Nignx可以配置多个虚拟主机,php-fpm同样也支持配置多个pool,每一个pool可以监听一个端口,也可以监听一个socket。
php-fpm配置说明:
和LAMP不同的是,在LNMP架构中,php-fpm作为独立的一个服务存在,既然是独立服务,那么它必然有自己的配置文件。php-fpm的配置文件为/usr/local/php-fpm/etc/php-fpm.conf,它同样也支持include语句,类似于nginx.conf里面的include。
[root@gary-tao ~]# cd /usr/local/php-fpm/etc/
[root@gary-tao etc]# ls
pear.conf php-fpm.conf php-fpm.conf.default php.ini
[root@gary-tao etc]# cat php-fpm.conf
[global]
pid = /usr/local/php-fpm/var/run/php-fpm.pid
error_log = /usr/local/php-fpm/var/log/php-fpm.log
[www]
listen = /tmp/php-fcgi.sock
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
[root@gary-tao etc]# vim php-fpm.conf
//增加一个以下配置:
include = etc/php-fpm.d/*.conf
//include的这一行比较特殊,请注意等号后面的路径,必须写上etc目录,然后需要创建配置文件目录和子配置文件。
编辑好后把php-fpm.conf配置文件里的www以下pool删除,只留下[global]部分
[root@gary-tao etc]# mkdir php-fpm.d
[root@gary-tao etc]# cd php-fpm.d
[root@gary-tao php-fpm.d]# vim www.conf
[root@gary-tao php-fpm.d]# vim aming.conf
[root@gary-tao php-fpm.d]# ls
aming.conf www.conf
//两个文件分别增加内容如下:
[www]
listen = /tmp/php-fcgi.sock
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
[aming.com]
listen = /tmp/aming.sock
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
[root@gary-tao php-fpm.d]# cd /usr/local/nginx/conf/vhost/
[root@gary-tao vhost]# ls
aaa.com.conf ld.conf proxy.conf ssl.conf test.com.conf
[root@gary-tao vhost]# vim aaa.com.conf
增加如下配置内容:
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/aming.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/default$fastcgi_script_name;
}
[root@gary-tao etc]# /usr/local/php-fpm/sbin/php-fpm -t
[09-Jan-2018 16:49:00] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful
[root@gary-tao etc]# /etc/init.d/php-fpm restart //或/etc/init.d/php-fpm reload
Gracefully shutting down php-fpm . done
Starting php-fpm done
输入ps aux |grep php-fpm查看,显示的就有两个pool
通过php-fpm的慢执行日志,我们可以非常清晰地了解到PHP的脚本哪里执行时间长,它可以定位到具体的行。
[root@gary-tao vhost]# vim /usr/local/php-fpm/etc/php-fpm.d/www.conf //针对www文件做一个测试
增加如下内容:
request_slowlog_timeout = 1 //超过一秒中就会记录日志
slowlog = /usr/local/php-fpm/var/log/www-slow.log //日志存放的路径
[root@gary-tao vhost]# /usr/local/php-fpm/sbin/php-fpm -t
[09-Jan-2018 19:15:14] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful
[root@gary-tao vhost]# /etc/init.d/php-fpm restart
Gracefully shutting down php-fpm . done
Starting php-fpm done
[root@gary-tao php-fpm.d]# vim /data/wwwroot/test.com/sleep.php
增加如下配置内容:
<?php
echo "test slow log";
sleep(2);
echo "done";
?>
[root@gary-tao php-fpm.d]# curl -x127.0.0.1:80 test.com/sleep.php -I //访问的时候出现500,说明有语法错误。
HTTP/1.1 500 Internal Server Error
Server: nginx/1.12.1
Date: Tue, 09 Jan 2018 11:23:17 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.6.30
报错处理:
[root@gary-tao php-fpm.d]# /etc/init.d/php-fpm reload
Reload service php-fpm done
[root@gary-tao php-fpm.d]# curl -x127.0.0.1:80 test.com/sleep.php
<br />
<b>Parse error</b>: syntax error, unexpected ‘slow‘ (T_STRING), expecting ‘,‘ or ‘;‘ in <b>/data/wwwroot/test.com/sleep.php</b> on line <b>2</b><br />
[root@gary-tao php-fpm.d]# cat /usr/local/php-fpm/var/log/www-slow.log //慢执行日志里指出了哪个脚本运行慢,也指出了是哪一行执行慢
[09-Jan-2018 19:39:54] [pool www] pid 81864
script_filename = /data/wwwroot/test.com/sleep.php
[0x00007f5987a07290] sleep() /data/wwwroot/test.com/sleep.php:3
[root@gary-tao php-fpm.d]# cat /data/wwwroot/test.com/sleep.php
<?php
echo "test slow log";
sleep(2); //这个脚本超过1秒
echo "done";
?>
open_basedir的目的就是安全,只要在对应的Nginx虚拟主机配置文件中调用对应的pool,就可以使用open_basedir来物理隔离多个站点,从而达到安全目的。
[root@gary-tao php-fpm.d]# vim /usr/local/php-fpm/etc/php-fpm.d/www.conf
增加如下配置内容:
php_admin_value[open_basedir]=/data/wwwroot/test.com:/tmp/
[root@gary-tao php-fpm.d]# curl -x127.0.0.1:80 test.com/3.php -I //正常访问
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Tue, 09 Jan 2018 12:32:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.6.30
[root@gary-tao php-fpm.d]# vim /usr/local/php-fpm/etc/php.ini //增加错误日志路径及定义日志级别,如下图
[root@gary-tao php-fpm.d]# grep error_log /usr/local/php-fpm/etc/php.ini //查看日志路径
; server-specific log, STDERR, or a location specified by the error_log
; Set maximum length of log_errors. In error_log information about the source is
;error_log = php_errors.log
;error_log = syslog
error_log = /usr/local/php-fpm/var/log/php_errors.log
; OPcache error_log file name. Empty string assumes "stderr".
;opcache.error_log=
[root@gary-tao php-fpm.d]# ls /usr/local/php-fpm/var/log/
php-errors.log php-fpm.log www-slow.log
[root@gary-tao php-fpm.d]# ls /usr/local/php-fpm/var/log/ //查看日志路径是否存在
php-fpm.log www-slow.log
[root@gary-tao php-fpm.d]# touch /usr/local/php-fpm/var/log/php_errors.log //手动建立一个日志文件
[root@gary-tao php-fpm.d]# chmod 777 /usr/local/php-fpm/var/log/php_errors.log //更改成所有权限,防止不能写入日志
[root@gary-tao php-fpm.d]# !curl
curl -x127.0.0.1:80 test.com/3.php -I
HTTP/1.1 404 Not Found
Server: nginx/1.12.1
Date: Tue, 09 Jan 2018 13:05:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.6.30
[root@gary-tao php-fpm.d]# cat /usr/local/php-fpm/var/log/php_errors.log //因为open_basedir限制的地址写错了,所有就会报错,访问出现404
[09-Jan-2018 13:05:05 UTC] PHP Warning: Unknown: open_basedir restriction in effect. File(/data/wwwroot/test.com/3.php) is not within the allowed path(s): (/data/wwwroot/aming.com:/tmp/) in Unknown on line 0
[09-Jan-2018 13:05:05 UTC] PHP Warning: Unknown: failed to open stream: Operation not permitted in Unknown on lin
linux的php-fpm的pool、慢执行日志、进程管理及open_basedir介绍
原文:http://blog.51cto.com/taoxie/2059201