====== Настройка nginx для Yii ======



===== Yii 1.1 =====

Пример из руководства по установке [[https://www.yiiframework.com/doc/guide/1.1/ru/quickstart.apache-nginx-config#nginx|ru]] / [[https://www.yiiframework.com/doc/guide/1.1/en/quickstart.apache-nginx-config#nginx|en]]

<hidden yii 1.1 nginx>
<code>
server {
    set $host_path "/www/mysite";
    access_log  /www/mysite/log/access.log  main;

    server_name  mysite;
    root   $host_path/htdocs;
    set $yii_bootstrap "index.php";

    charset utf-8;

    location / {
        index  index.html $yii_bootstrap;
        try_files $uri $uri/ /$yii_bootstrap?$args;
    }

    location ~ ^/(protected|framework|themes/\w+/views) {
        deny  all;
    }

    # отключаем обработку запросов фреймворком к несуществующим статичным файлам
    location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
        try_files $uri =404;
    }

    # передаем PHP-скрипт серверу FastCGI, прослушивающему адрес 127.0.0.1:9000
    location ~ \.php {
        fastcgi_split_path_info  ^(.+\.php)(.*)$;

        # позволяем yii перехватывать запросы к несуществующим PHP-файлам
        set $fsn /$yii_bootstrap;
        if (-f $document_root$fastcgi_script_name){
            set $fsn $fastcgi_script_name;
        }

        fastcgi_pass   127.0.0.1:9000;
        include fastcgi_params;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fsn;

        # PATH_INFO и PATH_TRANSLATED могут быть опущены, но стандарт RFC 3875 определяет для CGI
        fastcgi_param  PATH_INFO        $fastcgi_path_info;
        fastcgi_param  PATH_TRANSLATED  $document_root$fsn;
    }

    # не позволять nginx отдавать файлы, начинающиеся с точки (.htaccess, .svn, .git и прочие)
    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }
}
</code>
</hidden>\\

===== Yii 2 =====

https://www.nginx.com/resources/wiki/start/topics/recipes/yii/

Recommended Nginx Configuration
  * https://www.yiiframework.com/doc/guide/2.0/en/start-installation#recommended-nginx-configuration
  * https://github.com/yiisoft/yii2/blob/master/docs/guide/start-installation.md

<hidden recommended nginx>
<code>
server {
    charset utf-8;
    client_max_body_size 128M;

    listen 80; ## listen for ipv4
    #listen [::]:80 default_server ipv6only=on; ## listen for ipv6

    server_name mysite.test;
    root        /path/to/basic/web;
    index       index.php;

    access_log  /path/to/basic/log/access.log;
    error_log   /path/to/basic/log/error.log;

    location / {
        # Redirect everything that isn't a real file to index.php
        try_files $uri $uri/ /index.php$is_args$args;
    }

    # uncomment to avoid processing of calls to non-existing static files by Yii
    #location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
    #    try_files $uri =404;
    #}
    #error_page 404 /404.html;

    # deny accessing php files for the /assets directory
    location ~ ^/assets/.*\.php$ {
        deny all;
    }

    location ~ \.php$ {
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_pass 127.0.0.1:9000;
        #fastcgi_pass unix:/var/run/php5-fpm.sock;
        try_files $uri =404;
    }

    location ~* /\. {
        deny all;
    }
}
</code>
</hidden>\\

===== Таймауты и буферы =====

По советам Yii гуру

buffer

<code>
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
</code>

timeout

<code>
fastcgi_connect_timeout 600s;
fastcgi_send_timeout    600s;
fastcgi_read_timeout    600s;
</code>

Оффтоп для Apache

<code>
proxy_connect_timeout 900;
proxy_send_timeout    900;
proxy_read_timeout    900;
send_timeout          900;
</code>

===== Закрыть прямой доступ к каталогам yii =====

==== Для версии yii1 ====

<code>
location ~ ^/(protected|framework|themes/\w+/views) {
        deny  all;
    }
</code>

==== Для версии yii2 ====

<code>
location ~ ^/assets/.*\.php$ {
        deny all;
    }

location ~ /(protected|service|static|tools|vendor) {
        deny all;
        access_log off;
        log_not_found off;
    }
</code>

===== Secure cookie =====

  * [[https://github.com/yiisoft/yii2/issues/13486|how to set security flags (httpOnly and secure) for ALL cookies]]
  * [[https://forum.yiiframework.com/t/csrf-and-phpsessid-cookies-set-secure-flag-to-true/126930|_csrf and phpsessid cookies- set secure flag to true]]

Пример

<code php>
'components' => [
        'session' => [
            'cookieParams' => [
                'httpOnly' => true,
                'secure' => true
            ]
        ],
        'cookies' => [
            'class' => 'yii\web\Cookie',
            'httpOnly' => true,
            'secure' => true
        ],
        'request' => [
            ....
            'csrfCookie' => [
                'httpOnly' => true,
                'secure' => true
            ]
        ],
        'user' => [
            ....
            'identityCookie' => [
                'name' => '_identity',
                'httpOnly' => true,
                'secure' => true,
            ],
        ],
</code>

===== Ссылки =====

  * [[https://ruhighload.com/Конфигурация+nginx+для+yii|Конфигурация Nginx для Yii / ruhighload]]
  * [[https://www.yiiframework.com/wiki/153/using-yii-with-nginx-and-php-fpm|Using Yii with Nginx and PHP-FPM / Yii Framework Wiki]]
  * [[https://www.zagirov.name/post/configure-netbeans-to-yii-with-xdebug-unit-tests/|Настройка Netbeans для yii с поддержкой xdebug]] / примеры для nginx и fpm
  * [[https://perfect-inc.com/blog/permissions-denied-v-yii/|Permissions Denied в Yii]] или как правильно настроить fpm
  * [[https://klisl.com/yii2-logs.html|Yii2 - логирование. Практическое использование.]]

{{tag>yii nginx php}}