原文地址:http://groups.drupal.org/node/26363
In below example Nginx is listening on port 88 since port 80 is used by Pound/Nginx load balancer or Varnish/Ncache fast proxy.
#######################################################
### nginx.conf BEGIN
#######################################################
#
pid /var/run/nginx.pid;
user www www;
worker_processes 4;
worker_rlimit_nofile 8192;
events {
worker_connections 4096;
use epoll;
}
http {
## MIME types
include /etc/nginx/fastcgi.conf;
include /etc/nginx/mime.types;
default_type application/octet-stream;
## Size Limits
client_body_buffer_size 1k;
client_header_buffer_size 1k;
client_max_body_size 10m;
large_client_header_buffers 3 3k;
connection_pool_size 256;
request_pool_size 4k;
server_names_hash_bucket_size 128;
## Timeouts
client_body_timeout 60;
client_header_timeout 60;
keepalive_timeout 75 20;
send_timeout 60;
## General Options
ignore_invalid_headers on;
limit_zone gulag $binary_remote_addr 1m;
recursive_error_pages on;
sendfile on;
set_real_ip_from 0.0.0.0/32;
real_ip_header X-Forwarded-For;
## TCP options
tcp_nodelay on;
tcp_nopush on;
## Compression
gzip on;
gzip_buffers 16 8k;
gzip_comp_level 9;
gzip_http_version 1.1;
gzip_min_length 10;
gzip_types text/plain text/css image/png image/gif image/jpeg application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon;
gzip_vary on;
gzip_static on;
gzip_proxied any;
gzip_disable "MSIE [1-6]\.";
## Log Format
log_format main '"$http_x_forwarded_for" $host [$time_local] '
'"$request" $status $body_bytes_sent '
'$request_length $bytes_sent "$http_referer" '
'"$http_user_agent" $request_time "$gzip_ratio"';
client_body_temp_path /var/cache/nginx/client_body_temp 1 2;
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log crit;
#######################################################
### nginx.conf catch-all
#######################################################
server {
limit_conn gulag 10;
listen 127.0.0.1:88;
server_name _;
root /data/u/$host/;
index index.php index.html;
## Deny some crawlers
if ($http_user_agent ~* (HTTrack|HTMLParser|libwww) ) {
return 444;
}
## Deny certain Referers (case insensitive)
if ($http_referer ~* (poker|sex|girl) ) {
return 444;
}
## www. redirect
if ($host ~* ^(www\.)(.+)) {
set $rawdomain $2;
rewrite ^/(.*)$ http://$rawdomain/$1 permanent;
}
##
## required only when using purl, spaces & og for modules: ajax_comments, watcher and fasttoggle
## the /og path should be modified to match your default for og/purl URL for organic groups
##
location ~* ^/og {
rewrite ^/og\-(.*)/ajax_comments/(.*)$ /index.php?q=ajax_comments/$2 last;
rewrite ^/og\-(.*)/context/ajax-block-view$ /index.php?q=context/ajax-block-view last;
rewrite ^/og\-(.*)/comment/reply/(.*)\?reload=1$ /index.php?q=comment/reply/$2&reload=1 last;
rewrite ^/og\-(.*)/node/([0-9]+)/toggle/(.*)$ /index.php?q=node/$2/toggle/$3 last;
rewrite ^/og\-(.*)/node/([0-9]+)/edit\?(.*)$ /index.php?q=node/$2/edit?$3 last;
rewrite ^/og\-(.*)/user/([0-9]+)/watcher/toggle/(.*)$ /index.php?q=user/$2/watcher/toggle/$3 last;
rewrite ^/(.*)$ /index.php?q=$1 last;
}
## 6.x starts
location / {
#rewrite ^/(.*)/$ /$1 permanent; # remove trailing slashes - disabled
try_files $uri @cache;
}
location @cache {
if ( $request_method !~ ^(GET|HEAD)$ ) {
return 405;
}
if ($http_cookie ~ "DRUPAL_UID") {
return 405;
}
error_page 405 = @drupal;
add_header Expires "Tue, 24 Jan 1984 08:00:00 GMT";
add_header Cache-Control "must-revalidate, post-check=0, pre-check=0";
add_header X-Header "Boost Citrus 1.9";
charset utf-8;
try_files /cache/normal/$host${uri}_$args.html /cache/$host${uri}_$args.html @drupal;
}
location @drupal {
###
### now simplified to reduce rewrites
###
rewrite ^/(.*)$ /index.php?q=$1 last;
}
location ~* (/\..*|settings\.php$|\.(htaccess|engine|inc|info|install|module|profile|pl|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(Entries.*|Repository|Root|Tag|Template))$ {
deny all;
}
location ~* /files/.*\.php$ {
return 444;
}
location ~* /themes/.*\.php$ {
return 444;
}
location ~ \.php$ {
try_files $uri @drupal; #check for existence of php file
fastcgi_pass 127.0.0.1:9000; #php-fpm listening on port 9000
fastcgi_index index.php;
}
location ~ \.css$ {
if ( $request_method !~ ^(GET|HEAD)$ ) {
return 405;
}
if ($http_cookie ~ "DRUPAL_UID") {
return 405;
}
error_page 405 = @uncached;
