Ниже приведены готовые примеры конфигурации nginx для быстрой настройки связки nginx с php-fpm или apache2 и запуска популярных веб-движков drupal, wordpress или nibbleblog. Материал может быть полезен и в случаях реализации иного функционала, так как содержит базовые настройки серверной части:
- nginx+php-fpm
- директива include для модулей
- nginx+php-fpm с модулями
- nginx+apache2
- nginx для WordPress
- nginx для NibbleBlog
- nginx для Drupal
Первый пример конфигурации для использования в качестве бэкенда php-fpm, принимающего соединения через локальный порт 9000 (в случае работы по другому порту или через сокет, последнюю строку надо заменить):
server { # .domain.com will match both domain.com and anything.domain.com server_name .example.com; # It is best to place the root of the server block at the server level, and not the location level # any location block path will be relative to this root. root /usr/local/www/example.com; # It's always good to set logs, note however you cannot turn off the error log # setting error_log off; will simply create a file called 'off'. access_log /var/log/nginx/example.access.log; error_log /var/log/nginx/example.error.log; # This can also go in the http { } level index index.html index.htm index.php; location / { # if you're just using wordpress and don't want extra rewrites # then replace the word @rewrites with /index.php try_files $uri $uri/ @rewrites; } location @rewrites { # Can put some of your own rewrite rules in here # for example rewrite ^/~(.*)/(.*)/? /users/$1/$2 last; # If nothing matches we'll just send it to /index.php rewrite ^ /index.php last; } # This block will catch static file requests, such as images, css, js # The ?: prefix is a 'non-capturing' mark, meaning we do not require # the pattern to be captured into $1 which should help improve performance location ~* \.(?:ico|css|js|gif|jpe?g|png)$ { # Some basic cache-control for static files to be sent to the browser expires max; add_header Pragma public; add_header Cache-Control "public, must-revalidate, proxy-revalidate"; } # remove the robots line if you want to use wordpress' virtual robots.txt location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } # this prevents hidden files (beginning with a period) from being served location ~ /\. { access_log off; log_not_found off; deny all; } location ~ \.php { fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; fastcgi_pass 127.0.0.1:9000; } }
Для упрощения процедуры добавление новых сайтов рекомендуется выносить общие элементы конфигурации в отдельные файлы для дальнейшего включения их через include bla-bla.conf; Например, можно вынести подключение php-обработчика в файл php.conf и использовать include для сайтов на php:
location ~ \.php { # for security reasons the next line is highly encouraged try_files $uri =404;fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_NAME $fastcgi_script_name; # if the next line in yours still contains $document_root # consider switching to $request_filename provides # better support for directives such as alias fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; # If using a unix socket... # fastcgi_pass unix:/tmp/php5-fpm.sock; # If using a TCP connection... fastcgi_pass 127.0.0.1:9000; }
Обратите внимание, в самом низу содержится закомментированный фрагмент, который может отличаться. Проверьте, как реализовано у вас и исправьте в случае необходимости. Настраивается это в файле /etc/php5/fpm/pool.d/www.conf директива listen.
Также в отдельный файл можно вынести модуль блокировки критичных объектов, которые необходимо спрятать от чужих глаз, либо исключить из журналирования доступа (файл drop.conf):
location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } location ~ /\. { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; }
Таким образом, первый пример файла настройки для простейшего варианта веб-сервера nginx+php-fpm сокращается до следующего:
server { # This will listen on all interfaces, you can instead choose a specific IP # such as listen x.x.x.x:80; Setting listen 80 default_server; will make # this server block the default one if no other blocks match the request listen 80;# Here you can set a server name, you can use wildcards such as *.example.com # however remember if you use server_name *.example.com; You'll only match subdomains # to match both subdomains and the main domain use both example.com and *.example.com server_name example.com www.example.com; # It is best to place the root of the server block at the server level, and not the location level # any location block path will be relative to this root. root /usr/local/www/example.com; # It's always good to set logs, note however you cannot turn off the error log # setting error_log off; will simply create a file called 'off'. access_log /var/log/nginx/example.access.log; error_log /var/log/nginx/example.error.log; location / { # Rewrite rules and other criterias can go here # Remember to avoid using if() where possible (http://wiki.nginx.org/IfIsEvil) } # This block will catch static file requests, such as images, css, js # The ?: prefix is a 'non-capturing' mark, meaning we do not require # the pattern to be captured into $1 which should help improve performance location ~* \.