千万个美丽的未来,抵不上一个温暖的现在,每一个真实的现在,都是我们曾经幻想的未来!
Dec
21
Nginx支持单IP多域名SSL证书需要OpenSSL支持,由于CentOS5.X系统自带的OpenSSL版本太低不支持,所以首先需要编译安装一个高版本的openssl,CentOS 6.X的系统自带的openssl版本大于0.98以上,一般编译好的nginx都是支持的。
检查nginx是否支持TLS SNI support:
/usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.10.2
TLS SNI support disabled
configure arguments: --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
TLS SNI support disabled 这样是不支持的。
查看openssl的版本:
下面开始升级openssl:
wget ftp://ftp.openssl.org/source/openssl-1.0.2h.tar.gz
tar xzvf openssl-1.0.2h.tar.gz
cd openssl-1.0.2h
./config --prefix=/usr/local/openssl/ enable-shared enable-tlsext
make && make install
检查openssl的版本:
编译nginx:
检查现在是否支持TLS SNI support:
TLS SNI support enabled 现在已经支持了,再添加几个https的站点都正常了。
检查nginx是否支持TLS SNI support:
/usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.10.2
TLS SNI support disabled
configure arguments: --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
TLS SNI support disabled 这样是不支持的。
查看openssl的版本:
下面开始升级openssl:
wget ftp://ftp.openssl.org/source/openssl-1.0.2h.tar.gz
tar xzvf openssl-1.0.2h.tar.gz
cd openssl-1.0.2h
./config --prefix=/usr/local/openssl/ enable-shared enable-tlsext
make && make install
检查openssl的版本:
编译nginx:
检查现在是否支持TLS SNI support:
TLS SNI support enabled 现在已经支持了,再添加几个https的站点都正常了。
Dec
19
软件版本:OpenSSL 1.0.2h nginx/1.10.2
错误信息:
make -f objs/Makefile
make[1]: Entering directory `/data/2016/openresty-1.11.2.2/bundle/nginx-1.10.2'
cd /usr/local/openssl \
&& if [ -f Makefile ]; then make clean; fi \
&& ./config --prefix=/usr/local/openssl/.openssl no-shared \
&& make \
&& make install_sw LIBDIR=lib
/bin/sh: line 2: ./config: No such file or directory
make[1]: *** [/usr/local/openssl/.openssl/include/openssl/ssl.h] Error 127
make[1]: Leaving directory `/data/2016/openresty-1.11.2.2/bundle/nginx-1.10.2'
make: *** [build] Error 2
其实/usr/local/openssl/目录下面根本没有.openssl这个目录,找不到相关文件肯定会报错的了。
解决方法也很简单:
vi auto/lib/openssl/conf
31 CORE_INCS="$CORE_INCS $OPENSSL/.openssl/include"
32 CORE_DEPS="$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h"
33 CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a"
34 CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libcrypto.a"
把31行到34行中的.openssl删除
31 CORE_INCS="$CORE_INCS $OPENSSL/include"
32 CORE_DEPS="$CORE_DEPS $OPENSSL/include/openssl/ssl.h"
33 CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libssl.a"
34 CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libcrypto.a"
保存之后,再make就编译通过了。
错误信息:
make -f objs/Makefile
make[1]: Entering directory `/data/2016/openresty-1.11.2.2/bundle/nginx-1.10.2'
cd /usr/local/openssl \
&& if [ -f Makefile ]; then make clean; fi \
&& ./config --prefix=/usr/local/openssl/.openssl no-shared \
&& make \
&& make install_sw LIBDIR=lib
/bin/sh: line 2: ./config: No such file or directory
make[1]: *** [/usr/local/openssl/.openssl/include/openssl/ssl.h] Error 127
make[1]: Leaving directory `/data/2016/openresty-1.11.2.2/bundle/nginx-1.10.2'
make: *** [build] Error 2
其实/usr/local/openssl/目录下面根本没有.openssl这个目录,找不到相关文件肯定会报错的了。
解决方法也很简单:
vi auto/lib/openssl/conf
31 CORE_INCS="$CORE_INCS $OPENSSL/.openssl/include"
32 CORE_DEPS="$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h"
33 CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a"
34 CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libcrypto.a"
把31行到34行中的.openssl删除
31 CORE_INCS="$CORE_INCS $OPENSSL/include"
32 CORE_DEPS="$CORE_DEPS $OPENSSL/include/openssl/ssl.h"
33 CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libssl.a"
34 CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libcrypto.a"
保存之后,再make就编译通过了。
Mar
18
第一种安装方法:
# /usr/local/php/bin/pecl install apc
然后按提示进行直至安装完成,安装完成之后修改/etc/php.ini 文件加入:
extension=apc.so
第二种安装方法:
首先要下载安装文件,打开 http://pecl.php.net/package/APC 下载最新的软件包,当前最新版3.1.9。
wget http://pecl.php.net/get/APC-3.1.9.tgz
# tar -zxvf APC-3.1.9.tgz
# cd APC-3.1.9
# /usr/bin/phpize
# ./configure –enable-apc –enable-apc-mmap –with-php-config=/usr/bin/php-config
# make
# make install
创建apc的配置文件
vi /etc/php.d/apc.ini
加入以下内容:
extension=apc.so
apc.enabled = 1
apc.cache_by_default = on
apc.shm_segments = 1
apc.shm_size = 128
apc.ttl = 7200
apc.user_ttl = 7200
apc.num_files_hint = 1024
apc.write_lock = On
apc.gc_ttl=3600
apc.ttl=0
apc.mmap_file_mask=/tmp/apc.XXXXXX
WEB服务器是APACHE的话,重启apache生效,如果是NGINX 重启php-fpm生效,注意如果你已经安装了eAccelerator或其他的加速工具了,再安装APC有冲突,常用的有APC、eAccelerator、XCache这三款,选择安装一个就可以了。
# /usr/local/php/bin/pecl install apc
然后按提示进行直至安装完成,安装完成之后修改/etc/php.ini 文件加入:
extension=apc.so
第二种安装方法:
首先要下载安装文件,打开 http://pecl.php.net/package/APC 下载最新的软件包,当前最新版3.1.9。
wget http://pecl.php.net/get/APC-3.1.9.tgz
# tar -zxvf APC-3.1.9.tgz
# cd APC-3.1.9
# /usr/bin/phpize
# ./configure –enable-apc –enable-apc-mmap –with-php-config=/usr/bin/php-config
# make
# make install
创建apc的配置文件
vi /etc/php.d/apc.ini
加入以下内容:
extension=apc.so
apc.enabled = 1
apc.cache_by_default = on
apc.shm_segments = 1
apc.shm_size = 128
apc.ttl = 7200
apc.user_ttl = 7200
apc.num_files_hint = 1024
apc.write_lock = On
apc.gc_ttl=3600
apc.ttl=0
apc.mmap_file_mask=/tmp/apc.XXXXXX
WEB服务器是APACHE的话,重启apache生效,如果是NGINX 重启php-fpm生效,注意如果你已经安装了eAccelerator或其他的加速工具了,再安装APC有冲突,常用的有APC、eAccelerator、XCache这三款,选择安装一个就可以了。
Mar
13
具体配置文件参考:
fastcgi.conf
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param PATH_INFO $path_info;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
#fastcgi_param REDIRECT_STATUS 200;
nginx.conf
user nginx nginx;
worker_processes 16;
error_log logs/nginx_error.log crit;
pid logs/nginx.pid;
events {
worker_connections 65535;
}
http {
include mime.types;
default_type application/octet-stream;
log_format weblog '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log weblog;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_proxied any;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
include /usr/local/nginx/conf/test.conf;
}
test.conf
server
{
listen 80;
server_name www.test.com;
access_log logs/test.log;
root /home/wwwroot/ci;
index index.php index.html index.htm;
location / {
if (!-e $request_filename) {
rewrite ^/(.*)$ /index.php/$1 last;
}
}
location ~ \.php {
set $real_script_name $fastcgi_script_name;
set $path_info "";
if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)
set $real_script_name $1;
set $path_info $2;
}
fastcgi_param SCRIPT_FILENAME $document_root$real_script_name;
fastcgi_param SCRIPT_NAME $real_script_name;
fastcgi_param PATH_INFO $path_info;
include fastcgi.conf;
}
}
以上配置可以支持ThinkPHP,CI,ZF等等框架
下面是NGINX官方对于pathinfo提供的解决方法:
fastcgi_split_path_info
syntax: fastcgi_split_path_info regex
context: location
version: ≥ 0.7.31
This directive allows the setting of the SCRIPT_FILENAME (SCRIPT_NAME) and PATH_INFO variables of the CGI specification. The regex consists of two groups:
path to the script that will handle the request — corresponding to $fastcgi_script_name.
the value of the parameter to be given to the script — corresponding to the $fastcgi_path_info.
Here's an example. The script show.php receives as argument the string article/0001. The following configuration will handle path splitting properly:
location ~ ^.+\.php {
(...)
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param SCRIPT_FILENAME /path/to/php$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
(...)
