Ubuntu

Nginx(Ubuntu 18.04)FastCGI 在標準錯誤中發送:“主要腳本未知”,同時從上游讀取響應標頭

  • July 31, 2020

嗯…我知道有很多類似的問題被問到。但是為了使這篇文章在解決後對社區有所幫助,我想列出一個適用於 Wordpress 的 Nginx + PHP-fpm conf 文件。但截至目前它不起作用,他他。

因為這是我第二次處理 Nginx(第一次設置接近預設設置)配置,所以恐怕我無法在沒有幫助的情況下處理故障排除。我要做的是使用 FastCGI 記憶體設置 Nginx,以便踢 Wordpress 的屁股,使其執行得更快。安裝 nginx 後,就可以在定址時顯示預設的問候語 html 頁面http://vps_ip_adress。我想這意味著網路和基本設置很好。然後我安裝了 php7.4-fpm 並調整了一些 nginx 配置以啟用 FastCGI 記憶體以進行進一步的 Wordpress 安裝。出於測試目的,我將包含info.php文件<?php phpinfo(); ?>放入父親根目錄 /var/www/html/mysitename/info.php。現在我得到FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream在 nginx 錯誤日誌中。我已經讀過這意味著 php-fpm 無法找到腳本,很可能是由於 nginx 配置中的腳本名稱錯誤。不幸的是,我沒有使用 nginx,我找不到錯誤。

作為參考,我使用了在網際網路上找到的 nginx 配置(是的……我知道,在網際網路上發現的東西有問題 - 它永遠不會工作,他)。萬一在有人的幫助下,我會在這里工作,將列出 Nginx+PHP-fpm 設置與 FAstCGI 記憶體,我猜這是非常需要的。任何有關如何為 Wordpress 優化 nginx+php-fpm 配置的建議都將不勝感激。

配置清單

/etc/nginx/nginx.conf

user www-data;
worker_processes 2;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
       worker_connections 768;
       multi_accept on;
}

http {

       #FastCGI cache settings
       fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=WORDPRESS:100m max_size=4g inactive=60m use_temp_path=off;
       fastcgi_cache_key "$scheme$request_method$host$request_uri";
       #
       fastcgi_buffers 8 16k;
       fastcgi_buffer_size 32k;
       fastcgi_connect_timeout 300;
       fastcgi_send_timeout 300;
       fastcgi_read_timeout 300;
       ##
       # Basic Settings
       ##

       sendfile on;
       tcp_nopush on;
       tcp_nodelay on;
       keepalive_timeout 15;
       types_hash_max_size 2048;
       server_tokens off;
       client_max_body_size 64m;
       # server_names_hash_bucket_size 64;
       # server_name_in_redirect off;

       include /etc/nginx/mime.types;
       default_type application/octet-stream;

       ##
       # SSL Settings
       ##

       ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
       ssl_prefer_server_ciphers on;

       ##
       # Logging Settings
       ##

       access_log /var/log/nginx/access.log;
       error_log /var/log/nginx/error.log;

       ##
       # Gzip Settings
       ##

       gzip on;

       # gzip_vary on;
       gzip_proxied any;
       gzip_comp_level 2;
       # gzip_buffers 16 8k;
       # gzip_http_version 1.1;
       gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

       ##
       # Virtual Host Configs
       ##

       include /etc/nginx/conf.d/*.conf;
       include /etc/nginx/sites-enabled/*;

       server {
               listen 80 default_server;
               listen [::]:80 default_server;
               server_name _;
               return 444;
              }

}

/etc/nginx/fastcgi.conf

fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REQUEST_SCHEME     $scheme;
fastcgi_param  HTTPS              $https if_not_empty;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

/etc/nginx/site-enabled/mysitename.conf

server {
       # As DNS records are not well set up, I'm suing IP adress. To be replaced with domain name 
       server_name xxx.xxx.xxx.xxx;

       access_log   /var/log/nginx/mysitename.access.log;
       error_log    /var/log/nginx/mysitename.error.log;

       root /var/www/mysitename;
       index index.php;
#
       set $skip_cache 0;
#

       # POST requests and urls with a query string should always go to PHP
       if ($request_method = POST) {
               set $skip_cache 1;
       }
       if ($query_string != "") {
               set $skip_cache 1;
       }

       # Don't cache uris containing the following segments
       if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
               set $skip_cache 1;
       }

       # Don't use the cache for logged in users or recent commenters
       if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
               set $skip_cache 1;
       }

       #Don't chache for store, cart,my account, checkout pages
       if ($request_uri ~* "/store.*|/cart.*|/my-account.*|/checkout.*|/addons.*") {
        set $skip_cache 1;
       }

