1:前言
以前debian作开发机server是apache,工作需要切换到nginx,有时候两个都要使用。作个简单的笔记。注意,本文仅仅是在debian 7(wheezy) 上。其它OS有其它OS的配置和安装,不能保证一致性。apache的安装配置就参考前面发的文章了。
2:安装 nginx php5-cgi php5-fpm spawn-fcgi
#apt-get install nginx nginx-full nginx-common php5-cgi php5-fpm spawn-fcgi
3:配置各个的php.ini
可以#cd /etc/php5 里面看见,
有
/etc/php5/apache2/php.ini
/etc/php5/cgi/php.ini
/etc/php5/cli/php.ini
/etc/php5/fpm/php.ini 分别对应不同的php.ini 配置
#vim /etc/php5/cgi/php.ini 去掉cgi.fix-pathinfo=1 的注释
4:配置nginx.conf
在/etc/nginx/nginx.conf
把下面的复制进去, 或者你可以对比下修改
user www-data;
worker_processes 12;
pid /var/run/nginx.pid;
worker_rlimit_nofile 51200;
events {
worker_connections 30760;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 60;
types_hash_max_size 2048;
client_max_body_size 80m;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_min_length 1k;
# gzip_proxied any;
gzip_comp_level 2;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
##
# nginx-naxsi config
##
# Uncomment it if you installed nginx-naxsi
##
#include /etc/nginx/naxsi_core.rules;
##
# nginx-passenger config
##
# Uncomment it if you installed nginx-passenger
##
#passenger_root /usr;
#passenger_ruby /usr/bin/ruby;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
5: 配置default
在/etc/nginx/sites-available/default, 注意,下面我的配置文件写了两个 注释掉了 php5-cgi 的, 打开了php5-fpm的。 我这里用的是php5-fpm
如果你需要用spawn-fcgi,就需要php5-cgi 加########的那段。/home/www 是我的www目录。你可以对着改成你的www目录。root /home/www 这里也是。 我打开了自动索引,autoindex这个。
# You may add here your
# server {
# ...
# }
# statements for each of your virtual hosts to this file
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
log_format access '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';
server {
#listen 80; ## listen for ipv4; this line is default and implied
#listen [::]:80 default_server ipv6only=on; ## listen for ipv6
root /home/www;
index index.html index.htm index.php;
# Make site accessible from http://localhost/
server_name localhost;
charset utf-8;
#server_name _test1.com _test2.com _test3.com
#error_page 400 /errpage/400.html;
#error_page 403 /errpage/403.html;
#error_page 404 /errpage/404.html;
location ~ .*\.(git|jpg|jpeg|png|bmp|swf)$ {
expires 1d;
}
location ~ .*\.(js|css)?$ {
expires 1h;
}
location / {
autoindex on;
autoindex_exact_size on;
autoindex_localtime on;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.html;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
location /doc/ {
alias /usr/share/doc/;
autoindex on;
allow 127.0.0.1;
allow ::1;
deny all;
}
# Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
#location /RequestDenied {
# proxy_pass http://127.0.0.1:8080;
#}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root /usr/share/nginx/www;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# fastcgi_split_path_info ^(.+\.php)(/.+)$;
# # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
#
# # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php5-fpm:
# fastcgi_pass unix:/var/run/php5-fpm.sock;
# fastcgi_index index.php;
# include fastcgi_params;
#}
location ~ \.php$ {
#######with php5-cgi####################
#fastcgi_pass 127.0.0.1:9000;
########################################
#######with php5-fpm####################
fastcgi_pass unix:/var/run/php5-fpm.sock;
########################################
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /home/www$fastcgi_script_name;
include fastcgi_params;
}
access_log /var/log/nginx/access.log access;
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# root html;
# index index.html index.htm;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
# HTTPS server
#
#server {
# listen 443;
# server_name localhost;
#
# root html;
# index index.html index.htm;
#
# ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
#
# ssl_session_timeout 5m;
#
# ssl_protocols SSLv3 TLSv1;
# ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
# ssl_prefer_server_ciphers on;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
6:启动
启动模式有几种,可以是spawn-fcgi 或者是php5-fpm 或者还是apache
如果是自启动php-fpm ,
可以通过sysv-rc-conf 工具查看是否在开机启动里面 (#apt-get install sysv-rc-conf), 默认是在的
关掉spawn-fcgi 或者php5-fpm
spawn-fcgi
#netstat -anp | grep 9000
#killall -HUP php5-cgi
php5-fpm
#/etc/init.d/php5-fpm stop
如果想要spawn-fcgi 支持/etc/init.d/
开机自启动spawn-fcgi 模式
#vim /etc/rc.local 增加
/usr/bin/spawn-fcgi -a 127.0.0.1 -p 9000 -u www-data -g www-data -f /usr/bin/php5-cgi -P /var/run/fastcgi-php.pid -C 4
参数根据你机器性能来,我这里是测试机。
创建系统启动停止命令
#cd /etc/init.d/
#touch fastcgi
把下面的文件保存到刚才创建的fastcgi, 就可以支持 /etc/init.d/fastcgi start|stop|reload 等操作了
#!/bin/bash
# DESC: NGINX php5 FastCGI(spawn-fcgi) init shell script
PROVIDES=php5-cgi
LIGHTTPD_FCGI=/usr/bin/spawn-fcgi
SERVER_IP=127.0.0.1
SERVER_PORT=9000
SERVER_USER=www-data
SERVER_GROUP=www-data
PHP_CGI=/usr/bin/php5-cgi
KILLALL=/usr/bin/killall
. /lib/lsb/init-functions
cmd=$1
pcgi_start(){
echo "Starting $PROVIDES..."