}
Requesting /show.php/article/0001 sets SCRIPT_FILENAME to /path/to/php/show.php and PATH_INFO to /article/0001.
fastcgi.conf
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param PATH_INFO $path_info;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
#fastcgi_param REDIRECT_STATUS 200;
nginx.conf
user nginx nginx;
worker_processes 16;
error_log logs/nginx_error.log crit;
pid logs/nginx.pid;
events {
worker_connections 65535;
}
http {
include mime.types;
default_type application/octet-stream;
log_format weblog '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log weblog;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_proxied any;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
include /usr/local/nginx/conf/test.conf;
}
test.conf
server
{
listen 80;
server_name www.test.com;
access_log logs/test.log;
root /home/wwwroot/ci;
index index.php index.html index.htm;
location / {
if (!-e $request_filename) {
rewrite ^/(.*)$ /index.php/$1 last;
}
}
location ~ \.php {
set $real_script_name $fastcgi_script_name;
set $path_info "";
if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)
set $real_script_name $1;
set $path_info $2;
}
fastcgi_param SCRIPT_FILENAME $document_root$real_script_name;
fastcgi_param SCRIPT_NAME $real_script_name;
fastcgi_param PATH_INFO $path_info;
include fastcgi.conf;
}
}
以上配置可以支持ThinkPHP,CI,ZF等等框架
下面是NGINX官方对于pathinfo提供的解决方法:
fastcgi_split_path_info
syntax: fastcgi_split_path_info regex
context: location
version: ≥ 0.7.31
This directive allows the setting of the SCRIPT_FILENAME (SCRIPT_NAME) and PATH_INFO variables of the CGI specification. The regex consists of two groups:
path to the script that will handle the request — corresponding to $fastcgi_script_name.
the value of the parameter to be given to the script — corresponding to the $fastcgi_path_info.
Here's an example. The script show.php receives as argument the string article/0001. The following configuration will handle path splitting properly:
location ~ ^.+\.php {
(...)
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param SCRIPT_FILENAME /path/to/php$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
(...)
}
Requesting /show.php/article/0001 sets SCRIPT_FILENAME to /path/to/php/show.php and PATH_INFO to /article/0001.
Mar
12
一、Apache YOURLS Rewrite规则
1、安装在根目录下:
# BEGIN YOURLS
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /yourls-loader.php [L]
# END YOURLS
2、安装在子目录下
# BEGIN YOURLS
RewriteEngine On
RewriteBase /somedir/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /somedir/yourls-loader.php [L]
# END YOURLS
3、使用非带www的域名
# BEGIN WithoutWWW
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.yourls\.org$ [NC]
RewriteRule ^(.*)$ http://yourls.org/$1 [R=301,L]
# END WithoutWWW
二、Nginx YOURLS Rewrite规则
1、安装在根目录下
location /
{
if (!-f $request_filename){
set $rule_0 1$rule_0;
}
if (!-d $request_filename){
set $rule_0 2$rule_0;
}
if ($rule_0 = "21"){
rewrite ^/([0-9A-Za-z]+)/?$ /yourls-go.php?id=$1 last;
}
rewrite ^/([0-9A-Za-z]+)\+/?$ /yourls-infos.php?id=$1 last;
rewrite ^/([0-9A-Za-z]+)\+all/?$ /yourls-infos.php?id=$1&all=1 last;
}
2、安装在子目录下
location /dir/
{
if (!-f $request_filename){
set $rule_0 1$rule_0;
}
if (!-d $request_filename){
set $rule_0 2$rule_0;
}
if ($rule_0 = "21"){
rewrite ^/dir/([0-9A-Za-z]+)/?$ /url/yourls-go.php?id=$1 last;
}
rewrite ^/dir/([0-9A-Za-z]+)\+/?$ /url/yourls-infos.php?id=$1 last;
rewrite ^/dir/([0-9A-Za-z]+)\+all/?$ /url/yourls-infos.php?id=$1&all=1 last;
}
1、安装在根目录下:
# BEGIN YOURLS
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /yourls-loader.php [L]
# END YOURLS
2、安装在子目录下
# BEGIN YOURLS
RewriteEngine On
RewriteBase /somedir/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /somedir/yourls-loader.php [L]
# END YOURLS
3、使用非带www的域名
# BEGIN WithoutWWW
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.yourls\.org$ [NC]
RewriteRule ^(.*)$ http://yourls.org/$1 [R=301,L]
# END WithoutWWW
二、Nginx YOURLS Rewrite规则
1、安装在根目录下
location /
{
if (!-f $request_filename){
set $rule_0 1$rule_0;
}
if (!-d $request_filename){
set $rule_0 2$rule_0;
}
if ($rule_0 = "21"){
rewrite ^/([0-9A-Za-z]+)/?$ /yourls-go.php?id=$1 last;
}
rewrite ^/([0-9A-Za-z]+)\+/?$ /yourls-infos.php?id=$1 last;
rewrite ^/([0-9A-Za-z]+)\+all/?$ /yourls-infos.php?id=$1&all=1 last;
}
2、安装在子目录下
location /dir/
{
if (!-f $request_filename){
set $rule_0 1$rule_0;
}
if (!-d $request_filename){
set $rule_0 2$rule_0;
}
if ($rule_0 = "21"){
rewrite ^/dir/([0-9A-Za-z]+)/?$ /url/yourls-go.php?id=$1 last;
}
rewrite ^/dir/([0-9A-Za-z]+)\+/?$ /url/yourls-infos.php?id=$1 last;
rewrite ^/dir/([0-9A-Za-z]+)\+all/?$ /url/yourls-infos.php?id=$1&all=1 last;
}
