之前流行过一段时间的Nginx+以fastCGI方式运行的PHP来搭建Web站点的方法。但是经过一段时间考量之后,大家经常发现会出现一些502的错误。其实一般是Nginx+fastCGIPHP的形式不太稳定造成。于是尝试了牛人推荐的一种是用Nginx做前端转发PHP请求给Apache的方法来进行服务器平台建设。这种方法有效的避免了Apache在应付大并发时候的些许不足和Nginx配合fastCGIPHP不太稳定的弊端。同时又在一定程度上利用了Nginx速度上的优势。说白了就是一些静态文件有Nginx来处理,PHP请求转发给后端Apache来处理。但是在效率上或者内存等资源占用上不如Nginx+fastCGI方式。
在PHP页面处理使用了suPHP,关于suPHP各位可以参照这里。suPHP其实现在被应用在很多空间租用商的服务器上。主要功能为了使用目录所有者的权限来执行特定位置的PHP页面,不是使用Apache默认Apache或者wwwdata或者nobody用户。
这样的好处主要有两点:
1.空间租用者(使用者)不需要在设置复杂权限了,在自己空间中PHP拥有完全权限。
2.空间租用者(使用者)存放网站文件的目录更安全,不需要开启Apache,wwwdate或者nobody之类权限对于自己站点,避免了777这样的高危权限。但是suPHP要求在编译安装PHP的时候必须编译为PHP-CGI形式才能是用,也就是不能使用平时我们所使用的CLI启动方式。
简单原理如下: CLI传统模式的图解:PHP是作为Apache一个模块存在,就像Apache的一个功能一样。
suPHP模式图解:suPHP作为Apache一个模块,在需要的时候以特定用户权限来启动PHP-CGI,从而实现以目录所有者权限执行PHP的功能。
最终原理图大致如下:由Nginx接受全部目的端口为80的Web请求,根据请求内容的不同进行过滤。静态文件例如:MP3、GIF、JPG、JS等文件 由Nginx处理,其他PHP Web请求转发到后端Apache服务器上。Apache服务器利用suPHP模块按照目录所有者权限运行PHP程序从而返回页面给客户端。稍加改动就可 以实现跨越多台计算机的群集功能。
我们操作系统平台为CentOS5.5,姑且称呼他为:Nginx+Apache+MySQL+suPHP
一、升级系统安装必须软件
yum update yum install gcc gcc-c++ bison patch unzip mlocate flex wget automake \ autoconf gd cpp gettext readline-devel libjpeg libjpeg-devel libpng \ libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib \ zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel \ ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel \ libidn libidn-devel openldap openldap-devel openldap-clients \ openldap-servers nss_ldap expat-devel libtool libtool-ltdl-devel \ kernel-devel autoconf213 vim-common vim-enhanced diff*
编译安装PHP和MySQL所需库文件
#解压缩并且安装libiconv,是一个基于GNU协议的开源库,主要是解决多语言编码处理转换等应用问题。 mkdir /root/na tar -zxf all.tar.gz -C /root/na cd /root/na/ tar -zxf libiconv-1.13.1.tar.gz cd libiconv-1.13.1 ./configure make make install cd .. #安装libevent,是一个轻量级的开源高性能网络库,使用者众多。比如memcached、Vomit、Nylon、Netchat等等。 tar -zxf libevent-1.4.14b-stable.tar.gz cd libevent-1.4.14b-stable ./configure make make install cd .. #安装libmcrypt,mhash,mcrypt等加密所需库文件。 tar -zxf libmcrypt-2.5.8.tar.gz cd libmcrypt-2.5.8 ./configure make make install /sbin/ldconfig cd libltdl/ ./configure --enable-ltdl-install make make install cd ../.. tar zxvf mhash-0.9.9.9.tar.gz cd mhash-0.9.9.9/ ./configure make make install cd .. ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4 ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8 ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2 ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1 ln -s /usr/local/bin/libmcrypt-config /usr/bin/libmcrypt-config tar -zxf mcrypt-2.6.8.tar.gz cd mcrypt-2.6.8/ ./configure make make install cd ../
编译安装MySQL
