LNMP configuration-nginx, PHP configuration

I. nginx.conf

vim/usr/local/nginx/conf/nginx.conf//Clear the original configuration, add the following:

User nobody nobody;

Worker_processes 2;

Error_log/usr/local/nginx/logs/nginx_error.log Crit;

Pid/usr/local/nginx/logs/nginx.pid;

Worker_rlimit_nofile 51200;

Events

{

Use Epoll;

Worker_connections 6000;

}

http

{

Include Mime.types;

Default_type Application/octet-stream;

Server_names_hash_bucket_size 3526;

Server_names_hash_max_size 4096;

Log_format combined_realip ' $remote _addr $http _x_forwarded_for [$time _local] '

' $host ' $request _uri "$status"

' "$http _referer" "$http _user_agent";

Sendfile on;

Tcp_nopush on;

Keepalive_timeout 30;

Client_header_timeout 3m;

Client_body_timeout 3m;

Send_timeout 3m;

Connection_pool_size 256;

Client_header_buffer_size 1k;

Large_client_header_buffers 8 4k;

Request_pool_size 4k;

Output_buffers 4 32k;

Postpone_output 1460;

Client_max_body_size 10m;

Client_body_buffer_size 256k;

Client_body_temp_path/usr/local/nginx/client_body_temp;

Proxy_temp_path/usr/local/nginx/proxy_temp;

Fastcgi_temp_path/usr/local/nginx/fastcgi_temp;

Fastcgi_intercept_errors on;

Tcp_nodelay on;

gzip on;

Gzip_min_length 1k;

Gzip_buffers 4 8k;

Gzip_comp_level 5;

Gzip_http_version 1.1;

Gzip_types text/plain application/x-javascript text/css text/htm application/xml;

Server

{

Listen 80;

server_name localhost;

Index index.html index.htm index.php;

root/usr/local/nginx/html;

Location ~ \.php$ {

Include Fastcgi_params;

Fastcgi_pass Unix:/tmp/php-fcgi.sock;

Fastcgi_index index.php;

Fastcgi_param Script_filename/usr/local/nginx/html$fastcgi_script_name;

}

}

}

Two. php-fpm.conf

vim/usr/local/php/etc/php-fpm.conf//Clear the previous content and write to the following configuration:

[Global]

PID =/usr/local/php/var/run/php-fpm.pid

Error_log =/usr/local/php/var/log/php-fpm.log

[WWW]

Listen =/tmp/php-fcgi.sock

user = PHP-FPM

Group = PHP-FPM

Listen.owner = nobody//and the following nginx is consistent

Listen.group = nobody//Ibid.

PM = dynamic

Pm.max_children = 50

Pm.start_servers = 20

Pm.min_spare_servers = 5

Pm.max_spare_servers = 35

Pm.max_requests = 500

Rlimit_files = 1024

Multiple pool can be configured again

[Global]

...

...

[Domain1.com]

...

...

...

[Domain2.com]

...

...

...

Slow execution Log

Slowlog =/path/to/slow.log

Request_slowlog_timeout = 1

Open_basedir

php_admin_value[open_basedir]=/data/www/:/tmp/

Dynamic, static sub-process PM = static/dynamic

If Static is selected, the number of fixed child processes is specified by Pm.max_children.

If dynamic is selected, it is determined by the following parameters:

Pm.max_children, maximum number of child processes

Pm.start_servers, number of processes at startup

Pm.min_spare_servers, the minimum number of idle processes is guaranteed, and if the idle process is less than this value, a new child process is created

Pm.max_spare_servers, the maximum number of idle processes is guaranteed, and if the idle process is greater than this value, the cleanup

For a dedicated server, the PM can be set to static.

Three. Nginx Advanced Configuration

1. Configure a second virtual host

You can add a line to the nginx.conf

Include conf/vhosts/*.conf;

This allows us to create a virtual host configuration file under the Conf/vhosts directory.

Vim conf/vhosts/www.conf//Join

Server

{

Listen 80;

server_name abc.com;

Index index.html index.htm index.php;

ROOT/DATA/WWW2;

Location ~ \.php$ {

Include Fastcgi_params;

Fastcgi_pass Unix:/tmp/php-fcgi.sock;

Fastcgi_index index.php;

Fastcgi_param Script_filename/data/www2$fastcgi_script_name;

}

}

2. Verifying the default virtual host

Listen default_server;

3. User authentication

You need to install Apache first, you can install it using yum install httpd

Generate a password file, create a user

Htpasswd-c/USR/LOCAL/NGINX/CONF/.HTPASSWD Test//Add test user, the first time you add the-c parameter, the second time add does not need the-c parameter

Add in nginx config file

Location/{

Auth_basic "Auth";

AUTH_BASIC_USER_FILE/USR/LOCAL/NGINX/CONF/.HTPASSWD;

}

4. Domain Redirection

server_name abc.com www.abc.com;

if ($host! = ' www.abc.com ') {

Rewrite ^/(. *) $ http://www.abc.com/$1 permanent;

}

5. Log-related

Log cutting:

To write a script:

#!/bin/bash

EXEC &>/dev/null

D= ' date-d '-1 day "+%y%m%d"

/bin/mv/root/lnmplogs/12333.com_access_log/root/lnmplogs/$d. 12333.com

/usr/local/nginx/sbin/nginx-s Reload

find/root/lnmplogs/-type f-mtime +30|xargs rm-f

Log format

Log_format Main ' $remote _addr-$remote _user [$time _local] $request '

"$status" $body _bytes_sent "$http _referer"

' "$http _user_agent" "$http _x_forwarded_for";

Log_format main1 ' $proxy _add_x_forwarded_for-$remote _user [$time _local] '

"$request" $status $body _bytes_sent '

' "$http _referer" "$http _user_agent"; This log format is that IP not only records the proxy IP but also records the remote client real IP.

