对于RedHat5yum搭建Linux+Nginx+PHP+MYSQL(LNMP),3小时不到轻松搞感兴趣的读者,本文将提供您所需要的所有信息,我们将详细讲解redhatlinuxyum,并且为您提供
对于RedHat5 yum搭建Linux+Nginx+PHP+MYSQL(LNMP),3小时不到轻松搞感兴趣的读者,本文将提供您所需要的所有信息,我们将详细讲解redhat linux yum,并且为您提供关于(LNMP) How To Install Linux, nginx, MySQL, PHP、12.13 Nginx 防盗链 12.14 Nginx 访问控制 12.15 Nginx 解析 php 相关配置 12.16 Nginx 代理、6 月 11 日任务 Nginx 防盗链、Nginx 访问控制、Nginx 解析 php 相关配置、Nginx 代理、6 月 6 日任务 LNMP 架构介绍、MySQL 安装、PHP 安装、 Nginx 介绍的宝贵知识。
本文目录一览:- RedHat5 yum搭建Linux+Nginx+PHP+MYSQL(LNMP),3小时不到轻松搞(redhat linux yum)
- (LNMP) How To Install Linux, nginx, MySQL, PHP
- 12.13 Nginx 防盗链 12.14 Nginx 访问控制 12.15 Nginx 解析 php 相关配置 12.16 Nginx 代理
- 6 月 11 日任务 Nginx 防盗链、Nginx 访问控制、Nginx 解析 php 相关配置、Nginx 代理
- 6 月 6 日任务 LNMP 架构介绍、MySQL 安装、PHP 安装、 Nginx 介绍
RedHat5 yum搭建Linux+Nginx+PHP+MYSQL(LNMP),3小时不到轻松搞(redhat linux yum)
最近要配置Linux服务器,RedHat5版本,如下操作配置,操作下来总共不超过3个小时搞定LNMP环境。Nginx1.2.0PHP5.3.8(fastcgi)Mysql5.5.24eAccelerator(相关版本号是源软件包的最新版本),使用Nginx官方源,Epel扩展库和remi源,remi源基于epel,必须先安装epel源,
最近要配置linux服务器,redhat5版本,如下操作配置,操作下来总共不超过3个小时搞定lnmp环境。nginx1.2.0+php5.3.8(fastcgi)+mysql5.5.24+eaccelerator(相关版本号是源软件包的最新版本),使用nginx官方源,epel扩展库和remi源,remi源基于epel,必须先安装epel源,remi包含php-fpm,mysql-server5.5,如果只需要php-fpm可以单独安装php-fpm后禁用此源.
服务器:
本服务器是x86_64的,因此所有操作都是基于x86_64,不是i386的,请特别注意。shell>>lsb_release -a
配置yum:
解决redhat的This system is not registered with RHN.
立即学习“PHP免费学习笔记(深入)”;
基本思路就是卸载掉redhat原有的yum,安装centos的yum,其中主要使用rpm命令,就是卸载=rpm -qa | grep -i yum | xargs rpm -e --nodeps,下载wget URl,安装=rpm -ivh *.rpm,配置yum,下载yum配置源,拷贝覆盖默认的/etc/yum.repos.d/,运行yum makecache生成缓存。
安装Nginx源:
- 可采用直接下载安装测试
rpm -ivh http://nginx.org/packages/rhel/5/noarch/RPMS/nginx-release-rhel-5-0.el5.ngx.noarch.rpm
- 配置yum源安装,对应修改一下配置内容,利用yum install nginx安装测试。
安装EPEL源:
※ 到rpm网站查找,如果想设定yum, 请参考http://blog.csdn.net/kyn/article/details/4298175
<span>(<span>64位系统</span>) rpm -ivh <span>ftp://ftp.muug.mb.ca/mirror/fedora/epel/5/x86_64/epel-release-5-4.noarch.rpm</span></span>登录后复制
安装REMI源:
※ 同上
<span>rpm -ivh <span>ftp://ftp.pbone.net/mirror/rpms.famillecollet.com/enterprise/5/remi/i386/remi-release-5-8.el5.remi.noarch.rpm</span></span>登录后复制
开启REMI,编辑 /etc/yum.repos.d/remi.repo
<span>vi /etc/yum.repos.d/remi.repo </span>登录后复制<span>修改 enable=1 </span>登录后复制<span>esc </span>登录后复制<span>:wq</span>登录后复制
yum安装:
执行最主要的一步,可有针对性的选择安装项,不过最好是把原来存在的删除掉,全部安装
简略配置:<span></span>yum -y install nginx mysql-server php-fpm php-cli php-pdo php-mysql php-mcrypt php-mbstring php-gd php-tidy php-xml php-xmlrpc php-pear php-pecl-memcache php-eaccelerator登录后复制
1.根据需求配置 nginx配置文件,参考详细配置
vi /etc/nginx/config/default.conf
- location ~ \.php$ {
- #root html;
- fastcgi_pass 127.0.0.1:9000;
- fastcgi_index index.php;
- fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
- include fastcgi_params;
- }
把这些代码给注释开,/var/www/html是你存放php代码的地方;
重启nginx,访问http://localhost/index.php,一切OK。
2.修改/etc/php-fpm.conf 用户组为nginx
找到group选项设置为nginx,user默认为apache也修改为nginx吧
3.修改/var/lib/php/session(使php能保存session),web用户组为nginx