#可以提高MySQL在内存分配方面的性能和效率。 tar -zxf google-perftools-1.6.tar.gz cd google-perftools-1.6/ ./configure make make install echo "/usr/local/lib" > /etc/ld.so.conf.d/usr_local_lib.conf # /sbin/ldconfig cd .. #真的开始安装MySQL tar -zxf mysql-5.1.52.tar.gz cd mysql-5.1.52 autoreconf --force --install libtoolize --automake --force automake --force --add-missing ./configure --prefix=/usr/local/mysql --with-extra-charsets=all \ --enable-thread-safe-client --enable-assembler --with-charset=utf8 \ --enable-thread-safe-client --with-extra-charsets=all --with-big-tables \ --with-readline --with-ssl --with-embedded-server --enable-local-infile \ --without-debug --with-mysqld-ldflags=-ltcmalloc_minimal make make install cd ../ groupadd -g 27 mysql useradd -u 27 -g 27 -d /var/lib/mysql -M mysql cp /usr/local/mysql/share/mysql/my-medium.cnf /etc/my.cnf /usr/local/mysql/bin/mysql_install_db --user=mysql chown -R mysql /usr/local/mysql/var chgrp -R mysql /usr/local/mysql/. cp /usr/local/mysql/share/mysql/mysql.server /etc/init.d/mysql chmod 755 /etc/init.d/mysql echo "/usr/local/mysql/lib/mysql" >> /etc/ld.so.conf echo "/usr/local/lib" >>/etc/ld.so.conf ldconfig ln -s /usr/local/mysql/lib/mysql /usr/lib/mysql ln -s /usr/local/mysql/include/mysql /usr/include/mysql service mysql start /usr/local/mysql/bin/mysqladmin -u root password 123456 #指定MySQL的密码 vim ~/.bashrc #在最后一行加入为了更方便使用MySQL的命令工具,注销后生效。 PATH=$PATH:/usr/local/mysql/bin
编译安装Apache
cd ~/na tar -zxf httpd-2.2.17.tar.gz cd httpd-2.2.17 ./configure --prefix=/usr/local/apache --enable-headers \ --enable-mime-magic --enable-proxy --enable-rewrite --enable-ssl \ --enable-suexec --disable-userdir --with-included-apr --with-mpm=prefork \ --with-ssl=/usr --with-suexec-caller=nobody --with-suexec-docroot=/ \ --with-suexec-gidmin=100 \ --with-suexec-logfile=/usr/local/apache/logs/suexec_log \ --with-suexec-uidmin=100 --with-suexec-userdir=public_html make make install cd .. mkdir /usr/local/apache/domlogs mkdir /usr/local/apache/conf/vhosts mkdir -p /var/www/html cp /usr/local/apache/bin/apachectl /etc/init.d/httpd chmod 755 /etc/init.d/httpd cd .. #编辑/etc/init.d/httpd,在首行#!/bin/sh下添加: vim /etc/init.d/httpd # Startup script for the Apache Web Server # # chkconfig: - 85 15 # description: Apache is a World Wide Web server. It is used to serve \ # HTML files and CGI. # processname: httpd # pidfile: /usr/local/apache/logs/httpd.pid # config: /usr/local/apache/conf/httpd.conf ulimit -n 1024 ulimit -n 4096 ulimit -n 8192 ulimit -n 16384 ulimit -n 32768 ulimit -n 65535
编译安装PHP这里编译成了CGI-PHP
tar -zxf php-5.2.14.tar.gz cd php-5.2.14 #编译php,这里我们为php打入补丁,有助于防止邮件发送被滥用(多用户)以及在邮件中提供有价值的信息。