當使用nginx + php-fpm建立virtual host (server block)時,要注意權限問題,最好不同的site用不同的使用者去存取php-fpm的pool,以下以建立site1及site2二個網站為例:
1.建立使用者,並記得修改/etc/passwd為nologin
sudo groupadd site1
sudo useradd -g site1 site1
sudo groupadd site2
sudo useradd -g site2 site2
2022-10-03
php-fpm + nginx + codeigniter 使用 virtual host設定調校
2021-06-18
tomcat若前面有proxy,但又有阻擋ip的需求
tomcat若前面有proxy,但又有阻擋ip的需求,可以如下設定
(假設ip放在X-Forwarded-For裡):
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="X-Forwarded-For"
requestAttributesEnabled="true" />
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
deny="1\.2\.3\.\d+|5\.5\.\d+\.\d+" />
REF:
https://tomcat.apache.org/tomcat-8.0-doc/config/valve.html#Proxies_Support
https://stackoverflow.com/questions/33495416/restrict-access-to-tomcat-manager-by-ip
2018-07-16
Python CGI on Apache & FASTCGI on NginX
在Apache2上修改http.conf,讓Apache能以CGI執行python:
==============================================
...
LoadModule cgid_module modules/mod_cgid.so
...
<Directory "/opt/bitnami/apache2/htdocs">
...
Options FollowSymLinks MultiViews +ExecCGI
AddHandler cgi-script .py
...
</Directory>
==========================================================
若是使用bitnami LAMP stack,需再同時修改 conf/bitnami/bitnami.conf,修改設定同上
==========================================================
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
==========================================================
在NginX上修改nginx.conf,加入以下片段,以fast-cgi執行python:
==========================================================
location ~ \.py$ {
root html;
fastcgi_read_timeout 300;
#fastcgi_pass 127.0.0.1:10240;
fastcgi_pass unix:/tmp/python-fcgi.sock; #使用.sock監聽
fastcgi_index index.py;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi_params;
}
==========================================================
若是使用bitnami,可以新建一個 conf/bitnami/pythonfastcgi.conf,加入如上設定,並修改 conf/bitnami.conf,加入:
include "/Applications/nginxstack-1.10.1-2/nginx/conf/bitnami/pythonfastcgi.conf";
==========================================================
然後python需安裝flup,用來當做fastcgi的gateway(即符合fastcgi協定的SERVER,這樣才能溝通):
pip3 install flup
然後寫一支 wsgi.py,並啟動(以/tmp/python-fcgi.sock監聽):
==========================================================
#!/usr/local/bin/python3
#coding=utf-8
from html import escape
import sys, os
from flup.server.fcgi import WSGIServer
def app(environ, start_response):
start_response('200 OK', [('Content-Type', 'text/html')])
yield '<h1>FastCGI Environment</h1>'
yield '<table>'
for k, v in sorted(environ.items()):
yield '<tr><th>%s</th><td>%s</td></tr>' % (escape(k), escape(v))
yield '</table>'
if __name__ == '__main__':
# WSGIServer(app, bindAddress=('127.0.0.1',10240)).run()
WSGIServer(app, bindAddress='/tmp/python-fcgi.sock').run()
==========================================================
修改為執行檔並執行,再執行nginx:
chmod +x wsgi.py
./wsgi.py
systemctl start nginx
uWSGI是一個軟體專案名稱,而flup本身就是一個架構在uWSGI專案之上的server,同時支援了:
wsgi-->可支援fastcgi
uwsgi-->python web server protocol
http協定
等,因此Nginx也可以改用uwsgi(設定uwsgi_pass)去執行,可參考下面最後一個鏈結
ref:
https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
https://httpd.apache.org/docs/2.4/howto/cgi.html
http://uwsgi-docs.readthedocs.io/en/latest/WebServers.html
https://segmentfault.com/a/1190000003993249
https://www.digitalocean.com/community/tutorials/how-to-serve-flask-applications-with-uwsgi-and-nginx-on-ubuntu-14-04
==============================================
...
LoadModule cgid_module modules/mod_cgid.so
...
<Directory "/opt/bitnami/apache2/htdocs">
...
Options FollowSymLinks MultiViews +ExecCGI
AddHandler cgi-script .py
...
