@[TOC](Nginx 反向代理缓存 IP透传 小节11)
ngx_http_fastcgi_module(一)
- ngx_http_fastcgi_module模块
- 转发请求到FastCGI服务器,不支持php模块方式
- fastcgi_pass address;
- address为后端的fastcgi server的地址
- 可用位置:location, if in location
- fastcgi_index name;
- fastcgi默认的主页资源
- 示例:fastcgi_index index.php;
- fastcgi_param parameter value [if_not_empty];
- 设置传递给 FastCGI 服务器的参数值,可以是文本,变量或组合
nginx
[root@nginx ~]# yum install php-fpm php-mysql -y
[root@nginx ~]# vim /etc/php-fpm.d/www.conf
...
user = nginx <--用户名改为'nginx'
; RPM: Keep a group allowed to write in log dir.
group = nginx <--组名改为'nginx'
...
#启动php-fpm服务
[root@nginx ~]# systemctl start php-fpm
#查看端口情况
[root@nginx ~]# ss -ntlp|grep 9000
LISTEN 0 128 127.0.0.1:9000 *:* users:(("php-fpm",pid=10600,fd=0),("php-fpm",pid=10599,fd=0),("php-fpm",pid=10598,fd=0),("php-fpm",pid=10597,fd=0),("php-fpm",pid=10596,fd=0),("php-fpm",pid=10592,fd=6))
#创建php页面存放目录
[root@nginx ~]# mkdir /data/php
#创建php测试页面
[root@nginx ~]# vim /data/php/index.php
<?php
phpinfo();
?>
实现fastcgi
nginx
语法一:
#自定义内容
[root@nginx ~]# vim /etc/nginx/conf.d/test.conf
charset utf-8;
server_tokens off;
server {
listen 80;
server_name www.a.net;
root /data/site1/;
index index.php index.html; <--
location ~* \.php$ { <--正则表达式匹配php后缀文件
root /data/php/; <--
fastcgi_pass 127.0.0.1:9000; <--
fastcgi_index index.php; <--
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; <--
#fastcgi_param SCRIPT_FILENAME /data/php$fastcgi_script_name; <--
include fastcgi_params; <--
} <--
# ssl_certificate /etc/nginx/ssl/a.net.crt;
# ssl_certificate_key /etc/nginx/ssl/a.net.key;
# ssl_session_cache shared:sslcache:20m;
# ssl_session_timeout 10m;
access_log /var/log/nginx/a_net.access.log access_json;
}
server {
listen 80;
server_name www.a.org;
root /data/site2/;
ssl_certificate /etc/nginx/ssl/a.org.crt;
ssl_certificate_key /etc/nginx/ssl/a.org.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
access_log /var/log/nginx/a_org.access.log main;
valid_referers none block server_names *.a.org ~\.google\. ~\.baidu\.;
if ($invalid_referer) {
return 403 "Forbidden Access";
}
}
[root@nginx ~]# nginx
mysqld
192.168.37.40\GW192.168.37.2
[root@mysqld ~]# yum install -y mariadb-server
[root@mysqld ~]# systemctl start mariadb
#创建数据账户
[root@mysqld ~]# mysql -e 'create database wordpress;grant all on wordpress.* to wordpress@"192.168.37.%" identified by "centos"'
nginx
点击下载wordpress-5.0.4-zh_CN.tar.gz
#安装mariadb客户端
[root@nginx php]# yum install mariadb -y
#测试能否链接
[root@nginx php]# mysql -uwordpress -pcentos -h192.168.37.40
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| test |
| wordpress |
+--------------------+
3 rows in set (0.00 sec)
MariaDB [(none)]> quit
Bye
[root@nginx ~]# cd /data
[root@nginx data]# mv wordpress/* php/
cp: overwrite ‘/data/php/index.php’? y
[root@nginx data]# cd /php/
[root@nginx php]# mv wp-config-sample.php wp-config.php
[root@nginx php]# vim wp-config.php
...
// ** MySQL 设置 - 具体信息来自您正在使用的主机 ** //
/** WordPress数据库的名称 */
define('DB_NAME', 'wordpress'); <--
/** MySQL数据库用户名 */
define('DB_USER', 'wordpress'); <--
/** MySQL数据库密码 */
define('DB_PASSWORD', 'centos'); <--
/** MySQL主机 */
define('DB_HOST', '192.168.37.40'); <--
...
#更改权限
[root@nginx php]# chown -R root.root .
#重新加载nginx服务
[root@nginx php]# nginx -s reload
[root@nginx ~]# cd /data/site1/
[root@nginx site1]# cp -r /data/php/* .
#给两个目录权限
[root@nginx site1]# setfacl -R -m u:nginx:rwx /data/site1
[root@nginx site1]# setfacl -R -m u:nginx:rwx /data/php
[root@nginx site1]# nginx -s reload
语法二: nginx
[root@nginx ~]# cat /etc/nginx/conf.d/test.conf
charset utf-8;
server_tokens off;
server {
listen 80;
server_name www.a.net;
root /data/site1/;
index index.php index.html;
location ~* \.php$ {
# root /data/php/; <--
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; <--
fastcgi_param SCRIPT_FILENAME /data/php$fastcgi_script_name;
include fastcgi_params;
}
# ssl_certificate /etc/nginx/ssl/a.net.crt;
# ssl_certificate_key /etc/nginx/ssl/a.net.key;
# ssl_session_cache shared:sslcache:20m;
# ssl_session_timeout 10m;
access_log /var/log/nginx/a_net.access.log access_json;
}
server {
listen 80;
server_name www.a.org;
root /data/site2/;
ssl_certificate /etc/nginx/ssl/a.org.crt;
ssl_certificate_key /etc/nginx/ssl/a.org.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
access_log /var/log/nginx/a_org.access.log main;
valid_referers none block server_names *.a.org ~\.google\. ~\.baidu\.;
if ($invalid_referer) {
return 403 "Forbidden Access";
}
}
[root@nginx ~]# nginx -s reload
ngx_http_fastcgi_module
示例:通过/pm_status和/ping来获取fpm server状态信息
location ~* ^/(fpm_status|ping)$ { fastcgi_pass 后端fpm服务器IP:9000; fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; include fastcgi_params; }
#php优化
[root@nginx ~]# vim /etc/php-fpm.d/www.conf
...
pm.status_path = /fpm_status <--
ping.path = /ping <--
...