补丁介绍信息请点击:http://www.lancs.ac.uk/~steveb/patches/php-mail-header-patch/ patch -p1 < ../php5-mail-header.patch #以PHP-CGI形式编译PHP ./configure --prefix=/usr/local/php --with-config-file-path=/etc \ --enable-force-cgi-redirect --enable-fastcgi --enable-bcmath \ --enable-calendar --enable-exif --enable-ftp --enable-gd-native-ttf \ --enable-libxml --enable-magic-quotes --enable-mbstring --enable-pdo \ --enable-soap --enable-sockets --enable-zip --with-bz2 --with-curl \ --with-curlwrappers --with-freetype-dir --with-gd --with-gettext \ --with-jpeg-dir --with-kerberos --with-libexpat-dir=/usr \ --with-libxml-dir=/usr --with-mcrypt=/usr --with-mhash=/usr \ --with-mysql=/usr/local/mysql \ --with-mysql-sock=/usr/local/mysql/var/localhost.localdomain.pid \ --with-mysqli=/usr/local/mysql/bin/mysql_config --with-openssl=/usr \ --with-openssl-dir=/usr \ --with-pdo-mysql=/usr/local/mysql/bin/mysql_config \ --with-pdo-sqlite=shared --with-png-dir=/usr --with-sqlite=shared \ --with-ttf --with-xmlrpc --with-zlib --with-zlib-dir=/usr make ZEND_EXTRA_LIBS='-liconv' make install cp php.ini-dist /etc/php.ini cd .. #安装PHP memcache扩展。 tar -zxf memcache-2.2.6.tgz cd memcache-2.2.6 /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config \ --with-zlib-dir --enable-memcache make make install cd .. #安装PHP的加速器eaccelerator。 tar -jxf eaccelerator-0.9.6.1.tar.bz2 cd eaccelerator-0.9.6.1 /usr/local/php/bin/phpize ./configure --enable-eaccelerator=shared \ --with-php-config=/usr/local/php/bin/php-config make make install mkdir -p /tmp/eaccelerator chmod 777 /tmp/eaccelerator echo "mkdir -p /tmp/eaccelerator" >> /etc/rc.local echo "chmod 777 /tmp/eaccelerator" >> /etc/rc.local cd .. #安装ImageMagick图像处理软件。 tar -zxf ImageMagick-6.6.5-8.tar.gz cd ImageMagick-6.6.5-8 ./configure make make install cd .. #安装ImageMagick的PHP扩展。 tar -zxf imagick-3.0.0.tgz cd imagick-3.0.0 /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config make make install ldconfig cd .. #安装PHP扩展Suhosin用来增强php语言的安全性。 tar -zxf suhosin-0.9.32.1.tar.gz cd suhosin-0.9.32.1 /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config make make install cd .. #用来支持被加密的PHP页面。 tar -zxf ioncube_encoder_evaluation.tar.gz cd ioncube_encoder_evaluation mkdir /usr/local/ioncube cp loaders/* /usr/local/ioncube/ cd .. #安装ZendOptimizer用来支持Zend加密页面 tar -zxf ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz mkdir /usr/local/Zend cp -a ZendOptimizer-3.3.9-linux-glibc23-i386/data/ /usr/local/Zend/
安装suPHP
#suPHP可以让用户已目录所有者的权限访问PHP Web站点目录 tar -zxf suphp-0.7.1.tar.gz cd suphp-0.7.1 ./configure --with-apxs=/usr/local/apache/bin/apxs \ --with-apache-user=nobody \ --with-logfile=/usr/local/apache/logs/suphp.log \ --with-setid-mode=paranoid --sysconfdir=/usr/local/apache/conf/ \ --with-apr=/usr/local/apache/bin/apr-1-config \ --with-php=/usr/local/php/bin/php-cgi \ --enable-SUPHP_USE_USERGROUP=yes make make install
安装memcached
#memcached是可以有效提高PHP访问效率的内存缓存机制 cd .. tar -zxf memcached-1.4.5.tar.gz cd memcached-1.4.5 ./configure --with-libevent=/usr/local make make install
安装Nginx
#安装Nginx需要的pcre,perl 兼容的正规表达式库,这些在执行正规表达式模式匹配时用与Perl 5同样的语法和语义是很有用的。
tar -zxf pcre-8.10.tar.gz
cd pcre-8.10
./configure
make
make install
cd ..
