我正在尝试使用带有 php 5.6 和 nginx 的 synology 来设置网站。该网站是 WordPress 和一个主题。在处理演示导入时,我们遇到 NGINX 错误 405(不允许)。
这有点令人沮丧,因为我喜欢一切顺利的时候。
我查看了 php.ini 文件和 nginx.conf 文件。
# Copyright (c) 2000-2016 Synology Inc. All rights reserved.
worker_processes auto;
#worker_cpu_affinity auto;
worker_rlimit_nofile 65535;
include conf.d/main.conf;
events {
use epoll;
multi_accept on;
worker_connections 1024;
include conf.d/events.conf;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log off;
#access_log syslog:server=unix:/dev/log,facility=local7,tag=nginx_access,nohostname main;
error_log syslog:server=unix:/dev/log,facility=local7,tag=nginx_error,nohostname error;
sendfile on;
server_tokens off;
proxy_request_buffering off;
fastcgi_request_buffering off;
scgi_request_buffering off;
proxy_buffering off;
fastcgi_buffering off;
scgi_buffering off;
resolver_timeout 5s;
client_header_timeout 10s;
client_body_timeout 60s;
send_timeout 60s;
keepalive_timeout 65s 20s;
client_max_body_size 0;
server_names_hash_max_size 8192;
ssl_certificate /usr/syno/etc/certificate/system/default/fullchain.pem;
ssl_certificate_key /usr/syno/etc/certificate/system/default/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
ssl_dhparam /usr/syno/etc/ssl/dh2048.pem;
ssl_prefer_server_ciphers on;
gzip_disable "msie6";
gzip_min_length 1000;
gzip_types text/plain text/css application/javascript application/json;
gzip_vary on;
gzip_static on;
upstream synoscgi {
server unix:/run/synoscgi.sock;
}
index index.html index.htm index.php;
set_real_ip_from 127.0.0.1;
real_ip_header X-Real-IP;
server {
listen 5000 default_server;
listen [::]:5000 default_server;
server_name _;
gzip on;
include app.d/alias.*.conf;
root /usr/syno/synoman;
index index.cgi;
ignore_invalid_headers off;
include app.d/dsm.*.conf;
include /usr/syno/share/nginx/conf.d/dsm.*.conf;
include conf.d/dsm.*.conf;
location = / {
try_files $uri /index.cgi$is_args$query_string;
}
location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ {
internal;
root /;
include app.d/x-accel.*.conf;
include conf.d/x-accel.*.conf;
}
location ~ /webman/modules/(PersonalSettings|ExternalDevices|FileBrowser)/index_ds.php$ {
alias /usr/syno/share/OAuth/index_ds.php;
default_type text/html;
}
location ~ \.cgi {
include scgi_params;
scgi_read_timeout 3600s;
scgi_pass synoscgi;
}
error_page 403 404 500 502 503 504 @error_page;
location @error_page {
root /usr/syno/share/nginx;
rewrite (.*) /error.html break;
}
location ~ ^/webman/modules/Indexer/ {
deny all;
}
location ~ ^/webapi/lib/ {
deny all;
}
location ~ ^/webapi/(:?(:?.*)\.lib|(:?.*)\.api|(:?.*)\.auth|lib.def)$ {
deny all;
}
location ~ /\. { access_log off; log_not_found off; deny all; }
location ~* \.(?:js|css|png|jpg|gif|ico)$ {
access_log off;
log_not_found off;
}
location = /favicon.ico {
access_log off;
log_not_found off;
}
location = /robots.txt {
allow all;
access_log off;
log_not_found off;
}
}
server {
listen 5001 default_server ssl;
listen [::]:5001 default_server ssl;
server_name _;
include app.d/alias.*.conf;
root /usr/syno/synoman;
index index.cgi;
ignore_invalid_headers off;
include app.d/dsm.*.conf;
include /usr/syno/share/nginx/conf.d/dsm.*.conf;
include conf.d/dsm.*.conf;
location = / {
try_files $uri /index.cgi$is_args$query_string;
}
location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ {
internal;
root /;
include app.d/x-accel.*.conf;
include conf.d/x-accel.*.conf;
}
location ~ /webman/modules/(PersonalSettings|ExternalDevices|FileBrowser)/index_ds.php$ {
alias /usr/syno/share/OAuth/index_ds.php;
default_type text/html;
}
location ~ \.cgi {
include scgi_params;
scgi_read_timeout 3600s;
scgi_pass synoscgi;
}
error_page 403 404 500 502 503 504 @error_page;
location @error_page {
root /usr/syno/share/nginx;
rewrite (.*) /error.html break;
}
location ~ ^/webman/modules/Indexer/ {
deny all;
}
location ~ ^/webapi/lib/ {
deny all;
}
location ~ ^/webapi/(:?(:?.*)\.lib|(:?.*)\.api|(:?.*)\.auth|lib.def)$ {
deny all;
}
location ~ /\. { access_log off; log_not_found off; deny all; }
location ~* \.(?:js|css|png|jpg|gif|ico)$ {
