php-fpm配置,Nginx配置
Nginx配置
默認虛擬主機
修改主組態檔
# vi /usr/local/nginx/conf/nginx.conf
在最后 } 符號上面寫入 include vhost/*.conf;
設定默認虛擬主機
# mkdir /usr/local/nginx/conf/vhost
# cd /usr/local/nginx/conf/vhost
# vi default.conf
server
{
listen 80 default_server; 標記為默認虛擬主機
server_name aaa.com;
index index.html index.htm index.php;
root /data/nginx/default;
}
重新加載組態檔
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# /usr/local/nginx/sbin/nginx -s reload
創建索引頁
# mkdir -p /data/nginx/default/
# echo "default_server" > /data/nginx/default/index.html
測驗
用戶認證
創建一個新的虛擬主機
# cd /usr/local/nginx/conf/vhost/
# vi test.com.conf
server
{
listen 80;
server_name test.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
location /
{
auth_basic "Auth"; 打開認證
auth_basic_user_file /usr/local/nginx/conf/htpasswd; 指定用戶密碼檔案
}
}
安裝httpd
# yum install -y httpd
創建用戶
# htpasswd -c /usr/local/nginx/conf/htpasswd tuitui
重新加載組態檔
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# /usr/local/nginx/sbin/nginx -s reload
測驗
# mkdir /data/nginx/test.com
# echo "test.com" > /data/nginx/test.com/index.html
# curl -I -x127.0.0.1:80 test.com
出現狀態碼401表示該網站需要認證
# systemctl stop firewalld 關閉防火墻
編輯Windows的hosts檔案,最后一行加入 192.168.89.128 test.com
瀏覽器訪問
如果要對某個目錄做用戶認證,修改location后面的路徑
域名重定向
組態檔
# cd /usr/local/nginx/conf/vhost/
# vi test.com.conf
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
if ($host != 'test.com' )
{
rewrite ^/(.*)$ http://test.com/$1 permanent; 永久重定向
}
}
重新加載組態檔
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# /usr/local/nginx/sbin/nginx -s reload
# curl -x127.0.0.1:80 test1.com/123.txt -I
Nginx的訪問日志
查看日志格式
# grep -A2 log_format /usr/local/nginx/conf/nginx.conf
指定訪問日志的路徑
# vi test.com.conf
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
if ($host != 'test.com' )
{
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
access_log /tmp/1.log combined_realip;
}
重新加載組態檔
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# /usr/local/nginx/sbin/nginx -s reload
測驗
# curl -x127.0.0.1:80 test.com/111
# cat /tmp/1.log
日志切割腳本
# vi /usr/local/sbin/nginx_log_rotate.sh
寫入以下內容
#! /bin/bash
d=`date -d "-1 day" +%Y%m%d`
logdir="/data/logs"
nginx_pid="/usr/local/nginx/logs/nginx.pid"
cd $logdir
for log in `ls *.log`
do
mv $log $log-$d
done
/bin/kill -HUP `cat $nginx_pid`
0 0 * * * /bin/bash /usr/local/sbin/nginx_log_rotate.sh
配置靜態檔案不記錄日志并添加過期時間
組態檔
# vi test.com.conf
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
if ($host != 'test.com' )
{
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 7d;
access_log off;
}
location ~ .*\.(js|css)$
{
expires 12h;
access_log off;
}
access_log /tmp/1.log combined_realip;
}
重新加載組態檔
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
測驗程序
創建js檔案
# echo "11111111" > /data/nginx/test.com/1.js
創建jpg檔案
# echo "22222222" > /data/nginx/test.com/2.jpg
創建一個對比的檔案
# touch /data/nginx/test.com/1.jss
訪問js型別的檔案,快取過期時間為12小時
# curl -I -x127.0.0.1:80 test.com/1.js
訪問jpg型別的檔案,快取過期時間為7小時
# curl -I -x127.0.0.1:80 test.com/2.jpg
對比Cache-control對應的時間大小
# curl -I -x127.0.0.1:80 test.com/1.jss
查看訪問日志
# cat /tmp/1.log
Nginx防盜鏈
和日志部分合在一起組態檔
# vi test.com.conf
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
if ($host != 'test.com' )
{
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
{
expires 7d;
valid_referers none blocked server_names *.test.com;
if ($invalid_referer)
{
return 403;
}
}
access_log off;
}
重新加載組態檔
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# /usr/local/nginx/sbin/nginx -s reload
測驗
# curl -x127.0.0.1:80 -I -e "http://aaa.com/1.txt" test.com/2.jpg
# curl -x127.0.0.1:80 -I -e "http://test.com/1.txt" test.com/2.jpg
同時有過期時間和防盜鏈功能
訪問控制
組態檔
(使能訪問admin目錄的請求只允許192.168.89.1和127.0.0.1訪問)
# vi test.com.conf
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
if ($host != 'test.com' )
{
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
location /admin/
{
allow 192.168.89.1;
allow 127.0.0.1;
deny all;
}
}
重新加載組態檔
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# /usr/local/nginx/sbin/nginx -s reload
測驗
# mkdir /data/nginx/test.com/admin
# echo "123" > /data/nginx/test.com/admin/1.html
# curl -x127.0.0.1:80 test.com/admin/1.html
# curl -x192.168.89.128:80 test.com/admin/1.html
拒絕某幾個IP
限制決議PHP
限制user_agent
