LNMP架构二

Nginx默认虚拟主机

1.首先修改nginx.conf文件，删除server及下面的，在http最后添加include vhost/*.conf; (指定虚拟主机目录,并读取以.conf结尾的文件）

删除

添加

[root@bogon conf]# vim nginx.conf[root@bogon conf]# pwd/usr/local/nginx/conf[root@bogon conf]# mkdir vhost[root@bogon conf]# cd vhost/[root@bogon vhost]# ls[root@bogon vhost]# vim aaa.com.conf

2.编辑配置文件aaa.com.conf

server{listen 80 default_server; （红色的字表示设置这个虚拟主机为默认虚拟主机）server_name aaa.com; index index.html index.htm index.php;root /data/wwwroot/default;}

3.创建default目录并新建index.html文件写入this

[root@bogon vhost]# mkdir /data/wwwroot/default[root@bogon vhost]# cd /data/wwwroot/default/[root@bogon default]# ls[root@bogon default]# vim index.html[root@bogon default]#

4.检查配置是否有错用户

[root@bogon default]# /usr/local/nginx/sbin/nginx -tnginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is oknginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful[root@bogon default]# /usr/local/nginx/sbin/nginx -s reload  或  /etc/init.d/nginx restart[root@bogon default]# 

5.测试是否成功，不管啥域名只要解析过来指向当前服务器都能访问到default站点

[root@bogon default]# curl localhostthis[root@bogon default]# curl -x127.0.0.1:80 aaa.comthis[root@bogon default]# curl -x127.0.0.1:80 bb.com this[root@bogon default]# 

6.！！：还有一个需要注意的是，如果不加红色字体的字段，再找server时会根据文件名排序，比如：aaa.com.cnf和bbb.com.cnf，aaa肯定是在前，所以aaa.com.cnf是默认虚拟主机

Nginx用户认证　

1.nginx用户认证，用到了之前httpd的htpasswd功能。

2.创建一个虚拟主机 test.com.conf

[root@bogon conf]# cd vhost/[root@bogon vhost]# lsaaa.com.conf[root@bogon vhost]# vim test.com.conf[root@bogon vhost]# 

　　

server{listen 80;server_name test.com;index index.html index.htm index.php;root /data/wwwroot/test.com;location  /{auth_basic  "Auth";（定义用户认证的名字）auth_basic_user_file/usr/local/nginx/conf/htpasswd; （定义用户名密码文件）}}

3.因为要使用到httpd的htpasswd功能，则需要安装httpd,可以直接yum安装，直接敲htpasswd命令，

4.c是生成用户文件，若要添加则不需要，否则会覆盖原文件

[root@bogon vhost]# /usr/local/apache2.4/bin/htpasswd -c /usr/local/nginx/conf/htpasswd user1New password: Re-type new password: Adding password for user user1[root@bogon vhost]# cat /usr/local/nginx/conf/htpasswd user1:$apr1$FTaFXOGV$T92wNqOEk.1kiCUTm0HPn/[root@bogon vhost]# /usr/local/apache2.4/bin/htpasswd /usr/local/nginx/conf/htpasswd user2New password: Re-type new password: Adding password for user user2[root@bogon vhost]# 

5.查看htpasswd文件，测试配置文件语法　　

[root@bogon vhost]# !catcat /usr/local/nginx/conf/htpasswd user1:$apr1$FTaFXOGV$T92wNqOEk.1kiCUTm0HPn/user2:$apr1$oNyABDKG$oLzE8MbjvtgC7TmuXDlUO0[root@bogon vhost]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

6.重新加载配置文件，不加用户发现401，需要用户认证

[root@bogon vhost]# /usr/local/nginx/sbin/nginx -s reload[root@bogon vhost]# curl -x127.0.0.1 test.comcurl: (7) Failed connect to 127.0.0.1:1080; 拒绝连接[root@bogon vhost]# curl -x127.0.0.1:80 test.com<html><head><title>401 Authorization Required</title></head><body bgcolor="white"><center><h1>401 Authorization Required</h1></center><hr><center>nginx/1.12.2</center></body></html>[root@bogon vhost]# 

7.-u指定用户和密码后，返回值

[root@bogon vhost]# curl -x127.0.0.1:80 test.com -IHTTP/1.1 401 UnauthorizedServer: nginx/1.12.2Date: Fri, 09 Feb 2018 06:48:21 GMTContent-Type: text/htmlContent-Length: 195Connection: keep-aliveWWW-Authenticate: Basic realm="Auth"[root@bogon vhost]# man curl[root@bogon vhost]# curl -uuser1:user1 -x127.0.0.1:80 test.com<html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.12.2</center></body></html>[root@bogon vhost]#

