apache+nginx

  • WEB服务器搭建
    • Lighttpd切换至Apache(httpd)
      • 添加配置文件
      • 问题解决
      • 注意
    • Lighttpd切换至Nginx
      • 添加配置文件
      • 问题解决
      • 注意
    • 描述

WEB服务器搭建

标签(空格分隔): WEB服务器 Apache httpd lighttpd Nginx php-cgi php-fpm

Lighttpd切换至Apache(httpd)


添加配置文件

  • 监听80端口
<VirtualHost *:80> 
    #ServerAdmin [email protected] 
    ServerName down.gwifi.com.cn
    DocumentRoot "/mnt/sd/www/htdocs" 
    ErrorLog "logs/error_log"
    CustomLog "logs/access_log" combined

    <Directory "/mnt/sd/www/htdocs">
        AllowOverride None
        # Allow open access:
        Require all granted
    </Directory>

    <Directory "/mnt/sd/www/htdocs"> 
        Options Indexes FollowSymLinks
        AllowOverride None
        Order allow,deny
        Allow from all
            Require all granted
    </Directory> 
</VirtualHost> 
  • 监听443端口
<VirtualHost *:443> 
    #ServerAdmin [email protected] 
    DocumentRoot "/mnt/sd/www/htdocs" 
    ErrorLog "logs/error_log"
    CustomLog "logs/access_log" combined

    SSLEngine on
    SSLCertificateFile "/appfs/etc/httpd/server.crt"
    SSLCertificateKeyFile "/appfs/etc/httpd/server.key"
    SSLCertificateChainFile "/appfs/etc/httpd/server-ca.crt"

    SSLProtocol  all -SSLv2 -SSLv3
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

    <Directory "/mnt/sd/www/htdocs">
         AllowOverride None
        # Allow open access:
        Require all granted
    </Directory>

    <Directory "/mnt/sd/www/htdocs"> 
            Options Indexes FollowSymLinks
            AllowOverride None
            Order deny,allow
            Allow from all
    </Directory> 
</VirtualHost> 
  • 配置php.conf
#
# Cause the PHP interpreter to handle files with a .php extension.
#
<FilesMatch \.(php|htm|html)$>
    SetHandler application/x-httpd-php
</FilesMatch>

#
# Allow php to handle Multiviews
#
AddType text/html  .php

AddType application/x-httpd-php .php 
AddType application/x-httpd-php .htm
AddType application/x-httpd-php .html

#
# Add index.php to the list of files that will be served as directory
# indexes.
#
DirectoryIndex index.php

#
# Uncomment the following lines to allow PHP to pretty-print .phps
# files as PHP source code:
#
#<FilesMatch \.phps$>
#    SetHandler application/x-httpd-php-source
#</FilesMatch>

#
# Apache specific PHP configuration options
# those can be override in each configured vhost
#
php_value session.save_handler "files"
php_value session.save_path    "/var/lib/php/session"

<IfModule mod_php5.c>
    # If php is turned on, we respect .php and .phps files.
    AddType application/x-httpd-php .php
    AddType application/x-httpd-php-source .phps

    # Since most users will want index.php to work we
    # also automatically enable index.php
    <IfModule mod_dir.c>
        DirectoryIndex index.html index.php index.htm
    </IfModule>
</IfModule>
  • 修改php.ini文件

问题解决

  1. web服务器搭建成功之后无法执行PHP文件,本地下载APK文件

    • 问题原因:httpd的启动用户是apache,没有为PHP文件添加apache的可执行权限;
    • 解决方法:为PHP(整个web服务器主目录)添加权限为777
  2. httpd支持https配置时,x64克隆盘中没有mod_ssl.so动态库,所以配置LoadModule时无法加载ssl模块

    • 解决方法: yum安装后,将mod_ssl.so动态库放到指定的目录下或者将上述文件放到版本中,版本升级时copy至相关目录。
  3. PHP文件中使用shell命令时发现无法执行

    • 问题原因:无法找到相应的shell命令并且没有执行权限
    • 解决方法:使用sudo命令、使用命令的全路径并且PHP文件中使用system函数代替exec函数(exec函数是system函数的再次封装)。
  4. 为apache用户赋予root执行权限

    • 解决方法:在/etc/sudoers文件中添加下述语句
      apache ALL=(ALL) NOPASSWD: ALL
  5. 指定ssl证书为server-ca.crt证书文件后出现下述错误
    ## Could not reliably determine the server’s fully qualified domain name
    ## kill: cannot find process “”

    • 解决方法: 按照上述的监听443端口的配置文件解决
  6. httpd -t检测httpd的配置文件时出现错误如下:
    AH00534: httpd: Configuration error: No MPM loaded.

