5.52-55PHP-FPM配置檔案詳解
阿新 • • 發佈:2019-03-03
php-fpm.conf
php.ini
www.conf
php-fpm.conf
- php-fpm.conf是主配置檔案,配置檔案路徑:/usr/local/php-fpm/etc/php-fpm.conf
- 子配置檔案路徑:/usr/local/php-fpm/etc/php-fpm.d/*.conf,所有以.conf結尾的配置檔案都為子配置檔案
- 子配置檔案會覆蓋主配置檔案。
- pid檔案
[global]
; Pid file ## pid檔案
; Note: the default prefix is /usr/local/php-fpm/var ## pid檔案預設路徑
; Default Value: none
;pid = run/php-fpm.pid ## 設定pid檔案位置
-
錯誤日誌檔案
; Error log file ; If it's set to "syslog", log is sent to syslogd instead of being written ## 如果設定為syslog,log就會發送給syslogd服務而不會寫進檔案裡。 ; into a local file. ; Note: the default prefix is /usr/local/php-fpm/var ## 錯誤日誌預設存放路徑 ; Default Value: log/php-fpm.log ;error_log = log/php-fpm.log ##錯誤日誌位置
-
日誌級別
日誌級別
; Log level ## 日誌級別包括下一行這些
; Possible Values: alert, error, warning, notice, debug
; Default Value: notice
;log_level = notice ## 預設日誌級別是notice
php.ini
- 配置檔案路徑:/usr/local/php-fpm/etc/php.ini
- 兩種方式檢視php.ini檔案的位置
①使用phpinfo的方式檢視,在一個站點路徑下寫一個phpinfo.php的檔案
vi /data/wwwroot/xx.xx.com/phpinfo.php
<?php
phpinfo();
?>
注意:在瀏覽器中訪問該頁面,不但可以找到php.ini的位置,還可以看到PHP的編譯引數。不建議在生產環境中使用。
②生產環境中可以使用如下命令檢視php.ini的位置
/usr/local/php-fpm/bin/php -i |head
- php.ini是PHP執行的核心配置檔案
- php.ini配置檔案很長,差不多2000行
php.ini兩點注意事項
****避免PHP的資訊暴露在http的訪問介面****
expose_php = off
****避免將錯誤資訊暴露在http的訪問介面****
display_errors = off
php-fpm.conf配置要點
****在關閉display_errors後,為了方便排障,開啟PHP錯誤日誌****
log_errors = on
www.conf
pool 名字: [www] 可以自定義,啟動後,ps aux |grep php-fpm 看最右側,就是pool的名字
listen 指定監聽的IP:port或者socket地址
這個地址需要和nginx配置檔案裡面的那個fastcgi_pass所制定的地址一致,否則就會502
如果監聽的是socket檔案,那麼要保證nginx服務使用者(nginx)對該socket檔案有讀寫許可權,否則502
listen.mode 指定socket檔案的許可權
pm = dynamic 動態模式
pm.max_children = 5 最大程序數
pm.start_servers = 2 啟動幾個子程序
pm.min_spare_servers = 1 空閒時,最少不能少於幾個子程序
pm.max_spare_servers = 3 空閒時,最多不能多於幾個子程序
php_flag[display_errors] = off
php_admin_value[error_log] = /var/log/fpm-php.www.log
php_admin_flag[log_errors] = on
php_admin_value[error_reporting] = E_ALL
配置slow 日誌
slowlog = /tmp/php.slow
request_slowlog_timeout = 1
配置open_basedir
php_admin_value[open_basedir] = /data/wwwroot/blog.aminglinux.cc:/tmp
配置多個pool
定義多個配置檔案,在配置檔案中指定不同的listen地址 不同的 [pool_name]
[blog]
user = php-fpm
group = php-fpm
listen = /tmp/blog.socket
listen.mode = 0666
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
slowlog = /tmp/php.slow
request_slowlog_timeout = 1
php_flag[display_errors] = off
php_admin_value[error_log] = /var/log/fpm-php.www.log
php_admin_flag[log_errors] = on
php_admin_value[error_reporting] = E_ALL
php_admin_value[open_basedir] = /data/wwwroot/blog.aminglinux.cc:/tmp
[bbs]
user = php-fpm
group = php-fpm
listen = /tmp/bbs.socket
listen.mode = 0666
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
slowlog = /tmp/php.slow
request_slowlog_timeout = 1
php_flag[display_errors] = on
php_admin_value[error_log] = /var/log/fpm-php.www.log
php_admin_flag[log_errors] = on
php_admin_value[error_reporting] = E_ALL