</Directory>
==========================================================
若是使用bitnami LAMP stack,需再同時修改 conf/bitnami/bitnami.conf,修改設定同上
==========================================================
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
==========================================================
在NginX上修改nginx.conf,加入以下片段,以fast-cgi執行python:
==========================================================
location ~ \.py$ {
root html;
fastcgi_read_timeout 300;
#fastcgi_pass 127.0.0.1:10240;
fastcgi_pass unix:/tmp/python-fcgi.sock; #使用.sock監聽
fastcgi_index index.py;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi_params;
}
==========================================================
若是使用bitnami,可以新建一個 conf/bitnami/pythonfastcgi.conf,加入如上設定,並修改 conf/bitnami.conf,加入:
include "/Applications/nginxstack-1.10.1-2/nginx/conf/bitnami/pythonfastcgi.conf";
==========================================================
然後python需安裝flup,用來當做fastcgi的gateway(即符合fastcgi協定的SERVER,這樣才能溝通):
pip3 install flup
然後寫一支 wsgi.py,並啟動(以/tmp/python-fcgi.sock監聽):
==========================================================
#!/usr/local/bin/python3
#coding=utf-8
from html import escape
import sys, os
from flup.server.fcgi import WSGIServer
def app(environ, start_response):
start_response('200 OK', [('Content-Type', 'text/html')])
yield '<h1>FastCGI Environment</h1>'
yield '<table>'
for k, v in sorted(environ.items()):
yield '<tr><th>%s</th><td>%s</td></tr>' % (escape(k), escape(v))
yield '</table>'
if __name__ == '__main__':
# WSGIServer(app, bindAddress=('127.0.0.1',10240)).run()
WSGIServer(app, bindAddress='/tmp/python-fcgi.sock').run()
==========================================================
修改為執行檔並執行,再執行nginx:
chmod +x wsgi.py
./wsgi.py
systemctl start nginx
uWSGI是一個軟體專案名稱,而flup本身就是一個架構在uWSGI專案之上的server,同時支援了:
wsgi-->可支援fastcgi
uwsgi-->python web server protocol
http協定
等,因此Nginx也可以改用uwsgi(設定uwsgi_pass)去執行,可參考下面最後一個鏈結
ref:
https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
https://httpd.apache.org/docs/2.4/howto/cgi.html
http://uwsgi-docs.readthedocs.io/en/latest/WebServers.html
https://segmentfault.com/a/1190000003993249
https://www.digitalocean.com/community/tutorials/how-to-serve-flask-applications-with-uwsgi-and-nginx-on-ubuntu-14-04
2015-02-03
Nginx 的 mod_rewirte 寫法
Nginx rewirte:
http://web302.com/tag/kohana3/
http://www.farinspace.com/codeigniter-nginx-rewrite-rules/
http://codeigniter.com/forums/viewthread/90231/
Nginx反盜連:
http://anejd.com/433.html#more-433
http://codeigniter.com/forums/viewthread/99180/
http://www.farinspace.com/codeigniter-nginx-rewrite-rules/
http://520.be/1440-nginx-%E4%BD%BF%E7%94%A8-htaccess-%E4%BF%9D%E8%AD%B7%E9%98%B2%E7%9B%9C%E9%80%A3%E9%99%90%E9%80%9F.html
http://blog.xuite.net/chingwei/blog/45256609-%E3%80%90%E7%B3%BB%E7%B5%B1%E3%80%91Nginx+%3A+%E7%94%A8+Referer+%E6%88%96+IP+%E4%BE%86%E6%93%8B%E7%9B%9C%E9%80%A3
http://jamesbond0479.blog.163.com/blog/static/241475820108610279889/?suggestedreading&wumii
http://web302.com/tag/kohana3/
http://www.farinspace.com/codeigniter-nginx-rewrite-rules/
http://codeigniter.com/forums/viewthread/90231/
Nginx反盜連:
http://anejd.com/433.html#more-433
http://codeigniter.com/forums/viewthread/99180/
http://www.farinspace.com/codeigniter-nginx-rewrite-rules/
http://520.be/1440-nginx-%E4%BD%BF%E7%94%A8-htaccess-%E4%BF%9D%E8%AD%B7%E9%98%B2%E7%9B%9C%E9%80%A3%E9%99%90%E9%80%9F.html
http://blog.xuite.net/chingwei/blog/45256609-%E3%80%90%E7%B3%BB%E7%B5%B1%E3%80%91Nginx+%3A+%E7%94%A8+Referer+%E6%88%96+IP+%E4%BE%86%E6%93%8B%E7%9B%9C%E9%80%A3
http://jamesbond0479.blog.163.com/blog/static/241475820108610279889/?suggestedreading&wumii
訂閱:
文章 (Atom)