nginx php-fpm session,配置一个nginx+php-fpm的web服务器

一、基本信息

指定服务安装的通用位置

mkdir /usr/local/services

SERVICE_PATH=/usr/local/services

创建服务运行的账户

useradd -r -M -s /sbin/nologin www

安装所需依赖包

yum -y install pcre pcre-devel \

gperftools gcc zlib-devel \

libxml2 libxml2-devel \

bzip2 bzip2-devel \

curl curl-devel \

libjpeg-devel libjpeg \

libpng-devel libpng \

freetype freetype-devel \

libmcrypt libmcrypt-devel \

openssl-devel

二、软件安装配置

1、NGINX+OPENSSL安装

下载解压NGINX+OPENSSL

NGINX_URL="http://nginx.org/download/nginx-1.14.0.tar.gz"

OPENSSL_URL="https://www.openssl.org/source/openssl-1.1.0h.tar.gz"

wget -P ${SERVICE_PATH} ${NGINX_URL} && tar -zxvf ${SERVICE_PATH}/nginx*.tar.gz -C ${SERVICE_PATH}

wget -P ${SERVICE_PATH} ${OPENSSL_URL} && tar -zxvf ${SERVICE_PATH}/openssl*.gz -C ${SERVICE_PATH}

编译安装NGINX

cd ${SERVICE_PATH}/nginx-*;./configure \

--prefix=${SERVICE_PATH}/nginx \

--user=www --group=www \

--with-http_stub_status_module \

--with-http_ssl_module \

--with-http_flv_module \

--with-pcre \

--with-http_gzip_static_module \

--with-openssl=${SERVICE_PATH}/openssl-* \

--with-http_realip_module \

--with-google_perftools_module \

--without-select_module \

--without-mail_pop3_module \

--without-mail_imap_module \

--without-mail_smtp_module \

--without-poll_module \

--without-http_autoindex_module \

--without-http_geo_module \

--without-http_uwsgi_module \

--without-http_scgi_module \

--without-http_memcached_module \

--with-cc-opt='-O2' && cd ${SERVICE_PATH}/nginx-*;make && make install

写入主配置文件nginx.conf(配置已优化)

cat << EOF >${SERVICE_PATH}/nginx/conf/nginx.conf

user www;

worker_processes WORKERNUMBER;

worker_cpu_affinity auto;

worker_rlimit_nofile 655350;

error_log /var/log/nginx_error.log;

pid /tmp/nginx.pid;

google_perftools_profiles /tmp/tcmalloc;

events {

use epoll;

worker_connections 655350;

multi_accept on;

}

http {

charset utf-8;

include mime.types;

default_type text/html;

log_format main '"\$remote_addr" - [\$time_local] "\$request" '

'\$status $body_bytes_sent "\$http_referer" '

'"\$http_user_agent" '

'"\$sent_http_server_name \$upstream_response_time" '

'\$request_time '

'\$args';

sendfile on;

tcp_nopush on;

tcp_nodelay on;

keepalive_timeout 120;

client_body_buffer_size 512k;

client_header_buffer_size 64k;

large_client_header_buffers 4 32k;

client_max_body_size 300M;

client_header_timeout 15s;

client_body_timeout 50s;

open_file_cache max=102400 inactive=20s;

open_file_cache_valid 30s;

open_file_cache_min_uses 1;

server_names_hash_max_size 2048;

server_names_hash_bucket_size 256;

server_tokens off;

gzip on;

gzip_proxied any;

gzip_min_length 1024;

gzip_buffers 4 8k;

gzip_comp_level 9;

gzip_disable "MSIE [1-6]\.";

gzip_types application/json test/html text/plain text/css application/font-woff application/pdf application/octet-stream application/x-javascript application/javascript application/xml text/javascript;

fastcgi_cache_path /dev/shm/ levels=1:2 keys_zone=fastcgicache:512m inactive=10m max_size=3g;

fastcgi_cache_lock on;

fastcgi_ignore_headers Cache-Control Expires Set-Cookie;

fastcgi_send_timeout 300;

fastcgi_connect_timeout 300;

fastcgi_read_timeout 300;

fastcgi_buffer_size 256k;

fastcgi_buffers 4 128k;

fastcgi_busy_buffers_size 256k;

fastcgi_temp_file_write_size 256k;

include vhost/*.conf;

