Nginx + PHP+ MYSQL + Memched On Ubuntu SERVER 11.10

Nginx团队维护的PPA源带有PHP 5.3.x的子源，更新迅速，现在在Ubuntu部署Nginx+PHP环境真是太容易了

（虽然LAMP更容易，一句apt-get install lamp-server^搞定，别漏了最后的上尖号）。

1.添加源：

#Ubuntu 10.10 以后可不需添加以上源

apt-get install python-software-properties
add-apt-repository ppa:nginx/stable
add-apt-repository ppa:nginx/php5

2.安装NGINX和php5

apt-get update
apt-get install nginx
apt-get install php5-cgi php5-mysql php5-fpm php5-curl php5-mcrypt
 
#或者你需要更齐全的php包：
#aptitude install php5-cgi php5-mysql php5-fpm php5-curl php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt 

#aptitude install php5-memcache php5-mhash php5-ming php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl

3. 配置NGINX

/etc/nginx/nginx.conf

user www-data;
worker_processes 4;
pid /var/run/nginx.pid;

events {
    worker_connections 768;
    # multi_accept on;
}

http {

    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    # server_tokens off;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##

    gzip on;
    gzip_disable "msie6";

    # gzip_vary on;
    # gzip_proxied any;
    # gzip_comp_level 6;
    # gzip_buffers 16 8k;
    # gzip_http_version 1.1;
    # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}


#mail {
#    # See sample authentication script at:
#    # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#    # auth_http localhost/auth.php;
#    # pop3_capabilities "TOP" "USER";
#    # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#    server {
#        listen     localhost:110;
#        protocol   pop3;
#        proxy      on;
#    }
#
#    server {
#        listen     localhost:143;
#        protocol   imap;
#        proxy      on;
#    }
#}

/etc/nginx/sites-available/default

# You may add here your
# server {
#    ...
# }
# statements for each of your virtual hosts to this file

##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

server {
        listen   80; ## listen for ipv4; this line is default and implied
    #listen   [::]:80 default ipv6only=on; ## listen for ipv6

    root /var/www/nginx-default;
    index index.php index.html index.htm;

    # Make site accessible from http://localhost/
    server_name localhost;

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to index.html
        
                # try_files $uri $uri/ /index.html;(--modify by stdanny)
                root /var/www/nginx-default;
                index index.php index.html index.htm;
    }

    location /doc {
        root /usr/share;
        autoindex on;
        allow 127.0.0.1;
        deny all;
    }

    location /images {
        root /usr/share;
        autoindex off;
    }

    #error_page 404 /404.html;

    # redirect server error pages to the static page /50x.html
    #
    #error_page 500 502 503 504 /50x.html;
    #location = /50x.html {
    #    root /usr/share/nginx/www;
    #}

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    # modify by stdanny
        location ~ \.php$ {
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
                # modfied by stdanny
                 fastcgi_param SCRIPT_FILENAME /var/www/nginx-default$fastcgi_script_name;
        include /etc/nginx/fastcgi_params;
                # include fastcgi_params;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny all;
    #}
}


# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
#    listen 8000;
#    listen somename:8080;
#    server_name somename alias another.alias;
#    root html;
#    index index.html index.htm;
#
#    location / {
#        try_files $uri $uri/ /index.html;
#    }
#}


# HTTPS server
#
#server {
#    listen 443;
#    server_name localhost;
#
#    root html;
#    index index.html index.htm;
#
#    ssl on;
#    ssl_certificate cert.pem;
#    ssl_certificate_key cert.key;
#
#    ssl_session_timeout 5m;
#
#    ssl_protocols SSLv3 TLSv1;
#    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
#    ssl_prefer_server_ciphers on;
#
#    location / {
#        try_files $uri $uri/ /index.html;
#    }
#}

 fastcgi_params

fastcgi_param    QUERY_STRING        $query_string;
fastcgi_param    REQUEST_METHOD        $request_method;
fastcgi_param    CONTENT_TYPE        $content_type;
fastcgi_param    CONTENT_LENGTH        $content_length;

