Docker 安装Nginx及PHP环境


环境 : CentOS 7.7Docker 19.03.4Nginx 1.17.5PHP 7.3.11

  • 安装php

    • 创建挂载目录
      # 创建php配置目录
      # 生成配置文件并修改
      mkdir -p /home/php
      touch /home/php/php.ini
      vim /home/php/php.ini
      

      修改内容如下:

      [PHP]
      
      ;;;;;;;;;;;;;;;;;;;
      ; About php.ini   ;
      ;;;;;;;;;;;;;;;;;;;
      ; PHP's initialization file, generally called php.ini, is responsible for
      ; configuring many of the aspects of PHP's behavior.
      
      ; PHP attempts to find and load this configuration from a number of locations.
      ; The following is a summary of its search order:
      ; 1. SAPI module specific location.
      ; 2. The PHPRC environment variable. (As of PHP 5.2.0)
      ; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0)
      ; 4. Current working directory (except CLI)
      ; 5. The web server's directory (for SAPI modules), or directory of PHP
      ; (otherwise in Windows)
      ; 6. The directory from the --with-config-file-path compile time option, or the
      ; Windows directory (usually C:\windows)
      ; See the PHP docs for more specific information.
      ; http://php.net/configuration.file
      
      ; The syntax of the file is extremely simple.  Whitespace and lines
      ; beginning with a semicolon are silently ignored (as you probably guessed).
      ; Section headers (e.g. [Foo]) are also silently ignored, even though
      ; they might mean something in the future.
      
      ; Directives following the section heading [PATH=/www/mysite] only
      ; apply to PHP files in the /www/mysite directory.  Directives
      ; following the section heading [HOST=www.example.com] only apply to
      ; PHP files served from www.example.com.  Directives set in these
      ; special sections cannot be overridden by user-defined INI files or
      ; at runtime. Currently, [PATH=] and [HOST=] sections only work under
      ; CGI/FastCGI.
      ; http://php.net/ini.sections
      
      ; Directives are specified using the following syntax:
      ; directive = value
      ; Directive names are *case sensitive* - foo=bar is different from FOO=bar.
      ; Directives are variables used to configure PHP or PHP extensions.
      ; There is no name validation.  If PHP can't find an expected
      ; directive because it is not set or is mistyped, a default value will be used.
      
      ; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one
      ; of the INI constants (On, Off, True, False, Yes, No and None) or an expression
      ; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a
      ; previously set variable or directive (e.g. ${foo})
      
      ; Expressions in the INI file are limited to bitwise operators and parentheses:
      ; |  bitwise OR
      ; ^  bitwise XOR
      ; &  bitwise AND
      ; ~  bitwise NOT
      ; !  boolean NOT
      
      ; Boolean flags can be turned on using the values 1, On, True or Yes.
      ; They can be turned off using the values 0, Off, False or No.
      
      ; An empty string can be denoted by simply not writing anything after the equal
      ; sign, or by using the None keyword:
      
      ; foo =         ; sets foo to an empty string
      ; foo = None    ; sets foo to an empty string
      ; foo = "None"  ; sets foo to the string 'None'
      
      ; If you use constants in your value, and these constants belong to a
      ; dynamically loaded extension (either a PHP extension or a Zend extension),
      ; you may only use these constants *after* the line that loads the extension.
      
      ;;;;;;;;;;;;;;;;;;;
      ; About this file ;
      ;;;;;;;;;;;;;;;;;;;
      ; PHP comes packaged with two INI files. One that is recommended to be used
      ; in production environments and one that is recommended to be used in
      ; development environments.
      
      ; php.ini-production contains settings which hold security, performance and
      ; best practices at its core. But please be aware, these settings may break
      ; compatibility with older or less security conscience applications. We
      ; recommending using the production ini in production and testing environments.
      
      ; php.ini-development is very similar to its production variant, except it is
      ; much more verbose when it comes to errors. We recommend using the
      ; development version only in development environments, as errors shown to
      ; application users can inadvertently leak otherwise secure information.
      
      ; This is the php.ini-production INI file.
      
      ;;;;;;;;;;;;;;;;;;;
      ; Quick Reference ;
      ;;;;;;;;;;;;;;;;;;;
      ; The following are all the settings which are different in either the production
      ; or development versions of the INIs with respect to PHP's default behavior.
      ; Please see the actual settings later in the document for more details as to why
      ; we recommend these changes in PHP's behavior.
      
      ; display_errors
      ;   Default Value: On
      ;   Development Value: On
      ;   Production Value: Off
      
      ; display_startup_errors
      ;   Default Value: Off
      ;   Development Value: On
      ;   Production Value: Off
      
      ; error_reporting
      ;   Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
      ;   Development Value: E_ALL
      ;   Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
      
      ; html_errors
      ;   Default Value: On
      ;   Development Value: On
      ;   Production value: On
      
      ; log_errors
      ;   Default Value: Off
      ;   Development Value: On
      ;   Production Value: On
      
      ; max_input_time
      ;   Default Value: -1 (Unlimited)
      ;   Development Value: 60 (60 seconds)
      ;   Production Value: 60 (60 seconds)
      
      ; output_buffering
      ;   Default Value: Off
      ;   Development Value: 4096
      ;   Production Value: 4096
      
      ; register_argc_argv
      ;   Default Value: On
      ;   Development Value: Off
      ;   Production Value: Off
      
      ; request_order
      ;   Default Value: None
      ;   Development Value: "GP"
      ;   Production Value: "GP"
      
      ; session.gc_divisor
      ;   Default Value: 100
      ;   Development Value: 1000
      ;   Production Value: 1000
      
      ; session.sid_bits_per_character
      ;   Default Value: 4
      ;   Development Value: 5
      ;   Production Value: 5
      
      ; short_open_tag
      ;   Default Value: On
      ;   Development Value: Off
      ;   Production Value: Off
      
      ; variables_order
      ;   Default Value: "EGPCS"
      ;   Development Value: "GPCS"
      ;   Production Value: "GPCS"
      
      ;;;;;;;;;;;;;;;;;;;;
      ; php.ini Options  ;
      ;;;;;;;;;;;;;;;;;;;;
      ; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini"
      ;user_ini.filename = ".user.ini"
      
      ; To disable this feature set this option to an empty value
      ;user_ini.filename =
      
      ; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes)
      ;user_ini.cache_ttl = 300
      
      ;;;;;;;;;;;;;;;;;;;;
      ; Language Options ;
      ;;;;;;;;;;;;;;;;;;;;
      
      ; Enable the PHP scripting language engine under Apache.
      ; http://php.net/engine
      engine = On
      
      ; This directive determines whether or not PHP will recognize code between
      ;  tags as PHP source which should be processed as such. It is
      ; generally recommended that  should be used and that this feature
      ; should be disabled, as enabling it may result in issues when generating XML
      ; documents, however this remains supported for backward compatibility reasons.
      ; Note that this directive does not control the  would work.
      ; http://php.net/syntax-highlighting
      ;highlight.string  = #DD0000
      ;highlight.comment = #FF9900
      ;highlight.keyword = #007700
      ;highlight.default = #0000BB
      ;highlight.html    = #000000
      
      ; If enabled, the request will be allowed to complete even if the user aborts
      ; the request. Consider enabling it if executing long requests, which may end up
      ; being interrupted by the user or a browser timing out. PHP's default behavior
      ; is to disable this feature.
      ; http://php.net/ignore-user-abort
      ;ignore_user_abort = On
      
      ; Determines the size of the realpath cache to be used by PHP. This value should
      ; be increased on systems where PHP opens many files to reflect the quantity of
      ; the file operations performed.
      ; Note: if open_basedir is set, the cache is disabled
      ; http://php.net/realpath-cache-size
      ;realpath_cache_size = 4096k
      
      ; Duration of time, in seconds for which to cache realpath information for a given
      ; file or directory. For systems with rarely changing files, consider increasing this
      ; value.
      ; http://php.net/realpath-cache-ttl
      ;realpath_cache_ttl = 120
      
      ; Enables or disables the circular reference collector.
      ; http://php.net/zend.enable-gc
      zend.enable_gc = On
      
      ; If enabled, scripts may be written in encodings that are incompatible with
      ; the scanner.  CP936, Big5, CP949 and Shift_JIS are the examples of such
      ; encodings.  To use this feature, mbstring extension must be enabled.
      ; Default: Off
      ;zend.multibyte = Off
      
      ; Allows to set the default encoding for the scripts.  This value will be used
      ; unless "declare(encoding=...)" directive appears at the top of the script.
      ; Only affects if zend.multibyte is set.
      ; Default: ""
      ;zend.script_encoding =
      
      ;;;;;;;;;;;;;;;;;
      ; Miscellaneous ;
      ;;;;;;;;;;;;;;;;;
      
      ; Decides whether PHP may expose the fact that it is installed on the server
      ; (e.g. by adding its signature to the Web server header).  It is no security
      ; threat in any way, but it makes it possible to determine whether you use PHP
      ; on your server or not.
      ; http://php.net/expose-php
      expose_php = On
      
      ;;;;;;;;;;;;;;;;;;;
      ; Resource Limits ;
      ;;;;;;;;;;;;;;;;;;;
      
      ; Maximum execution time of each script, in seconds
      ; http://php.net/max-execution-time
      ; Note: This directive is hardcoded to 0 for the CLI SAPI
      max_execution_time = 30
      