access_log off;
expires max; #if using aggregator
add_header X-Header "Boost Citrus 2.1";
try_files /cache/perm/$host${uri}_.css /cache/$host${uri}_.css $uri =404;
}
location ~ \.js$ {
if ( $request_method !~ ^(GET|HEAD)$ ) {
return 405;
}
if ($http_cookie ~ "DRUPAL_UID") {
return 405;
}
error_page 405 = @uncached;
access_log off;
expires max; # if using aggregator
add_header X-Header "Boost Citrus 2.2";
try_files /cache/perm/$host${uri}_.js /cache/$host${uri}_.js $uri =404;
}
location ~ \.json$ {
if ( $request_method !~ ^(GET|HEAD)$ ) {
return 405;
}
if ($http_cookie ~ "DRUPAL_UID") {
return 405;
}
error_page 405 = @uncached;
access_log off;
expires max; # if using aggregator
add_header X-Header "Boost Citrus 2.3";
try_files /cache/normal/$host${uri}_.json /cache/$host${uri}_.json $uri =404;
}
location @uncached {
access_log off;
expires max; # max if using aggregator, otherwise sane expire time
}
location ~* /files/imagecache/ {
access_log off;
try_files $uri @drupal; #imagecache support - now it works
}
location ~* ^.+\.(jpg|jpeg|gif|png|ico)$ {
access_log off;
expires 30d;
try_files $uri =404;
}
location ~* \.xml$ {
if ( $request_method !~ ^(GET|HEAD)$ ) {
return 405;
}
if ($http_cookie ~ "DRUPAL_UID") {
return 405;
}
error_page 405 = @drupal;
add_header Expires "Tue, 24 Jan 1984 08:00:00 GMT";
add_header Cache-Control "must-revalidate, post-check=0, pre-check=0";
add_header X-Header "Boost Citrus 2.4";
charset utf-8;
types { }
default_type application/rss+xml;
try_files /cache/normal/$host${uri}_.xml /cache/normal/$host${uri}_.html /cache/$host${uri}_.xml $uri @drupal;
}
location ~* /feed$ {
if ( $request_method !~ ^(GET|HEAD)$ ) {
return 405;
}
if ($http_cookie ~ "DRUPAL_UID") {
return 405;
}
error_page 405 = @drupal;
add_header Expires "Tue, 24 Jan 1984 08:00:00 GMT";
add_header Cache-Control "must-revalidate, post-check=0, pre-check=0";
add_header X-Header "Boost Citrus 2.5";
charset utf-8;
types { }
default_type application/rss+xml;
try_files /cache/normal/$host${uri}_.xml /cache/normal/$host${uri}_.html /cache/$host${uri}_.xml $uri @drupal;
}
} # end of server
#######################################################
### nginx.conf catch-all
#######################################################
}
And /etc/nginx/fastcgi.conf looks similar to:
# fastcgi.conf fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE ApacheSolaris/$nginx_version; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; fastcgi_index index.php; # PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_param REDIRECT_STATUS 200;
Example of custom nginx build:
cd /var/opt wget http://sysoev.ru/nginx/nginx-0.8.31.tar.gz && tar -xzf nginx-0.8.31.tar.gz && cd nginx-0.8.31 && ./configure --prefix=/usr \ --sbin-path=/usr/sbin/nginx \ --conf-path=/etc/nginx/nginx.conf \ --error-log-path=/var/log/nginx/error.log \ --http-log-path=/var/log/nginx/access.log \ --pid-path=/var/run/nginx.pid \ --lock-path=/var/lock/nginx.lock \ --user=www \ --group=www \ --with-http_realip_module \ --with-rtsig_module \ --with-http_gzip_static_module \ --with-debug \ --with-http_stub_status_module \ --with-http_ssl_module \ --without-mail_pop3_module \ --without-mail_imap_module \ --without-mail_smtp_module \ --without-http_ssi_module \ --without-http_auth_basic_module \ --without-http_geo_module \ --http-client-body-temp-path=/var/cache/nginx/client_body_temp \ --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp && make && make install cd ./../ service nginx stop killall -9 nginx service nginx start
Example of custom php-fpm build:
cd /var/opt tar -xzf php-5.2.11.tar.gz && tar -xzf php-fpm-0.6-5.2.11.tar.gz && sh php-fpm-0.6-5.2.11/generate-fpm-patch && gzip -d suhosin-patch-5.2.11-0.9.7.patch.gz cd /var/opt/php-5.2.11 patch -p 1 -i ../suhosin-patch-5.2.11-0.9.7.patch patch -p1 < ../fpm.patch ./buildconf --force mkdir fpm-build && cd fpm-build ../configure --with-fpm \ --enable-fastcgi \ --with-mysql \ --with-mysqli \ --enable-force-cgi-redirect \ --enable-discard-path \ --with-zlib \ --with-curl \ --with-curlwrappers \ --with-gd \ --with-jpeg-dir=/usr/lib \ --with-pear \ --with-imap \ --with-imap-ssl \ --with-openssl \ --with-pdo-mysql \ --enable-soap \ --enable-ftp \ --enable-mbstring \ --enable-pcntl \ --enable-bcmath \ --with-kerberos \ --with-xsl \ --with-mcrypt && make && make install cd ./../
评论