12.15 Nginx解析php相关配置

登录注册

12.15 Nginx解析php相关配置

来源:开源中国
更新日期:2018-03-27

摘要：Nginx解析php相关配置目录概要配置如下： location ~ .php$ { include fastcgi_params; fastcgi_pass unix:/tmp/php-fcgi.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME

Nginx解析php相关配置目录概要配置如下：

location ~ .php$ { include fastcgi_params; fastcgi_pass unix:/tmp/php-fcgi.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /data/wwwroot/test.com$fastcgi_script_name; } fastcgi_pass 用来指定php-fpm监听的地址或者socket Nginx解析php相关配置添加以下代码

timg (26).jpg

location ~ .php$ { include fastcgi_params; fastcgi_pass unix:/tmp/php-fcgi.sock; //写错这个路径，就会显示502 fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /data/wwwroot/test.com$fastcgi_script_name; } 打开虚拟主机配置文件，因为现在test.com.conf还不能解析php，加代码添加到配置文件中

[root@hf-01 ~]# vim /usr/local/nginx/conf/vhost/test.com.conf server { listen 80; server_name test.com test1.com test2.com; index index.html index.htm index.php; root /data/wwwroot/test.com; if ($host != \'test.com\' ) { rewrite ^/(.*)$ http://test.com/$1 permanent; } #location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$ #{ # expires 7d; # access_log off; #} location ~* ^.+.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ { expires 7d; valid_referers none blocked server_names *.test.com ; if ($invalid_referer) { return 403; } access_log off; } location ~ .*.(js|css)$ { expires 12h; access_log off; } location /admin/ { allow 192.168.74.129; allow 127.0.0.1; deny all; } location ~ .*(upload|image)/.*.php$ { deny all; } if ($http_user_agent ~ \'Spider/3.0|YoudaoBot|Tomato\') { return 403; } location ~ .php$ { include fastcgi_params; fastcgi_pass unix:/tmp/php-fcgi.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /data/wwwroot/test.com$fastcgi_script_name; } access_log /tmp/test.com.log combined_realip; } 保存退出生成做一个php文件，在/data/wwwroot/test.com/目录下生成3.php

[root@hf-01 ~]# vim /data/wwwroot/test.com/3.php <?php phpinfo(); 保存退出测试访问3.php，会看到无法解析3.php文件，显示出了源码

[root@hf-01 ~]# curl -x127.0.0.1:80 test.com/3.php <?php phpinfo(); [root@hf-01 ~]# 这时候检查配置文件语法错误，并重新加载配置文件

[root@hf-01 ~]# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@hf-01 ~]# /usr/local/nginx/sbin/nginx -s reload [root@hf-01 ~]# 这时候再来访问3.php，会看到可以正常解析了

[root@hf-01 ~]# curl -x127.0.0.1:80 test.com/3.php 若是解析php相关配置的 fastcgi_pass unix:/tmp/php-fcgi.sock; 这个路径被写错，会直接显示502，因为sock文件没有被找到将配置文件改错后，重新加载后，再来访问3.php，会看到显示502状态码

[root@hf-01 ~]# vim /usr/local/nginx/conf/vhost/test.com.conf [root@hf-01 ~]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [root@hf-01 ~]# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@hf-01 ~]# /usr/local/nginx/sbin/nginx -s reload [root@hf-01 ~]# curl -x127.0.0.1:80 test.com/3.php <html> <head><title>502 Bad Gateway</title></head> <body bgcolor="white"> <center><h1>502 Bad Gateway</h1></center> <hr><center>nginx/1.12.1</center> </body> </html> [root@hf-01 ~]# 查看访问日志cat /usr/local/nginx/logs/nginx_error.log，会看到日志文件中会说没有这样的文件或目录

[root@hf-01 ~]# cat /usr/local/nginx/logs/nginx_error.log 2018/01/08 06:42:21 [crit] 3392#0: *22 connect() to unix:/tmp/php-afcgi.sock failed (2: No such file or directory) while connecting to upstream, client: 127.0.0.1, server: test.com, request: "GET HTTP://test.com/3.php HTTP/1.1", upstream: "fastcgi://unix:/tmp/php-afcgi.sock:", host: "test.com" [root@hf-01 ~]# 在遇到502的问题时，需要查看你配置的地址是否正确，首先查看错误日志，然后根据错误日志中提示，查看这个文件是否存在，在查看cat /usr/local/php-fpm/etc/php-fpm.conf你定义的sock是什么，那么在nginx的配置文件中写什么

