I'm between a rock and a hard place trying to figure out why this is going on. For some reason, when I open my website the index.php file is being executed. I have been able to narrow it down to NginX/PHP-FPM by adding file_put_contents('runs.txt', 'executed'.PHP_EOL, FILE_APPEND);
to the top of index.php and executing it using the website and the command line. If I execute it from the command line, it only outputs one executed
, while if I execute it from the website (via NginX) it outputs two executed
. The script is also not redirecting to itself because it is just returning a 200 response code. Besides having to use more memory by executing the script twice, it also screws up CSRF protection by having the CSRF be generated a second time and therefore the CSRF is useless.
Below is my nginx configuration files:
nginx.conf
user nginx;
worker_processes 2;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
# Upstream to abstract backend connection(s) for PHP.
upstream php {
#this should match value of "listen" directive in php-fpm pool
server unix:/var/lib/php-fpm.sock;
}
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
php.conf
# Pass all .php files onto a php-fpm/php-fcgi server.
location ~ \.php$ {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_read_timeout 600s;
# fastcgi_intercept_errors on;
fastcgi_pass php;
}
website.conf
server {
listen 80;
server_name xyz.com www.xyz.com;
root /usr/share/nginx/xyz.com;
#access_log /usr/share/nginx/logs/xyz.com-access_log;
error_log /usr/share/nginx/logs/xyz.com-error_log;
index index.php;
location / {
index index.php;
try_files $uri $uri/ /index.php?q=$uri&$args;
}
include php.conf;
}
fastcgi_params
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
If I change try_files $uri $uri/ /index.php?q=$uri&$args;
to try_files $uri $uri/;
and bring up http://www.xyz.com/index.php
then it will only execute once, but I need the /index.php?q=$uri&$args
in there. I'm running CentOS 6.5 with nginx 1.4.4 and PHP 5.4.23. Any ideas?
Best Answer
I found out the problem. Since
try_files
would automatically redirect toindex.php
if the specified URI didn't exist, there was an image that was missing and when it opened, it openedindex.php
again.I was able to determine the missing image was
http://example.com/images/google.png
so I found that image and placed it in the right folder (rather than being redirected back to index.php).Another more proper solution would be to have a
location /images
block with atry_files
statement in thewebsite.conf
file (before thelocation /
block) that if the image does not exist, a 404 not found status code is sent.