}

EOF

NGINX worker进程数配置，指定为逻辑CPU数量的2倍

THREAD=`expr $(grep process /proc/cpuinfo |wc -l) \* 2`

sed -i s"/WORKERNUMBER/$THREAD/" ${SERVICE_PATH}/nginx/conf/nginx.conf

2、PHP-FPM安装

下载并解压PHP-FPM软件

FPM_URL="http://mirrors.sohu.com/php/php-5.6.8.tar.gz"

wget -P ${SERVICE_PATH} ${FPM_URL} && tar -zxvf ${SERVICE_PATH}/php*.tar.gz -C ${SERVICE_PATH}

编译安装PHP-FPM

cd ${SERVICE_PATH}/php-*;./configure \

--prefix=${SERVICE_PATH}/php \

--with-gd \

--with-mcrypt \

--with-mysql=mysqlnd \

--with-mysqli=mysqlnd \

--with-pdo-mysql=mysqlnd \

--enable-maintainer-zts \

--enable-ftp \

--enable-zip \

--with-bz2 \

-with-iconv-dir \

--with-freetype-dir \

--with-jpeg-dir \

--with-png-dir \

--with-config-file-path=${SERVICE_PATH}/php \

--enable-mbstring \

--enable-fpm \

--with-fpm-user=www \

--with-fpm-group=www \

--disable-debug \

--enable-opcache \

--enable-soap \

--with-zlib \

--with-libxml-dir=/usr \

--enable-xml \

--disable-rpath \

--enable-bcmath \

--enable-shmop \

--enable-sysvsem \

--enable-inline-optimization \

--with-curl \

--enable-mbregex \

--enable-gd-native-ttf \

--with-openssl \

--with-mhash \

--enable-pcntl \

--enable-sockets \

--with-xmlrpc \

--with-pear \

--with-gettext \

--disable-fileinfo && cd ${SERVICE_PATH}/php-*;make && make install

若FPM程序有插件需求，如mongo或redis连接插件，则可通过pecl安装php相关插件

${SERVICE_PATH}/php/bin/pecl install mongo || exit

${SERVICE_PATH}/php/bin/pecl install redis || exit

php.ini配置文件写入(配置已优化)

cat << EOF >${SERVICE_PATH}/php/php.ini

[PHP]

engine = On

short_open_tag = Off

asp_tags = Off

precision = 14

output_buffering = 4096

zlib.output_compression = Off

implicit_flush = Off

unserialize_callback_func =

serialize_precision = 17

disable_functions = shell_exec,phpinfo,exec

disable_classes =

zend.enable_gc = On

expose_php = Off

max_execution_time = 60

max_input_time = 60

memory_limit = 128M

error_reporting = E_WARING & ERROR

display_errors = Off

display_startup_errors = Off

log_errors = On

log_errors_max_len = 2048

ignore_repeated_errors = Off

ignore_repeated_source = Off

report_memleaks = On

track_errors = Off

html_errors = Off

error_log = /var/log/php_errors.log

variables_order = "GPCS"

request_order = "GP"

register_argc_argv = Off

auto_globals_jit = On

post_max_size = 8M

auto_prepend_file =

auto_append_file =

default_mimetype = "text/html"

default_charset = "UTF-8"

doc_root =

user_dir =

enable_dl = Off

cgi.fix_pathinfo=0

file_uploads = On

upload_max_filesize = 2M

max_file_uploads = 20

allow_url_fopen = Off

allow_url_include = Off

default_socket_timeout = 60

[CLI Server]

cli_server.color = On

[Date]

[filter]

[iconv]

[intl]

[sqlite]

[sqlite3]

[Pcre]

[Pdo]

[Pdo_mysql]

pdo_mysql.cache_size = 2000

pdo_mysql.default_socket=

[Phar]

[mail function]

SMTP = localhost

smtp_port = 25

mail.add_x_header = On

[SQL]

sql.safe_mode = Off

[ODBC]

odbc.allow_persistent = On

odbc.check_persistent = On

odbc.max_persistent = -1

odbc.max_links = -1

odbc.defaultlrl = 4096

odbc.defaultbinmode = 1

[Interbase]

ibase.allow_persistent = 1

ibase.max_persistent = -1

ibase.max_links = -1

ibase.timestampformat = "%Y-%m-%d %H:%M:%S"

ibase.dateformat = "%Y-%m-%d"

ibase.timeformat = "%H:%M:%S"