chown -R nginx:nginx /var/lib/php/session(不存在则需要创建)
chown -R nginx:nginx /var/www/(web目录)
chmod -R 775 /var/www/(同组可修改权限,方便配置ftp,ftp应该加入到nginx组,如果需要更高的安全设置,则不应当将只读的目录赋予nginx,php组可写权限)
service nginx start(start|stop|restart|reload)
service php-fpm start(start|stop|restart)
service mysqld start(start|stop|restart|reload)
设置自启动
chkconfig nginx on
chkconfig php-fpm on
chkconfig mysqld on
(LNMP) How To Install Linux, nginx, MySQL, PHP
How To Install Linux, nginx, MySQL, PHP (LNMP) stack on Ubuntu 14.x
#2015.04.03
Nginx
sudo apt-get update
sudo apt-get install nginx
Test Nginx
visit http://IP
ELSE " /etc/init.d/nginx start "
MySQL
sudo apt-get install mysql-server
sudo mysql_install_db #generate directory structure
sudo mysql_secure_installation #modify insecure default setting,reset root password here
PHP
sudo apt-get install php5-fpm php5-mysql
sudo vim /etc/php5/fpm/php.ini
-----
cgi.fix_pathinfo=0
-----
sudo service php5-fpm restart
Config Nginx to enable PHP
sudo vim /etc/nginx/sites-available/default
-----
server {
listen 80 default_server; #port here
listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html; #location of web files
index index.php index.html index.htm; #add ''index.php'' content
server_name server_domain_name_or_IP; #here need modify
location / {
try_files $uri $uri/ =404;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html; #location of web files
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; #the key setting of resolve php files
include fastcgi_params;
}
}
-----
sudo service nginx restart
Test PHP
sudo vim /usr/share/nginx/html/info.php
<?php phpinfo(); ?>
Visit : http://IP/info.php
12.13 Nginx 防盗链 12.14 Nginx 访问控制 12.15 Nginx 解析 php 相关配置 12.16 Nginx 代理
12.13 Nginx 防盗链
因为该配置也使用 location 板块,所以本节可结合日志管理(不记录和过期时间)一起配置:
[root@cham002 ~]# vim /usr/local/nginx/conf/vhost/test.com.conf
location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
{
expires 7d;
valid_referers none blocked server_names *.test.com ;
#定义referer白名单
if ($invalid_referer) {
return 403;
#if函数的意思是:如果不是白名单内的域名,返回值:403
}
access_log off;
}
说明: “location ~* ^.+” 在此 0“ * ” 的作用是后面匹配的内容不区分大小写。
检测及测试
[root@cham002 ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@cham002 ~]# /usr/local/nginx/sbin/nginx -s reload
[root@cham002 ~]# ls /data/wwwroot/test.com/
1.gif 2.js admin index.html
[root@cham002 ~]# curl -e "http://www.baidu.com/1.txt" -x127.0.0.1:80 -I test.com/1.gif
HTTP/1.1 403 Forbidden
Server: nginx/1.12.1
Date: Wed, 03 Jan 2018 13:54:39 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
[root@cham002 ~]# curl -e "http://www.test.com/1.txt" -x127.0.0.1:80 -I test.com/1.gif
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Wed, 03 Jan 2018 13:55:14 GMT
Content-Type: image/gif
Content-Length: 32
Last-Modified: Wed, 03 Jan 2018 13:34:18 GMT
Connection: keep-alive
ETag: "5a4cdbda-20"
Expires: Wed, 10 Jan 2018 13:55:14 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
即,使用非白名单内的 referer 进行访问,被拒绝!!!
