From 88d1861837fbf4b50acc6ab1dbdf8ce526125a91 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Sat, 20 Jan 2024 19:25:20 +0900 Subject: [PATCH] Fixed scim processing arguments and parameters in URL --- .../alpine/conf/etc/zabbix/nginx.conf | 12 +++++++++-- .../alpine/conf/etc/zabbix/nginx_ssl.conf | 20 +++++++++---------- .../centos/conf/etc/zabbix/nginx.conf | 12 +++++++++-- .../centos/conf/etc/zabbix/nginx_ssl.conf | 20 +++++++++---------- .../ol/conf/etc/zabbix/nginx.conf | 12 +++++++++-- .../ol/conf/etc/zabbix/nginx_ssl.conf | 20 +++++++++---------- .../rhel/conf/etc/zabbix/nginx.conf | 12 +++++++++-- .../rhel/conf/etc/zabbix/nginx_ssl.conf | 20 +++++++++---------- .../ubuntu/conf/etc/zabbix/nginx.conf | 12 +++++++++-- .../ubuntu/conf/etc/zabbix/nginx_ssl.conf | 20 +++++++++---------- .../alpine/conf/etc/zabbix/nginx.conf | 12 +++++++++-- .../alpine/conf/etc/zabbix/nginx_ssl.conf | 20 +++++++++---------- .../centos/conf/etc/zabbix/nginx.conf | 12 +++++++++-- .../centos/conf/etc/zabbix/nginx_ssl.conf | 20 +++++++++---------- .../ol/conf/etc/zabbix/nginx.conf | 12 +++++++++-- .../ol/conf/etc/zabbix/nginx_ssl.conf | 20 +++++++++---------- .../ubuntu/conf/etc/zabbix/nginx.conf | 12 +++++++++-- .../ubuntu/conf/etc/zabbix/nginx_ssl.conf | 20 +++++++++---------- 18 files changed, 180 insertions(+), 108 deletions(-) diff --git a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/nginx.conf index d9d8a743a..ebb311efe 100644 --- a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/nginx.conf +++ b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/nginx.conf @@ -56,20 +56,28 @@ server { } location / { - try_files $uri $uri/ /index.php?$args; + try_files $uri $uri/ =404; } - location ~ .php$ { + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; + fastcgi_pass unix:/tmp/php-fpm.sock; fastcgi_index index.php; + fastcgi_param DOCUMENT_ROOT $webroot; fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name; + fastcgi_param PATH_TRANSLATED $webroot$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; include fastcgi_params; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_intercept_errors on; fastcgi_ignore_client_abort off; fastcgi_connect_timeout 60; diff --git a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/nginx_ssl.conf b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/nginx_ssl.conf index 339878dc4..82731827a 100644 --- a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/nginx_ssl.conf +++ b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/nginx_ssl.conf @@ -14,7 +14,6 @@ server { root $webroot; large_client_header_buffers 8 8k; - client_max_body_size 10M; ssl_certificate /etc/ssl/nginx/ssl.crt; @@ -35,13 +34,6 @@ server { add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report"; - location =/nginx_status { - stub_status on; - access_log off; - allow 127.0.0.1; - deny all; - } - location = /favicon.ico { log_not_found off; } @@ -83,20 +75,28 @@ server { } location / { - try_files $uri $uri/ /index.php?$args; + try_files $uri $uri/ =404; } - location ~ .php$ { + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; + fastcgi_pass unix:/tmp/php-fpm.sock; fastcgi_index index.php; + fastcgi_param DOCUMENT_ROOT $webroot; fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name; + fastcgi_param PATH_TRANSLATED $webroot$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; include fastcgi_params; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_intercept_errors on; fastcgi_ignore_client_abort off; fastcgi_connect_timeout 60; diff --git a/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/nginx.conf index d9d8a743a..ebb311efe 100644 --- a/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/nginx.conf +++ b/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/nginx.conf @@ -56,20 +56,28 @@ server { } location / { - try_files $uri $uri/ /index.php?$args; + try_files $uri $uri/ =404; } - location ~ .php$ { + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; + fastcgi_pass unix:/tmp/php-fpm.sock; fastcgi_index index.php; + fastcgi_param DOCUMENT_ROOT $webroot; fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name; + fastcgi_param PATH_TRANSLATED $webroot$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; include fastcgi_params; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_intercept_errors on; fastcgi_ignore_client_abort off; fastcgi_connect_timeout 60; diff --git a/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/nginx_ssl.conf b/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/nginx_ssl.conf index 339878dc4..82731827a 100644 --- a/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/nginx_ssl.conf +++ b/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/nginx_ssl.conf @@ -14,7 +14,6 @@ server { root $webroot; large_client_header_buffers 8 8k; - client_max_body_size 10M; ssl_certificate /etc/ssl/nginx/ssl.crt; @@ -35,13 +34,6 @@ server { add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report"; - location =/nginx_status { - stub_status on; - access_log off; - allow 127.0.0.1; - deny all; - } - location = /favicon.ico { log_not_found off; } @@ -83,20 +75,28 @@ server { } location / { - try_files $uri $uri/ /index.php?