Nginx

nginx和php隐藏版本号信息

星期四, 十二月 29th, 2016 | php | 没有评论

nginx 隐藏版本号 配置nginx.cnf server_tokens off; 即可

1
2
3
4
http {
    # ...省略一些配置
    server_tokens off;
  }

2.php 的版本信息 会在 HTTP头,以类似X-Powered-By: PHP/7.0.14 这种形式
在php.ini 中关闭 expose_php = Off 即可

1
2
3
4
5
6
7
8
9
10
;;;;;;;;;;;;;;;;;
; Miscellaneous ;
;;;;;;;;;;;;;;;;;
 
; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header).  It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
; http://php.net/expose-php
expose_php = On

对应改为记得重启下php 和对应的nginx

Tags: ,

nginx支持lua的编译配置及Nginx rewrite对post数据的影响

星期四, 十二月 8th, 2016 | JAVA-and-J2EE, linux | 没有评论

nginx+lua 可以很方便做限流,路由等其他配置很是方便

编译配置如下:
lua-nginx-module 是 openresty(集成nginx版本) 下的一个模块可以独立编译挂载
https://github.com/openresty/lua-nginx-module

Alternatively, ngx_lua can be manually compiled into Nginx:

1.Install LuaJIT 2.0 or 2.1 (recommended) or Lua 5.1 (Lua 5.2 is not supported yet). LuaJIT can be downloaded from the LuaJIT project website and Lua 5.1, from the Lua project website. Some distribution package managers also distribute LuaJIT and/or Lua.

2.Download the latest version of the ngx_devel_kit (NDK) module HERE.

3.Download the latest version of ngx_lua HERE.

4.Download the latest version of Nginx HERE (See Nginx Compatibility)

下载编译安装:
› Continue reading

Tags: ,

nginx配置https使其达到A+水平

星期六, 五月 21st, 2016 | linux | 没有评论

前面有一篇文章配置了启用https的安全连接基于LetsEncrypt SSL的nginx配置

在 SSL的安全检测中才获得了B,想达到A+,也很轻松,加下配置文件即可,测试地址:https://www.ssllabs.com/ssltest/index.html

配置如下(nginx.conf):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
 server
  {
    listen     192.168.1.1:443 ssl;
    listen     192.168.1.1:80;
    server_name www.iatodo.com iatodo.com;
 
    add_header               Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
    ssl_certificate          /etc/letsencrypt/live/iatodo.com/fullchain.pem;
    ssl_certificate_key      /etc/letsencrypt/live/iatodo.com/privkey.pem;
 
    ssl_ciphers                EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers  on;
 
    ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
    ssl_session_cache          shared:SSL:50m;
    ssl_session_timeout        1d;
    ssl_session_tickets        on;
 
  ......

最后放图 画圈的部分是 Strict-Transport-Security的部分,默认开启https的访问
iatodossl

Tags: , ,

启用https的安全连接基于LetsEncrypt SSL的nginx配置

星期四, 五月 5th, 2016 | JAVA-and-J2EE, linux | 一条评论

现在网站不是https都不好意思和别人说了,顺便也跟下潮流.

操作系统:Centos6.5版本

官方文档参考: let’s encrypt getting started

具体介绍就不废话了,知道是免费、时效是90天即可,记得及时自动续期就好.

一.系统环境配置

Git

1
yum -y install git

python 2.7 检查

1
/usr/bin/python -V #查看版本

安装编译需要的工具

1
yum install zlib-devel bzip2-devel openssl-devel xz-libs wget xz

安装 Python2.7.8
› Continue reading

Tags: , ,

windows下配置nginx1.9.x+php7开发环境

星期四, 二月 4th, 2016 | php | 没有评论

还是跑不掉在windows下配置对应的开发环境,准备:

1.下载对应的软件
nginx-1.9.10/Windows-1.9.10

PHP 7.0 (7.0.3)/php-7.0.3-nts-Win32-VC14-x86.zip

2.安装配置nginx和php

分别解压到 D:/web/nginx-1.9.10/ 和D:/web/php7/
修改php.ini-recommended文件为php.ini

打开 一堆扩展尽量打开这里示例2个

1
2
3
 extension_dir = "D:/web/php7/ext"
 extension=php_mysqli.dll
 cgi.fix_pathinfo=1  ##这个启用cgi核心关键

nginx.cnf 打开php支持 同时修改fastcgi_param 参数由/scripts$fastcgi_script_name; 修改为$document_root$fastcgi_script_name;

1
2
3
4
5
6
7
8
9
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
      root           D:/web/www;
      fastcgi_pass   127.0.0.1:9000;
      fastcgi_index  index.php;
      fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
      include        fastcgi_params;
}

3.编辑php的脚本 (phpinfo.php)

<?php
    phpinfo();
?>

4.启动和关闭的脚本文件
启动脚本文件 start_nginx.bat

1
2
3
4
5
6
7
8
9
10
@echo off
echo starting nginx...
D:
cd D:/web/nginx-1.9.10/
start nginx
echo starting PHP FastCGI...
D:
cd D:/web/php7/
php-cgi.exe -b 127.0.0.1:9000 -c D:/web/php7/php.ini
exit

关闭脚本文件 stop_nginx.bat

1
2
3
4
5
6
@echo off
echo Stopping nginx...  
taskkill /F /IM nginx.exe > nul
echo Stopping PHP FastCGI...
taskkill /F /IM php-cgi.exe > nul
exit

搞定配置

Tags: ,

Nginx 1.6.2 + PHP 5.5.20 + MySQL 5.6.10 在 CentOS64 下的编译安装

星期二, 一月 6th, 2015 | linux | 没有评论

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
1.系统预先配置
yum install wget
yum install pcre
yum install openssl*
yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel nss_ldap openldap-clients openldap-servers make
yum -y install gd gd2 gd-devel gd2-devel
/usr/sbin/groupadd www
/usr/sbin/useradd -g www www
ulimit -SHn 65535
mkdir -p /ia/data/
cd /ia/data/
wget http://ftp.exim.llorien.org/pcre/pcre-8.32.tar.gz
tar -zxvf pcre-8.32.tar.gz 
mkdir tgz
mv pcre-8.32* tgz/
mkdir installsoft
cd installsoft/
wget http://nginx.org/download/nginx-1.6.2.tar.gz
tar xzvf nginx-1.6.2.tar.gz 
cd nginx-1.6.2
./configure --user=www --group=www --prefix=/usr/local/webserver/nginx --with-http_stub_status_module --with-http_ssl_module --with-pcre=/ia/data/tgz/pcre-8.32 --with-http_realip_module --with-http_image_filter_module
make
make install
/usr/local/webserver/nginx/sbin/nginx -V
 
 2、安装 MySQL:
wget http://downloads.mysql.com/archives/mysql-5.6/mysql-5.6.10-linux-glibc2.5-x86_64.tar.gz
tar zxvf mysql-5.6.10-linux-glibc2.5-x86_64.tar.gz
mv mysql-5.6.10-linux-glibc2.5-x86_64 /usr/local/webserver/mysql
/usr/sbin/groupadd mysql
/usr/sbin/useradd -g mysql mysql
mkdir -p /Data/data/mysql/data
yum install libaio
/usr/local/webserver/mysql/scripts/mysql_install_db --basedir=/usr/local/webserver/mysql --datadir=/ia/data/mysql/data --user=mysql
 
sed -i "s#/usr/local/mysql#/usr/local/webserver/mysql#g" /usr/local/webserver/mysql/bin/mysqld_safe
GRANT ALL PRIVILEGES ON *.* TO 'ia_admin'@'localhost' IDENTIFIED BY '12345678';
GRANT ALL PRIVILEGES ON *.* TO 'ia_admin'@'127.0.0.1' IDENTIFIED BY '12345678';
GRANT ALL PRIVILEGES ON *.* TO 'ia_admin'@'%' IDENTIFIED BY '12345678';
 