8.没有创建test.com目录，测试成功

[root@bogon vhost]# mkdir /data/wwwroot/test.com[root@bogon vhost]# echo "test.com" > /data/wwwroot/test.com/index.html[root@bogon vhost]# curl -uuser1:user1 -x127.0.0.1:80 test.com test.com[root@bogon vhost]# 

9.需求；访问一个目录（admin）或者文件时，才需要用户认证。

[root@bogon vhost]# vim /usr/local/nginx/conf/vhost/test.com.conf [root@bogon vhost]#

10.用户认证时加上admin目录

server{listen 80;server_name test.com;index index.html index.htm index.php;root /data/wwwroot/test.com;location  /admin{auth_basic  "Auth";auth_basic_user_file/usr/local/nginx/conf/htpasswd;}}

11.重新加载配置文件 访问test.com 正常，访问test.com/admin/提示401

[root@bogon vhost]# /usr/local/nginx/sbin/nginx -tnginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is oknginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful[root@bogon vhost]# /usr/local/nginx/sbin/nginx -s reload[root@bogon vhost]# curl -x127.0.0.1:80 test.comtest.com[root@bogon vhost]# curl -x127.0.0.1:80 test.com/admin/<html><head><title>401 Authorization Required</title></head><body bgcolor="white"><center><h1>401 Authorization Required</h1></center><hr><center>nginx/1.12.2</center></body></html>[root@bogon vhost]# 

12.针对一个访问的url（admin.php）做权限验证

[root@bogon vhost]# !vivim /usr/local/nginx/conf/vhost/test.com.conf [root@bogon vhost]# /usr/local/nginx/sbin/nginx -tnginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is oknginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful[root@bogon vhost]# /usr/local/nginx/sbin/nginx -s reload[root@bogon vhost]# curl -x127.0.0.1:80 test.com/admin/ <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.12.2</center></body></html>[root@bogon vhost]# curl -x127.0.0.1:80 test.com/admin.php<html><head><title>401 Authorization Required</title></head><body bgcolor="white"><center><h1>401 Authorization Required</h1></center><hr><center>nginx/1.12.2</center></body></html>[root@bogon vhost]# 

修改的配置文件　　

server{listen 80;server_name test.com;index index.html index.htm index.php;root /data/wwwroot/test.com;location  ~ admin.php{auth_basic  "Auth";auth_basic_user_file/usr/local/nginx/conf/htpasswd;}}　

 Nginx域名重定向

1.httpd配置文件里server_name后面不支持写多个域名，就算写了多个，也默认识别第一个，nginx的配置文件server_name后面则支持写多个域名。

[root@bogon vhost]# vim /usr/local/nginx/conf/vhost/test.com.confserver{listen 80;server_name test.com test2.com;index index.html index.htm index.php;root /data/wwwroot/test.com;  if ($host != 'test.com' ) {rewrite  ^/(.*)$  http://test.com/$1  permanent; （rewrite到test.com，permanent301报错  redirect302报错）  }location  ~ admin.php{auth_basic  "Auth";auth_basic_user_file/usr/local/nginx/conf/htpasswd;}}

2.测试提示301

[root@bogon vhost]# /usr/local/nginx/sbin/nginx -tnginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is oknginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful[root@bogon vhost]# /usr/local/nginx/sbin/nginx -s reload[root@bogon vhost]# curl -x127.0.0.1:80 test2.com/index.html -IHTTP/1.1 301 Moved PermanentlyServer: nginx/1.12.2Date: Fri, 09 Feb 2018 07:49:08 GMTContent-Type: text/htmlContent-Length: 185Connection: keep-aliveLocation: http://test.com/index.html[root@bogon vhost]# 

Nginx访问日志　　

1.修改Nginx的配置文件，搜索/log_format  （log_format后面跟的combined_realip是一个自定义名字，用来定义整个日志格式，这里写什么，虚拟配置文件后面就可以加上什么，我这里不做修改）

[root@bogon vhost]# vim /usr/local/nginx/conf/nginx.conf

　　

log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'' $host "$request_uri" $status'' "$http_referer" "$http_user_agent"';

