5.52-55PHP-FPM配置文件詳解

php-fpm.conf

php.ini

www.conf

php-fpm.conf

• php-fpm.conf是主配置文件，配置文件路徑：/usr/local/php-fpm/etc/php-fpm.conf
• 子配置文件路徑：/usr/local/php-fpm/etc/php-fpm.d/*.conf,全部以.conf結尾的配置文件都爲子配置文件
• 子配置文件會覆蓋主配置文件。
• pid文件

[global]
; Pid file                                            ## pid文件
; Note: the default prefix is /usr/local/php-fpm/var  ## pid文件默認路徑
; Default Value: none
;pid = run/php-fpm.pid                                ## 設置pid文件位置

• 錯誤日誌文件

; Error log file
; If it's set to "syslog", log is sent to syslogd instead of being written   ## 若是設置爲syslog，log就會發送給syslogd服務而不會寫進文件裏。
; into a local file.
; Note: the default prefix is /usr/local/php-fpm/var                         ## 錯誤日誌默認存放路徑
; Default Value: log/php-fpm.log
;error_log = log/php-fpm.log                                                 ##錯誤日誌位置

• 日誌級別

日誌級別
; Log level                    ## 日誌級別包括下一行這些
; Possible Values: alert, error, warning, notice, debug
; Default Value: notice
;log_level = notice            ## 默認日誌級別是notice

 

php.ini

• 配置文件路徑：/usr/local/php-fpm/etc/php.ini
• 兩種方式查看php.ini文件的位置

①使用phpinfo的方式查看，在一個站點路徑下寫一個phpinfo.php的文件

vi /data/wwwroot/xx.xx.com/phpinfo.php
<?php
phpinfo();
?>

注意：在瀏覽器中訪問該頁面，不但能夠找到php.ini的位置，還能夠看到PHP的編譯參數。不建議在生產環境中使用。

②生產環境中可使用以下命令查看php.ini的位置

/usr/local/php-fpm/bin/php -i |head

• php.ini是PHP運行的核心配置文件
• php.ini配置文件很長，差很少2000行

php.ini兩點注意事項
****避免PHP的信息暴露在http的訪問界面****
expose_php = off
****避免將錯誤信息暴露在http的訪問界面****
display_errors = off
php-fpm.conf配置要點
****在關閉display_errors後，爲了方便排障，開啓PHP錯誤日誌****
log_errors = on

www.conf

pool 名字： [www] 能夠自定義，啓動後，ps aux |grep php-fpm 看最右側，就是pool的名字
listen 指定監聽的IP:port或者socket地址
	這個地址須要和nginx配置文件裏面的那個fastcgi_pass所制定的地址一致，不然就會502
	若是監聽的是socket文件，那麼要保證nginx服務用戶（nginx）對該socket文件有讀寫權限，不然502
listen.mode 指定socket文件的權限
pm = dynamic 動態模式
pm.max_children = 5 最大進程數
pm.start_servers = 2 啓動幾個子進程
pm.min_spare_servers = 1  空閒時，最少不能少於幾個子進程
pm.max_spare_servers = 3  空閒時，最多不能多於幾個子進程

php_flag[display_errors] = off
php_admin_value[error_log] = /var/log/fpm-php.www.log
php_admin_flag[log_errors] = on
php_admin_value[error_reporting] = E_ALL

配置slow 日誌

slowlog = /tmp/php.slow
    request_slowlog_timeout = 1

配置open_basedir

php_admin_value[open_basedir] = /data/wwwroot/blog.aminglinux.cc:/tmp

配置多個pool

定義多個配置文件，在配置文件中指定不一樣的listen地址  不一樣的 [pool_name]
[blog]
user = php-fpm
group = php-fpm
listen = /tmp/blog.socket
listen.mode = 0666
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
slowlog = /tmp/php.slow
request_slowlog_timeout = 1
php_flag[display_errors] = off
php_admin_value[error_log] = /var/log/fpm-php.www.log
php_admin_flag[log_errors] = on
php_admin_value[error_reporting] = E_ALL
php_admin_value[open_basedir] = /data/wwwroot/blog.aminglinux.cc:/tmp

