#1 2010-12-29 16:16:59
nginx + php
ipkg.sh update
ipkg.sh install ipkg-opt
ipkg update
ipkg install libuclibc++ php-fcgi spawn-fcgi nginx
spawn-fcgi啟動檔可以參照
http://blog.new-studio.org/2010/03/oleg … -fast.html
下面的S80php-fcgi
編輯/opt/etc/nginx/nginx.conf
user nobody取消註解
sendfile註解掉
gzip on取消註解
/scripts$fastcgi_script_name 改成 $document_root$fastcgi_script_name
127.0.0.1:9000 改成 unix:/opt/tmp/php-fcgi.sock
註1: sock的位置要跟spawn-fcgi啟動檔中寫的位置一樣
註2: ipkg無法正常處理nginx包装一定要用ipkg-opt
最後修改: malsvent (2010-12-31 17:13:17)
離線
#2 2012-10-21 15:50:47
Re: nginx + php
昨天架好了Nginx + PHP 5(FastCGI) 的環境,把作法分享出來。
環境:
TOMATO by shibby K26/build5x-101
前置工作:
optware安裝在/opt下
port 80 確定沒有服務 (ap管理介面請避開 port 80)
開始安裝nginx及php等套件
(額外安裝了sqlite php-mysql php-gd php-curl php-mbstring,請自行刪減)
#php5核心已內置PHP-FPM來管理多process,所以無需再安裝spawn-fcgi
ipkg update
ipkg install libuclibc++ php-fcgi nginx sqlite php-mysql php-gd php-curl php-mbstring
#下載busybox-mipsel (比起ipkg的busybox,功能較完整也較沒bug)
cd /opt/bin
wget http://busybox.net/downloads/binaries/latest/busybox-mipsel
chmod +x busybox-mipsel
新增 /opt/etc/init.d/S80php-fcgi
#!/bin/sh
#本來是127.0.0.1:9000, 此處改以socket方式溝通
BIND=/tmp/php-fcgi.sock
#身份為nobody
USER=nobody
#產生的php-fcgi process數目,此處為1
PHP_FCGI_CHILDREN=1
PHP_FCGI_MAX_REQUESTS=1000
PATH=/opt/bin:/opt/sbin:/sbin:/bin:/usr/sbin:/usr/bin
PHP_CGI=/opt/bin/php-fcgi
PHP_CGI_NAME=`basename $PHP_CGI`
PHP_CGI_ARGS="- USER=$USER PATH=$PATH PHP_FCGI_CHILDREN=$PHP_FCGI_CHILDREN PHP_FCGI_MAX_REQUESTS=$PHP_FCGI_MAX_REQUESTS $PHP_CGI -b $BIND"
RETVAL=0
start() {
echo -n "Starting PHP FastCGI: "
/opt/bin/busybox-mipsel start-stop-daemon --quiet --start --background --chuid "$USER" --exec /usr/bin/env -- $PHP_CGI_ARGS
#start-stop-daemon -q -S -b -c "$USER" -x /usr/bin/env -- $PHP_CGI_ARGS
RETVAL=$?
echo "$PHP_CGI_NAME."
}
stop() {
echo -n "Stopping PHP FastCGI: "
killall -q -w -u $USER $PHP_CGI
RETVAL=$?
echo "$PHP_CGI_NAME."
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
*)
echo "Usage: php-fastcgi {start|stop|restart}"
exit 1
;;
esac
exit $RETVAL
然後
chmod +x /opt/etc/init.d/S80php-fcgi
修改 /opt/etc/nginx/nginx.conf
#以nobody身份執行,若要加group=nobody,可改為 user nobody nobody
user nobody;
worker_processes 1;
#產生log
error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#產生log
access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on;
server {
#修改port及domain
listen 80;
server_name www.mydomain.com;
#改為utf-8
charset utf-8;
#access_log logs/host.access.log main;
#加入index.php
location / {
root html;
index index.html index.htm index.php;
}
#block specified file extension & key word
#location ~ (\.db|phpmyadmin) {
# return 403;
#}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#以下區塊請照此修改
location ~ \.php$ {
root html;
location ~ \..*/.*\.php$ {return 404;}
#fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443;
# server_name localhost;
# ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_timeout 5m;
# ssl_protocols SSLv2 SSLv3 TLSv1;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
修改 /opt/share/nginx 資料夾權限
mkdir -p /opt/share/nginx/logs
chown -R nobody /opt/share/nginx
firewall script 加入此行
iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT
shutdown script 前面加入
/opt/etc/init.d/S80nginx stop
/opt/etc/init.d/S80php-fcgi stop
/opt/etc/init.d/S70mysqld stop
修改/opt/etc/php.ini,約第560行開始,加入sqlite模組
...
extension=sqlite.so
extension=pdo_sqlite.so
extension=pdo.so
...
