tomato上架Nginx + PHP 5(FastCGI)

昨天架好了Nginx + PHP 5(FastCGI) 的環境，把作法分享出來。

環境：
TOMATO by shibby K26/build5x-101

前置工作：
optware安裝在/opt下
port 80 確定沒有服務 (ap管理介面請避開 port 80)



開始安裝nginx及php等套件
(額外安裝了sqlite php-mysql php-gd php-curl php-mbstring，請自行刪減)

#php5核心已內置PHP-FPM來管理多process，所以無需再安裝spawn-fcgi
ipkg update
ipkg install libuclibc++ php-fcgi nginx sqlite php-mysql php-gd php-curl  php-mbstring

#下載busybox-mipsel (比起ipkg的busybox，功能較完整也較沒bug)

cd /opt/bin
wget http://busybox.net/downloads/binaries/latest/busybox-mipsel
chmod +x busybox-mipsel

新增 /opt/etc/init.d/S80php-fcgi

#!/bin/sh

#本來是127.0.0.1:9000, 此處改以socket方式溝通
BIND=/tmp/php-fcgi.sock
#身份為nobody
USER=nobody
#產生的php-fcgi process數目，此處為1
PHP_FCGI_CHILDREN=1
PHP_FCGI_MAX_REQUESTS=1000

PATH=/opt/bin:/opt/sbin:/sbin:/bin:/usr/sbin:/usr/bin
PHP_CGI=/opt/bin/php-fcgi
PHP_CGI_NAME=`basename $PHP_CGI`
PHP_CGI_ARGS="- USER=$USER PATH=$PATH PHP_FCGI_CHILDREN=$PHP_FCGI_CHILDREN PHP_FCGI_MAX_REQUESTS=$PHP_FCGI_MAX_REQUESTS $PHP_CGI -b $BIND"
RETVAL=0

start() {
echo -n "Starting PHP FastCGI: "
/opt/bin/busybox-mipsel start-stop-daemon --quiet --start --background --chuid "$USER" --exec /usr/bin/env -- $PHP_CGI_ARGS
#start-stop-daemon -q -S -b -c "$USER" -x /usr/bin/env -- $PHP_CGI_ARGS
RETVAL=$?
echo "$PHP_CGI_NAME."
}
stop() {
echo -n "Stopping PHP FastCGI: "
killall -q -w -u $USER $PHP_CGI
RETVAL=$?
echo "$PHP_CGI_NAME."
}

case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
*)
echo "Usage: php-fastcgi {start|stop|restart}"
exit 1
;;
esac
exit $RETVAL

然後

chmod +x /opt/etc/init.d/S80php-fcgi

修改 /opt/etc/nginx/nginx.conf

#以nobody身份執行，若要加group=nobody，可改為 user nobody nobody
user  nobody;
worker_processes  1;

#產生log
error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
worker_connections  1024;
}


http {
include       mime.types;
default_type  application/octet-stream;

log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#產生log
access_log  logs/access.log  main;

sendfile        on;
#tcp_nopush     on;

#keepalive_timeout  0;
keepalive_timeout  65;

gzip  on;

server {
#修改port及domain
listen  80;
server_name  www.mydomain.com;

#改為utf-8
charset utf-8;

#access_log  logs/host.access.log  main;
#加入index.php
location / {
root   html;
index  index.html index.htm index.php;
}

#block specified file extension & key word
#location ~ (\.db|phpmyadmin) {
#    return 403;
#}

#error_page  404              /404.html;

# redirect server error pages to the static page /50x.html
#
error_page   500 502 503 504  /50x.html;
location = /50x.html {
root   html;
}

# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
#    proxy_pass   http://127.0.0.1;
#}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#以下區塊請照此修改
location ~ \.php$ {
root           html;
location ~ \..*/.*\.php$ {return 404;}
#fastcgi_pass  127.0.0.1:9000;
fastcgi_pass  unix:/tmp/php-fcgi.sock;
fastcgi_index  index.php;
fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
include        fastcgi_params;
}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
#    deny  all;
#}
}

# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
#    listen       8000;
#    listen       somename:8080;
#    server_name  somename  alias  another.alias;

#    location / {
#        root   html;
#        index  index.html index.htm;
#    }
#}


# HTTPS server
#
#server {
#    listen       443;
#    server_name  localhost;

#    ssl                  on;
#    ssl_certificate      cert.pem;
#    ssl_certificate_key  cert.key;

#    ssl_session_timeout  5m;

#    ssl_protocols  SSLv2 SSLv3 TLSv1;
#    ssl_ciphers  HIGH:!aNULL:!MD5;
#    ssl_prefer_server_ciphers   on;

#    location / {
#        root   html;
#        index  index.html index.htm;
#    }
#}

}

修改 /opt/share/nginx 資料夾權限

mkdir -p /opt/share/nginx/logs
chown -R nobody /opt/share/nginx

firewall script 加入此行

iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT

shutdown script 前面加入

/opt/etc/init.d/S80nginx stop
/opt/etc/init.d/S80php-fcgi stop
/opt/etc/init.d/S70mysqld stop

修改/opt/etc/php.ini，約第560行開始，加入sqlite模組

...
extension=sqlite.so
extension=pdo_sqlite.so
extension=pdo.so
...

修改 /opt/share/mysql/mysql.server (有安裝php-mysql會順便安裝mysql server)

...
#修改pid_file=
pid_file=$datadir/lib/mysql/mysqld.pid
..

服務重啟 ：

/opt/etc/init.d/S70mysqld restart
/opt/etc/init.d/S80php-fcgi restart
/opt/etc/init.d/S80nginx restart

記得改一下mysql的root密碼

mysqladmin -u root password 'new-password'

#重改mysql密碼(需輸入原來密碼)

mysqladmin -u root -p password 'new2-password'

在網站根目錄：/opt/share/nginx/html 寫個phpinfo跑跑看：

echo '<? phpinfo();' >> /opt/share/nginx/html/test.php

看看 http://yourdomain.com/test.php 是否有成功執行php

完成！gathering

Nginx相較於Lighttpd，處理速度更快、更穩定，且不易crash，bug及消耗的資源更少，
很適合在小AP上跑，用過就會讓人愛不釋手 yes

最後修改： duckfly (2012-10-22 13:57:59)