Nginx virtual host protection webshell perfect Edition

This article is original by DoDo. For more information, see the source: RainyFox.

Let's take a look at nginx. conf.

Server
{
Listen 80;
Server_nameWww.a.com;
Index index.html index.htm index. php;
Root/data/htdocs/www.a.com /;

# Limit_conn crawler 20;

Location ~ . *. (Php | php5 )? $
{
# Fastcgi_pass unix:/tmp/php-cgi.sock;
Fastcgi_pass 127.0.0.1: 9000;
Fastcgi_index index. php;
Fcinclude gi. conf;
}

}

Server
{
Listen 80;
Server_nameWww. B .com;
Index index.html index.htm index. php;
Root/data/htdocs/www. B .com /;

# Limit_conn crawler 20;

Location ~ . *. (Php | php5 )? $
{
# Fastcgi_pass unix:/tmp/php-cgi.sock;
Fastcgi_pass 127.0.0.1: 9000;
Fastcgi_index index. php;
Fcinclude gi. conf;
}

}

After nginx receives the access request on port 80, it will forward the request to php-cgi on port 9000 for processing.

If you modify open_basedir =.../in php. ini, for two different websites, www.a.com,Www. B .comWill send the request to 9000 for processing, and if you accessWww.a.comThen.../will become the root directory address of website A. If you accessWww. B .comTherefore, open_basedir is still the root directory of website A, but for website B, access is not allowed. Therefore, no input files will appear after the second site is opened, so what are the solutions?

We can send different virtual hosts to different php-cgi ports for processing. Of course, the open_basedir in the php-fpm configuration file in the response is also different .. Let's see how to configure it ..

First, configure nginx. conf as follows:

Server
{
Listen 80;
Server_nameWww.a.com;
Index index.html index.htm index. php;
Root/data/htdocs/www.a.com /;

# Limit_conn crawler 20;

Location ~ . *. (Php | php5 )? $
{
# Fastcgi_pass unix:/tmp/php-cgi.sock;
Fastcgi_pass 127.0.0.1: 9000;
Fastcgi_index index. php;
Fcinclude gi. conf;
}

}

Server
{
Listen 80;
Server_nameWww. B .com;
Index index.html index.htm index. php;
Root/data/htdocs/www. B .com /;

# Limit_conn crawler 20;

Location ~ . *. (Php | php5 )? $
{
# Fastcgi_pass unix:/tmp/php-cgi.sock;
Fastcgi_pass 127.0.0.1: 9001;
Fastcgi_index index. php;
Fcinclude gi. conf;
}

}

Note: requests sent from www.a.com are sent to port 9000,Www. B .comRequests sent to port 9001, and so on

Nginx configuration modified, relative, php-fpm.conf also need to modify

Create a conf file for each site

 

Site

# Cp/usr/local/webserver/php/etc/php-fpm.conf/usr/local/webserver/php/etc/www.a.com. conf

# Vi/usr/local/webserver/php/etc/www.a.com. conf

Find php_defines and add

<Value name = "open_basedir">/data/htdocs/www.a.com:/tmp:/var/tmp </value>

 

 

 

Site B

# Cp/usr/local/webserver/php/etc/php-fpm.conf/usr/local/webserver/php/etc/www. B .com. conf

# Vi/usr/local/webserver/php/etc/www. B .com. conf

Find php_defines and add

<Value name = "open_basedir">/data/htdocs/www. B .com:/tmp:/var/tmp </value>

 

 

Locate listen_address and change it

<Value name = "listen_address"> 127.0.0.1:9001</Value>Note the port number here

 

 

Finally, modify the php-fpm STARTUP script.

# Vi/usr/local/