Linux – 安装nginx – 搭配YII2环境

我们在开发和测试环境，需要为yii2搭配环境，这里说的是安装nginx

1.安装脚本：

wget nginx.org/download/nginx-1.11.13.tar.gz  
tar zxvf nginx-1.11.13.tar.gz  
cd nginx-1.11.13  
./configure --with-http_ssl_module  --with-http_v2_module
make && make install

 

【 题外话：

–with-http_v2_module 配置代表开启http2模块，您可以通过下面的方式设置http2

listen 443 ssl http2;

可以通过下面的链接找到工具测试是否开启http2：https://www.kejianet.cn/open-http2/

题外话：】

2.启动脚本：

touch /etc/init.d/nginx
vim /etc/init.d/nginx

加入代码，wq保存

#!/bin/bash  
# nginx Startup script for the Nginx HTTP Server  
# it is v.0.0.2 version.  
# chkconfig: - 85 15  
# description: Nginx is a high-performance web and proxy server.  
#              It has a lot of features, but it's not for everyone.  
# processname: nginx  
# pidfile: /var/run/nginx.pid  
# config: /usr/local/nginx/conf/nginx.conf  
nginxd=/usr/local/nginx/sbin/nginx  
nginx_config=/usr/local/nginx/conf/nginx.conf  
nginx_pid=/var/run/nginx.pid  
RETVAL=0  
prog="nginx"  
# Source function library.  
. /etc/rc.d/init.d/functions  
# Source networking configuration.  
. /etc/sysconfig/network  
# Check that networking is up.  
[ ${NETWORKING} = "no" ] && exit 0  
[ -x $nginxd ] || exit 0  
# Start nginx daemons functions.  
start() {  
if [ -e $nginx_pid ];then  
   echo "nginx already running...."  
   exit 1  
fi  
   echo -n $"Starting $prog: "  
   daemon $nginxd -c ${nginx_config}  
   RETVAL=$?  
   echo  
   [ $RETVAL = 0 ] && touch /var/lock/subsys/nginx  
   return $RETVAL  
}  
# Stop nginx daemons functions.  
stop() {  
        echo -n $"Stopping $prog: "  
        killproc $nginxd  
        RETVAL=$?  
        echo  
        [ $RETVAL = 0 ] && rm -f /var/lock/subsys/nginx /var/run/nginx.pid  
}  
# reload nginx service functions.  
reload() {  
    echo -n $"Reloading $prog: "  
    #kill -HUP `cat ${nginx_pid}`  
    killproc $nginxd -HUP  
    RETVAL=$?  
    echo  
}  
# See how we were called.  
case "$1" in  
start)  
        start  
        ;;  
stop)  
        stop  
        ;;  
reload)  
        reload  
        ;;  
restart)  
        stop  
        start  
        ;;  
status)  
        status $prog  
        RETVAL=$?  
        ;;  
*)  
        echo $"Usage: $prog {start|stop|restart|reload|status|help}"  
        exit 1  
esac  
exit $RETVAL  

3.添加自启动

vim /etc/rc.d/rc.local
添加：
/etc/init.d/nginx start

添加nginx用户：

groupadd nginx  
useradd -g nginx nginx

 

然后设置权限：

chmod 755 /etc/init.d/nginx

4.启动nginx

/etc/init.d/nginx start

到这里就启动完成ngxin，我们需要配置nginx

5.配置nginx

添加文件地址/www/web

mkdir -p /www/web

添加log文件：

mkdir /var/log/nginx  
touch /var/log/nginx/error.log  
chmod 777 -R /var/log/nginx/error.log

添加nginx 文件access.log和error.log

mkdir /www/web_logs  
touch /www/web_logs/access.log  
chmod 777 /www/web_logs/access.log  
touch /www/web_logs/error.log  
chmod 777 /www/web_logs/error.log

nginx的配置如下：

/usr/local/nginx/conf/nginx.conf，代码如下：

user  nginx nginx;
worker_processes  4;

error_log  /var/log/nginx/error.log warn;
pid        /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 65535;

events {
    use epoll;
    worker_connections  65535;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 8m;
#    limit_conn_zone $binary_remote_addr zone=one:32k;

    sendfile        on;
    tcp_nopush     on;
  

    keepalive_timeout  120;
    tcp_nodelay on;
   
    fastcgi_buffers 8 128k;
    fastcgi_connect_timeout 9900s;
    fastcgi_send_timeout 9900s;
    fastcgi_read_timeout 9900s;

    gzip  on;
    gzip_min_length  1k;
    gzip_buffers     4 16k;
    gzip_http_version 1.1;
    gzip_comp_level 2;
    gzip_types       text/plain application/x-javascript text/css application/xml;
    gzip_vary on;

    log_format  wwwlogs  '$remote_addr - $remote_user [$time_local] $request $status $body_bytes_sent $http_referer $http_user_agent $http_x_forwarded_for';
    
    include conf.d/*.conf;
}

/usr/local/nginx/conf/none.conf，代码如下：

location / {
        index index.html index.php; ## Allow a static html file to be shown first
        try_files $uri $uri/ @handler; ## If missing pass the URI to Magento's front handler
        expires 30d; ## Assume all files are cachable
#		rewrite ^/$ /index.php last;
#        rewrite ^/(?!index\.php|robots\.txt|static)(.*)$ /index.php/$1 last;
    }

