Nginx 真的是效能非常優異的 Web Server,其實早就知道這一點,但因為實在是待在 Apache 的舒適圈太習慣了,所以一直沒有嘗試用 Nginx 來當作 Web Server,但用過之後保證會上癮!
手上的專案是用 Codeigniter 開發的,由於 Nginx 預設不支援 PATH_INFO,所以當我們從 Apache 遷移過來的時候,網站基本上是無法運作的,經過了一番調整後,現在運行的非常順利。
WordPress 的部分是做為網站文章相關的呈現使用,由於一些考量我們決定安裝在子目錄中,所以設定會在同一份中。
環境說明:
CentOS 7 x64 Nginx 1.11.5 ( yum 安裝的,如果你需要其他模組就要自行編譯囉 ) PHP 7.0.12 + PHP-FPM Code Igniter 3.0.6 Wordpress 4.6.1
Nginx 預設的設定檔位置在
/etc/nginx/conf.d/default.conf
以下是我的設定檔
server { listen 80; listen *:443 ssl; # 這邊是我 SSL 的相關設定,如果沒有要裝 SSL 可以忽略 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_certificate /etc/dehydrated/certs/sample.com/cert.pem; ssl_certificate_key /etc/dehydrated/certs/sample.com/privkey.pem; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_dhparam /etc/ssl/certs/dhparam.pem; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; # 網址、根目錄等基本設定 server_name sample.com; root /var/www/html; index index.php index.html; error_page 404 /404.html; # redirect server error pages to the static page /50x.html error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } # WordPress 安裝的目錄 content location /content { index index.php; try_files $uri $uri/ /content/index.php?$args; } # 根目錄,Codeigniter 是裝在這 location / { index index.php; if (!-e $request_filename) { rewrite ^/(.*)$ /index.php/$1 last; break; } } # PHP 相關設定 location ~\.php { # PHP-FPM 的設定,用 Sock 或 IP 都可以 fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; fastcgi_index index.php; include fastcgi_params; # PATH_INFO 相關設定 set $real_script_name $fastcgi_script_name; if ($fastcgi_script_name ~ ^(.+?\.php)(/.+)$) { set $real_script_name $1; set $path_info $2; } fastcgi_param SCRIPT_FILENAME $document_root$real_script_name; fastcgi_param SCRIPT_NAME $real_script_name; fastcgi_param PATH_INFO $path_info; # 如果要上傳比較大的檔案,記得設定 client_max_body_size 10M; # Timeout 設定,可不設 fastcgi_read_timeout 3600; } # Let's Encrypt 認證網址用的 location /.well-known/acme-challenge/ { alias /var/www/dehydrated/; } }
還有 fastcgi_params 檔案內容:
fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REQUEST_SCHEME $scheme; fastcgi_param HTTPS $https if_not_empty; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; # PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_param REDIRECT_STATUS 200;
設定就到這,重新啟動 Nginx 可以 Dump 出來看看 PATH_INFO 是否正確,另外說明 php.ini 中的 cgi.fix_pathinfo 參數不需要打開,也避免有安全性疑慮,Codeigniter 的 $config[‘uri_protocol’] 是 REQUEST_URI,可以直接 var_dump 檢查
var_dump($_SERVER);
發佈留言