标签归档:Ubuntu

Ubuntu 配置Node.js+Nginx+PHP+MySQL最新版本

配置环境

#有的vps需要解决php源乱码的问题
sudo apt-get install -y language-pack-en-base
vi /etc/profile
export LANG=en_US.UTF-8
export LC_ALL=en_US.UTF-8
source /etc/profile
#解决php源乱码的问题 ending

#安装add-apt-repository
apt-get install software-properties-common

#安装nodejs源
curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash -

#新版本Ubuntu16.04默认支持openssl 1.0.2h
add-apt-repository ppa:nginx/stable

#老版本Ubuntu 14.04建议使用 PPA for NGINX with HTTP/2 on Ubuntu 12.04 LTS and higher,使用下面的源可以同时升级openssl,可以开启http2
#https://launchpad.net/~ondrej/+archive/ubuntu/nginx/
add-apt-repository ppa:ondrej/nginx

#下面安装php7 mysql5.7源
add-apt-repository ppa:ondrej/php
add-apt-repository ppa:ondrej/mysql-5.7

apt-get update
apt-get install nodejs openssl nginx mysql-server php7.3 php7.3-gd php7.3-mbstring php7.3-xml php7.3-zip php7.3-curl php7.3-fpm php7.3-mysql php7.3-bcmath php7.3-dev

#查看openssl版本
openssl version

nginx.conf配置

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 768;
	# multi_accept on;
}

http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	# server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers                 EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
	ssl_prefer_server_ciphers   on;

	client_max_body_size 2m;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;
	gzip_disable "msie6";
	gzip_min_length 1k;
	gzip_buffers 4 16k;
	gzip_comp_level 2;
	gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png font/ttf font/otf image/svg+xml;
	gzip_vary on;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}


#mail {
#	# See sample authentication script at:
#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
#	# auth_http localhost/auth.php;
#	# pop3_capabilities "TOP" "USER";
#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
#	server {
#		listen     localhost:110;
#		protocol   pop3;
#		proxy      on;
#	}
# 
#	server {
#		listen     localhost:143;
#		protocol   imap;
#		proxy      on;
#	}
#}

默认服务器,ip返回403配置

server_tokens off;
proxy_hide_header X-Powered-By;


server {
	listen 80 default_server;
	server_name _;
	return      403;
}

server {
	listen 443 ssl http2 default_server;
	server_name _;
	ssl			on;
	ssl_certificate		/etc/letsencrypt/live/xxx/fullchain.pem;
	ssl_certificate_key	/etc/letsencrypt/live/xxx/privkey.pem;
	return 403;
}

fastcgi_params限制PHP脚本执行目录

#PHP Prohibit cross-Hosting
fastcgi_param  PHP_VALUE  "open_basedir=$document_root:/tmp/";

纯静态配置

server {
	listen		80;
	server_name	xxxx;
	root		/home/nginx/xxxx;
	index		index.html index.htm index.php;
	location ~ .*\.(gif|jpg|jpeg|png|bmp)$
	{
		expires 30d;
	}
	location ~ .*\.(woff|ttf|svg)$
	{
		expires 180d;
	}
	location ~ .*\.(js|css)?$
	{
		expires 12h;
	}
	location /
	{
 	 	 try_files $uri $uri/ =404;
	}
}

PHP一般通用配置

server {
	listen			80;
	server_name		xxxx;
	index			index.php index.html index.htm;
	root			/home/nginx/xxx;
	
	location ~ .*\.(gif|jpg|jpeg|png|bmp)$
	{
		expires 30d;
	}
	location ~ .*\.(woff|ttf|svg)$
	{
		expires 180d;
	}
	location ~ .*\.(js|css)?$
	{
		expires 12h;
	}
	location ~ \.php($|/)
	{
		try_files $uri = 404;
		fastcgi_pass unix:/run/php/php7.0-fpm.sock;
		fastcgi_index index.php;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
		include fastcgi_params;
	}
}

开启fix_pathinfo(一般默认已开启)

#确认php.ini中的如下配置,其实默认已经为1,当框架出现问题时可以来检查一下
cgi.fix_pathinfo = 1

PHP通用框架配置

server {
	listen		80;
	server_name	xxxx;
	index		index.html index.htm index.php;
	root		/home/nginx/xxxx;
	
	location ~ .*\.(gif|jpg|jpeg|png|bmp|ico|webp)$
	{
		expires 30d;
	}
	location ~ .*\.(woff|ttf|svg|otf|eot)$
	{
		expires 180d;
	}
	location ~ .*\.(js|css)?$
	{
		expires 12h;
	}
	location ^~ /.svn
	{
		deny all;
	}
	location ^~ /.git
	{
		deny all;
	}
	location /
	{
		if (!-e $request_filename) { 
			rewrite ^(.*)$ /index.php/$1 last;
			break;
		}
	}
	location ~ \.php($|/)
	{
		fastcgi_split_path_info ^((?U).+.php)(/?.+)$;
		fastcgi_param PATH_INFO $fastcgi_path_info;
		fastcgi_pass unix:/run/php/php7.0-fpm.sock;
		fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;
		include	fastcgi_params;
	}
}

SSL+HTTP2的PHP框架配置

server {
	listen				443 ssl http2;
	server_name			xxx;
	index				index.html index.htm index.php;
	root				/home/nginx/xxx;

	ssl_session_cache		shared:SSL:10m;
	ssl_session_timeout		60m;

	ssl_session_tickets		on;

	ssl_certificate			/etc/letsencrypt/live/xxx/fullchain.pem;
	ssl_certificate_key		/etc/letsencrypt/live/xxx/privkey.pem;

	location ~ .*\.(gif|jpg|jpeg|png|bmp|ico|webp)$
	{
		expires 30d;
	}
	location ~ .*\.(woff|ttf|svg|otf|eot)$
	{
		expires 180d;
	}
	location ~ .*\.(js|css)?$
	{
		expires 12h;
	}
	location ^~ /.svn
	{
		deny all;
	}
	location ^~ /.git
	{
		deny all;
	}
	location /
	{
		if (!-e $request_filename) { 
			rewrite ^(.*)$ /index.php/$1 last;
			break;
		}
	}
	location ~ \.php($|/)
	{
		fastcgi_split_path_info ^((?U).+.php)(/?.+)$;
		fastcgi_param PATH_INFO $fastcgi_path_info;
		fastcgi_pass unix:/run/php/php7.0-fpm.sock;
		fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;
		include	fastcgi_params;
	}
}