12.14 Nginx 访问控制
需求:访问 /admin/ 目录的请求,只允许几个指定 IP 通过,配置如下:
[root@cham002 ~]# vim /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen 80;
server_name test.com test2.com test3.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
if ($host != ''test.com'' ) {
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
# location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
# {
# expires 7d;
# access_log off;
# }
location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
{
expires 7d;
valid_referers none blocked server_names *.test.com ;
if ($invalid_referer) {
return 403;
}
access_log off;
}
location ~ .*\.(js|css)$
{
expires 12h;
access_log off;
}
location /admin/
{
allow 127.0.0.1;
allow 192.168.230.135;
deny all;
#设置IP白名单
}
access_log /tmp/test.com.log cham;
}
[root@cham002 ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@cham002 ~]# /usr/local/nginx/sbin/nginx -s reload
测试 (针对目录的)
[root@cham002 ~]# curl -e "http://www.baidu.com/1.txt" -x127.0.0.1:80 -I test.com/admin/
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Thu, 04 Jan 2018 07:59:16 GMT
Content-Type: text/html
Content-Length: 20
Last-Modified: Wed, 03 Jan 2018 08:50:53 GMT
Connection: keep-alive
ETag: "5a4c996d-14"
Accept-Ranges: bytes
[root@cham002 ~]# curl -x192.168.230.150:80 -I test.com/admin/
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Thu, 04 Jan 2018 08:01:00 GMT
Content-Type: text/html
Content-Length: 20
Last-Modified: Wed, 03 Jan 2018 08:50:53 GMT
Connection: keep-alive
ETag: "5a4c996d-14"
Accept-Ranges: bytes
[root@cham002 ~]# curl -x192.168.230.135:80 -I test.com/admin/
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Thu, 04 Jan 2018 08:01:14 GMT
Content-Type: text/html
Content-Length: 20
Last-Modified: Wed, 03 Jan 2018 08:50:53 GMT
Connection: keep-alive
ETag: "5a4c996d-14"
Accept-Ranges: bytes
[root@cham002 ~]# cat /tmp/test.com.log
127.0.0.1 - [03/Jan/2018:21:35:36 +0800] test.com "/index.html" 200 "-" "curl/7.29.0"
127.0.0.1 - [04/Jan/2018:15:59:16 +0800] test.com "/admin/" 200 "http://www.baidu.com/1.txt" "curl/7.29.0"
192.168.230.135 - [04/Jan/2018:16:01:00 +0800] test.com "/admin/" 200 "-" "curl/7.29.0"
192.168.230.135 - [04/Jan/2018:16:01:14 +0800] test.com "/admin/" 200 "-" "curl/7.29.0"
[root@cham002 ~]# curl -x192.168.230.150:80 -I test.com/admin/
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Thu, 04 Jan 2018 08:01:37 GMT
Content-Type: text/html
Content-Length: 20
Last-Modified: Wed, 03 Jan 2018 08:50:53 GMT
Connection: keep-alive
ETag: "5a4c996d-14"
Accept-Ranges: bytes
[root@cham002 ~]# cat /tmp/test.com.log
127.0.0.1 - [03/Jan/2018:21:35:36 +0800] test.com "/index.html" 200 "-" "curl/7.29.0"
127.0.0.1 - [04/Jan/2018:15:59:16 +0800] test.com "/admin/" 200 "http://www.baidu.com/1.txt" "curl/7.29.0"
192.168.230.135 - [04/Jan/2018:16:01:00 +0800] test.com "/admin/" 200 "-" "curl/7.29.0"
192.168.230.135 - [04/Jan/2018:16:01:14 +0800] test.com "/admin/" 200 "-" "curl/7.29.0"
192.168.230.135 - [04/Jan/2018:16:01:37 +0800] test.com "/admin/" 200 "-" "curl/7.29.0"
[root@cham002 ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.230.135 netmask 255.255.255.0 broadcast 192.168.230.255
inet6 fe80::6f15:52d3:ebeb:e193 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:b6:9f:e3 txqueuelen 1000 (Ethernet)
