Cause: Previously, nginx and php-fpm were configured on the same machine, which was very smooth. Recently, I experimented that nginx, php, and mysql services are independent, and it took a long time to configure them to really clarify the relationship between the two. Record it here.
1. The IP of each server
nginx 192.168.1.100
php-fpm 192.168.1.200
Second, the main configuration of each server
nginx server {} configuration
server {
listen 8090 ;
listen [::]:8090 ;
root /var/www/wordpress;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm ;
server_name www.test1.com;
location ~ \.php$ {
# root /home/php-fpm/web; ##该配置决定从php-fpm服务器上的哪个目录获得*.php文件;若不使用,则需保证php-fpm服务器器上有和ngix服务同样的地址:/var/www/wordpress
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
# include snippets/fastcgi-php.conf;
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/run/php/php8.2-fpm.sock;
# # With php-cgi (or other tcp sockets):
fastcgi_pass 192.168.1.200:3090;
}
}
php-fpm ~/pool.d/wordpress.conf
[wordpress]
user = www-data
group = www-data
listen = 0.0.0.0:3090
;下面的 listen.allowed.clents,指定了仅监听nginx服务器,不指定的化其他服务器也可以调用该池配置
listen.allowed_clients = 192.168.1.100
listen.owner = www-data
listen.group = www-data
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.max_spawn_rate = 32
pm.process_idle_timeout = 10s
Fourth, edit the php inspection document
1. Create a folder /var/www/wordpress in the php-fpm server
mkdir -p /var/www/wordpress
2. info.php in php-fpm server
cat /var/www/wordpress/info.php
<?php
echo ' This PHP is on ip 200 !' ;
?>
3. info.php in nginx server
cat /var/www/wordpress/info.php
<?php
echo ' This PHP is on ip 100 !' ;
?>
4. The phpinfo.php file in the nginx server
cat /var/www/wordpress/phpinfo.php
<?php
phpinfo();
?>
5. Enter the ip test after restarting the service
1. Restart the service
## 在php-fpm 服务器中
systemctl restart php8.2-fpm
## 在nginx 服务器中
systemctl restart nginx
2. Enter in the browser:
A: http://192.168.1.100:8090/info.php
B: http://192.168.1.100:8090/phpinfo.php
3. Test results:
You will find that when you enter link A, the displayed content is This PHP is on ip 200 !
If you enter link B, an error message will appear; if you copy phpinfo.php to the server where php-fpm is located, you will get the information of the PHP server.
6. Conclusion
Nginx configures the php-fpm call, which is actually equivalent to nginx reverse proxying the php-fpm server. The php documents accessed through the nginx server address all exist on the php-fpm server .
The two configurations that need special attention are that in the configuration items of the nginx server, because the fastcgi_params file in /etc/nginx/ does not have the following configuration items, it must be followed by a configuration: fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
If you use include fastcgi.conf; you can not add this configuration sentence.
In the php-fpm configuration item, listen = 0.0.0.0:3090, this configuration specifies the port to be monitored by the pool configuration document and the ip of the nginx service to be monitored; it is best to use 0.0.0.0 to ensure that the call can be successful. If you want to really restrict, you can add another sentence of configuration: listen.allowed_clients = 192.168.1.100 . Configure it as the ip of your nginx server.
7. Nginx is deployed on the frp server as a forwarding proxy configuration
1. frps. ini
cat /etc/frp/frps.ini
[common]
bind_port = 7000
vhost_http_port = 8080
2. nginx server configuration on frps server
cat /etc/nginx/sites-enabled/wordpress.conf
server {
listen 80;
server_name wordpress.yourdomain.com;
return 301 https://wordpress.yourdomain.com$request_uri;
}
server {
listen 443 ssl;
server_name wordpress.yourdomain.com;
ssl_certificate /etc/letsencrypt/live/wordpress.yourdomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/wordpress.yourdomain.com/privkey.pem; # managed by Certbot
# ssl_certificate /path/to/your/certificate;
# ssl_certificate_key /path/to/your/certificate/key;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:8080; ## 因为frps.ini中的 vhost_http_port = 8080
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
### 下面的内容是将wordpress.yourdomain.com 的80端内容,转换为https,这样就可以不在frpc上配置ssl
server {
if ($host = wordpress.yourdomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name wordpress.yourdomain.com ;
return 404; # managed by Certbot
}
3. Configuration of local frpc server
cat /etc/frp/frpc.ini
[common]
server_addr = frp.yourdomain.com ## frps 服务器的域名
server_port = 6666
[web-4]
type = http
local_ip = 192.168.1.100
local_port = 8090 # wordpress.yourdomain.com 的本地端口;若只有一个网站则可采用默认的80端
custom_domains =wordpress.yourdomain.com
4. Nginx server configuration installed on the same machine as local frpc
server {
listen 8090 ;
listen [::]:8090 ;
root /var/www/wordpress;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm ;
server_name www.test1.com;
location ~ \.php$ {
# root /home/php-fpm/web; ##该配置决定从php-fpm服务器上的哪个目录获得*.php文件;若不使用,则需保证php-fpm服务器器上有和ngix服务同样的地址:/var/www/wordpress
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
# include snippets/fastcgi-php.conf;
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/run/php/php8.2-fpm.sock;
# # With php-cgi (or other tcp sockets):
fastcgi_pass 192.168.1.200:3090;
}
}