版本进行修改，因为它相当大，除了行

cgi.fix_pathinfo = 1

一些指南建议这应该是0(零)，nginx建议是1，我已经尝试了这两个值。。。没有区别。

nginx需要一个特殊的模块来运行php吗？

文件将被下载，如果我从localhost或通过其IP地址访问它，没有什么区别。

有什么明显的东西是我遗漏的吗？

我可以从cli运行一个simpl-phpinfo()调用，然后得到预期的输出。

需要更多配置详细信息。。。请随意提问。

提前感谢

Dave

编辑1

因此，我在包含php详细信息的服务器块中尝试了listen和server_name的所有变体

我已经在这个站点的错误文件中打开了调试日志记录，仔细查看它的状态http script var: "/wp-admin/install.php"，它似乎将它视为一个php脚本，并证明它清楚地捕获了正确的文件。我还尝试了一个基本的info.php文件。。。这是日志的一部分。。。

try files handler
2021/10/04 16:21:17 [debug] 452491#452491: *3 http script var: "/info.php"
2021/10/04 16:21:17 [debug] 452491#452491: *3 trying to use file: "/info.php" "/var/www/reslab/wordpress/info.php"
2021/10/04 16:21:17 [debug] 452491#452491: *3 try file uri: "/info.php"
2021/10/04 16:21:17 [debug] 452491#452491: *3 generic phase: 13
2021/10/04 16:21:17 [debug] 452491#452491: *3 content phase: 14
2021/10/04 16:21:17 [debug] 452491#452491: *3 content phase: 15
2021/10/04 16:21:17 [debug] 452491#452491: *3 content phase: 16
2021/10/04 16:21:17 [debug] 452491#452491: *3 content phase: 17
2021/10/04 16:21:17 [debug] 452491#452491: *3 content phase: 18
2021/10/04 16:21:17 [debug] 452491#452491: *3 http filename: "/var/www/reslab/wordpress/info.php"

我觉得这里应该有一些线索，服务器告诉我它被识别为http script，而不是fastcgi脚本？

编辑2

所以我只是登录到服务器，并在本地运行firefox。正如我所料，它试图下载该文件。然而，它想在firefox中"打开"它。。。当我这样做的时候，它只是重新下载。。。。

然而，当我从下载列表中选择"其他"选项时，下一个窗口会显示一条消息：

没有针对application/octet-stream文件的应用程序。

这让我觉得firefox试图告诉我这是一个"应用程序"，或者我误解了FFX消息？

此外，当我在远程电脑上做同样的事情时，我仍然可以选择"用geany打开"。

编辑3

所以我突然想到这可能是权限问题。因此，我从终端运行info.php脚本作为www数据(用户和组)：

sudo su -s /bin/bash -c "php info.php" -g www-data www-data

，我得到了预期的输出。

注意当我这样做时，通过ssh登录到服务器。

我的另一种感觉是，includes在某种程度上不正确？有没有一种方法可以调试正在插入的文件(类似于nginx -t，但输出更详细？)

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}

#mail {
#   # See sample authentication script at:
#   # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
#   # auth_http localhost/auth.php;
#   # pop3_capabilities "TOP" "USER";
#   # imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
#   server {
#       listen     localhost:110;
#       protocol   pop3;
#       proxy      on;
#   }
# 
#   server {
#       listen     localhost:143;
#       protocol   imap;
#       proxy      on;
#   }
#}

server {
# https://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mysql-php-lemp-stack-on-ubuntu-20-04
listen 80;
server_name wordpress.darius;
root /home/darius/Private/Projects/wordpress;
index index.html index.htm index.php;
location / {
# https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-lemp-on-ubuntu-20-04#prerequisites
try_files $uri $uri/ /index.php$is_args$args;
# end https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-lemp-on-ubuntu-20-04#prerequisites
}
location ~ .php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php8.0-fpm.sock;
}
location ~ /.ht {
deny all;
}
# end https://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mysql-php-lemp-stack-on-ubuntu-20-04
# https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-lemp-on-ubuntu-20-04#prerequisites
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* .(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
#end https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-lemp-on-ubuntu-20-04#prerequisites
}

fastcgi_param  REMOTE_USER        $remote_user;

# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+.php)(/.+)$;
# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;
# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_index index.php;
include fastcgi.conf;