$args; + try_files $uri $uri/ =404; } - location ~ .php$ { + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; + fastcgi_pass unix:/tmp/php-fpm.sock; fastcgi_index index.php; + fastcgi_param DOCUMENT_ROOT $webroot; fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name; + fastcgi_param PATH_TRANSLATED $webroot$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; include fastcgi_params; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_intercept_errors on; fastcgi_ignore_client_abort off; fastcgi_connect_timeout 60; diff --git a/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/nginx.conf index d9d8a743a..ebb311efe 100644 --- a/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/nginx.conf +++ b/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/nginx.conf @@ -56,20 +56,28 @@ server { } location / { - try_files $uri $uri/ /index.php?$args; + try_files $uri $uri/ =404; } - location ~ .php$ { + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; + fastcgi_pass unix:/tmp/php-fpm.sock; fastcgi_index index.php; + fastcgi_param DOCUMENT_ROOT $webroot; fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name; + fastcgi_param PATH_TRANSLATED $webroot$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; include fastcgi_params; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_intercept_errors on; fastcgi_ignore_client_abort off; fastcgi_connect_timeout 60; diff --git a/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/nginx_ssl.conf b/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/nginx_ssl.conf index 339878dc4..82731827a 100644 --- a/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/nginx_ssl.conf +++ b/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/nginx_ssl.conf @@ -14,7 +14,6 @@ server { root $webroot; large_client_header_buffers 8 8k; - client_max_body_size 10M; ssl_certificate /etc/ssl/nginx/ssl.crt; @@ -35,13 +34,6 @@ server { add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report"; - location =/nginx_status { - stub_status on; - access_log off; - allow 127.0.0.1; - deny all; - } - location = /favicon.ico { log_not_found off; } @@ -83,20 +75,28 @@ server { } location / { - try_files $uri $uri/ /index.php?$args; + try_files $uri $uri/ =404; } - location ~ .php$ { + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; + fastcgi_pass unix:/tmp/php-fpm.sock; fastcgi_index index.php; + fastcgi_param DOCUMENT_ROOT $webroot; fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name; + fastcgi_param PATH_TRANSLATED $webroot$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; include fastcgi_params; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_intercept_errors on; fastcgi_ignore_client_abort off; fastcgi_connect_timeout 60; diff --git a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/nginx.conf index d9d8a743a..ebb311efe 100644 --- a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/nginx.conf +++ b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/nginx.conf @@ -56,20 +56,28 @@ server { } location / { - try_files $uri $uri/ /index.php?$args; + try_files $uri $uri/ =404; } - location ~ .php$ { + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; + fastcgi_pass unix:/tmp/php-fpm.sock; fastcgi_index index.php; + fastcgi_param DOCUMENT_ROOT $webroot; fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name; + fastcgi_param PATH_TRANSLATED $webroot$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; include fastcgi_params; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_intercept_errors on; fastcgi_ignore_client_abort off; fastcgi_connect_timeout 60; diff --git a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/nginx_ssl.conf b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/nginx_ssl.conf index 339878dc4..82731827a 100644 --- a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/nginx_ssl.conf +++ b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/nginx_ssl.conf @@ -14,7 +14,6 @@ server { root $webroot; large_client_header_buffers 8 8k; - client_max_body_size 10M; ssl_certificate /etc/ssl/nginx/ssl.crt; @@ -35,13 +34,6 @@ server { add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report"; - location =/nginx_status { - stub_status on; - access_log off; - allow 127.0.0.1; - deny all; - } - location = /favicon.ico { log_not_found off; } @@ -83,20 +75,28 @@ server { } location / { - try_files $uri $uri/ /index.php?$args; + try_files $uri $uri/ =404; } - location ~ .php$ { + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; + fastcgi_pass unix:/tmp/php-fpm.sock; fastcgi_index index.php; + fastcgi_param DOCUMENT_ROOT $webroot; fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name; + fastcgi_param PATH_TRANSLATED $webroot$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; include fastcgi_params; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_intercept_errors on; fastcgi_ignore_client_abort off; fastcgi_connect_timeout 60; diff --git a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx.conf index d9d8a743a..ebb311efe 100644 --- a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx.conf +++ b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx.conf @@ -56,20 +56,28 @@ server { } location / { - try_files $uri $uri/ /index.php?