      ; Maximum amount of time each script may spend parsing request data. It's a good
      ; idea to limit this time on productions servers in order to eliminate unexpectedly
      ; long running scripts.
      ; Note: This directive is hardcoded to -1 for the CLI SAPI
      ; Default Value: -1 (Unlimited)
      ; Development Value: 60 (60 seconds)
      ; Production Value: 60 (60 seconds)
      ; http://php.net/max-input-time
      max_input_time = 60
      
      ; Maximum input variable nesting level
      ; http://php.net/max-input-nesting-level
      ;max_input_nesting_level = 64
      
      ; How many GET/POST/COOKIE input variables may be accepted
      ;max_input_vars = 1000
      
      ; Maximum amount of memory a script may consume (128MB)
      ; http://php.net/memory-limit
      memory_limit = 128M
      
      ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
      ; Error handling and logging ;
      ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
      
      ; This directive informs PHP of which errors, warnings and notices you would like
      ; it to take action for. The recommended way of setting values for this
      ; directive is through the use of the error level constants and bitwise
      ; operators. The error level constants are below here for convenience as well as
      ; some common settings and their meanings.
      ; By default, PHP is set to take action on all errors, notices and warnings EXCEPT
      ; those related to E_NOTICE and E_STRICT, which together cover best practices and
      ; recommended coding standards in PHP. For performance reasons, this is the
      ; recommend error reporting setting. Your production server shouldn't be wasting
      ; resources complaining about best practices and coding standards. That's what
      ; development servers and development settings are for.
      ; Note: The php.ini-development file has this setting as E_ALL. This
      ; means it pretty much reports everything which is exactly what you want during
      ; development and early testing.
      ;
      ; Error Level Constants:
      ; E_ALL             - All errors and warnings (includes E_STRICT as of PHP 5.4.0)
      ; E_ERROR           - fatal run-time errors
      ; E_RECOVERABLE_ERROR  - almost fatal run-time errors
      ; E_WARNING         - run-time warnings (non-fatal errors)
      ; E_PARSE           - compile-time parse errors
      ; E_NOTICE          - run-time notices (these are warnings which often result
      ;                     from a bug in your code, but it's possible that it was
      ;                     intentional (e.g., using an uninitialized variable and
      ;                     relying on the fact it is automatically initialized to an
      ;                     empty string)
      ; E_STRICT          - run-time notices, enable to have PHP suggest changes
      ;                     to your code which will ensure the best interoperability
      ;                     and forward compatibility of your code
      ; E_CORE_ERROR      - fatal errors that occur during PHP's initial startup
      ; E_CORE_WARNING    - warnings (non-fatal errors) that occur during PHP's
      ;                     initial startup
      ; E_COMPILE_ERROR   - fatal compile-time errors
      ; E_COMPILE_WARNING - compile-time warnings (non-fatal errors)
      ; E_USER_ERROR      - user-generated error message
      ; E_USER_WARNING    - user-generated warning message
      ; E_USER_NOTICE     - user-generated notice message
      ; E_DEPRECATED      - warn about code that will not work in future versions
      ;                     of PHP
      ; E_USER_DEPRECATED - user-generated deprecation warnings
      ;
      ; Common Values:
      ;   E_ALL (Show all errors, warnings and notices including coding standards.)
      ;   E_ALL & ~E_NOTICE  (Show all errors, except for notices)
      ;   E_ALL & ~E_NOTICE & ~E_STRICT  (Show all errors, except for notices and coding standards warnings.)
      ;   E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR  (Show only errors)
      ; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
      ; Development Value: E_ALL
      ; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
      ; http://php.net/error-reporting
      error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
      
      ; This directive controls whether or not and where PHP will output errors,
      ; notices and warnings too. Error output is very useful during development, but
      ; it could be very dangerous in production environments. Depending on the code
      ; which is triggering the error, sensitive information could potentially leak
      ; out of your application such as database usernames and passwords or worse.
      ; For production environments, we recommend logging errors rather than
      ; sending them to STDOUT.
      ; Possible Values:
      ;   Off = Do not display any errors
      ;   stderr = Display errors to STDERR (affects only CGI/CLI binaries!)
      ;   On or stdout = Display errors to STDOUT
      ; Default Value: On
      ; Development Value: On
      ; Production Value: Off
      ; http://php.net/display-errors
      display_errors = Off
      
      ; The display of errors which occur during PHP's startup sequence are handled
      ; separately from display_errors. PHP's default behavior is to suppress those
      ; errors from clients. Turning the display of startup errors on can be useful in
      ; debugging configuration problems. We strongly recommend you
      ; set this to 'off' for production servers.
      ; Default Value: Off
      ; Development Value: On
      ; Production Value: Off
      ; http://php.net/display-startup-errors
      display_startup_errors = Off
      
      ; Besides displaying errors, PHP can also log errors to locations such as a
      ; server-specific log, STDERR, or a location specified by the error_log
      ; directive found below. While errors should not be displayed on productions
      ; servers they should still be monitored and logging is a great way to do that.
      ; Default Value: Off
      ; Development Value: On
      ; Production Value: On
      ; http://php.net/log-errors
      log_errors = On
      
      ; Set maximum length of log_errors. In error_log information about the source is
      ; added. The default is 1024 and 0 allows to not apply any maximum length at all.
      ; http://php.net/log-errors-max-len
      log_errors_max_len = 1024
      
      ; Do not log repeated messages. Repeated errors must occur in same file on same
      ; line unless ignore_repeated_source is set true.
      ; http://php.net/ignore-repeated-errors
      ignore_repeated_errors = Off
      
      ; Ignore source of message when ignoring repeated messages. When this setting
      ; is On you will not log errors with repeated messages from different files or
      ; source lines.
      ; http://php.net/ignore-repeated-source
      ignore_repeated_source = Off
      
      ; If this parameter is set to Off, then memory leaks will not be shown (on
      ; stdout or in the log). This has only effect in a debug compile, and if
      ; error reporting includes E_WARNING in the allowed list
      ; http://php.net/report-memleaks
      report_memleaks = On
      
      ; This setting is on by default.
      ;report_zend_debug = 0
      
      ; Store the last error/warning message in $php_errormsg (boolean). Setting this value
      ; to On can assist in debugging and is appropriate for development servers. It should
      ; however be disabled on production servers.
      ; This directive is DEPRECATED.
      ; Default Value: Off
      ; Development Value: Off
      ; Production Value: Off
      ; http://php.net/track-errors
      ;track_errors = Off
      
      ; Turn off normal error reporting and emit XML-RPC error XML
      ; http://php.net/xmlrpc-errors
      ;xmlrpc_errors = 0
      
      ; An XML-RPC faultCode
      ;xmlrpc_error_number = 0
      
      ; When PHP displays or logs an error, it has the capability of formatting the
      ; error message as HTML for easier reading. This directive controls whether
      ; the error message is formatted as HTML or not.
      ; Note: This directive is hardcoded to Off for the CLI SAPI
      ; Default Value: On
      ; Development Value: On
      ; Production value: On
      ; http://php.net/html-errors
      html_errors = On
      
      ; If html_errors is set to On *and* docref_root is not empty, then PHP
      ; produces clickable error messages that direct to a page describing the error
      ; or function causing the error in detail.
      ; You can download a copy of the PHP manual from http://php.net/docs
      ; and change docref_root to the base URL of your local copy including the
      ; leading '/'. You must also specify the file extension being used including
      ; the dot. PHP's default behavior is to leave these settings empty, in which
      ; case no links to documentation are generated.
      ; Note: Never use this feature for production boxes.
      ; http://php.net/docref-root
      ; Examples
      ;docref_root = "/phpmanual/"
      
      ; http://php.net/docref-ext
      ;docref_ext = .html
      
      ; String to output before an error message. PHP's default behavior is to leave
      ; this setting blank.
      ; http://php.net/error-prepend-string
      ; Example:
      ;error_prepend_string = ""
      
      ; String to output after an error message. PHP's default behavior is to leave
      ; this setting blank.
      ; http://php.net/error-append-string
      ; Example:
      ;error_append_string = ""
      
      ; Log errors to specified file. PHP's default behavior is to leave this value
      ; empty.
      ; http://php.net/error-log
      ; Example:
      ;error_log = php_errors.log
      ; Log errors to syslog (Event Log on Windows).
      ;error_log = syslog
      
      ; The syslog ident is a string which is prepended to every message logged
      ; to syslog. Only used when error_log is set to syslog.
      ;syslog.ident = php
      
      ; The syslog facility is used to specify what type of program is logging
      ; the message. Only used when error_log is set to syslog.
      ;syslog.facility = user
      
      ; Set this to disable filtering control characters (the default).
      ; Some loggers only accept NVT-ASCII, others accept anything that's not
      ; control characters. If your logger accepts everything, then no filtering
      ; is needed at all.
      ; Allowed values are:
      ;   ascii (all printable ASCII characters and NL)
      ;   no-ctrl (all characters except control characters)
      ;   all (all characters)
      ;   raw (like "all", but messages are not split at newlines)
      ; http://php.net/syslog.filter
      ;syslog.filter = ascii
      
      ;windows.show_crt_warning
      ; Default value: 0
      ; Development value: 0
      ; Production value: 0
      
