-2

所以我正在尝试在我的 Ubuntu 16.04 DO droplet 上设置一个 YOURLS URL 缩短器。我对 MySQL 和 PHP 很陌生,所以我不知道可能出了什么问题。我对 Nginx 非常满意,因为我一直在使用它,但似乎这些错误是由 MySQL 数据库和/或 PHP 配置引起的。

设置: Nginx root(用于站点):(/var/www/bnbr.co/public_html bnbr.co 是我将使用的域)

PHP 配置文件(位于/var/www/bnbr.co/public_html/config.php

php7.0-fpm 池(位于/etc/php/7.0/fpm/pool.d/username.conf

MySQL 设置:

MariaDB [(none)]> CREATE DATABASE yourls; MariaDB [(none)]> GRANT ALL PRIVILEGES ON yourls.* TO 'username'@'localhost' IDENTIFIED BY 'passwd'; MariaDB [(none)]> FLUSH PRIVILEGES; MariaDB [(none)]> \q

编辑:域的 Nginx 配置文件(位于/etc/nginx/sites-enabled/bnbr_co

            # main

                    server {

                            listen 443;
                            server_name bnbr.co;

                            root /var/www/bnbr.co/public_html;
                            index index.php;

                            ssl on;
                            ssl_certificate /etc/letsencrypt/live/bnbr.co/cert.pem;
                            ssl_certificate_key /etc/letsencrypt/live/bnbr.co/privkey.pem;

                            ssl_session_timeout 10m;

                            ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
                            ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
                            ssl_prefer_server_ciphers on;

                      location / {

                    try_files $uri $uri/ /yourls-loader.php;
                    expires 14d;
                    add_header Cache-Control 'public';
                }

                location ~ \.php$ {
                    fastcgi_split_path_info ^(.+\.php)(/.+)$;
                    fastcgi_pass unix:/var/run/php/php7.0-fpm-username.sock;
                    fastcgi_index index.php;
                    include fastcgi_params;
                    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                    fastcgi_intercept_errors off;
                    fastcgi_buffer_size 16k;
                    fastcgi_buffers 4 16k;
}
            }





    # HTTP --> HTTPS REDIRS

            # main

                    server {
                            listen 80;
                            server_name bnbr.co;
                            return 301 https://$server_name$request_uri;
                    } #`

我是这个东西的新手,所以我希望你们能提供帮助。

谢谢!

4

1 回答 1

0

我将把所有必要的步骤放在这里。

1)创建用户并完成它将询问的步骤:

adduser bnbr

2)创建文件夹:

mkdir -p /home/bnbr/public
mkdir -p /home/bnbr/logs
mkdir -p /home/bnbr/tmp

3)复制你的东西到public文件夹

4) 设置所有者和模组:

chown -R bnbr:bnbr /home/bnbr
chmod -R 0755 /home/bnbr/public
chmod -R 0755 /home/bnbr/logs
chmod -R 0755 /home/bnbr/tmp

/etc/php/7.0/fpm/pool.d/bnbr.conf5)使用以下内容创建php池配置:

[brbr]

user = brbr
group = brbr

listen = /var/run/php-fpm.brbr.sock
listen.owner = brbr
listen.group = brbr
listen.mode = 0666

pm = ondemand
pm.max_children = 16
pm.process_idle_timeout = 10s
pm.max_requests = 32
chdir = /

php_admin_flag[display_errors] = on
php_admin_value[error_log] = /home/bnbr/logs/fpm-php.bnbr.log
php_admin_value[log_level] = "warning"
php_admin_flag[log_errors] = on
php_admin_value[memory_limit] = 128M
php_admin_value[post_max_size] = 16M
php_admin_value[upload_max_filesize] = 16M
php_admin_value[upload_tmp_dir] = /home/bnbr/tmp
php_admin_flag[allow_url_fopen] = on
php_admin_value[open_basedir] = "/usr/share/php:/tmp:/usr/local/lib/php:/home/brbr/logs:/home/bnbr/public:/home/bnbr/tmp"

6)重启php-fpm服务

7)为nginx创建主机配置并使其启用:

server {
  listen ssl 443;
  server_name bnbr.co www.bnbr.co;

  root /home/bnbr/public
  index index.php;

  ssl on;
  ssl_certificate /etc/letsencrypt/live/bnbr.co/cert.pem;
  ssl_certificate_key /etc/letsencrypt/live/bnbr.co/privkey.pem;
  ssl_session_timeout 10m;
  ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
  ssl_prefer_server_ciphers on;

  location / {
    try_files $uri $uri/ /yourls-loader.php;
    autoindex off;
    access_log off;
    if (!-f $request_filename) {
      rewrite /(.*)$ /yourls-loader.php last;
      break;
    }
  }

  location ~ \.php$ {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass unix:/var/run/php-fpm.bnbr.sock;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_intercept_errors off;
    fastcgi_buffer_size 16k;
    fastcgi_buffers 4 16k;
  }
}

8)重启nginx



解释:

我正在创建bnbr用户以将所有东西都保存在与用户权限位置隔离的混凝土中。

在 php-fpm 池配置中告诉我需要具有bnbr特权的 fpm 侦听器,并定义由 fpm php 进程生成的可以使用open_basedir指令访问的位置。

告诉 nginx 检查/home/bnbr/public文件夹。

PS不需要letsencrypt,只需将您的域附加到CloudFlare,它将为您提供长期通配符ssl证书+将隐藏您的服务器免受ddos攻击。

于 2017-08-11T21:10:30.763 回答