<directory /data/www/mmm>
allowoverride noneoptions noneorder allow,denyallow</directory><filesmatch "(.*)php(.*)">order allow ,denyallow from all<filesmatch>禁用useragentrewritecond %{http_user_agent} ".*curl.*"[nc,or]rewritecond %{http_user_agent} ".*chrome.*"[nc]rewriterule .* - [f]禁止解析php
php_admin_flag engine offrewritecond %{request_uri} ^.*/data/www/mmmphp-fpm的配置文件:
[global]pid=/usr/local/php/var/run/php-fpm.piderror_log=/usr/local/php/var/log/php-fpm.log[www]listen=/tmp/www.socklisten.owner=nobody 解决502问题listen.group=nobody 解决502问题user=php-fpmgroup=php-fpmpm=dynamicpm.max_children=50pm.start_servers=20pm.min_spare_servers=6pm.max_spare_servers=35pm.max_requests=500rlimit_files=1024slowlog=/tmp/slow.logrequest_slowlog_timeout=1php_admin_value[open_basedir]=/data/www:/tmp新建网站的文件存放处:server { listen 80; server_name cisco.com; index index.html index.htm index.php; root /data/www;location ~\.php$ { include fastcgi_params; fastcgi_pass unix:/tmp/www.sock; fastcgi_index index.php; fastcgi_param SCRITP_FILENAME /data/www$fastcgi_script_name;}
}常见的502错误:在php-fpm配置文件中加 listen.owner=nobody listen.gruop=nobodyphp-fpm.conf的配置文件:检测网站性能 slowlog=/tmp/slow_log request_slowlog_timeout=1 虚拟配置文件的用户认证:location ~.*admin\.php$ { auth_basic "cisco" auth_basic_user_file /usr/local/nginx/conf/ps.ps; include fastcgi_params; fastcgi_pass unix:/tmp/www.sock; fastcgi.index index.php; fastcgi-param script-filename /tmp/www&fastcgi_script_name; }虚拟配置文件301 的跳转: if ($host != 'www.swcaac.com')
{ rewrite ^/(.*)$ http://www.swcaac.com/$1 paramanent;}1.9 指定不记录文件的类型:1。在nginx.conf中修改日志名:如cisco2。在虚拟配置文件中加入:access_log /tmp/access_log cisco;location ~.*\.(png|gif|jpeg|swf|bmp|jpg)${ access_log off;}location ~(static|cache){ access_log off;}2.0 nginx的日志切割脚本:1.找好脚本存放的地方/etc/logrotate.sh2.写脚本。vi /etc/logrotate.sh!#/bin/bashd=`date -d "-1 day" +%f`[ -d /tmp/nginx_log ] || mkdir /tmp/nginx_logmv /tmp/cisco.log /tmp/nginx_log/$d.log/etc/init.d/nginx/reload > /dev/nullcd /tmp/nginx_log/gzip -f $d.log 2.1 nginx 配置静态文件的过期时间在指定不记录文件类型中添加access_log off;expires 2d;location ~ \.(js|css){ access_log offexpires 2h;}2.2nginx 的防盗链接1.在静态缓存文件下加入:valid_referers none blocked *.swcaac.com *.cisco.com;if ($invalid_referer){ return 403;} curl -e 指定你的referer 2.3nginx的访问控制1.在全局模式下:deny ip/地址段;表示不允许地址访问目录
2.在目录认证模式下加:allow ip;deny all; 表示目录只允许指定的ip访问2.4nginx的user-agent禁用
if ($http_user_agent ~* 'curl|baidu|sina|360') ~*表示不区分大小写{ return 403;}2.5 nginx的代理 多个地址vim proxyupstream cisco { server 代理服务器ip;server 代理服务器ip;}server { listen 80;server_name 代理服务器;location / {
proxy_pass http://cisco/;proxy_set_header host $host;必须和多个代理服务器ip;连用proxy_set_header x-real-ip $remote_addr;可有可无}}nginx的代理 单个ipserver { listen 80;server_name 代理服务器;location / {
proxy_pass http://cisco/;#proxy_set_header host $host;必须和多个代理服务器ip;连用}}key_buffer_size = 384M
log-bin 用于主从复制 记录数据库操作记录server-id =1 用于主从复制关闭innodb是一种数据库引擎。apache的三种模式prefork 小访问量worker 大访问量eventldd查看加载的模块是否正常