      ;;;;;;;;;;;;;;;;;
      ; Data Handling ;
      ;;;;;;;;;;;;;;;;;
      
      ; The separator used in PHP generated URLs to separate arguments.
      ; PHP's default setting is "&".
      ; http://php.net/arg-separator.output
      ; Example:
      ;arg_separator.output = "&"
      
      ; List of separator(s) used by PHP to parse input URLs into variables.
      ; PHP's default setting is "&".
      ; NOTE: Every character in this directive is considered as separator!
      ; http://php.net/arg-separator.input
      ; Example:
      ;arg_separator.input = ";&"
      
      ; This directive determines which super global arrays are registered when PHP
      ; starts up. G,P,C,E & S are abbreviations for the following respective super
      ; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty
      ; paid for the registration of these arrays and because ENV is not as commonly
      ; used as the others, ENV is not recommended on productions servers. You
      ; can still get access to the environment variables through getenv() should you
      ; need to.
      ; Default Value: "EGPCS"
      ; Development Value: "GPCS"
      ; Production Value: "GPCS";
      ; http://php.net/variables-order
      variables_order = "GPCS"
      
      ; This directive determines which super global data (G,P & C) should be
      ; registered into the super global array REQUEST. If so, it also determines
      ; the order in which that data is registered. The values for this directive
      ; are specified in the same manner as the variables_order directive,
      ; EXCEPT one. Leaving this value empty will cause PHP to use the value set
      ; in the variables_order directive. It does not mean it will leave the super
      ; globals array REQUEST empty.
      ; Default Value: None
      ; Development Value: "GP"
      ; Production Value: "GP"
      ; http://php.net/request-order
      request_order = "GP"
      
      ; This directive determines whether PHP registers $argv & $argc each time it
      ; runs. $argv contains an array of all the arguments passed to PHP when a script
      ; is invoked. $argc contains an integer representing the number of arguments
      ; that were passed when the script was invoked. These arrays are extremely
      ; useful when running scripts from the command line. When this directive is
      ; enabled, registering these variables consumes CPU cycles and memory each time
      ; a script is executed. For performance reasons, this feature should be disabled
      ; on production servers.
      ; Note: This directive is hardcoded to On for the CLI SAPI
      ; Default Value: On
      ; Development Value: Off
      ; Production Value: Off
      ; http://php.net/register-argc-argv
      register_argc_argv = Off
      
      ; When enabled, the ENV, REQUEST and SERVER variables are created when they're
      ; first used (Just In Time) instead of when the script starts. If these
      ; variables are not used within a script, having this directive on will result
      ; in a performance gain. The PHP directive register_argc_argv must be disabled
      ; for this directive to have any affect.
      ; http://php.net/auto-globals-jit
      auto_globals_jit = On
      
      ; Whether PHP will read the POST data.
      ; This option is enabled by default.
      ; Most likely, you won't want to disable this option globally. It causes $_POST
      ; and $_FILES to always be empty; the only way you will be able to read the
      ; POST data will be through the php://input stream wrapper. This can be useful
      ; to proxy requests or to process the POST data in a memory efficient fashion.
      ; http://php.net/enable-post-data-reading
      ;enable_post_data_reading = Off
      
      ; Maximum size of POST data that PHP will accept.
      ; Its value may be 0 to disable the limit. It is ignored if POST data reading
      ; is disabled through enable_post_data_reading.
      ; http://php.net/post-max-size
      post_max_size = 8M
      
      ; Automatically add files before PHP document.
      ; http://php.net/auto-prepend-file
      auto_prepend_file =
      
      ; Automatically add files after PHP document.
      ; http://php.net/auto-append-file
      auto_append_file =
      
      ; By default, PHP will output a media type using the Content-Type header. To
      ; disable this, simply set it to be empty.
      ;
      ; PHP's built-in default media type is set to text/html.
      ; http://php.net/default-mimetype
      default_mimetype = "text/html"
      
      ; PHP's default character set is set to UTF-8.
      ; http://php.net/default-charset
      default_charset = "UTF-8"
      
      ; PHP internal character encoding is set to empty.
      ; If empty, default_charset is used.
      ; http://php.net/internal-encoding
      ;internal_encoding =
      
      ; PHP input character encoding is set to empty.
      ; If empty, default_charset is used.
      ; http://php.net/input-encoding
      ;input_encoding =
      
      ; PHP output character encoding is set to empty.
      ; If empty, default_charset is used.
      ; See also output_buffer.
      ; http://php.net/output-encoding
      ;output_encoding =
      
      ;;;;;;;;;;;;;;;;;;;;;;;;;
      ; Paths and Directories ;
      ;;;;;;;;;;;;;;;;;;;;;;;;;
      
      ; UNIX: "/path1:/path2"
      ;include_path = ".:/php/includes"
      ;
      ; Windows: "\path1;\path2"
      ;include_path = ".;c:\php\includes"
      ;
      ; PHP's default setting for include_path is ".;/path/to/php/pear"
      ; http://php.net/include-path
      
      ; The root of the PHP pages, used only if nonempty.
      ; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root
      ; if you are running php as a CGI under any web server (other than IIS)
      ; see documentation for security issues.  The alternate is to use the
      ; cgi.force_redirect configuration below
      ; http://php.net/doc-root
      doc_root =
      
      ; The directory under which PHP opens the script using /~username used only
      ; if nonempty.
      ; http://php.net/user-dir
      user_dir =
      
      ; Directory in which the loadable extensions (modules) reside.
      ; http://php.net/extension-dir
      ;extension_dir = "./"
      ; On windows:
      ;extension_dir = "ext"
      
      ; Directory where the temporary files should be placed.
      ; Defaults to the system default (see sys_get_temp_dir)
      ;sys_temp_dir = "/tmp"
      
      ; Whether or not to enable the dl() function.  The dl() function does NOT work
      ; properly in multithreaded servers, such as IIS or Zeus, and is automatically
      ; disabled on them.
      ; http://php.net/enable-dl
      enable_dl = Off
      
      ; cgi.force_redirect is necessary to provide security running PHP as a CGI under
      ; most web servers.  Left undefined, PHP turns this on by default.  You can
      ; turn it off here AT YOUR OWN RISK
      ; **You CAN safely turn this off for IIS, in fact, you MUST.**
      ; http://php.net/cgi.force-redirect
      ;cgi.force_redirect = 1
      
      ; if cgi.nph is enabled it will force cgi to always sent Status: 200 with
      ; every request. PHP's default behavior is to disable this feature.
      ;cgi.nph = 1
      
      ; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape
      ; (iPlanet) web servers, you MAY need to set an environment variable name that PHP
      ; will look for to know it is OK to continue execution.  Setting this variable MAY
      ; cause security issues, KNOW WHAT YOU ARE DOING FIRST.
      ; http://php.net/cgi.redirect-status-env
      ;cgi.redirect_status_env =
      
      ; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI.  PHP's
      ; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
      ; what PATH_INFO is.  For more information on PATH_INFO, see the cgi specs.  Setting
      ; this to 1 will cause PHP CGI to fix its paths to conform to the spec.  A setting
      ; of zero causes PHP to behave as before.  Default is 1.  You should fix your scripts
      ; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
      ; http://php.net/cgi.fix-pathinfo
      ;cgi.fix_pathinfo=1
      
      ; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside
      ; of the web tree and people will not be able to circumvent .htaccess security.
      ;cgi.discard_path=1
      
      ; FastCGI under IIS supports the ability to impersonate
      ; security tokens of the calling client.  This allows IIS to define the
      ; security context that the request runs under.  mod_fastcgi under Apache
      ; does not currently support this feature (03/17/2002)
      ; Set to 1 if running under IIS.  Default is zero.
      ; http://php.net/fastcgi.impersonate
      ;fastcgi.impersonate = 1
      
      ; Disable logging through FastCGI connection. PHP's default behavior is to enable
      ; this feature.
      ;fastcgi.logging = 0
      
      ; cgi.rfc2616_headers configuration option tells PHP what type of headers to
      ; use when sending HTTP response code. If set to 0, PHP sends Status: header that
      ; is supported by Apache. When this option is set to 1, PHP will send
      ; RFC2616 compliant header.
      ; Default is zero.
      ; http://php.net/cgi.rfc2616-headers
      ;cgi.rfc2616_headers = 0
      
      ; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #!
      ; (shebang) at the top of the running script. This line might be needed if the
      ; script support running both as stand-alone script and via PHP CGI<. PHP in CGI
      ; mode skips this line and ignores its content if this directive is turned on.
      ; http://php.net/cgi.check-shebang-line
      ;cgi.check_shebang_line=1
      
      ;;;;;;;;;;;;;;;;
      ; File Uploads ;
      ;;;;;;;;;;;;;;;;
      
      ; Whether to allow HTTP file uploads.
      ; http://php.net/file-uploads
      file_uploads = On
      
      ; Temporary directory for HTTP uploaded files (will use system default if not
      ; specified).
      ; http://php.net/upload-tmp-dir
      ;upload_tmp_dir =
      
      ; Maximum allowed size for uploaded files.
      ; http://php.net/upload-max-filesize
      upload_max_filesize = 2M
      
      ; Maximum number of files that can be uploaded via a single request
      max_file_uploads = 20
      