access_log off;
log_not_found off;
}
location = /favicon.ico {
access_log off;
log_not_found off;
}
location = /robots.txt {
allow all;
access_log off;
log_not_found off;
}
}
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 default_server ssl;
listen [::]:443 default_server ssl;
server_name _;
location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ {
internal;
root /;
include app.d/x-accel.*.conf;
include conf.d/x-accel.*.conf;
}
include app.d/www.*.conf;
include app.d/alias.*.conf;
include /usr/syno/share/nginx/conf.d/www.*.conf;
include conf.d/www.*.conf;
location = /webman/pingpong.php {
rewrite /webman/pingpong.php /webman/pingpong.cgi break;
root /usr/syno/synoman;
include scgi_params;
scgi_pass synoscgi;
}
location = /webdefault/images/logo.jpg {
alias /usr/syno/share/nginx/logo.jpg;
}
error_page 405 =200 $uri;
location ~* \.php$ {
include fastcgi_params;
fastcgi_index index.php;
fastcgi_read_timeout 240;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
error_page 403 404 500 502 503 504 @error_page;
location @error_page {
root /usr/syno/share/nginx;
rewrite (.*) /error.html break;
}
location ^~ /.well-known/acme-challenge {
root /var/lib/letsencrypt;
default_type text/plain;
}
include app.d/.location.webstation.conf*;
location ~ ^/$ {
if ($scheme = https) {
rewrite / https://$host:5001/ redirect;
}
rewrite / http://$host:5000/ redirect;
}
}
include conf.d/http.*.conf;
include app.d/server.*.conf;
include sites-enabled/*;
}
我在互联网上搜索了很多,到目前为止只有一些有趣的线索,但没有任何效果。
我尝试将以下内容添加到 nginx.conf(这就是为什么我的实际 nginx.conf 有这些行)但它没有解决我的问题。
location ~* \.php$ {
include fastcgi_params;
fastcgi_index index.php;
fastcgi_read_timeout 240;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
有关信息,这是日志文件中的错误:
2017/02/10 18:14:07 [error] 18555#18555: *2563 upstream timed out (110: Connection timed out) while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: example.com, request: "POST /wp-admin/admin-ajax.php HTTP/1.1", upstream: "fastcgi://unix:/run/php-fpm/php56-fpm.sock", host: "www.example.com", referrer: http://example.com/wp-admin/admin.php?page=laborator-demo-content-installer&install-pack=agency&
如果你有解决这个问题的想法......因为几周以来我一直在努力...... 提前致谢
最佳答案
tl;dr——您的 WordPress 太慢了。跳到底部,看看如何让 NGINX 返回正确的 504 GATEWAY TIMEOUT 状态码。
较长的版本:您有一堆单独的问题以无用的方式协同工作。
<强>1。您的上游服务器 WordPress 响应速度不够快
它花费的时间超过 4 分钟,这就是您在日志中看到 110: Connection timed out 的原因。 缓慢的解决方案是加速 WordPress。作为解决方法,您可以给它更多时间来处理请求。为此,请增加 fastcgi_read_timeout 240; 规则中的数字。请注意,超时以秒为单位,因此如果您愿意等待 10 分钟,请将其设置为 600。
不过,我建议不要增加超时。您应该真正解决性能问题本身。如此长的请求会阻塞 NGINX 和 WordPress 中的资源,因此您很容易被 DDoSed,甚至是您自己不小心。
因为您的上游花费的时间太长,NGINX 会以 504 GATEWAY TIMEOUT 响应。不能因为……
<强>2。 POST 请求不能用静态文件应答
在您的 error_page 位置,您告诉 NGINX 使用静态文件来处理请求。这对 GET 或 HEAD 没问题,但对 POST 不起作用,因为它会要求 NGINX 覆盖/创建文件。这既不是 NGINX 的意图,也不支持。 (出于同样的原因,使用其他修饰动词(例如 PUT 和 DELETE)请求也会失败。)
请注意,您正在使用一个命名位置,@error_page,method remains POST, as the manual says :
If there is no need to change URI and method during internal redirection it is possible to pass error processing into a named location.
您已经知道其中的一部分,这就是为什么您添加了 error_page 405 =200 $uri; 规则。不幸的是,这并没有救你,因为……
<强>3。内部 error_page 重定向默认不递归
据我所知,error_page 手册的文档中并未提及,但以下指令的文档中提到了这一点:
解决方法:启用递归 error_page 重定向
指令recursive_error_pages允许您处理在处理上一个错误时发生的错误。来自文档:
Enables or disables doing several redirects using the error_page directive. The number of such redirects is limited.
如果启用此功能,通过将 recursive_error_pages on; 放入服务器 block ,您将允许 error_page 405 指令启动。
不幸的是,由于您仍在使用 $uri 部分请求相同的资源,WordPress 将再次查询相同的 URL,这次是 GET 请求。不知道您的 WordPress 是如何处理的,但很可能会发生的错误将无法帮助您进行调试。
这真的只是在绕过这个问题;你应该得到的是原始的 504。因此,我建议您执行以下操作,而不是启用递归错误页面重定向:
解决方案:使用GET 获取错误页面
我假设您仍然希望在 POST 请求中返回您的 error.html。为此,您需要强制 NGINX 删除 POST 并使用 GET 处理错误,以便可以使用静态文件。我发现实现此目的的唯一方法是不使用命名位置(开头带有 @ 的位置),而是使用 internal。一个代替。
要使用此选项,请更改您的 @error_page 位置以包含伪路径和 internal 指令,例如:
location /error_page {
internal;
root /usr/syno/share/nginx;
rewrite (.*) /error.html break;
}
然后,修改 error_page 指令,以使用新位置:
error_page 403 404 500 502 503 504 /error_page;
关于php - Nginx - 405 不允许 - fastcgi 超时,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/42167669/