2.编辑添加access_log配置

[root@bogon vhost]# vim /usr/local/nginx/conf/vhost/test.com.conf 
[root@bogon vhost]#

server{listen 80;server_name test.com test2.com;index index.html index.htm index.php;root /data/wwwroot/test.com;  if ($host != 'test.com' ) { rewrite  ^/(.*)$  http://test.com/$1  permanent;  }access_log /tmp/test.com.log combined_realip;location  ~ admin.php{auth_basic  "Auth";auth_basic_user_file/usr/local/nginx/conf/htpasswd;}}

3.检查语法错误并且重新加载配置文件

[root@bogon vhost]# /usr/local/nginx/sbin/nginx -tnginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is oknginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful[root@bogon vhost]# /usr/local/nginx/sbin/nginx -s reload [root@bogon vhost]# !curlcurl -x127.0.0.1:80 test2.com/index.html -IHTTP/1.1 301 Moved PermanentlyServer: nginx/1.12.2Date: Fri, 09 Feb 2018 08:22:43 GMTContent-Type: text/htmlContent-Length: 185Connection: keep-aliveLocation: http://test.com/index.html[root@bogon vhost]# curl -x127.0.0.1:80 test.com/index.html -I HTTP/1.1 200 OKServer: nginx/1.12.2Date: Fri, 09 Feb 2018 08:23:02 GMTContent-Type: text/htmlContent-Length: 9Last-Modified: Fri, 09 Feb 2018 06:56:11 GMTConnection: keep-aliveETag: "5a7d460b-9"Accept-Ranges: bytes[root@bogon vhost]# 

4.查看日志

[root@bogon vhost]# cat /tmp/test.com.log 127.0.0.1 - [09/Feb/2018:16:22:43 +0800] test2.com "/index.html" 301 "-" "curl/7.29.0"127.0.0.1 - [09/Feb/2018:16:23:02 +0800] test.com "/index.html" 200 "-" "curl/7.29.0"[root@bogon vhost]# 

Nginx日志切割

1.nginx没有像httpd一样，自己带有切割工具，则需要借助系统的切割工具或者自己写一个切割的脚本

#!/bin/bash#假设nginx的日志存放路径为/data/logs/d=`date -d "-1 day" +%Y%m%d`（生成一个年月日day -1的日期，（昨天的日期））logdir="/tmp/"  （定义logdir为/tmp）nginx_pid="/usr/local/nginx/logs/nginx.pid"（给Nginx.pid定义一个变量，为下面命令做准备）cd $logdir（进入到logdir中）for log in `ls *.log`（做一个for循环，ls当前目录下所有以.log文件为结尾的文件）domv $log $log-$d （把以log为结尾的日志名都改成log---日期）done/bin/kill -HUP `cat $nginx_pid` （重新启动nginx_pid进程，重新生成一个test.com.log文件）

2.f是变量的名字 in在哪个序列里循环 $f 就是  aaa.com.conf和test.com.conf

[root@bogon vhost]# for f in `ls `;do ls -l $f; done-rw-r--r--. 1 root root 141 2月9 13:23 aaa.com.conf-rw-r--r--. 1 root root 457 2月9 16:19 test.com.conf[root@bogon vhost]# 

3.执行脚本

[root@bogon vhost]# sh -x /usr/local/sbin/nginx_logrotate.sh ++ date -d '-1 day' +%Y%m%d+ d=20180210+ logdir=/tmp/+ nginx_pid=/usr/local/nginx/logs/nginx.pid+ cd /tmp/++ ls php_errors.log test.com.log+ for log in '`ls *.log`'+ mv php_errors.log php_errors.log-20180210+ for log in '`ls *.log`'+ mv test.com.log test.com.log-20180210++ cat /usr/local/nginx/logs/nginx.pid+ /bin/kill -HUP 1726

[root@bogon vhost]# ls /tmp/hogsuspendmongodb-27017.sockmysql.sockpearphp_errors.log-20180210php-fcgi.sockssh-VkkK9OKJsW89systemd-private-b091a55929414513a9b7db2f688afef6-colord.service-B5wa5wsystemd-private-b091a55929414513a9b7db2f688afef6-cups.service-RpVATesystemd-private-b091a55929414513a9b7db2f688afef6-rtkit-daemon.service-gDlUSLsystemd-private-b091a55929414513a9b7db2f688afef6-vmtoolsd.service-TLnArmtest.com.logtest.com.log-20180210tracker-extract-files.0yum_save_tx.2018-02-11.10-01.d_miLu.yumtx[root@bogon vhost]# 

4.需要定时清理（30天以前的文件）

[root@bogon vhost]# find /tmp/ -name *.log-* -type f -mtime +30 |xargs rm -rf {} ;