    • 解决方法: 增加一行: LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
  7. 启动httpd出现错误如下:
    AH00526: Syntax error on line 10 of /etc/httpd/conf.d/443_auth_httpd.conf:
    invalid command ‘SSLEngine’, perhaps misspelled or defined by a module not included in the server configuration

    • 解决方法: 增加一行: LoadModule ssl_module modules/mod_ssl.so
  8. 再次启动httpd出现 错误如下:

注意

  • yum安装的apache是不支持root用户启动的,如果需要支持root用户启动,可采用编译apache源码,添加指定选项,支持root用户启动;

  • 需要修改配置文件中指定目录的权限为Apache可执行权限

Lighttpd切换至Nginx


添加配置文件

  • 监听80端口
server {
        allow 10.0.0.0/8;
        allow 172.16.0.0/12;
        allow 192.168.0.0/16;
        deny all;
        listen       80;
        resolver 127.0.0.1;
        server_name  localhost;
        error_log  /var/log/nginx.auth/error.log;
        access_log /var/log/nginx.auth/access.log;
        root /mnt/sd/www/htdocs;

        location / {
                index  index.php index.html index.htm;
        }

        location ~* \.(gif|jpg|jpeg|png|bmp|swf|css)$ {
                        #if (-f $request_filename) {
                                        expires 1d;
                        #       break;
                        #}
        }

        location ~ \.(php|html|htm|js)$ {
           #expires -1s;
           #try_files $uri =404;
           #fastcgi_split_path_info ^(.+\.php)(/.+)$;
           #fastcgi_param PATH_INFO $fastcgi_path_info;
           fastcgi_pass   127.0.0.1:9000;
           fastcgi_index  index.php;
           fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
           include        fastcgi_params;
        }

#        location ~ \.(php|htm|html)$ {
#            #root  /mnt/sd/www/htdocs;
#            #index  index.html index.htm index.php;
#            #try_files $uri =404;
#            fastcgi_pass   127.0.0.1:9000;
#           fastcgi_index  index.php;
#            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#            include        fastcgi_params;
#        }

}
  • 监听443端口
server {
        allow 10.0.0.0/8;
        allow 172.16.0.0/12;
        allow 192.168.0.0/16;
        deny all;

        listen 443;
        ssl on;
        ssl_certificate /appfs/etc/nginx.auth/server.crt;
        ssl_certificate_key /appfs/etc/nginx.auth/server.key;

        resolver 127.0.0.1;
        server_name  localhost;
        error_log  /var/log/nginx.auth/error.log;
        access_log /var/log/nginx.auth/access.log;
        root /mnt/sd/www/htdocs;

        location / {
                index  index.php index.html index.htm;
        }

        location ~* \.(gif|jpg|jpeg|png|bmp|swf|css)$ {
                        #if (-f $request_filename) {
                                        expires 1d;
                        #       break;
                        #}
        }

        location ~ \.(php|html|htm|js)$ {
           #expires -1s;
           #try_files $uri =404;
           #fastcgi_split_path_info ^(.+\.php)(/.+)$;
           #fastcgi_param PATH_INFO $fastcgi_path_info;
           fastcgi_pass   127.0.0.1:9000;
           fastcgi_index  index.php;
           fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
           include        fastcgi_params;
        }
}
  • nginx.conf 配置文件
user root root;
worker_processes auto;
error_log  /var/log/nginx.auth/error.log debug_http;
pid        /var/run/nginx.auth.pid;


worker_rlimit_nofile 60000;
events {
    worker_connections  20480;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #'$status $body_bytes_sent "$http_referer" '
    #'"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  /var/log/nginx.auth/access.log;
    access_log  off;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    proxy_temp_path /mnt/sd/nginx.auth/proxy_temp_dir 1 2;
    #proxy_cache_path   /mnt/sd/nginx.auth/proxy_cache_dir levels=1:2           
    keys_zone=ctohome:50m inactive=1d max_size=5g;