修改 /opt/share/mysql/mysql.server (有安裝php-mysql會順便安裝mysql server)
...
#修改pid_file=
pid_file=$datadir/lib/mysql/mysqld.pid
..
服務重啟 :
/opt/etc/init.d/S70mysqld restart
/opt/etc/init.d/S80php-fcgi restart
/opt/etc/init.d/S80nginx restart
記得改一下mysql的root密碼
mysqladmin -u root password 'new-password'
#重改mysql密碼(需輸入原來密碼)
mysqladmin -u root -p password 'new2-password'
在網站根目錄:/opt/share/nginx/html 寫個phpinfo跑跑看:
echo ' phpinfo(); ?>' >> /opt/share/nginx/html/test.php
看看 http://yourdomain.com/test.php 是否有成功執行php
完成!
Nginx相較於Lighttpd,處理速度更快、更穩定,且不易crash,bug及消耗的資源更少,
很適合在小AP上跑,用過就會讓人愛不釋手
最後修改: duckfly (2012-10-22 13:57:59)
離線
#3 2016-02-21 19:38:59
Re: nginx + php
虛擬主機(Virtual Host)
以phpmyadmin當範例:
安裝phpmyadmin
ipkg install phpmyadmin
建立目錄
mkdir -p /opt/etc/nginx/sites-available
mkdir -p /opt/etc/nginx/sites-enabled
新增vhost檔案
vim /opt/etc/nginx/sites-available/www.example.com.vhost
server {
listen 80;
server_name www.example.com;
root /opt/share/www;
if ($http_host != "www.example.com") {
rewrite ^ http://www.example.com$request_uri permanent;
}
index index.php index.html index.htm;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make sure files with the following extensions do not get loaded by nginx because nginx would display the source code, and these files can contain PASSWORDS!
location ~* \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_ {
deny all;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ {
expires max;
log_not_found off;
}
location ~ \.php$ {
try_files $uri =404;
include /opt/etc/nginx/fastcgi_params;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location /phpmyadmin {
root /opt/share/www;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
root /opt/share/www;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /opt/etc/nginx/fastcgi_params;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /opt/share/www;
}
}
location /phpMyAdmin {
rewrite ^/* /phpmyadmin last;
}
}
修改/opt/etc/nginx/nginx.conf
http {
...
include /opt/etc/nginx/sites-enabled/www.example.com.vhost;
...
}
建立vhost捷徑
ln -s /opt/etc/nginx/sites-available/www.example.com.vhost /opt/etc/nginx/sites-enabled/
重啟服務
/opt/etc/init.d/S80nginx restart
供大家參考,如有什麼漏洞還請各位大大指正。
最後修改: a00403a (2018-03-25 00:49:51)
離線
#4 2016-02-21 20:07:17
Re: nginx + php
phpmyadmin中如出現:必須在設定檔內設定 $cfg['PmaAbsoluteUri'] !
編輯
vim /opt/share/www/phpmyadmin/config.inc.php
#解決紅字問題
#不加斜線
$cfg['PmaAbsoluteUri'] = 'http://www.example.com/phpmyadmin';
登入畫面想要漂亮一點則
$cfg['blowfish_secret'] = '隨便輸入什麼';
登入我選擇使用cookie
$cfg['Servers'][$i]['auth_type'] = 'cookie';
要使用自動登入則
$cfg['Servers'][$i]['auth_type'] = 'config';
$cfg['Servers'][$i]['user'] = '帳號';
$cfg['Servers'][$i]['password'] = '密碼';
最後修改: a00403a (2016-02-28 14:06:44)
離線
#5 2016-02-21 20:35:16
Re: nginx + php
nginx無法顯示圖片解決方法
修改
vim /opt/etc/nginx/nginx.conf
例如http部份,則在server區段加入
server {
...
location ~* ^.+.(jpg|jpeg|gif|png|bmp)$ {
root /opt/share/www;
expires max;
#break;
}
...
