Lnmp_nginx and PHP configuration

I. nginx.conf
Vim/usr/local/nginx/conf/nginx.conf//clear The original configuration, add the Following:

User Nobody nobody;
Worker_processes 2;
Error_log/usr/local/nginx/logs/nginx_error.log crit;
pid/usr/local/nginx/logs/nginx.pid;
Worker_rlimit_nofile 51200;
Events
{
Use epoll;
Worker_connections 6000;
}
http
{
Include mime.types;
Default_type application/octet-stream;
Server_names_hash_bucket_size 3526;
Server_names_hash_max_size 4096;
Log_format combined_realip ' $remote _addr $http _x_forwarded_for [$time _local] '
' $host ' $request _uri "$status"
' "$http _referer" "$http _user_agent";
Sendfile on;
Tcp_nopush on;
Keepalive_timeout 30;
Client_header_timeout 3m;
Client_body_timeout 3m;
Send_timeout 3m;
Connection_pool_size 256;
Client_header_buffer_size 1k;
Large_client_header_buffers 8 4k;
Request_pool_size 4k;
Output_buffers 4 32k;
Postpone_output 1460;
Client_max_body_size 10m;
Client_body_buffer_size 256k;
client_body_temp_path/usr/local/nginx/client_body_temp;
proxy_temp_path/usr/local/nginx/proxy_temp;
fastcgi_temp_path/usr/local/nginx/fastcgi_temp;
Fastcgi_intercept_errors on;
Tcp_nodelay on;
Gzip on;
Gzip_min_length 1k;
Gzip_buffers 4 8k;
Gzip_comp_level 5;
Gzip_http_version 1.1;
Gzip_types text/plain application/x-javascript text/css text/htm application/xml;
Server
{
Listen 80;
server_name localhost;
Index index.html index.htm index.php;
root/usr/local/nginx/html;
Location ~ \.php$ {
Include fastcgi_params;
Fastcgi_pass unix:/tmp/php-fcgi.sock;
Fastcgi_index index.php;
Fastcgi_param script_filename/usr/local/nginx/html$fastcgi_script_name;
}
}
}

two . php-fpm.conf
Vim/usr/local/php/etc/php-fpm.conf//clear the previous content and write to the following configuration:

[global]
PID =/usr/local/php/var/run/php-fpm.pid
Error_log =/usr/local/php/var/log/php-fpm.log
[www]
Listen =/tmp/php-fcgi.sock
user = PHP-FPM
Group = PHP-FPM
Listen.owner = Nobody//and The following nginx is consistent
Listen.group = Nobody//ibid.
PM = dynamic
Pm.max_children = 50
Pm.start_servers = 20
Pm.min_spare_servers = 5
Pm.max_spare_servers = 35
Pm.max_requests = 500
Rlimit_files = 1024

Configure multiple pool
[global]
...
...
[domain1.com]
...
...
...
[domain2.com]
...
...
...
Slow execution Log
Slowlog =/path/to/slow.log
Request_slowlog_timeout = 1

Open_basedir
php_admin_value[open_basedir]=/data/www/:/tmp/
dynamic, static Child processesPM = static/dynamic
If you selectstatic, the number of fixed child processes is specified by Pm.max_children.
If you selectdynamic, It is determined by the following parameters:
pm.max_children, maximum number of child processes
pm.start_servers, number of processes at startup
pm.min_spare_servers, the minimum number of idle processes is guaranteed, and if the idle process is less than this value, a new child process is created
pm.max_spare_servers, the maximum number of idle processes is guaranteed, and if the idle process is greater than this value, the cleanup
for dedicated servers,PM can be set to Static.

three. Nginx Advanced Configuration
1. Configure a second virtual host
can be inNginx.conf Plus Line
Include vhosts/*.conf;
in this way, we canThe virtual host configuration file is created under The/usr/local/nginx/conf/vhosts directory. Mkdir/usr/local/nginx/conf/vhosts
cd!$
Vim 111.conf//join
Server
{
Listen 80;
server_name 111.com;
Index index.html index.htm index.php;
root/data/www2;
Location ~ \.php$ {
Include fastcgi_params;
Fastcgi_pass unix:/tmp/php-fcgi.sock;
Fastcgi_index index.php;
Fastcgi_param script_filename/data/www2$fastcgi_script_name;
}
}
2. Verifying the default virtual host
Listen default_server;
3. User authentication
First you need to installapache, You can install with yum install httpd
generate a password file, create a user
HTPASSWD-C/USR/LOCAL/NGINX/CONF/HTPASSWD Test//add Test user, The first time you add The-c parameter, the second time add does not need the-c parameter
in theNginx configuration file is added
location/{
root/data/www/wwwroot/count;
Auth_basic "auth";
auth_basic_user_file/usr/local/nginx/conf/htpasswd;
}
4. Domain Redirection
server_name allen.comwww.Allen. com;

If ($host! = ' www.allen.com ') {
Rewrite ^/(. *) $http://www.Allen. com/$ permanent;
}
5. log-related
Log cutting:
to Write a script:
Vim/usr/local/sbin/logrotate.sh//join

