Nginx 403 禁止位置和本地主机

Question

我的目标是使用 SSH 隧道访问特定位置(即 phpmyadmin)http://localhost/phpmyadmin

我刚刚安装了带有 Nginx 的 Ubuntu 20.04。以下配置在 Ubuntu 18.04 上运行良好。

我编辑了/etc/nginx/sites-available/default 添加:

  location /phpmyadmin {
    #Allow localhost
    allow 127.0.0.1;
    #deny all the others ip
    deny all;
  }

当我访问 http://localhost/phpmyadmin 时我收到错误消息:

403 Forbidden nginx/1.17.10 (Ubuntu)

为了测试，我删除了“全部拒绝”；一切正常，但每个 IP 地址都可以访问 phpmyadmin 位置。

nginx 错误日志:

2020/05/05 23:52:13 [error] 21905#21905: *1 access forbidden by rule, client: ::1, server: _, request: "GET /phpmyadmin/ HTTP/1.1", host: "localhost"

server {
    listen 80 default_server;
    listen [::]:80 default_server;


    root /var/www/html;

    # Add index.php to the list if you are using PHP
    index index.html index.htm index.nginx-debian.html index.php;

    server_name _;

    location / {
            # First attempt to serve request as file, then
            # as directory, then fall back to displaying a 404.
            try_files $uri $uri/ =404;
    }

   # pass PHP scripts to FastCGI server
    #
    location ~ \.php$ {
            include snippets/fastcgi-php.conf;

            # With php-fpm (or other unix sockets):
            fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
            # With php-cgi (or other tcp sockets):
            #fastcgi_pass 127.0.0.1:9000;
    }


location /phpmyadmin {
    satisfy all;
    allow 127.0.0.1;
    deny all;
    }


   }

知道为什么此配置不再适用于 ubuntu 20.04 和 nginx 1.17.10 吗？

Answer 1

你也需要允许::1... 并在 location block 中添加 php 的参数。

这样试试

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    root /var/www/html;

    # Add index.php to the list if you are using PHP
    index index.html index.htm index.nginx-debian.html index.php;

    server_name _;

    location / {
            # First attempt to serve request as file, then
            # as directory, then fall back to displaying a 404.
            try_files $uri $uri/ =404;
    }

   # pass PHP scripts to FastCGI server
    #
    location ~ \.php$ {
            include snippets/fastcgi-php.conf;

            # With php-fpm (or other unix sockets):
            fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
            # With php-cgi (or other tcp sockets):
            #fastcgi_pass 127.0.0.1:9000;
    }


    location ^~ /phpmyadmin/ {
            allow 127.0.0.1;
            allow ::1;
            deny all;
            include snippets/fastcgi-php.conf;
            fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
    }


}