數位天堂

malsvent · 2010-12-29 16:16:59

ipkg.sh update
ipkg.sh install ipkg-opt
ipkg update
ipkg install libuclibc++ php-fcgi spawn-fcgi nginx

spawn-fcgi啟動檔可以參照
http://blog.new-studio.org/2010/03/oleg … -fast.html
下面的S80php-fcgi

編輯/opt/etc/nginx/nginx.conf
user nobody取消註解
sendfile註解掉
gzip on取消註解
/scripts$fastcgi_script_name 改成 $document_root$fastcgi_script_name
127.0.0.1:9000 改成 unix:/opt/tmp/php-fcgi.sock

註1: sock的位置要跟spawn-fcgi啟動檔中寫的位置一樣

註2: ipkg無法正常處理nginx包装一定要用ipkg-opt

最後修改： malsvent (2010-12-31 17:13:17)

duckfly · 2012-10-21 15:50:47

昨天架好了Nginx + PHP 5(FastCGI) 的環境，把作法分享出來。

環境：
TOMATO by shibby K26/build5x-101

前置工作：
optware安裝在/opt下
port 80 確定沒有服務 (ap管理介面請避開 port 80)

開始安裝nginx及php等套件
(額外安裝了sqlite php-mysql php-gd php-curl php-mbstring，請自行刪減)

#php5核心已內置PHP-FPM來管理多process，所以無需再安裝spawn-fcgi
ipkg update
ipkg install libuclibc++ php-fcgi nginx sqlite php-mysql php-gd php-curl  php-mbstring

#下載busybox-mipsel (比起ipkg的busybox，功能較完整也較沒bug)
cd /opt/bin
wget http://busybox.net/downloads/binaries/latest/busybox-mipsel
chmod +x busybox-mipsel

新增 /opt/etc/init.d/S80php-fcgi

#!/bin/sh

#本來是127.0.0.1:9000, 此處改以socket方式溝通
BIND=/tmp/php-fcgi.sock
#身份為nobody
USER=nobody
#產生的php-fcgi process數目，此處為1
PHP_FCGI_CHILDREN=1
PHP_FCGI_MAX_REQUESTS=1000

PATH=/opt/bin:/opt/sbin:/sbin:/bin:/usr/sbin:/usr/bin
PHP_CGI=/opt/bin/php-fcgi
PHP_CGI_NAME=`basename $PHP_CGI`
PHP_CGI_ARGS="- USER=$USER PATH=$PATH PHP_FCGI_CHILDREN=$PHP_FCGI_CHILDREN PHP_FCGI_MAX_REQUESTS=$PHP_FCGI_MAX_REQUESTS $PHP_CGI -b $BIND"
RETVAL=0

start() {
      echo -n "Starting PHP FastCGI: "
      /opt/bin/busybox-mipsel start-stop-daemon --quiet --start --background --chuid "$USER" --exec /usr/bin/env -- $PHP_CGI_ARGS
      #start-stop-daemon -q -S -b -c "$USER" -x /usr/bin/env -- $PHP_CGI_ARGS
      RETVAL=$?
      echo "$PHP_CGI_NAME."
}
stop() {
      echo -n "Stopping PHP FastCGI: "
      killall -q -w -u $USER $PHP_CGI
      RETVAL=$?
      echo "$PHP_CGI_NAME."
}

case "$1" in
   start)
     start
  ;;
   stop)
     stop
  ;;
   restart)
     stop
     start
  ;;
  *)
     echo "Usage: php-fastcgi {start|stop|restart}"
     exit 1
  ;;
esac
exit $RETVAL

然後

chmod +x /opt/etc/init.d/S80php-fcgi

修改 /opt/etc/nginx/nginx.conf

#以nobody身份執行，若要加group=nobody，可改為 user nobody nobody
user  nobody;
worker_processes  1;

#產生log
error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
#產生log
    access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    gzip  on;

    server {
#修改port及domain
        listen  80;
        server_name  www.mydomain.com;

