配置静态文件不记录日志并添加过期时间
配置
#vi /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen 80;
server_name test.comtest1.com test2.com;
index index.html index.htm index.php;
root/data/nginx/test.com;
if($host!='test.com'){
rewrite^(.*)$http://test.com/$1 permanent;
}
location~.*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 7d;
access_log off;
}
location ~.*\.(js|css)$
{
expires 12h;
}
access_log/tmp/1.logcombined_realip;
}
#/usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file/usr/local/nginx/conf/nginx.conf test is successful
#echo "11111" >/data/nginx/test.com/1.js
//创建js文件
#echo"22222">/data/nginx/test.com/2.jpg
//创建jpg文件
#touch/data/nginx/test.com/1.jss
//创建一个对比的文件
检验测试
#curl-I-x127.0.0.1:80test.com/1.js
状态码200
#curl-I-x127.0.0.1:80test.com/2.jpg
状态码200
#curl-I-x127.0.0.1:80test.com/1.jss
状态码200
#cat/tmp/1.log
查看日志
Nginx防盗链
配置
#vi /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen80;
server_nametest.comtest1.comtest2.com;
indexindex.htmlindex.htmindex.php;
root/data/nginx/test.com;
if($host!='test.com'){
rewrite^(.*)$http://test.com/$1permanent;
}
location~.*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires7d;
valid_referersnoneblockedserver_names*.test.com;
if($invalid_referer){
return403;
//如果来源网址的不是test.com的域名,则返回403
}
access_log/tmp/1.logcombined_realip;
}
}
#/usr/local/nginx/sbin/nginx -t
nginx: the configuration file/usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
#/usr/local/nginx/sbin/nginx -s reload
# service nginx stop
#service nginx start
检验测试
#curl -x127.0.0.1:80 -e"http://test.com/1.txt" test.com/2.jpg -I
状态码200
#curl-x127.0.0.1:80 -e"http://aaa.com/1.txt" test.com/2.jpg -I
状态码403
测试成功
访问控制
配置
#vi /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen 80;
server_nametest.comtest1.com test2.com;
index index.htmlindex.htm index.php;
root/data/nginx/test.com;
location/admin/
{
allow 192.168.63.139;
allow 127.0.0.1;
deny all;
}
}
//使访问admin目录下只允许192.168.63.139和127.0.0.1访问
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
#mkdir /data/nginx/test.com/admin
#echo "123" >/data/nginx/test.com/admin/1.html
检验测试
#curl -x127.0.0.1:80 test.com/admin/1.html
123
#curl -x192.168.188.128:80test.com/admin/1.html
状态码403
测试成功
Nginx 解析 PHP
配置
#vi /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen 80;
server_nametest.com test1.com test2.com;
indexindex.html index.htmindex.php;
root /data/nginx/test.com;
if ($host!='test.com') {
rewrite^/(.*)$http://test.com/$1 permanent;
}
location~\.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_paramSCRIPT_FILENAME/data/nginx/test.com$fastcgi_script_name;
}
access_log/tmp/1.logcombined_realip;
}
//fastcgi_pass用来指定php-fpm的地址
# vim /data/nginx/test.com/3.php
<?php
phpinfo();
?>
# curl -x192.168.63.139:80test.com/3.php
<?php
phpinfo();
?>
重新加载nginx
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
# curl -x192.168.63.139:80 test.com/3.php
php-fpm
php-fpm的pool
php-fpmpool是php-fpm的进程池,这个进程池中运行了多个子进程,用来并发处理
所有连接的动态请求。为什么要配置多个pool?Nginx接收到php动态请求会传给
php-fpm处理,php-fpm调用pool中的子进程来处理动态请求,如果这个pool资源
耗尽,会导致其他站点无法访问资源,报502错误,因此有必要设置多个php-fpmpool。
Nginx可以配置多个主机,php-fpm也可以配置多个pool。
首先对php-fpm.conf做一个修改
#vim /usr/local/php-fpm/etc/php-fpm.conf
include=etc/php-fpm.d/*.con
include这行比较特殊,后面路径必须写上etc目录
然后创建配置文件目录和子配置文件:
#mkdir /usr/local/php-fpm/etc/php-fpm.d
#cd /usr/local/php-fpm/etc/php-fpm.d
#vim www.conf
[www]
listen=/tmp/php-fcgi.sock
listen.mode=666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
保存后再编辑另外的配置文件:
#vim aming.conf
//写下如下内容
[aming]
listen = /tmp/aming.sock
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
下面验证配置是否有问题
#/usr/local/php-fpm/sbin/php-fpm -t
然后来重启一下php-fpm服务
#/etc/init.d/php-fpm restart
再来查看一下/tmp/*.sock
#ls /tmp/*.sock
#ps aux|grep php
php-fpm的慢执行日志
通过慢执行日志,我们可以清晰地了解PHP脚本在哪里执行时间长,可以定位到行
下面介绍如何开启和查看慢执行日志
#vim /usr/local/php-fpm/etc/php-fpm.d/www.conf
request_slowlog_timeout = 1
slowlog = /usr/local/php-fpm/var/log/www-slow.log
//第一行定义超时时间,即超过一秒就会被记录日志
//第二行定义慢执行日志的路径和名字
# /etc/init.d/php-fpm reload
# ls /usr/local/php-fpm/var/log/
模拟一个慢执行脚本
# vim /data/nginx/test.com/sleep.php
<?php
echo "testslowlog";
sleep(2);
echo "done";
?>
#curl -x127.0.0.1:80test.com/sleep.php
#cat /usr/local/php-fpm/var/log/www-slow.log