nginx虚拟主机防webshell跨目录
nginx虚拟主机防webshell跨目录原文:http://key0.cn/index.php/archives/588
说明:www.key0.cn的web目录/var/www/test; www.nginx.org的web目录/var/www/test1
1.在nginx.conf里把每个虚拟主机站点请求端口给区别开server
{
listen 80;
server_name www.key0.cn;
index index.html index.htm index.php;
root /var/www/test;#limit_conn crawler 20;location ~ .*\.(php|php5)?$
{
#fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fcgi.conf;
}
}server
{
listen 80;
server_name www.nginx.org;
index index.html index.htm index.php;
root /var/www/test1;#limit_conn crawler 20;location ~ .*\.(php|php5)?$
{
#fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_pass 127.0.0.1:9001;
fastcgi_index index.php;
include fcgi.conf;
}
}
复制代码2.为每个站点建一个conf,并进行配置
#cp/usr/local/php/etc/php-fpm.conf/usr/local/php/etc/www.key0.cn.conf
#cp/usr/local/php/etc/php-fpm.conf/usr/local/php/etc/www.nginx.org.conf
www.key0.cn
在/usr/local/php/etc/www.key0.cn.conf找到php_defines,添加
<value name=”open_basedir”>/var/www/test:/tmp:/var/tmp</value>
www.nginx.org
在/usr/local/php/etc/nginx.org.conf找到php_defines,添加
<value name=”open_basedir”>/var/www/test1:/tmp:/var/tmp</value>
修改为<value name=”listen_address”>127.0.0.1:9001</value> 注意这里的端口号
3.修改 php-fpm启动脚本
首先注释原来的php_fpm_CONF和php_opts
添加$php_fpm_BIN ?fpm ?fpm-config /usr/local/php/etc/www.key0.cn.conf
$php_fpm_BIN ?fpm ?fpm-config /usr/local/php/etc/www.nginx.org.conf
4.启动服务
#/usr/local/php/sbin/php-fpm start
#/usr/local/nginx/sbin/nginx
查看端口#netstat -tlnp
开了9000 9001俩个不同的端口分开处理两个站点请求,两个php-cgi主进程加载不同的conf文件,实验成功.
当然,启动之前记得conf里面的max_children,开启php-cgi子进程数,相应要减少一些,以免造成内存不足 谢谢分享
页:
[1]