12.23 open_basedir

php_admin_value[open_basedir]=/data/wwwroot/aming.com:/tmp/ 创建测试php脚本，进行测试 再次更改aming.conf，修改路径，再次测试 配置错误日志 再次测试 查看错误日志 php-fpm定义open_basedir open_basedir 的作用是限制php在指定的目录里活动。 因为如果服务器管理多个网站，在php.ini里定义多个open_basedir就不合适了，所以要么在apache虚拟主机配置文件里面定义，要么在php-fpm配置文件里面定义，我们可以针对不同的池子（pool）定义对应的open_basedir 只需要加 下面一行配置即可

php_admin_value[open_basedir]=/data/wwwroot/test.com:/tmp/

- 如果路径出错，就会无法正常访问，导致404页面 curl直接连会提示“No input file specified.” 针对www的pool进行配置 在最后一行加入配置

[root@hf-01 php-fpm.d]# vim /usr/local/php-fpm/etc/php-fpm.d/www.conf [www] listen = /tmp/php-fcgi.sock listen.mode = 666 user = php-fpm group = php-fpm pm = dynamic pm.max_children = 50 pm.start_servers = 20 pm.min_spare_servers = 5 pm.max_spare_servers = 35 pm.max_requests = 500 rlimit_files = 1024 request_slowlog_timeout = 1 slowlog = /usr/local/php-fpm/var/log/www-slow.log php_admin_value[open_basedir]=/data/wwwroot/test.com:/tmp/ 重启php-fpm

[root@hf-01 php-fpm.d]# /etc/init.d/php-fpm restart Gracefully shutting down php-fpm . done Starting php-fpm done [root@hf-01 php-fpm.d]# 访问测试

[root@hf-01 php-fpm.d]# curl -x127.0.0.1:80 test.com/sleep.php -I HTTP/1.1 200 OK Server: nginx/1.12.1 Date: Tue, 09 Jan 2018 22:56:24 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.6.30 [root@hf-01 php-fpm.d]# 若open_basedir定义错误，就会导致无法访问，形成404状态码，输出curl直接连会提示“No input file specified.” 定义错误日志

[root@hf-01 php-fpm.d]# vi /usr/local/php-fpm/etc/php.ini 搜索 /display_errors 将display_errors = Off 搜索 /error_log，添加error_log ;error_log = php_errors.log ; Log errors to syslog (Event Log on Windows). ;error_log = syslog error_log = /usr/local/php-fpm/var/log/php_errors.log //这一段定义错误日志 搜索error_reporting 注释掉自带的error_reporting ;error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT error_reporting = E_ALL //定义错误日志的级别，所有 保存退出 display_errors = Off 正常情况下，在线上这个是off的，别人不能通过浏览器看到你的错误信息，而是把你的错误信息记录到服务器的某一个文件里 查看设置的错误日志文件，并是否生成

[root@hf-01 php-fpm.d]# grep error_log /usr/local/php-fpm/etc/php.ini ; server-specific log, STDERR, or a location specified by the error_log ; Set maximum length of log_errors. In error_log information about the source is ;error_log = php_errors.log ;error_log = syslog error_log = /usr/local/php-fpm/var/log/php_errors.log ; OPcache error_log file name. Empty string assumes "stderr". ;opcache.error_log= [root@hf-01 php-fpm.d]# [root@hf-01 php-fpm.d]# ls /usr/local/php-fpm/var/log/ php-fpm.log www-slow.log [root@hf-01 php-fpm.d]# 手动生成错误日志文件，并设置权限为777，防止不能够正常写入

[root@hf-01 php-fpm.d]# touch /usr/local/php-fpm/var/log/php_errors.log [root@hf-01 php-fpm.d]# chmod 777 /usr/local/php-fpm/var/log/php_errors.log [root@hf-01 php-fpm.d]# 这里为了方便测试，故意将/usr/local/php-fpm/etc/php-fpm.d/www.conf 中的open_basedir路径写错，来方便测试 重启php-fpm

[root@hf-01 php-fpm.d]# /etc/init.d/php-fpm restart Gracefully shutting down php-fpm . done Starting php-fpm done [root@hf-01 php-fpm.d]# 访问测试，会看到显示404

[root@hf-01 php-fpm.d]# curl -x127.0.0.1:80 test.com/sleep.php -I HTTP/1.1 404 Not Found Server: nginx/1.12.1 Date: Tue, 09 Jan 2018 23:35:31 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.6.30 [root@hf-01 php-fpm.d]# 查看错误日志，会看到访问地址有限制

[root@hf-01 php-fpm.d]# cat /usr/local/php-fpm/var/log/php_errors.log [09-Jan-2018 23:35:31 UTC] PHP Warning: Unknown: open_basedir restriction in effect. File(/data/wwwroot/test.com/sleep.php) is not within the allowed path(s): (/data/wwwroot/111test.com:/tmp/) in Unknown on line 0 [09-Jan-2018 23:35:31 UTC] PHP Warning: Unknown: failed to open stream: Operation not permitted in Unknown on line 0 [root@hf-01 php-fpm.d]# 再将配置文件的open_basedir路径修改过来，重新加载php-fpm，再来访问，会看到正常显示

[root@hf-01 php-fpm.d]# vim /usr/local/php-fpm/etc/php-fpm.d/www.conf [root@hf-01 php-fpm.d]# /etc/init.d/php-fpm restart Gracefully shutting down php-fpm . done Starting php-fpm done [root@hf-01 php-fpm.d]# curl -x127.0.0.1:80 test.com/sleep.php -I HTTP/1.1 200 OK Server: nginx/1.12.1 Date: Tue, 09 Jan 2018 23:39:30 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.6.30 [root@hf-01 php-fpm.d]#