#! /bin/bash
Datedir= ' Date +%y%m%d '
/bin/mkdir/home/logs/$datedir >/dev/null 2>&1
/bin/mv/home/logs/*.log/home/logs/$datedir
/bin/kill-hup ' Cat/var/run/nginx.pid '

Log Format
Log_format Main ' $remote _addr-$remote _user [$time _local] $request '
"$status" $body _bytes_sent "$http _referer"
' "$http _user_agent" "$http _x_forwarded_for";
Log_format main1 ' $proxy _add_x_forwarded_for-$remote _user [$time _local] '
"$request" $status $body _bytes_sent '
' "$http _referer" "$http _user_agent"; This log format is that IP not only records the proxy IP but also records the remote client real Ip.
error LogError_log Log Level
The error_log level is divided into debug, info, notice, warn, error, crit default to crit, which defines the format behind the log name as Follows:
Error_log/your/path/error.log crit;
Crit logs are minimal, and debug logs are logged the Most. If your nginx encounters some problems, such as 502 more frequent, but see the default error_log does not see meaningful information, then you can adjust the level of the error log, when you tune to the error level, the content of errors logging will be richer.
6. Static files do not log, configure cache
Location ~. *\. (gif|jpg|jpeg|png|bmp|swf) $
{
Expires 30d;
Access_log off;
}

Location ~. *\. (js|css) $
{
Expires 12h;
Access_log off;
}
7. Anti-Theft Chain
in theAdd the following code in the server section of nginx.conf
Location ~* ^.+\. (gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls) $ {
Valid_referers None blocked Server_names *.taobao.com *.baidu.com *.google.com *.google.cn *.soso.com; The sites for these domain names are not hotlinking.
If ($invalid _referer) {
# return 403;
Rewrite ^/http://www.example.com/nophoto.gif;
}
}
Note: If the previous configuration has been addedLocation ~. *\. (gif|jpg|jpeg|png|bmp|swf) $
{
Expires 30d;
Access_log off;
}
then it will be repeated with this part, when the above is in effect, so we need to put the two together. As Follows:
Location ~* ^.+\. (gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls) $
{
Expires 30d;
Valid_referers None blocked Server_names *.taobao.com *.baidu.com *.google.com *.google.cn *.soso.com; The sites for these domain names are not hotlinking.
If ($invalid _referer) {
# return 403;
Rewrite ^/http://www.example.com/nophoto.gif;
}
Access_log off;
}
8. Access Control
Limit only oneIP Access
Allow 219.232.244.234;
Deny all;

prohibit aIP or IP segment Access Site Setup method
first set up the following configuration file on theNginx's conf directory below, named Deny.ip
Cat Deny.ip
Deny 192.168.1.11;
Deny 192.168.1.123;
Deny 10.0.1.0/24;

in theNginx configuration file nginx.conf add:
Include deny.ip;

rebootNginx Service:/usr/local/nginx/sbin/nginx Reload can take Effect.
You can also use Deny all in the Deny.ip format;
if you want to implement such an application, except for a fewip, all other rejects,
that requires you toThis is written in Deny.ip.
Allow 1.1.1.1;
Allow 1.1.1.2;
Deny all;

sometimes it's limited by the Directory.PHP parsing:
Location ~. * (diy|template|attachments|forumdata|attachment|image)/.*\.php$
{
Deny all;
}
UseUser_agent Controlling Client Access
location/
{
If ($http _user_agent ~ ' bingbot/2.0| mj12bot/v1.4.2| spider/3.0| Youdaobot| tomato| gecko/20100315 ') {
Return 403;
}
}
9. Nginx Agent
server {
Listen 80;
server_name aaa.com;

location/{
Proxy_passhttp://2.2.2.2/;
Proxy_set_header Host $host;
Proxy_set_header X-real-ip $remote _addr;
Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;
}
# Access_log/home/logs/aaa_access.log combined;
}
if the Back-end machine has more than one
Upstream BBB
{
Server 1.2.3.1:80;
Server 1.2.3.4:80;
}
server {
Listen 80;
server_name bbb.com;

location/{
Proxy_pass http://bbb/;
Proxy_set_header Host $host;
Proxy_set_header X-real-ip $remote _addr;
Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;
}
# Access_log/home/logs/bb_access.log combined;
}

proxy all domain names on a server
First inVhosts directory needs to build two files, one is servername list file, One is a virtual host configuration file
the contents of two files were
(1) servername
server_namewww.123.net.cnwww.alsdjfl.comwww.asdfa1.com; It's a simple line, and of course this server_name can continue to add

(2) Virtual Host configuration file
server {
Listen 80;
Include vhosts/servername; The file here is the top servername list File.
location/{
Proxy_passhttp://1.2.1.2/;This is the server IP address that needs to be the Proxy.
Proxy_set_header Host $host;
Proxy_set_header X-real-ip $remote _addr;
Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;
}
access_log/dev/null;
}

Lnmp_nginx and PHP configuration