vhost php-fpm,Nginx多站点虚拟主机实现单独启动停止php-fpm、单独控制权限设置

说明：

站点1：bbs.osyunwei.com 程序所在目录/data/osyunwei/bbs

站点2：sns.osyunwei.com 程序所在目录/data/osyunwei/sns

系统运维 温馨提醒：qihang01原创内容版权所有,转载请注明出处及原文链接

相关配置文件目录：

nginx主配置文件：/usr/local/nginx/conf/nginx.conf

php安装目录：/usr/local/php5/

站点1虚拟主机配置配置文件：/usr/local/nginx/conf/vhost/bbs.conf

站点2虚拟主机配置配置文件：/usr/local/nginx/conf/vhost/sns.conf

实现目的：

1、可以对站点1和站点2单独启动、停止php-fpm

2、站点1和站点2的php运行权限相互隔离，不能跨目录浏览，即站点1内的php木马不能访问站点2中的内容，

同理，站2内的php木马不能访问站点1中的内容。

实现方法：

一、为每个站点创建php-fpm.pid文件

cd /usr/local/php5/var/run

touch php-fpm-bbs.pid

touch php-fpm-sns.pid

二、为每个站点创建php-fpm.conf文件

cd /usr/local/php5/etc/

cp php-fpm.conf php-fpm-bbs.conf

cp php-fpm.conf php-fpm-sns.conf

三、为每个站点建立php-cgi.sock文件

touch /tmp/php-cgi-bbs.sock #建立php-cgi.sock文件

chown www.www /tmp/php-cgi-bbs.sock #设置文件所有者为www(必须与nginx的用户一致)

touch /tmp/php-cgi-sns.sock

chown www.www /tmp/php-cgi-sns.sock

四、编辑相关文件

vi /usr/local/php5/etc/php-fpm-bbs.conf

pid = run/php-fpm-bbs.pid

listen =/tmp/php-cgi-bbs.sock;

vi /usr/local/php5/etc/php-fpm-sns.conf

pid = run/php-fpm-sns.pid

listen =/tmp/php-cgi-sns.sock;

vi /etc/rc.d/init.d/php-fpm

vhost=$2

php_fpm_CONF=${prefix}/etc/php-fpm-$vhost.conf

php_fpm_PID=${prefix}/var/run/php-fpm-$vhost.pid

php_opts="-d open_basedir=/data/osyunwei/$vhost/:/tmp/ --fpm-config $php_fpm_CONF"

vi /usr/local/nginx/conf/vhost/bbs.conf

fastcgi_pass unix:/tmp/php-cgi-bbs.sock;

vi /usr/local/nginx/conf/vhost/sns.conf

fastcgi_pass unix:/tmp/php-cgi-sns.sock;

cd /home

vi start.sh #编辑开机启动脚本

#!/bin/bash

auto=$1

/bin/bash /etc/rc.d/init.d/php-fpm $auto bbs

/bin/bash /etc/rc.d/init.d/php-fpm $auto sns

chmod +x start.sh #添加脚本执行权限

vi /etc/rc.local #编辑开机启动文件

sh /home/start.sh start #加入开机启动

service nginx start

/etc/rc.d/init.d/php-fpm start bbs #单独启动站点bbs.osyunwei.com

/etc/rc.d/init.d/php-fpm start sns

系统运维 温馨提醒：qihang01原创内容版权所有,转载请注明出处及原文链接

/etc/rc.d/init.d/php-fpm stop bbs #单独停止站点sns.osyunwei.com

/etc/rc.d/init.d/php-fpm stop sns

五、相关配置文件内容

/usr/local/nginx/conf/nginx.conf

user www www;

worker_processes 2;

#error_log logs/error.log;

#error_log logs/error.log notice;

#error_log logs/error.log info;

#pid logs/nginx.pid;

events {

use epoll;

worker_connections 65535;

}

http {

include mime.types;

default_type application/octet-stream;

#log_format main '$remote_addr - $remote_user [$time_local] "$request" '

# '$status $body_bytes_sent "$http_referer" '

# '"$http_user_agent" "$http_x_forwarded_for"';

#access_log logs/access.log main;

server_names_hash_bucket_size 128;

client_header_buffer_size 32k;

large_client_header_buffers 4 32k;

client_max_body_size 300m;

sendfile on;

tcp_nopush on;

fastcgi_connect_timeout 300;

fastcgi_send_timeout 300;

fastcgi_read_timeout 300;

fastcgi_buffer_size 64k;

fastcgi_buffers 4 64k;

fastcgi_busy_buffers_size 128k;

fastcgi_temp_file_write_size 128k;

#keepalive_timeout 0;

keepalive_timeout 60;

tcp_nodelay on;

server_tokens off;

gzip on;

gzip_min_length 1k;

gzip_buffers 4 16k;

gzip_http_version 1.1;

gzip_comp_level 2;

gzip_types text/plain application/x-javascript text/css application/xml;

gzip_vary on;

server

{

listen 80 default;

server_name _;

location / {

root html;

return 404;

}

location ~ /.ht {

deny all;

}

}

server

{

listen 80;

#server_name localhost;

index index.php default.php index.html index.htm default.html default.htm ;

location /status {

stub_status on;

access_log off;

}

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$

{

expires 30d;

}

location ~ .*\.(js|css)?$

{

expires 12h;

}

access_log off;

}

include vhost/*.conf;

}

vi /usr/local/nginx/conf/vhost/bbs.conf

server

{

listen 80;

server_name bbs.osyunwei.com;

index index.php index.html index.htm default.html default.htm default.php;

root /data/osyunwei/bbs;

location ~ .*\.(php|php5)?$

{

fastcgi_pass unix:/tmp/php-cgi-bbs.sock;

fastcgi_index index.php;

include fcgi.conf;

}

location /status {

stub_status on;

access_log off;

}

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$

{

expires 30d;

}

location ~ .*\.(js|css)?$

{

expires 12h;

}

access_log off;

}

vi /usr/local/nginx/conf/vhost/sns.conf

server

{

listen 80;

server_name sns.osyunwei.com;

index index.php index.html index.htm default.html default.htm default.php;

root /data/osyunwei/sns;

location ~ .*\.(php|php5)?$

{

fastcgi_pass unix:/tmp/php-cgi-sns.sock;

fastcgi_index index.php;

include fcgi.conf;

}

location /status {

stub_status on;

access_log off;

}

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$

{

expires 30d;

}

location ~ .*\.(js|css)?$

{

expires 12h;

}

access_log off;

}

vi /usr/local/nginx/conf/fcgi.conf

fastcgi_param GATEWAY_INTERFACE CGI/1.1;

fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;

fastcgi_param QUERY_STRING $query_string;

fastcgi_param REQUEST_METHOD $request_method;

fastcgi_param CONTENT_TYPE $content_type;

fastcgi_param CONTENT_LENGTH $content_length;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

fastcgi_param SCRIPT_NAME $fastcgi_script_name;

fastcgi_param REQUEST_URI $request_uri;

fastcgi_param DOCUMENT_URI $document_uri;

fastcgi_param DOCUMENT_ROOT $document_root;

fastcgi_param SERVER_PROTOCOL $server_protocol;

fastcgi_param REMOTE_ADDR $remote_addr;

fastcgi_param REMOTE_PORT $remote_port;

fastcgi_param SERVER_ADDR $server_addr;

fastcgi_param SERVER_PORT $server_port;

fastcgi_param SERVER_NAME $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect

fastcgi_param REDIRECT_STATUS 200;