3、安装PHP依赖库
mkdir -p /usr/local/webserver/libs/
wget http://www.ijg.org/files/jpegsrc.v9.tar.gz     
tar zxvf jpegsrc.v9.tar.gz
cd jpeg-9/
./configure --prefix=/usr/local/webserver/libs --enable-shared --enable-static --prefix=/usr/local/webserver/libs
make
make install
cd ../
 
wget http://prdownloads.sourceforge.net/libpng/libpng-1.6.2.tar.gz
tar zxvf libpng-1.6.2.tar.gz
cd libpng-1.6.2/
./configure --prefix=/usr/local/webserver/libs
make
make install
cd ../
 
wget http://download.savannah.gnu.org/releases/freetype/freetype-2.4.12.tar.gz
tar zxvf freetype-2.4.12.tar.gz
cd freetype-2.4.12/
./configure --prefix=/usr/local/webserver/libs
make
make install
cd ../
 
 
wget "http://downloads.sourceforge.net/mhash/mhash-0.9.9.9.tar.gz"
wget "http://downloads.sourceforge.net/mcrypt/libmcrypt-2.5.8.tar.gz"
wget "http://downloads.sourceforge.net/mcrypt/mcrypt-2.6.8.tar.gz"
 
 
tar zxvf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8/
./configure --prefix=/usr/local/webserver/libs
make
make install
cd libltdl/
./configure --prefix=/usr/local/webserver/libs --enable-ltdl-install
make
make install
cd ../../
 
 
tar zxvf mhash-0.9.9.9.tar.gz
cd mhash-0.9.9.9/
./configure --prefix=/usr/local/webserver/libs
make
make install
cd ../
 
vi /etc/ld.so.conf
 
添加:
/usr/local/webserver/libs/lib
 
然后:
ldconfig
 
 
tar zxvf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8/
export LDFLAGS="-L/usr/local/webserver/libs/lib -L/usr/lib"
export CFLAGS="-I/usr/local/webserver/libs/include -I/usr/include"
touch malloc.h
./configure --prefix=/usr/local/webserver/libs --with-libmcrypt-prefix=/usr/local/webserver/libs
make
make install
cd ../
 
4、编译安装PHP 5.5
wget http://cl1.php.net/get/php-5.5.20.tar.gz/from/this/mirror
tar zxvf php-5.5.20.tar.gz
cd php-5.5.20/
export LIBS="-lm -ltermcap -lresolv"
export DYLD_LIBRARY_PATH="/usr/local/webserver/mysql/lib/:/lib/:/usr/lib/:/usr/local/lib:/lib64/:/usr/lib64/:/usr/local/lib64"
export LD_LIBRARY_PATH="/usr/local/webserver/mysql/lib/:/lib/:/usr/lib/:/usr/local/lib:/lib64/:/usr/lib64/:/usr/local/lib64"
./configure --prefix=/usr/local/webserver/php --with-config-file-path=/usr/local/webserver/php/etc --with-mysql=/usr/local/webserver/mysql --with-mysqli=/usr/local/webserver/mysql/bin/mysql_config --with-iconv-dir --with-freetype-dir=/usr/local/webserver/libs --with-jpeg-dir=/usr/local/webserver/libs --with-png-dir=/usr/local/webserver/libs --with-zlib --with-libxml-dir=/usr --enable-xml --disable-rpath --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --enable-mbregex --enable-fpm --enable-mbstring --with-mcrypt=/usr/local/webserver/libs --with-gd --enable-gd-native-ttf --with-openssl --with-mhash --enable-pcntl --enable-sockets --with-xmlrpc --enable-zip --enable-soap --enable-opcache --with-pdo-mysql --enable-maintainer-zts
 
make
make install
cp php.ini-development /usr/local/webserver/php/etc/php.ini
cd ../
ln -s /usr/local/webserver/mysql/lib/libmysqlclient.18.dylib /usr/lib/libmysqlclient.18.dylib
mv /usr/local/webserver/php/etc/php-fpm.conf.default /usr/local/webserver/php/etc/php-fpm.conf
 