    #gzip  on;
    include /appfs/etc/nginx.auth/auth.conf;
}
  • php-fpm配置文件 www.conf
; Start a new pool named 'www'.
[www]

; The address on which to accept FastCGI requests.
; Valid syntaxes are:
;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific address on
;                            a specific port;
;   'port'                 - to listen on a TCP socket to all addresses on a
;                            specific port;
;   '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = 127.0.0.1:9000

; Set listen(2) backlog. A value of '-1' means unlimited.
; Default Value: -1
;listen.backlog = -1

; List of ipv4 addresses of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
listen.allowed_clients = 127.0.0.1

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions. 
; Default Values: user and group are set as the running user
;                 mode is set to 0666
;listen.owner = nobody
;listen.group = nobody
;listen.mode = 0666

; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;       will be used.
; RPM: apache Choosed to be able to access some dir as httpd
user = root
; RPM: Keep a group allowed to write in log dir.
group = root

; Choose how the process manager will control the number of child processes.
; Possible Values:
;   static  - a fixed number (pm.max_children) of child processes;
;   dynamic - the number of child processes are set dynamically based on the
;             following directives:
;             pm.max_children      - the maximum number of children that can
;                                    be alive at the same time.
;             pm.start_servers     - the number of children created on startup.
;             pm.min_spare_servers - the minimum number of children in 'idle'
;                                    state (waiting to process). If the number
;                                    of 'idle' processes is less than this
;                                    number then some children will be created.
;             pm.max_spare_servers - the maximum number of children in 'idle'
;                                    state (waiting to process). If the number
;                                    of 'idle' processes is greater than this
;                                    number then some children will be killed.
; Note: This value is mandatory.
pm = dynamic

; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes to be created when pm is set to 'dynamic'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI.
; Note: Used when pm is set to either 'static' or 'dynamic'
; Note: This value is mandatory.
pm.max_children = 50

; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
pm.start_servers = 5

; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.min_spare_servers = 5

; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.max_spare_servers = 35

; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
;pm.max_requests = 500

; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. By default, the status page shows the following
; information:
;   accepted conn    - the number of request accepted by the pool;
;   pool             - the name of the pool;
;   process manager  - static or dynamic;
;   idle processes   - the number of idle processes;
;   active processes - the number of active processes;
;   total processes  - the number of idle + active processes.
; The values of 'idle processes', 'active processes' and 'total processes' are
; updated each second. The value of 'accepted conn' is updated in real time.
; Example output:
;   accepted conn:   12073
;   pool:             www
;   process manager:  static
;   idle processes:   35
;   active processes: 65
;   total processes:  100
; By default the status page output is formatted as text/plain. Passing either
; 'html' or 'json' as a query string will return the corresponding output
; syntax. Example:
;   http://www.foo.bar/status
;   http://www.foo.bar/status?json
;   http://www.foo.bar/status?html
; Note: The value must start with a leading slash (/). The value can be
;       anything, but it may not be a good idea to use the .php extension or it
;       may conflict with a real PHP file.
; Default Value: not set 
;pm.status_path = /status

; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
; - create a graph of FPM availability (rrd or such);
; - remove a server from a group if it is not responding (load balancing);
; - trigger alerts for the operating team (24/7).
; Note: The value must start with a leading slash (/). The value can be
;       anything, but it may not be a good idea to use the .php extension or it
;       may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping

; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
; Default Value: pong
;ping.response = pong

; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_terminate_timeout = 0

; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_slowlog_timeout = 0

; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
slowlog = /var/log/php-fpm/www-slow.log

; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024

; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0

; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: chrooting is a great security feature and should be used whenever 
;       possible. However, all PHP paths will be relative to the chroot
;       (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot = 

; Chdir to this directory at the start. This value must be an absolute path.
; Default Value: current directory or / when chroot
;chdir = /var/www

; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Default Value: no
;catch_workers_output = yes

; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; exectute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
security.limit_extensions = .php .php3 .php4 .php5 .htm .html .js

; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp

env[PATH] = /appfs/bin:/appfs/sbin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/sbin:/usr/bin:/usr/sbin

; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
;   php_value/php_flag             - you can set classic ini defines which can
;                                    be overwritten from PHP call 'ini_set'. 
;   php_admin_value/php_admin_flag - these directives won't be overwritten by
;                                     PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.

; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.

; Default Value: nothing is defined by default except the values in php.ini and
;                specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f [email protected]
;php_flag[display_errors] = off
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 128M

; Set session path to a directory owned by process user
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session
  • php-fpm启动脚本
#!/bin/sh
## Create files of php-fpm
if [ ! -d "/var/log/php-fpm" ];then
    mkdir /var/log/php-fpm
fi
if [ ! -f "/var/log/php-fpm/error.log" ];then
    touch /var/log/php-fpm/error.log
fi
if [ ! -f "/var/log/php-fpm/www-error.log" ];then
    touch /var/log/php-fpm/www-error.log
fi
if [ ! -f "/var/log/php-fpm/www-slow.log" ];then
    touch /var/log/php-fpm/www-slow.log
fi

## Compare config file
#APPFS_PHP_INI="/appfs/etc/php/php.ini"
#ETC_PHP_INI="/etc/php.ini"
APPFS_PHP_CONF="/appfs/etc/php/php-fpm/www.conf"
ETC_PHP_CONF="/etc/php-fpm.d/www.conf"
#cmp ${APPFS_PHP_INI}  ${ETC_PHP_INI}
#if [ $? -ne  0 ];then
#   cp -f /appfs/etc/php/php.ini /etc/php.ini
#fi
cmp ${APPFS_PHP_CONF} ${ETC_PHP_CONF}
if [ $? -ne  0 ];then
    cp -f /appfs/etc/php/php-fpm/www.conf /etc/php-fpm.d/www.conf
fi

## Start process
#php-fpm&
nohup /usr/sbin/php-fpm -R >/dev/null 2>&1 &
sleep 1

问题解决

  1. 执行getProduct.html文件时出现错误

    • 其中获取app.conf文件内容时无法获取
      • 问题原因: app.conf文件没有可执行权限
      • 解决方法: 为app.conf文件增加可执行权限为777
    • json_decode函数执行的时候无法得到解析的json字段的数据,例如:app_os字段就无法获得,导致php文件执行到此处就退出
      • 问题原因: php-fpm执行的时候使用的用户是nobody用户对llapp目录没有任何权限,所以不能完成对apk文件的下载
      • 解决方法: 让nginx和php-fpm都以root用户执行,修改nginx.conf配置文件的执行用户为root用户,修改www.conf(php-fpm的配置文件)也用root用户启动
  2. php-fpm执行Linux命令命令会返回127错误码(command not found)

    • 问题原因:PHP文件中使用Linux命令都是相对路径,PHP无法找到命令所在
    • 解决方法:
      • 将所有PHP文件中使用Linux命令的exec函数替换成system函数
      • 修改执行命令为全路径执行
      • 将linux命令的绝对路径配置在php-fpm的配置文件中,保证使用相对路径执行命令的时候可以找到linux命令
      • 在www.conf配置文件中添加下述行
        env[PATH] = /appfs/bin:/appfs/sbin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/sbin:/usr/bin:/usr/sbin
  3. ios系统无法下载ipa文件

    • 问题原因:
      • ios10之后使用https链接,所以nginx必须配置支持https
    • 解决方法
      • 配置nginx支持ssl
        ssl on;
        ssl_certificate /appfs/etc/server-new.crt;
        ssl_certificate_key /appfs/etc/server-new.key;
      • 配置出错
        启动Nginx之后出现的问题是:nginx: [emerg] unknown directive “ssl_certificate” in /appfs/etc/nginx/nginx.conf:76
      • 解决方法: 是因为Nginx编译的时候不支持ssl,所以在编译的时候加上 –with-http_ssl_module 选项,启动Nginx问题解决

注意


  • nginx.conf 中所说的证书文件server.crt是server.crt和server.key文件的组合。

  • 使用nginx支持web需要配合php-fpm使用,所以设备上需要安装php-fpm进程,并且启动php-fpm进程,nginx.conf中配置nginx和php-fpm交互。

描述


  1. 上述只是实现web的记录方式,过程中遇到的具体问题并没有记录在内。
  2. 更新web服务器实现过程中出现的问题和解决方法: 其余具体问题还需具体对待。
文章来源: apache+nginx

人吐槽 人点赞

猜你喜欢

发表评论

用户名: 密码:
验证码: 匿名发表

你可以使用这些语言

查看评论:apache+nginx