php_admin_value[open_basedir] = /data/wwwroot/bbs.aminglinux.cc:/tmp
檢視php.ini路徑:
1) /usr/local/php-fpm/bin/php -i |head
2)用phpinfo
補充:
curl -k -H "host:bbs.aminglinux.cc" https://127.0.0.1/phpinfo.php
參考程式碼
php-fpm配置
[root@test01 conf.d]# vi bbs.champin.top.conf 把php埠改成9001
[root@test01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 conf.d]# nginx -s reload
用瀏覽器開啟bbs.champin.top 會顯示502
[root@test01 conf.d]# !vi
vi bbs.champin.top.conf
[1]+ 已停止 vi bbs.champin.top.conf
[root@test01 conf.d]# tail /var/log/nginx/error.log 看nginx的錯誤日誌也可以看出來。
2019/02/25 18:01:44 [error] 4899#4899: *138 access forbidden by rule, client: 192.168.28.1, server: www.aaa.com, request: "GET /static/image/common/qmenu.png HTTP/1.1", host: "bbs.champin.top"
2019/02/25 18:01:44 [error] 4899#4899: *137 access forbidden by rule, client: 192.168.28.1, server: www.aaa.com, request: "GET /static/image/common/nv_a.png HTTP/1.1", host: "bbs.champin.top"
2019/02/25 18:01:44 [error] 4899#4899: *141 access forbidden by rule, client: 192.168.28.1, server: www.aaa.com, request: "GET /static/image/common/search.png HTTP/1.1", host: "bbs.champin.top"
2019/02/25 18:01:44 [error] 4899#4899: *141 access forbidden by rule, client: 192.168.28.1, server: www.aaa.com, request: "GET /static/image/common/pt_item.png HTTP/1.1", host: "bbs.champin.top"
2019/02/25 18:01:44 [error] 4899#4899: *137 access forbidden by rule, client: 192.168.28.1, server: www.aaa.com, request: "GET /static/image/common/chart.png HTTP/1.1", host: "bbs.champin.top"
2019/02/25 18:01:44 [error] 4899#4899: *138 access forbidden by rule, client: 192.168.28.1, server: www.aaa.com, request: "GET /static/image/common/titlebg.png HTTP/1.1", host: "bbs.champin.top"
2019/02/25 18:01:45 [error] 4899#4899: *138 access forbidden by rule, client: 192.168.28.1, server: www.aaa.com, request: "GET /static/image/common/scrolltop.png HTTP/1.1", host: "bbs.champin.top"
2019/02/25 20:42:18 [notice] 5138#5138: signal process started
2019/02/25 20:42:55 [error] 5139#5139: *142 access forbidden by rule, client: 192.168.28.1, server: www.aaa.com, request: "GET / HTTP/1.1", host: "bbs.champin.top"
2019/02/25 20:43:09 [error] 5139#5139: *149 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.28.1, server: bbs.champin.top, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9001", host: "bbs.champin.top"
[root@test01 conf.d]# cd /usr/local/php-fpm/etc/
[root@test01 etc]# ls
pear.conf php-fpm.conf php-fpm.conf.default php-fpm.d php.ini
[root@test01 etc]# vi php-fpm.conf檢視一下
[root@test01 etc]# cd php-fpm.d/
[root@test01 php-fpm.d]# ls
www.conf www.conf.default
[root@test01 php-fpm.d]# vi www.conf
[1]+ 已停止 vi www.conf
[root@test01 php-fpm.d]# ps aux |grep php-fpm
root 1106 0.0 0.6 230772 6200 ? Ss 07:06 0:02 php-fpm: master process (/usr/local/php-fpm/etc/php-fpm.conf)
php-fpm 1116 0.0 1.5 248088 15612 ? S 07:06 0:02 php-fpm: pool www
php-fpm 1117 0.0 1.8 331084 18788 ? S 07:06 0:03 php-fpm: pool www