#改為utf-8     
        charset utf-8;

        #access_log  logs/host.access.log  main;
#加入index.php
        location / {
            root   html;
            index  index.html index.htm index.php;
        }

        #block specified file extension & key word   
        #location ~ (\.db|phpmyadmin) {
        #    return 403;
        #}

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
#以下區塊請照此修改
        location ~ \.php$ {
            root           html;
            location ~ \..*/.*\.php$ {return 404;}
            #fastcgi_pass  127.0.0.1:9000;
            fastcgi_pass  unix:/tmp/php-fcgi.sock;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include        fastcgi_params;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }

    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443;
    #    server_name  localhost;

    #    ssl                  on;
    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_timeout  5m;

    #    ssl_protocols  SSLv2 SSLv3 TLSv1;
    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers   on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}

修改 /opt/share/nginx 資料夾權限

mkdir -p /opt/share/nginx/logs
chown -R nobody /opt/share/nginx

firewall script 加入此行

iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT

shutdown script 前面加入

/opt/etc/init.d/S80nginx stop
/opt/etc/init.d/S80php-fcgi stop
/opt/etc/init.d/S70mysqld stop

修改/opt/etc/php.ini，約第560行開始，加入sqlite模組

...
extension=sqlite.so
extension=pdo_sqlite.so
extension=pdo.so
...

修改 /opt/share/mysql/mysql.server (有安裝php-mysql會順便安裝mysql server)

...
#修改pid_file=
pid_file=$datadir/lib/mysql/mysqld.pid
..

服務重啟：

/opt/etc/init.d/S70mysqld restart
/opt/etc/init.d/S80php-fcgi restart
/opt/etc/init.d/S80nginx restart

記得改一下mysql的root密碼

mysqladmin -u root password 'new-password'

#重改mysql密碼(需輸入原來密碼)
mysqladmin -u root -p password 'new2-password'

在網站根目錄：/opt/share/nginx/html 寫個phpinfo跑跑看：

echo '' >> /opt/share/nginx/html/test.php

看看 http://yourdomain.com/test.php 是否有成功執行php

完成！ gathering

Nginx相較於Lighttpd，處理速度更快、更穩定，且不易crash，bug及消耗的資源更少，
很適合在小AP上跑，用過就會讓人愛不釋手 yes

最後修改： duckfly (2012-10-22 13:57:59)

a00403a · 2016-02-21 19:38:59

虛擬主機(Virtual Host)
以phpmyadmin當範例：

安裝phpmyadmin

ipkg install phpmyadmin

建立目錄

mkdir -p /opt/etc/nginx/sites-available
mkdir -p /opt/etc/nginx/sites-enabled

新增vhost檔案

vim /opt/etc/nginx/sites-available/www.example.com.vhost

server {
       listen 80;
       server_name www.example.com;
       root /opt/share/www;
       if ($http_host != "www.example.com") {
                 rewrite ^ http://www.example.com$request_uri permanent;
       }
       index index.php index.html index.htm;
       location = /favicon.ico {
                log_not_found off;
                access_log off;
       }
       location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
       }
       # Make sure files with the following extensions do not get loaded by nginx because nginx would display the source code, and these files can contain PASSWORDS!
        location ~* \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_ {
                deny all;
        }
       # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
       location ~ /\. {
                deny all;
                access_log off;
                log_not_found off;
       }
       location ~*  \.(jpg|jpeg|png|gif|css|js|ico)$ {
                expires max;
                log_not_found off;
       }
       location ~ \.php$ {
                try_files $uri =404;
                include /opt/etc/nginx/fastcgi_params;
                #fastcgi_pass 127.0.0.1:9000;
                fastcgi_pass  unix:/tmp/php-fcgi.sock;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       }

        location /phpmyadmin {
            root /opt/share/www;
            index index.php index.html index.htm;
            location ~ ^/phpmyadmin/(.+\.php)$ {
                try_files $uri =404;
                root /opt/share/www;
                #fastcgi_pass 127.0.0.1:9000;
                fastcgi_pass  unix:/tmp/php-fcgi.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include /opt/etc/nginx/fastcgi_params;
            }
            location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
                root /opt/share/www;
            }
        }
        location /phpMyAdmin {
            rewrite ^/* /phpmyadmin last;
        }
}