#真的开始安装nginx了
tar -zxf nginx-0.8.53.tar.gz
cd nginx-0.8.53
./configure --user=nobody --group=nobody --prefix=/usr/local/nginx \
--pid-path=/usr/local/nginx/logs/nginx.pid \
--error-log-path=/usr/local/nginx/logs/error.log \
--http-log-path=/usr/local/nginx/logs/access.log \
--http-client-body-temp-path=/tmp/nginx_client \
--http-proxy-temp-path=/tmp/nginx_proxy \
--http-fastcgi-temp-path=/tmp/nginx_fastcgi \
--with-http_stub_status_module
make
make install
cd ..
#编写启动脚本
vim /etc/init.d/nginx
#! /bin/sh
ulimit -n 65535
# Description: Startup script for nginx
# chkconfig: 2345 55 25
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DESC="nginx daemon"
NAME=nginx
DAEMON=/usr/local/nginx/sbin/$NAME
CONFIGFILE=/usr/local/nginx/conf/nginx.conf
PIDFILE=/usr/local/nginx/logs/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
set -e
[ -x "$DAEMON" ] || exit 0
do_start() {
$DAEMON -c $CONFIGFILE || echo -n "nginx already running"
}
do_stop() {
kill -QUIT `cat $PIDFILE` || echo -n "nginx not running"
}
do_reload() {
kill -HUP `cat $PIDFILE` || echo -n "nginx can't reload"
}
case "$1" in
start)
echo -n "Starting $DESC: $NAME"
do_start
echo "."
/etc/init.d/httpd start
;;
stop)
echo -n "Stopping $DESC: $NAME"
do_stop
echo "."
/etc/init.d/httpd stop
;;
reload)
echo -n "Reloading $DESC configuration..."
do_reload
echo "."
/etc/init.d/httpd restart
;;
restart)
echo -n "Restarting $DESC: $NAME"
do_stop
sleep 1
do_start
echo "."
/etc/init.d/httpd restart
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|reload|restart}" >&2
exit 3
;;
esac
exit 0
#授予开机脚本执行权限
chmod u+x /etc/init.d/nginx
#安装rpaf插件,使Apache日志可以正确记录访问者IP地址。
tar -zxf mod_rpaf-0.6.tar.gz
cd mod_rpaf-0.6
/usr/local/apache/bin/apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c
cd ..
安装Pure-FTP
tar -zxf pure-ftpd-1.0.29.tar.gz cd pure-ftpd-1.0.29 ./configure --prefix=/usr/local/pureftpd \ --with-language=simplified-chinese --with-everything make make install chmod u+x configuration-file/pure-config.pl cp configuration-file/pure-config.pl /usr/local/pureftpd/sbin/ mkdir /usr/local/pureftpd/etc/ cp configuration-file/pure-ftpd.conf /usr/local/pureftpd/etc/ ln -s /usr/local/pureftpd/bin/pure-pw /usr/local/bin/ # 启动脚本 cp contrib/redhat.init /etc/init.d/pure-ftpd chmod 755 /etc/init.d/pure-ftpd chkconfig --add pure-ftpd chkconfig --level 3 pure-ftpd on # 定制启动脚本 vim /etc/init.d/pure-ftpd fullpath 修改成 fullpath=/usr/local/pureftpd/sbin/$prog pureftpwho 修改成 pureftpwho=/usr/local/pureftpd/sbin/pure-ftpwho start 项里 的 conf修改成 $fullpath /usr/local/pureftpd/etc/pure-ftpd.conf --daemonize 其它的不用动
修改目录权限提高安全性
chmod 711 /home chmod 711 /usr/local/pureftpd chmod 711 /usr/local/apache/conf/vhosts chmod 711 /usr/local/nginx/conf/vhosts chmod 711 /usr/local/apache/domlogs chmod 711 /usr/local/apache/logs
二、编辑Apache、PHP、suPHP、Nginx、Pure-FTP配置文件 编辑Apache主配置文件
#配置apache配置参数文件httpd.conf,位于/usr/local/apache/conf/目录。
cd /usr/local/apache/conf/
mv httpd.conf httpd.conf.bak
vim httpd.conf
#写入以下内容ip、主机名、邮箱按照自己实际修改即可。
PidFile logs/httpd.pid
LockFile logs/accept.lock
ServerRoot "/usr/local/apache"
Listen 0.0.0.0:81
User nobody
Group nobody
ServerAdmin aaa@gmail.com
ServerName hosts.whypc.info
Timeout 300
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 5
UseCanonicalName Off
AccessFileName .htaccess
TraceEnable Off
ServerTokens ProductOnly
FileETag None
ServerSignature Off
