一台云服务器Ubuntu篇：2、Apt安装Nginx+Php

Contents hide

1 安装

2 php-fpm 配置

2.1 php + php-fpm 配置优化

安装

Bash

sudo apt install nginx php-fpm # PHP-FPM（PHP FastCGI Process Manager）是 PHP 的 FastCGI 实现，用于高效管理 PHP 进程。
sudo systemctl status nginx # sudo systemctl enable nginx
sudo systemctl status php8.3-fpm

sudo apt install nginx php-fpm # PHP-FPM（PHP FastCGI Process Manager）是 PHP 的 FastCGI 实现，用于高效管理 PHP 进程。
sudo systemctl status nginx # sudo systemctl enable nginx
sudo systemctl status php8.3-fpm

注意：

sudo apt install php 会附带 apache，得到解释是php是代表php环境，而sudo apt install php8.3-cli才代表php本身。
安装php-fpm，会自动安装php8.3-cli，可查看apt输出。

The following additional packages will be installed:
  nginx-common php-common php8.3-cli php8.3-common php8.3-fpm php8.3-opcache php8.3-readline psmisc
Suggested packages:
  fcgiwrap nginx-doc ssl-cert php-pear
The following NEW packages will be installed:
  nginx nginx-common php-common php-fpm php8.3-cli php8.3-common php8.3-fpm php8.3-opcache php8.3-readline psmisc
0 upgraded, 10 newly installed, 0 to remove and 1 not upgraded.
Need to get 5726 kB of archives.
After this operation, 24.7 MB of additional disk space will be used.
Do you want to continue? [Y/n]

Bash

$ nginx -V
nginx version: nginx/1.24.0 (Ubuntu)
built with OpenSSL 3.0.13 30 Jan 2024
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -ffile-prefix-map=/build/nginx-WLuzPu/nginx-1.24.0=. -flto=auto -ffat-lto-objects -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -fdebug-prefix-map=/build/nginx-WLuzPu/nginx-1.24.0=/usr/src/nginx-1.24.0-2ubuntu7.5 -fPIC -Wdate-time -D_FORTIFY_SOURCE=3' --with-ld-opt='-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=stderr --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_secure_link_module --with-http_sub_module --with-mail_ssl_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-stream_realip_module --with-http_geoip_module=dynamic --with-http_image_filter_module=dynamic --with-http_perl_module=dynamic --with-http_xslt_module=dynamic --with-mail=dynamic --with-stream=dynamic --with-stream_geoip_module=dynamic

$ php -v
PHP 8.3.6 (cli) (built: Jul 14 2025 18:30:55) (NTS)

$ php --ini # 查看配置文件路径，注意是cli使用的配置文件，而不是php-fpm使用。
Configuration File (php.ini) Path: /etc/php/8.3/cli
Loaded Configuration File:         /etc/php/8.3/cli/php.ini
Scan for additional .ini files in: /etc/php/8.3/cli/conf.d
Additional .ini files parsed:      /etc/php/8.3/cli/conf.d/1

$ nginx -V
nginx version: nginx/1.24.0 (Ubuntu)
built with OpenSSL 3.0.13 30 Jan 2024
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -ffile-prefix-map=/build/nginx-WLuzPu/nginx-1.24.0=. -flto=auto -ffat-lto-objects -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -fdebug-prefix-map=/build/nginx-WLuzPu/nginx-1.24.0=/usr/src/nginx-1.24.0-2ubuntu7.5 -fPIC -Wdate-time -D_FORTIFY_SOURCE=3' --with-ld-opt='-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=stderr --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_secure_link_module --with-http_sub_module --with-mail_ssl_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-stream_realip_module --with-http_geoip_module=dynamic --with-http_image_filter_module=dynamic --with-http_perl_module=dynamic --with-http_xslt_module=dynamic --with-mail=dynamic --with-stream=dynamic --with-stream_geoip_module=dynamic

