龙盟编程博客 | 无障碍搜索 | 云盘搜索神器
快速搜索
主页 > 操作系统 > LINUX系统 >

lnmp多用户安全运行环境(chroot)(6)

时间:2014-05-29 11:45来源:网络整理 作者:网络 点击:
分享到:
sed -i 's#; extension_dir = ./#extension_dir = /usr/local/php5.4/lib/php/extensions/no-debug-non-zts-20100525/#' /usr/local/php5.4/etc/php.ini sed -i 's#;include_path = .:/php/includes#include_path =

sed -i 's#; extension_dir = "./"#extension_dir = "/usr/local/php5.4/lib/php/extensions/no-debug-non-zts-20100525/"#' /usr/local/php5.4/etc/php.ini
sed -i 's#;include_path = ".:/php/includes"#include_path = ".:/usr/local/php5.4/lib/php/:/usr/local/php5.4/share/pear"#g' /usr/local/php5.4/etc/php.ini
sed -i 's/post_max_size = 8M/post_max_size = 50M/g' /usr/local/php5.4/etc/php.ini
sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 50M/g' /usr/local/php5.4/etc/php.ini
sed -i 's#;upload_tmp_dir =#upload_tmp_dir = /tmp/#g' /usr/local/php5.4/etc/php.ini
#sed -i 's/disable_functions =/disable_functions = exec,system,passthru,shell_exec,escapeshellcmd,ini_alter,dl,proc_open,proc_exec,proc_close,chown,ini_restore,dbmopen,dbase_open,curl_multi_exec,multi_exec,gzinflate,parse_ini_file,show_source,escapeshellarg,escapeshellcmd,stream_socket_server,popepassthru,pfsockopen,set_time_limit/g' /usr/local/php5.4/etc/php.ini
sed -i 's/;date.timezone =/date.timezone = PRC/g' /usr/local/php5.4/etc/php.ini
sed -i 's/short_open_tag = Off/short_open_tag = On/g' /usr/local/php5.4/etc/php.ini
sed -i 's/max_execution_time = 30/max_execution_time = 300/g' /usr/local/php5.4/etc/php.ini

五、编译nginx,引入两个模块,因基本缓存需要而增加了ngx_cache_purge,因rewrite的需要而增加pcre库。
1、编译最新版nginx,加入SPDY模块
rpm -Uvh http://dl.iuscommunity.org/pub/ius/stable/Redhat/6/x86_64/ius-release-1.0-11.ius.el6.noarch.rpm
yum install git gcc-c++ make pcre-devel openssl-devel libxslt-devel gd-devel zlib-devel geoip-devel yum-plugin-replace
yum replace openssl --replace-with=openssl10 --enablerepo=ius-testing
cd /usr/local/src
wget -c http://nginx.org/download/nginx-1.4.2.tar.gz
wget -c http://labs.frickle.com/files/ngx_cache_purge-2.1.tar.gz
wget -c http://sourceforge.net/projects/pcre/files/pcre/8.32/pcre-8.32.tar.gz/download
tar -zxf Nginx-accesskey-2.0.3.tar.gz
tar -zxf pcre-8.32.tar.gz
tar -zxf ngx_cache_purge-2.1.tar.gz
tar -zxf nginx-1.4.2.tar.gz
cd /usr/local/src/nginx-1.4.2
./configure --user=www --group=www --prefix=/usr/local/nginx --sbin-path=/usr/sbin/nginx --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_spdy_module --with-http_realip_module --with-http_sub_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_stub_status_module --with-http_addition_module --with-google_perftools_module --add-module=/usr/local/src/ngx_cache_purge-2.1 --with-pcre=/usr/local/src/pcre-8.32 --with-debug
make && make install
mkdir /usr/local/nginx/conf/vhosts

2、创建开机启动init脚本
wget -O /etc/rc.d/init.d/nginx http://dl.icodex.org/init.nginx
chmod +x /etc/rc.d/init.d/nginx
chkconfig --add nginx
chkconfig nginx on
service nginx start

3、设置nginx配置文件和几个在运行中可能引入的配置
cat >/usr/local/nginx/conf/fastcgi.inc <<EOF
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE "nginx";

fastcgi_param QUERY_STRING \$query_string;
fastcgi_param REQUEST_METHOD \$request_method;
fastcgi_param CONTENT_TYPE \$content_type;
fastcgi_param CONTENT_LENGTH \$content_length;

fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
fastcgi_param SCRIPT_NAME \$fastcgi_script_name;
fastcgi_param REQUEST_URI \$request_uri;
fastcgi_param DOCUMENT_URI \$document_uri;
fastcgi_param DOCUMENT_ROOT \$document_root;
fastcgi_param SERVER_PROTOCOL \$server_protocol;

fastcgi_param REMOTE_ADDR \$remote_addr;
fastcgi_param REMOTE_PORT \$remote_port;
fastcgi_param SERVER_ADDR \$server_addr;
fastcgi_param SERVER_PORT \$server_port;
fastcgi_param SERVER_NAME \$server_name;

fastcgi_param HTTPS \$https if_not_empty;
fastcgi_param HTTP_ACCEPT_ENCODING invalid;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

try_files \$fastcgi_script_name =404;
EOF

cat >/usr/local/nginx/conf/fastcgi_cache.inc <<EOF
fastcgi_cache fastcgi;
fastcgi_cache_key \$request_method\$scheme\$host\$request_uri;
#fastcgi_cache_purge fastcgi \$request_method\$scheme\$host\$1;
fastcgi_cache_min_uses 1;
fastcgi_cache_valid 200 302 10m;
fastcgi_cache_valid 301 1h;
fastcgi_cache_valid any 1m;
fastcgi_cache_use_stale error timeout invalid_header http_500;
fastcgi_cache_bypass \$skip_cache;
fastcgi_no_cache \$skip_cache;
add_header Nginx-Cache "$upstream_cache_status";
EOF

精彩图集
Linux命令(shell)从入门到精通 学习笔记之1 文件安全与权限
Linux命令(s

热门标签

多个进程 用户注册 type libxml 时间段 默认选项 层次 大文件 oracle分页 XMLHttpRequ 符号优先级 java教程 很不错的 文件限制 InnoDB建表 货物管理系统 phpmyadmin outerHtml tooltips 动态库 静态绑定 Transition 占用内存过高 CCControlPot 自动刷新 to_char 同步更新 远程不能访问 汉诺塔 phpize 指定行 position:fix 层固定位置 程序语言 ydev GBK中文 图片裁剪 更新app 传输文件 lvm 是否存在 goto php 在 shell排序 加载完 序号 下拉式菜单 非递 setUp 插入更新 杨建 恶意病毒 查壳 java调用c++ 连接方式 整数 无法加载 连连看 AES256

赞助商链接