江苏龙网

  1. 主页 > 生活百科 > >

PHP+NGINX服务器性能安全优化

服务器

本文适用于 php7.4+Nginx环境 , 适用于运行 wordPress/ target=_blank class=infotextkey>WordPress 环境
一、更新服务器sudo apt update二、命令快捷缩写设置通过ssh登录服务器 , 在用户目录下执行以下命令
sudo nano .bashrcalias ngt='sudo nginx -t'alias ngr='sudo systemctl reload nginx'alias fpmr='sudo systemctl reload php7.4-fpm'alias rr='sudo systemctl restart redis'alias mdr='sudo systemctl restart mariadb'alias rb='sudo reboot'alias fup='sudo apt-get -y update;sudo apt-get -y full-upgrade;sudo apt-get -y autoremove; sudo apt-get -y autoclean'按CTRL+S保存, CTRL+X退出
执行
source .bashrc重启服务器使简化命令生效
后面要重启 nginx 或者 重载 nginx 只需要执行 ngt 或者 ngr 即可!
三、设置 nginx.conf通常位于 /etc/nginx 目录下
# HTTP Header Server Delete for information leakload_module modules/ngx_http_headers_more_filter_module.so;# Run as a unique, less privileged user for security reasons.# Default: nobody nobodyuser www-data www-data;# Sets the worker threads to the number of CPU cores available in the system for best performance.# Should be > the number of CPU cores.# Maximum number of connections = worker_processes * worker_connections# Default: 1worker_processes auto;# Maximum number of open files per worker process.# Should be > worker_connections.# Default: no limitworker_rlimit_nofile 15000;events { # If you need more connections than this, you start optimizing your OS. # That's probably the point at which you hire people who are smarter than you as this is *a lot* of requests. # Should be < worker_rlimit_nofile. # Default: 512 worker_connections 4096;multi_accept on;use epoll;}# Log errors to this file# This is only used when you don't override it on a server{} level# Default: logs/error.log errorerror_log /var/log/nginx/error.log error;# The file storing the process ID of the main process# Default: nginx.pidpid/var/run/nginx.pid;http { # Basic Settings server_tokens off; more_clear_headers 'Server'; server_names_hash_bucket_size 64; # Webp Map Directives map $http_accept $webp_suffix {default "";"~*webp" ".webp"; } # Specify MIME types for files. includemime.types; # Rate Limit limit_req_zone $binary_remote_addr zone=one:10m rate=30r/m;# Default: text/plain default_typeApplication/octet-stream; # Update charset_types to match updated mime.types. # text/html is always included by charset module. # Default: text/html text/xml text/plain text/vnd.wap.wml application/JAVAscript application/rss+xml charset_typestext/csstext/plaintext/vnd.wap.wmlapplication/JavaScriptapplication/jsonapplication/rss+xmlapplication/xml;# Include $http_x_forwarded_for within default format used in log fileslog_format main '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"'; # Log access to this file # This is only used when you don't override it on a server{} level # Default: logs/access.log combined# access_log /var/log/nginx/access.log main; access_log none; # How long to allow each connection to stay idle. # Longer values are better for each individual client, particularly for SSL, # but means that worker connections are tied up longer. # Default: 75s keepalive_timeout 100s;keepalive_requests 1000; # Timeout for reading client request body. # Default: 60s client_body_timeout 3m; # Timeout for reading client request header. # Default: 60s client_header_timeout 3m; # Timeout for transmitting reponse to client. # Default: 60s send_timeout 3m; # Set the maximum allowed size of client request body. This should be set # to the value of files sizes you wish to upload to the server. # You may also need to change the values `upload_max_filesize` and `post_max_size` within # your php.ini for the changes to apply. # Default: 1mB client_max_body_size 64m; client_body_buffer_size 10k; client_header_buffer_size 1k; large_client_header_buffers 4 32k; # Some WP plugins that push large amounts of data via cookies # can cause 500 HTTP erros if these values aren't increased. # Default: 8 4k|8k; fastcgi_buffers 16 16k;# Default: 4k|8k fastcgi_buffer_size 32k;# Some other Fastcgi configs fastcgi_busy_buffers_size 64k; fastcgi_temp_file_write_size 64k; fastcgi_read_timeout 300;# File Handler Cache open_file_cache max=1500 inactive=30s; open_file_cache_valid 30s; open_file_cache_min_uses 5; open_file_cache_errors off;# Speed up file transfers by using sendfile() to copy directly # between descriptors rather than using read()/write(). # For performance reasons, on FreeBSD systems w/ ZFS # this option should be disabled as ZFS's ARC caches # frequently used files in RAM by default. # Default: off sendfileon; # Don't send out partial frames; this increases throughput # since TCP frames are filled up before being sent out. # Default: off tcp_nopushon; # Enable gzip compression. # Default: off gzip on; gzip_disable "msie6"; gzip_buffers 16 8k; gzip_http_version 1.1; # Compression level (1-9). # 5 is a perfect compromise between size and CPU usage, offering about # 75% reduction for most ASCII files (almost identical to level 9). # Default: 1 gzip_comp_level5; # Don't compress anything that's already small and unlikely to shrink much # if at all (the default is 20 bytes, which is bad as that usually leads to # larger files after gzipping). # Default: 20 gzip_min_length256; # Compress data even for clients that are connecting to us via proxies, # identified by the "Via" header (required for CloudFront). # Default: off gzip_proxiedany; # Tell proxies to cache both the gzipped and regular version of a resource # whenever the client's Accept-Encoding capabilities header varies; # Avoids the issue where a non-gzip capable client (which is extremely rare # today) would display gibberish if their proxy gave them the gzipped version. # Default: off gzip_varyon; # Compress all output labeled with one of the following MIME-types. # text/html is always compressed by gzip module. # Default: text/html gzip_typesapplication/atom+xmlapplication/javascriptapplication/jsonapplication/ld+jsonapplication/manifest+jsonapplication/rss+xmlapplication/vnd.geo+jsonapplication/vnd.ms-fontobjectapplication/x-font-ttfapplication/x-web-app-manifest+jsonapplication/xhtml+xmlapplication/xmlfont/opentypeimage/bmpimage/svg+xmlimage/x-icontext/cache-manifesttext/csstext/plaintext/vcardtext/vnd.rim.location.xloctext/vtttext/x-componenttext/x-cross-domain-policy; # This should be turned on if you are going to have pre-compressed copies (.gz) of # static files available. If not it should be left off as it will cause extra I/O # for the check. It is best if you enable this in a location{} block for # a specific directory, or on an individual server{} level. # gzip_static on; # Include files in the sites-enabled folder. server{} configuration files should be # placed in the sites-available folder, and then the configuration should be enabled # by creating a symlink to it in the sites-enabled folder. # See doc/sites-enabled.md for more info. include sites-enabled/*;}


推荐阅读


上一篇:什么是RPC?什么是Restful?它们有什么区别?

下一篇:微软发布最新服务器操作系统Windows Server 2022 RTM,可下载体验