      ;;;;;;;;;;;;;;;;;;
      ; Fopen wrappers ;
      ;;;;;;;;;;;;;;;;;;
      
      ; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
      ; http://php.net/allow-url-fopen
      allow_url_fopen = On
      
      ; Whether to allow include/require to open URLs (like http:// or ftp://) as files.
      ; http://php.net/allow-url-include
      allow_url_include = Off
      
      ; Define the anonymous ftp password (your email address). PHP's default setting
      ; for this is empty.
      ; http://php.net/from
      ;from="[email protected]"
      
      ; Define the User-Agent string. PHP's default setting for this is empty.
      ; http://php.net/user-agent
      ;user_agent="PHP"
      
      ; Default timeout for socket based streams (seconds)
      ; http://php.net/default-socket-timeout
      default_socket_timeout = 60
      
      ; If your scripts have to deal with files from Macintosh systems,
      ; or you are running on a Mac and need to deal with files from
      ; unix or win32 systems, setting this flag will cause PHP to
      ; automatically detect the EOL character in those files so that
      ; fgets() and file() will work regardless of the source of the file.
      ; http://php.net/auto-detect-line-endings
      ;auto_detect_line_endings = Off
      
      ;;;;;;;;;;;;;;;;;;;;;;
      ; Dynamic Extensions ;
      ;;;;;;;;;;;;;;;;;;;;;;
      
      ; If you wish to have an extension loaded automatically, use the following
      ; syntax:
      ;
      ;   extension=modulename
      ;
      ; For example:
      ;
      ;   extension=mysqli
      ;
      ; When the extension library to load is not located in the default extension
      ; directory, You may specify an absolute path to the library file:
      ;
      ;   extension=/path/to/extension/mysqli.so
      ;
      ; Note : The syntax used in previous PHP versions ('extension=.so' and
      ; 'extension='php_.dll') is supported for legacy reasons and may be
      ; deprecated in a future PHP major version. So, when it is possible, please
      ; move to the new ('extension=) syntax.
      ;
      ; Notes for Windows environments :
      ;
      ; - Many DLL files are located in the extensions/ (PHP 4) or ext/ (PHP 5+)
      ;   extension folders as well as the separate PECL DLL download (PHP 5+).
      ;   Be sure to appropriately set the extension_dir directive.
      ;
      ;extension=bz2
      ;extension=curl
      ;extension=fileinfo
      ;extension=gd2
      ;extension=gettext
      ;extension=gmp
      ;extension=intl
      ;extension=imap
      ;extension=interbase
      ;extension=ldap
      ;extension=mbstring
      ;extension=exif      ; Must be after mbstring as it depends on it
      ;extension=mysqli
      ;extension=oci8_12c  ; Use with Oracle Database 12c Instant Client
      ;extension=odbc
      ;extension=openssl
      ;extension=pdo_firebird
      ;extension=pdo_mysql
      ;extension=pdo_oci
      ;extension=pdo_odbc
      ;extension=pdo_pgsql
      ;extension=pdo_sqlite
      ;extension=pgsql
      ;extension=shmop
      
      ; The MIBS data available in the PHP distribution must be installed.
      ; See http://www.php.net/manual/en/snmp.installation.php
      ;extension=snmp
      
      ;extension=soap
      ;extension=sockets
      ;extension=sodium
      ;extension=sqlite3
      ;extension=tidy
      ;extension=xmlrpc
      ;extension=xsl
      
      ;;;;;;;;;;;;;;;;;;;
      ; Module Settings ;
      ;;;;;;;;;;;;;;;;;;;
      
      [CLI Server]
      ; Whether the CLI web server uses ANSI color coding in its terminal output.
      cli_server.color = On
      
      [Date]
      ; Defines the default timezone used by the date functions
      ; http://php.net/date.timezone
      ;date.timezone =
      
      ; http://php.net/date.default-latitude
      ;date.default_latitude = 31.7667
      
      ; http://php.net/date.default-longitude
      ;date.default_longitude = 35.2333
      
      ; http://php.net/date.sunrise-zenith
      ;date.sunrise_zenith = 90.583333
      
      ; http://php.net/date.sunset-zenith
      ;date.sunset_zenith = 90.583333
      
      [filter]
      ; http://php.net/filter.default
      ;filter.default = unsafe_raw
      
      ; http://php.net/filter.default-flags
      ;filter.default_flags =
      
      [iconv]
      ; Use of this INI entry is deprecated, use global input_encoding instead.
      ; If empty, default_charset or input_encoding or iconv.input_encoding is used.
      ; The precedence is: default_charset < input_encoding < iconv.input_encoding
      ;iconv.input_encoding =
      
      ; Use of this INI entry is deprecated, use global internal_encoding instead.
      ; If empty, default_charset or internal_encoding or iconv.internal_encoding is used.
      ; The precedence is: default_charset < internal_encoding < iconv.internal_encoding
      ;iconv.internal_encoding =
      
      ; Use of this INI entry is deprecated, use global output_encoding instead.
      ; If empty, default_charset or output_encoding or iconv.output_encoding is used.
      ; The precedence is: default_charset < output_encoding < iconv.output_encoding
      ; To use an output encoding conversion, iconv's output handler must be set
      ; otherwise output encoding conversion cannot be performed.
      ;iconv.output_encoding =
      
      [imap]
      ; rsh/ssh logins are disabled by default. Use this INI entry if you want to
      ; enable them. Note that the IMAP library does not filter mailbox names before
      ; passing them to rsh/ssh command, thus passing untrusted data to this function
      ; with rsh/ssh enabled is insecure.
      ;imap.enable_insecure_rsh=0
      
      [intl]
      ;intl.default_locale =
      ; This directive allows you to produce PHP errors when some error
      ; happens within intl functions. The value is the level of the error produced.
      ; Default is 0, which does not produce any errors.
      ;intl.error_level = E_WARNING
      ;intl.use_exceptions = 0
      
      [sqlite3]
      ; Directory pointing to SQLite3 extensions
      ; http://php.net/sqlite3.extension-dir
      ;sqlite3.extension_dir =
      
      ; SQLite defensive mode flag (only available from SQLite 3.26+)
      ; When the defensive flag is enabled, language features that allow ordinary
      ; SQL to deliberately corrupt the database file are disabled. This forbids
      ; writing directly to the schema, shadow tables (eg. FTS data tables), or
      ; the sqlite_dbpage virtual table.
      ; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html
      ; (for older SQLite versions, this flag has no use)
      ;sqlite3.defensive = 1
      
      [Pcre]
      ; PCRE library backtracking limit.
      ; http://php.net/pcre.backtrack-limit
      ;pcre.backtrack_limit=100000
      
      ; PCRE library recursion limit.
      ; Please note that if you set this value to a high number you may consume all
      ; the available process stack and eventually crash PHP (due to reaching the
      ; stack size limit imposed by the Operating System).
      ; http://php.net/pcre.recursion-limit
      ;pcre.recursion_limit=100000
      
      ; Enables or disables JIT compilation of patterns. This requires the PCRE
      ; library to be compiled with JIT support.
      ;pcre.jit=1
      
      [Pdo]
      ; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off"
      ; http://php.net/pdo-odbc.connection-pooling
      ;pdo_odbc.connection_pooling=strict
      
      ;pdo_odbc.db2_instance_name
      
      [Pdo_mysql]
      ; Default socket name for local MySQL connects.  If empty, uses the built-in
      ; MySQL defaults.
      pdo_mysql.default_socket=
      
      [Phar]
      ; http://php.net/phar.readonly
      ;phar.readonly = On
      
      ; http://php.net/phar.require-hash
      ;phar.require_hash = On
      
      ;phar.cache_list =
      
      [mail function]
      ; For Win32 only.
      ; http://php.net/smtp
      SMTP = localhost
      ; http://php.net/smtp-port
      smtp_port = 25
      
      ; For Win32 only.
      ; http://php.net/sendmail-from
      ;sendmail_from = [email protected]
      
      ; For Unix only.  You may supply arguments as well (default: "sendmail -t -i").
      ; http://php.net/sendmail-path
      ;sendmail_path =
      
      ; Force the addition of the specified parameters to be passed as extra parameters
      ; to the sendmail binary. These parameters will always replace the value of
      ; the 5th parameter to mail().
      ;mail.force_extra_parameters =
      
      ; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename
      mail.add_x_header = Off
      
      ; The path to a log file that will log all mail() calls. Log entries include
      ; the full path of the script, line number, To address and headers.
      ;mail.log =
      ; Log mail to syslog (Event Log on Windows).
      ;mail.log = syslog
      
      [ODBC]
      ; http://php.net/odbc.default-db
      ;odbc.default_db    =  Not yet implemented
      
      ; http://php.net/odbc.default-user
      ;odbc.default_user  =  Not yet implemented
      
      ; http://php.net/odbc.default-pw
      ;odbc.default_pw    =  Not yet implemented
      
      ; Controls the ODBC cursor model.
      ; Default: SQL_CURSOR_STATIC (default).
      ;odbc.default_cursortype
      
      ; Allow or prevent persistent links.
      ; http://php.net/odbc.allow-persistent
      odbc.allow_persistent = On
      
      ; Check that a connection is still valid before reuse.
      ; http://php.net/odbc.check-persistent
      odbc.check_persistent = On
      
