Apache 2.4 + PHP-FPM 和授权标头
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/17018586/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Apache 2.4 + PHP-FPM and Authorization headers
提问by CodeTwice
Summary:Apache 2.4's mod_proxy does not seem to be passing the Authorization headers to PHP-FPM. Is there any way to fix this?
总结:Apache 2.4 的 mod_proxy 似乎没有将 Authorization 标头传递给 PHP-FPM。有没有什么办法解决这一问题?
Long version:I am running a server with Apache 2.4 and PHP-FPM. I am using APC for both opcode caching and user caching. As recommended by the Internet, I am using Apache 2.4's mod_proxy_fcgi to proxy the requests to FPM, like this:
长版:我正在运行带有 Apache 2.4 和 PHP-FPM 的服务器。我将 APC 用于操作码缓存和用户缓存。按照网上的推荐,我使用 Apache 2.4 的 mod_proxy_fcgi 将请求代理到 FPM,如下所示:
ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/foo/bar/
The setup works fine, except one thing: APC's bundled apc.php, used to monitor the status of APC does not allow me to log in (required for looking at user cache entries). When I click "User cache entries" to see the user cache, it asks me to log in, clicking on the login button displays the usual HTTP login form, but entering the correct login and password yields no success. This function is working perfectly when running with mod_php instead of mod_proxy + php-fpm.
设置工作正常,除了一件事:APC 捆绑的 apc.php,用于监控 APC 的状态不允许我登录(需要查看用户缓存条目)。当我单击“用户缓存条目”以查看用户缓存时,它要求我登录,单击登录按钮显示通常的 HTTP 登录表单,但输入正确的登录名和密码没有成功。当使用 mod_php 而不是 mod_proxy + php-fpm 运行时,此功能运行良好。
After some googling I found that other people had the same issue and figured out that it was because Apache was not passing the Authorization HTTP headers to the external FastCgi process. Unfortunately I only found a fix for mod_fastcgi, which looked like this:
经过一番谷歌搜索后,我发现其他人也有同样的问题,并发现这是因为 Apache 没有将 Authorization HTTP 标头传递给外部 FastCgi 进程。不幸的是,我只找到了 mod_fastcgi 的修复程序,它看起来像这样:
FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -host 127.0.0.1:9000 -pass-header Authorization
Is there an equivalent setting or some workaround which would also work with mod_proxy_fcgi?
是否有等效的设置或一些解决方法也适用于 mod_proxy_fcgi?
回答by Rich
Various Apache modules will strip the Authorizationheader, usually for "security reasons". They all have different obscure settings you can tweak to overrule this behaviour, but you'll need to determine exactly which module is to blame.
各种 Apache 模块将剥离Authorization标头,通常是出于“安全原因”。它们都有不同的模糊设置,您可以调整以否决这种行为,但您需要确切地确定应该归咎于哪个模块。
You can work around this issue by passing the header directly to PHP via the env:
您可以通过 env 将标头直接传递给 PHP 来解决此问题:
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=
See also Zend Server Windows - Authorization header is not passed to PHP script
回答by limos
回答by DBLaci
I didn't find any similar settings with mod_proxy_fcgi BUT it just works for me by default. It asks for user authorization (.htaccess as usual) and the php gets it, and works like with mod_php or fastcgi and pass-header. I don't know if I was helpful...
我没有找到任何与 mod_proxy_fcgi 类似的设置,但默认情况下它只对我有用。它要求用户授权(像往常一样.htaccess)并且 php 得到它,并且像 mod_php 或 fastcgi 和 pass-header 一样工作。不知道对我有没有帮助...
EDIT: it only works on teszt.com/ when using the DirectoryIndex... If i pass the php file name (even if the index.php!) it just doesn't work, don't pass the auth to the php. This is a blocker for me, but I don't want to downgrade to apache 2.2 (and mod_fastgi) so I migrate to nginx (on this machine too).
编辑:它仅在使用 DirectoryIndex 时在 teszt.com/ 上有效...如果我传递 php 文件名(即使是 index.php!)它也不起作用,不要将 auth 传递给 php。这对我来说是一个障碍,但我不想降级到 apache 2.2(和 mod_fastgi),所以我迁移到 nginx(也在这台机器上)。