RX packets 96831 bytes 41894507 (39.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 60974 bytes 20136998 (19.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.230.150 netmask 255.255.255.0 broadcast 192.168.230.255
ether 00:0c:29:b6:9f:e3 txqueuelen 1000 (Ethernet)
ens37: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.1 netmask 255.255.255.0 broadcast 192.168.100.255
inet6 fe80::1801:cbbb:ebcc:89a3 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:b6:9f:ed txqueuelen 1000 (Ethernet)
RX packets 3 bytes 746 (746.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 81 bytes 6462 (6.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 1363 bytes 1359483 (1.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1363 bytes 1359483 (1.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@cham002 ~]# curl -x192.168.100.1:80 test.com/admin/
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.12.1</center>
</body>
</html>
[root@cham002 ~]# cat /tmp/test.com.log
127.0.0.1 - [03/Jan/2018:21:35:36 +0800] test.com "/index.html" 200 "-" "curl/7.29.0"
127.0.0.1 - [04/Jan/2018:15:59:16 +0800] test.com "/admin/" 200 "http://www.baidu.com/1.txt" "curl/7.29.0"
192.168.230.135 - [04/Jan/2018:16:01:00 +0800] test.com "/admin/" 200 "-" "curl/7.29.0"
192.168.230.135 - [04/Jan/2018:16:01:14 +0800] test.com "/admin/" 200 "-" "curl/7.29.0"
192.168.230.135 - [04/Jan/2018:16:01:37 +0800] test.com "/admin/" 200 "-" "curl/7.29.0"
192.168.100.1 - [04/Jan/2018:16:05:14 +0800] test.com "/admin/" 403 "-" "curl/7.29.0
访问控制(针对正则匹配)
[root@cham002 ~]# vim /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen 80;
server_name test.com test2.com test3.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
if ($host != ''test.com'' ) {
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
# location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
# {
# expires 7d;
# access_log off;
# }
location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
{
expires 7d;
valid_referers none blocked server_names *.test.com ;
if ($invalid_referer) {
return 403;
}
access_log off;
}
location ~ .*\.(js|css)$
{
expires 12h;
access_log off;
}
location /admin/
{
allow 127.0.0.1;
allow 192.168.230.135;
deny all;
}
location ~ .*(upload|image)/.*\.php$
{
deny all;
}
access_log /tmp/test.com.log cham;
}
[root@cham002 ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@cham002 ~]# /usr/local/nginx/sbin/nginx -s reload
[root@cham002 ~]# mkdir /data/wwwroot/test.com/upload
[root@cham002 ~]# echo "11111" > /data/wwwroot/test.com/upload/1.php
测试
[root@cham002 ~]# curl -x127.0.0.1:80 test.com/upload/1.php
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.12.1</center>
</body>
</html>
[root@cham002 ~]# curl -x127.0.0.1:80 test.com/upload/1.txt
11111
看日志
[root@cham002 ~]# cat /tmp/test.com.log
127.0.0.1 - [03/Jan/2018:21:35:36 +0800] test.com "/index.html" 200 "-" "curl/7.29.0"
127.0.0.1 - [04/Jan/2018:15:59:16 +0800] test.com "/admin/" 200 "http://www.baidu.com/1.txt" "curl/7.29.0"
192.168.230.135 - [04/Jan/2018:16:01:00 +0800] test.com "/admin/" 200 "-" "curl/7.29.0"
192.168.230.135 - [04/Jan/2018:16:01:14 +0800] test.com "/admin/" 200 "-" "curl/7.29.0"
192.168.230.135 - [04/Jan/2018:16:01:37 +0800] test.com "/admin/" 200 "-" "curl/7.29.0"
192.168.100.1 - [04/Jan/2018:16:05:14 +0800] test.com "/admin/" 403 "-" "curl/7.29.0"