[bbs]
user = php-fpm
group = php-fpm
listen = /tmp/bbs.socket
listen.mode = 0666
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
slowlog = /tmp/php.slow
request_slowlog_timeout = 1
php_flag[display_errors] = on
php_admin_value[error_log] = /var/log/fpm-php.www.log
php_admin_flag[log_errors] = on
php_admin_value[error_reporting] = E_ALL
php_admin_value[open_basedir] = /data/wwwroot/bbs.aminglinux.cc:/tmp

查看php.ini路徑：

1） /usr/local/php-fpm/bin/php -i |head
2）用phpinfo

補充：

curl -k -H "host:bbs.aminglinux.cc" https://127.0.0.1/phpinfo.php

參考代碼

php-fpm配置


[root@test01 conf.d]# vi bbs.champin.top.conf   把php端口改爲9001
[root@test01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 conf.d]# nginx -s reload
用瀏覽器打開bbs.champin.top   會顯示502

[root@test01 conf.d]# !vi
vi bbs.champin.top.conf 

[1]+  已中止               vi bbs.champin.top.conf
[root@test01 conf.d]# tail /var/log/nginx/error.log   看nginx的錯誤日誌也能夠看出來。
2019/02/25 18:01:44 [error] 4899#4899: *138 access forbidden by rule, client: 192.168.28.1, server: www.aaa.com, request: "GET /static/image/common/qmenu.png HTTP/1.1", host: "bbs.champin.top"
2019/02/25 18:01:44 [error] 4899#4899: *137 access forbidden by rule, client: 192.168.28.1, server: www.aaa.com, request: "GET /static/image/common/nv_a.png HTTP/1.1", host: "bbs.champin.top"
2019/02/25 18:01:44 [error] 4899#4899: *141 access forbidden by rule, client: 192.168.28.1, server: www.aaa.com, request: "GET /static/image/common/search.png HTTP/1.1", host: "bbs.champin.top"
2019/02/25 18:01:44 [error] 4899#4899: *141 access forbidden by rule, client: 192.168.28.1, server: www.aaa.com, request: "GET /static/image/common/pt_item.png HTTP/1.1", host: "bbs.champin.top"
2019/02/25 18:01:44 [error] 4899#4899: *137 access forbidden by rule, client: 192.168.28.1, server: www.aaa.com, request: "GET /static/image/common/chart.png HTTP/1.1", host: "bbs.champin.top"
2019/02/25 18:01:44 [error] 4899#4899: *138 access forbidden by rule, client: 192.168.28.1, server: www.aaa.com, request: "GET /static/image/common/titlebg.png HTTP/1.1", host: "bbs.champin.top"
2019/02/25 18:01:45 [error] 4899#4899: *138 access forbidden by rule, client: 192.168.28.1, server: www.aaa.com, request: "GET /static/image/common/scrolltop.png HTTP/1.1", host: "bbs.champin.top"
2019/02/25 20:42:18 [notice] 5138#5138: signal process started
2019/02/25 20:42:55 [error] 5139#5139: *142 access forbidden by rule, client: 192.168.28.1, server: www.aaa.com, request: "GET / HTTP/1.1", host: "bbs.champin.top"
2019/02/25 20:43:09 [error] 5139#5139: *149 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.28.1, server: bbs.champin.top, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9001", host: "bbs.champin.top"

[root@test01 conf.d]# cd /usr/local/php-fpm/etc/
[root@test01 etc]# ls
pear.conf  php-fpm.conf  php-fpm.conf.default  php-fpm.d  php.ini
[root@test01 etc]# vi php-fpm.conf查看一下

[root@test01 etc]# cd php-fpm.d/
[root@test01 php-fpm.d]# ls
www.conf  www.conf.default
[root@test01 php-fpm.d]# vi www.conf