[MySQL]

mysql.allow_local_infile = On

mysql.allow_persistent = On

mysql.cache_size = 2000

mysql.max_persistent = -1

mysql.max_links = -1

mysql.default_port =

mysql.default_socket =

mysql.default_host =

mysql.default_user =

mysql.default_password =

mysql.connect_timeout = 60

mysql.trace_mode = Off

[MySQLi]

mysqli.max_persistent = -1

mysqli.allow_persistent = On

mysqli.max_links = -1

mysqli.cache_size = 2000

mysqli.default_port = 3306

mysqli.default_socket =

mysqli.default_host =

mysqli.default_user =

mysqli.default_pw =

mysqli.reconnect = Off

[mysqlnd]

mysqlnd.collect_statistics = On

mysqlnd.collect_memory_statistics = Off

[OCI8]

[PostgreSQL]

pgsql.allow_persistent = On

pgsql.auto_reset_persistent = Off

pgsql.max_persistent = -1

pgsql.max_links = -1

pgsql.ignore_notice = 0

pgsql.log_notice = 0

[Sybase-CT]

sybct.allow_persistent = On

sybct.max_persistent = -1

sybct.max_links = -1

sybct.min_server_severity = 10

sybct.min_client_severity = 10

[bcmath]

bcmath.scale = 0

[browscap]

[Session]

session.save_handler = files

session.save_path = "/tmp"

session.use_strict_mode = 0

session.use_cookies = 1

session.use_only_cookies = 1

session.name = PHPSESSID

session.auto_start = 0

session.cookie_lifetime = 0

session.cookie_path = /

session.cookie_domain =

session.cookie_httponly =

session.serialize_handler = php

session.gc_probability = 1

session.gc_divisor = 1000

session.gc_maxlifetime = 1440

session.referer_check =

session.cache_limiter = nocache

session.cache_expire = 180

session.use_trans_sid = 0

session.hash_function = 0

session.hash_bits_per_character = 5

url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

[MSSQL]

mssql.allow_persistent = On

mssql.max_persistent = -1

mssql.max_links = -1

mssql.min_error_severity = 10

mssql.min_message_severity = 10

mssql.compatibility_mode = Off

mssql.secure_connection = Off

[Assertion]

[COM]

[mbstring]

[gd]

gd.jpeg_ignore_warning = 0

[exif]

[Tidy]

tidy.clean_output = Off

[soap]

soap.wsdl_cache_enabled=1

soap.wsdl_cache_dir="/tmp"

soap.wsdl_cache_ttl=86400

soap.wsdl_cache_limit = 5

[sysvshm]

[ldap]

ldap.max_links = -1

[mcrypt]

[dba]

[opcache]

opcache.enable=1

opcache.enable_cli=0

opcache.memory_consumption=128

opcache.interned_strings_buffer=8

opcache.max_accelerated_files=4000

opcache.validate_timestamps=1

opcache.revalidate_freq=30

opcache.fast_shutdown=1

opcache.enable_file_override=1

[curl]

[openssl]

extension_dir='${SERVICE_PATH}/php/lib/php/extensions/'

;extension=mongo.so

;extension=redis.so

EOF

php-fpm.conf配置文件写入(配置已优化)

cat << EOF >${SERVICE_PATH}/php/etc/php-fpm.conf

[global]

error_log = /var/log/php-fpm-error.log

log_level = warning

process_control_timeout = 10

rlimit_files = 655350

events.mechanism = epoll

[www]

user = www

group = www

listen = /dev/shm/php-fpm.sock

listen.backlog = 2048

listen.owner = www

listen.group = www

listen.mode = 0660

pm = dynamic

pm.max_children = 200

pm.start_servers = 105

pm.min_spare_servers = 10

pm.max_spare_servers = 200

pm.process_idle_timeout = 10s;

pm.max_requests = 1000

pm.status_path = /fpmstatus

ping.path = /ping

ping.response = pong

slowlog = /var/log/php-slow-$pool.log

request_slowlog_timeout = 10

request_terminate_timeout = 0

rlimit_files = 655350

security.limit_extensions = .php

EOF

三、基于以上配置PHP网站

mkdir /usr/local/nginx/conf/vhost

cat << EOF > /usr/local/nginx/conf/vhost/erbiao.ex.com.conf

server

{

listen 80 backlog=1024;

server_name erbiao.ex.com;

index index.php index.html ;

root /www/web/;

access_log off;

add_header Server-Name WEBerbiaoEX;

location ~ \.php {

fastcgi_pass unix:/dev/shm/php-fpm.sock;

fastcgi_index index.php;

include fastcgi.conf;

set \$real_script_name \$fastcgi_script_name;

if (\$fastcgi_script_name ~ "^(.+?\.php)(/.+)\$") {

set \$real_script_name \$1;

set \$path_info \$2;

}

fastcgi_param SCRIPT_FILENAME \$document_root\$real_script_name;

fastcgi_param SCRIPT_NAME \$real_script_name;

fastcgi_param PATH_INFO \$fastcgi_path_info;

