本人博客:使用Nginx代替Openwrt中的uhttpd,并支持php
在之前介绍过Openwrt部署typecho博客:Openert部署typecho博客,用的是默认的uhttpd,挺方便小巧;但是也有不足,就是性能很差,兼容性也不好,于是就萌生了使用Nginx代替uhttpd的想法。
于是需求就很明确了:
1.用Nginx实现Openwrt原本的uci界面
2.用Nginx实现Openwrt实现Typecho的php页面 现在Nginx已经集成在opkg源了,可以直接安装,安装之前先将uhttpd停用一下 - /etc/init.d/uhttpd stop && /etc/init.d/uhttpd disable
也将之前uhttpd使用的php8-fastcgi停用一下 - /etc/init.d/php8-fastcgi stop && /etc/init.d/php8-fastcgi disable
- #并将/etc/config/php8-fastcgi里面的option enabled 1改成option enabled 0
停用完之后,安装Nginx涉及的包,如下: - uwsgi
- uwsgi-syslog-plugin
- uwsgi-cgi-plugin
- uwsgi-luci-support
- nginx-util
- nginx-ssl-util
- nginx-ssl
- nginx
- nginx-mod-luci
- libopenssl-conf
- openssl-util
- nginx-mod-luci-ssl
- luci-ssl-nginx
- php8-fastcgi
- php8-fpm
由于Nginx默认是不支持uci的,所以需要用uwsgi作为转发
装好之后,直接就可以访问Openwrt的uci界面了,接着就是折腾php这一块
1.先修改/etc/php8-fpm.d/www.conf,将chdir = / 改成 chdir = /www (注意/www是Typecho目录,这个看实际情况)
2.建立/etc/nginx/fastcgi_params文件,并放入以下内容 - fastcgi_param QUERY_STRING $query_string;
- fastcgi_param REQUEST_METHOD $request_method;
- fastcgi_param CONTENT_TYPE $content_type;
- fastcgi_param CONTENT_LENGTH $content_length;
- fastcgi_param SCRIPT_NAME $fastcgi_script_name;
- fastcgi_param REQUEST_URI $request_uri;
- fastcgi_param DOCUMENT_URI $document_uri;
- fastcgi_param DOCUMENT_ROOT $document_root;
- fastcgi_param SERVER_PROTOCOL $server_protocol;
- fastcgi_param HTTPS $https if_not_empty;
- fastcgi_param REQUEST_SCHEME $scheme;
- fastcgi_param PATH_INFO $fastcgi_path_info;
- fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_param GATEWAY_INTERFACE CGI/1.1;
- fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
- fastcgi_param REMOTE_ADDR $remote_addr;
- fastcgi_param REMOTE_PORT $remote_port;
- fastcgi_param SERVER_ADDR $server_addr;
- fastcgi_param SERVER_PORT $server_port;
- fastcgi_param SERVER_NAME $server_name;
- # PHP only, required if PHP was built with --enable-force-cgi-redirect
- fastcgi_param REDIRECT_STATUS 200;
3.新建/etc/nginx/conf.d/php.locations文件,并放入以下内容 - location ~ [^/]\.php(/|$) {
- fastcgi_split_path_info ^(.+?\.php)(/.*)$;
- if (!-f $document_root$fastcgi_script_name) {
- return 404;
- }
- # Mitigate https://httpoxy.org/ vulnerabilities
- fastcgi_param HTTP_PROXY "";
- #error_log /dev/null;
- fastcgi_connect_timeout 300s;
- fastcgi_read_timeout 300s;
- fastcgi_send_timeout 300s;
- fastcgi_buffer_size 32k;
- fastcgi_buffers 4 32k;
- fastcgi_busy_buffers_size 32k;
- fastcgi_temp_file_write_size 32k;
- client_body_timeout 10s;
- send_timeout 60s; # default, increase if experiencing a lot of timeouts.
- output_buffers 1 32k;
- fastcgi_index index.php;
- #fastcgi_pass 127.0.0.1:1026;
- fastcgi_pass unix:/var/run/php8-fpm.sock;
- # include the fastcgi_param setting
- include fastcgi_params;
- # SCRIPT_FILENAME parameter is used for PHP FPM determining
- # the script name. If it is not set in fastcgi_params file,
- # i.e. /etc/nginx/fastcgi_params or in the parent contexts,
- # please comment off following line:
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- }
- location = /blog/ {
- fastcgi_split_path_info ^(.+?\.php)(/.*)$;
- if (!-f $document_root$fastcgi_script_name) {
- return 404;
- }
- # Mitigate https://httpoxy.org/ vulnerabilities
- fastcgi_param HTTP_PROXY "";
- #error_log /dev/null;
- fastcgi_connect_timeout 300s;
- fastcgi_read_timeout 300s;
- fastcgi_send_timeout 300s;
- fastcgi_buffer_size 32k;
- fastcgi_buffers 4 32k;
- fastcgi_busy_buffers_size 32k;
- fastcgi_temp_file_write_size 32k;
- client_body_timeout 10s;
- send_timeout 60s; # default, increase if experiencing a lot of timeouts.
