數位天堂

Nokia:科技始終來自於人性; 拜耳:如果文明不能使我們更相愛,那科技便失去意義!
歡迎您的加入,讓我們一起討論科技與環保的結合應用...

您尚未登入。

站內搜尋

#1 2010-12-29 16:16:59

malsvent
新生
註冊日期: 2009-01-23
文章數: 40
目前積分 :   

nginx + php

ipkg.sh update
ipkg.sh install ipkg-opt
ipkg update
ipkg install libuclibc++ php-fcgi spawn-fcgi nginx

spawn-fcgi啟動檔可以參照
http://blog.new-studio.org/2010/03/oleg … -fast.html
下面的S80php-fcgi

編輯/opt/etc/nginx/nginx.conf
user nobody取消註解
sendfile註解掉
gzip on取消註解
/scripts$fastcgi_script_name 改成 $document_root$fastcgi_script_name
127.0.0.1:9000 改成 unix:/opt/tmp/php-fcgi.sock


註1: sock的位置要跟spawn-fcgi啟動檔中寫的位置一樣

註2: ipkg無法正常處理nginx包装一定要用ipkg-opt



最後修改: malsvent (2010-12-31 17:13:17)


離線

 

#2 2012-10-21 15:50:47

duckfly
新生
註冊日期: 2012-10-20
文章數: 5
目前積分 :   

Re: nginx + php

昨天架好了Nginx + PHP 5(FastCGI) 的環境,把作法分享出來。

環境:
TOMATO by shibby K26/build5x-101

前置工作:
optware安裝在/opt下
port 80 確定沒有服務 (ap管理介面請避開 port 80)

開始安裝nginx及php等套件
(額外安裝了sqlite php-mysql php-gd php-curl  php-mbstring,請自行刪減)

#php5核心已內置PHP-FPM來管理多process,所以無需再安裝spawn-fcgi ipkg update ipkg install libuclibc++ php-fcgi nginx sqlite php-mysql php-gd php-curl php-mbstring #下載busybox-mipsel (比起ipkg的busybox,功能較完整也較沒bug) cd /opt/bin wget http://busybox.net/downloads/binaries/latest/busybox-mipsel chmod +x busybox-mipsel


新增 /opt/etc/init.d/S80php-fcgi

#!/bin/sh #本來是127.0.0.1:9000, 此處改以socket方式溝通 BIND=/tmp/php-fcgi.sock #身份為nobody USER=nobody #產生的php-fcgi process數目,此處為1 PHP_FCGI_CHILDREN=1 PHP_FCGI_MAX_REQUESTS=1000 PATH=/opt/bin:/opt/sbin:/sbin:/bin:/usr/sbin:/usr/bin PHP_CGI=/opt/bin/php-fcgi PHP_CGI_NAME=`basename $PHP_CGI` PHP_CGI_ARGS="- USER=$USER PATH=$PATH PHP_FCGI_CHILDREN=$PHP_FCGI_CHILDREN PHP_FCGI_MAX_REQUESTS=$PHP_FCGI_MAX_REQUESTS $PHP_CGI -b $BIND" RETVAL=0 start() { echo -n "Starting PHP FastCGI: " /opt/bin/busybox-mipsel start-stop-daemon --quiet --start --background --chuid "$USER" --exec /usr/bin/env -- $PHP_CGI_ARGS #start-stop-daemon -q -S -b -c "$USER" -x /usr/bin/env -- $PHP_CGI_ARGS RETVAL=$? echo "$PHP_CGI_NAME." } stop() { echo -n "Stopping PHP FastCGI: " killall -q -w -u $USER $PHP_CGI RETVAL=$? echo "$PHP_CGI_NAME." } case "$1" in start) start ;; stop) stop ;; restart) stop start ;; *) echo "Usage: php-fastcgi {start|stop|restart}" exit 1 ;; esac exit $RETVAL


然後

chmod +x /opt/etc/init.d/S80php-fcgi


修改 /opt/etc/nginx/nginx.conf

#以nobody身份執行,若要加group=nobody,可改為 user nobody nobody user nobody; worker_processes 1; #產生log error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; #產生log access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; gzip on; server { #修改port及domain listen 80; server_name www.mydomain.com; #改為utf-8 charset utf-8; #access_log logs/host.access.log main; #加入index.php location / { root html; index index.html index.htm index.php; } #block specified file extension & key word #location ~ (\.db|phpmyadmin) { # return 403; #} #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #以下區塊請照此修改 location ~ \.php$ { root html; location ~ \..*/.*\.php$ {return 404;} #fastcgi_pass 127.0.0.1:9000; fastcgi_pass unix:/tmp/php-fcgi.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443; # server_name localhost; # ssl on; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_timeout 5m; # ssl_protocols SSLv2 SSLv3 TLSv1; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} }


修改 /opt/share/nginx 資料夾權限

mkdir -p /opt/share/nginx/logs chown -R nobody /opt/share/nginx


firewall script 加入此行

iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT


shutdown script 前面加入

/opt/etc/init.d/S80nginx stop /opt/etc/init.d/S80php-fcgi stop /opt/etc/init.d/S70mysqld stop


修改/opt/etc/php.ini,約第560行開始,加入sqlite模組

... extension=sqlite.so extension=pdo_sqlite.so extension=pdo.so ...