5.加入任务计划

[root@bogon vhost]# crontab -e

0 0 * * * /bin/bash /usr/local/sbin/nginx_logrotate.sh

静态文件不记录日志和过期时间　

1.编辑配置文件

[root@bogon vhost]# vim test.com.conf 

2.添加配置

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$（以gif,jpg,jpeg,png,bmp,swf结尾的文件保存7天，并且不记录日志）{  expires  7d;  access_log off;}location ~ .*\.(js|css)${  expires  12h;（以js,css结尾的文件保存12小时，并且不记录日志）  access_log off;}

3.检查语法，重新加载配置文件

[root@bogon vhost]# /usr/local/nginx/sbin/nginx -tnginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is oknginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful[root@bogon vhost]# /usr/local/nginx/sbin/nginx -s reload[root@bogon vhost]#

4.进入网站根目录创建两个文件，分别输入内容11111111和2222222

[root@bogon vhost]# cd /data/wwwroot/test.com/[root@bogon test.com]# lsindex.html[root@bogon test.com]# vim 1.gif[root@bogon test.com]# vim 2.js[root@bogon test.com]# 

5.分别访问了以gif,js,html为结尾的3个文件，发现日志里只记录了html为结尾的访问信息。

[root@bogon test.com]# curl -x127.0.0.1:80 test.com/1.gif11111111111111[root@bogon test.com]# curl -x127.0.0.1:80 test.com/2.js222222222222222222222222222222[root@bogon test.com]# curl -x127.0.0.1:80 test.com/index.htmltest.com[root@bogon test.com]# cat /tmp/test.com.log127.0.0.1 - [11/Feb/2018:19:24:29 +0800] test.com "/index.html" 200 "-" "curl/7.29.0"[root@bogon test.com]# 

6.加上-I 查看过期时间，过期时间已经加上

[root@bogon test.com]# curl -x127.0.0.1:80 -I test.com/2.js HTTP/1.1 200 OKServer: nginx/1.12.2Date: Sun, 11 Feb 2018 11:28:36 GMTContent-Type: application/javascriptContent-Length: 31Last-Modified: Sun, 11 Feb 2018 11:07:18 GMTConnection: keep-aliveETag: "5a8023e6-1f"Expires: Sun, 11 Feb 2018 23:28:36 GMTCache-Control: max-age=43200Accept-Ranges: bytes[root@bogon test.com]# 

Nginx防盗链

　

1.增加配置文件  ~* 指小括号内的扩展名不区分大小写

server{listen 80;server_name test.com test2.com;index index.html index.htm index.php;root /data/wwwroot/test.com;  if ($host != 'test.com' ) { rewrite  ^/(.*)$  http://test.com/$1  permanent;  }location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)${expires 7d;valid_referers none blocked server_names  *.test.com ;if ($invalid_referer) {retu 403;}access_log off;}#location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$#{#  expires  7d;#  access_log off;#}location ~ .*\.(js|css)${#  expires  12h;  access_log off;}access_log /tmp/test.com.log combined_realip;}

2.-e选项模仿refer请求，第一次模仿百度访问返回403，第二次test域名访问返回200，防盗链成功

[root@bogon test.com]# /usr/local/nginx/sbin/nginx -tnginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is oknginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful[root@bogon test.com]# /usr/local/nginx/sbin/nginx -s reload [root@bogon test.com]# curl -e "http://www.baidu.com/1.txt" -x127.0.0.1:80 -I test.com/1.gifHTTP/1.1 403 ForbiddenServer: nginx/1.12.2Date: Sun, 11 Feb 2018 11:48:56 GMTContent-Type: text/htmlContent-Length: 169Connection: keep-alive[root@bogon test.com]# curl -e "http://www.test.com/1.txt" -x127.0.0.1:80 -I test.com/1.gifHTTP/1.1 200 OKServer: nginx/1.12.2Date: Sun, 11 Feb 2018 11:49:26 GMTContent-Type: image/gifContent-Length: 15Last-Modified: Sun, 11 Feb 2018 11:07:06 GMTConnection: keep-aliveETag: "5a8023da-f"Expires: Sun, 18 Feb 2018 11:49:26 GMTCache-Control: max-age=604800Accept-Ranges: bytes[root@bogon test.com]# 