127.0.0.1 - [04/Jan/2018:16:15:46 +0800] test.com "/upload/1.php" 403 "-" "curl/7.29.0"
127.0.0.1 - [04/Jan/2018:16:16:46 +0800] test.com "/upload/1.txt" 200 "-" "curl/7.29.0"针对 user_agent 限制
server
{
listen 80;
server_name test.com test2.com test3.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
if ($host != ''test.com'' ) {
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
# location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
# {
# expires 7d;
# access_log off;
# }
location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
{
expires 7d;
valid_referers none blocked server_names *.test.com ;
if ($invalid_referer) {
return 403;
}
access_log off;
}
location ~ .*\.(js|css)$
{
expires 12h;
access_log off;
}
location /admin/
{
allow 127.0.0.1;
allow 192.168.230.135;
deny all;
}
location ~ .*(upload|image)/.*\.php$
{
deny all;
}
if ($http_user_agent ~ ''Spider/3.0|YoudaoBot|Tomato'')
{
return 403;
}
access_log /tmp/test.com.log cham;
}
[root@cham002 ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@cham002 ~]# /usr/local/nginx/sbin/nginx -s reload
[root@cham002 ~]# curl -x127.0.0.1:80 test.com/upload/1.txt -I
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Thu, 04 Jan 2018 08:22:45 GMT
Content-Type: text/plain
Content-Length: 6
Last-Modified: Thu, 04 Jan 2018 08:16:39 GMT
Connection: keep-alive
ETag: "5a4de2e7-6"
Accept-Ranges: bytes
[root@cham002 ~]# curl -A "Tomatodsfsdf" -x127.0.0.1:80 test.com/upload/1.txt -I
HTTP/1.1 403 Forbidden
Server: nginx/1.12.1
Date: Thu, 04 Jan 2018 08:23:37 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
说明: deny all 和 return 403 效果一样
12.15 Nginx 解析 PHP 相关配置
核心配置:
[root@cham002 ~]# vim /usr/local/nginx/conf/vhost/test.com.conf
location ~ \.php$
{
include fastcgi_params;
#fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_pass 127.0.0.1:9000;
##fastcgi_pass两种监听格式,但是要保证Nginx和php-fpm中格式一致
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/test.com$fastcgi_script_name;
}
[root@cham002 ~]# cat /usr/local/php-fpm/etc/php-fpm.conf
[global]
pid = /usr/local/php-fpm/var/run/php-fpm.pid
error_log = /usr/local/php-fpm/var/log/php-fpm.log
[www]
#listen = /tmp/php-fcgi.sock
listen = 127.0.0.1:9000
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
[root@cham002 ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@cham002 ~]# /usr/local/nginx/sbin/nginx -s reload
[root@cham002 ~]# /etc/init.d/php-fpm reload
Reload service php-fpm done
[root@cham002 ~]# curl -x 127.0.0.1:80 test.com/3.php -I
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Thu, 04 Jan 2018 10:44:25 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.6.30
注: 在此注意两点,fastcgi_pass 有两种格式,但是无论使用哪种格式都有保证 Nginx 和 php-fpm 中格式一致,否则会报错 502;fastcgi _param SCRIPT _FILENAME 所在行的路径要和 root 路径一致!
12.16 Nginx 代理
Nginx 代理是一种反向代理。反向代理(Reverse Proxy)方式是指以代理服务器来接受 Internet 上的连接请求,然后将请求转发给内部网络上的服务器;并将从服务器上得到的结果返回给 Internet 上请求连接的客户端,此时代理服务器对外就表现为一个服务器。
工作原理
Nginx 代理是在一台代理服务器中自定义一个域名,该域名指向一个 IP,然后将用户的请求通过这台代理服务器访问指定的 IP 所对应的 web 服务器。
graph LR
用户-->代理服务器
代理服务器-->用户
代理服务器-->web服务器
web服务器-->代理服务器[root@cham002 ~]# cd /usr/local/nginx/conf/vhost
[root@cham002 vhost]# vim proxy.conf
server
{
listen 80;
server_name ask.apelearn.com;
#定义域名(一般和被代理ip的域名保持一致)
location /
{
proxy_pass http://121.201.9.155/;
