See article at https://blog.simos.info/testing-cve-2019-11043-php-fpm-security-vulnerability-with-lxd-system-containers/
October 28, 2019 · View on GitHub
Location: /etc/nginx/sites-enabled/default
server { listen 80 default_server; root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.php;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
location ~ [^/].php(/|$) {
include fastcgi.conf;
regex to split fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+.php)(/.+)$;
Check that the PHP script exists before passing it
#try_files $fastcgi_script_name =404;
Bypass the fact that try_files resets $fastcgi_path_info
see: http://trac.nginx.org/nginx/ticket/321
set fastcgi_path_info; fastcgi_param PATH_INFO $path_info;
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
}