    ## These locations would be hidden by .htaccess normally
    location /app/                { deny all; }
    location /includes/           { deny all; }
    location /lib/                { deny all; }
    location /media/downloadable/ { deny all; }
    location /pkginfo/            { deny all; }
    location /report/config.xml   { deny all; }
    location /var/                { deny all; }
    location /var/email/ {allow all;}
    location /var/export/ { ## Allow admins only to view export folder
        auth_basic           "Restricted"; ## Message shown in login window
        auth_basic_user_file htpasswd; ## See /etc/nginx/htpassword
        autoindex            on;
    }
      location  /. { ## Disable .htaccess and other hidden files
        return 404;
    }

    location @handler { ## Magento uses a common front handler
        rewrite / /index.php;
    }

    location ~ .php/ { ## Forward paths like /js/index.php/x.js to relevant handler
        rewrite ^(.*.php)/ $1 last;
    }

 

/usr/local/nginx/conf/conf.d/default.conf  这个文件是网站内容的配置。譬如如下：

server {
    listen       1000;
    listen 443 ssl;
    
    server_name 192.168.220.100;
    root  /www/web/datacenter/datacenter_1000/appadmin/web;
    server_tokens off;
        include none.conf;
        index index.php;
        access_log /www/web_logs/access.log wwwlogs;
        error_log  /www/web_logs/error.log  notice;
        location ~ \.php$ {
                fastcgi_pass   127.0.0.1:9000;
                fastcgi_index  index.php;
                include fcgi.conf;
        }

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
                expires      30d;
        }

        location ~ .*\.(js|css)?$ {
                expires      12h;
        }
        
    location ~ /.svn/ {
                deny all;
        }

}

上面的意思为：

listen 代表监听的端口，线上都是填写80,80是默认端口，我们访问的网站，默认都是80端口

server_name  填写对应的IP，或者域名

root 代表上面访问IP或者域名，网站的根目录

填写完成上面的后，保存，退出。重启nginx

/etc/init.d/nginx restart

6.新建文件：

mkdir -p  /www/web/datacenter/datacenter_1000/appadmin/web
touch  /www/web/datacenter/datacenter_1000/appadmin/web/index.php
vim /www/web/datacenter/datacenter_1000/appadmin/web/index.php

添加代码

<?php
echo phpinfo();
?>

访问配置的nginx的域名或者IP就可以看到页面了。

7. nginx  php 隐藏版本号

vi /usr/local/nginx/conf/nginx.conf
#在http{}中加入
server_tokens off;

 

第二歩：

 

vi /usr/local/nginx/conf/fastcgi_params
#将里面的
#fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
#修改为：
fastcgi_param SERVER_SOFTWARE nginx;

 

 

隐藏PHP版本号

 

vi php.ini

#找到：

#expose_php = On;

#修改为：

expose_php = Off;

 

8nginx日志切割

设置日志格式及路径：

全局格式设置 ：nginx.conf

 

log_format  wwwlogs  '$remote_addr - $remote_user [$time_local] $request $status $body_bytes_sent $http_referer $http_user_agent $http_x_forwarded_for';

access_log /www/web_logs/access.log wwwlogs;

error_log  /www/web_logs/error.log  notice;

新建文件 /cron/nginx_spilit.sh

#!/bin/bash  
log_files_path="/www/web_logs/"  
log_files_dir=${log_files_path}$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")  
log_files_name=(access access error error)  
nginx_sbin="$/usr.local/nginx/sbin/nginx "  
save_days=60  
mkdir -p $log_files_dir  
log_files_num=${#log_files_name[@]}  
for((i=0;i<$log_files_num;i++));do  
mv ${log_files_path}${log_files_name[i]}.log ${log_files_dir}/${log_files_name[i]}_$(date -d "yesterday" +"%Y%m%d").log  
done  
find $log_files_path -mtime +$save_days -exec rm -rf {} \;  
$nginx_sbin -s reload

 

crontab -e
00 00 * * * /bin/bash /cron/nginx_spilit.sh