可运行drupal的nginx+fastcgi配置方法

逆流の鱼, 24 十月, 2010

原文地址:http://groups.drupal.org/node/26363

 

In below example Nginx is listening on port 88 since port 80 is used by Pound/Nginx load balancer or Varnish/Ncache fast proxy.

 

#######################################################
###  nginx.conf  BEGIN
#######################################################
#
pid                   /var/run/nginx.pid;
user                  www www;
worker_processes      4;
worker_rlimit_nofile  8192;

events {
    worker_connections  4096;
    use epoll;
}

http {
## MIME types
  include            /etc/nginx/fastcgi.conf;
  include            /etc/nginx/mime.types;
  default_type       application/octet-stream;

## Size Limits
  client_body_buffer_size         1k;
  client_header_buffer_size       1k;
  client_max_body_size           10m;
  large_client_header_buffers   3 3k;
  connection_pool_size           256;
  request_pool_size               4k;
  server_names_hash_bucket_size  128;

## Timeouts
  client_body_timeout             60;
  client_header_timeout           60;
  keepalive_timeout            75 20;
  send_timeout                    60;

## General Options
  ignore_invalid_headers          on;
  limit_zone gulag $binary_remote_addr 1m;
  recursive_error_pages           on;
  sendfile                        on;
  set_real_ip_from        0.0.0.0/32;
  real_ip_header     X-Forwarded-For;

## TCP options
  tcp_nodelay on;
  tcp_nopush  on;

## Compression
  gzip              on;
  gzip_buffers      16 8k;
  gzip_comp_level   9;
  gzip_http_version 1.1;
  gzip_min_length   10;
  gzip_types        text/plain text/css image/png image/gif image/jpeg application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon;
  gzip_vary         on;
  gzip_static       on;
  gzip_proxied      any;
  gzip_disable      "MSIE [1-6]\.";

## Log Format
  log_format        main '"$http_x_forwarded_for" $host [$time_local] '
                         '"$request" $status $body_bytes_sent '
                         '$request_length $bytes_sent "$http_referer" '
                         '"$http_user_agent" $request_time "$gzip_ratio"';

  client_body_temp_path /var/cache/nginx/client_body_temp 1 2;
  access_log                   /var/log/nginx/access.log main;
  error_log                     /var/log/nginx/error.log crit;

#######################################################
###  nginx.conf catch-all
#######################################################

  server {
        limit_conn   gulag 10;
        listen       127.0.0.1:88;
        server_name  _;
        root         /data/u/$host/;
        index        index.php index.html;

    ## Deny some crawlers
    if ($http_user_agent ~* (HTTrack|HTMLParser|libwww) ) {
         return 444;
    }
    ## Deny certain Referers (case insensitive)
      if ($http_referer ~* (poker|sex|girl) ) {
        return 444;
    }
    ## www. redirect
    if ($host ~* ^(www\.)(.+)) {
        set $rawdomain $2;
        rewrite ^/(.*)$  http://$rawdomain/$1 permanent;
    }

    ##
    ## required only when using purl, spaces & og for modules: ajax_comments, watcher and fasttoggle
    ## the /og path should be modified to match your default for og/purl URL for organic groups
    ##
    location ~* ^/og {
        rewrite ^/og\-(.*)/ajax_comments/(.*)$                  /index.php?q=ajax_comments/$2 last;
        rewrite ^/og\-(.*)/context/ajax-block-view$             /index.php?q=context/ajax-block-view last;
        rewrite ^/og\-(.*)/comment/reply/(.*)\?reload=1$        /index.php?q=comment/reply/$2&reload=1 last;
        rewrite ^/og\-(.*)/node/([0-9]+)/toggle/(.*)$           /index.php?q=node/$2/toggle/$3 last;
        rewrite ^/og\-(.*)/node/([0-9]+)/edit\?(.*)$            /index.php?q=node/$2/edit?$3 last;
        rewrite ^/og\-(.*)/user/([0-9]+)/watcher/toggle/(.*)$   /index.php?q=user/$2/watcher/toggle/$3 last;
        rewrite ^/(.*)$                                         /index.php?q=$1 last;
    }

    ## 6.x starts
    location / {
       #rewrite ^/(.*)/$ /$1 permanent; # remove trailing slashes - disabled
        try_files $uri @cache;
    }

    location @cache {
        if ( $request_method !~ ^(GET|HEAD)$ ) {
            return 405;
        }
        if ($http_cookie ~ "DRUPAL_UID") {
            return 405;
        }
        error_page 405 = @drupal;
        add_header Expires "Tue, 24 Jan 1984 08:00:00 GMT";      
        add_header Cache-Control "must-revalidate, post-check=0, pre-check=0";
        add_header X-Header "Boost Citrus 1.9";             
        charset utf-8;
        try_files /cache/normal/$host${uri}_$args.html /cache/$host${uri}_$args.html @drupal;
    }

    location @drupal {
        ###
        ### now simplified to reduce rewrites
        ###
        rewrite ^/(.*)$  /index.php?q=$1 last;
    }

    location ~* (/\..*|settings\.php$|\.(htaccess|engine|inc|info|install|module|profile|pl|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(Entries.*|Repository|Root|Tag|Template))$ {
        deny all;
    }

    location ~* /files/.*\.php$ {
        return 444;
    }
    location ~* /themes/.*\.php$ {
        return 444;
    }

    location ~ \.php$ {
          try_files $uri @drupal;       #check for existence of php file
          fastcgi_pass 127.0.0.1:9000;  #php-fpm listening on port 9000
          fastcgi_index index.php;
    }