(?:ico|css|js|gif|jpe?g|png)$ { # Some basic cache-control for static files to be sent to the browser expires max; add_header Pragma public; add_header Cache-Control "public, must-revalidate, proxy-revalidate"; } # We can include our basic configs here, as you can see its much easier # than pasting out the entire sets of location block each time we add a vhost include drop.conf; include php.conf; }
Ниже приведен пример настройки для серверов с Apache2 в качестве бэкенда (слушающий порт 8080, может быть изменен в apache2.conf:
server { listen 80;server_name example.com www.example.com; root /usr/local/www/example.com; access_log /var/log/nginx/example.access.log; error_log /var/log/nginx/example.error.log; location / { # Rewrite rules can go here } location ~* \.(?:ico|css|js|gif|jpe?g|png)$ { expires max; add_header Pragma public; add_header Cache-Control "public, must-revalidate, proxy-revalidate"; } location ~ \.php { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; proxy_pass http://127.0.0.1:8080; } include drop.conf; }
Если в качестве движка для сайта используется WordPress, можно добавить ограничение на запросы к странице поиска (для снижения нагрузки на сервер в случае атаки ботами):
server { listen 80;server_name example.com www.example.com; root /usr/local/www/example.com; access_log /var/log/nginx/example.access.log; error_log /var/log/nginx/example.error.log; location / { try_files $uri $uri/ /index.php; } location /search { limit_req zone=kbeezieone burst=3 nodelay; rewrite ^ /index.php; } fastcgi_intercept_errors off; location ~* \.(?:ico|css|js|gif|jpe?g|png)$ { expires max; add_header Pragma public; add_header Cache-Control "public, must-revalidate, proxy-revalidate"; } include php.conf; # You may want to remove the robots line from drop to use a virtual robots.txt # or create a drop_wp.conf tailored to the needs of the wordpress configuration include drop.conf; }
Более сложный пример конфигурации для WordPress с использованием W3 Total Cache содержит специфичные директивы:
server { listen 80;server_name example.com www.example.com; root /usr/local/www/example.com; access_log /var/log/nginx/example.access.log; error_log /var/log/nginx/example.error.log; # the next two location blocks are to ensure gzip encoding is turned off # for the serving of already gzipped w3tc page cache # normally gzip static would handle this but W3TC names them with _gzip location ~ /wp-content/cache/page_enhanced.*html$ { expires max; charset utf-8; add_header Vary "Accept-Encoding, Cookie"; add_header Pragma public; add_header Cache-Control "public, must-revalidate, proxy-revalidate"; } location ~ /wp-content/cache/page_enhanced.*gzip$ { expires max; gzip off; types {} charset utf-8; default_type text/html; add_header Vary "Accept-Encoding, Cookie"; add_header Content-Encoding gzip; add_header Pragma public; add_header Cache-Control "public, must-revalidate, proxy-revalidate"; } location / { if (-f $request_filename) { break; } set $w3tc_rewrite 1; if ($request_method = POST) { set $w3tc_rewrite 0; } if ($query_string != "") { set $w3tc_rewrite 0; } set $w3tc_rewrite2 1; if ($request_uri !~ \/$) { set $w3tc_rewrite2 0; } if ($request_uri ~* "(sitemap(_index)?\.xml(\.gz)?|[a-z0-9_\-]+-sitemap([0-9]+)?\.xml(\.gz)?)") { set $w3tc_rewrite2 1; } if ($w3tc_rewrite2 != 1) { set $w3tc_rewrite 0; } if ($http_cookie ~* "(comment_author|wp\-postpass|wordpress_\[a\-f0\-9\]\+|wordpress_logged_in)") { set $w3tc_rewrite 0; } if ($http_user_agent ~* "(W3\ Total\ Cache/0\.9\.2\.4)") { set $w3tc_rewrite 0; } set $w3tc_ua ""; set $w3tc_ref ""; set $w3tc_ssl ""; set $w3tc_enc ""; if ($http_accept_encoding ~ gzip) { set $w3tc_enc _gzip; } set $w3tc_ext ""; if (-f "$document_root/wp-content/cache/page_enhanced/$host/$request_uri/_index$w3tc_ua$w3tc_ref$w3tc_ssl.html$w3tc_enc") { set $w3tc_ext .html; } if ($w3tc_ext = "") { set $w3tc_rewrite 0; } if ($w3tc_rewrite = 1) { rewrite ^ "/wp-content/cache/page_enhanced/$host/$request_uri/_index$w3tc_ua$w3tc_ref$w3tc_ssl$w3tc_ext$w3tc_enc" last; } if (!-e $request_filename) { rewrite ^ /index.php last; } } location /search { limit_req zone=kbeezieone burst=3 nodelay; rewrite ^ /index.php; } fastcgi_intercept_errors off; location ~* \.(?:ico|css|js|gif|jpe?g|png)$ { expires max; add_header Pragma public; add_header Cache-Control "public, must-revalidate, proxy-revalidate"; } include php.conf; # You may want to remove the robots line from drop to use a virtual robots.txt # or create a drop_wp.conf tailored to the needs of the wordpress configuration include drop.conf; }
