clue
Prevent serving unparsed php files via nginx proxy.
Currently, if using nginx as a reverse proxy with the described configuration, PHP files in the public folder are served as-it (unparsed) to the client, because the try_files instruction in the nginx configuration finds the file (e.g. index.php). To avoid this behavior we must instruct nginx to pass any file ending with .php as a route to X. That does not mean that X will parse this file, and as long as not appropriate route is defined (e.g. $app->get('/index.php', ...) X will just respond with a 404 error page, but at least no PHP code is leaked.
@virtuelle-maschine Thank you for looking into this, I agree that the existing documentation looks wrong.
It looks like your suggested changes would address this particular problem, but I wonder how we could ensure we have a configuration that is well tested and covers all basic needs? I would love to have some more input and/or some overview what configuration other projects recommend.