}
重啟服務
/opt/etc/init.d/S80nginx restart
最後修改: a00403a (2018-03-20 21:39:27)
離線
#6 2016-02-28 16:12:31
Re: nginx + php
啟用SSL加密
安裝openssl
ipkg install openssl
做一個憑證出來吧
/opt/bin/openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /opt/etc/nginx/ssl/nginx.key -out /opt/etc/nginx/ssl/nginx.crt
req:使用 X.509 Certificate Signing Request(CSR) Management 產生憑證。
-x509:建立自行簽署的憑證。
-nodes:不要使用密碼保護,因為這個憑證是 NGINX 伺服器要使用的,如果設定密碼的話,會讓伺服器每次在啟動時書需要輸入密碼。
-days 365:設定憑證的使用期限,單位是天,如果不想時常重新產生憑證,可以設長一點。
-newkey rsa:2048:同時產生新的 RSA 2048 位元的金鑰。
-keyout:設定金鑰儲存的位置。
-out:設定憑證儲存的位置。
Country Name (2 letter code) [AU]:1
State or Province Name (full name) [Some-State]:2
Locality Name (eg, city) []:3
Organization Name (eg, company) [Internet Widgits Pty Ltd]:4
Organizational Unit Name (eg, section) []:5
Common Name (e.g. server FQDN or YOUR name) []:6
Email Address []:7
1.國家代碼,台灣就填 TW。
2.州或省,台灣就填 Taiwan。
3.城市,例如台北就填 Taipei。
4.公司名稱。
5.部門名稱。
6.伺服器的 FQDN,這個一定要填寫正確,如果沒有申請網域名稱的話,也可以用 IP 位址替代。
7.E-mail 信箱。
修改nginx.conf
vim /opt/etc/nginx/nginx.conf
server {
...
listen 443 ssl;
# 重點是下述三行
ssl on;
ssl_certificate /opt/etc/nginx/ssl/nginx.crt;
ssl_certificate_key /opt/etc/nginx/ssl/nginx.key;
# 以下可以省略,但是還是建議加上
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:5m;
#ssl_protocols SSLv3 TLSv1;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
ssl_prefer_server_ciphers on;
...
}
http {
...
## Detect when HTTPS is used
map $scheme $fastcgi_https {
default off;
https on;
}
##
# Virtual Host Configs
##
include /opt/etc/nginx/conf.d/*.conf;
include /opt/etc/nginx/sites-enabled/*;
...
}
修改www.example.com.vhost
這裡一併加入了phpmyadmin使用SSL的設定
vim /opt/etc/nginx/sites-available/www.example.com.vhost
server {
...
listen 443 ssl;
# 重點是下述三行
ssl on;
ssl_certificate /opt/etc/nginx/ssl/nginx.crt;
ssl_certificate_key /opt/etc/nginx/ssl/nginx.key;
# 以下可以省略,但是還是建議加上
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:5m;
#ssl_protocols SSLv3 TLSv1;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
ssl_prefer_server_ciphers on;
...
}
server {
...
location /phpmyadmin {
root /opt/share/www;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
root /opt/share/www;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_param HTTPS $fastcgi_https; ########## 加入這行 ##########
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /opt/share/www;
}
}
location /phpMyAdmin {
rewrite ^/* /phpmyadmin last;
}
...
}
config.inc.php記得改,才能強制重新導向https
vim /opt/share/www/phpmyadmin/config.inc.php
$cfg['PmaAbsoluteUri'] = 'https://www.example.com/phpmyadmin';
亮相一下
最後修改: a00403a (2016-02-28 16:57:27)
離線
#7 2016-02-29 22:27:18
Re: nginx + php
幫2樓修改個小地方
vim /opt/share/mysql/mysql.server
#180行
#原2樓的方法為
pid_file=$datadir/lib/mysql/mysqld.pid
#改成
pid_file=$datadir/mysqld.pid
#/lib/mysql會自動帶上
方可解決/opt/share/mysql/mysql.server: line 186: /bin/hostname: not found
(捷徑則會顯示)/opt/etc/init.d/S70mysqld: line 186: /bin/hostname: not found
最後修改: a00403a (2016-03-07 19:52:18)
離線
相關討論主題
主題 | 回覆 | 點閱 | 最後發表 |
---|---|---|---|
lighttpd 與 nginx 問題~ 作者 ezo00001
|
1 | 10435 | 2011-06-22 21:55:11 作者 hippo |