Последний вариант (SuperCache):
server { listen 80;server_name example.com www.example.com; root /usr/local/www/example.com; access_log /var/log/nginx/example.access.log; error_log /var/log/nginx/example.error.log; location / { # This line when enabled will use Nginx's gzip static module gzip_static on; # Disables serving gzip content to IE 6 or below gzip_disable "MSIE [1-6]\."; # Sets the default type to text/html so that gzipped content is served # as html, instead of raw uninterpreted data. default_type text/html; # does the requested file exist exactly as it is? if yes, serve it and stop here if (-f $request_filename) { break; } # sets some variables to help test for the existence of a cached copy of the request set $supercache_file ''; set $supercache_uri $request_uri; # IF the request is a post, has a query attached, or a cookie # then don't serve the cache (ie: users logged in, or posting comments) if ($request_method = POST) { set $supercache_uri ''; } if ($query_string) { set $supercache_uri ''; } if ($http_cookie ~* "comment_author_|wordpress|wp-postpass_" ) { set $supercache_uri ''; } # if the supercache_uri variable hasn't been blanked by this point, attempt # to set the name of the destination to the possible cache file if ($supercache_uri ~ ^(.+)$) { set $supercache_file /wp-content/cache/supercache/$http_host/$1index.html; } # If a cache file of that name exists, serve it directly if (-f $document_root$supercache_file) { rewrite ^ $supercache_file break; } # Otherwise send the request back to index.php for further processing if (!-e $request_filename) { rewrite ^ /index.php last; } } location /search { limit_req zone=kbeezieone burst=3 nodelay; rewrite ^ /index.php; } fastcgi_intercept_errors off; location ~* \.(?:ico|css|js|gif|jpe?g|png)$ { expires max; add_header Pragma public; add_header Cache-Control "public, must-revalidate, proxy-revalidate"; } include php.conf; # You may want to remove the robots line from drop to use a virtual robots.txt # or create a drop_wp.conf tailored to the needs of the wordpress configuration include drop.conf; }
Для легкой CMS Nibbleblog (см вариант применения на хандрос.рф или anuta-nuta.ru) конфигурация будет примерно следующей:
server { listen 80; root /usr/local/www/example.com;; server_name example.com www.example.com;# access log turned off for speed access_log off; error_log /var/log/nginx/domain.error.log; # main location block location / { expires 7d; try_files $uri $uri/ @rewrites; } # rewrite rules if file/folder did not exist location @rewrites { rewrite ^/dashboard$ /admin.php?controller=user&action=login last; rewrite ^/feed /feed.php last; rewrite ^/category/([^/]+)/page-([0-9]+)$ /index.php?controller=blog&action=view&category=$1&page=$2 last; rewrite ^/category/([^/]+)/$ /index.php?controller=blog&action=view&category=$1&page=0 last; rewrite ^/page-([0-9]+)$ /index.php?controller=blog&action=view&page=$1 last; } # location catch for /post-#/Post_Title # will also catch odd instances of /post-#/something.php location ~ ^/post-([0-9]+)/ { rewrite ^ /index.php?controller=post&action=view&id_post=$1 last; } # cache control for static files location ~* \.(?:ico|css|js|gif|jpe?g|png)$ { expires max; add_header Pragma public; add_header Cache-Control "public, must-revalidate, proxy-revalidate"; } include drop.conf; include php.conf; }
И, наконец, для Drupal 6+ (проверьте директиву доступа к логам и впишите свои диапазоны адресов):
server { listen 80;server_name example.com www.example.com; root /usr/local/www/example.com; access_log /var/log/nginx/example.access.log; error_log /var/log/nginx/example.error.log; # This matters if you use drush location = /backup { deny all; } # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; } location ~ \..*/.*\.php$ { return 403; } location / { # This is cool because no php is touched for static content try_files $uri @rewrite; } location @rewrite { # Some modules enforce no slash (/) at the end of the URL # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } # Fighting with ImageCache? This little gem is amazing. location ~ ^/sites/.*/files/imagecache/ { try_files $uri @rewrite; } location ~* \.(?:ico|css|js|gif|jpe?g|png)$ { expires max; add_header Pragma public; add_header Cache-Control "public, must-revalidate, proxy-revalidate"; log_not_found off; } include php.conf; # You may want to remove the robots line from drop to use a virtual robots.txt # or create a drop_wp.conf tailored to the needs of the wordpress configuration include drop.conf; }
[adsense]
Ссылки:
- http://www.phoenixvps.com/guides/2013/04/nginx-configuration-examples