nginx下运行php

上次说到apache下的php应用被攻击,就想着用ngix服务器试试,因为安装了waf,可能会好一些,按照网上配置如下:

user apache;
worker_processes  auto;


load_module modules/ngx_http_modsecurity_module.so;
load_module modules/ngx_http_geoip2_module.so;

error_log   ./logs/error.log;
pid   /run/nginx.pid;

events {
    worker_connections  1024;
}

http {
        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

        access_log  ./logs/access.log  main buffer=32k;
        include     /usr/local/nginx/conf/mime.types;

        default_type  application/octet-stream;

        server_names_hash_bucket_size 512;
        client_header_buffer_size 32k;
        large_client_header_buffers 4 32k;
        client_max_body_size 50m;

        sendfile   on;
        tcp_nopush on;

        keepalive_timeout 60;
        tcp_nodelay on;

        fastcgi_connect_timeout 300;
        fastcgi_send_timeout 300;
        fastcgi_read_timeout 300;
        fastcgi_buffer_size 64k;
        fastcgi_buffers 4 64k;
        fastcgi_busy_buffers_size 128k;
        fastcgi_temp_file_write_size 256k;
        fastcgi_intercept_errors on;

        gzip on;
        gzip_min_length  1k;
        gzip_buffers     16 8k;
        gzip_http_version 1.1;
        gzip_comp_level 6;
        gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
        gzip_vary on;
        gzip_proxied   expired no-cache no-store private auth;
        gzip_disable   "MSIE [1-6]\.";

        limit_conn_zone $binary_remote_addr zone=perip:10m;
        limit_conn_zone $server_name zone=perserver:10m;

        server_tokens off;
        autoindex off;

   geoip2 /usr/local/nginx/geoip/maxmind-city.mmdb {
    $geoip2_data_country_code default=US source=$remote_addr country iso_code;
    $geoip2_data_country_name country names en;
    $geoip2_data_city_name default=London city names en;
    $geoip2_data_province_name subdivisions 0 names en;
    $geoip2_data_province_isocode subdivisions 0 iso_code;
   }

    server {
        listen       80;
        server_name  localhost;
        modsecurity on;
        modsecurity_rules_file /usr/local/nginx/conf/modsec/main.conf;
        charset utf-8;
        location /myip {
              default_type text/plain;
              return 200 "$remote_addr $geoip2_data_country_name $geoip2_data_country_code  $geoip2_data_city_name";
       }
        location / {
            root   /xxxxxx/nginx-web;
            index  index.php index.html index.htm;
        }

        location = /50x.html {
            root   html;
        }

         # 这里新加的
        # PHP 脚本请求全部转发到 FastCGI处理. 使用FastCGI协议默认配置.
        # Fastcgi服务器和程序(PHP,Python)沟通的协议.
        location ~ \.php$ {
            # 设置监听端口
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            # 设置脚本文件请求的路径
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            # 引入fastcgi的配置文件
            include        fastcgi_params;
            #include fastcgi.conf;

        }
    }
}

nginx 是通过将php转发到:php-fpm实现解析功能,所以也启动了php-fpm,需要提前配置下,但是报错:

  1. nginx的日志报错:
*38 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream,

找了半天也没找到原因,什么权限问题都试了,想看下php-fpm日志,才发现看不了什么有用信息。
参考网上文章设置日志:

  1. 修改/etc/php-fpm.conf配置,增加:
; Note: the default prefix is /usr/local/php/var
error_log = log/php_error_log
[www]
catch_workers_output = yes
  1. 修改php.ini配置:
log_errors = On
error_log = "/usr/local/php/var/log/error_log"
error_reporting=E_ALL&~E_NOTICE

重启:

killall php-fpm
php-fpm

发现报错信息:

said into stderr: “ERROR: Unable to set php_value ‘soap.wsdl_cache_dir'”

安装:

yum install -y php-soap

最终发现还是权限问题:
按照这个思路来解决就ok了,感谢!
http://www.mamicode.com/info-detail-2573842.html

https://www.mjix.com/archives/1733.html

你可能感兴趣的:(nginx下运行php)