#指定被代理(被访问)的IP(web服务器IP)
proxy_set_header Host $host;
#$host指的是代理服务器的servername(也是被代理IP的域名)
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}说明: 因为该虚拟主机只用作代理服务器,不需要访问本地文件,所以不需要设置根目录。
没有设置代理前
[root@cham002 vhost]# curl -x127.0.0.1:80 ask.apelearn.com/robots.txt
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.12.1</center>
</body>
</html>
[root@cham002 vhost]#
[root@cham002 vhost]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@cham002 vhost]# /usr/local/nginx/sbin/nginx -s reload
设置代理后
[root@cham002 vhost]# curl -x127.0.0.1:80 ask.apelearn.com/robots.txt
#
# robots.txt for MiWen
#
User-agent: *
Disallow: /?/admin/
Disallow: /?/people/
Disallow: /?/question/
Disallow: /account/
Disallow: /app/
Disallow: /cache/
Disallow: /install/
Disallow: /models/
Disallow: /crond/run/
Disallow: /search/
Disallow: /static/
Disallow: /setting/
Disallow: /system/
Disallow: /tmp/
Disallow: /themes/
Disallow: /uploads/
Disallow: /url-*
Disallow: /views/
Disallow: /*/ajax/[root@cham002 vhost]#
6 月 11 日任务 Nginx 防盗链、Nginx 访问控制、Nginx 解析 php 相关配置、Nginx 代理
12.13 Nginx 防盗链
修改配置文件
location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
{
expires 7d;
valid_referers none blocked server_names *.abc.com ;
if ($invalid_referer) {
return 403;
}
access_log off;
}
测试:
curl -e "http://www.abc.com/" -x127.0.0.1:80 -I abc.com/1.jpg
12.14 Nginx 访问控制
修改配置文件
#按目录匹配
location /
{
allow 127.0.0.1;
deny all;
}
#可以匹配正则
location ~ .*(upload|image)/.*\.php$
{
deny all;
}
#根据 user_agent 限制
if ($http_user_agent ~* ''Spider/3.0|YoudaoBot|Tomato'') // 匹配符号后面 +* 忽略大小写
{
return 403;
}
deny all 和 return 403 效果一样
12.15 Nginx 解析 php 相关配置
location ~ \.php$
{
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_pass 配置对应的参数 是 sock 还是 ip 否则 502 错误
listen.mode = 666 监听 sock 不定义 mode sock 文件权限 440
12.16 Nginx 代理
1. 新建配置文件 proxy.conf
server
{
listen 80;
server_name 111.com; // 本机域名
location /
{
proxy_pass http://106.39.167.118:80/; // 目标服务器
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
6 月 6 日任务 LNMP 架构介绍、MySQL 安装、PHP 安装、 Nginx 介绍
12.1 LNMP 架构介绍
12.3 php 安装
make clean // 删除之前编译文件
1. wget http://au1.php.net/distributions/php-5.6.36.tar.gz // 下载安装包
2. tar -jxvf php-5.6.32.tar.bz2 // 解压文件
3. ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-pdo-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --with-pear --with-curl --with-openssl
4. make&& make install // 安装
5. cp php.ini-production /usr/local/php-fpm/etc/php.ini // 拷贝配置文件
6. 创建 php-fpm.conf 并修改配置文件
[global]
pid = /usr/local/php-fpm/var/run/php-fpm.pid
error_log = /usr/local/php-fpm/var/log/php-fpm.log
[www]
listen = 127.0.0.1:9000
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
7. cp /sr/local/php-5.6.36/api/fpm/init.d.php-fpm /etc/init.d/php-fpm // 源码包拷贝配置文件
8. chmod 755 /etc/init.d/php-fpm // 修改配置文件权限
9. chkconfig --add php-fpm
chkconfig php-fpm on // 开机启动
10. useradd -s /sbin/nolosbin php-fpm // 添加用户
11. service php-fpm start // 启动服务
12.5 nginx 介绍
12.6 Nginx 安装
今天关于RedHat5 yum搭建Linux+Nginx+PHP+MYSQL(LNMP),3小时不到轻松搞和redhat linux yum的介绍到此结束,谢谢您的阅读,有关(LNMP) How To Install Linux, nginx, MySQL, PHP、12.13 Nginx 防盗链 12.14 Nginx 访问控制 12.15 Nginx 解析 php 相关配置 12.16 Nginx 代理、6 月 11 日任务 Nginx 防盗链、Nginx 访问控制、Nginx 解析 php 相关配置、Nginx 代理、6 月 6 日任务 LNMP 架构介绍、MySQL 安装、PHP 安装、 Nginx 介绍等更多相关知识的信息可以在本站进行查询。
本文标签:
