Nginx + PHP+ MYSQL + Memched On Ubuntu SERVER 11.10

Nginx团队维护的PPA源带有PHP 5.3.x的子源，更新迅速，现在在Ubuntu部署Nginx+PHP环境真是太容易了

（虽然LAMP更容易，一句

apt-get install lamp-server^

搞定，别漏了最后的上尖号）。

1.添加源：

1 #Ubuntu 10.10 以后可不需添加以上源
2 
3 apt-get install python-software-properties
4 add-apt-repository ppa:nginx/stable
5 add-apt-repository ppa:nginx/php5      

2.安装NGINX和php5

apt-get update
apt-get install nginx
apt-get install php5-cgi php5-mysql php5-fpm php5-curl php5-mcrypt

#或者你需要更齐全的php包：
#aptitude install php5-cgi php5-mysql php5-fpm php5-curl php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt       

#aptitude install php5-memcache php5-mhash php5-ming php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl      

3. 配置NGINX

/etc/nginx/nginx.conf

1 user www-data;
 2 worker_processes 4;
 3 pid /var/run/nginx.pid;
 4 
 5 events {
 6     worker_connections 768;
 7     # multi_accept on;
 8 }
 9 
10 http {
11 
12     ##
13     # Basic Settings
14     ##
15 
16     sendfile on;
17     tcp_nopush on;
18     tcp_nodelay on;
19     keepalive_timeout 65;
20     types_hash_max_size 2048;
21     # server_tokens off;
22 
23     # server_names_hash_bucket_size 64;
24     # server_name_in_redirect off;
25 
26     include /etc/nginx/mime.types;
27     default_type application/octet-stream;
28 
29     ##
30     # Logging Settings
31     ##
32 
33     access_log /var/log/nginx/access.log;
34     error_log /var/log/nginx/error.log;
35 
36     ##
37     # Gzip Settings
38     ##
39 
40     gzip on;
41     gzip_disable "msie6";
42 
43     # gzip_vary on;
44     # gzip_proxied any;
45     # gzip_comp_level 6;
46     # gzip_buffers 16 8k;
47     # gzip_http_version 1.1;
48     # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
49 
50     ##
51     # Virtual Host Configs
52     ##
53 
54     include /etc/nginx/conf.d/*.conf;
55     include /etc/nginx/sites-enabled/*;
56 }
57 
58 
59 #mail {
60 #    # See sample authentication script at:
61 #    # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
62 #
63 #    # auth_http localhost/auth.php;
64 #    # pop3_capabilities "TOP" "USER";
65 #    # imap_capabilities "IMAP4rev1" "UIDPLUS";
66 #
67 #    server {
68 #        listen     localhost:110;
69 #        protocol   pop3;
70 #        proxy      on;
71 #    }
72 #
73 #    server {
74 #        listen     localhost:143;
75 #        protocol   imap;
76 #        proxy      on;
77 #    }
78 #}      

/etc/nginx/sites-available/default

# You may add here your
# server {
#    ...
# }
# statements for each of your virtual hosts to this file

##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

server {
        listen   80; ## listen for ipv4; this line is default and implied
    #listen   [::]:80 default ipv6only=on; ## listen for ipv6

    root /var/www/nginx-default;
    index index.php index.html index.htm;

# Make site accessible from http://localhost/
    server_name localhost;

    location / {
# First attempt to serve request as file, then
        # as directory, then fall back to index.html
        
# try_files $uri $uri/ /index.html;(--modify by stdanny)
                root /var/www/nginx-default;
                index index.php index.html index.htm;
    }

    location /doc {
        root /usr/share;
        autoindex on;
        allow 127.0.0.1;
        deny all;
    }

    location /images {
        root /usr/share;
        autoindex off;
    }

#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html
    #
    #error_page 500 502 503 504 /50x.html;
    #location = /50x.html {
    #    root /usr/share/nginx/www;
    #}

# proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass http://127.0.0.1;
    #}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    # modify by stdanny
        location ~ \.php$ {
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
# modfied by stdanny
                 fastcgi_param SCRIPT_FILENAME /var/www/nginx-default$fastcgi_script_name;
        include /etc/nginx/fastcgi_params;
# include fastcgi_params;
    }

# deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny all;
    #}
}


# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
#    listen 8000;
#    listen somename:8080;
#    server_name somename alias another.alias;
#    root html;
#    index index.html index.htm;
#
#    location / {
#        try_files $uri $uri/ /index.html;
#    }
#}


# HTTPS server
#
#server {
#    listen 443;
#    server_name localhost;
#
#    root html;
#    index index.html index.htm;
#
#    ssl on;
#    ssl_certificate cert.pem;
#    ssl_certificate_key cert.key;
#
#    ssl_session_timeout 5m;
#
#    ssl_protocols SSLv3 TLSv1;
#    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
#    ssl_prefer_server_ciphers on;
#
#    location / {
#        try_files $uri $uri/ /index.html;
#    }
#}      

 fastcgi_params

1 fastcgi_param    QUERY_STRING        $query_string;
 2 fastcgi_param    REQUEST_METHOD        $request_method;
 3 fastcgi_param    CONTENT_TYPE        $content_type;
 4 fastcgi_param    CONTENT_LENGTH        $content_length;
 5 
 6 fastcgi_param    SCRIPT_FILENAME        $request_filename;
 7 #test modify by stdanny
 8 #fastcgi_param   SCRIPT_FILENAME         $document_root$fastcgi_script_name;
 9 # modied by stdanny
10 #fastcgi_param   PATH_INFO               $fastcgi_script_name;
11 fastcgi_param    SCRIPT_NAME        $fastcgi_script_name;
12 fastcgi_param    REQUEST_URI        $request_uri;
13 fastcgi_param    DOCUMENT_URI        $document_uri;
14 fastcgi_param    DOCUMENT_ROOT        $document_root;
15 fastcgi_param    SERVER_PROTOCOL        $server_protocol;
16 
17 fastcgi_param    GATEWAY_INTERFACE    CGI/1.1;
18 fastcgi_param    SERVER_SOFTWARE        nginx/$nginx_version;
19 
20 fastcgi_param    REMOTE_ADDR        $remote_addr;
21 fastcgi_param    REMOTE_PORT        $remote_port;
22 fastcgi_param    SERVER_ADDR        $server_addr;
23 fastcgi_param    SERVER_PORT        $server_port;
24 fastcgi_param    SERVER_NAME        $server_name;
25 
26 # PHP only, required if PHP was built with --enable-force-cgi-redirect
27 fastcgi_param    REDIRECT_STATUS        200;
28 
29 # add by stdanny fastcgi fpm setting
30 fastcgi_connect_timeout 60;
31 fastcgi_send_timeout 180;
32 fastcgi_read_timeout 180;
33 fastcgi_buffer_size 128k;
34 fastcgi_buffers 4 256k;
35 fastcgi_busy_buffers_size 256k;
36 fastcgi_temp_file_write_size 256k;
37 fastcgi_intercept_errors on;      

修复nginx＋php出现的重大漏洞、修改上传文件大小

1 sudo vi /etc/php5/fpm/php.ini
2 cgi.fix_pathinfo = 0 //修复漏洞
3 upload_max_filesize = 2M改为5M //修改上传文件大小      

再提供一种解决Nginx文件类型错误解析漏洞的方法

详细见：http://blog.s135.com/nginx_0day/

4.安装ZendGuardLoader及eaccelerator：

sudo mkdir /usr/zend
mkdir /tmp/eaccelerator
chmod 0777 /tmp/eaccelerator
wget http://phpcj.googlecode.com/files/ZendGuardLoader.so
sudo mv ZendGuardLoader.so /usr/zend/ZendGuardLoader.so
wget http://bart.eaccelerator.net/source/0.9.6.1/eaccelerator-0.9.6.1.tar.bz2
tar xvjf eaccelerator-0.9.6.1.tar.bz2
cd eaccelerator-0.9.6.1
cp control.php /var/www/nginx-default/control.php //复制控制程序到网站目录，通过http://网站名/control.php访问，默认帐号为admin，密码为eAccelertor，可编辑此文件修改。
phpize
sudo ./configure --enable-eaccelerator=shared
sudo make
sudo make install
sudo vi /etc/php5/fpm/php.ini      

配置

sudo vi /etc/php5/fpm/php.ini      

添加以下代码：

1 zend_extension=/usr/zend/ZendGuardLoader.so
 2 zend_loader.enable=1
 3 zend_loader.disable_licensing=0
 4 zend_loader.obfuscation_level_support=3
 5 zend_loader.license_path=
 6 zend_extension="/usr/lib/php5/20090626+lfs/eaccelerator.so"
 7 eaccelerator.shm_size="16"
 8 eaccelerator.cache_dir="/tmp/eaccelerator"
 9 eaccelerator.enable="1"
10 eaccelerator.optimizer="1"
11 eaccelerator.check_mtime="1"
12 eaccelerator.debug="0"
13 eaccelerator.filter=""
14 eaccelerator.shm_max="0"
15 eaccelerator.shm_ttl="0"
16 eaccelerator.shm_prune_period="0"
17 eaccelerator.shm_only="0"
18 eaccelerator.compress="1"
19 eaccelerator.compress_level="9"
20 eaccelerator.allowed_admin_path="/var/www/nginx-default/control.php"      

5.php-fpm 配置

php5-fpm默认参数启动的服务器还是比较耗资源的，如果环境不充裕（如512内存以下的VPS），可以做下配置。

这个包的fpm的默认配置文件是

/etc/php5/fpm/main.conf

，但对子进程的配置是在其包含的

/etc/php5/fpm/pool.d/

目录内，里面有个

www.conf

，可以对以下的参数做以下修改：

1 pm = dynamic              ;动态管理php-fpm的子进程
2 pm.max_children = 5       ;最多的时候开不超过5个
3 pm.start_servers = 2      ;启动服务时候开2个
4 pm.min_spare_servers = 2  ;空闲时候最少留2个
5 pm.max_spare_servers = 5  ;最多留5个
6 pm.max_requests = 300     ;每个子进程最多处理300个请求就退出换新的子进程。      

 6.安装memcache扩展

1 sudo pecl install memcache      

7.安装memcache服务端

1 sudo apt-get install memcached
2 $ memcached -d -m 50 -p 11211 -u root      

参数说明 -m 指定使用多少兆的缓存空间；-p 指定要监听的端口； -u 指定以哪个用户来运行

8.安装sendmail mysql-server

1 sudo apt-get install sendmail mysql-server      

 （参考：http://forum.ubuntu.org.cn/viewtopic.php?t=241301）

转载于:https://www.cnblogs.com/stdanny/archive/2011/12/04/2248530.html