nginx結合php實現高階配置詳解
內容概要:
一. nginx.conf
vim /usr/local/nginx/conf/nginx.conf //清空原來的配置,加入如下內容:
user nobody nobody;
worker_processes 2;
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 6000;
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 3526;
server_names_hash_max_size 4096;
log_format combined_realip `$remote_addr $http_x_forwarded_for [$time_local]`
`$host “$request_uri” $status`
`”$http_referer” “$http_user_agent”`;
sendfile on;
tcp_nopush on;
keepalive_timeout 30;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 8 4k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
client_max_body_size 10m;
client_body_buffer_size 256k;
client_body_temp_path /usr/local/nginx/client_body_temp;
proxy_temp_path /usr/local/nginx/proxy_temp;
fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
fastcgi_intercept_errors on;
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css text/htm application/xml;
server
{
listen 80;
server_name localhost;
index index.html index.htm index.php;
root /usr/local/nginx/html;
location ~ .php$ {
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
}
}
}
二. php-fpm.conf
vim /usr/local/php/etc/php-fpm.conf //把之前的內容清空,然後寫入如下配置:
[global]
pid = /usr/local/php/var/run/php-fpm.pid
error_log = /usr/local/php/var/log/php-fpm.log
[www]
listen = /tmp/php-fcgi.sock
user = php-fpm
group = php-fpm
listen.owner = nobody //和後面的nginx的一致
listen.group = nobody // 同上
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
配置多個pool
[global]
…
…
[domain1.com]
…
…
…
[domain2.com]
…
…
…
慢執行日誌
slowlog = /path/to/slow.log
request_slowlog_timeout = 1
open_basedir
php_admin_value[open_basedir]=/data/www/:/tmp/
動態、靜態子程式pm = static/dynamic
如果選擇static,則由pm.max_children指定固定的子程式數。
如果選擇dynamic,則由以下引數決定:
pm.max_children ,子程式最大數
pm.start_servers ,啟動時的程式數
pm.min_spare_servers ,保證空閒程式數最小值,如果空閒程式小於此值,則建立新的子程式
pm.max_spare_servers ,保證空閒程式數最大值,如果空閒程式大於此值,此進行清理
對於專用伺服器,pm可以設定為static。
三. nginx高階配置
1. 配置第二個虛擬主機
可以在nginx.conf 加一行
include vhosts/*.conf;
這樣,我們就可以在 /usr/local/nginx/conf/vhosts目錄下建立虛擬主機配置檔案了。mkdir /usr/local/nginx/conf/vhosts
cd !$
vim 111.conf // 加入
server
{
listen 80;
server_name 111.com;
index index.html index.htm index.php;
root /data/www2;
location ~ .php$ {
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/www2$fastcgi_script_name;
}
}
2. 驗證預設虛擬主機
listen 80 default_server;
3. 使用者認證
首先需要安裝apache,可以使用yum install httpd 安裝
生成密碼檔案,建立使用者
htpasswd -c /usr/local/nginx/conf/htpasswd test // 新增test使用者,第一次新增時需要加-c引數,第二次新增時不需要-c引數
在nginx的配置檔案中新增
location / {
root /data/www/wwwroot/count;
auth_basic “Auth”;
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
4. 域名重定向
server_name abcd.com www.abcd.com;
if ($host != `www.abcd.com` ) {
rewrite ^/(.*)$ http://www.abcd.com/$1 permanent;
}
5. 日誌切割:
編寫指令碼:
vim /usr/local/sbin/logrotate.sh //加入
#! /bin/bash
datedir=`date +%Y%m%d`
/bin/mkdir /home/logs/$datedir >/dev/null 2>&1
/bin/mv /home/logs/*.log /home/logs/$datedir
/bin/kill -HUP `cat /var/run/nginx.pid`
日誌格式
log_format main `$remote_addr – $remote_user [$time_local] $request `