- output_buffers 1 32k;
- fastcgi_index index.php;
- index index.php;
- #fastcgi_pass 127.0.0.1:1026;
- fastcgi_pass unix:/var/run/php8-fpm.sock;
- # include the fastcgi_param setting
- include fastcgi_params;
- # SCRIPT_FILENAME parameter is used for PHP FPM determining
- # the script name. If it is not set in fastcgi_params file,
- # i.e. /etc/nginx/fastcgi_params or in the parent contexts,
- # please comment off following line:
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- }
- location = /blog/admin/ {
- fastcgi_split_path_info ^(.+?\.php)(/.*)$;
- if (!-f $document_root$fastcgi_script_name) {
- return 404;
- }
- # Mitigate https://httpoxy.org/ vulnerabilities
- fastcgi_param HTTP_PROXY "";
- #error_log /dev/null;
- fastcgi_connect_timeout 300s;
- fastcgi_read_timeout 300s;
- fastcgi_send_timeout 300s;
- fastcgi_buffer_size 32k;
- fastcgi_buffers 4 32k;
- fastcgi_busy_buffers_size 32k;
- fastcgi_temp_file_write_size 32k;
- client_body_timeout 10s;
- send_timeout 60s; # default, increase if experiencing a lot of timeouts.
- output_buffers 1 32k;
- fastcgi_index index.php;
- index index.php;
- #fastcgi_pass 127.0.0.1:1026;
- fastcgi_pass unix:/var/run/php8-fpm.sock;
- # include the fastcgi_param setting
- include fastcgi_params;
- # SCRIPT_FILENAME parameter is used for PHP FPM determining
- # the script name. If it is not set in fastcgi_params file,
- # i.e. /etc/nginx/fastcgi_params or in the parent contexts,
- # please comment off following line:
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- }
此处解释一下,location ~ [^/].php(/|$)项是为了手动输入/www下多层目录的php文件,location = /blog/项是为了输入域名/blog后默认打开/blog下的index.php,location = /blog/admin项也是雷同
3.修改/etc/config/nginx文件,下面是我的配置,仅供参考 - config main global
- option uci_enable 'true'
- config server '_lan'
- #list listen '433 ssl default_server'
- #list listen '[::]:433 ssl default_server'
- option server_name '_lan'
- list include 'restrict_locally'
- list include 'conf.d/*.locations'
- option uci_manage_ssl 'self-signed'
- option ssl_certificate '/etc/nginx/conf.d/_lan.crt'
- option ssl_certificate_key '/etc/nginx/conf.d/_lan.key'
- option ssl_session_cache 'shared:SSL:32k'
- option ssl_session_timeout '64m'
- option access_log 'off; # logd openwrt'
- config server '_redirect2ssl'
- list listen '80'
- list listen '[::]:80'
- option server_name '_redirect2ssl'
- option return '302 https://$host$request_uri'
- config server '_redirect2ssl'
- list listen '90'
- list listen '[::]:90'
- option server_name '_redirect2ssl'
- option return '302 https://$host:433$request_uri'
解释:由于Openwrt的nginx启动脚本强制从/etc/config/nginx加载后转化成/var/lib/nginx/uci.conf,无法更改太多东西,所以/etc/config/nginx仅改一下端口、强制http转https,因为运营商默认屏蔽80\443端口,只能改其他端口
4.新建/etc/nginx/conf.d/new.conf,并放入以下内容: - server { #see uci show 'nginx._lan'
- listen 433 ssl default_server;
- listen [::]:433 ssl default_server;
- server_name wangyougx_com;
- include restrict_locally;
- include conf.d/*.locations;
- ssl_certificate /etc/nginx/conf.d/wangyougx_com.crt;
- ssl_certificate_key /etc/nginx/conf.d/wangyougx_com.key;
- ssl_session_timeout 10m;
- ssl_protocols TLSv1.2 TLSv1.3;
- ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
- ssl_prefer_server_ciphers on;
- include mime.types;
- }
解释:如果你的域名已有证书,就填入,切记不要试图修改Nginx默认的_lan.crt!没用的; 操作到这里,基本算完成了,接下来重启以下服务: - /etc/init.d/uwsgi restart
- /etc/init.d/php8-fpm restart
- /etc/init.d/nginx restart
附加建议:
1.建议将/etc/uwsgi/emperor.ini 内的vassal-set项目改成vassal-set = die-on-idle=false(进程不休眠重启)
2.通过logread命令查看日志,会发现提示/www/favicon.ico文件不存在,这个是网页标签图标,可不理会,也可以找个喜欢的图标放进去即可。 一些细节不清楚可以参考以下文章,很多内容都是参考他们的成果,感激感激
请不要胡乱输入以及粘贴、复制等方式灌水
请尊重作者、并共同维护网站的正常阅读,否则账户将会被限制发帖、回帖,并且积分可能会被清零,站内短信以及阅读权限等都会受到影响,谢谢。
具体限制方式:https://www.right.com.cn/forum/thread-8307840-1-1.html
| 
/1 
简体中文
繁體中文
English
日本語
Deutsch
한국 사람
بالعربية
TÜRKÇE
português
คนไทย
IP卡
狗仔卡
发表于 2023-3-8 10:24
置顶卡
沉默卡
喧嚣卡
顶贴卡
显身卡