 5、编译安装PHP扩展
wget http://ftp.gnu.org/gnu/autoconf/autoconf-latest.tar.gz
tar zxvf autoconf-latest.tar.gz
cd autoconf-2.69/
./configure --prefix=/usr/local/webserver/libs
make
make install
cd ../
 
wget http://pecl.php.net/get/memcache-2.2.7.tgz
tar zxvf memcache-2.2.7.tgz
cd memcache-2.2.7/
export PHP_AUTOCONF="/usr/local/webserver/libs/bin/autoconf"
export PHP_AUTOHEADER="/usr/local/webserver/libs/bin/autoheader"
/usr/local/webserver/php/bin/phpize
./configure --with-php-config=/usr/local/webserver/php/bin/php-config
make
make install
cd ../
 
 
  打开 /usr/local/webserver/php/etc/php.ini 查找 ; extension_dir = "ext"
  在其后增加一行:
extension = "memcache.so"

Tags: , , ,

nginx域名更换重定向配置

星期日, 二月 9th, 2014 | linux | 没有评论

直接记录下配置设置

    location /hscode {
     rewrite ^/(.*)$ http://www.365area.com/$1 permanent;
     access_log off;
     }

Tags:

遭遇nginx图片404

星期四, 十一月 14th, 2013 | linux | 没有评论

切换服务器到nginx下,遭遇到一部分图片无法显示404的错误

后查为 文件名的大写原因,统一改成小写后正常,nginx 1.2.7 版本,不知道算是bug不~

Tags: ,

Nginx 502 Bad Gateway 自动重启shell脚本

星期三, 八月 14th, 2013 | JAVA-and-J2EE, linux, php | 2条评论

Nginx 502 Bad Gateway 自动重启shell脚本,启动 php 和重启nginx

新建 php文件 200_ok.php 文件(这个随便,内容也随便只要是想使用curl的访问方式)

<?php
echo "200";
?>

建立一个脚本 vi web_monitor.sh (里面还有重启tomcate 的指令,后来发现使用正常关闭shutdown 有文件后台进程相关,可以直接杀掉进程的方式 ps -ef|grep java)
内容如下:

#!/bin/bash
#author:Pomelo Lee
#website:http://blog.i5a6.com
CheckUrl="http://blog.i5a6.com/200_ok.php"
STATUS_CODE=`curl -o /dev/null -m 10 --connect-timeout 10 -s -w %{http_code} $CheckUrl`
#echo "$CheckURL Status Code:\t$STATUS_CODE"
if [ "$STATUS_CODE" != "200" ]; then
/usr/local/webserver/php/sbin/php-fpm stop
sleep 1
/usr/local/webserver/php/sbin/php-fpm start
sleep 1
pkill -9 nginx
sleep 1
/usr/local/webserver/nginx/sbin/nginx
#sleep 1
#/usr/local/tomcat7/bin/shutdown.sh
#sleep 2
#/usr/local/tomcat7/bin/startup.sh
fi

然后是设定权限:chmod 755 /root/web_monitor.sh

运行定时程序:crontab -e

输入以下内容每隔5分钟检测一次:*/5 * * * * /root/web_monitor.sh

Tags: , ,

nginx从1.0升级到1.2.7的log_format问题

星期三, 二月 20th, 2013 | linux | 没有评论

今天看了nginx的升级到了1.2.7的系列了,自己的还停留在1.0.7版本有点心痒痒了,就升级了下:
不停机平滑升级新版文章参考: http://blog.i5a6.com/646.html

通过./sbin/nginx -t 检查发现
[warn] the “log_format” directive may be used only on “http” 的警告信息

修复起来也方便:

把这个格式信息从server 里面移动到http的里面,有多个server 可以并到一起减少了配置(如果格式一样的话,算是新版本的一个优化了)
log_format access ‘$remote_addr – $remote_user [$time_local] “$request” ‘
‘$status $body_bytes_sent “$http_referer” ‘
‘”$http_user_agent” $http_x_forwarded_for’;

在通过./sbin/nginx -t 检查 就都ok了

Tags: , ,

Rss

Search

文章分类

Meta