[1]+  已中止               vi www.conf
[root@test01 php-fpm.d]# ps aux |grep php-fpm
root       1106  0.0  0.6 230772  6200 ?        Ss   07:06   0:02 php-fpm: master process (/usr/local/php-fpm/etc/php-fpm.conf)
php-fpm    1116  0.0  1.5 248088 15612 ?        S    07:06   0:02 php-fpm: pool www
php-fpm    1117  0.0  1.8 331084 18788 ?        S    07:06   0:03 php-fpm: pool www
root       5153  0.0  0.0 112728   976 pts/1    R+   20:50   0:00 grep --color=auto php-fpm
[root@test01 php-fpm.d]# fg
vi www.conf
;listen = 127.0.0.1:9000     改爲這個樣子
listen = /tmp/www.socket



[root@test01 php-fpm.d]# /usr/local/php-fpm/sbin/php-fpm -t
[25-Feb-2019 20:54:57] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful

[root@test01 php-fpm.d]# /etc/init.d/php-fpm reload
Reload service php-fpm  done

[root@test01 php-fpm.d]# ls /tmp/www.socket 看看有沒有這樣一個粉紅色的文件
/tmp/www.socket

[root@test01 php-fpm.d]# vi /etc/nginx/conf.d/bbs.champin.top.conf   在nginx配置使用這個socket文件
    location ~ \.php$ {
        root           /data/wwwroot/bbs.champin.top;
#        fastcgi_pass   127.0.0.1:9001;          這兩行修改一下
        fastcgi_pass   unix:/tmp/www.socket;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  /data/wwwroot/bbs.champin.top$fastcgi_script_name;
        include        fastcgi_params;
    }
[root@test01 php-fpm.d]# nginx -t 
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 php-fpm.d]# nginx -reload 
用瀏覽器刷新HTTPS://bbs.champin.top仍是502


[root@test01 php-fpm.d]# !tail      看一看nginx的錯誤日誌
tail /var/log/nginx/error.log
2019/02/25 18:01:44 [error] 4899#4899: *137 access forbidden by rule, client: 192.168.28.1, server: www.aaa.com, request: "GET /static/image/common/chart.png HTTP/1.1", host: "bbs.champin.top"
2019/02/25 18:01:44 [error] 4899#4899: *138 access forbidden by rule, client: 192.168.28.1, server: www.aaa.com, request: "GET /static/image/common/titlebg.png HTTP/1.1", host: "bbs.champin.top"
2019/02/25 18:01:45 [error] 4899#4899: *138 access forbidden by rule, client: 192.168.28.1, server: www.aaa.com, request: "GET /static/image/common/scrolltop.png HTTP/1.1", host: "bbs.champin.top"
2019/02/25 20:42:18 [notice] 5138#5138: signal process started
2019/02/25 20:42:55 [error] 5139#5139: *142 access forbidden by rule, client: 192.168.28.1, server: www.aaa.com, request: "GET / HTTP/1.1", host: "bbs.champin.top"
2019/02/25 20:43:09 [error] 5139#5139: *149 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.28.1, server: bbs.champin.top, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9001", host: "bbs.champin.top"
2019/02/25 20:47:02 [notice] 5145#5145: signal process started
2019/02/25 20:54:20 [notice] 5158#5158: signal process started
2019/02/25 21:03:57 [notice] 5187#5187: signal process started
2019/02/25 21:04:06 [crit] 5188#5188: *154 connect() to unix:/tmp/www.socket failed (13: Permission denied) while connecting to upstream, client: 192.168.28.1, server: bbs.champin.top, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/tmp/www.socket:", host: "bbs.champin.top"

Permission denied  日誌裏有這類的，多半是權限不到位等

[root@test01 php-fpm.d]# ls -l /tmp/www.socket 
srw-rw----. 1 root root 0 2月  25 20:55 /tmp/www.socket

[root@test01 php-fpm.d]# vi www.conf
listen.mode = 0666       定義一下權限改爲0666

[root@test01 php-fpm.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 php-fpm.d]# /usr/local/php-fpm/sbin/php-fpm -t
[25-Feb-2019 21:12:54] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful

[root@test01 php-fpm.d]# nginx -s reload
[root@test01 php-fpm.d]# /etc/init.d/php-fpm reload
Reload service php-fpm  done

reload 不行，須要重啓一下，它會先刪除掉tmp下的socket在生成
[root@test01 php-fpm.d]# /etc/init.d/php-fpm reload
Reload service php-fpm  done
[root@test01 php-fpm.d]# /etc/init.d/php-fpm restart
Gracefully shutting down php-fpm . done
Starting php-fpm  done


[root@test01 php-fpm.d]# vim www.conf   演示一下
php_flag[display_errors] = on           去掉分號，off改爲on

[root@test01 php-fpm.d]# /etc/init.d/php-fpm restart
Gracefully shutting down php-fpm . done
Starting php-fpm  done

[root@test01 php-fpm.d]# vi /data/wwwroot/bbs.champin.top/forum.php   寫入錯誤的代碼


用瀏覽器打開論壇會直接顯示第幾行代碼出錯

正確作法。
php_flag[display_errors] = off
php_admin_value[error_log] = /var/log/fpm-php.www.log   打開錯誤日誌
php_admin_flag[log_errors] = on
php_admin_value[error_reporting] = E_ALL

[root@test01 php-fpm.d]# /etc/init.d/php-fpm restart
Gracefully shutting down php-fpm . done
Starting php-fpm  done
[root@test01 php-fpm.d]# touch /var/log/fpm-php.www.log
[root@test01 php-fpm.d]# chmod 777 !$
chmod 777 /var/log/fpm-php.www.log


[root@test01 php-fpm.d]# cat /var/log/fpm-php.www.log
[25-Feb-2019 13:50:51 UTC] PHP Parse error:  syntax error, unexpected 'define' (T_STRING) in /data/wwwroot/bbs.champin.top/forum.php on line 11
[25-Feb-2019 13:50:52 UTC] PHP Parse error:  syntax error, unexpected 'define' (T_STRING) in /data/wwwroot/bbs.champin.top/forum.php on line 11
[25-Feb-2019 13:50:52 UTC] PHP Parse error:  syntax error, unexpected 'define' (T_STRING) in /data/wwwroot/bbs.champin.top/forum.php on line 11
[25-Feb-2019 13:50:52 UTC] PHP Parse error:  syntax error, unexpected 'define' (T_STRING) in /data/wwwroot/bbs.champin.top/forum.php on line 11
[25-Feb-2019 13:50:53 UTC] PHP Parse error:  syntax error, unexpected 'define' (T_STRING) in /data/wwwroot/bbs.champin.top/forum.php on line 11
[25-Feb-2019 13:50:53 UTC] PHP Parse error:  syntax error, unexpected 'define' (T_STRING) in /data/wwwroot/bbs.champin.top/forum.php on line 11   錯誤日誌就能顯示出哪裏出錯了





php.ini

[root@test01 php-fpm.d]# ls /usr/local/php-fpm/etc/       php.ini路徑
pear.conf  php-fpm.conf  php-fpm.conf.default  php-fpm.d  php.ini
[root@test01 php-fpm.d]# /usr/local/php-fpm/bin/php -i |head     若是不知道路徑能夠這麼查看
phpinfo()
PHP Version => 7.3.1

System => Linux test01 3.10.0-514.el7.x86_64 #1 SMP Tue Nov 22 16:42:41 UTC 2016 x86_64
Build Date => Jan 26 2019 00:40:10
Configure Command =>  './configure'  '--prefix=/usr/local/php-fpm' '--with-config-file-path=/usr/local/php-fpm/etc' '--enable-fpm' '--with-fpm-user=php-fpm' '--with-fpm-group=php-fpm' '--with-mysql=/usr/local/mysql5.7' '--with-mysqli=/usr/local/mysql5.7/bin/mysql_config' '--with-pdo-mysql=/usr/local/mysql5.7' '--with-mysql-sock=/tmp/mysql.sock' '--with-libxml-dir' '--with-gd' '--with-jpeg-dir' '--with-png-dir' '--with-freetype-dir' '--with-iconv-dir' '--with-zlib-dir' '--with-mcrypt' '--enable-soap' '--enable-gd-native-ttf' '--enable-ftp' '--enable-mbstring' '--enable-exif' '--with-pear' '--with-curl' '--with-openssl'
Server API => Command Line Interface
Virtual Directory Support => disabled
Configuration File (php.ini) Path => /usr/local/php-fpm/etc
Loaded Configuration File => /usr/local/php-fpm/etc/php.ini