       #Skip cache for WooCommerce query string
       if ( $arg_add-to-cart != "" ) {
         set $skip_cache 1;
       }


       location / {
               try_files $uri $uri/ /index.php?$args;
       }

       location ~ \.php$ {

                         fastcgi_split_path_info ^(.+\.php)(/.+)$;
                         fastcgi_pass 127.0.0.1:9000;
                         fastcgi_index index.php;
                         include fastcgi_params;

                         set $rt_session "";

       if ($http_cookie ~* "wc_session_cookie_[^=]*=([^%]+)%7C") {
                   set $rt_session wc_session_cookie_$1;
           }

       if ($skip_cache = 0 ) {
           more_clear_headers "Set-Cookie*";
           set $rt_session "";
           }

           fastcgi_cache_key "$scheme$request_method$host$request_uri$rt_session";

           fastcgi_cache WORDPRESS;
           fastcgi_cache_valid 200 301 302 60m;
           fastcgi_cache_use_stale error timeout updating invalid_header http_500 http_503;
           fastcgi_cache_min_uses 1;
           fastcgi_cache_lock on;
           add_header X-FastCGI-Cache $upstream_cache_status;
           fastcgi_cache_bypass $http_cookie $cookie_nocache $skip_cache;
           fastcgi_no_cache $http_cookie ~* "comment_author_|wordpress_(?!test_cookie)|wp-postpass_" $skip_cache;

           fastcgi_cache_background_update on;

       }

       location ~ /purge(/.*) {
           fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1";
       }

       location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
               access_log off; log_not_found off; expires max;
       }

       location = /robots.txt { access_log off; log_not_found off; }
       location ~ /\. { deny  all; access_log off; log_not_found off; }
}

/etc/php/7.4/fpm/pool.d/www.conf 該文件的一些亮點(它很長……)

user = www-data
group = www-data
listen = 127.0.0.1:9000
listen.owner = www-data
listen.group = www-data
listen.mode = 0660

你能幫我解決問題嗎?

最後我使它與以下設置一起工作……這是適合我的配置。

先決條件。重要!

  • VPS 配置:Ubuntu 18.04,Nginx + Php7.4-fpm + MariaDB + PHPMyAdmin。如果你有相同的包,隨意複製粘貼conf列表,他他
  • 在 Google Cloud 實例、Amazon EC2 和 Scaleway 上進行了測試。在 scaleway 的情況下 - 需要進行一些調整(例如預設情況下非 root 使用者無法sudo在 Ubuntu 18.04 實例上執行命令等)
  • 如果您使用不同於 7.4 PHP-fpm ver 的版本,請確保在配置中反映這一點
  • 這適用於使用 Letsencrypt SSL 的單站點配置(有許多關於如何使用 CertBot 設置 Letsencrypt SSL 的不錯的書面結構)
  • 順便說一句,如果您使用 Cloudflare,您可能會遇到重定向循環ERRTOOMANY_REDIRECTS確保在 Cloudflare 端也配置 SSL。

歡迎指正

/etc/nginx/nginx.conf

user www-data;
# Check how many CPU cores do you have. There are 2 virtual cores are available on my VPS 
worker_processes 2;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
       worker_connections 768;
       multi_accept on;
}

http {

       #FastCGI cache settings
       fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=WORDPRESS:100m max_size=4g inactive=60m use_temp_path=off;
       fastcgi_cache_key "$scheme$request_method$host$request_uri";
       #
       fastcgi_buffers 8 16k;
       fastcgi_buffer_size 32k;
       fastcgi_connect_timeout 300;
       fastcgi_send_timeout 300;
       fastcgi_read_timeout 300;
       
       fastcgi_cache_background_update on;
       ##
       # Basic Settings
       ##

       sendfile on;
       tcp_nopush on;
       tcp_nodelay on;
       keepalive_timeout 15;
       types_hash_max_size 2048;
       server_tokens off;
       client_max_body_size 64m;
       # server_names_hash_bucket_size 64;
       # server_name_in_redirect off;

       include /etc/nginx/mime.types;
       default_type application/octet-stream;

       ##
       # SSL Settings
       ##
       ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
       ssl_prefer_server_ciphers on;

       ##
       # Logging Settings
       ##

       access_log /var/log/nginx/access.log;
       error_log /var/log/nginx/error.log;

       ##
       # Gzip Settings
       ##

       gzip on;

       # gzip_vary on;
       gzip_proxied any;
       gzip_comp_level 2;
       # gzip_buffers 16 8k;
       # gzip_http_version 1.1;
       gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