Nginx访问控制

1.编辑配置文件，添加配置访问只允许127.0.0.1和10.21.95.218可以访问admin目录

serverlisten 80;index index.html index.htm index.php;root /data/wwwroot/test.com; rewrite  ^/(.*)$  http://test.com/$1  permanent;  }  location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)${expires 7d;if ($invalid_referer) {retu 403;access_log off;}#location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$#{#  expires  7d;#  access_log off;#} location ~ .*\.(js|css)${#  expires  12h;  access_log off;} location /admin/{allow 127.0.0.1;allow 10.21.95.122;deny all;}   access_log /tmp/test.com.log combined_realip;} 

2.测试

[root@bogon admin]# vim /usr/local/nginx/conf/vhost/test.com.conf [root@bogon admin]# /usr/local/nginx/sbin/nginx -tnginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is oknginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful[root@bogon admin]# /usr/local/nginx/sbin/nginx -s reload[root@bogon admin]# curl -e "http://www.baidu.com/1.txt" -x127.0.0.1:80 -I test.com/admin/HTTP/1.1 200 OKServer: nginx/1.12.2Date: Sun, 11 Feb 2018 12:30:39 GMTContent-Type: application/octet-streamContent-Length: 6Last-Modified: Sun, 11 Feb 2018 12:29:33 GMTConnection: keep-aliveETag: "5a80372d-6"Accept-Ranges: bytes

[root@bogon admin]# curl -x10.21.95.122:80 -I test.com/admin/HTTP/1.1 200 OKServer: nginx/1.12.2Date: Sun, 11 Feb 2018 12:42:02 GMTContent-Type: application/octet-streamContent-Length: 6Last-Modified: Sun, 11 Feb 2018 12:29:33 GMTConnection: keep-aliveETag: "5a80372d-6"Accept-Ranges: bytes[root@bogon admin]# 

3.查看日志

[root@bogon admin]# cat /tmp/test.com.log 127.0.0.1 - [11/Feb/2018:20:30:39 +0800] test.com "/admin/" 200 "http://www.baidu.com/1.txt" "curl/7.29.0"10.21.95.122 - [11/Feb/2018:20:42:02 +0800] test.com "/admin/" 200 "-" "curl/7.29.0"

4.配置文件中添加

location ~ .*(upload|image)/.*\.php${deny all;}

5.创建upload目录

[root@bogon admin]# vim /usr/local/nginx/conf/vhost/test.com.conf [root@bogon admin]# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is oknginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful[root@bogon admin]# /usr/local/nginx/sbin/nginx -s reload [root@bogon admin]# mkdir /data/wwwroot/test.com/upload[root@bogon admin]# echo "upload" > /data/wwwroot/test.com/upload/1.php[root@bogon admin]# 

6.测试被拒绝

[root@bogon admin]# curl -x127.0.0.1:80 test.com/upload/1.php<html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx/1.12.2</center></body></html>[root@bogon admin]# 

7.限制蜘蛛，添加配置

1、变量的完整比较可以使用=或!=操作符
2、 部分匹配可以使用正则表达式来表示，~或~*
3、~表示区分大小写
4、~*表示不区分大小写（firefox与FireFox是一样的）
5、!~与!~* 是取反操作，也就是不匹配的意思
6、检查文件是否存在使用 -f 或 !-f 操作符
7、检查目录是否存在使用-d或!-d操作符
8、检查文件，目录或符号连接是否存在使用-e或!-e操作符
9、检查文件是否可执行使用-x或!-x操作符
10、正则表达式的部分匹配可以使用括号，匹配的部分在后面可以用$1~$9变量代替，这些和apache一致。

 if( $http_user_agent ~ 'YoudaoBot|Baidu' ){retu 403;}

8.测试，用百度蜘蛛访问403 -A 设置用户代理发送给服务器

[root@bogon admin]# /usr/local/nginx/sbin/nginx -tnginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is oknginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful[root@bogon admin]# /usr/local/nginx/sbin/nginx -s reload  [root@bogon admin]# echo 1111 > /data/wwwroot/test.com/upload/1.txt[root@bogon admin]# curl -x127.0.0.1:80 test.com/upload/1.txt -IHTTP/1.1 200 OKServer: nginx/1.12.2Date: Mon, 12 Feb 2018 01:39:30 GMTContent-Type: text/plainContent-Length: 5Last-Modified: Mon, 12 Feb 2018 01:39:05 GMTConnection: keep-aliveETag: "5a80f039-5"Accept-Ranges: bytes[root@bogon admin]# 

[root@bogon admin]# curl -A "Baidu" -x127.0.0.1:80 test.com/upload/1.txt -I HTTP/1.1 403 ForbiddenServer: nginx/1.12.2Date: Mon, 12 Feb 2018 01:40:51 GMTContent-Type: text/htmlContent-Length: 169Connection: keep-alive[root@bogon admin]# 