還有如下一種方法能夠，也能夠用來測試php能不能解析，用瀏覽器訪問
[root@test01 php-fpm.d]# ls /data/wwwroot/bbs.champin.top/
admin.php  archiver     crossdomain.xml  forum.php  index.php  member.php  portal.php  source    uc_client
api        config       data             group.php  install    misc.php    robots.txt  static    uc_server
api.php    connect.php  favicon.ico      home.php   m          plugin.php  search.php  template
[root@test01 php-fpm.d]# vim /data/wwwroot/bbs.champin.top/phpinfo.php

<?php
phpinfo();
?>

能夠用瀏覽器打開 bbs.champin.top/phpinfo.php的頁面,能夠查看到版本，路徑，配置參數等，能夠拿這個測試能不能解析，可是比較的危險，若是被黑客看到。配置信息盡收眼底

能夠禁用掉
[root@test01 php-fpm.d]# vim /usr/local/php-fpm/etc/php.ini 
找到disable_functions
disable_functions = phpinfo

[root@test01 php-fpm.d]# /etc/init.d/php-fpm reload   從新啓動一下或者加載一下。
Reload service php-fpm  done

從新刷新一下phpinfo.php頁面就打不開了。

[root@test01 php-fpm.d]# tail /var/log/fpm-php.www.log  看錯誤日誌是有記錄的
[25-Feb-2019 14:56:53 UTC] PHP Warning:  phpinfo() has been disabled for security reasons in /data/wwwroot/bbs.champin.top/phpinfo.php on line 2
[25-Feb-2019 14:56:56 UTC] PHP Warning:  phpinfo() has been disabled for security reasons in /data/wwwroot/bbs.champin.top/phpinfo.php on line 2
[25-Feb-2019 14:57:02 UTC] PHP Warning:  phpinfo() has been disabled for security reasons in /data/wwwroot/bbs.champin.top/phpinfo.php on line 2
[25-Feb-2019 14:58:19 UTC] PHP Warning:  phpinfo() has been disabled for security reasons in /data/wwwroot/bbs.champin.top/phpinfo.php on line 2


[root@test01 php-fpm.d]# vim www.conf
php_flag[display_errors] = on     把顯示錯誤日誌打開，調式看看

[root@test01 php-fpm.d]# /etc/init.d/php-fpm reload
Reload service php-fpm  done
[root@test01 php-fpm.d]# !curl
curl -k -H "host:bbs.champin.top" https://127.0.0.1/phpinfo.php -I    用curl  200 瀏覽器打開白頁
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 25 Feb 2019 15:04:42 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/7.3.1

[root@test01 php-fpm.d]# curl -k -H "host:bbs.champin.top" https://127.0.0.1/phpinfo.php  加上I就顯示200.不加就會顯示出錯誤信息。
<br />
<b>Warning</b>:  phpinfo() has been disabled for security reasons in <b>/data/wwwroot/bbs.champin.top/phpinfo.php</b> on line <b>2</b><br />

[root@test01 php-fpm.d]# vim www.conf   先改爲on
[root@test01 php-fpm.d]# /etc/init.d/php-fpm reload
Reload service php-fpm  done

[root@test01 php-fpm.d]# vim www.conf
[root@test01 php-fpm.d]# /etc/init.d/php-fpm reload
Reload service php-fpm  done

配置slow日誌（針對php-fpm）
[root@test01 php-fpm.d]# vim www.conf
slowlog = /tmp/php.slow        這個用來定義php腳本執行慢的日誌路徑（正常生產環境中不該放在tmp下。）
request_slowlog_timeout = 1     這個用來定義超時時間  2秒爲佳

[root@test01 php-fpm.d]# /etc/init.d/php-fpm reload
Reload service php-fpm  done

[root@test01 php-fpm.d]# vim /usr/local/php-fpm/etc/php.ini  先打開phpinfo
disable_functions =

