Consistent PHP _SERVER variables between Apache and nginx?
- by Alix Axel
I'm not sure if this should be asked here or on ServerFault, but here it goes...
I am trying to get started on nginx with PHP-FPM, but I noticed that the server block setup I currently have (gathered from several guides including the nginx Pitfalls wiki page) produces $_SERVER variables that are different from what I'm used to seeing in Apache setups. After spending the last evening trying to "fix" this, I decided to install Apache on my local computer and gather the variables that I'm interested in under different conditions so that I could try and mimic them on nginx.
The Apache setup I've on my computer has only one mod_rewrite rule:
RewriteEngine On
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L]
And these are the values I get for different request URIs (left is Apache, right is nginx):
localhost/ - http://www.mergely.com/GnzBHRV1/
localhost/foo/bar/baz/?foo=bar - http://www.mergely.com/VwsT8oTf/
localhost/index.php/foo/bar/baz/?foo=bar - http://www.mergely.com/VGEFehfT/
What configuration directives would allow me to get similar values on requests handled by nginx?
My current configuration in nginx is:
server {
listen 80;
listen 443 ssl;
server_name default;
ssl_certificate /etc/nginx/certificates/dummy.crt;
ssl_certificate_key /etc/nginx/certificates/dummy.key;
root /var/www/default/html;
index index.php index.html;
autoindex on;
location / {
try_files $uri $uri/ /index.php;
}
location ~ /(?:favicon[.]ico|robots[.]txt)$ {
log_not_found off;
}
location ~* [.]php {
#try_files $uri =404;
include fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+[.]php)(/.+)$;
}
location ~* [.]ht {
deny all;
}
}
And my fastcgi_params file looks like this:
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS $https;
I know that the try_files $uri =404; directive is commented and that it is a security vulnerability but, if I uncomment it, the third request (localhost/index.php/foo/bar/baz/?foo=bar) will return a 404.
It's also worth noting that my PHP cgi.fix_pathinfo in On (contrary to what some of the guides recommend), if I try to set it to Off, I'm presented with a "Access denied." message on every PHP request.
I'm running PHP 5.4.8 and nginx/1.1.19. I don't know what else to try... Help?