      ; Maximum number of persistent links.  -1 means no limit.
      ; http://php.net/odbc.max-persistent
      odbc.max_persistent = -1
      
      ; Maximum number of links (persistent + non-persistent).  -1 means no limit.
      ; http://php.net/odbc.max-links
      odbc.max_links = -1
      
      ; Handling of LONG fields.  Returns number of bytes to variables.  0 means
      ; passthru.
      ; http://php.net/odbc.defaultlrl
      odbc.defaultlrl = 4096
      
      ; Handling of binary data.  0 means passthru, 1 return as is, 2 convert to char.
      ; See the documentation on odbc_binmode and odbc_longreadlen for an explanation
      ; of odbc.defaultlrl and odbc.defaultbinmode
      ; http://php.net/odbc.defaultbinmode
      odbc.defaultbinmode = 1
      
      [Interbase]
      ; Allow or prevent persistent links.
      ibase.allow_persistent = 1
      
      ; Maximum number of persistent links.  -1 means no limit.
      ibase.max_persistent = -1
      
      ; Maximum number of links (persistent + non-persistent).  -1 means no limit.
      ibase.max_links = -1
      
      ; Default database name for ibase_connect().
      ;ibase.default_db =
      
      ; Default username for ibase_connect().
      ;ibase.default_user =
      
      ; Default password for ibase_connect().
      ;ibase.default_password =
      
      ; Default charset for ibase_connect().
      ;ibase.default_charset =
      
      ; Default timestamp format.
      ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
      
      ; Default date format.
      ibase.dateformat = "%Y-%m-%d"
      
      ; Default time format.
      ibase.timeformat = "%H:%M:%S"
      
      [MySQLi]
      
      ; Maximum number of persistent links.  -1 means no limit.
      ; http://php.net/mysqli.max-persistent
      mysqli.max_persistent = -1
      
      ; Allow accessing, from PHP's perspective, local files with LOAD DATA statements
      ; http://php.net/mysqli.allow_local_infile
      ;mysqli.allow_local_infile = On
      
      ; Allow or prevent persistent links.
      ; http://php.net/mysqli.allow-persistent
      mysqli.allow_persistent = On
      
      ; Maximum number of links.  -1 means no limit.
      ; http://php.net/mysqli.max-links
      mysqli.max_links = -1
      
      ; Default port number for mysqli_connect().  If unset, mysqli_connect() will use
      ; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the
      ; compile-time value defined MYSQL_PORT (in that order).  Win32 will only look
      ; at MYSQL_PORT.
      ; http://php.net/mysqli.default-port
      mysqli.default_port = 3306
      
      ; Default socket name for local MySQL connects.  If empty, uses the built-in
      ; MySQL defaults.
      ; http://php.net/mysqli.default-socket
      mysqli.default_socket =
      
      ; Default host for mysql_connect() (doesn't apply in safe mode).
      ; http://php.net/mysqli.default-host
      mysqli.default_host =
      
      ; Default user for mysql_connect() (doesn't apply in safe mode).
      ; http://php.net/mysqli.default-user
      mysqli.default_user =
      
      ; Default password for mysqli_connect() (doesn't apply in safe mode).
      ; Note that this is generally a *bad* idea to store passwords in this file.
      ; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw")
      ; and reveal this password!  And of course, any users with read access to this
      ; file will be able to reveal the password as well.
      ; http://php.net/mysqli.default-pw
      mysqli.default_pw =
      
      ; Allow or prevent reconnect
      mysqli.reconnect = Off
      
      [mysqlnd]
      ; Enable / Disable collection of general statistics by mysqlnd which can be
      ; used to tune and monitor MySQL operations.
      mysqlnd.collect_statistics = On
      
      ; Enable / Disable collection of memory usage statistics by mysqlnd which can be
      ; used to tune and monitor MySQL operations.
      mysqlnd.collect_memory_statistics = Off
      
      ; Records communication from all extensions using mysqlnd to the specified log
      ; file.
      ; http://php.net/mysqlnd.debug
      ;mysqlnd.debug =
      
      ; Defines which queries will be logged.
      ;mysqlnd.log_mask = 0
      
      ; Default size of the mysqlnd memory pool, which is used by result sets.
      ;mysqlnd.mempool_default_size = 16000
      
      ; Size of a pre-allocated buffer used when sending commands to MySQL in bytes.
      ;mysqlnd.net_cmd_buffer_size = 2048
      
      ; Size of a pre-allocated buffer used for reading data sent by the server in
      ; bytes.
      ;mysqlnd.net_read_buffer_size = 32768
      
      ; Timeout for network requests in seconds.
      ;mysqlnd.net_read_timeout = 31536000
      
      ; SHA-256 Authentication Plugin related. File with the MySQL server public RSA
      ; key.
      ;mysqlnd.sha256_server_public_key =
      
      [OCI8]
      
      ; Connection: Enables privileged connections using external
      ; credentials (OCI_SYSOPER, OCI_SYSDBA)
      ; http://php.net/oci8.privileged-connect
      ;oci8.privileged_connect = Off
      
      ; Connection: The maximum number of persistent OCI8 connections per
      ; process. Using -1 means no limit.
      ; http://php.net/oci8.max-persistent
      ;oci8.max_persistent = -1
      
      ; Connection: The maximum number of seconds a process is allowed to
      ; maintain an idle persistent connection. Using -1 means idle
      ; persistent connections will be maintained forever.
      ; http://php.net/oci8.persistent-timeout
      ;oci8.persistent_timeout = -1
      
      ; Connection: The number of seconds that must pass before issuing a
      ; ping during oci_pconnect() to check the connection validity. When
      ; set to 0, each oci_pconnect() will cause a ping. Using -1 disables
      ; pings completely.
      ; http://php.net/oci8.ping-interval
      ;oci8.ping_interval = 60
      
      ; Connection: Set this to a user chosen connection class to be used
      ; for all pooled server requests with Oracle 11g Database Resident
      ; Connection Pooling (DRCP).  To use DRCP, this value should be set to
      ; the same string for all web servers running the same application,
      ; the database pool must be configured, and the connection string must
      ; specify to use a pooled server.
      ;oci8.connection_class =
      
      ; High Availability: Using On lets PHP receive Fast Application
      ; Notification (FAN) events generated when a database node fails. The
      ; database must also be configured to post FAN events.
      ;oci8.events = Off
      
      ; Tuning: This option enables statement caching, and specifies how
      ; many statements to cache. Using 0 disables statement caching.
      ; http://php.net/oci8.statement-cache-size
      ;oci8.statement_cache_size = 20
      
      ; Tuning: Enables statement prefetching and sets the default number of
      ; rows that will be fetched automatically after statement execution.
      ; http://php.net/oci8.default-prefetch
      ;oci8.default_prefetch = 100
      
      ; Compatibility. Using On means oci_close() will not close
      ; oci_connect() and oci_new_connect() connections.
      ; http://php.net/oci8.old-oci-close-semantics
      ;oci8.old_oci_close_semantics = Off
      
      [PostgreSQL]
      ; Allow or prevent persistent links.
      ; http://php.net/pgsql.allow-persistent
      pgsql.allow_persistent = On
      
      ; Detect broken persistent links always with pg_pconnect().
      ; Auto reset feature requires a little overheads.
      ; http://php.net/pgsql.auto-reset-persistent
      pgsql.auto_reset_persistent = Off
      
      ; Maximum number of persistent links.  -1 means no limit.
      ; http://php.net/pgsql.max-persistent
      pgsql.max_persistent = -1
      
      ; Maximum number of links (persistent+non persistent).  -1 means no limit.
      ; http://php.net/pgsql.max-links
      pgsql.max_links = -1
      
      ; Ignore PostgreSQL backends Notice message or not.
      ; Notice message logging require a little overheads.
      ; http://php.net/pgsql.ignore-notice
      pgsql.ignore_notice = 0
      
      ; Log PostgreSQL backends Notice message or not.
      ; Unless pgsql.ignore_notice=0, module cannot log notice message.
      ; http://php.net/pgsql.log-notice
      pgsql.log_notice = 0
      
      [bcmath]
      ; Number of decimal digits for all bcmath functions.
      ; http://php.net/bcmath.scale
      bcmath.scale = 0
      
      [browscap]
      ; http://php.net/browscap
      ;browscap = extra/browscap.ini
      
      [Session]
      ; Handler used to store/retrieve data.
      ; http://php.net/session.save-handler
      session.save_handler = files
      
      ; Argument passed to save_handler.  In the case of files, this is the path
      ; where data files are stored. Note: Windows users have to change this
      ; variable in order to use PHP's session functions.
      ;
      ; The path can be defined as:
      ;
      ;     session.save_path = "N;/path"
      ;
      ; where N is an integer.  Instead of storing all the session files in
      ; /path, what this will do is use subdirectories N-levels deep, and
      ; store the session data in those directories.  This is useful if
      ; your OS has problems with many files in one directory, and is
      ; a more efficient layout for servers that handle many sessions.
      ;
      ; NOTE 1: PHP will not create this directory structure automatically.
      ;         You can use the script in the ext/session dir for that purpose.
      ; NOTE 2: See the section on garbage collection below if you choose to
      ;         use subdirectories for session storage
      ;
      ; The file storage module creates files using mode 600 by default.
      ; You can change that by using
      ;
      ;     session.save_path = "N;MODE;/path"
      ;
      ; where MODE is the octal representation of the mode. Note that this
      ; does not overwrite the process's umask.
      ; http://php.net/session.save-path
      ;session.save_path = "/tmp"
      
