nginx虚拟主机防webshell跨目录

1.在nginx.conf里把每个虚拟主机站点请求端口给区别开

server {

listen 80;
server_name www.key0.cn;
index index.html index.htm index.php;
root /var/www/test;

#limit_conn crawler 20;

location ~ .*.(php|php5)?$ {
#fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fcgi.conf;
}
}

server {
listen 80;
server_name www.nginx.org;
index index.html index.htm index.php;
root /var/www/test1;
#limit_conn crawler 20;
location ~ .*.(php|php5)?$ {
#fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_pass 127.0.0.1:9001;
fastcgi_index index.php;
include fcgi.conf;
}
}

2.为每个站点建一个conf,并进行配置

#cp /usr/local/php/etc/php-fpm.conf  /usr/local/php/etc/www.key0.cn.conf
#cp  /usr/local/php/etc/php-fpm.conf  /usr/local/php/etc/www.nginx.org.conf

www.key0.cn

在/usr/local/php/etc/www.key0.cn.conf找到php_defines,添加

<value name=”open_basedir”>/var/www/test:/tmp:/var/tmp</value>

www.nginx.org

在/usr/local/php/etc/nginx.org.conf找到php_defines,添加

<value name=”open_basedir”>/var/www/test1:/tmp:/var/tmp</value>

修改为<value name=”listen_address”>127.0.0.1:9001</value>   注意这里的端口号

3.修改 php-fpm启动脚本
首先注释原来的php_fpm_CONF和php_opts
添加
$php_fpm_BIN –fpm –fpm-config /usr/local/php/etc/www.key0.cn.conf
$php_fpm_BIN –fpm –fpm-config /usr/local/php/etc/www.nginx.org.conf
4.启动服务
#/usr/local/php/sbin/php-fpm start
#/usr/local/nginx/sbin/nginx
查看端口
#netstat -tlnp
开了9000,9001俩个不同的端口分开处理两个站点请求,两个php-cgi主进程加载不同的conf文件,实验成功.

当然,启动之前记得conf里面的max_children,开启php-cgi子进程数,相应要减少一些,以免造成内存不足

补充:

spawn-fcgi -a 127.0.0.1 -p 9000 -C 9 -u www -f “/usr/local/php/bin/php-cgi -d open_basedir=/var/www/test:/tmp/”

转自:http://key0.cn

转载请注明文章来源:http://www.linuxso.com/a/linuxxitongguanli/416.html

One thought on “nginx虚拟主机防webshell跨目录

  1. Pingback: [教程]Centos下安装lnmp教程(最新版2012-02-05) | haohtml's blog

Leave a Reply