`”$status” $body_bytes_sent “$http_referer” `
`”$http_user_agent” “$http_x_forwarded_for”`;
log_format main1 `$proxy_add_x_forwarded_for – $remote_user [$time_local] `
`”$request” $status $body_bytes_sent `
`”$http_referer” “$http_user_agent”`; //此日誌格式為,ip不僅記錄代理的ip還記錄遠端客戶端真實IP。
錯誤日誌error_log日誌級別
error_log 級別分為 debug, info, notice, warn, error, crit 預設為crit, 該級別在日誌名後邊定義格式如下:
error_log /your/path/error.log crit;
crit 記錄的日誌最少,而debug記錄的日誌最多。如果你的nginx遇到一些問題,比如502比較頻繁出現,但是看預設的error_log並沒有看到有意義的資訊,那麼就可以調一下錯誤日誌的級別,當你調成error級別時,錯誤日誌記錄的內容會更加豐富。
6. 靜態檔案不記錄日誌,配置快取
location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
access_log off;
}
location ~ .*.(js|css)$
{
expires 12h;
access_log off;
}
7. 防盜鏈
在 nginx.conf中的server部分中新增如下程式碼
location ~* ^.+.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ {
valid_referers none blocked server_names *.taobao.com *.baidu.com *.google.com *.google.cn *.soso.com ; // 對這些域名的網站不進行盜鏈。
if ($invalid_referer) {
# return 403;
rewrite ^/ http://www.example.com/nophoto.gif;
}
}
說明:如果前面配置中已經加了 location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
access_log off;
}
那麼會和這一部分重複,這時候上面的生效,所以,我們需要把兩者合在一起。如下:
location ~* ^.+.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
{
expires 30d;
valid_referers none blocked server_names *.taobao.com *.baidu.com *.google.com *.google.cn *.soso.com ; // 對這些域名的網站不進行盜鏈。
if ($invalid_referer) {
# return 403;
rewrite ^/ http://www.example.com/nophoto.gif;
}
access_log off;
}
8. 訪問控制
限制只讓某個ip訪問
allow 219.232.244.234;
deny all;
禁止某個IP或者IP段訪問站點的設定方法
首先建立下面的配置檔案放在nginx的conf目錄下面,命名為deny.ip
cat deny.ip
deny 192.168.1.11;
deny 192.168.1.123;
deny 10.0.1.0/24;
在nginx的配置檔案nginx.conf中加入:
include deny.ip;
重啟一下nginx的服務:/usr/local/nginx/sbin/nginx reload 就可以生效了。
deny.ip 的格式中也可以用deny all;
如果你想實現這樣的應用,除了幾個IP外,其他全部拒絕,
那需要你在deny.ip 中這樣寫
allow 1.1.1.1;
allow 1.1.1.2;
deny all;
有時候會根據目錄來限制php解析:
location ~ .*(diy|template|attachments|forumdata|attachment|image)/.*.php$
{
deny all;
}
使用 user_agent 控制客戶端訪問
location /
{
if ($http_user_agent ~ `bingbot/2.0|MJ12bot/v1.4.2|Spider/3.0|YoudaoBot|Tomato|Gecko/20100315`){
return 403;
}
}
9 nginx 代理
server {
listen 80;
server_name aaa.com;
location / {
proxy_pass http://2.2.2.2/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# access_log /home/logs/aaa_access.log combined;
}
如果後端的機器有多臺
upstream bbb
{
server 1.2.3.1:80;
server 1.2.3.4:80;
}
server {
listen 80;
server_name bbb.com;
location / {
proxy_pass http://bbb/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# access_log /home/logs/bb_access.log combined;
}
代理一個伺服器上所有域名
首先在vhosts目錄下需要建立兩個檔案,一個是servername 列表檔案,一個是虛擬主機配置檔案
兩個檔案內容分別為
(1) servername
server_name www.123.net.cn www.alsdjfl.com www.asdfa1.com; //就這麼簡單一行,當然這個server_name 還可以繼續新增的
(2) 虛擬主機配置檔案
server {
listen 80;
include vhosts/servername; // 這裡的檔案就是上邊那個servername列表檔案
location / {
proxy_pass http://1.2.1.2/; //這裡就是需要做代理的伺服器ip地址了
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log /dev/null;
}
論壇配置例項
server
{
listen 80;
server_name www.1.com www.a.com www.b.com;
#域名跳轉
