Nginx+php-fpm vhost creator

Ez a csomag megkönnyíti nginx vhostok keszítését php-fpm használatával. Minden vhos külön felhasználói joggal fog futni, így megnöveli a szever biztonságát.

A csomag 2 db template file-t tartalmaz, valamint a scriptet.

nginx vhost template

vhost_template.conf


upstream phpPORT {
server 127.0.0.1:PORT;
}

server {
listen 80;
server_name DOMAIN www.DOMAIN;
access_log /var/log/nginx/DOMAIN-acc.log;
error_log /var/log/nginx/DOMAIN-err.log;
root /var/www/DOMAIN/web;
index index.php index.html;
try_files $uri $uri/ /index.php?q=$uri&$args;
location ~* \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_ {
deny all;
}
error_page 403 = 404;
location ~* wp-admin/includes { deny all; }
location ~* wp-includes/theme-compat/ { deny all; }
location ~* wp-includes/js/tinymce/langs/.*\.php { deny all; }
location /wp-content/ { internal; }
location /wp-includes/ { internal; }
location ~* wp-config.php { deny all; }
location ~* ^/wp-content/uploads/.*.(html|htm|shtml|php|js|swf)$ {
types { }
default_type text/plain;
}
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ {
expires max;
log_not_found off;
}
location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;

fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
fastcgi_pass phpPORT;
}
location = /xmlrpc.php {
deny all;
access_log off; #to prevent from filling up the access log file
error_log off; #to prevent from filling up the error log file
}
}

php-fpm pool template

pool_template.conf

[USER]
user = USER
group = USER
listen = 127.0.0.1:PORT
pm = dynamic
pm.max_children = 10
pm.start_servers = 4
pm.min_spare_servers = 2
pm.max_spare_servers = 6
chdir = /

shell script
vhostcreate

#!/bin/bash

if [ "" == "q" ]; then
 echo Installed ports and users
 grep ^listen /etc/php5/fpm/pool.d/*| grep -v owner| grep -v group| sed -e 's/\//\:/g'| sed -e 's/\=/\:/g'| sed -e 's/\./\:/g'| awk -F":" '{print "Username: " " Port: "}'
 exit
fi

if [ "$#" -ne 2 ] || [  != "q" ]; then
 echo "Illegal number of parameters"
 echo " <user> <domain>"
 echo " <user> is sytemm user for php-fpm"
 echo " <domain> new domain"
 echo " q (list installed ports with username"
 exit
fi

if [ ${#1} -gt 13 ]; then
 echo "Username max length 13 characters"
 exit
fi

USER=$1
DOMAIN=$2

PORT=`grep ^listen /etc/php5/fpm/pool.d/*| grep -v www| awk -F"=" '{print }'| awk -F":" '{print }'| sort -r |head -1`
PORT=$((PORT+1))
echo Php-fpm port: $PORT
echo mkdir /var/www/$DOMAIN/web
cd /var/www
useradd -d /var/www/$DOMAIN/web -M -U -s /bin/false $USER
chown -R $USER:$USER $DOMAIN
cp /usr/local/vhost/pool_template.conf /usr/local/vhost/$USER.conf
rpl PORT $PORT /usr/local/vhost/$USER.conf>/dev/null
rpl USER $USER /usr/local/vhost/$USER.conf>/dev/null
cp /usr/local/vhost/vhost_template.conf /usr/local/vhost/$DOMAIN.conf

rpl PORT $PORT /usr/local/vhost/$DOMAIN.conf>/dev/null
rpl DOMAIN $DOMAIN /usr/local/vhost/$DOMAIN.conf>/dev/null
cp /usr/local/vhost/$DOMAIN.conf /etc/nginx/sites-available
cp /usr/local/vhost/$USER.conf /etc/php5/fpm/pool.d/
ln -s /etc/nginx/sites-available/$DOMAIN.conf /etc/nginx/sites-enabled

A fenti templateket az /usr/local/vhost konyvtárba kell másolni, a bash sctiptet célszerű az /usr/local/bin könyvtárba.

Ha a vhostcreate scriptet paraméter nelkül indítjuk, akkor kiírja a paraméterezési lehetősegeit.
Mivel tcp portra bindel a php-fpm (megoldhato sockettel is),így minden vhostnál növeljük egyel a tcp port számát.

Tesztelve Ubuntun.

Vélemény, hozzászólás?

Az email címet nem tesszük közzé.

tizenhét − 14 =