$ php -v
PHP 8.3.6 (cli) (built: Jul 14 2025 18:30:55) (NTS)

$ php --ini # 查看配置文件路径，注意是cli使用的配置文件，而不是php-fpm使用。
Configuration File (php.ini) Path: /etc/php/8.3/cli
Loaded Configuration File:         /etc/php/8.3/cli/php.ini
Scan for additional .ini files in: /etc/php/8.3/cli/conf.d
Additional .ini files parsed:      /etc/php/8.3/cli/conf.d/1

php-fpm 配置

主进程读取php-fpm.conf，也就是pool.d/www.conf，来创建池进程；而池进程收到请求后，应用php.ini。

主配置文件：/etc/php/8.3/fpm/php-fpm.conf
- 只有最后一行没有被注释：include=/etc/php/8.3/fpm/pool.d/*.conf
池配置文件：/etc/php/8.3/fpm/pool.d/www.conf
php.ini配置文件：/etc/php/8.3/fpm/php.ini

查看监听路径：grep -E ^listen /etc/php/8.3/fpm/pool.d/www.conf 这个路径后面nginx要使用。

INI

listen = /run/php/php8.3-fpm.sock
listen.owner = www-data
listen.group = www-data

listen = /run/php/php8.3-fpm.sock
listen.owner = www-data
listen.group = www-data

php + php-fpm 配置优化

查看php-fpm当前配置：grep -Ev '^;' /etc/php/8.3/fpm/pool.d/www.conf
编辑配置：sudo vim /etc/php/8.3/fpm/pool.d/www.conf

INI

pm = dynamic            # 三个枚举值，dynamic为动态管理，还有static（开机就启动进程）、ondemand（开机不启动，有请求时才启动进程）
pm.max_children = 5        # 为static时，开机启动多少个进程；为ondemand时，同时最多的进程数量。
pm.start_servers = 2        # dynamic下，开机启动进程数量
pm.min_spare_servers = 1    # dynamic下，最少进程数量
pm.max_spare_servers = 3    # dynamic下，最多进程数量
;pm.process_idle_timeout = 10s;    # ondemand下，进程空闲多久，会被终止。
pm.max_requests = 100        # 取消注释，发送多少个请求后会重启该线程，我们需要适当降低这个值，用以让php-fpm自动的释放内存。
request_terminate_timeout = 35;    # 取消注释，最大执行时间, 避免未被php.ini中默认max_execution_time=30约束时，在这里再次被约束。

pm = dynamic            # 三个枚举值，dynamic为动态管理，还有static（开机就启动进程）、ondemand（开机不启动，有请求时才启动进程）
pm.max_children = 5        # 为static时，开机启动多少个进程；为ondemand时，同时最多的进程数量。
pm.start_servers = 2        # dynamic下，开机启动进程数量
pm.min_spare_servers = 1    # dynamic下，最少进程数量
pm.max_spare_servers = 3    # dynamic下，最多进程数量
;pm.process_idle_timeout = 10s;    # ondemand下，进程空闲多久，会被终止。
pm.max_requests = 100        # 取消注释，发送多少个请求后会重启该线程，我们需要适当降低这个值，用以让php-fpm自动的释放内存。
request_terminate_timeout = 35;    # 取消注释，最大执行时间, 避免未被php.ini中默认max_execution_time=30约束时，在这里再次被约束。

查看php当前配置：grep -Ev '^;' /etc/php/8.3/fpm/php.ini

单个进程可使用的内存最大值限制： grep memory_limit /etc/php/8.3/fpm/php.ini，默认memory_limit = 128M