[root@hf-01 ~]# [root@hf-01 ~]# ls /tmp/php-afcgi.sock ls: 无法访问/tmp/php-afcgi.sock: 没有那个文件或目录 [root@hf-01 ~]# cat /usr/local/php-fpm/etc/php-fpm.conf [global] pid = /usr/local/php-fpm/var/run/php-fpm.pid error_log = /usr/local/php-fpm/var/log/php-fpm.log [www] listen = /tmp/php-fcgi.sock listen.mode = 666 user = php-fpm group = php-fpm pm = dynamic pm.max_children = 50 pm.start_servers = 20 pm.min_spare_servers = 5 pm.max_spare_servers = 35 pm.max_requests = 500 rlimit_files = 1024 [root@hf-01 ~]# 这时再去配置文件中更改回来即可，所以只要配置文件中的 fastcgi_pass unix:/tmp/php-fcgi.sock; 地址错误，就会显示502 502的另一种情况假设这时不监听sock，而去监听IP端口首先更改配置vim /usr/local/php-fpm/etc/php-fpm.conf 将#listen = /tmp/php-fcgi.sock注释掉，增加listen = 127.0.0.1:9000

[root@hf-01 ~]# vim /usr/local/php-fpm/etc/php-fpm.conf [global] pid = /usr/local/php-fpm/var/run/php-fpm.pid error_log = /usr/local/php-fpm/var/log/php-fpm.log [www] #listen = /tmp/php-fcgi.sock listen = 127.0.0.1:9000 listen.mode = 666 user = php-fpm group = php-fpm pm = dynamic pm.max_children = 50 pm.start_servers = 20 pm.min_spare_servers = 5 pm.max_spare_servers = 35 pm.max_requests = 500 rlimit_files = 1024 保存退出重启php 命令为/etc/init.d/php-fpm restart，php重启也支持reload

[root@hf-01 ~]# /etc/init.d/php-fpm restart Gracefully shutting down php-fpm . done Starting php-fpm done [root@hf-01 ~]# 检查php文件是否存在语法错误，重新加载下nginx的配置文件

[root@hf-01 ~]# /usr/local/php-fpm/sbin/php-fpm -t [08-Jan-2018 07:10:32] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful [root@hf-01 ~]# /usr/local/nginx/sbin/nginx -s reload [root@hf-01 ~]# 查看监听端口是否为127.0.0.1:9000

[root@hf-01 ~]# netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1539/master tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 3528/php-fpm: maste tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1218/nginx: master tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1191/sshd tcp6 0 0 ::1:25 :::* LISTEN 1539/master tcp6 0 0 :::3306 :::* LISTEN 1566/mysqld tcp6 0 0 :::22 :::* LISTEN 1191/sshd [root@hf-01 ~]# 这时在来访问3.php，会看到显示为502

[root@hf-01 ~]# curl -x127.0.0.1:80 test.com/3.php <html> <head><title>502 Bad Gateway</title></head> <body bgcolor="white"> <center><h1>502 Bad Gateway</h1></center> <hr><center>nginx/1.12.1</center> </body> </html> [root@hf-01 ~]# 查看配置文件会提示说文件不存在这时候只需要在配置文件中做一个更改，在php配置那一块，注释掉unix，添加ip和端口

[root@hf-01 ~]# vim /usr/local/nginx/conf/vhost/test.com.conf 在php配置那一块，注释掉unix，添加ip和端口 #fastcgi_pass unix:/tmp/php-fcgi.sock; fastcgi_pass 127.0.0.1:9000; 保存退出检查语法错误，并重新加载配置文件

[root@hf-01 ~]# curl -x127.0.0.1:80 test.com/3.php -I HTTP/1.1 200 OK Server: nginx/1.12.1 Date: Sun, 07 Jan 2018 23:23:11 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.6.30 [root@hf-01 ~]# 若是出现502，要检查下配置文件中的fastcgi_pass 这块是否nginx与php-fpm中所配置的地址是相匹配的 PHP下的listen = /tmp/php-fcgi.sock这段配置很重要，决定了nginx是否能正确解析而不是502 当PHP配置文件 listen 使用sock时，那么对应的nginx配置文件下就必须使用 fastcgi_pass unix:/tmp/php-fcgi.sock；当PHP配置文件listen 使用 IP加端口“127.0.0.1：9000”的时候，那么对应的nginx就要改成fastcgi_pass 127.0.0.1：9000；配置文件中的 fastcgi_param SCRIPT_FILENAME 中的地址路径/data/wwwroot/test.com$fastcgi_script_name;与配置文件最上方的 root /data/wwwroot/test.com; 相对应起来 502的其他情况在php5.4及以后的其他版本，有一个特点更改监听为sock，取消监听IP和端口，注释掉listen.mode 更改php-fpm的配置文件，取消注释listen = /tmp/php-fcgi.sock，注释掉#listen = 127.0.0.1:9000和#listen.mode = 666

[root@hf-01 ~]# vi /usr/local/php-fpm/etc/php-fpm.conf [global] pid = /usr/local/php-fpm/var/run/php-fpm.pid error_log = /usr/local/php-fpm/var/log/php-fpm.log [www] listen = /tmp/php-fcgi.sock #listen = 127.0.0.1:9000 #listen.mode = 666 user = php-fpm group = php-fpm pm = dynamic pm.max_children = 50 pm.start_servers = 20 pm.min_spare_servers = 5 pm.max_spare_servers = 35 pm.max_requests = 500 rlimit_files = 1024 保存退出重新加载php