root 5153 0.0 0.0 112728 976 pts/1 R+ 20:50 0:00 grep --color=auto php-fpm
[root@test01 php-fpm.d]# fg
vi www.conf
;listen = 127.0.0.1:9000 改成這個樣子
listen = /tmp/www.socket
[root@test01 php-fpm.d]# /usr/local/php-fpm/sbin/php-fpm -t
[25-Feb-2019 20:54:57] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful
[root@test01 php-fpm.d]# /etc/init.d/php-fpm reload
Reload service php-fpm done
[root@test01 php-fpm.d]# ls /tmp/www.socket 看看有沒有這樣一個粉紅色的檔案
/tmp/www.socket
[root@test01 php-fpm.d]# vi /etc/nginx/conf.d/bbs.champin.top.conf 在nginx配置使用這個socket檔案
location ~ \.php$ {
root /data/wwwroot/bbs.champin.top;
# fastcgi_pass 127.0.0.1:9001; 這兩行修改一下
fastcgi_pass unix:/tmp/www.socket;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/bbs.champin.top$fastcgi_script_name;
include fastcgi_params;
}
[root@test01 php-fpm.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 php-fpm.d]# nginx -reload
用瀏覽器重新整理HTTPS://bbs.champin.top還是502
[root@test01 php-fpm.d]# !tail 看一看nginx的錯誤日誌
tail /var/log/nginx/error.log
2019/02/25 18:01:44 [error] 4899#4899: *137 access forbidden by rule, client: 192.168.28.1, server: www.aaa.com, request: "GET /static/image/common/chart.png HTTP/1.1", host: "bbs.champin.top"
2019/02/25 18:01:44 [error] 4899#4899: *138 access forbidden by rule, client: 192.168.28.1, server: www.aaa.com, request: "GET /static/image/common/titlebg.png HTTP/1.1", host: "bbs.champin.top"
2019/02/25 18:01:45 [error] 4899#4899: *138 access forbidden by rule, client: 192.168.28.1, server: www.aaa.com, request: "GET /static/image/common/scrolltop.png HTTP/1.1", host: "bbs.champin.top"
2019/02/25 20:42:18 [notice] 5138#5138: signal process started
2019/02/25 20:42:55 [error] 5139#5139: *142 access forbidden by rule, client: 192.168.28.1, server: www.aaa.com, request: "GET / HTTP/1.1", host: "bbs.champin.top"
2019/02/25 20:43:09 [error] 5139#5139: *149 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.28.1, server: bbs.champin.top, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9001", host: "bbs.champin.top"
2019/02/25 20:47:02 [notice] 5145#5145: signal process started
2019/02/25 20:54:20 [notice] 5158#5158: signal process started
2019/02/25 21:03:57 [notice] 5187#5187: signal process started
2019/02/25 21:04:06 [crit] 5188#5188: *154 connect() to unix:/tmp/www.socket failed (13: Permission denied) while connecting to upstream, client: 192.168.28.1, server: bbs.champin.top, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/tmp/www.socket:", host: "bbs.champin.top"
Permission denied 日誌裡有這類的,多半是許可權不到位等
[root@test01 php-fpm.d]# ls -l /tmp/www.socket
srw-rw----. 1 root root 0 2月 25 20:55 /tmp/www.socket
[root@test01 php-fpm.d]# vi www.conf
listen.mode = 0666 定義一下許可權改成0666
[root@test01 php-fpm.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 php-fpm.d]# /usr/local/php-fpm/sbin/php-fpm -t
[25-Feb-2019 21:12:54] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful
[root@test01 php-fpm.d]# nginx -s reload
[root@test01 php-fpm.d]# /etc/init.d/php-fpm reload
Reload service php-fpm done
reload 不行,需要重啟一下,它會先刪除掉tmp下的socket在生成
[root@test01 php-fpm.d]# /etc/init.d/php-fpm reload
Reload service php-fpm done
[root@test01 php-fpm.d]# /etc/init.d/php-fpm restart
Gracefully shutting down php-fpm . done
Starting php-fpm done
[root@test01 php-fpm.d]# vim www.conf 演示一下
php_flag[display_errors] = on 去掉分號,off改成on
[root@test01 php-fpm.d]# /etc/init.d/php-fpm restart
Gracefully shutting down php-fpm . done
Starting php-fpm done
[root@test01 php-fpm.d]# vi /data/wwwroot/bbs.champin.top/forum.php 寫入錯誤的程式碼
用瀏覽器開啟論壇會直接顯示第幾行程式碼出錯
正確做法。
php_flag[display_errors] = off
php_admin_value[error_log] = /var/log/fpm-php.www.log 開啟錯誤日誌
php_admin_flag[log_errors] = on
php_admin_value[error_reporting] = E_ALL
[root@test01 php-fpm.d]# /etc/init.d/php-fpm restart
Gracefully shutting down php-fpm . done
Starting php-fpm done
[root@test01 php-fpm.d]# touch /var/log/fpm-php.www.log
[root@test01 php-fpm.d]# chmod 777 !$
chmod 777 /var/log/fpm-php.www.log
[root@test01 php-fpm.d]# cat /var/log/fpm-php.www.log
[25-Feb-2019 13:50:51 UTC] PHP Parse error: syntax error, unexpected 'define' (T_STRING) in /data/wwwroot/bbs.champin.top/forum.php on line 11
[25-Feb-2019 13:50:52 UTC] PHP Parse error: syntax error, unexpected 'define' (T_STRING) in /data/wwwroot/bbs.champin.top/forum.php on line 11
[25-Feb-2019 13:50:52 UTC] PHP Parse error: syntax error, unexpected 'define' (T_STRING) in /data/wwwroot/bbs.champin.top/forum.php on line 11
[25-Feb-2019 13:50:52 UTC] PHP Parse error: syntax error, unexpected 'define' (T_STRING) in /data/wwwroot/bbs.champin.top/forum.php on line 11
[25-Feb-2019 13:50:53 UTC] PHP Parse error: syntax error, unexpected 'define' (T_STRING) in /data/wwwroot/bbs.champin.top/forum.php on line 11
[25-Feb-2019 13:50:53 UTC] PHP Parse error: syntax error, unexpected 'define' (T_STRING) in /data/wwwroot/bbs.champin.top/forum.php on line 11 錯誤日誌就能顯示出哪裡出錯了
php.ini
[root@test01 php-fpm.d]# ls /usr/local/php-fpm/etc/ php.ini路徑
pear.conf php-fpm.conf php-fpm.conf.default php-fpm.d php.ini
[root@test01 php-fpm.d]# /usr/local/php-fpm/bin/php -i |head 如果不知道路徑可以這麼檢視
phpinfo()
PHP Version => 7.3.1
System => Linux test01 3.10.0-514.el7.x86_64 #1 SMP Tue Nov 22 16:42:41 UTC 2016 x86_64
Build Date => Jan 26 2019 00:40:10
Configure Command => './configure' '--prefix=/usr/local/php-fpm' '--with-config-file-path=/usr/local/php-fpm/etc' '--enable-fpm' '--with-fpm-user=php-fpm' '--with-fpm-group=php-fpm' '--with-mysql=/usr/local/mysql5.7' '--with-mysqli=/usr/local/mysql5.7/bin/mysql_config' '--with-pdo-mysql=/usr/local/mysql5.7' '--with-mysql-sock=/tmp/mysql.sock' '--with-libxml-dir' '--with-gd' '--with-jpeg-dir' '--with-png-dir' '--with-freetype-dir' '--with-iconv-dir' '--with-zlib-dir' '--with-mcrypt' '--enable-soap' '--enable-gd-native-ttf' '--enable-ftp' '--enable-mbstring' '--enable-exif' '--with-pear' '--with-curl' '--with-openssl'