    location ~ \.css$ {
        if ( $request_method !~ ^(GET|HEAD)$ ) {
            return 405;
        }
        if ($http_cookie ~ "DRUPAL_UID") {
            return 405;
        }
        error_page 405 = @uncached;
        access_log  off;
        expires  max; #if using aggregator
        add_header X-Header "Boost Citrus 2.1";
        try_files /cache/perm/$host${uri}_.css /cache/$host${uri}_.css $uri =404;
    }

    location ~ \.js$ {
        if ( $request_method !~ ^(GET|HEAD)$ ) {
            return 405;
        }
        if ($http_cookie ~ "DRUPAL_UID") {
            return 405;
        }
        error_page 405 = @uncached;
        access_log  off;
        expires  max; # if using aggregator
        add_header X-Header "Boost Citrus 2.2";             
        try_files /cache/perm/$host${uri}_.js /cache/$host${uri}_.js $uri =404;
    }

    location ~ \.json$ {
        if ( $request_method !~ ^(GET|HEAD)$ ) {
            return 405;
        }
        if ($http_cookie ~ "DRUPAL_UID") {
            return 405;
        }
        error_page 405 = @uncached;
        access_log  off;
        expires  max; # if using aggregator
        add_header X-Header "Boost Citrus 2.3";             
        try_files /cache/normal/$host${uri}_.json /cache/$host${uri}_.json $uri =404;
    }

    location @uncached {
        access_log  off;
        expires  max; # max if using aggregator, otherwise sane expire time
    }

    location ~* /files/imagecache/ {
        access_log         off;
        try_files $uri @drupal;  #imagecache support - now it works
    }

    location ~* ^.+\.(jpg|jpeg|gif|png|ico)$ {
        access_log      off;
        expires         30d;
        try_files $uri =404;
    }

    location ~* \.xml$ {
        if ( $request_method !~ ^(GET|HEAD)$ ) {
            return 405;
        }
        if ($http_cookie ~ "DRUPAL_UID") {
            return 405;
        }
        error_page 405 = @drupal;
        add_header Expires "Tue, 24 Jan 1984 08:00:00 GMT";
        add_header Cache-Control "must-revalidate, post-check=0, pre-check=0";
        add_header X-Header "Boost Citrus 2.4";             
        charset utf-8;
        types { }
        default_type application/rss+xml;
        try_files /cache/normal/$host${uri}_.xml /cache/normal/$host${uri}_.html /cache/$host${uri}_.xml $uri @drupal;
    }

    location ~* /feed$ {
        if ( $request_method !~ ^(GET|HEAD)$ ) {
            return 405;
        }
        if ($http_cookie ~ "DRUPAL_UID") {
            return 405;
        }
        error_page 405 = @drupal;
        add_header Expires "Tue, 24 Jan 1984 08:00:00 GMT";
        add_header Cache-Control "must-revalidate, post-check=0, pre-check=0";
        add_header X-Header "Boost Citrus 2.5";             
        charset utf-8;
        types { }
        default_type application/rss+xml;
        try_files /cache/normal/$host${uri}_.xml /cache/normal/$host${uri}_.html /cache/$host${uri}_.xml $uri @drupal;
    }

  } # end of server

#######################################################
###  nginx.conf catch-all
#######################################################

}

And /etc/nginx/fastcgi.conf looks similar to:

 

# fastcgi.conf
fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;
fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    ApacheSolaris/$nginx_version;
fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

fastcgi_index  index.php;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

Example of custom nginx build:

 

cd /var/opt
wget http://sysoev.ru/nginx/nginx-0.8.31.tar.gz &&
tar -xzf nginx-0.8.31.tar.gz &&
cd nginx-0.8.31 &&
./configure --prefix=/usr \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/lock/nginx.lock \
--user=www \
--group=www \
--with-http_realip_module \
--with-rtsig_module \
--with-http_gzip_static_module \
--with-debug \
--with-http_stub_status_module \
--with-http_ssl_module \
--without-mail_pop3_module \
--without-mail_imap_module \
--without-mail_smtp_module \
--without-http_ssi_module \
--without-http_auth_basic_module \
--without-http_geo_module \
--http-client-body-temp-path=/var/cache/nginx/client_body_temp \
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp &&
make &&
make install
cd ./../
service nginx stop
killall -9 nginx
service nginx start

Example of custom php-fpm build:

 

cd /var/opt
tar -xzf php-5.2.11.tar.gz &&
tar -xzf php-fpm-0.6-5.2.11.tar.gz &&
sh php-fpm-0.6-5.2.11/generate-fpm-patch &&
gzip -d suhosin-patch-5.2.11-0.9.7.patch.gz
cd /var/opt/php-5.2.11
patch -p 1 -i ../suhosin-patch-5.2.11-0.9.7.patch
patch -p1 < ../fpm.patch

./buildconf --force
mkdir fpm-build && cd fpm-build

../configure --with-fpm \
--enable-fastcgi \
--with-mysql \
--with-mysqli \
--enable-force-cgi-redirect \
--enable-discard-path \
--with-zlib \
--with-curl \
--with-curlwrappers \
--with-gd \
--with-jpeg-dir=/usr/lib \
--with-pear \
--with-imap \
--with-imap-ssl \
--with-openssl \
--with-pdo-mysql \
--enable-soap \
--enable-ftp \
--enable-mbstring \
--enable-pcntl \
--enable-bcmath \
--with-kerberos \
--with-xsl \
--with-mcrypt &&
make &&
make install
cd ./../

评论