Error log Error_log log level

The error_log level is divided into debug, info, notice, warn, error, crit default to Crit, which defines the format behind the log name as follows:

Error_log/your/path/error.log Crit;

Crit logs are minimal, and debug logs are logged the most. If your nginx encounters some problems, such as 502 more frequent, but see the default error_log does not see meaningful information, then you can adjust the level of the error log, when you tune to the error level, the content of errors logging will be richer.

6. Static files do not log, configure cache

Location ~. *\. (gif|jpg|jpeg|png|bmp|swf) $

{

Expires 30d;

Access_log off;

}

Location ~. *\. (JS|CSS)? $

{

Expires 12h;

Access_log off;

}

7. Anti-theft chain

Add the following code in the server section of nginx.conf

Location ~* ^.+\. (Gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls) $ {

Valid_referers None blocked Server_names *.taobao.com *.baidu.com *.google.com *.google.cn *.soso.com; The sites for these domain names are not hotlinking.

if ($invalid _referer) {

# return 403;

Rewrite ^/http://www.example.com/nophoto.gif;

}

}

Note: If you have added location ~. *\ to the previous configuration. (gif|jpg|jpeg|png|bmp|swf) $

{

Expires 30d;

Access_log off;

}

Then it will be repeated with this part, when the above is in effect, so we need to put the two together. As follows:

Location ~* ^.+\. (Gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls) $

{

Expires 30d;

Valid_referers None blocked Server_names *.taobao.com *.baidu.com *.google.com *.google.cn *.soso.com; The sites for these domain names are not hotlinking.

if ($invalid _referer) {

# return 403;

Rewrite ^/http://www.example.com/nophoto.gif;

}

Access_log off;

}

8. Access control

Restrict access to only one IP

Allow 219.232.244.234;

Deny all;

Prohibit an IP or IP segment from accessing the site's Setup method

First set up the following configuration file under the Nginx conf directory, named Deny.ip

Cat Deny.ip

Deny 192.168.1.11;

Deny 192.168.1.123;

Deny 10.0.1.0/24;

In the Nginx configuration file nginx.conf, add:

Include Deny.ip;

Restart the Nginx service:/usr/local/nginx/sbin/nginx reload can take effect.

You can also use Deny all in the DENY.IP format;

If you want to implement such an application, except for a few IPs, all others reject,

That's what you need to write in Deny.ip.

Allow 1.1.1.1;

Allow 1.1.1.2;

Deny all;

Sometimes the PHP parsing is restricted according to the directory:

Location ~. * (diy|template|attachments|forumdata|attachment|image)/.*\.php$

{

Deny all;

}

Using User_agent to control client access

Location/

{

if ($http _user_agent ~ ' bingbot/2.0| mj12bot/v1.4.2| spider/3.0| Youdaobot| tomato| gecko/20100315 ') {

return 403;

}

}

9. Nginx's rewrite application

Rewrite settings and example http://www.lishiming.net/thread-239-1-1.html

Nginx $document _uri parameters using http://www.lishiming.net/thread-993-1-1.html

Nginx 301 and 302 How to configure the http://www.lishiming.net/thread-4840-1-1.html

Nginx Rewrite does not support if nesting and does not support logical or logical AND http://www.lishiming.net/thread-4842-1-1.html

Nginx Agent

server {

Listen 80;

server_name aaa.com;

Location/{

Proxy_pass http://2.2.2.2/;

Proxy_set_header Host $host;

Proxy_set_header X-real-ip $remote _addr;

Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;

}

# Access_log/home/logs/aaa_access.log combined;

}

If the back-end machine has more than one

Upstream BBB

{

Server 1.2.3.1:80;

Server 1.2.3.4:80;

}

server {

Listen 80;

server_name bbb.com;

Location/{

Proxy_pass http://bbb/;

Proxy_set_header Host $host;

Proxy_set_header X-real-ip $remote _addr;

Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;

}

# Access_log/home/logs/bb_access.log combined;

}

Proxy all domain names on a server

First in the Vhosts directory need to build two files, one is the servername list file, one is a virtual host configuration file

The contents of two files were

(1) ServerName

server_name www.123.net.cn www.alsdjfl.com www.asdfa1.com; It's a simple line, and of course this server_name can continue to add

(2) Virtual host configuration file

server {

Listen 80;

Include Vhosts/servername; The file here is the top servername list file.

Location/{

Proxy_pass http://1.2.1.2/; This is the server IP address that needs to be the proxy.

Proxy_set_header Host $host;

Proxy_set_header X-real-ip $remote _addr;

Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;

}

Access_log/dev/null;

}

LNMP configuration-nginx, PHP configuration