编辑配置：sudo vim /etc/php/8.3/cli/php.ini

需要重启：sudo systemctl restart php8.3-fpm

nginx 配置

准备root目录

Bash

sudo mkdir -p /www/html
sudo cp /var/www/html/index.nginx-debian.html /www/html/

sudo mkdir -p /www/html
sudo cp /var/www/html/index.nginx-debian.html /www/html/

主配置文件

grep -Ev '^$|^\s*#' /etc/nginx/nginx.conf

worker_processes auto;网上说的：nginx工作进程数量，与逻辑CPU数量相同；可以CPU的整数倍数，但不能小于，避免多个核心切换时会带来不必要的开销。

Nginx

user www-data;
worker_processes auto;
pid /run/nginx.pid;
error_log /var/log/nginx/error.log;
......
        # Logging Settings
        access_log /var/log/nginx/access.log;

        # Gzip Settings
        gzip on;
        gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        # Virtual Host Configs
        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}

user www-data;
worker_processes auto;
pid /run/nginx.pid;
error_log /var/log/nginx/error.log;
......
        # Logging Settings
        access_log /var/log/nginx/access.log;

        # Gzip Settings
        gzip on;
        gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        # Virtual Host Configs
        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}

默认站点配置文件

grep -Ev '^$|^\s*#' /etc/nginx/sites-enabled/default -> /etc/nginx/sites-available/default

Nginx

server {
        listen 80 default_server;
        listen [::]:80 default_server;
        root /www/html; # 改为实际目录
        index index.html index.nginx-debian.html; # 改为实际首页
        server_name _;

        location / {
                try_files $uri $uri/ =404;
        }

        # pass PHP scripts to FastCGI server
        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php8.3-fpm.sock; # 要改成php-fpm监听的路径。
        }

server {
        listen 80 default_server;
        listen [::]:80 default_server;
        root /www/html; # 改为实际目录
        index index.html index.nginx-debian.html; # 改为实际首页
        server_name _;

        location / {
                try_files $uri $uri/ =404;
        }

        # pass PHP scripts to FastCGI server
        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php8.3-fpm.sock; # 要改成php-fpm监听的路径。
        }

/www/html目录的权限要求：user www-data;需要可读取，可写由网站应用决定是否需要。/www/html/info.php文件内容如下：

<?php
    phpinfo();
?>

配置生效

Bash

$ sudo nginx -t && sudo nginx -s reload
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
2025/10/23 22:01:28 [notice] 74465#74465: signal process started

$ sudo nginx -t && sudo nginx -s reload
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
2025/10/23 22:01:28 [notice] 74465#74465: signal process started

验证

访问 blog.t725.cn/info.php 成功后，记得删除info.php文件。

多用户的公共可写的目录

比如pem文件下载

Bash

UN=pubFiles
DIR=/data/downloads
sudo useradd $UN
sudo usermod $UN -L # 锁定用户
sudo mkdir $DIR
sudo chown -R $UN:$UN $DIR
sudo chmod -R u=rwx,g=rwx,o=r $DIR
gpasswd -a root,lat,std,www-data,mysql $UN
grep ^$UN /etc/group

UN=pubFiles
DIR=/data/downloads
sudo useradd $UN
sudo usermod $UN -L # 锁定用户
sudo mkdir $DIR
sudo chown -R $UN:$UN $DIR
sudo chmod -R u=rwx,g=rwx,o=r $DIR
gpasswd -a root,lat,std,www-data,mysql $UN
grep ^$UN /etc/group

/etc/nginx/sites-enabled/default

Nginx

root /var/www/html
index index.html index.htm index.nginx-debian.html;
        location ^~ /dl/ {
            alias /data/downloads/;
            try_files $uri $uri/ =404;
        }

root /var/www/html
index index.html index.htm index.nginx-debian.html;
        location ^~ /dl/ {
            alias /data/downloads/;
            try_files $uri $uri/ =404;
        }

一台云服务器Ubuntu篇：2、Apt安装Nginx+Php

安装

php-fpm 配置

php + php-fpm 配置优化

nginx 配置

主配置文件

默认站点配置文件

配置生效

验证

多用户的公共可写的目录

发表回复 取消回复

发表回复取消回复