       # DoS Protection set zone
       # limit_req_zone $binary_remote_addr zone=one:10m rate=3r/s;

       ##
       # Virtual Host Configs
       ##

       include /etc/nginx/conf.d/*.conf;
       include /etc/nginx/sites-enabled/*;

}

/etc/nginx/site-enabled/mysitename.conf

server {
#~~~forward to HTTPS~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
   listen 80 default_server;
   listen [::]:80 default_server;
   server_name mysitename.com www.mysitename.com;

   return 301 https://$host$request_uri;
   access_log   /var/log/nginx/mysitename_http.access.log;
   error_log    /var/log/nginx/mysitename_http.error.log;
   # error_log off;
   # access_log off;
}

server {
#~~~HTTPS server settings~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#~~~BASIC settings~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
   listen 443 ssl http2 default_server;
   listen [::]:443 ssl http2 default_server;
   server_name mysitename.com mysitename.com;
   root /var/www/html/mysitename.com;
   index index.php;
   access_log   /var/log/nginx/mysitename_https.access.log;
   error_log    /var/log/nginx/mysitename_https.error.log;
   # error_log off;
   # access_log off;
   
#~~~SSL settings~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
   ssl on; 
   #~~~Certbot managed part~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   ssl_certificate /etc/letsencrypt/live/mysitename.com/fullchain.pem; # managed by Certbot
   ssl_certificate_key //etc/letsencrypt/live/mysitename.com/privkey.pem; # managed by Certbot
   include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
   ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
   ssl_session_tickets off;
   #~~~Certbot managed part END~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   
   # HSTS (ngx_http_headers_module is required) (31536000 seconds = 1 year)
   add_header Strict-Transport-Security "max-age=31536000" always;

   # OCSP stapling
   ssl_stapling on;
   ssl_stapling_verify on;

   # verify chain of trust of OCSP response using Root CA and Intermediate certs
   # ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;

   # replace with the IP address of your resolver???
   # resolver 127.0.0.1;
   
   add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report";
#~~~SSL settings END~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     

#~~~Caching rules~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
      # Enable caching
      set $skip_cache 0;
       
       #~~~Skip caching rules~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
       # POST requests and urls with a query string should always go to PHP
       if ($request_method = POST) {
               set $skip_cache 1;
       }
       if ($query_string != "") {
               set $skip_cache 1;
       }

       # Don't cache uris containing the following segments
       if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
               set $skip_cache 1;
       }

       # Don't use the cache for logged in users or recent commenters
       if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
                 set $skip_cache 1;
       }

       #Don't chache for store/cart/my account/checkout pages
       if ($request_uri ~* "/store.*|/cart.*|/my-account.*|/checkout.*|/addons.*") {
        set $skip_cache 1;
       }

       #Skip cache for WooCommerce query string
       if ( $arg_add-to-cart != "" ) {
         set $skip_cache 1;
       }
#~~~Caching rules END~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#~~~Locations ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
       # Use cached or actual file if they exists, Otherwise pass request to WordPress
       location / {try_files $uri $uri/ /index.php?$args;}

       location ~ \.php$ {
#                          try_files $uri =404;
                         fastcgi_split_path_info ^(.+\.php)(/.+)$;
                         fastcgi_pass 127.0.0.1:9000;
                         fastcgi_index index.php;
#                          include fastcgi_params;

                         
####################
set $rt_session "";

       if ($http_cookie ~* "wc_session_cookie_[^=]*=([^%]+)%7C") {
               set $rt_session wc_session_cookie_$1;
       }

       if ($skip_cache = 0 ) {
               more_clear_headers "Set-Cookie*";
               set $rt_session "";
       }

       fastcgi_cache_key "$scheme$request_method$host$request_uri$rt_session";

       try_files $uri =404;


       include fastcgi_params;

       fastcgi_cache_bypass $skip_cache;
       fastcgi_no_cache $skip_cache;

       fastcgi_cache WORDPRESS;
       
       }

       location ~ /purge(/.*) {
           fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1";
       }

       location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
               access_log off; log_not_found off; expires max;
       }

       location = /robots.txt { access_log off; log_not_found off; }
       
       location ~ /\. { deny  all; access_log off; log_not_found off; }

       # PHPMyAdmin access protection - please google of how to protect access to PHPMyAdmin. Some preliminary steps are required      
       location /customPHPmyadmin_path {
                       auth_basic "Admin Login";
                       auth_basic_user_file /etc/nginx/pma_pass;
       }

               
}

引用自:https://serverfault.com/questions/1025831