1: 前言 以前debian作开发机server是apache,工作需要切换到nginx,有时候两个都要使用。作个简单的笔记。注意,本文仅仅是在debian 7(wheezy) 上。其它OS有其它OS的配置和安装,不能保证一致性。apache的安装配置就参考前面发的文章了。 2: 安装 nginx ph
1:前言
以前debian作开发机server是apache,工作需要切换到nginx,有时候两个都要使用。作个简单的笔记。注意,本文仅仅是在debian 7(wheezy) 上。其它OS有其它OS的配置和安装,不能保证一致性。apache的安装配置就参考前面发的文章了。
2:安装 nginx php5-cgi php5-fpm spawn-fcgi
#apt-get install nginx nginx-full nginx-common php5-cgi php5-fpm spawn-fcgi
3:配置各个的php.ini
可以#cd /etc/php5 里面看见,
有
/etc/php5/apache2/php.ini
/etc/php5/cgi/php.ini
/etc/php5/cli/php.ini
/etc/php5/fpm/php.ini 分别对应不同的php.ini 配置
#vim /etc/php5/cgi/php.ini 去掉cgi.fix-pathinfo=1 的注释
4:配置nginx.conf
在/etc/nginx/nginx.conf
把下面的复制进去, 或者你可以对比下修改
user www-data; worker_processes 12; pid /var/run/nginx.pid; worker_rlimit_nofile 51200; events { worker_connections 30760; # multi_accept on; } http { ## # Basic Settings ## sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 60; types_hash_max_size 2048; client_max_body_size 80m; # server_tokens off; # server_names_hash_bucket_size 64; # server_name_in_redirect off; include /etc/nginx/mime.types; default_type application/octet-stream; ## # Logging Settings ## access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; fastcgi_connect_timeout 300; fastcgi_send_timeout 300; fastcgi_read_timeout 300; fastcgi_buffer_size 64k; fastcgi_buffers 4 64k; fastcgi_busy_buffers_size 128k; fastcgi_temp_file_write_size 128k; ## # Gzip Settings ## gzip on; gzip_disable "msie6"; gzip_vary on; gzip_min_length 1k; # gzip_proxied any; gzip_comp_level 2; gzip_buffers 4 16k; gzip_http_version 1.1; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; ## # nginx-naxsi config ## # Uncomment it if you installed nginx-naxsi ## #include /etc/nginx/naxsi_core.rules; ## # nginx-passenger config ## # Uncomment it if you installed nginx-passenger ## #passenger_root /usr; #passenger_ruby /usr/bin/ruby; ## # Virtual Host Configs ## include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; } #mail { # # See sample authentication script at: # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript # # # auth_http localhost/auth.php; # # pop3_capabilities "TOP" "USER"; # # imap_capabilities "IMAP4rev1" "UIDPLUS"; # # server { # listen localhost:110; # protocol pop3; # proxy on; # } # # server { # listen localhost:143; # protocol imap; # proxy on; # } #}
5: 配置default
在/etc/nginx/sites-available/default, 注意,下面我的配置文件写了两个 注释掉了 php5-cgi 的, 打开了php5-fpm的。 我这里用的是php5-fpm
如果你需要用spawn-fcgi,就需要php5-cgi 加########的那段。/home/www 是我的www目录。你可以对着改成你的www目录。root /home/www 这里也是。 我打开了自动索引,autoindex这个。
# You may add here your # server { # ... # } # statements for each of your virtual hosts to this file ## # You should look at the following URL's in order to grasp a solid understanding # of Nginx configuration files in order to fully unleash the power of Nginx. # http://wiki.nginx.org/Pitfalls # http://wiki.nginx.org/QuickStart # http://wiki.nginx.org/Configuration # # Generally, you will want to move this file somewhere, and start with a clean # file but keep this around for reference. Or just disable in sites-enabled. # # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. ## log_format access '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" $http_x_forwarded_for'; server { #listen 80; ## listen for ipv4; this line is default and implied #listen [::]:80 default_server ipv6only=on; ## listen for ipv6 root /home/www; index index.html index.htm index.php; # Make site accessible from http://localhost/ server_name localhost; charset utf-8; #server_name _test1.com _test2.com _test3.com #error_page 400 /errpage/400.html; #error_page 403 /errpage/403.html; #error_page 404 /errpage/404.html; location ~ .*\.(git|jpg|jpeg|png|bmp|swf)$ { expires 1d; } location ~ .*\.(js|css)?$ { expires 1h; } location / { autoindex on; autoindex_exact_size on; autoindex_localtime on; # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ /index.html; # Uncomment to enable naxsi on this location # include /etc/nginx/naxsi.rules } location /doc/ { alias /usr/share/doc/; autoindex on; allow 127.0.0.1; allow ::1; deny all; } # Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests #location /RequestDenied { # proxy_pass http://127.0.0.1:8080; #} #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # #error_page 500 502 503 504 /50x.html; #location = /50x.html { # root /usr/share/nginx/www; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # fastcgi_split_path_info ^(.