Server API => Command Line Interface
Virtual Directory Support => disabled
Configuration File (php.ini) Path => /usr/local/php-fpm/etc
Loaded Configuration File => /usr/local/php-fpm/etc/php.ini
還有以下一種方法可以,也可以用來測試php能不能解析,用瀏覽器訪問
[root@test01 php-fpm.d]# ls /data/wwwroot/bbs.champin.top/
admin.php archiver crossdomain.xml forum.php index.php member.php portal.php source uc_client
api config data group.php install misc.php robots.txt static uc_server
api.php connect.php favicon.ico home.php m plugin.php search.php template
[root@test01 php-fpm.d]# vim /data/wwwroot/bbs.champin.top/phpinfo.php
<?php
phpinfo();
?>
可以用瀏覽器開啟 bbs.champin.top/phpinfo.php的頁面,可以檢視到版本,路徑,配置引數等,可以拿這個測試能不能解析,但是比較的危險,如果被黑客看到。配置資訊一覽無餘
可以禁用掉
[root@test01 php-fpm.d]# vim /usr/local/php-fpm/etc/php.ini
找到disable_functions
disable_functions = phpinfo
[root@test01 php-fpm.d]# /etc/init.d/php-fpm reload 重新啟動一下或者載入一下。
Reload service php-fpm done
重新重新整理一下phpinfo.php頁面就打不開了。
[root@test01 php-fpm.d]# tail /var/log/fpm-php.www.log 看錯誤日誌是有記錄的
[25-Feb-2019 14:56:53 UTC] PHP Warning: phpinfo() has been disabled for security reasons in /data/wwwroot/bbs.champin.top/phpinfo.php on line 2
[25-Feb-2019 14:56:56 UTC] PHP Warning: phpinfo() has been disabled for security reasons in /data/wwwroot/bbs.champin.top/phpinfo.php on line 2
[25-Feb-2019 14:57:02 UTC] PHP Warning: phpinfo() has been disabled for security reasons in /data/wwwroot/bbs.champin.top/phpinfo.php on line 2
[25-Feb-2019 14:58:19 UTC] PHP Warning: phpinfo() has been disabled for security reasons in /data/wwwroot/bbs.champin.top/phpinfo.php on line 2
[root@test01 php-fpm.d]# vim www.conf
php_flag[display_errors] = on 把顯示錯誤日誌開啟,調式看看
[root@test01 php-fpm.d]# /etc/init.d/php-fpm reload
Reload service php-fpm done
[root@test01 php-fpm.d]# !curl
curl -k -H "host:bbs.champin.top" https://127.0.0.1/phpinfo.php -I 用curl 200 瀏覽器開啟白頁
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 25 Feb 2019 15:04:42 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/7.3.1
[root@test01 php-fpm.d]# curl -k -H "host:bbs.champin.top" https://127.0.0.1/phpinfo.php 加上I就顯示200.不加就會顯示出錯誤資訊。
<br />
<b>Warning</b>: phpinfo() has been disabled for security reasons in <b>/data/wwwroot/bbs.champin.top/phpinfo.php</b> on line <b>2</b><br />
[root@test01 php-fpm.d]# vim www.conf 先改成on
[root@test01 php-fpm.d]# /etc/init.d/php-fpm reload
Reload service php-fpm done
[root@test01 php-fpm.d]# vim www.conf
[root@test01 php-fpm.d]# /etc/init.d/php-fpm reload
Reload service php-fpm done
配置slow日誌(針對php-fpm)
[root@test01 php-fpm.d]# vim www.conf
slowlog = /tmp/php.slow 這個用來定義php指令碼執行慢的日誌路徑(正常生產環境中不應放在tmp下。)
request_slowlog_timeout = 1 這個用來定義超時時間 2秒為佳
[root@test01 php-fpm.d]# /etc/init.d/php-fpm reload
Reload service php-fpm done
[root@test01 php-fpm.d]# vim /usr/local/php-fpm/etc/php.ini 先開啟phpinfo
disable_functions =
[root@test01 php-fpm.d]# /etc/init.d/php-fpm reload 再次過載