修改/opt/etc/nginx/nginx.conf

http {
...
    include /opt/etc/nginx/sites-enabled/www.example.com.vhost;
...
}

建立vhost捷徑

ln -s /opt/etc/nginx/sites-available/www.example.com.vhost /opt/etc/nginx/sites-enabled/

重啟服務

/opt/etc/init.d/S80nginx restart

供大家參考，如有什麼漏洞還請各位大大指正。

最後修改： a00403a (2018-03-25 00:49:51)

a00403a · 2016-02-21 20:07:17

phpmyadmin中如出現：必須在設定檔內設定 $cfg['PmaAbsoluteUri'] !

編輯

vim /opt/share/www/phpmyadmin/config.inc.php

#解決紅字問題
#不加斜線
$cfg['PmaAbsoluteUri'] = 'http://www.example.com/phpmyadmin';

登入畫面想要漂亮一點則

$cfg['blowfish_secret'] = '隨便輸入什麼';

登入我選擇使用cookie

$cfg['Servers'][$i]['auth_type'] = 'cookie';

要使用自動登入則

$cfg['Servers'][$i]['auth_type']     = 'config';
$cfg['Servers'][$i]['user']          = '帳號';
$cfg['Servers'][$i]['password']      = '密碼';

最後修改： a00403a (2016-02-28 14:06:44)

a00403a · 2016-02-21 20:35:16

nginx無法顯示圖片解決方法
修改

vim /opt/etc/nginx/nginx.conf

例如http部份，則在server區段加入

server {
...
        location ~* ^.+.(jpg|jpeg|gif|png|bmp)$ {
            root /opt/share/www;
            expires max;
            #break;
        }
...
}

重啟服務

/opt/etc/init.d/S80nginx restart

最後修改： a00403a (2018-03-20 21:39:27)

a00403a · 2016-02-28 16:12:31

啟用SSL加密

安裝openssl

ipkg install openssl

做一個憑證出來吧

/opt/bin/openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /opt/etc/nginx/ssl/nginx.key -out /opt/etc/nginx/ssl/nginx.crt

req：使用 X.509 Certificate Signing Request（CSR） Management 產生憑證。
-x509：建立自行簽署的憑證。
-nodes：不要使用密碼保護，因為這個憑證是 NGINX 伺服器要使用的，如果設定密碼的話，會讓伺服器每次在啟動時書需要輸入密碼。
-days 365：設定憑證的使用期限，單位是天，如果不想時常重新產生憑證，可以設長一點。
-newkey rsa:2048：同時產生新的 RSA 2048 位元的金鑰。
-keyout：設定金鑰儲存的位置。
-out：設定憑證儲存的位置。

Country Name (2 letter code) [AU]:1
State or Province Name (full name) [Some-State]:2
Locality Name (eg, city) []:3
Organization Name (eg, company) [Internet Widgits Pty Ltd]:4
Organizational Unit Name (eg, section) []:5
Common Name (e.g. server FQDN or YOUR name) []:6
Email Address []:7

1.國家代碼，台灣就填 TW。
2.州或省，台灣就填 Taiwan。
3.城市，例如台北就填 Taipei。
4.公司名稱。
5.部門名稱。
6.伺服器的 FQDN，這個一定要填寫正確，如果沒有申請網域名稱的話，也可以用 IP 位址替代。
7.E-mail 信箱。

修改nginx.conf

vim /opt/etc/nginx/nginx.conf

server {
...
    listen 443 ssl;
    # 重點是下述三行
    ssl on;
    ssl_certificate /opt/etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /opt/etc/nginx/ssl/nginx.key;