HostnameLookups Off
# LoadModule perl_module modules/mod_perl.so
LoadModule suphp_module modules/mod_suphp.so
#suPHP_Engine on
#AddType application/x-httpd-php .php
LoadModule rpaf_module modules/mod_rpaf-2.0.so
#Mod_rpaf settings
RPAFenable On
RPAFproxy_ips 127.0.0.1 204.74.291.132
RPAFsethostname On
RPAFheader X-Forwarded-For
DocumentRoot "/usr/local/apache/htdocs"
<Directory "/">
Options ExecCGI FollowSymLinks Includes IncludesNOEXEC -Indexes -MultiViews SymLinksIfOwnerMatch
Order allow,deny
Allow from all
AllowOverride All
</Directory>
<Directory "/usr/local/apache/htdocs">
Options Includes -Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
DefaultType text/plain
RewriteEngine on
AddType text/html .shtml
#AddHandler cgi-script .cgi .pl .plx .ppl .perl
AddHandler server-parsed .shtml
<IfModule mime_module>
TypesConfig conf/mime.types
AddType application/perl .pl .plx .ppl .perl
AddType application/x-img .img
AddType application/cgi .cgi
AddType text/x-sql .sql
AddType text/x-log .log
AddType text/x-config .cnf conf
AddType text/x-registry .reg
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType text/html .shtml
AddType application/x-tar .tgz
AddType application/rar .rar
AddType application/x-compressed .rar
AddType application/x-rar .rar
AddType application/x-rar-compressed .rar
AddType text/vnd.wap.wml .wml
AddType image/vnd.wap.wbmp .wbmp
AddType text/vnd.wap.wmlscript .wmls
AddType application/vnd.wap.wmlc .wmlc
AddType application/vnd.wap.wmlscriptc .wmlsc
</IfModule>
<IfModule dir_module>
DirectoryIndex index.html index.htm index.shtml index.php
</IfModule>
<Files ~ "^error_log$">
Order allow,deny
Deny from all
Satisfy All
</Files>
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" common
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"
</IfModule>
<Directory "/usr/local/apache/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
<IfModule mpm_prefork_module>
StartServers 3
MinSpareServers 3
MaxSpareServers 5
MaxClients 150
MaxRequestsPerChild 1024
</IfModule>
<IfModule mod_headers.c>
<FilesMatch "\.(html|htm|shtml)$">
Header set Cache-Control "max-age=3600, must-revalidate"
</FilesMatch>
</IfModule>
ReadmeName README.html
HeaderName HEADER.html
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
Include conf/extra/httpd-languages.conf
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Location>
ExtendedStatus On
<Location /server-info>
SetHandler server-info
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Location>
<IfModule ssl_module>
Listen 0.0.0.0:443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLCipherSuite ALL:!ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/usr/local/apache/logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
#Vhosts
NameVirtualHost 204.74.291.132:81
NameVirtualHost *
<VirtualHost 204.74.291.132:81 *>
ServerName hosts.whypc.info
DocumentRoot /var/www/html
ServerAdmin aaa@gmail.com
</VirtualHost>
Include conf/vhosts/*
编辑PHP配置文件
vim /etc/php.ini #查找/etc/php.ini中的extension_dir = "./".将其修改为extension_dir = "/usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/" #查找;include_path = ".:/php/includes",删除前面的分号,并修改为include_path = ".:/usr/lib/php:/usr/local/php/lib/php" #跳到最后一行,然后添加以下内容: extension = "memcache.so" ;extension = "pdo.so" ;extension = "pdo_mysql.so" extension = "pdo_sqlite.so" extension = "sqlite.so" extension = "eaccelerator.so" extension = "suhosin.so" eaccelerator.shm_size = 32 eaccelerator.cache_dir = "/tmp/eaccelerator" eaccelerator.enable = 1 eaccelerator.optimizer = 0 eaccelerator.debug = 0 eaccelerator.name_space = "" eaccelerator.check_mtime = 1 eaccelerator.filter = "" eaccelerator.shm_max = 0 eaccelerator.shm_ttl = 7200 eaccelerator.shm_prune_period = 7200 eaccelerator.shm_only = 1 eaccelerator.compress = 0 eaccelerator.compress_level = 9 eaccelerator.keys = shm eaccelerator.sessions = shm eaccelerator.content = shm zend_extension = "/usr/local/ioncube/ioncube_loader_lin_5.2.so" zend_extension = "/usr/local/Zend/data/5_2_x_comp/ZendOptimizer.so"
编辑suPHP配置文件
vim suphp.conf #写入如下内容 [global] ;Path to logfile logfile=/usr/local/apache/logs/suphp.log ;Loglevel loglevel=info ;User Apache is running as webserver_user=nobody ;Path all scripts have to be in docroot=/ ;Path to chroot() to before executing script ;chroot=/mychroot ; Security options ;allow_file_group_writeable=false allow_file_group_writeable=true allow_file_others_writeable=false ;allow_directory_group_writeable=false allow_directory_group_writeable=true allow_directory_others_writeable=false ;Check wheter script is within DOCUMENT_ROOT check_vhost_docroot=true ;Send minor error messages to browser errors_to_browser=false ;PATH environment variable env_path="/bin:/usr/bin" ;Umask to set, specify in octal notation umask=0022 ; Minimum UID min_uid=100 ; Minimum GID min_gid=100 [handlers] ;Handler for php-scripts x-httpd-php="php:/usr/local/php/bin/php-cgi" ;Handler for CGI-scripts x-suphp-cgi="execute:!self"
编辑Nginx主配置文件
mv nginx.conf nginx.conf.bak
vim nginx.conf
#写入如下内容根据实际IP地址进行修改即可。
worker_processes 1;
worker_rlimit_nofile 65535;
events {
worker_connections 65535;
use epoll;
}
error_log /usr/local/nginx/logs/error.log info;
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 10;
gzip on;
gzip_http_version 1.0;
gzip_min_length 1100;
gzip_comp_level 3;
gzip_buffers 4 32k;
gzip_types text/plain text/xml text/css application/x-javascript application/xml application/xml+rss text/javascript application/atom+xml;
ignore_invalid_headers on;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
server_names_hash_max_size 2048;
server_names_hash_bucket_size 256;
client_header_buffer_size 256k;
large_client_header_buffers 4 256k;
request_pool_size 32k;
output_buffers 4 64k;
postpone_output 1460;
open_file_cache max=1000 inactive=300s;
open_file_cache_valid 600s;
open_file_cache_min_uses 2;
open_file_cache_errors off;
include "/usr/local/nginx/conf/vhosts/*.conf";
server {
listen 80;
server_name _;
access_log off;
location ~* \.(ftpquota|htaccess|asp|aspx|jsp|asa|mdb)$ {
deny all;
}
location / {
client_max_body_size 100m;
client_body_buffer_size 128k;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_buffer_size 4k;
proxy_buffers 16 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_connect_timeout 30s;
proxy_pass http://204.74.291.132:81/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
编辑Pure-FTP配置文件
#配置pure-ftpd,这里采用PureDB的验证方式. vim /usr/local/pureftpd/etc/pure-ftpd.conf #查找 PureDB /etc/pureftpd.pdb 取消前面的#号并设置成 PureDB /usr/local/pureftpd/etc/pureftpd.pdb #查找 PassivePortRange 取消前面的#号 # PS:如果想用系统用户验证 设置成以下值。 UnixAuthentication yes #MinUID 100 UnixAuthentication yes表示系统用户可以登录FTP。 MinUID 100表示用户的ID大于100才能登录,我们注释掉它,任何的用户ID都能登录了。
三、设置各服务开机自运行并启动服务
chkconfig --level 35 mysql on chkconfig --level 35 httpd on chkconfig --level 35 nginx on 启动和停止PureFTPd service pure-ftpd stop service pure-ftpd start service pure-ftpd status #以下内容为一行,请注意 echo '/usr/local/bin/memcached -d -m 64 -p 11211 -u nobody -l localhost' >>/etc/rc.d/rc.local service mysql start service httpd start service nginx start /usr/local/bin/memcached -d -m 64 -p 11211 -u nobody -l localhost
四、如何使用和创建虚拟主机 更改用户模板文件
mkdir /etc/skel/public_html
添加FTP帐户用于维护Web服务器
useradd -s /sbin/nologin whypc_info chmod a+x ~whypc_info pure-pw useradd whypc_info -u whypc_info -g \ whypc_info -d /home/whypc_info/ #该命令之后会提示你设置FTP用户密码 pure-pw mkdb #该命令每次添加用户之后都需要执行,不需要重启服务。 #启动Pure-FTP因为刚才还没有产生用户数据库,所以在这里启动。 /usr/local/pureftpd/sbin/pure-config.pl\ /usr/local/pureftpd/etc/pure-ftpd.conf --daemonize
更改Apache配置文件增加虚拟主机
cd /usr/local/apache/conf/vhosts
vim whypc.info.conf
#添加如下内容,IP地址和域名根据实际情况。
<VirtualHost 204.74.291.132:81>
ServerName whypc.info
ServerAlias www.whypc.info
DocumentRoot /home/whypc_info/public_html
UseCanonicalName Off
CustomLog /usr/local/apache/domlogs/whypc.info combined
Options -ExecCGI -Includes
RemoveHandler cgi-script .cgi .pl .plx .ppl .perl
suPHP_Engine on
suPHP_UserGroup whypc_info whypc_info
AddHandler x-httpd-php .php .php3 .php4 .php5
suPHP_AddHandler x-httpd-php
<IfModule !mod_disable_suexec.c>
SuexecUserGroup whypc_info whypc_info
</IfModule>
ScriptAlias /cgi-bin/ /home/whypc_info/public_html/cgi-bin/
</VirtualHost>
更改Nginx配置文件增加虚拟主机
cd /usr/local/nginx/conf/vhosts/
vim whypc.info.conf
#添加如下内容,IP地址和域名根据实际情况。
server {
access_log off;
error_log /usr/local/nginx/logs/whypc.info-error_log warn;
listen 80;
server_name whypc.info www.whypc.info;
access_log off;
location ~* ^.+.(gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg\
|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|rar\
|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso)$ {
access_log /usr/local/apache/domlogs/whypc.info combined;
root /home/whypc_info/public_html/;
expires 24h;
try_files $uri @backend;
}
error_page 400 401 402 403 404 405 406 407 408 409 500 501 502 503 504 @backend;
location @backend {
internal;
client_max_body_size 100m;
client_body_buffer_size 128k;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_buffer_size 4k;
proxy_buffers 16 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_connect_timeout 30s;
proxy_redirect http://whypc.info:81 http://whypc.info;
proxy_redirect http://www.whypc.info:81 http://www.whypc.info;
proxy_pass http://204.74.291.132:81;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~* \.(ftpquota|htaccess|asp|aspx|jsp|asa|mdb)$ {
deny all;
}
location / {
client_max_body_size 100m;
client_body_buffer_size 128k;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_buffer_size 4k;
proxy_buffers 16 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_connect_timeout 30s;
proxy_redirect http://whypc.info:81 http://whypc.info;
proxy_redirect http://www.whypc.info:81 http://www.whypc.info;
proxy_pass http://204.74.291.132:81;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
五、创建测试文件
vim ~whypc_info/public_html/test.php
#写入如下内容
<?php
system("id");
?>
chown whypc_info:whypc_info ~whypc_info/public_html/test.php
通过浏览器查看是否为目录所有者权限(非nobody)。
http://www.tset.com/test.php
本文转载于:http://www.whypc.info/2010/11/lnamp/ 非常感谢水的窝总结与分享!
另:
文章评论
新版PHP,已经不会出现502错误了,建议用新版PHP-FPM
@InBi 是的,已经在使用单Nginx配合PHP-FPM。^_^