Reload service php-fpm done
[root@test01 php-fpm.d]# cd /data/wwwroot/bbs.champin.top/
[root@test01 bbs.champin.top]# ls
admin.php config favicon.ico index.php misc.php robots.txt template
api connect.php forum.php install phpinfo.php search.php uc_client
api.php crossdomain.xml group.php m plugin.php source uc_server
archiver data home.php member.php portal.php static
[root@test01 bbs.champin.top]# vi phpinfo.php
<?php
phpinfo();
sleep (2);
echo 11112;
?>
[root@test01 bbs.champin.top]# !curl 實際會停頓2秒鐘。可能感覺不明顯
curl -k -H "host:bbs.champin.top" https://127.0.0.1/phpinfo.php
[root@test01 bbs.champin.top]# cat /tmp/php.slow 再去看slow日誌
[25-Feb-2019 23:22:31] [pool www] pid 5392
script_filename = /data/wwwroot/bbs.champin.top/phpinfo.php
[0x00007fbd9f4200a0] sleep() /data/wwwroot/bbs.champin.top/phpinfo.php:3
[root@test01 bbs.champin.top]# vi phpinfo.php
<?php
echo 1;
sleep (5);
echo 11112;
?>
[root@test01 bbs.champin.top]# !curl 停頓了5秒才顯示出來
curl -k -H "host:bbs.champin.top" https://127.0.0.1/phpinfo.php
11112[root@test01 bbs.champin.top]#
[root@test01 bbs.champin.top]# !cat
cat /tmp/php.slow
[25-Feb-2019 23:22:31] [pool www] pid 5392
script_filename = /data/wwwroot/bbs.champin.top/phpinfo.php
[0x00007fbd9f4200a0] sleep() /data/wwwroot/bbs.champin.top/phpinfo.php:3
[25-Feb-2019 23:31:14] [pool www] pid 5393
script_filename = /data/wwwroot/bbs.champin.top/phpinfo.php
[0x00007fbd9f4200a0] sleep() /data/wwwroot/bbs.champin.top/phpinfo.php:3 會顯示那個指令碼的哪一行執行的慢
[root@test01 bbs.champin.top]# date
2019年 02月 25日 星期一 23:32:44 CST
[root@test01 bbs.champin.top]# rm -rvf phpinfo.php 測試機上可以用,生產環境中堅決避免使用phpinfo
已刪除"phpinfo.php"
[root@test01 bbs.champin.top]# vim forum.php 中間增加sleep (10);
sleep (10);
用瀏覽器開啟http://bbs.champin.top/forum.php,會等待10秒才會開啟,平常使用者開啟網頁也會出現這種情況,當出現這種情況時,排查就要藉助slowlog用這種方法去排查
[root@test01 bbs.champin.top]# !cat 再看一下日誌,我重新整理了兩次,所以記錄的兩條慢日誌
cat /tmp/php.slow
[25-Feb-2019 23:22:31] [pool www] pid 5392
script_filename = /data/wwwroot/bbs.champin.top/phpinfo.php
[0x00007fbd9f4200a0] sleep() /data/wwwroot/bbs.champin.top/phpinfo.php:3
[25-Feb-2019 23:31:14] [pool www] pid 5393
script_filename = /data/wwwroot/bbs.champin.top/phpinfo.php
[0x00007fbd9f4200a0] sleep() /data/wwwroot/bbs.champin.top/phpinfo.php:3
[25-Feb-2019 23:37:41] [pool www] pid 5392
script_filename = /data/wwwroot/bbs.champin.top/forum.php
[0x00007fbd9f41d420] sleep() /data/wwwroot/bbs.champin.top/forum.php:22
[25-Feb-2019 23:37:49] [pool www] pid 5393
script_filename = /data/wwwroot/bbs.champin.top/forum.php
[0x00007fbd9f41d420] sleep() /data/wwwroot/bbs.champin.top/forum.php:22
[root@test01 bbs.champin.top]# !vi 去掉sleep (10);
vim forum.php
配置open_basedir
[root@test01 bbs.champin.top]# vim /usr/local/php-fpm/etc/php.ini
open_basedir = /home:/root
[root@test01 bbs.champin.top]# /etc/init.d/php-fpm reload
Reload service php-fpm done
用瀏覽器訪問https://bbs.champin.top 出現No input file specified.