修改 /opt/share/mysql/mysql.server (有安裝php-mysql會順便安裝mysql server)

... #修改pid_file= pid_file=$datadir/lib/mysql/mysqld.pid ..


服務重啟 :

/opt/etc/init.d/S70mysqld restart /opt/etc/init.d/S80php-fcgi restart /opt/etc/init.d/S80nginx restart


記得改一下mysql的root密碼

mysqladmin -u root password 'new-password' #重改mysql密碼(需輸入原來密碼) mysqladmin -u root -p password 'new2-password'


在網站根目錄:/opt/share/nginx/html 寫個phpinfo跑跑看:

echo '' >> /opt/share/nginx/html/test.php


看看 http://yourdomain.com/test.php 是否有成功執行php

完成!gathering

Nginx相較於Lighttpd,處理速度更快、更穩定,且不易crash,bug及消耗的資源更少,
很適合在小AP上跑,用過就會讓人愛不釋手 yes


最後修改: duckfly (2012-10-22 13:57:59)


離線

 

#3 2016-02-21 19:38:59

a00403a
新生
註冊日期: 2011-07-04
文章數: 17
目前積分 :   

Re: nginx + php

補充個nginx跑phpmyadmin的方法:

安裝phpmyadmin

ipkg install phpmyadmin


建立目錄

mkdir -p /opt/etc/nginx/sites-available mkdir -p /opt/etc/nginx/sites-enabled


新增vhost檔案

vim /opt/etc/nginx/sites-available/www.example.com.vhost


server { listen 80; server_name www.example.com; root /opt/share/www; if ($http_host != "www.example.com") { rewrite ^ http://www.example.com$request_uri permanent; } index index.php index.html index.htm; location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } # Make sure files with the following extensions do not get loaded by nginx because nginx would display the source code, and these files can contain PASSWORDS! location ~* \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_ { deny all; } # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). location ~ /\. { deny all; access_log off; log_not_found off; } location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ { expires max; log_not_found off; } location ~ \.php$ { try_files $uri =404; include /opt/etc/nginx/fastcgi_params; #fastcgi_pass 127.0.0.1:9000; fastcgi_pass unix:/tmp/php-fcgi.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } location /phpmyadmin { root /opt/share/www; index index.php index.html index.htm; location ~ ^/phpmyadmin/(.+\.php)$ { try_files $uri =404; root /opt/share/www; #fastcgi_pass 127.0.0.1:9000; fastcgi_pass unix:/tmp/php-fcgi.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include /opt/etc/nginx/fastcgi_params; } location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { root /opt/share/www; } } location /phpMyAdmin { rewrite ^/* /phpmyadmin last; } }


建立vhost捷徑

ln -s /opt/etc/nginx/sites-available/www.example.com.vhost /opt/etc/nginx/sites-enabled/


重啟服務

/opt/etc/init.d/S80nginx restart


供大家參考,如有什麼漏洞還請各位大大指正。

最後修改: a00403a (2016-02-21 20:13:19)


離線

 

#4 2016-02-21 20:07:17

a00403a
新生
註冊日期: 2011-07-04
文章數: 17
目前積分 :   

Re: nginx + php

phpmyadmin中如出現:必須在設定檔內設定 $cfg['PmaAbsoluteUri'] !

編輯

vim /opt/share/www/phpmyadmin/config.inc.php


#解決紅字問題 #不加斜線 $cfg['PmaAbsoluteUri'] = 'http://www.example.com/phpmyadmin';


登入畫面想要漂亮一點則

$cfg['blowfish_secret'] = '隨便輸入什麼';


登入我選擇使用cookie

$cfg['Servers'][$i]['auth_type'] = 'cookie';


要使用自動登入則

$cfg['Servers'][$i]['auth_type'] = 'config'; $cfg['Servers'][$i]['user'] = '帳號'; $cfg['Servers'][$i]['password'] = '密碼';


最後修改: a00403a (2016-02-28 14:06:44)


離線

 

#5 2016-02-21 20:35:16

a00403a
新生
註冊日期: 2011-07-04
文章數: 17
目前積分 :   

Re: nginx + php

nginx無法顯示圖片解決方法
修改

vim /opt/etc/nginx/nginx.conf


server { ... location ~* ^.+.(jpg|jpeg|gif|png|bmp)$ { #root /opt/share/www; expires max; #break; } ... }


重啟服務

/opt/etc/init.d/S80nginx restart




最後修改: a00403a (2016-02-28 16:03:51)


離線

 

