我是nginx和php-fpm的新手。
我的问题: 我需要创build两个php-fpmconfiguration文件还是只有一个?
可以两个nginx的configuration(不同的域名/应用程序)指向相同的PHP套接字? 如果是这样会导致会话冲突或任何其他问题?
下面有两个nginxconfiguration和一个php-fpmconfiguration。 如上所述,我应该有两个php-fpmconfiguration?
php-fpmconfiguration:
[appname1] listen = /var/www/apps/appname1/tmp/php.sock user = www-data group = www-data pm = dynamic pm.max_children = <%= node['php5-fpm']['max_children'] %> pm.start_servers = <%= node['php5-fpm']['start_servers'] %> pm.min_spare_servers = <%= node['php5-fpm']['min_spare_servers'] %> pm.max_spare_servers = <%= node['php5-fpm']['max_spare_servers'] %> pm.max_requests = 1000 pm.status_path = /php_status request_terminate_timeout = 0 request_slowlog_timeout = 0 slowlog = /var/www/apps/appname1/logs/slow.log nginxconfiguration1:
upstream backend { server unix:/var/www/apps/appname1/tmp/php.sock; } server { listen 80 default; root /var/www/apps/appname1/public/app/webroot; index index.php index.html index.htm; access_log /var/www/apps/appname1/logs/access.log; error_log /var/www/apps/appname1/logs/error.log; client_max_body_size 20M; rewrite_log on; # Not found this on disk? # Feed to CakePHP for further processing! if (!-e $request_filename) { rewrite ^/(.+)$ /index.php last; break; } # Pass the PHP scripts to FastCGI server # listening on 127.0.0.1:9000 location ~ \.php$ { fastcgi_pass backend; fastcgi_index index.php; fastcgi_intercept_errors on; # to support 404s for PHP files not found fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } # ... some other stuff hidden ... location ~ ^/(php_status|php_ping)$ { fastcgi_pass backend; fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; include fastcgi_params; allow 127.0.0.1; deny all; } location /nginx_status { stub_status on; access_log off; allow 127.0.0.1; deny all; } # Deny access to .htaccess files, # git & svn repositories, etc location ~ /(\.ht|\.git|\.svn) { deny all; } }
nginxconfiguration2:
upstream backend { server unix:/var/www/apps/appname1/tmp/php.sock; } server { listen 80 default; server_name test2.com root /var/www/apps/appname2/public/app/webroot; index index.php index.html index.htm; access_log /var/www/apps/appname2/logs/access.log; error_log /var/www/apps/appname2/logs/error.log; client_max_body_size 20M; rewrite_log on; # Not found this on disk? # Feed to CakePHP for further processing! if (!-e $request_filename) { rewrite ^/(.+)$ /index.php last; break; } # Pass the PHP scripts to FastCGI server # listening on 127.0.0.1:9000 location ~ \.php$ { fastcgi_pass backend; fastcgi_index index.php; fastcgi_intercept_errors on; # to support 404s for PHP files not found fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } # ... some other stuff hidden ... location ~ ^/(php_status|php_ping)$ { fastcgi_pass backend; fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; include fastcgi_params; allow 127.0.0.1; deny all; } location /nginx_status { stub_status on; access_log off; allow 127.0.0.1; deny all; } # Deny access to .htaccess files, # git & svn repositories, etc location ~ /(\.ht|\.git|\.svn) { deny all; } }
通常情况下,您应该为n个域configurationn个 fpm实例(除非它们都指向相同的应用程序)。
将每个Web应用程序保留在自己的空间中,并为它们创build一个单独的UNIX用户,稍后将用于FPM实例。
这样,你将有权限分离(非常重要),就好像有人攻击你的application1一样,他们仍然没有对application2的写权限。
这个configuration还有许多其他好处,比如控制哪个应用程序使用更多的CPU或RAM(ps会显示用户拥有的FPM进程)。
并请停止使用www-data为Web应用程序! 如果您希望允许浏览器访问您的数据,使用辅助组或者设置允许其他人读取您的文件的权限,它将作为非特权用户运行时保留给networking服务器。
为了用Nginx和PHP设置我的服务器,我遵循了Ars Technica Web Served系列。 我有一个服务器服务多个域都以某种方式使用PHP,并没有遇到任何与PHP相关的错误报告。 也许它也可以帮助你?
另一个选项可以用于Docker在自己的容器中托pipe几个php5-fpm应用程序,然后告诉nginx代理请求。 我还没有尝试过,但我打算。 类似的设置适用于我的Django应用程序。