[root@hf-01 ~]# /etc/init.d/php-fpm reload Reload service php-fpm done 查看sock文件的权限为660，属主和属组为root

[root@hf-01 ~]# ls -l /tmp/php-fcgi.sock srw-rw---- 1 root root 0 1月 8 07:47 /tmp/php-fcgi.sock 更改nginx虚拟主机配置文件，取消 fastcgi_pass unix:/tmp/php-fcgi.sock; 的注释，注释掉#fastcgi_pass 127.0.0.1:9000; fastcgi_pass unix:/tmp/php-fcgi.sock;这一行的配置是为了nginx去读sock文件

[root@hf-01 ~]# vim /usr/local/nginx/conf/vhost/test.com.conf 重新加载nginx配置文件

[root@hf-01 ~]# /usr/local/nginx/sbin/nginx -s reload 这时候再来访问3.php，依然还是显示502

[root@hf-01 ~]# curl -x127.0.0.1:80 test.com/3.php -I HTTP/1.1 502 Bad Gateway Server: nginx/1.12.1 Date: Sun, 07 Jan 2018 23:54:07 GMT Content-Type: text/html Content-Length: 173 Connection: keep-alive 查看访问日志文件，显示访问文件，权限被拒绝

[root@hf-01 ~]# !tail tail /usr/local/nginx/logs/nginx_error.log 2018/01/08 06:42:21 [crit] 3392#0: *22 connect() to unix:/tmp/php-afcgi.sock failed (2: No such file or directory) while connecting to upstream, client: 127.0.0.1, server: test.com, request: "GET HTTP://test.com/3.php HTTP/1.1", upstream: "fastcgi://unix:/tmp/php-afcgi.sock:", host: "test.com" 2018/01/08 07:13:39 [crit] 3518#0: *24 connect() to unix:/tmp/php-fcgi.sock failed (2: No such file or directory) while connecting to upstream, client: 127.0.0.1, server: test.com, request: "GET HTTP://test.com/3.php HTTP/1.1", upstream: "fastcgi://unix:/tmp/php-fcgi.sock:", host: "test.com" 2018/01/08 07:54:07 [crit] 3790#0: *32 connect() to unix:/tmp/php-fcgi.sock failed (13: Permission denied) while connecting to upstream, client: 127.0.0.1, server: test.com, request: "HEAD HTTP://test.com/3.php HTTP/1.1", upstream: "fastcgi://unix:/tmp/php-fcgi.sock:", host: "test.com" [root@hf-01 ~]# sock文件默认权限使660，root用户可以读，root用户组也是可读的，唯独其他用户不能去读看到是由nobody的身份去读nginx的

[root@hf-01 ~]# ps aux |grep nginx root 1218 0.0 0.1 21784 1692 ? Ss 00:11 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf nobody 3929 0.0 0.3 23664 3692 ? S 08:18 0:00 nginx: worker process nobody 3930 0.0 0.3 23664 3692 ? S 08:18 0:00 nginx: worker process root 3932 0.0 0.0 112676 984 pts/0 R+ 08:18 0:00 grep --color=auto nginx [root@hf-01 ~]# 这时临时改变权限为nobody

[root@hf-01 ~]# chown nobody /tmp/php-fcgi.sock [root@hf-01 ~]# 这时再去访问3.php会看到正常访问

[root@hf-01 ~]# curl -x127.0.0.1:80 test.com/3.php -I HTTP/1.1 200 OK Server: nginx/1.12.1 Date: Mon, 08 Jan 2018 00:22:43 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.6.30 [root@hf-01 ~]# 这就是因为nobody用户有读的权限，所以可以正常访问在php-fpm的配置文件中定义listen.mode，就是为了让任何用户可以读再去配置文件中取消listen.mode的注释

[root@hf-01 ~]# vi /usr/local/php-fpm/etc/php-fpm.conf listen.mode = 666 然后重启php-fpm的配置文件

[root@hf-01 ~]# /etc/init.d/php-fpm restart Gracefully shutting down php-fpm . done Starting php-fpm done [root@hf-01 ~]# 查看文件的权限

[root@hf-01 ~]# !ls ls -l /tmp/php-fcgi.sock srw-rw-rw- 1 root root 0 1月 8 08:28 /tmp/php-fcgi.sock [root@hf-01 ~]# 访问3.php会看到正常访问

[root@hf-01 ~]# curl -x127.0.0.1:80 test.com/3.php -I HTTP/1.1 200 OK Server: nginx/1.12.1 Date: Mon, 08 Jan 2018 00:30:04 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.6.30 [root@hf-01 ~]# 502的另外情况就是php-fpm服务，资源耗尽，也会显示502，这时候就需要去优化了