$args; + try_files $uri $uri/ =404; } - location ~ .php$ { + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; + fastcgi_pass unix:/tmp/php-fpm.sock; fastcgi_index index.php; + fastcgi_param DOCUMENT_ROOT $webroot; fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name; + fastcgi_param PATH_TRANSLATED $webroot$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; include fastcgi_params; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_intercept_errors on; fastcgi_ignore_client_abort off; fastcgi_connect_timeout 60; diff --git a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx_ssl.conf b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx_ssl.conf index 339878dc4..82731827a 100644 --- a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx_ssl.conf +++ b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx_ssl.conf @@ -14,7 +14,6 @@ server { root $webroot; large_client_header_buffers 8 8k; - client_max_body_size 10M; ssl_certificate /etc/ssl/nginx/ssl.crt; @@ -35,13 +34,6 @@ server { add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report"; - location =/nginx_status { - stub_status on; - access_log off; - allow 127.0.0.1; - deny all; - } - location = /favicon.ico { log_not_found off; } @@ -83,20 +75,28 @@ server { } location / { - try_files $uri $uri/ /index.php?$args; + try_files $uri $uri/ =404; } - location ~ .php$ { + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; + fastcgi_pass unix:/tmp/php-fpm.sock; fastcgi_index index.php; + fastcgi_param DOCUMENT_ROOT $webroot; fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name; + fastcgi_param PATH_TRANSLATED $webroot$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; include fastcgi_params; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_intercept_errors on; fastcgi_ignore_client_abort off; fastcgi_connect_timeout 60; diff --git a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx.conf index d9d8a743a..ebb311efe 100644 --- a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx.conf +++ b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx.conf @@ -56,20 +56,28 @@ server { } location / { - try_files $uri $uri/ /index.php?$args; + try_files $uri $uri/ =404; } - location ~ .php$ { + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; + fastcgi_pass unix:/tmp/php-fpm.sock; fastcgi_index index.php; + fastcgi_param DOCUMENT_ROOT $webroot; fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name; + fastcgi_param PATH_TRANSLATED $webroot$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; include fastcgi_params; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_intercept_errors on; fastcgi_ignore_client_abort off; fastcgi_connect_timeout 60; diff --git a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx_ssl.conf b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx_ssl.conf index 339878dc4..82731827a 100644 --- a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx_ssl.conf +++ b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx_ssl.conf @@ -14,7 +14,6 @@ server { root $webroot; large_client_header_buffers 8 8k; - client_max_body_size 10M; ssl_certificate /etc/ssl/nginx/ssl.crt; @@ -35,13 +34,6 @@ server { add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report"; - location =/nginx_status { - stub_status on; - access_log off; - allow 127.0.0.1; - deny all; - } - location = /favicon.ico { log_not_found off; } @@ -83,20 +75,28 @@ server { } location / { - try_files $uri $uri/ /index.php?$args; + try_files $uri $uri/ =404; } - location ~ .php$ { + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; + fastcgi_pass unix:/tmp/php-fpm.sock; fastcgi_index index.php; + fastcgi_param DOCUMENT_ROOT $webroot; fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name; + fastcgi_param PATH_TRANSLATED $webroot$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; include fastcgi_params; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_intercept_errors on; fastcgi_ignore_client_abort off; fastcgi_connect_timeout 60; diff --git a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/nginx.conf index d9d8a743a..ebb311efe 100644 --- a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/nginx.conf +++ b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/nginx.conf @@ -56,20 +56,28 @@ server { } location / { - try_files $uri $uri/ /index.php?$args; + try_files $uri $uri/ =404; } - location ~ .php$ { + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; + fastcgi_pass unix:/tmp/php-fpm.sock; fastcgi_index index.php; + fastcgi_param DOCUMENT_ROOT $webroot; fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name; + fastcgi_param PATH_TRANSLATED $webroot$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; include fastcgi_params; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_intercept_errors on; fastcgi_ignore_client_abort off; fastcgi_connect_timeout 60; diff --git a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/nginx_ssl.conf b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/nginx_ssl.conf index 339878dc4..82731827a 100644 --- a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/nginx_ssl.conf +++ b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/nginx_ssl.conf @@ -14,7 +14,6 @@ server { root $webroot; large_client_header_buffers 8 8k; - client_max_body_size 10M; ssl_certificate /etc/ssl/nginx/ssl.crt; @@ -35,13 +34,6 @@ server { add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report"; - location =/nginx_status { - stub_status on; - access_log off; - allow 127.0.0.1; - deny all; - } - location = /favicon.ico { log_not_found off; } @@ -83,20 +75,28 @@ server { } location / { - try_files $uri $uri/ /index.php?