if ($host != `www.a.com` ) {
rewrite ^/(.*)$ http://www.a.com/$1 permanent;
}
index index.html index.htm index.php;
root /data/www;
# location /uc_server/ {
# auth_basic “Auth”;
# auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
# }
#黑名單
# deny 127.0.0.1;
# allow all;
#白名單
# allow 127.0.0.1;
# allow 192.168.31.141;
# deny all;
#某個目錄下限制ip
location /uc_server/ {
allow 192.168.31.0/24;
deny all;
location ~ .php$ {
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
}
}
#針對目錄限制php解析
location ~ .*(diy|template|attachments|forumdata|attachment|image)/.*.php$
{
deny all;
}
#根據user_agent控制
if ($http_user_agent ~ `bingbot/2.0|MJ12bot/v1.4.2|Spider/3.0|YoudaoBot|Tomato|Gecko/20100315`){
return 403;
}
location ~ .php$ {
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
}
#快取時間
# location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$
# {
# expires 30d;
# access_log off;
# }
location ~ .*.(js|css)?$
{
expires 12h;
access_log off;
}
#防盜鏈
location ~* ^.+.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ {
expires 10d;
valid_referers none blocked server_names *.1.com *.a.com *.b.com *.baidu.com
*.google.com *.google.cn *.soso.com ;
if ($invalid_referer) {
return 403;
#rewrite ^/ http://www.example.com/nophoto.gif;
}
access_log off;
}
# 偽靜態rewrite規則
rewrite ^([^.]*)/topic-(.+).html$ $1/portal.php?mod=topic&topic=$2 last;
rewrite ^([^.]*)/forum-(w+)-([0-9]+).html$ $1/forum.php?mod=forumdisplay&fid=$2&page=$3 last;
rewrite ^([^.]*)/thread-([0-9]+)-([0-9]+)-([0-9]+).html$ $1/forum.php?mod=viewthread&tid=$2&extra=page%3D$4&page=$3 last;
rewrite ^([^.]*)/group-([0-9]+)-([0-9]+).html$ $1/forum.php?mod=group&fid=$2&page=$3 last;
rewrite ^([^.]*)/space-(username|uid)-(.+).html$ $1/home.php?mod=space&$2=$3 last;
rewrite ^([^.]*)/(fid|tid)-([0-9]+).html$ $1/index.php?action=$2&value=$3 last;
#docment_uri
# if ($document_uri !~ `abc`)
# {
# rewrite ^/(.*)$ /abc/$1 redirect;
# }
access_log /home/logs/discuz.log combined_realip;
}
本文轉自super李導51CTO部落格,原文連結:http://blog.51cto.com/superleedo/1890327 ,如需轉載請自行聯絡原作者
相關文章
- Nginx高階功能詳解Nginx
- 7. Nginx實現高可用配置Nginx
- 高階資料結構詳解資料結構
- Nginx和php的結合NginxPHP
- nginx配置詳解Nginx
- 微信小程式結合php後臺實現登入授權機制詳解微信小程式PHP
- Nginx 高階篇(三)負載均衡的實現Nginx負載
- Nginx配置檔案nginx.conf中文詳解(總結)Nginx
- nginx的高階配置(5)——訪問控制Nginx
- dockerfile構建nginx並結合phpDockerNginxPHP
- Nginx實現叢集的負載均衡配置過程詳解Nginx負載
- PHP高階語法總結PHP
- Nginx目錄結構與配置檔案詳解Nginx
- Nginx日誌配置詳解Nginx
- nginx配置檔案詳解Nginx
- 深入Nginx + PHP 快取詳解NginxPHP快取
- nginx 詳解 – 詳細配置說明Nginx
- nginx 詳解 - 詳細配置說明Nginx
- 配置nginx+php+MT4.2總結NginxPHP
- Nginx 高階用法Nginx
- Nginx 高階篇(一)反向代理實現動靜分離Nginx
- Laravel 結合 Redis 實現 PHP 定時器LaravelRedisPHP定時器
- Nmap在實戰中的高階用法(詳解)
- Nginx的配置檔案詳解Nginx
- Nginx如何配置HTTPS詳解NginxHTTP
- Nginx location配置詳細解釋Nginx
- Nginx安裝及配置詳解Nginx
- Nginx 配置檔案 nginx.conf 詳解Nginx
- PHP中php.ini配置詳解PHP
- React HOC高階元件詳解React元件
- C#高階–反射詳解C#反射
- php-fpm 配置詳解PHP
- Nginx的高階使用Nginx
- nginx高階篇rewriteNginx
- react進階系列:高階元件詳解(三)React元件
- nginx + tomcat 叢集配置詳解, 實現負載均衡 URLRewrite Session複製NginxTomcat負載Session
- PHP 協程實現過程詳解PHP
- 資料結構高階--AVL(平衡二叉樹)(圖解+實現)資料結構二叉樹圖解