[root@nginx ~]# systemctl restart php-fpm
[root@nginx ~]# cat /etc/nginx/conf.d/test.conf
charset utf-8;
server_tokens off;
server {
listen 80;
server_name www.a.net;
root /data/site1/;
index index.php index.html;
location ~* \.php$ {
# root /data/php/;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_FILENAME /data/php$fastcgi_script_name;
include fastcgi_params;
}
location ~* ^/(fpm_status|ping)$ { <--名字要和刚刚更改的相同
fastcgi_pass 127.0.0.1:9000; <--
fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; <--
include fastcgi_params; <--
} <--
# ssl_certificate /etc/nginx/ssl/a.net.crt;
# ssl_certificate_key /etc/nginx/ssl/a.net.key;
# ssl_session_cache shared:sslcache:20m;
# ssl_session_timeout 10m;
access_log /var/log/nginx/a_net.access.log access_json;
}
server {
listen 80;
server_name www.a.org;
root /data/site2/;
ssl_certificate /etc/nginx/ssl/a.org.crt;
ssl_certificate_key /etc/nginx/ssl/a.org.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
access_log /var/log/nginx/a_org.access.log main;
valid_referers none block server_names *.a.org ~\.google\. ~\.baidu\.;
if ($invalid_referer) {
return 403 "Forbidden Access";
}
}
[root@nginx ~]# nginx -s reload
丰富的显示说明(?{html|json|xml})或/ping
php 192.168.37.20
[root@php ~]# yum install https://mirror.tuna.tsinghua.edu.cn/remi/enterprise/remi-release-7.rpm -y
[root@php ~]# vim /etc/yum.repos.d/remi-php81.repo
...
name=Remi's PHP 8.1 RPM repository for Enterprise Linux 7 - $basearch
#baseurl=http://rpms.remirepo.net/enterprise/7/php81/$basearch/
#mirrorlist=https://rpms.remirepo.net/enterprise/7/php81/httpsmirror
mirrorlist=http://cdn.remirepo.net/enterprise/7/php81/mirror
enabled=1 <--
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi
...
#安装次新版
[root@php ~]# yum install php81-php-fpm php81-php-mysql -y
#创建组
[root@php ~]# groupadd -g 981 nginx
#创建用户
[root@php ~]# useradd -r -u 987 -g nginx -s /sbin/nologin nginx
#查看一下
[root@php ~]# getent passwd nginx
nginx:x:987:981::/home/nginx:/sbin/nologin
[root@php ~]# vim /etc/opt/remi/php81/php-fpm.d/www.conf
...
user = nginx
group = nginx
;listen = 127.0.0.1:9000 <--注释掉
listen = 9000
;listen.allowed_clients = 127.0.0.1 <--注释掉后、会允许所有
...
[root@php ~]# systemctl restart php81-php-fpm.service
[root@php ~]# ss -ntl|grep 9000
LISTEN 0 128 :::9000 :::*
#创建php程序目录
[root@php ~]# mkdir /data/php
[root@php ~]# tar xvf wordpress-5.2.2.tar.gz -C /data/php
[root@php ~]# cd /data/php/wordpress/
[root@php wordpress]# cp wp-config-sample.php wp-config.php
[root@php wordpress]# vim wp-config.php
···
define( 'DB_NAME', 'wordpress' );
/** MySQL database username */
define( 'DB_USER', 'wordpress' );
/** MySQL database password */
define( 'DB_PASSWORD', 'centos' );
/** MySQL hostname */
define( 'DB_HOST', '192.168.37.40' );
···
nginx
[root@nginx ~]# tar xvf wordpress-5.2.2.tar.gz -C /data/site1
[root@nginx ~]# vim /etc/nginx/conf.d/test.conf
charset utf-8;
server_tokens off;
server {
listen 80;
server_name www.a.net;
root /data/site1/;
index index.php index.html;
location ~* \.php$ {
# root /data/php/;
fastcgi_pass 192.168.37.20:9000; <--
fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_FILENAME /data/php$fastcgi_script_name;
include fastcgi_params;
}
# ssl_certificate /etc/nginx/ssl/a.net.crt;
# ssl_certificate_key /etc/nginx/ssl/a.net.key;
# ssl_session_cache shared:sslcache:20m;
# ssl_session_timeout 10m;
access_log /var/log/nginx/a_net.access.log access_json;
}
server {
listen 80;
server_name www.a.org;
root /data/site2/;
ssl_certificate /etc/nginx/ssl/a.org.crt;
ssl_certificate_key /etc/nginx/ssl/a.org.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
access_log /var/log/nginx/a_org.access.log main;
valid_referers none block server_names *.a.org ~\.google\. ~\.baidu\.;
if ($invalid_referer) {
return 403 "Forbidden Access";
}
}
[root@nginx ~]# nginx -s reload
