Php-fpm
LEMP ( Linux, Nginx, MySQL, PHP) PHP .
LEMP pools php-fpm nginx ( virtual host).
14.04 ʡ .
nginx php-fpm : MySQL nginx Linux :LEMP PHP 14.04.
(non-root)
sudo : 14.04.
(fully qualified domain name (fqdn localhost ϡ
site1.example.org etc/hosts/ sudo vim /etc/hosts ( site1.example.org
fqdn ):
...
127.0.0.1 site1.example.org
...
LEMP
LEMP pool php-fpm PHP :
- nginx - - ǡ (configuration files) .
- ߡ ڡ (staging environment) ʡ .
php-fpm .
- php-fpm
.
(
site1.example.org) php-fpm .
site1:
sudo groupadd site1
site1 :
sudo useradd -g site1 site1 :
sudo passwd site1 / ssh sftp.
ߡ php-fpm
site1 (process) / Linux socket IP:Port .
14.04 php-fpm
etc/php5/fpm/pool.d/.
conf. php-fpm.
etc/php5/fpm/pool.d/site1.conf/ ǡ :
sudo vim /etc/php5/fpm/pool.d/site1.conf :
[site1]
user = site1
group = site1
listen = /var/run/php5-fpm-site1.sock
listen.owner = www-data
listen.group = www-data
php_admin_value[disable_functions] = exec,passthru,shell_exec,system
php_admin_flag[allow_url_fopen] = off
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
chdir = / :
- [site1] ֡ .
- user group .
- listen .
- listen.owner listen.group (listener) - socket php-fpm - Nginx socket socket nginx www-data.
- php_admin_value php exec, passthru, shell_exec, system.
- php_admin_flag php_admin_value on off. PHP allow_url_fopen PHP .
:
php_admin_value php_admin_flag . php-fpm ڡ ߡ php .
pm .
chdir / ʡ
chroot.
chroot ɡ ϡ ڡ PHP (system binaries) Imagemagick .
php-fpm :
sudo service php5-fpm restart :
ps aux |grep site1 :
site1 14042 0.0 0.8 133620 4208 ? S 14:45 0:00 php-fpm: pool site1
site1 14043 0.0 1.1 133760 5892 ? S 14:45 0:00 php-fpm: pool site1 ߡ opcache .
etc/php5/fpm/conf.d/05-opcache.ini/ (super user) :
opcache.enable=0 php-fpm :
sudo service php5-fpm restart
- nginx
php-fpm ǡ nginx. :
sudo vim /etc/nginx/sites-available/site1 :
server {
listen 80;
root /usr/share/nginx/sites/site1;
index index.php index.html index.htm;
server_name site1.example.org;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm-site1.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
} nginx :
- (Web root) usr/share/nginx/sites/site1/.
- site1.example.org .
- fastcgi_pass (handler) php unix socket var/run/php5-fpm-site1.sock/.
:
sudo mkdir /usr/share/nginx/sites
sudo mkdir /usr/share/nginx/sites/site1 (symlink)
/etc/nginx/sites-enabled/. :
sudo ln -s /etc/nginx/sites-available/site1 /etc/nginx/sites-enabled/site1 ɡ nginx :
sudo service nginx restart
-
ȡ
phpinfo php.
info.php :
<?php phpinfo(); ?> nginx
/usr/share/nginx/html/ :
sudo vim /usr/share/nginx/html/info.php (
site1.example.org) :
sudo cp /usr/share/nginx/html/info.php /usr/share/nginx/sites/site1/
lynx ( )
lynx :
sudo apt-get install lynx
info.php localhost :
lynx --dump
http://localhost/info.php |grep 'SERVER\["USER"\]'
grep ["SERVER["USER www-data :
_SERVER["USER"] www-data
site1.example.org:
lynx --dump
http://site1.example.org/info.php |grep 'SERVER\["USER"\]'
site1 :
_SERVER["USER"] site1 php php-fpm ɡ .
ɡ .
usr/share/nginx/html/config.php/ :
<?php
$pass = 'secret';
?>
pass secret 400 .
400 :
sudo chmod 400 /usr/share/nginx/html/config.php
www-data ݡ :
sudo chown www-data:www-data /usr/share/nginx/html/config.php
usr/share/nginx/html/readfile.php/ ǡ :
<?php
include('/usr/share/nginx/html/config.php');
print($pass);
?>
www-data :
sudo chown www-data:www-data /usr/share/nginx/html/readfile.php ȡ :
ls -l /usr/share/nginx/html/ :
-r-------- 1 www-data www-data 27 Jun 19 05:35 config.php
-rw-r--r-- 1 www-data www-data 68 Jun 21 16:31 readfile.php :
lynx --dump
http://localhost/readfile.php secret ڡ .
usr/share/nginx/html/readfile.php/ site1.example.org :
sudo cp /usr/share/nginx/html/readfile.php /usr/share/nginx/sites/site1/ /
site1 :
sudo chown site1:site1 /usr/share/nginx/sites/site1/readfile.php ʡ
site1 :
ls -l /usr/share/nginx/sites/site1/ :
-rw-r--r-- 1 site1 site1 80 Jun 21 16:44 readfile.php
site1.example.com :
lynx --dump
http://site1.example.org/readfile.php ɡ ߡ nginx
grep :
sudo grep error /var/log/nginx/error.log :
2015/06/30 15:15:13 [error] 894#0: *242 FastCGI sent in stderr: "PHP message: PHP Warning: include(/usr/share/nginx/html/config.php): failed to open stream: Permission denied in /usr/share/nginx/sites/site1/readfile.php on line 2
: lynx
display_errors php-fpm
etc/php5/fpm/php.ini/ ( On ).
site1.example.org (
config.php) .
opcache
opcache.enable=1 etc/php5/fpm/conf.d/05-opcache.ini/ sudo php5-fpm
sudo service php5-fpm restart.
opcache .
ɡ php-fpm nginx ǡ .
ɡ PHP SuPHP. ߡ php-fpm.
:
https://academy.hsoub.com/devops/ser...%88-1404-r251/