      ; Whether to use strict session mode.
      ; Strict session mode does not accept an uninitialized session ID, and
      ; regenerates the session ID if the browser sends an uninitialized session ID.
      ; Strict mode protects applications from session fixation via a session adoption
      ; vulnerability. It is disabled by default for maximum compatibility, but
      ; enabling it is encouraged.
      ; https://wiki.php.net/rfc/strict_sessions
      session.use_strict_mode = 0
      
      ; Whether to use cookies.
      ; http://php.net/session.use-cookies
      session.use_cookies = 1
      
      ; http://php.net/session.cookie-secure
      ;session.cookie_secure =
      
      ; This option forces PHP to fetch and use a cookie for storing and maintaining
      ; the session id. We encourage this operation as it's very helpful in combating
      ; session hijacking when not specifying and managing your own session id. It is
      ; not the be-all and end-all of session hijacking defense, but it's a good start.
      ; http://php.net/session.use-only-cookies
      session.use_only_cookies = 1
      
      ; Name of the session (used as cookie name).
      ; http://php.net/session.name
      session.name = PHPSESSID
      
      ; Initialize session on request startup.
      ; http://php.net/session.auto-start
      session.auto_start = 0
      
      ; Lifetime in seconds of cookie or, if 0, until browser is restarted.
      ; http://php.net/session.cookie-lifetime
      session.cookie_lifetime = 0
      
      ; The path for which the cookie is valid.
      ; http://php.net/session.cookie-path
      session.cookie_path = /
      
      ; The domain for which the cookie is valid.
      ; http://php.net/session.cookie-domain
      session.cookie_domain =
      
      ; Whether or not to add the httpOnly flag to the cookie, which makes it
      ; inaccessible to browser scripting languages such as JavaScript.
      ; http://php.net/session.cookie-httponly
      session.cookie_httponly =
      
      ; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF)
      ; Current valid values are "Lax" or "Strict"
      ; https://tools.ietf.org/html/draft-west-first-party-cookies-07
      session.cookie_samesite =
      
      ; Handler used to serialize data. php is the standard serializer of PHP.
      ; http://php.net/session.serialize-handler
      session.serialize_handler = php
      
      ; Defines the probability that the 'garbage collection' process is started
      ; on every session initialization. The probability is calculated by using
      ; gc_probability/gc_divisor. Where session.gc_probability is the numerator
      ; and gc_divisor is the denominator in the equation. Setting this value to 1
      ; when the session.gc_divisor value is 100 will give you approximately a 1% chance
      ; the gc will run on any given request.
      ; Default Value: 1
      ; Development Value: 1
      ; Production Value: 1
      ; http://php.net/session.gc-probability
      session.gc_probability = 1
      
      ; Defines the probability that the 'garbage collection' process is started on every
      ; session initialization. The probability is calculated by using the following equation:
      ; gc_probability/gc_divisor. Where session.gc_probability is the numerator and
      ; session.gc_divisor is the denominator in the equation. Setting this value to 100
      ; when the session.gc_probability value is 1 will give you approximately a 1% chance
      ; the gc will run on any given request. Increasing this value to 1000 will give you
      ; a 0.1% chance the gc will run on any given request. For high volume production servers,
      ; this is a more efficient approach.
      ; Default Value: 100
      ; Development Value: 1000
      ; Production Value: 1000
      ; http://php.net/session.gc-divisor
      session.gc_divisor = 1000
      
      ; After this number of seconds, stored data will be seen as 'garbage' and
      ; cleaned up by the garbage collection process.
      ; http://php.net/session.gc-maxlifetime
      session.gc_maxlifetime = 1440
      
      ; NOTE: If you are using the subdirectory option for storing session files
      ;       (see session.save_path above), then garbage collection does *not*
      ;       happen automatically.  You will need to do your own garbage
      ;       collection through a shell script, cron entry, or some other method.
      ;       For example, the following script would is the equivalent of
      ;       setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
      ;          find /path/to/sessions -cmin +24 -type f | xargs rm
      
      ; Check HTTP Referer to invalidate externally stored URLs containing ids.
      ; HTTP_REFERER has to contain this substring for the session to be
      ; considered as valid.
      ; http://php.net/session.referer-check
      session.referer_check =
      
      ; Set to {nocache,private,public,} to determine HTTP caching aspects
      ; or leave this empty to avoid sending anti-caching headers.
      ; http://php.net/session.cache-limiter
      session.cache_limiter = nocache
      
      ; Document expires after n minutes.
      ; http://php.net/session.cache-expire
      session.cache_expire = 180
      
      ; trans sid support is disabled by default.
      ; Use of trans sid may risk your users' security.
      ; Use this option with caution.
      ; - User may send URL contains active session ID
      ;   to other person via. email/irc/etc.
      ; - URL that contains active session ID may be stored
      ;   in publicly accessible computer.
      ; - User may access your site with the same session ID
      ;   always using URL stored in browser's history or bookmarks.
      ; http://php.net/session.use-trans-sid
      session.use_trans_sid = 0
      
      ; Set session ID character length. This value could be between 22 to 256.
      ; Shorter length than default is supported only for compatibility reason.
      ; Users should use 32 or more chars.
      ; http://php.net/session.sid-length
      ; Default Value: 32
      ; Development Value: 26
      ; Production Value: 26
      session.sid_length = 26
      