Nginx解析php相关配置　

1.外网访问nginx失败很有可能是防火墙没有开启80端口，开启方法

命令含义：

–zone #作用域

–add-port=80/tcp #添加端口，格式为：端口/通讯协议

–permanent #永久生效，没有此参数重启后失效

2.重启防火墙

[root@bogon conf]# firewall-cmd --zone=public --add-port=80/tcp --permanentsuccess[root@bogon conf]#

[root@bogon conf]# systemctl restart firewalld.service 

3.将解析php的配置文件添加到nginx配置文件中

[root@bogon /]# vim /usr/local/nginx/conf/vhost/test.com.conf

　　

server{listen 80;server_name test.com test2.com;index index.html index.htm index.php;root /data/wwwroot/test.com;  if ($host != 'test.com' ) { rewrite  ^/(.*)$  http://test.com/$1  permanent;  }location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)${expires 7d;valid_referers none blocked server_names  *.test.com ;if ($invalid_referer) {retu 403;}access_log off;}#location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$#{#  expires  7d;#  access_log off;#}location ~ .*\.(js|css)${  access_log off;} location /admin/{server{listen 80;server_name test.com test2.com;index index.html index.htm index.php;root /data/wwwroot/test.com;  if ($host != 'test.com' ) {rewrite  ^/(.*)$  http://test.com/$1  permanent;  }location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)${expires 7d;valid_referers none blocked server_names  *.test.com ;if ($invalid_referer) {retu 403;}access_log off;}#location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$#{ #  expires  7d;#  access_log off;#}location ~ .*\.(js|css)${#  expires  12h;  access_log off;}location /admin/{allow 127.0.0.1;allow 10.21.95.122;deny all;}location ~ .*(upload|image)/.*\.php${deny all;}if ( $http_user_agent ~ 'YoudaoBot|Baidu' ){retu 403;} location ~ \.php${  include fastcgi_params;  fastcgi_pass unix:/tmp/php-fcgi.sock; （用来监听php-fpm的地址或者socket，这里怎么写取决于/usr/local/php-fpm/etc/php-fpm.conf里的listen怎么写，如果不一样，则curl会报502错误，）  fastcgi_index index.php;  fastcgi_param SCRIPT_FILENAME /data/wwwroot/test.com$fastcgi_script_name; （这个路径要写对，对应上面的root路径）}access_log /tmp/test.com.log combined_realip;} 

4.创建文件3.php，写入phpinfo（），重新加载配置文件，curl访问可以正确解析php文件

[root@bogon /]# vim /data/wwwroot/test.com/3.php [root@bogon /]# /usr/local/nginx/sbin/nginx -s reload[root@bogon /]# curl -x127.0.0.1:80 test.com/3.php

5.这里可以对比一下php-ftm的配置文件

[global]pid = /usr/local/php-fpm/var/run/php-fpm.piderror_log = /usr/local/php-fpm/var/log/php-fpm.log[www]listen = /tmp/php-fcgi.sock（这里也可以写成监听端口，例如）
#listen = 127.0.0.1:9000             （如果这里写成端口，则虚拟配置文件里也要写成：fastcgi_pass 127.0.0.1:9000）

listen.mode = 666 （如果用的sock，定义php-fcgi.sock的权限必须是666（默认是440只用root用户能读，其它用户将提示to unix：/tmp/php-fcgi.sock failed(13:Permission denied)），否则nginx解析不了）

user = php-fpmgroup = php-fpmpm = dynamicpm.max_children = 50pm.start_servers = 20pm.min_spare_servers = 5pm.max_spare_servers = 35pm.max_requests = 500rlimit_files = 1024

6.php读sock文件是以nobody用户的身份读的，如果用的是默认权限，需要将文件php-fcgi.sock的属组改为nobody ，再访问php文件就可以解析了，因为nobody用户有读sock文件的权限了

[root@bogon /]# ps aux|grep nginxroot1726  0.0  0.1  21276  1484 ?Ss2月110:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.confnobody51088  0.0  0.3  25240  3432 ?S11:450:00 nginx: worker processnobody51089  0.0  0.3  25240  3940 ?S11:450:00 nginx: worker processroot  69197  0.0  0.0 112684976 pts/1S+16:040:00 grep --color=auto nginx[root@bogon /]# 

[root@bogon /]# chown nobody /tmp/php-fcgi.sock