+\.php)(/.+)$; # # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini # # # With php5-cgi alone: # fastcgi_pass 127.0.0.1:9000; # # With php5-fpm: # fastcgi_pass unix:/var/run/php5-fpm.sock; # fastcgi_index index.php; # include fastcgi_params; #} location ~ \.php$ { #######with php5-cgi#################### #fastcgi_pass 127.0.0.1:9000; ######################################## #######with php5-fpm#################### fastcgi_pass unix:/var/run/php5-fpm.sock; ######################################## fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /home/www$fastcgi_script_name; include fastcgi_params; } access_log /var/log/nginx/access.log access; # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # root html; # index index.html index.htm; # # location / { # try_files $uri $uri/ =404; # } #} # HTTPS server # #server { # listen 443; # server_name localhost; # # root html; # index index.html index.htm; # # ssl on; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # # ssl_session_timeout 5m; # # ssl_protocols SSLv3 TLSv1; # ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; # ssl_prefer_server_ciphers on; # # location / { # try_files $uri $uri/ =404; # } #}
6:启动
启动模式有几种,可以是spawn-fcgi 或者是php5-fpm 或者还是apache
如果是自启动php-fpm ,
可以通过sysv-rc-conf 工具查看是否在开机启动里面 (#apt-get install sysv-rc-conf), 默认是在的
关掉spawn-fcgi 或者php5-fpm
spawn-fcgi
#netstat -anp | grep 9000
#killall -HUP php5-cgi
php5-fpm
#/etc/init.d/php5-fpm stop
如果想要spawn-fcgi 支持/etc/init.d/
开机自启动spawn-fcgi 模式
#vim /etc/rc.local 增加
/usr/bin/spawn-fcgi -a 127.0.0.1 -p 9000 -u www-data -g www-data -f /usr/bin/php5-cgi -P /var/run/fastcgi-php.pid -C 4
参数根据你机器性能来,我这里是测试机。
创建系统启动停止命令
#cd /etc/init.d/
#touch fastcgi
把下面的文件保存到刚才创建的fastcgi, 就可以支持 /etc/init.d/fastcgi start|stop|reload 等操作了
#!/bin/bash # DESC: NGINX php5 FastCGI(spawn-fcgi) init shell script PROVIDES=php5-cgi LIGHTTPD_FCGI=/usr/bin/spawn-fcgi SERVER_IP=127.0.0.1 SERVER_PORT=9000 SERVER_USER=www-data SERVER_GROUP=www-data PHP_CGI=/usr/bin/php5-cgi KILLALL=/usr/bin/killall . /lib/lsb/init-functions cmd=$1 pcgi_start(){ echo "Starting $PROVIDES..." $LIGHTTPD_FCGI -a $SERVER_IP -p $SERVER_PORT -u $SERVER_USER -g $SERVER_GROUP -f $PHP_CGI -C 15 -P /var/run/fastcgi-php.pid echo "Done." } pcgi_stop(){ echo "Killing $PROVIDES..." $KILLALL $PROVIDES echo "Done." } pcgi_restart(){ pcgi_stop pcgi_start } pcgi_status(){ status_of_proc -p /var/run/fastcgi-php.pid "/usr/bin/php5-cgi" php5-cgi && exit 0 || exit $? } pcgi_help(){ echo "Usage: $0 {start|stop|restart|status}" } case ${cmd} in [Ss][Tt][Aa][Rr][Tt]) pcgi_start;; [Ss][Tt][Oo][Pp]) pcgi_stop;; [Rr][Ee][Ss][Tt][Aa][Rr][Tt]) pcgi_restart;; [Ss][Tt][Aa][Tt][Uu][Ss]) pcgi_status ;; *) pcgi_help ;; esac
如果要停止php5-fpm切换到spawn-fcgi
#/etc/init.d/php5-fpm stop
编辑/etc/nginx/sites-available/default 把php5-fpm
#fastcgi_pass unix:/var/run/php5-fpm.sock;
注释掉,打开php5-fcgi 那个
fastcgi_pass 127.0.0.1:9000;
保存
重启nginx 配置
#/etc/init.d/nginx reload
查看phpinfo
如果要停止掉php5-fpm 类似,如果要关掉nginx启用apache更简单了
#/etc/init.d/nginx stop
#/etc/init.d/apache2 restart
7: 如果需要配置多个不同的项目,可以在/etc/nginx/nginx.conf 里面的
include /etc/nginx/sites-enabled/*; 这里改成其他的子配置文件,到时根据需求方便切换。然后/etc/init.d/nginx reload 就可以了
8: 如果想要apache和nginx都同时可以工作, 这里我们让nginx走80端口, apache走8080, 修改/etc/apache/ports.conf文件, 改80为8080, 同理还要修改/etc/apache/site-available/里面的虚拟主机的端口为8080
NameVirtualHost *:8080
Listen 8080
重启apache即可通过xxx.xxx.xxx.xxx:8080来访问了
9: 如果nginx 和php5-fpm 搭配的时候访问php页面报502, 检查/etc/php5/fpm/pool.d/www.conf 里面的配置,
比如, 因为我的www目录授权是给的tom, 所以这里要修改. 保存后重启fpm和nginx即可.
listen.owner = tom
listen.group = tom
listen = /var/run/php5-fpm.sock;
listen.allowed_clients = 127.0.0.1
10: 如果要关掉nginx和php的版本号显示, 防止别人来嗅探对应的版本的漏洞.
nginx在http那段, 把 server_tokens off; 开启
并且把对应的/etc/nginx/fastcgi_params 删除掉$nginx_version
fastcgi_param SERVER_SOFTWARE nginx;
然后去关掉所有的php的版本, 找到php.ini(cgi的,fpm的,cli的,apache的 一共有四份不同的php.ini对应不同的)
把下面的on关闭为off 重启对应的fpm/cgi/apache 和nginx服务器就可以了.
expose_php = Off
curl --head http://127.0.0.1/info.php
会看不到nginx和php的版本信息了.