fastcgi_param    SCRIPT_FILENAME        $request_filename;
#test modify by stdanny
#fastcgi_param   SCRIPT_FILENAME         $document_root$fastcgi_script_name;
# modied by stdanny
#fastcgi_param   PATH_INFO               $fastcgi_script_name;
fastcgi_param    SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param    REQUEST_URI        $request_uri;
fastcgi_param    DOCUMENT_URI        $document_uri;
fastcgi_param    DOCUMENT_ROOT        $document_root;
fastcgi_param    SERVER_PROTOCOL        $server_protocol;

fastcgi_param    GATEWAY_INTERFACE    CGI/1.1;
fastcgi_param    SERVER_SOFTWARE        nginx/$nginx_version;

fastcgi_param    REMOTE_ADDR        $remote_addr;
fastcgi_param    REMOTE_PORT        $remote_port;
fastcgi_param    SERVER_ADDR        $server_addr;
fastcgi_param    SERVER_PORT        $server_port;
fastcgi_param    SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param    REDIRECT_STATUS        200;

# add by stdanny fastcgi fpm setting
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;

修复nginx＋php出现的重大漏洞、修改上传文件大小

sudo vi /etc/php5/fpm/php.ini
cgi.fix_pathinfo = 0 //修复漏洞
upload_max_filesize = 2M改为5M //修改上传文件大小

再提供一种解决Nginx文件类型错误解析漏洞的方法

详细见：http://blog.s135.com/nginx_0day/

4.安装ZendGuardLoader及eaccelerator：

sudo mkdir /usr/zend
mkdir /tmp/eaccelerator
chmod 0777 /tmp/eaccelerator
wget http://phpcj.googlecode.com/files/ZendGuardLoader.so
sudo mv ZendGuardLoader.so /usr/zend/ZendGuardLoader.so
wget http://bart.eaccelerator.net/source/0.9.6.1/eaccelerator-0.9.6.1.tar.bz2
tar xvjf eaccelerator-0.9.6.1.tar.bz2
cd eaccelerator-0.9.6.1
cp control.php /var/www/nginx-default/control.php //复制控制程序到网站目录，通过http://网站名/control.php访问，默认帐号为admin，密码为eAccelertor，可编辑此文件修改。
phpize
sudo ./configure --enable-eaccelerator=shared
sudo make
sudo make install
sudo vi /etc/php5/fpm/php.ini

配置

sudo vi /etc/php5/fpm/php.ini

添加以下代码：

zend_extension=/usr/zend/ZendGuardLoader.so
zend_loader.enable=1
zend_loader.disable_licensing=0
zend_loader.obfuscation_level_support=3
zend_loader.license_path=
zend_extension="/usr/lib/php5/20090626+lfs/eaccelerator.so"
eaccelerator.shm_size="16"
eaccelerator.cache_dir="/tmp/eaccelerator"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"
eaccelerator.allowed_admin_path="/var/www/nginx-default/control.php"

5.php-fpm 配置

php5-fpm默认参数启动的服务器还是比较耗资源的，如果环境不充裕（如512内存以下的VPS），可以做下配置。

这个包的fpm的默认配置文件是/etc/php5/fpm/main.conf，但对子进程的配置是在其包含的/etc/php5/fpm/pool.d/目录内，里面有个www.conf，可以对以下的参数做以下修改：

pm = dynamic              ;动态管理php-fpm的子进程
pm.max_children = 5       ;最多的时候开不超过5个
pm.start_servers = 2      ;启动服务时候开2个
pm.min_spare_servers = 2  ;空闲时候最少留2个
pm.max_spare_servers = 5  ;最多留5个
pm.max_requests = 300     ;每个子进程最多处理300个请求就退出换新的子进程。

 6.安装memcache扩展

sudo pecl install memcache

7.安装memcache服务端

sudo apt-get install memcached
$ memcached -d -m 50 -p 11211 -u root

参数说明 -m 指定使用多少兆的缓存空间；-p 指定要监听的端口； -u 指定以哪个用户来运行

8.安装sendmail mysql-server

sudo apt-get install sendmail mysql-server

 （参考：http://forum.ubuntu.org.cn/viewtopic.php?t=241301）