LNMP架构——open_basedir参数设置

最新推荐文章于 2023-05-13 21:07:31 发布

Mr丶Ding

最新推荐文章于 2023-05-13 21:07:31 发布

阅读量4.4k

点赞数

分类专栏： LNMP架构

本文链接：https://blog.csdn.net/MrDing991124/article/details/79018983

版权

LNMP架构专栏收录该内容

20 篇文章 0 订阅

订阅专栏

open_basedir 的作用是限制php在指定的目录里活动。

效果测试

先测试错误配置时php脚本的效果

[root@dl-001 etc]# vim /usr/local/php-fpm/etc/php-fpm.d/test.conf 
# 将添加的代码内站点错误书写为aaa.com
php_admin_value[open_basedir]=/data/www/aaa.com:/tmp/

重启php-fpm服务

[root@dl-001 etc]# /usr/local/php-fpm/sbin/php-fpm -t
[09-Jan-2018 18:35:50] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful

[root@dl-001 etc]# /etc/init.d/php-fpm restart
Gracefully shutting down php-fpm . done
Starting php-fpm  done

使用curl测试网页访问

# 由于已经设置了open_basedir，网页无法访问
[root@dl-001 etc]# curl -x 127.0.0.1:80 test.com/test.php -I
HTTP/1.1 404 Not Found
Server: nginx/1.12.2
Date: Tue, 09 Jan 2018 10:38:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.6.30

修改正确后验证

[root@dl-001 etc]# vim /usr/local/php-fpm/etc/php-fpm.d/test.conf 
# 将添加的代码错误书写为
php_admin_value[open_basedir]=/data/www/test.com:/tmp/

重启服务并验证

[root@dl-001 etc]# /usr/local/php-fpm/sbin/php-fpm -t
[09-Jan-2018 18:39:10] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful

[root@dl-001 etc]# /etc/init.d/php-fpm restart
Gracefully shutting down php-fpm . done
Starting php-fpm  done

# 成功访问
[root@dl-001 etc]# curl -x 127.0.0.1:80 test.com/test.php -I
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Tue, 09 Jan 2018 10:39:20 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.6.30

php错误日志设置

修复php.ini配置文件，关闭display_errors参数

# 不在浏览器上显示错误信息
display_errors = Off

# 开启错误日志记录
log_errors = On
# 设置存放路径
error_log = /usr/local/php-fpm/var/log/php_errors.log
# 设置错误记录级别
error_reporting = E_ALL

为了防止错误日志无法创建并修改，最好先行创建并给予权限。

[root@dl-001 etc]# touch /usr/local/php-fpm/var/log/php_errors.log
[root@dl-001 etc]# chmod 777 /usr/local/php-fpm/var/log/php_errors.log

为了产生错误信息，先故意写错php代码

[root@dl-001 etc]# touch /usr/local/php-fpm/var/log/php_errors.log
[root@dl-001 etc]# chmod 777 /usr/local/php-fpm/var/log/php_errors.log 
php_admin_value[open_basedir]=/data/www/aaa.com:/tmp/

访问网页，其错误信息如下

[root@dl-001 etc]# curl -x 127.0.0.1:80 test.com/test.php -I
HTTP/1.1 404 Not Found
Server: nginx/1.12.2
Date: Tue, 09 Jan 2018 10:52:01 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.6.30

# 这里明确指出所要访问的网页不在aaa.com站点
[root@dl-001 etc]# cat /usr/local/php-fpm/var/log/php_errors.log 
[09-Jan-2018 10:52:01 UTC] PHP Warning:  Unknown: open_basedir restriction in effect. File(/data/www/test.com/test.php) is not within the allowed path(s): (/data/www/aaa.com:/tmp/) in Unknown on line 0
[09-Jan-2018 10:52:01 UTC] PHP Warning:  Unknown: failed to open stream: Operation not permitted in Unknown on line 0

修改正确后再查看日志(php文件已被解析)

[root@dl-001 etc]# cat /usr/local/php-fpm/var/log/php_errors.log 
...
[09-Jan-2018 10:53:18 UTC] PHP Warning:  phpinfo(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /data/www/test.com/test.php on line 2