Nginx+PHP的虚拟主机安全配置

1. 建立两个用户分别用于访问两个不同的站点.

[php]
# useradd -M www -s /sbin/nologin
# useradd -M www2 -s /sbin/nologin

[/php]

2. 建立两个站点的目录

[php]
# mkdir -p /web/667
# mkdir -p /web/668
# chown www.www -R /web/667
# chown www2.www2 -R /web/668
# chmod 555 -R /web/667
# chmod 555 -R /web/668

[/php]


可写目录,给755.在nginx中屏蔽不能执行php

3. php-fpm.conf设置两个应用程序池

[php]
[www]
listen = 127.0.0.1:9000
listen.backlog = -1
user = www
group = www
pm = static
pm.max_children = 5
pm.start_servers =20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
request_terminate_timeout = 0s
request_slowlog_timeout = 0s
rlimit_files = 1024
rlimit_core = 0
catch_workers_output = yes

[www2]
listen = 127.0.0.1:9001
listen.backlog = -1
user = www2
group = www2
pm = static
pm.max_children = 5
pm.start_servers =20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
request_terminate_timeout = 0s
request_slowlog_timeout = 0s
rlimit_files = 1024
rlimit_core = 0
catch_workers_output = yes

[/php]

4. nginx.conf配置站点

[php]
server {
listen       80;
server_name  667.com;

location / {
root   /web/667/;
index  index.php index.html index.htm;
}
location ~ \.php$ {
root           /web/667/;
fastcgi_pass   127.0.0.1:9000;
fastcgi_index  index.php;
fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
include        fastcgi_params;
}
}
server {
listen       80;
server_name  668.com;

location / {
root   /web/668/;
index  index.php index.html index.htm;
}
location ~ ^/uploads/ {
}
location ~ \.php$ {
root           /web/668/;
fastcgi_pass   127.0.0.1:9001;
fastcgi_index  index.php;
fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
include        fastcgi_params;
}
}

[/php]

还没有评论,快来抢沙发!

发表评论

  • 😉
  • 😐
  • 😡
  • 😈
  • 🙂
  • 😯
  • 🙁
  • 🙄
  • 😛
  • 😳
  • 😮
  • emoji-mrgree
  • 😆
  • 💡
  • 😀
  • 👿
  • 😥
  • 😎
  • ➡
  • 😕
  • ❓
  • ❗
  • 71 queries in 0.428 seconds