将php7.0升级到php7.2

时间:2018-11-06 09:54:07

标签: php ubuntu nginx

我已经成功地将我的Ubuntu服务器从php7.0升级到了php7.2 我在php-fpm中使用Nginx。虽然php -v输出是:

  

PHP 7.2.11-4 + ubuntu16.04.1 + deb.sury.org + 1(cli)(内置:2018年11月4日05:10:57)(NTS)   版权所有(c)1997-2018 The PHP Group   Zend Engine v3.2.0,版权所有(c)1998-2018 Zend Technologies       使用ionCube PHP Loader(已启用)+来自ioncube24.com的入侵保护(未配置)v10.2.5,版权所有(c)2002-2018,由ionCube Ltd.       与Zend OPcache v7.2.11-4 + ubuntu16.04.1 + deb.sury.org + 1,Zend Technologies版权所有(c)1999-2018

我注意到Nginx仍然使用php-fpm7.0运行。 我检查了一下,php-fpm 7.0和7.2都在运行。 我的/etc/nginx/conf.d/mysite.com.conf不包含

  

位置〜* .php $

行。

输出

  

查找/(-iname“ php.ini” -o -name“ www.conf”)

/etc/php/7.0/apache2/php.ini  
/etc/php/7.0/fpm/pool.d/www.conf  
/etc/php/7.0/fpm/php.ini  
/etc/php/7.0/cli/php.ini  
/etc/php/7.2/fpm/pool.d/www.conf  
/etc/php/7.2/fpm/php.ini  
/etc/php/7.2/cli/php.ini

我也没有任何/etc/nginx/conf.d/mysite.com.conf文件
我在/etc/nginx/conf.d/

中只有global_locations_ssl.conf.inc

的输出
  

ps -aux | grep nginx 

root      3123  0.0  0.0  37944  4192 ?        Ss   Nov05   0:00               nginx: master process /usr/sbin/nginx -g daemon on; master_process on;  
www-data  3124  0.0  0.0  37944  8416 ?        S    Nov05   0:54 nginx: worker process  
www-data  3125  0.0  0.0  37944  8500 ?        S    Nov05   0:58 nginx: worker process  
www-data  3126  0.0  0.0  37944  8552 ?        S    Nov05   2:04 nginx: worker process  
www-data  3127  0.0  0.0  37944  8588 ?        S    Nov05   1:04 nginx: worker process  
www-data  3128  0.0  0.0  37944  8668 ?        S    Nov05   1:10 nginx: worker process  
www-data  3129  0.0  0.0  37944  8536 ?        S    Nov05   1:27 nginx: worker process  
root     22931  0.0  0.0  13348   916 pts/0    R+   12:50   0:00 grep --color=auto nginx

所以我的Nginx主进程以root身份运行。

我应该检查些什么来解决此问题?

2 个答案:

答案 0 :(得分:0)

您可以在https://linode.com/docs/web-servers/nginx/serve-php-php-fpm-and-nginx/

中找到完整的解决方案

取决于您的发行版和PHP版本,PHP配置文件将存储在不同的位置。本指南以Ubuntu 16.04上Ubuntu仓库中的PHP 7.0为例,并

`/etc/php/7.0/fpm/pool.d/www.conf and /etc/php/7.0/fpm/php.ini` 

files are what we’ll be modifying.

Find those full file paths using a find command:

`find / \( -iname "php.ini" -o -name "www.conf" \)`

The output should look similar to:

`root@localhost:~# find / \( -iname "php.ini" -o -name "www.conf" \)
/etc/php/7.0/fpm/php.ini
/etc/php/7.0/fpm/pool.d/www.conf
/etc/php/7.0/cli/php.ini
`

The listen.owner and listen.group variables are set to www-data by default, but they need to match the user and group NGINX is running as. If you installed NGINX using our Getting Started with NGINX series, then your setup will be using the nginx user and group. You can verify with:

`ps -aux | grep nginx`

The output should be similar to:

`
root@localhost:~# ps -aux | grep nginx
root      3448  0.0  0.0  32500  3516 ?        Ss   18:21   0:00 nginx: master process /        usr/sbin/nginx -c /etc/nginx/nginx.conf
nginx     3603  0.0  0.0  32912  2560 ?        S    18:24   0:00 nginx: worker process
nginx     3604  0.0  0.0  32912  3212 ?        S    18:24   0:00 nginx: worker process
`
This shows the NGINX master process is running as root, and the worker processes are running as the nginx user and group. Change the listen variables to that:

`
sed -i 's/listen.owner = www-data/listen.owner = nginx/g' /etc/php/7.0/fpm/pool.d/www.conf
sed -i 's/listen.group = www-data/listen.group = nginx/g' /etc/php/7.0/fpm/pool.d/www.conf
`
When pairing NGINX with PHP-FPM, it’s possible to return to NGINX a .php URI that does not actually exist in the site’s directory structure. The PHP processor will process the URI, and execute the .php file, because its job is to process anything handed to it by NGINX. This of course presents a security problem.

It’s important limit what NGINX passes to PHP-FPM so malicious scripts can’t be injected into return streams to the server. Instead, the request is stopped, possibly then resulting in a 404. There are multiple ways to do this (see the NGINX wiki) but here we chose to specify the setting in PHP-FPM rather than in NGINX’s configuration.

`sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/7.0/fpm/php.ini`

You’ll notice that ;cgi.fix_pathinfo=1 is commented out by default. Setting it to 0 and uncommenting it will enforce the configuration should there be any upstream changes in the default value in the future.

Restart PHP-FPM to apply the changes:

`systemctl restart php7.0-fpm.service`

Configure the NGINX Server BlockPermalink
Again pulling from Part 1 of our NGINX series, we’ll start with a basic Server Block for a static HTTP page being served from /var/www/example.com. Replace example.com with your site’s domain or IP address, and the root directive with your site’s root directory.

`/etc/nginx/conf.d/example.com.conf

`server {
    listen         80 default_server;
    listen         [::]:80 default_server;
    server_name    example.com www.example.com;
    root           /var/www/example.com;
    index          index.html;
}
`
To the Server Block above, add a location block containing the PHP directives. You should then have:

/etc/nginx/conf.d/example.com.conf

server {
    listen         80 default_server;
    listen         [::]:80 default_server;
    server_name    example.com www.example.com;
    root           /var/www/example.com;
    index          index.html;

  location ~* \.php$ {
    fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    include         fastcgi_params;
    fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
    fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
  }
}
This is just a bare minimum to get PHP-FPM working and you will want to configure it further for your specific needs. Some further points about the configuration above:

The location ~* \.php$ means that NGINX will apply this configuration to all .php files (file names are not case sensitive) in your site’s root directory, including any subdirectories containing PHP files.
The * in the ~* \.php$ location directive indicates that PHP file names are not case sensitive. This can be removed if you prefer to enforce letter case.
The fastcgi_pass location must match the listen = value in /etc/php/7.0/fpm/pool.d/www.conf. It is preferable for performance reasons for PHP-FPM to listen on a UNIX socket instead of a TCP address. Only change this if you require PHP-FPM use network connections.
Using $document_root in the SCRIPT_FILENAME parameter instead of an absolute path is preferred by NGINX’s documentation.
Here’s a variation of the location block above. This includes an if statement which disallows the FPM to process files in the /uploads/ directory. This is a security measure which prevents people from being able to upload .php files to your server or application which the FastCGI process manager would then execute.

This only applicable if you allow users to upload or submit files to your site. Change the name of the directory from uploads to whatever suits your need.

/etc/nginx/conf.d/example.com.conf

  location ~* \.php$ {
    if ($uri !~ "^/uploads/") {
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }
    include         fastcgi_params;
    fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
    fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
  }
Reload NGINX:

nginx -s reload

答案 1 :(得分:0)

我找到了解决方案。 在我的/etc/nginx/sites-enabled/my-site.conf中有一行

upstream fastcgi_backend {
server   127.0.0.1:9000;
}

Nginx的配置没有

  

位置〜* .php $

行。

因此,您不必在每次更改php版本时都更改配置。

我的问题是我没有检查php-fpm7.0是否在套接字9000上运行。

解决方案是更改php-fpm7.2中的php.ini,使其在9000套接字上运行

相关问题
最新问题