Scott Yang's Playground » nginx http://scott.yang.id.au Faith, Technology and Randomness in Life, According to Scott Thu, 09 Feb 2012 09:01:12 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Securing PHP-FastCGI on Nginx http://scott.yang.id.au/2011/04/securing-php-fastcgi-on-nginx/ http://scott.yang.id.au/2011/04/securing-php-fastcgi-on-nginx/#comments Fri, 08 Apr 2011 08:00:41 +0000 scotty http://scott.yang.id.au/?p=2042 Via Hacker News. Setting up PHP-FastCGI and nginx? Don’t trust the tutorials: check your configuration! I have in fact written quite a few tutorials and published automated scripts that are vulnerable. Seems the easiest way to prevent this issue is by adding a try_files statement (or a if (-f $request_filename) if Nginx -V < 0.7.27) into location ~ \.php block. For example

location ~ \.php$ { # For nginx -V >= 0.7.27
  try_files $uri =404;
  fastcgi_pass localhost:8080;
  ...
}
location ~ \.php$ { # For nginx -V < 0.7.27, i.e. Debian 5
  if (-f $request_filename) {
    fastcgi_pass localhost:8080;
  }
  ...
}
]]> http://scott.yang.id.au/2011/04/securing-php-fastcgi-on-nginx/feed/ 2 WordPress.com From LiteSpeed to Nginx http://scott.yang.id.au/2008/04/wordpresscom-from-litespeed-to-nginx/ http://scott.yang.id.au/2008/04/wordpresscom-from-litespeed-to-nginx/#comments Wed, 16 Apr 2008 00:43:58 +0000 scotty http://scott.yang.id.au/2008/04/wordpresscom-from-litespeed-to-nginx/ shyam: Goodbye Litespeed, hello Nginx, says WordPress.com. Apparently the reason to ditch LiteSpeed for Nginx is, according to Matt M (but no quotes), that WordPress wants to run open source for their full stack. LiteSpeed is a nice (but expensive) async-IO based web server that provides full Apache compatibility (which is not that useful if you just want to serve a single app). Another blow to the proprietary software?

]]> http://scott.yang.id.au/2008/04/wordpresscom-from-litespeed-to-nginx/feed/ 0