So I installed Magento 2.0.5 CE on a nginx machine. All went smoothly. I am now able to log in to admin panel and browse around.
But as soon as i visit http://example.com/setup it redirects me to ../setup/index.php/session/unlogin, displaying the message "Access denied." and destroys the current session, forcing me to re-login to admin panel. Even after clearing all cache, restarting nginx and repeating above steps, same happens. Kinda stuck here now..
2016/04/29 06:41:47 [error] 4808#0: *188 FastCGI sent in stderr: "Access to the script '/var/www/magento/setup/index.php/session/unlogin' has been denied (see security.limit_extensions)" while reading response header from upstream, client: *.*.*.246, server: example.com, request: "GET /setup/index.php/session/unlogin HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "www.example.com"
2016/04/29 06:41:48 [error] 4808#0: *188 FastCGI sent in stderr: "Access to the script '/var/www/magento/setup/index.php/session/unlogin' has been denied (see security.limit_extensions)" while reading response header from upstream, client: *.*.*.246, server: example.com, request: "GET /setup/index.php/session/unlogin HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "www.example.com"
Tried changing /etc/php5/fpm/pool.d/www.conf from
; security.limit_extensions = .php .php3 .php4 .php5
to
security.limit_extensions = .php .php3 .php4 .php5
No luck :(
HELP!
Changing
cgi.fix_pathinfo=0
to
cgi.fix_pathinfo=1
inside php.ini solved the issue. However I will avoid using this option and wait if anyone has a more secure solution.