# vi test.com.conf
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
if ($host != 'test.com' )
{
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
if ($http_user_agent ~ 'Spider/3.0|YoudaoBot|Tomato')
{
return 403;
}
}
重新加載組態檔
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# /usr/local/nginx/sbin/nginx -s reload
Nginx決議PHP
組態檔
# vi test.com.conf
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
if ($host != 'test.com' )
{
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/nginx/test.com$fastcgi_script_name;
}
access_log /tmp/1.log combined_realip;
}
重新加載組態檔
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# /usr/local/nginx/sbin/nginx -s reload
Nginx代理
組態檔
# cd /usr/local/nginx/conf/vhost/
# ping ask.apelearn.com 獲取proxy_pass
# vi proxy.conf
server
{
listen 80;
server_name ask.apelearn.com;
location /
{
proxy_pass http://47.104.7.242/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
重新加載組態檔
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# /usr/local/nginx/sbin/nginx -s reload
測驗
# curl -x127.0.0.1:80 ask.apelearn.com -I
# curl ask.apelearn.com -I
負載均衡
# yum install -y bind-utils 安裝dig命令
# dig www.baidu.com 查看域名對應的IP
測驗
# curl -x61.135.169.125:80 www.baidu.com -I
# curl -x61.135.169.121:80 www.baidu.com -I
組態檔
# vi /usr/local/nginx/conf/vhost/load.conf
upstream baidu_com
{
ip_hash;
server 61.135.169.125:80;
server 61.135.169.121:80;
}
server
{
listen 80;
server_name www.baidu.com;
location /
{
proxy_pass http://baidu_com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
重新加載組態檔
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# /usr/local/nginx/sbin/nginx -s reload
測驗
# curl -x127.0.0.1:80 www.baidu.com -I
Nginx配置SSL
生成自定義的SSL證書
生成私鑰
# openssl genrsa -des3 -out tmp.key 2048
洗掉密碼
# openssl rsa -in tmp.key -out aminglinux.key
生成證書請求檔案
# openssl req -new -key aminglinux.key -out aminglinux.csr
生成GRT證書檔案
# openssl x509 -req -days 365 -in aminglinux.csr -signkey aminglinux.key -out aminglinux.crt
編譯Nginx
# cd /usr/local/src/nginx-1.10.3
# ./configure --prefix=/usr/local/nginx/ --with-http_ssl_module
# make
# make install
組態檔
# vi /usr/local/nginx/conf/vhost/ssl.conf
server
{
listen 443;
server_name aming.com;
index index.html index.php;
root /data/nginx/aming.com;
ssl on;
ssl_certificate aminglinux.crt;
ssl_certificate_key aminglinux.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/nginx/aming.com$fastcgi_script_name;
}
access_log /tmp/1.log combined_realip;
}
重新加載組態檔
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# /usr/local/nginx/sbin/nginx -s reload
創建對應的目錄和測驗檔案
# mkdir /data/nginx/aming.com
# echo "<?php phpinfo(); ?>" > /data/nginx/aming.com/1.php
# /etc/init.d/nginx restart
測驗
到真實電腦上修改hosts,把網站域名指向Linux機器
在最下面增加一行 192.168.89.128 aming.com
用瀏覽器訪問https://aming.com/1.php
php-fpm配置
php-fpm的pool
修改組態檔
# vi /usr/local/php-fpm/etc/php-fpm.conf
創建組態檔目錄和子組態檔
# mkdir /usr/local/php-fpm/etc/php-fpm.d
# cd /usr/local/php-fpm/etc/php-fpm.d
# vi www.conf
[www]
listen=/tmp/www.sock
listen.mode=666
user=php-fpm
group=php-fpm
pm=dynamic 定義php-fpm的子行程啟動模式,dynamic為動態模式
pm.max_children=50
pm.start_servers=20 定義php-fpm服務在啟動服務時產生的子行程數量
pm.min_spare_servers=5 定義在空閑時段子行程數的最少數量
pm.max_spare_servers=35 定義在空閑時段子行程數的最大值
pm.max_requests=500 定義一個子行程最多處理的請求數
rlimit_files=1024
# vi aming.conf
[aming]
listen=/tmp/aming.sock
listen.mode=666
user=php-fpm
group=php-fpm
pm=dynamic
pm.max_children=50
pm.start_servers=20
pm.min_spare_servers=5
pm.max_spare_servers=35
pm.max_requests=500
rlimit_files=1024
兩個pool互不影響
檢驗配置
# /usr/local/php-fpm/sbin/php-fpm -t
[20-Dec-2019 09:19:12] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful
重啟服務
# /etc/init.d/php-fpm restart
查看sock檔案
# ls /tmp/*.sock
php-fpm的慢執行日志
編輯組態檔
# vi /usr/local/php-fpm/etc/php-fpm.d/www.conf
在最后加
request_slowlog_timeout=1
slowlog=/usr/local/php-fpm/var/log/www-slow.log
檢驗配置
# /usr/local/php-fpm/sbin/php-fpm -t
[20-Dec-2019 09:19:12] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful
php-fpm定義open_basedir
編輯組態檔
# vi /usr/local/php-fpm/etc/php-fpm.d/www.conf
在最后加
php_admin_value[open_basedir]=/data/www/:/tmp/
檢驗配置
# /usr/local/php-fpm/sbin/php-fpm -t
[20-Dec-2019 09:19:12] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful
轉載請註明出處,本文鏈接:https://www.uj5u.com/caozuo/143893.html
標籤:Linux
下一篇:學習第七天