[root@test01 php-fpm.d]# /etc/init.d/php-fpm reload    再次重載
Reload service php-fpm  done

[root@test01 php-fpm.d]# cd /data/wwwroot/bbs.champin.top/
[root@test01 bbs.champin.top]# ls
admin.php  config           favicon.ico  index.php   misc.php     robots.txt  template
api        connect.php      forum.php    install     phpinfo.php  search.php  uc_client
api.php    crossdomain.xml  group.php    m           plugin.php   source      uc_server
archiver   data             home.php     member.php  portal.php   static
[root@test01 bbs.champin.top]# vi phpinfo.php 

<?php
phpinfo();
sleep (2);
echo 11112;
?>


[root@test01 bbs.champin.top]# !curl    實際會停頓2秒鐘。可能感受不明顯
curl -k -H "host:bbs.champin.top" https://127.0.0.1/phpinfo.php

[root@test01 bbs.champin.top]# cat /tmp/php.slow    再去看slow日誌

[25-Feb-2019 23:22:31]  [pool www] pid 5392
script_filename = /data/wwwroot/bbs.champin.top/phpinfo.php
[0x00007fbd9f4200a0] sleep() /data/wwwroot/bbs.champin.top/phpinfo.php:3


[root@test01 bbs.champin.top]# vi phpinfo.php 

<?php
echo 1;
sleep (5);
echo 11112;
?>


[root@test01 bbs.champin.top]# !curl    停頓了5秒才顯示出來
curl -k -H "host:bbs.champin.top" https://127.0.0.1/phpinfo.php
11112[root@test01 bbs.champin.top]# 

[root@test01 bbs.champin.top]# !cat
cat /tmp/php.slow 

[25-Feb-2019 23:22:31]  [pool www] pid 5392
script_filename = /data/wwwroot/bbs.champin.top/phpinfo.php
[0x00007fbd9f4200a0] sleep() /data/wwwroot/bbs.champin.top/phpinfo.php:3

[25-Feb-2019 23:31:14]  [pool www] pid 5393
script_filename = /data/wwwroot/bbs.champin.top/phpinfo.php
[0x00007fbd9f4200a0] sleep() /data/wwwroot/bbs.champin.top/phpinfo.php:3  會顯示那個腳本的哪一行執行的慢

[root@test01 bbs.champin.top]# date
2019年 02月 25日 星期一 23:32:44 CST

[root@test01 bbs.champin.top]# rm -rvf phpinfo.php   測試機上能夠用，生產環境中堅定避免使用phpinfo
已刪除"phpinfo.php"

[root@test01 bbs.champin.top]# vim forum.php   中間增長sleep (10);
sleep (10);

用瀏覽器打開http://bbs.champin.top/forum.php，會等待10秒纔會打開,日常用戶打開網頁也會出現這種狀況，當出現這種狀況時，排查就要藉助slowlog用這種方法去排查


[root@test01 bbs.champin.top]# !cat   再看一下日誌，我刷新了兩次，因此記錄的兩條慢日誌
cat /tmp/php.slow 

[25-Feb-2019 23:22:31]  [pool www] pid 5392
script_filename = /data/wwwroot/bbs.champin.top/phpinfo.php
[0x00007fbd9f4200a0] sleep() /data/wwwroot/bbs.champin.top/phpinfo.php:3

[25-Feb-2019 23:31:14]  [pool www] pid 5393
script_filename = /data/wwwroot/bbs.champin.top/phpinfo.php
[0x00007fbd9f4200a0] sleep() /data/wwwroot/bbs.champin.top/phpinfo.php:3

[25-Feb-2019 23:37:41]  [pool www] pid 5392
script_filename = /data/wwwroot/bbs.champin.top/forum.php
[0x00007fbd9f41d420] sleep() /data/wwwroot/bbs.champin.top/forum.php:22

[25-Feb-2019 23:37:49]  [pool www] pid 5393
script_filename = /data/wwwroot/bbs.champin.top/forum.php
[0x00007fbd9f41d420] sleep() /data/wwwroot/bbs.champin.top/forum.php:22

[root@test01 bbs.champin.top]# !vi  去掉sleep (10);
vim forum.php 


配置open_basedir
[root@test01 bbs.champin.top]# vim /usr/local/php-fpm/etc/php.ini
open_basedir = /home:/root

[root@test01 bbs.champin.top]# /etc/init.d/php-fpm reload
Reload service php-fpm  done

用瀏覽器訪問https://bbs.champin.top  出現No input file specified.

