I'm running nginx/1.1.19 and php-fpm/5.4.6 under Ubuntu 12.04. Previously, all my virtual hosts were on a box with Apache, so I'm porting everything over. Mostly, this is going well. My problem happens with scripts that rely on URLs like domain.com/script.php/extra/info?query=foo. Despite everything I've tried (gathered from various tutorials, forums, blogs, etc.), I still can't get 3 things happening:
1. When I try and set PATH_TRANSLATED the "standard" way, I get Access Denied errors.
2. PHP_SELF is either empty or different than it was in Apache (/extra/info vs /script.php/extra/info).
3. I can't find a setting for try_files that would give a level of security.
My nginx.conf file is the default, although I have tried it with and without the following lines in the http { ... } block (as suggested here http://forum.nginx.org/read.php?11,212439,219664#msg-219664):
map $uri $script_url {
~^(?<script_filename>.+\.(php|html))(?<path_info>.+)$ $path_info;
~^(?<script_filename>.+\.(php|html))$ $script_filename;
}
My vhost files look like this (relevant portions):
server {
server_name domain.com;
root /var/www/domain.com;
location ~ \.php
{
include php_params;
}
}
And the /etc/nginx/php_params file looks like this:
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
# This doesn't work, but I should do some checking here I feel
#try_files $fastcgi_script_name 404;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param HTTPS $https;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REDIRECT_STATUS 200;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
# Uncommenting this line causes "Access denied." errors
#fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
Any suggestions on what to do?