先看看錯誤日誌
[root@test01 bbs.champin.top]# tail /var/log/fpm-php.www.log
[25-Feb-2019 14:56:56 UTC] PHP Warning: phpinfo() has been disabled for security reasons in /data/wwwroot/bbs.champin.top/phpinfo.php on line 2
[25-Feb-2019 14:57:02 UTC] PHP Warning: phpinfo() has been disabled for security reasons in /data/wwwroot/bbs.champin.top/phpinfo.php on line 2
[25-Feb-2019 14:58:19 UTC] PHP Warning: phpinfo() has been disabled for security reasons in /data/wwwroot/bbs.champin.top/phpinfo.php on line 2
[25-Feb-2019 15:01:58 UTC] PHP Warning: phpinfo() has been disabled for security reasons in /data/wwwroot/bbs.champin.top/phpinfo.php on line 2
[25-Feb-2019 15:04:42 UTC] PHP Warning: phpinfo() has been disabled for security reasons in /data/wwwroot/bbs.champin.top/phpinfo.php on line 2
[25-Feb-2019 15:04:55 UTC] PHP Warning: phpinfo() has been disabled for security reasons in /data/wwwroot/bbs.champin.top/phpinfo.php on line 2
[25-Feb-2019 15:05:01 UTC] PHP Warning: phpinfo() has been disabled for security reasons in /data/wwwroot/bbs.champin.top/phpinfo.php on line 2
[25-Feb-2019 15:31:13 UTC] PHP Warning: Use of undefined constant echo1 - assumed 'echo1' (this will throw an Error in a future version of PHP) in /data/wwwroot/bbs.champin.top/phpinfo.php on line 2
在這
[25-Feb-2019 15:56:44 UTC] PHP Warning: Unknown: open_basedir restriction in effect. File(/data/wwwroot/bbs.champin.top/forum.php) is not within the allowed path(s): (/home:/root) in Unknown on line 0
[25-Feb-2019 15:56:44 UTC] PHP Warning: Unknown: failed to open stream: Operation not permitted in Unknown on line 0
[root@test01 bbs.champin.top]# vim /usr/local/php-fpm/etc/php.ini
open_basedir = /data/wwwroot/bbs.champin.top:/tmp
[root@test01 bbs.champin.top]# /etc/init.d/php-fpm reload
Reload service php-fpm done
現在用瀏覽器訪問https://bbs.champin.top 可以打開了。但訪問www.champin.top就502了
先解決一下www.champin.top的502問題
[root@test01 bbs.champin.top]# vi /etc/nginx/conf.d/www.champin.top.conf
location ~ \.php$ {
root /data/wwwroot/www.champin.top;
#fastcgi_pass 127.0.0.1:9001;
fastcgi_pass unix:/tmp/www.socket;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/www.champin.top$fastcgi_script_name;
include fastcgi_params;
}
用瀏覽器訪問www.champin.top 也是是出現No input file specified 因為openbesedir沒定義www.champin.top的路徑
可以在php.ini中 open_basedir裡混合定義這兩個網站的路徑,這樣如果其中一個網站被攻擊,那麼兩個網站都會有安全風險。
另外一種方法就是不在php.ini的open_basedir中定義,到php-fpm裡面去定義
[root@test01 bbs.champin.top]# vim /usr/local/php-fpm/etc/php.ini
open_basedir = 取消
[root@test01 bbs.champin.top]# cd /usr/local/php-fpm/etc/php-fpm.d/
[root@test01 php-fpm.d]# vim www.conf
[root@test01 php-fpm.d]# vim www.conf
先定義好一個
php_admin_value[open_basedir] = /data/wwwroot/bbs.champin.top:/tmp