先看看錯誤日誌
[root@test01 bbs.champin.top]# tail /var/log/fpm-php.www.log 
[25-Feb-2019 14:56:56 UTC] PHP Warning:  phpinfo() has been disabled for security reasons in /data/wwwroot/bbs.champin.top/phpinfo.php on line 2
[25-Feb-2019 14:57:02 UTC] PHP Warning:  phpinfo() has been disabled for security reasons in /data/wwwroot/bbs.champin.top/phpinfo.php on line 2
[25-Feb-2019 14:58:19 UTC] PHP Warning:  phpinfo() has been disabled for security reasons in /data/wwwroot/bbs.champin.top/phpinfo.php on line 2
[25-Feb-2019 15:01:58 UTC] PHP Warning:  phpinfo() has been disabled for security reasons in /data/wwwroot/bbs.champin.top/phpinfo.php on line 2
[25-Feb-2019 15:04:42 UTC] PHP Warning:  phpinfo() has been disabled for security reasons in /data/wwwroot/bbs.champin.top/phpinfo.php on line 2
[25-Feb-2019 15:04:55 UTC] PHP Warning:  phpinfo() has been disabled for security reasons in /data/wwwroot/bbs.champin.top/phpinfo.php on line 2
[25-Feb-2019 15:05:01 UTC] PHP Warning:  phpinfo() has been disabled for security reasons in /data/wwwroot/bbs.champin.top/phpinfo.php on line 2
[25-Feb-2019 15:31:13 UTC] PHP Warning:  Use of undefined constant echo1 - assumed 'echo1' (this will throw an Error in a future version of PHP) in /data/wwwroot/bbs.champin.top/phpinfo.php on line 2
在這
[25-Feb-2019 15:56:44 UTC] PHP Warning:  Unknown: open_basedir restriction in effect. File(/data/wwwroot/bbs.champin.top/forum.php) is not within the allowed path(s): (/home:/root) in Unknown on line 0

[25-Feb-2019 15:56:44 UTC] PHP Warning:  Unknown: failed to open stream: Operation not permitted in Unknown on line 0

[root@test01 bbs.champin.top]# vim /usr/local/php-fpm/etc/php.ini 
open_basedir = /data/wwwroot/bbs.champin.top:/tmp

[root@test01 bbs.champin.top]# /etc/init.d/php-fpm reload
Reload service php-fpm  done

如今用瀏覽器訪問https://bbs.champin.top 能夠打開了。但訪問www.champin.top就502了
先解決一下www.champin.top的502問題
[root@test01 bbs.champin.top]# vi /etc/nginx/conf.d/www.champin.top.conf 
    location ~ \.php$ {
        root           /data/wwwroot/www.champin.top;
        #fastcgi_pass   127.0.0.1:9001;
        fastcgi_pass   unix:/tmp/www.socket;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  /data/wwwroot/www.champin.top$fastcgi_script_name;
        include        fastcgi_params;
    }


用瀏覽器訪問www.champin.top  也是是出現No input file specified  由於openbesedir沒定義www.champin.top的路徑
能夠在php.ini中 open_basedir裏混合定義這兩個網站的路徑，這樣若是其中一個網站被攻擊，那麼兩個網站都會有安全風險。
另一種方法就是不在php.ini的open_basedir中定義，到php-fpm裏面去定義
[root@test01 bbs.champin.top]# vim /usr/local/php-fpm/etc/php.ini 
open_basedir =        取消

