bash
# 编辑/etc/sysctl.conf
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_keepalive_time = 300
fs.file-max = 65535
执行 sysctl -p 使配置生效bash
groupadd web
useradd -g web -d /var/www -s /sbin/nologin webuser# Ubuntu/Debian
sudo apt update
sudo apt install nginx
# CentOS/RHEL
sudo yum install epel-release
sudo yum install nginx
编辑 /etc/nginx/nginx.conf:
user webuser web;
worker_processes auto; # 自动根据CPU核心数设置
worker_rlimit_nofile 100000;
events {
worker_connections 4096; # 每个worker进程的最大连接数
multi_accept on;
use epoll;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
# 开启Gzip压缩
gzip on;
gzip_min_length 1k;
gzip_comp_level 2;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
# 静态资源缓存
open_file_cache max=100000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
创建 /etc/nginx/conf.d/example.com.conf:
server {
listen 80;
server_name example.com www.example.com;
root /var/www/example.com/public;
index index.php index.html index.htm;
access_log /var/log/nginx/example.com.access.log;
error_log /var/log/nginx/example.com.error.log;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js|woff|woff2|ttf|svg)$ {
expires 365d;
add_header Cache-Control "public, no-transform";
}
location ~ /\.ht {
deny all;
}
}
# Ubuntu/Debian (以PHP8.1为例)
sudo apt install php8.1-fpm php8.1-cli php8.1-mysql php8.1-curl php8.1-gd php8.1-mbstring php8.1-xml php8.1-zip php8.1-opcache
# CentOS/RHEL
sudo yum install php-fpm php-cli php-mysqlnd php-curl php-gd php-mbstring php-xml php-zip php-opcache
编辑 /etc/php/8.1/fpm/php-fpm.conf:
[global]
pid = /run/php/php8.1-fpm.pid
error_log = /var/log/php8.1-fpm.log
emergency_restart_threshold = 10
emergency_restart_interval = 1m
process_control_timeout = 10s
编辑 /etc/php/8.1/fpm/pool.d/www.conf:
[www]
user = webuser
group = web
listen = /run/php/php8.1-fpm.sock
listen.owner = webuser
listen.group = web
listen.mode = 0660
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 10
pm.max_requests = 500
slowlog = /var/log/php-fpm/www-slow.log
request_slowlog_timeout = 5s
request_terminate_timeout = 30s
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
编辑 /etc/php/8.1/fpm/php.ini:
memory_limit = 128M
max_execution_time = 30
upload_max_filesize = 16M
post_max_size = 18M
opcache.enable=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=4000
opcache.revalidate_freq=60
opcache.fast_shutdown=1
opcache.enable_cli=0
# 启用防火墙
sudo ufw enable
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo chown -R webuser:web /var/www
sudo find /var/www -type d -exec chmod 750 {} \;
sudo find /var/www -type f -exec chmod 640 {} \;
在 /etc/php/8.1/fpm/php.ini 中添加:
disable_functions = exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source
sudo apt install htop nmon sysstat
编辑 /etc/logrotate.d/nginx:
/var/log/nginx/*.log {
daily
missingok
rotate 14
compress
delaycompress
notifempty
create 0640 www-data adm
sharedscripts
postrotate
/usr/sbin/nginx -t && /usr/sbin/nginx -s reload
endscript
}
创建 /etc/cron.d/nginx-restart:
0 3 * * * root /usr/sbin/service nginx restart
listen 443 ssl http2;通过以上配置,您将获得一个高性能、安全的Linux+Nginx+PHP Web服务器环境。根据实际负载情况,可以进一步调整worker进程数、PHP-FPM进程数等参数以达到最佳性能。