$LIGHTTPD_FCGI -a $SERVER_IP -p $SERVER_PORT -u $SERVER_USER -g $SERVER_GROUP -f $PHP_CGI -C 15 -P /var/run/fastcgi-php.pid
echo "Done."
}
pcgi_stop(){
echo "Killing $PROVIDES..."
$KILLALL $PROVIDES
echo "Done."
}
pcgi_restart(){
pcgi_stop
pcgi_start
}
pcgi_status(){
status_of_proc -p /var/run/fastcgi-php.pid "/usr/bin/php5-cgi" php5-cgi && exit 0 || exit $?
}
pcgi_help(){
echo "Usage: $0 {start|stop|restart|status}"
}
case ${cmd} in
[Ss][Tt][Aa][Rr][Tt]) pcgi_start;;
[Ss][Tt][Oo][Pp]) pcgi_stop;;
[Rr][Ee][Ss][Tt][Aa][Rr][Tt]) pcgi_restart;;
[Ss][Tt][Aa][Tt][Uu][Ss]) pcgi_status ;;
*) pcgi_help ;;
esac
如果要停止php5-fpm切换到spawn-fcgi
#/etc/init.d/php5-fpm stop
编辑/etc/nginx/sites-available/default 把php5-fpm
#fastcgi_pass unix:/var/run/php5-fpm.sock;
注释掉,打开php5-fcgi 那个
fastcgi_pass 127.0.0.1:9000;
保存
重启nginx 配置
#/etc/init.d/nginx reload
查看phpinfo
如果要停止掉php5-fpm 类似,如果要关掉nginx启用apache更简单了
#/etc/init.d/nginx stop
#/etc/init.d/apache2 restart
7: 如果需要配置多个不同的项目,可以在/etc/nginx/nginx.conf 里面的
include /etc/nginx/sites-enabled/*; 这里改成其他的子配置文件,到时根据需求方便切换。然后/etc/init.d/nginx reload 就可以了
8: 如果想要apache和nginx都同时可以工作, 这里我们让nginx走80端口, apache走8080, 修改/etc/apache/ports.conf文件, 改80为8080, 同理还要修改/etc/apache/site-available/里面的虚拟主机的端口为8080
NameVirtualHost *:8080
Listen 8080
重启apache即可通过xxx.xxx.xxx.xxx:8080来访问了
9: 如果nginx 和php5-fpm 搭配的时候访问php页面报502, 检查/etc/php5/fpm/pool.d/www.conf 里面的配置,
比如, 因为我的www目录授权是给的tom, 所以这里要修改. 保存后重启fpm和nginx即可.
listen.owner = tom
listen.group = tom
listen = /var/run/php5-fpm.sock;
listen.allowed_clients = 127.0.0.1
10: 如果要关掉nginx和php的版本号显示, 防止别人来嗅探对应的版本的漏洞.
nginx在http那段, 把 server_tokens off; 开启
并且把对应的/etc/nginx/fastcgi_params 删除掉$nginx_version
fastcgi_param SERVER_SOFTWARE nginx;
然后去关掉所有的php的版本, 找到php.ini(cgi的,fpm的,cli的,apache的 一共有四份不同的php.ini对应不同的)
把下面的on关闭为off 重启对应的fpm/cgi/apache 和nginx服务器就可以了.
expose_php = Off
curl --head http://127.0.0.1/info.php
会看不到nginx和php的版本信息了.