#6 2016-02-28 16:12:31

a00403a
新生
註冊日期: 2011-07-04
文章數: 17
目前積分 :   

Re: nginx + php

啟用SSL加密

安裝openssl

ipkg install openssl


做一個憑證出來吧

/opt/bin/openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /opt/etc/nginx/ssl/nginx.key -out /opt/etc/nginx/ssl/nginx.crt


req:使用 X.509 Certificate Signing Request(CSR) Management 產生憑證。
-x509:建立自行簽署的憑證。
-nodes:不要使用密碼保護,因為這個憑證是 NGINX 伺服器要使用的,如果設定密碼的話,會讓伺服器每次在啟動時書需要輸入密碼。
-days 365:設定憑證的使用期限,單位是天,如果不想時常重新產生憑證,可以設長一點。
-newkey rsa:2048:同時產生新的 RSA 2048 位元的金鑰。
-keyout:設定金鑰儲存的位置。
-out:設定憑證儲存的位置。

Country Name (2 letter code) [AU]:1
State or Province Name (full name) [Some-State]:2
Locality Name (eg, city) []:3
Organization Name (eg, company) [Internet Widgits Pty Ltd]:4
Organizational Unit Name (eg, section) []:5
Common Name (e.g. server FQDN or YOUR name) []:6
Email Address []:7

1.國家代碼,台灣就填 TW。
2.州或省,台灣就填 Taiwan。
3.城市,例如台北就填 Taipei。
4.公司名稱。
5.部門名稱。
6.伺服器的 FQDN,這個一定要填寫正確,如果沒有申請網域名稱的話,也可以用 IP 位址替代。
7.E-mail 信箱。

修改nginx.conf

vim /opt/etc/nginx/nginx.conf


server { ... listen 443 ssl; # 重點是下述三行 ssl on; ssl_certificate /opt/etc/nginx/ssl/nginx.crt; ssl_certificate_key /opt/etc/nginx/ssl/nginx.key; # 以下可以省略,但是還是建議加上 ssl_session_timeout 5m; ssl_session_cache shared:SSL:5m; #ssl_protocols SSLv3 TLSv1; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA; ssl_prefer_server_ciphers on; ... } http { ... ## Detect when HTTPS is used map $scheme $fastcgi_https { default off; https on; } ## # Virtual Host Configs ## include /opt/etc/nginx/conf.d/*.conf; include /opt/etc/nginx/sites-enabled/*; ... }


修改www.example.com.vhost
這裡一併加入了phpmyadmin使用SSL的設定

vim /opt/etc/nginx/sites-available/www.example.com.vhost


server { ... listen 443 ssl; # 重點是下述三行 ssl on; ssl_certificate /opt/etc/nginx/ssl/nginx.crt; ssl_certificate_key /opt/etc/nginx/ssl/nginx.key; # 以下可以省略,但是還是建議加上 ssl_session_timeout 5m; ssl_session_cache shared:SSL:5m; #ssl_protocols SSLv3 TLSv1; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA; ssl_prefer_server_ciphers on; ... } server { ... location /phpmyadmin { root /opt/share/www; index index.php index.html index.htm; location ~ ^/phpmyadmin/(.+\.php)$ { try_files $uri =404; root /opt/share/www; #fastcgi_pass 127.0.0.1:9000; fastcgi_pass unix:/tmp/php-fcgi.sock; fastcgi_param HTTPS $fastcgi_https; ########## 加入這行 ########## fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include /etc/nginx/fastcgi_params; } location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { root /opt/share/www; } } location /phpMyAdmin { rewrite ^/* /phpmyadmin last; } ... }


config.inc.php記得改,才能強制重新導向https

vim /opt/share/www/phpmyadmin/config.inc.php


$cfg['PmaAbsoluteUri'] = 'https://www.example.com/phpmyadmin';


亮相一下
http://i.imgur.com/bSlKtBl.jpg

最後修改: a00403a (2016-02-28 16:57:27)


離線

 

#7 2016-02-29 22:27:18

a00403a
新生
註冊日期: 2011-07-04
文章數: 17
目前積分 :   

Re: nginx + php

幫2樓修改個小地方

vim /opt/share/mysql/mysql.server


#180行 #原2樓的方法為 pid_file=$datadir/lib/mysql/mysqld.pid #改成 pid_file=$datadir/mysqld.pid #/lib/mysql會自動帶上


方可解決/opt/share/mysql/mysql.server: line 186: /bin/hostname: not found
(捷徑則會顯示)/opt/etc/init.d/S70mysqld: line 186: /bin/hostname: not found

最後修改: a00403a (2016-03-07 19:52:18)


離線

 

相關討論主題

主題 回覆 點閱 最後發表
lighttpd 與 nginx 問題~ 作者 ezo00001
1 4402 2011-06-22 21:55:11 作者 hippo

友情連結

論壇頁尾

Powered by PunBB
© Copyright 2002–2005 Rickard Andersson
RSS Feed