    # 以下可以省略，但是還是建議加上
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:5m;

    #ssl_protocols SSLv3 TLSv1;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    #ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;

    ssl_prefer_server_ciphers on;
...
}

http {
...
    ## Detect when HTTPS is used
    map $scheme $fastcgi_https {
        default off;
        https on;
    }
    ##
    # Virtual Host Configs
    ##
    include /opt/etc/nginx/conf.d/*.conf;
    include /opt/etc/nginx/sites-enabled/*;
...
}

修改www.example.com.vhost
這裡一併加入了phpmyadmin使用SSL的設定

vim /opt/etc/nginx/sites-available/www.example.com.vhost

server {
...

    listen 443 ssl;
    # 重點是下述三行
    ssl on;
    ssl_certificate /opt/etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /opt/etc/nginx/ssl/nginx.key;

    # 以下可以省略，但是還是建議加上
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:5m;

    #ssl_protocols SSLv3 TLSv1;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    #ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;

    ssl_prefer_server_ciphers on;
...
}

server {
...
    location /phpmyadmin {
        root /opt/share/www;
        index index.php index.html index.htm;
        location ~ ^/phpmyadmin/(.+\.php)$ {
            try_files $uri =404;
            root /opt/share/www;
            #fastcgi_pass 127.0.0.1:9000;
            fastcgi_pass  unix:/tmp/php-fcgi.sock;
            fastcgi_param HTTPS $fastcgi_https;     ########## 加入這行 ##########
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include /etc/nginx/fastcgi_params;
        }
        location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
            root /opt/share/www;
        }
    }
    location /phpMyAdmin {
        rewrite ^/* /phpmyadmin last;
    }
...
}

config.inc.php記得改，才能強制重新導向https

vim /opt/share/www/phpmyadmin/config.inc.php

$cfg['PmaAbsoluteUri'] = 'https://www.example.com/phpmyadmin';

亮相一下

最後修改： a00403a (2016-02-28 16:57:27)

a00403a · 2016-02-29 22:27:18

幫2樓修改個小地方

vim /opt/share/mysql/mysql.server

#180行
#原2樓的方法為
pid_file=$datadir/lib/mysql/mysqld.pid

#改成
pid_file=$datadir/mysqld.pid
#/lib/mysql會自動帶上

方可解決/opt/share/mysql/mysql.server: line 186: /bin/hostname: not found
(捷徑則會顯示)/opt/etc/init.d/S70mysqld: line 186: /bin/hostname: not found

最後修改： a00403a (2016-03-07 19:52:18)

a00403a · 2019-05-19 00:03:42

PHP 出現"No input file specified"

修改 php.ini

doc_root = xxx
改為
doc_root =

nginx 將 location 裡的"root"提高至 server 底下，如下

server {
　　root xxx
}

a00403a · 2019-05-19 00:45:37

使用 php-fpm 管理 FastCGI

設定 php7-fpm.d/www.conf

user = nobody
listen = /var/run/php7-fpm.sock
listen.owner = nobody
listen.group = nobody
listen.mode = 0666

設定 php7-fpm.conf

pid = /var/run/php7-fpm.pid

a00403a · 2020-07-27 19:41:56

nginx log +8時區問題

vim /opt/etc/nginx/nginx.conf

...
autoindex_localtime on;
...

cp /opt/share/zoneinfo/Hongkong /opt/etc/localtime

數位天堂

#1 2010-12-29 16:16:59

nginx + php

#2 2012-10-21 15:50:47

Re: nginx + php

#3 2016-02-21 19:38:59

Re: nginx + php

#4 2016-02-21 20:07:17

Re: nginx + php

#5 2016-02-21 20:35:16

Re: nginx + php

#6 2016-02-28 16:12:31

Re: nginx + php

#7 2016-02-29 22:27:18

Re: nginx + php

#8 2019-05-19 00:03:42

Re: nginx + php

#9 2019-05-19 00:45:37

Re: nginx + php

#10 2020-07-27 19:41:56

Re: nginx + php

相關討論主題

友情連結

論壇頁尾