[root@test01 bbs.champin.top]# cd /usr/local/php-fpm/etc/php-fpm.d/
[root@test01 php-fpm.d]# vim www.conf
[root@test01 php-fpm.d]# vim www.conf
先定義好一個
php_admin_value[open_basedir] = /data/wwwroot/bbs.champin.top:/tmp

[root@test01 php-fpm.d]# grep -v '^;' www.conf |grep -v '^$'
[www]
user = php-fpm
group = php-fpm
listen = /tmp/www.socket
listen.mode = 0666
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
slowlog = /tmp/php.slow
request_slowlog_timeout = 1
php_flag[display_errors] = off
php_admin_value[error_log] = /var/log/fpm-php.www.log
php_admin_flag[log_errors] = on
php_admin_value[error_reporting] = E_ALL
php_admin_value[open_basedir] = /data/wwwroot/bbs.champin.top:/tmp
[root@test01 php-fpm.d]# vi blog.conf
[blog]
user = php-fpm
group = php-fpm
listen = /tmp/blog.socket
listen.mode = 0666
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
slowlog = /tmp/php.slow
request_slowlog_timeout = 1
php_flag[display_errors] = off
php_admin_value[error_log] = /var/log/fpm-php.www.log
php_admin_flag[log_errors] = on
php_admin_value[error_reporting] = E_ALL
php_admin_value[open_basedir] = /data/wwwroot/www.champin.top:/tmp
[root@test01 php-fpm.d]# mv www.conf bbs.conf   爲了更好的區分pool,改爲bbs。pool的名字也改爲bbs
[root@test01 php-fpm.d]# vi bbs.conf
[www]改爲[bbs]

[root@test01 php-fpm.d]# /usr/local/php-fpm/sbin/php-fpm -t
[26-Feb-2019 00:28:05] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful
[root@test01 php-fpm.d]# /etc/init.d/php-fpm restart
Gracefully shutting down php-fpm . done
Starting php-fpm  done

[root@test01 php-fpm.d]# ls /tmp/       多了一個blog.socket文件
blog.socket  systemd-private-4dd844f49c7d42aaa3d0ecd231f21905-vmtoolsd.service-wBwXw9
html         systemd-private-844c61e19fa44725ac7e2901678bb6b6-vmtoolsd.service-fqEuo8
inittab.txt  systemd-private-f76438af452340deb845a63bbbbbba43-vmtoolsd.service-UA99YA
mysql.sock   www.socket
passwd.txt   yum_save_tx.2019-02-14.23-03.I5mpYO.yumtx
php.slow

[root@test01 php-fpm.d]# vi /etc/nginx/conf.d/www.champin.top.conf 改爲bbs.socket
listen = /tmp/bbs.socket

[root@test01 php-fpm.d]# vi /etc/nginx/conf.d/bbs.champin.top.conf   這裏也要改爲bbs.socket
fastcgi_pass   unix:/tmp/bbs.socket;

[root@test01 php-fpm.d]# vi /etc/nginx/conf.d/www.champin.top.conf    這裏也要改爲blog.socket
fastcgi_pass   unix:/tmp/blog.socket;

[root@test01 php-fpm.d]# ps aux |grep php-fpm      一個pool一個站點。獨立開來
root       5492  0.0  0.6 230780  6332 ?        Ss   00:28   0:00 php-fpm: master process (/usr/local/php-fp/etc/php-fpm.conf)
php-fpm    5493  0.0  0.7 230772  7028 ?        S    00:28   0:00 php-fpm: pool bbs
php-fpm    5494  0.0  0.7 230772  7028 ?        S    00:28   0:00 php-fpm: pool bbs
php-fpm    5495  0.0  0.6 230772  6320 ?        S    00:28   0:00 php-fpm: pool blog
php-fpm    5496  0.0  0.6 230772  6320 ?        S    00:28   0:00 php-fpm: pool blog
root       5509  0.0  0.0 112728   976 pts/1    R+   00:37   0:00 grep --color=auto php-fpm

[root@test01 php-fpm.d]# nginx -t 
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 php-fpm.d]# nginx -s reload
[root@test01 php-fpm.d]#  /etc/init.d/php-fpm reload
Reload service php-fpm  done