Php-fpm

LEMP ( Linux, Nginx, MySQL, PHP) PHP .

LEMP pools php-fpm nginx ( virtual host).


14.04 ʡ .
nginx php-fpm : MySQL nginx Linux :LEMP PHP 14.04.
(non-root) sudo : 14.04.
(fully qualified domain name (fqdn localhost ϡ site1.example.org etc/hosts/ sudo vim /etc/hosts ( site1.example.org fqdn ):
...
127.0.0.1 site1.example.org
... LEMP


LEMP pool php-fpm PHP :

  • nginx - - ǡ (configuration files) .
  • ߡ ڡ (staging environment) ʡ .

php-fpm .

- php-fpm

.
(site1.example.org) php-fpm .
site1:
sudo groupadd site1 site1 :
sudo useradd -g site1 site1 :
sudo passwd site1 / ssh sftp.
ߡ php-fpm site1 (process) / Linux socket IP:Port .
14.04 php-fpm etc/php5/fpm/pool.d/.
conf. php-fpm.
etc/php5/fpm/pool.d/site1.conf/ ǡ :
sudo vim /etc/php5/fpm/pool.d/site1.conf :
[site1]
user = site1
group = site1
listen = /var/run/php5-fpm-site1.sock
listen.owner = www-data
listen.group = www-data
php_admin_value[disable_functions] = exec,passthru,shell_exec,system
php_admin_flag[allow_url_fopen] = off
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
chdir = / :

  • [site1] ֡ .
  • user group .
  • listen .
  • listen.owner listen.group (listener) - socket php-fpm - Nginx socket socket nginx www-data.
  • php_admin_value php exec, passthru, shell_exec, system.
  • php_admin_flag php_admin_value on off. PHP allow_url_fopen PHP .

: php_admin_value php_admin_flag . php-fpm ڡ ߡ php .
pm .
chdir / ʡ chroot.
chroot ɡ ϡ ڡ PHP (system binaries) Imagemagick .
php-fpm :
sudo service php5-fpm restart :
ps aux |grep site1 :
site1 14042 0.0 0.8 133620 4208 ? S 14:45 0:00 php-fpm: pool site1
site1 14043 0.0 1.1 133760 5892 ? S 14:45 0:00 php-fpm: pool site1 ߡ opcache .
etc/php5/fpm/conf.d/05-opcache.ini/ (super user) :
opcache.enable=0 php-fpm :
sudo service php5-fpm restart - nginx


php-fpm ǡ nginx. :
sudo vim /etc/nginx/sites-available/site1 :
server {
listen 80;

root /usr/share/nginx/sites/site1;
index index.php index.html index.htm;

server_name site1.example.org;

location / {
try_files $uri $uri/ =404;
}

location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm-site1.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
} nginx :

  • (Web root) usr/share/nginx/sites/site1/.
  • site1.example.org .
  • fastcgi_pass (handler) php unix socket var/run/php5-fpm-site1.sock/.

:
sudo mkdir /usr/share/nginx/sites
sudo mkdir /usr/share/nginx/sites/site1 (symlink) /etc/nginx/sites-enabled/. :
sudo ln -s /etc/nginx/sites-available/site1 /etc/nginx/sites-enabled/site1 ɡ nginx :
sudo service nginx restart -


ȡ phpinfo php.
info.php :
<?php phpinfo(); ?> nginx /usr/share/nginx/html/ :
sudo vim /usr/share/nginx/html/info.php (site1.example.org) :
sudo cp /usr/share/nginx/html/info.php /usr/share/nginx/sites/site1/ lynx ( ) lynx :
sudo apt-get install lynx info.php localhost :
lynx --dump http://localhost/info.php |grep 'SERVER\["USER"\]' grep ["SERVER["USER www-data :
_SERVER["USER"] www-data site1.example.org:
lynx --dump http://site1.example.org/info.php |grep 'SERVER\["USER"\]' site1 :

_SERVER["USER"] site1 php php-fpm ɡ .
ɡ .
usr/share/nginx/html/config.php/ :
<?php
$pass = 'secret';
?> pass secret 400 .
400 :
sudo chmod 400 /usr/share/nginx/html/config.php www-data ݡ :
sudo chown www-data:www-data /usr/share/nginx/html/config.php usr/share/nginx/html/readfile.php/ ǡ :
<?php
include('/usr/share/nginx/html/config.php');
print($pass);
?> www-data :
sudo chown www-data:www-data /usr/share/nginx/html/readfile.php ȡ :
ls -l /usr/share/nginx/html/ :
-r-------- 1 www-data www-data 27 Jun 19 05:35 config.php
-rw-r--r-- 1 www-data www-data 68 Jun 21 16:31 readfile.php :
lynx --dump http://localhost/readfile.php secret ڡ .
usr/share/nginx/html/readfile.php/ site1.example.org :
sudo cp /usr/share/nginx/html/readfile.php /usr/share/nginx/sites/site1/ / site1 :
sudo chown site1:site1 /usr/share/nginx/sites/site1/readfile.php ʡ site1 :
ls -l /usr/share/nginx/sites/site1/ :
-rw-r--r-- 1 site1 site1 80 Jun 21 16:44 readfile.php site1.example.com :
lynx --dump http://site1.example.org/readfile.php ɡ ߡ nginx grep :
sudo grep error /var/log/nginx/error.log :
2015/06/30 15:15:13 [error] 894#0: *242 FastCGI sent in stderr: "PHP message: PHP Warning: include(/usr/share/nginx/html/config.php): failed to open stream: Permission denied in /usr/share/nginx/sites/site1/readfile.php on line 2 : lynx display_errors php-fpm etc/php5/fpm/php.ini/ ( On ).
site1.example.org (config.php) .
opcache opcache.enable=1 etc/php5/fpm/conf.d/05-opcache.ini/ sudo php5-fpm sudo service php5-fpm restart.
opcache .



ɡ php-fpm nginx ǡ .
ɡ PHP SuPHP. ߡ php-fpm.

:

https://academy.hsoub.com/devops/ser...%88-1404-r251/