[英]nginx - php-fpm Forbidden if the index.php is not present in nginx folder
我們正在嘗試使用kubernetes在GCP上部署應用程序。 我們僅使用PHP-FPM和NGINX創建一個容器/容器。
我們進行了部署並一切正常,但是當我們嘗試獲取名為index.php的“ helloword” php文件時,NGINX服務會收到錯誤403 Forbidden。
因此,我嘗試進入NGINX容器並在php項目(/ var / www / html / symfony / public)的根目錄下手動添加index.php。 當我這樣做時,NGINX神奇地返回了PHP-FPM腳本,而不是Pod內部創建的文件。 為了讓您理解,我附加了NGINX配置
server {
index index.php index.html;
server_name php-docker.local;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /var/www/html/symfony/public;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass symfony:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
NGINX服務器使用kubernetes DNS symfony:9000
將請求重定向到PHP-FPM服務器
[編輯]
是的,我還提供一項服務,允許NGINX與PHP-FPM通信:
apiVersion: apps/v1
kind: Deployment
metadata:
name: symfony
namespace: default
labels:
app: symfony
spec:
selector:
matchLabels:
app: symfony
replicas: 1
template:
metadata:
labels:
app: symfony
tier: back
spec:
containers:
- name: symfony
image: gcr.io/myphone-mmpk/symfony:v.80
#TODO: REMOVE THIS
imagePullPolicy: Always
ports:
- containerPort: 9000
resources:
requests:
memory: 16Mi
cpu: 1m
limits:
memory: 128Mi
cpu: 20m
---
kind: Service
apiVersion: v1
metadata:
name: symfony
namespace: default
spec:
selector:
app: symfony
type: NodePort
ports:
- protocol: TCP
port: 9000
targetPort: 9000
這是ku8的nginx的清單:
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
namespace: default
labels:
app: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
volumes:
- name: html
emptyDir: {}
- name: nginx
configMap:
name: nginx-configmap
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
volumeMounts:
- mountPath: /etc/nginx/conf.d
name: nginx
- mountPath: /var/www/html/symfony/public
name: html
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-configmap
namespace: default
data:
default.conf: |
server {
index index.php index.html;
server_name php-docker.local;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /var/www/html/symfony/public;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass symfony:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
---
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
name: nginx-hpa
namespace: default
labels:
app: nginx
spec:
scaleTargetRef:
kind: Deployment
name: nginx
apiVersion: apps/v1
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx-service
namespace: default
labels:
app: nginx
spec:
ports:
- protocol: TCP
port: 80
selector:
app: nginx
type: LoadBalancer
loadBalancerIP: ~
您需要為每個Kubernetes服務創建一個kubernetes服務,以描述應用程序的公開端口。 或者將容器放在同一個容器中,並使用localhost:9000
內部kube DNS看起來像my-svc.my-namespace.svc.cluster.local
您不需要服務中將描述的端口信息。
參見https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
我使用此NGINX配置解決。 不是Kubernetes問題...
server {
server_name php-docker.local;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /var/www/html/symfony/public;
proxy_buffering off;
location = /nginx-health {
access_log off;
return 200 "healthy\n";
}
location / {
try_files $uri /index.php$is_args$args;
}
location ~ \.php {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass symfony:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $document_root;
internal;
}
location ~ \.php$ {
return 404;
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.