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$

{

expires 30d;

}

location ~ .*\.(js|css)?$

{

expires 12h;

}

}

}

EOF

若在同一服务器运行nginx和php-fpm，并发量不超过1000，选择unix socket，如此可避免一些检查操作(路由等)，因此更快，更轻。若是高并发业务，则选择使用更可靠的tcp socket，以负载均衡、内核优化等运维手段维持效率

四、安装完成后的清理与生成目录快捷方式

rm -rf ${SERVICE_PATH}/{nginx*.tar.gz,openssl*.tar.gz,php*.tar.gz}

rm -rfv ${SERVICE_PATH}/nginx/conf/*.default

rm -rfv ${SERVICE_PATH}/php/etc/*.default

ln -sv ${SERVICE_PATH}/nginx /usr/local/

ln -sv ${SERVICE_PATH}/php /usr/local/

五、启动服务

生成php-fpm系统服务脚本，并加入开机启动项

ln -sv ${SERVICE_PATH}/php-*/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm

chmod a+x /etc/init.d/php-fpm

chkconfig php-fpm --add && chkconfig php-fpm on

生成nginx系统服务脚本，并加入开机启动项

cat << EOF > /etc/init.d/nginx

#!/bin/bash

#

# nginx - this script starts and stops the nginx daemon

#

# chkconfig: - 85 15

# description: Nginx is an HTTP(S) server, HTTP(S) reverse

# proxy and IMAP/POP3 proxy server

# processname: nginx

# config: /etc/nginx/nginx.conf

# config: /etc/sysconfig/nginx

# pidfile: /var/run/nginx.pid

# Source function library.

. /etc/rc.d/init.d/functions

# Source networking configuration.

. /etc/sysconfig/network

#create temp dir in memory

mkdir -p /dev/shm/nginx/fastcgi_temp/

# Check that networking is up.

[ "\$NETWORKING" = "no" ] && exit 0

TENGINE_HOME="/usr/local/nginx/"

nginx=\$TENGINE_HOME"sbin/nginx"

prog=\$(basename \$nginx)

NGINX_CONF_FILE=\$TENGINE_HOME"conf/nginx.conf"

[ -f /etc/sysconfig/nginx ] && /etc/sysconfig/nginx

lockfile=/var/lock/subsys/nginx

start() {

[ -x \$nginx ] || exit 5

[ -f \$NGINX_CONF_FILE ] || exit 6

echo -n \$"Starting \$prog: "

daemon \$nginx -c \$NGINX_CONF_FILE

retval=\$?

echo

[ \$retval -eq 0 ] && touch \$lockfile

return \$retval

}

stop() {

echo -n \$"Stopping \$prog: "

killproc \$prog -QUIT

retval=\$?

echo

[ \$retval -eq 0 ] && rm -f \$lockfile

return \$retval

killall -9 nginx

}

restart() {

configtest || return \$?

stop

sleep 1

start

}

reload() {

configtest || return \$?

echo -n \$"Reloading \$prog: "

killproc \$nginx -HUP

RETVAL=\$?

echo

}

force_reload() {

restart

}

configtest() {

\$nginx -t -c \$NGINX_CONF_FILE

}

rh_status() {

status \$prog

}

rh_status_q() {

rh_status >/dev/null 2>&1

}

case "\$1" in

start)

rh_status_q && exit 0

\$1

;;

stop)

rh_status_q || exit 0

\$1

;;

restart|configtest)

\$1

;;

reload)

rh_status_q || exit 7

\$1

;;

force-reload)

force_reload

;;

status)

rh_status

;;

condrestart|try-restart)

rh_status_q || exit 0

;;

*)

echo \$"Usage: \$0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"

exit 2

esac

EOF

chmod a+x /etc/init.d/nginx

chkconfig nginx --add && chkconfig nginx on

启动服务

service nginx restart

service php-fpm restart

命令其他选项

nginx

├── -s选项，向主进程发送信号

| ├── reload参数，重新加载配置文件

| ├── stop参数，快速停止nginx

| ├── reopen参数，重新打开日志文件

| ├── quit参数，Nginx在退出前完成已经接受的连接请求

├── -t选项，检查配置文件是否正确

├── -c选项，用于指定特定的配置文件并启动nginx

├── -V选项(大写)，显示nginx编译选项与版本信息

php-fpm

├── -t选项，检查配置文件是否正确

├── -m选项，显示所有已安装模块

├── -i选项，显示PHP详细信息

├── -v选项，显示版本信息