[root@test01 php-fpm.d]# grep -v '^;' www.conf |grep -v '^$'
[www]
user = php-fpm
group = php-fpm
listen = /tmp/www.socket
listen.mode = 0666
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
slowlog = /tmp/php.slow
request_slowlog_timeout = 1
php_flag[display_errors] = off
php_admin_value[error_log] = /var/log/fpm-php.www.log
php_admin_flag[log_errors] = on
php_admin_value[error_reporting] = E_ALL
php_admin_value[open_basedir] = /data/wwwroot/bbs.champin.top:/tmp
[root@test01 php-fpm.d]# vi blog.conf
[blog]
user = php-fpm
group = php-fpm
listen = /tmp/blog.socket
listen.mode = 0666
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
slowlog = /tmp/php.slow
request_slowlog_timeout = 1
php_flag[display_errors] = off
php_admin_value[error_log] = /var/log/fpm-php.www.log
php_admin_flag[log_errors] = on
php_admin_value[error_reporting] = E_ALL
php_admin_value[open_basedir] = /data/wwwroot/www.champin.top:/tmp
[root@test01 php-fpm.d]# mv www.conf bbs.conf 為了更好的區分pool,改成bbs。pool的名字也改成bbs
[root@test01 php-fpm.d]# vi bbs.conf
[www]改成[bbs]
[root@test01 php-fpm.d]# /usr/local/php-fpm/sbin/php-fpm -t
[26-Feb-2019 00:28:05] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful
[root@test01 php-fpm.d]# /etc/init.d/php-fpm restart
Gracefully shutting down php-fpm . done
Starting php-fpm done
[root@test01 php-fpm.d]# ls /tmp/ 多了一個blog.socket檔案
blog.socket systemd-private-4dd844f49c7d42aaa3d0ecd231f21905-vmtoolsd.service-wBwXw9
html systemd-private-844c61e19fa44725ac7e2901678bb6b6-vmtoolsd.service-fqEuo8
inittab.txt systemd-private-f76438af452340deb845a63bbbbbba43-vmtoolsd.service-UA99YA
mysql.sock www.socket
passwd.txt yum_save_tx.2019-02-14.23-03.I5mpYO.yumtx
php.slow
[root@test01 php-fpm.d]# vi /etc/nginx/conf.d/www.champin.top.conf 改成bbs.socket
listen = /tmp/bbs.socket
[root@test01 php-fpm.d]# vi /etc/nginx/conf.d/bbs.champin.top.conf 這裡也要改成bbs.socket
fastcgi_pass unix:/tmp/bbs.socket;
[root@test01 php-fpm.d]# vi /etc/nginx/conf.d/www.champin.top.conf 這裡也要改成blog.socket
fastcgi_pass unix:/tmp/blog.socket;
[root@test01 php-fpm.d]# ps aux |grep php-fpm 一個pool一個站點。獨立開來
root 5492 0.0 0.6 230780 6332 ? Ss 00:28 0:00 php-fpm: master process (/usr/local/php-fp/etc/php-fpm.conf)
php-fpm 5493 0.0 0.7 230772 7028 ? S 00:28 0:00 php-fpm: pool bbs
php-fpm 5494 0.0 0.7 230772 7028 ? S 00:28 0:00 php-fpm: pool bbs
php-fpm 5495 0.0 0.6 230772 6320 ? S 00:28 0:00 php-fpm: pool blog
php-fpm 5496 0.0 0.6 230772 6320 ? S 00:28 0:00 php-fpm: pool blog
root 5509 0.0 0.0 112728 976 pts/1 R+ 00:37 0:00 grep --color=auto php-fpm
[root@test01 php-fpm.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 php-fpm.d]# nginx -s reload
[root@test01 php-fpm.d]# /etc/init.d/php-fpm reload
Reload service php-fpm done