      ; The URL rewriter will look for URLs in a defined set of HTML tags.
      ; 
      is special; if you include them here, the rewriter will ; add a hidden field with the info which is otherwise appended ; to URLs. tag's action attribute URL will not be modified ; unless it is specified. ; Note that all valid entries require a "=", even if no value follows. ; Default Value: "a=href,area=href,frame=src,form=" ; Development Value: "a=href,area=href,frame=src,form=" ; Production Value: "a=href,area=href,frame=src,form=" ; http://php.net/url-rewriter.tags session.trans_sid_tags = "a=href,area=href,frame=src,form=" ; URL rewriter does not rewrite absolute URLs by default. ; To enable rewrites for absolute paths, target hosts must be specified ; at RUNTIME. i.e. use ini_set() ; tags is special. PHP will check action attribute's URL regardless ; of session.trans_sid_tags setting. ; If no host is defined, HTTP_HOST will be used for allowed host. ; Example value: php.net,www.php.net,wiki.php.net ; Use "," for multiple hosts. No spaces are allowed. ; Default Value: "" ; Development Value: "" ; Production Value: "" ;session.trans_sid_hosts="" ; Define how many bits are stored in each character when converting ; the binary hash data to something readable. ; Possible values: ; 4 (4 bits: 0-9, a-f) ; 5 (5 bits: 0-9, a-v) ; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") ; Default Value: 4 ; Development Value: 5 ; Production Value: 5 ; http://php.net/session.hash-bits-per-character session.sid_bits_per_character = 5 ; Enable upload progress tracking in $_SESSION ; Default Value: On ; Development Value: On ; Production Value: On ; http://php.net/session.upload-progress.enabled ;session.upload_progress.enabled = On ; Cleanup the progress information as soon as all POST data has been read ; (i.e. upload completed). ; Default Value: On ; Development Value: On ; Production Value: On ; http://php.net/session.upload-progress.cleanup ;session.upload_progress.cleanup = On ; A prefix used for the upload progress key in $_SESSION ; Default Value: "upload_progress_" ; Development Value: "upload_progress_" ; Production Value: "upload_progress_" ; http://php.net/session.upload-progress.prefix ;session.upload_progress.prefix = "upload_progress_" ; The index name (concatenated with the prefix) in $_SESSION ; containing the upload progress information ; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" ; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" ; Production Value: "PHP_SESSION_UPLOAD_PROGRESS" ; http://php.net/session.upload-progress.name ;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" ; How frequently the upload progress should be updated. ; Given either in percentages (per-file), or in bytes ; Default Value: "1%" ; Development Value: "1%" ; Production Value: "1%" ; http://php.net/session.upload-progress.freq ;session.upload_progress.freq = "1%" ; The minimum delay between updates, in seconds ; Default Value: 1 ; Development Value: 1 ; Production Value: 1 ; http://php.net/session.upload-progress.min-freq ;session.upload_progress.min_freq = "1" ; Only write session data when session data is changed. Enabled by default. ; http://php.net/session.lazy-write ;session.lazy_write = On [Assertion] ; Switch whether to compile assertions at all (to have no overhead at run-time) ; -1: Do not compile at all ; 0: Jump over assertion at run-time ; 1: Execute assertions ; Changing from or to a negative value is only possible in php.ini! (For turning assertions on and off at run-time, see assert.active, when zend.assertions = 1) ; Default Value: 1 ; Development Value: 1 ; Production Value: -1 ; http://php.net/zend.assertions zend.assertions = -1 ; Assert(expr); active by default. ; http://php.net/assert.active ;assert.active = On ; Throw an AssertionError on failed assertions ; http://php.net/assert.exception ;assert.exception = On ; Issue a PHP warning for each failed assertion. (Overridden by assert.exception if active) ; http://php.net/assert.warning ;assert.warning = On ; Don't bail out by default. ; http://php.net/assert.bail ;assert.bail = Off ; User-function to be called if an assertion fails. ; http://php.net/assert.callback ;assert.callback = 0 ; Eval the expression with current error_reporting(). Set to true if you want ; error_reporting(0) around the eval(). ; http://php.net/assert.quiet-eval ;assert.quiet_eval = 0 [COM] ; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs ; http://php.net/com.typelib-file ;com.typelib_file = ; allow Distributed-COM calls ; http://php.net/com.allow-dcom ;com.allow_dcom = true ; autoregister constants of a component's typlib on com_load() ; http://php.net/com.autoregister-typelib ;com.autoregister_typelib = true ; register constants casesensitive ; http://php.net/com.autoregister-casesensitive ;com.autoregister_casesensitive = false ; show warnings on duplicate constant registrations ; http://php.net/com.autoregister-verbose ;com.autoregister_verbose = true ; The default character set code-page to use when passing strings to and from COM objects. ; Default: system ANSI code page ;com.code_page= [mbstring] ; language for internal character representation. ; This affects mb_send_mail() and mbstring.detect_order. ; http://php.net/mbstring.language ;mbstring.language = Japanese ; Use of this INI entry is deprecated, use global internal_encoding instead. ; internal/script encoding. ; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*) ; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. ; The precedence is: default_charset < internal_encoding < iconv.internal_encoding ;mbstring.internal_encoding = ; Use of this INI entry is deprecated, use global input_encoding instead. ; http input encoding. ; mbstring.encoding_translation = On is needed to use this setting. ; If empty, default_charset or input_encoding or mbstring.input is used. ; The precedence is: default_charset < input_encoding < mbsting.http_input ; http://php.net/mbstring.http-input ;mbstring.http_input = ; Use of this INI entry is deprecated, use global output_encoding instead. ; http output encoding. ; mb_output_handler must be registered as output buffer to function. ; If empty, default_charset or output_encoding or mbstring.http_output is used. ; The precedence is: default_charset < output_encoding < mbstring.http_output ; To use an output encoding conversion, mbstring's output handler must be set ; otherwise output encoding conversion cannot be performed. ; http://php.net/mbstring.http-output ;mbstring.http_output = ; enable automatic encoding translation according to ; mbstring.internal_encoding setting. Input chars are ; converted to internal encoding by setting this to On. ; Note: Do _not_ use automatic encoding translation for ; portable libs/applications. ; http://php.net/mbstring.encoding-translation ;mbstring.encoding_translation = Off ; automatic encoding detection order. ; "auto" detect order is changed according to mbstring.language ; http://php.net/mbstring.detect-order ;mbstring.detect_order = auto ; substitute_character used when character cannot be converted ; one from another ; http://php.net/mbstring.substitute-character ;mbstring.substitute_character = none ; overload(replace) single byte functions by mbstring functions. ; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), ; etc. Possible values are 0,1,2,4 or combination of them. ; For example, 7 for overload everything. ; 0: No overload ; 1: Overload mail() function ; 2: Overload str*() functions ; 4: Overload ereg*() functions ; http://php.net/mbstring.func-overload ;mbstring.func_overload = 0 ; enable strict encoding detection. ; Default: Off ;mbstring.strict_detection = On ; This directive specifies the regex pattern of content types for which mb_output_handler() ; is activated. ; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml) ;mbstring.http_output_conv_mimetype= ; This directive specifies maximum stack depth for mbstring regular expressions. It is similar ; to the pcre.recursion_limit for PCRE. ; Default: 100000 ;mbstring.regex_stack_limit=100000 [gd] ; Tell the jpeg decode to ignore warnings and try to create ; a gd image. The warning will then be displayed as notices ; disabled by default ; http://php.net/gd.jpeg-ignore-warning ;gd.jpeg_ignore_warning = 1 [exif] ; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. ; With mbstring support this will automatically be converted into the encoding ; given by corresponding encode setting. When empty mbstring.internal_encoding ; is used. For the decode settings you can distinguish between motorola and ; intel byte order. A decode setting cannot be empty. ; http://php.net/exif.encode-unicode ;exif.encode_unicode = ISO-8859-15 ; http://php.net/exif.decode-unicode-motorola ;exif.decode_unicode_motorola = UCS-2BE ; http://php.net/exif.decode-unicode-intel ;exif.decode_unicode_intel = UCS-2LE ; http://php.net/exif.encode-jis ;exif.encode_jis = ; http://php.net/exif.decode-jis-motorola ;exif.decode_jis_motorola = JIS ; http://php.net/exif.decode-jis-intel ;exif.decode_jis_intel = JIS [Tidy] ; The path to a default tidy configuration file to use when using tidy ; http://php.net/tidy.default-config ;tidy.default_config = /usr/local/lib/php/default.tcfg ; Should tidy clean and repair output automatically? ; WARNING: Do not use this option if you are generating non-html content ; such as dynamic images ; http://php.net/tidy.clean-output tidy.clean_output = Off [soap] ; Enables or disables WSDL caching feature. ; http://php.net/soap.wsdl-cache-enabled soap.wsdl_cache_enabled=1 ; Sets the directory name where SOAP extension will put cache files. ; http://php.net/soap.wsdl-cache-dir soap.wsdl_cache_dir="/tmp" ; (time to live) Sets the number of second while cached file will be used ; instead of original one. ; http://php.net/soap.wsdl-cache-ttl soap.wsdl_cache_ttl=86400 ; Sets the size of the cache limit. (Max. number of WSDL files to cache) soap.wsdl_cache_limit = 5 [sysvshm] ; A default size of the shared memory segment ;sysvshm.init_mem = 10000 [ldap] ; Sets the maximum number of open links or -1 for unlimited. ldap.max_links = -1 [dba] ;dba.default_handler= [opcache] ; Determines if Zend OPCache is enabled ;opcache.enable=1 ; Determines if Zend OPCache is enabled for the CLI version of PHP ;opcache.enable_cli=0 ; The OPcache shared memory storage size. ;opcache.memory_consumption=128 ; The amount of memory for interned strings in Mbytes. ;opcache.interned_strings_buffer=8 ; The maximum number of keys (scripts) in the OPcache hash table. ; Only numbers between 200 and 1000000 are allowed. ;opcache.max_accelerated_files=10000 ; The maximum percentage of "wasted" memory until a restart is scheduled. ;opcache.max_wasted_percentage=5 ; When this directive is enabled, the OPcache appends the current working ; directory to the script key, thus eliminating possible collisions between ; files with the same name (basename). Disabling the directive improves ; performance, but may break existing applications. ;opcache.use_cwd=1 ; When disabled, you must reset the OPcache manually or restart the ; webserver for changes to the filesystem to take effect. ;opcache.validate_timestamps=1 ; How often (in seconds) to check file timestamps for changes to the shared ; memory storage allocation. ("1" means validate once per second, but only ; once per request. "0" means always validate) ;opcache.revalidate_freq=2 ; Enables or disables file search in include_path optimization ;opcache.revalidate_path=0 ; If disabled, all PHPDoc comments are dropped from the code to reduce the ; size of the optimized code. ;opcache.save_comments=1 ; Allow file existence override (file_exists, etc.) performance feature. ;opcache.enable_file_override=0 ; A bitmask, where each bit enables or disables the appropriate OPcache ; passes ;opcache.optimization_level=0x7FFFBFFF ;opcache.dups_fix=0 ; The location of the OPcache blacklist file (wildcards allowed). ; Each OPcache blacklist file is a text file that holds the names of files ; that should not be accelerated. The file format is to add each filename ; to a new line. The filename may be a full path or just a file prefix ; (i.e., /var/www/x blacklists all the files and directories in /var/www ; that start with 'x'). Line starting with a ; are ignored (comments). ;opcache.blacklist_filename= ; Allows exclusion of large files from being cached. By default all files ; are cached. ;opcache.max_file_size=0 ; Check the cache checksum each N requests. ; The default value of "0" means that the checks are disabled. ;opcache.consistency_checks=0 ; How long to wait (in seconds) for a scheduled restart to begin if the cache ; is not being accessed. ;opcache.force_restart_timeout=180 ; OPcache error_log file name. Empty string assumes "stderr". ;opcache.error_log= ; All OPcache errors go to the Web server log. ; By default, only fatal errors (level 0) or errors (level 1) are logged. ; You can also enable warnings (level 2), info messages (level 3) or ; debug messages (level 4). ;opcache.log_verbosity_level=1 ; Preferred Shared Memory back-end. Leave empty and let the system decide. ;opcache.preferred_memory_model= ; Protect the shared memory from unexpected writing during script execution. ; Useful for internal debugging only. ;opcache.protect_memory=0 ; Allows calling OPcache API functions only from PHP scripts which path is ; started from specified string. The default "" means no restriction ;opcache.restrict_api= ; Mapping base of shared memory segments (for Windows only). All the PHP ; processes have to map shared memory into the same address space. This ; directive allows to manually fix the "Unable to reattach to base address" ; errors. ;opcache.mmap_base= ; Enables and sets the second level cache directory. ; It should improve performance when SHM memory is full, at server restart or ; SHM reset. The default "" disables file based caching. ;opcache.file_cache= ; Enables or disables opcode caching in shared memory. ;opcache.file_cache_only=0 ; Enables or disables checksum validation when script loaded from file cache. ;opcache.file_cache_consistency_checks=1 ; Implies opcache.file_cache_only=1 for a certain process that failed to ; reattach to the shared memory (for Windows only). Explicitly enabled file ; cache is required. ;opcache.file_cache_fallback=1 ; Enables or disables copying of PHP code (text segment) into HUGE PAGES. ; This should improve performance, but requires appropriate OS configuration. ;opcache.huge_code_pages=1 ; Validate cached file permissions. ;opcache.validate_permission=0 ; Prevent name collisions in chroot'ed environment. ;opcache.validate_root=0 ; If specified, it produces opcode dumps for debugging different stages of ; optimizations. ;opcache.opt_debug_level=0 [curl] ; A default value for the CURLOPT_CAINFO option. This is required to be an ; absolute path. ;curl.cainfo = [openssl] ; The location of a Certificate Authority (CA) file on the local filesystem ; to use when verifying the identity of SSL/TLS peers. Most users should ; not specify a value for this directive as PHP will attempt to use the ; OS-managed cert stores in its absence. If specified, this value may still ; be overridden on a per-stream basis via the "cafile" SSL stream context ; option. ;openssl.cafile= ; If openssl.cafile is not specified or if the CA file is not found, the ; directory pointed to by openssl.capath is searched for a suitable ; certificate. This value must be a correctly hashed certificate directory. ; Most users should not specify a value for this directive as PHP will ; attempt to use the OS-managed cert stores in its absence. If specified, ; this value may still be overridden on a per-stream basis via the "capath" ; SSL stream context option. ;openssl.capath= ; Local Variables: ; tab-width: 4 ; End:

      :wq 保存退出

    • 启动php容器
      # 启动php容器,引用外部配置,并挂载数据目录
      docker run \
      -p 9000:9000 \
      --name php -idt \
      --restart=always \
      --privileged=true  \
      -v /home/nginx/data:/www \
      -v /home/php/conf/php.ini:/usr/local/etc/php/php.ini php:fpm
      
    • 添加MySQL组件
      # php添加 pdo_mysql 组件支持MySQL数据库操作
      docker exec -it php docker-php-ext-install pdo pdo_mysql  
      
  • 安装nginx

    • 创建挂载目录
      # 创建Nginx数据丶配置丶SSL证书及日志目录
      # 编辑Nginx配置
      mkdir -p /home/nginx/{data,conf,conf/vhost,conf/ssl,logs}
      vim /home/nginx/conf/nginx.conf
      

      添加如下配置:

      user nginx;
      worker_processes auto;
      
      error_log /var/log/nginx/error.log warn;
      pid /var/run/nginx.pid;
      worker_rlimit_nofile 51200;
      
      events {
        use epoll;
        worker_connections 51200;
        multi_accept on;
      }
      
      http {
        include mime.types;
        default_type application/octet-stream;
        server_names_hash_bucket_size 128;
        client_header_buffer_size 32k;
        large_client_header_buffers 4 32k;
        client_max_body_size 1024m;
        client_body_buffer_size 10m;
        sendfile on;
        tcp_nopush on;
        keepalive_timeout 120;
        server_tokens off;
        tcp_nodelay on;
      
        fastcgi_connect_timeout 300;
        fastcgi_send_timeout 300;
        fastcgi_read_timeout 300;
        fastcgi_buffer_size 64k;
        fastcgi_buffers 4 64k;
        fastcgi_busy_buffers_size 128k;
        fastcgi_temp_file_write_size 128k;
        fastcgi_intercept_errors on;
      
        #Gzip Compression
        gzip on;
        gzip_buffers 16 8k;
        gzip_comp_level 6;
        gzip_http_version 1.1;
        gzip_min_length 256;
        gzip_proxied any;
        gzip_vary on;
        gzip_types
          text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml
          text/javascript application/javascript application/x-javascript
          text/x-json application/json application/x-web-app-manifest+json
          text/css text/plain text/x-component
          font/opentype application/x-font-ttf application/vnd.ms-fontobject
          image/x-icon;
        gzip_disable "MSIE [1-6]\.(?!.*SV1)";
       
      ######################## default ############################
        server {
          listen 80;
          server_name _;
          access_log  /var/log/nginx/host.access.log combined;
          root /usr/share/nginx/html;
          index index.html index.htm index.php;
          #error_page 404 /404.html;
          #error_page 502 /502.html;
          
          location /nginx_status {
            stub_status on;
            access_log off;
            allow 127.0.0.1;
            deny all;
          }
          
          location ~ [^/]\.php(/|$) {
            fastcgi_pass php:9000;
            fastcgi_index index.php;
            fastcgi_param  SCRIPT_FILENAME  /www/$fastcgi_script_name;
            include fastcgi_params;
          }
          
          location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
            expires 30d;
            access_log off;
          }
          
          location ~ .*\.(js|css)?$ {
            expires 7d;
            access_log off;
          }
          
          location ~ ^/(\.user.ini|\.ht|\.git|\.svn|\.project|LICENSE|README.md) {
            deny all;
          }
          return 444; # 禁止通过IP直接访问
        }
      ########################## vhost #############################
        include /etc/nginx/vhost/*.conf; # 域名配置
      }
      
    • 启动Nginx容器
      # 启动nginx容器,引用外部配置丶挂载配置及日志等目录
      docker run -d \
      -p 80:80 \
      -p 443:443 \
      --name nginx \
      --link php:php \
      --restart=always \
      --privileged=true \
      -v /home/nginx/conf:/etc/nginx \
      -v /home/nginx/logs:/var/log/nginx \
      -v /home/nginx/conf/ssl:/etc/nginx/ssl \
      -v /home/nginx/data:/usr/share/nginx/html \
      -v /home/nginx/conf/nginx.conf:/etc/nginx/nginx.conf nginx
      
    • 添加域名配置

      在挂载目录 /home/nginx/conf/vhost/ 下创建虚拟主机(vhost) [domain].conf配置文件,文件名一般为配置域名

      如: baidu.com.conf

      # 编辑Vhost配置
      server {
        listen 80;
        # 这里为域名配置,需自行修改
        server_name baidu.com;
        access_log off;
        index index.html index.htm index.php;
        # 可根据自己需求自行修改,挂载目录为: /home/nginx/data/
        root /usr/share/nginx/html/default;
        #error_page 404 /404.html;
        #error_page 502 /502.html;
       
       location ~ .*\.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv|mp4)$ {
          valid_referers none blocked *.com baidu.com;
          if ($invalid_referer) {
              return 403;
          }
        }
      
        location ~ [^/]\.php(/|$) {
         # 因nginx启动将php容器link,所以这里php:9000即可
         fastcgi_pass php:9000;
         fastcgi_index index.php;
         fastcgi_param  SCRIPT_FILENAME  /www/$fastcgi_script_name;
         include fastcgi_params;
        }
        
        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
          expires 30d;
          access_log off;
        }
      
        location ~ .*\.(js|css)?$ {
         expires 7d;
         access_log off;
        }
      
        location ~ /\.ht {
          deny all;
        }
      }
      

      执行命令使配置生效 :

      # 第一个nginx是指定nginx容器名称,后边为bash命令,和宿主机安装命令使用方式一致
      docker exec -it nginx nginx -s reload
      
  • 配置https

    这里采用acme.sh脚本进行免费SSL证书申请,如不满足需求,可自行购买SSL证书导入

    acme.sh脚本安装SSL证书

  • 生成SSL 证书并导入
    # 安装acme.sh脚本
    wget -O -  https://get.acme.sh | sh
    
    # 生成证书
    .acme.sh/acme.sh --issue --alpn -d baidu.com 
    
  • 修改Nginx配置
    # 修改vhost baidu.com.conf文件 配置
    server {
      listen 80;
      # 监听443端口
      listen 443 ssl http2;
      # 指定SSL证书文件位置
      ssl_certificate ./ssl/baidu.com.pem;
      ssl_certificate_key ./ssl/baidu.com.key;
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
      ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
      ssl_prefer_server_ciphers on;
      ssl_session_timeout 10m;
      ssl_session_cache builtin:1000 shared:SSL:10m;
      ssl_buffer_size 1400;
      add_header Strict-Transport-Security max-age=15768000;
      ssl_stapling on;
      ssl_stapling_verify on;
      # 需自行替换
      server_name baidu.com;
      access_log off;
      index index.html index.htm index.php;
      root /usr/share/nginx/html/default;
      if ($ssl_protocol = "") { return 301 https://$host$request_uri; }
      
      #error_page 404 /404.html;
      #error_page 502 /502.html;
     
     location ~ .*\.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv|mp4)$ {
        valid_referers none blocked *.com baidu.com;
        if ($invalid_referer) {
            return 403;
        }
      }
    
      location ~ [^/]\.php(/|$) {
       fastcgi_pass php:9000;
       fastcgi_index index.php;
       fastcgi_param  SCRIPT_FILENAME  /www/$fastcgi_script_name;
       include fastcgi_params;
      }
    
      location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
        expires 30d;
        access_log off;
      }
    
      location ~ .*\.(js|css)?$ {
       expires 7d;
       access_log off;
      }
    
      location ~ /\.ht {
        deny all;
      }
    }
    

    重新加载配置

    # 重新加载Nginx 配置
    docker exec -it nginx nginx -s reload
    

你可能感兴趣的:(Docker 安装Nginx及PHP环境)