$args; + try_files $uri $uri/ =404; } - location ~ .php$ { + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; + fastcgi_pass unix:/tmp/php-fpm.sock; fastcgi_index index.php; + fastcgi_param DOCUMENT_ROOT $webroot; fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name; + fastcgi_param PATH_TRANSLATED $webroot$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; include fastcgi_params; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_intercept_errors on; fastcgi_ignore_client_abort off; fastcgi_connect_timeout 60; diff --git a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/nginx.conf index d9d8a743a..ebb311efe 100644 --- a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/nginx.conf +++ b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/nginx.conf @@ -56,20 +56,28 @@ server { } location / { - try_files $uri $uri/ /index.php?$args; + try_files $uri $uri/ =404; } - location ~ .php$ { + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; + fastcgi_pass unix:/tmp/php-fpm.sock; fastcgi_index index.php; + fastcgi_param DOCUMENT_ROOT $webroot; fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name; + fastcgi_param PATH_TRANSLATED $webroot$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; include fastcgi_params; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_intercept_errors on; fastcgi_ignore_client_abort off; fastcgi_connect_timeout 60; diff --git a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/nginx_ssl.conf b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/nginx_ssl.conf index 339878dc4..82731827a 100644 --- a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/nginx_ssl.conf +++ b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/nginx_ssl.conf @@ -14,7 +14,6 @@ server { root $webroot; large_client_header_buffers 8 8k; - client_max_body_size 10M; ssl_certificate /etc/ssl/nginx/ssl.crt; @@ -35,13 +34,6 @@ server { add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report"; - location =/nginx_status { - stub_status on; - access_log off; - allow 127.0.0.1; - deny all; - } - location = /favicon.ico { log_not_found off; } @@ -83,20 +75,28 @@ server { } location / { - try_files $uri $uri/ /index.php?$args; + try_files $uri $uri/ =404; } - location ~ .php$ { + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; + fastcgi_pass unix:/tmp/php-fpm.sock; fastcgi_index index.php; + fastcgi_param DOCUMENT_ROOT $webroot; fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name; + fastcgi_param PATH_TRANSLATED $webroot$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; include fastcgi_params; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_intercept_errors on; fastcgi_ignore_client_abort off; fastcgi_connect_timeout 60; diff --git a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx.conf index d9d8a743a..ebb311efe 100644 --- a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx.conf +++ b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx.conf @@ -56,20 +56,28 @@ server { } location / { - try_files $uri $uri/ /index.php?$args; + try_files $uri $uri/ =404; } - location ~ .php$ { + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; + fastcgi_pass unix:/tmp/php-fpm.sock; fastcgi_index index.php; + fastcgi_param DOCUMENT_ROOT $webroot; fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name; + fastcgi_param PATH_TRANSLATED $webroot$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; include fastcgi_params; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_intercept_errors on; fastcgi_ignore_client_abort off; fastcgi_connect_timeout 60; diff --git a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx_ssl.conf b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx_ssl.conf index 339878dc4..82731827a 100644 --- a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx_ssl.conf +++ b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx_ssl.conf @@ -14,7 +14,6 @@ server { root $webroot; large_client_header_buffers 8 8k; - client_max_body_size 10M; ssl_certificate /etc/ssl/nginx/ssl.crt; @@ -35,13 +34,6 @@ server { add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report"; - location =/nginx_status { - stub_status on; - access_log off; - allow 127.0.0.1; - deny all; - } - location = /favicon.ico { log_not_found off; } @@ -83,20 +75,28 @@ server { } location / { - try_files $uri $uri/ /index.php?$args; + try_files $uri $uri/ =404; } - location ~ .php$ { + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; + fastcgi_pass unix:/tmp/php-fpm.sock; fastcgi_index index.php; + fastcgi_param DOCUMENT_ROOT $webroot; fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name; + fastcgi_param PATH_TRANSLATED $webroot$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; include fastcgi_params; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_intercept_errors on; fastcgi_ignore_client_abort off; fastcgi_connect_timeout 60;