將php7.0升級到php7.2

Question

我已成功升級我的ubuntu服務器從php7.0到php7.2我正在使用帶有php-fpm的Nginx。 雖然php -v輸出是：

PHP 7.2.11-4 + ubuntu16.04.1 + deb.sury.org + 1（cli）（內置：2018年11月4日05:10:57）（NTS）版權所有（c）1997-2018 PHP Group Zend Engine v3。 2.0版權所有（c）1998-2018 Zend Technologies的ionCube PHP Loader（啟用）+入侵防護來自ioncube24.com（未配置）v10.2.5，版權所有（c）2002-2018，by ionCube Ltd.和Zend OPcache v7。 Zend Technologies的2.11-4 + ubuntu16.04.1 + deb.sury.org + 1，版權所有（c）1999-2018

我注意到Nginx仍然使用php-fpm7.0運行。 我檢查了php-fpm 7.0和7.2都在運行。 我的/etc/nginx/conf.d/mysite.com.conf不包含

location~ * .php $

線。

輸出

find /（ - iname“php.ini”-o -name“www.conf”）

是

/etc/php/7.0/apache2/php.ini  
/etc/php/7.0/fpm/pool.d/www.conf  
/etc/php/7.0/fpm/php.ini  
/etc/php/7.0/cli/php.ini  
/etc/php/7.2/fpm/pool.d/www.conf  
/etc/php/7.2/fpm/php.ini  
/etc/php/7.2/cli/php.ini

另外，我沒有任何/etc/nginx/conf.d/mysite.com.conf文件
我在/etc/nginx/conf.d/里面只有global_locations_ssl.conf.inc

輸出

ps -aux | grep nginx

是

root      3123  0.0  0.0  37944  4192 ?        Ss   Nov05   0:00               nginx: master process /usr/sbin/nginx -g daemon on; master_process on;  
www-data  3124  0.0  0.0  37944  8416 ?        S    Nov05   0:54 nginx: worker process  
www-data  3125  0.0  0.0  37944  8500 ?        S    Nov05   0:58 nginx: worker process  
www-data  3126  0.0  0.0  37944  8552 ?        S    Nov05   2:04 nginx: worker process  
www-data  3127  0.0  0.0  37944  8588 ?        S    Nov05   1:04 nginx: worker process  
www-data  3128  0.0  0.0  37944  8668 ?        S    Nov05   1:10 nginx: worker process  
www-data  3129  0.0  0.0  37944  8536 ?        S    Nov05   1:27 nginx: worker process  
root     22931  0.0  0.0  13348   916 pts/0    R+   12:50   0:00 grep --color=auto nginx 

所以我的Nginx主進程以root身份運行。

我應該檢查什么來解決這個問題？

Answer 1

您可以在https://linode.com/docs/web-servers/nginx/serve-php-php-fpm-and-nginx/找到解決方案完整解決方案

根據您的發行版和PHP版本，PHP配置文件將存儲在不同的位置。 本指南以Ubuntu 16.04上的Ubuntu存儲庫中的PHP 7.0為例，

`/etc/php/7.0/fpm/pool.d/www.conf and /etc/php/7.0/fpm/php.ini` 

files are what we’ll be modifying.

Find those full file paths using a find command:

`find / \( -iname "php.ini" -o -name "www.conf" \)`

The output should look similar to:

`root@localhost:~# find / \( -iname "php.ini" -o -name "www.conf" \)
/etc/php/7.0/fpm/php.ini
/etc/php/7.0/fpm/pool.d/www.conf
/etc/php/7.0/cli/php.ini
`

The listen.owner and listen.group variables are set to www-data by default, but they need to match the user and group NGINX is running as. If you installed NGINX using our Getting Started with NGINX series, then your setup will be using the nginx user and group. You can verify with:

`ps -aux | grep nginx`

The output should be similar to:

`
root@localhost:~# ps -aux | grep nginx
root      3448  0.0  0.0  32500  3516 ?        Ss   18:21   0:00 nginx: master process /        usr/sbin/nginx -c /etc/nginx/nginx.conf
nginx     3603  0.0  0.0  32912  2560 ?        S    18:24   0:00 nginx: worker process
nginx     3604  0.0  0.0  32912  3212 ?        S    18:24   0:00 nginx: worker process
`
This shows the NGINX master process is running as root, and the worker processes are running as the nginx user and group. Change the listen variables to that:

`
sed -i 's/listen.owner = www-data/listen.owner = nginx/g' /etc/php/7.0/fpm/pool.d/www.conf
sed -i 's/listen.group = www-data/listen.group = nginx/g' /etc/php/7.0/fpm/pool.d/www.conf
`
When pairing NGINX with PHP-FPM, it’s possible to return to NGINX a .php URI that does not actually exist in the site’s directory structure. The PHP processor will process the URI, and execute the .php file, because its job is to process anything handed to it by NGINX. This of course presents a security problem.

It’s important limit what NGINX passes to PHP-FPM so malicious scripts can’t be injected into return streams to the server. Instead, the request is stopped, possibly then resulting in a 404. There are multiple ways to do this (see the NGINX wiki) but here we chose to specify the setting in PHP-FPM rather than in NGINX’s configuration.

`sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/7.0/fpm/php.ini`

You’ll notice that ;cgi.fix_pathinfo=1 is commented out by default. Setting it to 0 and uncommenting it will enforce the configuration should there be any upstream changes in the default value in the future.

Restart PHP-FPM to apply the changes:

`systemctl restart php7.0-fpm.service`

Configure the NGINX Server BlockPermalink
Again pulling from Part 1 of our NGINX series, we’ll start with a basic Server Block for a static HTTP page being served from /var/www/example.com. Replace example.com with your site’s domain or IP address, and the root directive with your site’s root directory.

`/etc/nginx/conf.d/example.com.conf

`server {
    listen         80 default_server;
    listen         [::]:80 default_server;
    server_name    example.com www.example.com;
    root           /var/www/example.com;
    index          index.html;
}
`
To the Server Block above, add a location block containing the PHP directives. You should then have:

/etc/nginx/conf.d/example.com.conf

server {
    listen         80 default_server;
    listen         [::]:80 default_server;
    server_name    example.com www.example.com;
    root           /var/www/example.com;
    index          index.html;

  location ~* \.php$ {
    fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    include         fastcgi_params;
    fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
    fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
  }
}
This is just a bare minimum to get PHP-FPM working and you will want to configure it further for your specific needs. Some further points about the configuration above:

The location ~* \.php$ means that NGINX will apply this configuration to all .php files (file names are not case sensitive) in your site’s root directory, including any subdirectories containing PHP files.
The * in the ~* \.php$ location directive indicates that PHP file names are not case sensitive. This can be removed if you prefer to enforce letter case.
The fastcgi_pass location must match the listen = value in /etc/php/7.0/fpm/pool.d/www.conf. It is preferable for performance reasons for PHP-FPM to listen on a UNIX socket instead of a TCP address. Only change this if you require PHP-FPM use network connections.
Using $document_root in the SCRIPT_FILENAME parameter instead of an absolute path is preferred by NGINX’s documentation.
Here’s a variation of the location block above. This includes an if statement which disallows the FPM to process files in the /uploads/ directory. This is a security measure which prevents people from being able to upload .php files to your server or application which the FastCGI process manager would then execute.

This only applicable if you allow users to upload or submit files to your site. Change the name of the directory from uploads to whatever suits your need.

/etc/nginx/conf.d/example.com.conf

  location ~* \.php$ {
    if ($uri !~ "^/uploads/") {
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }
    include         fastcgi_params;
    fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
    fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
  }
Reload NGINX:

nginx -s reload

Answer 2

我找到了解決方案。 在我的/etc/nginx/sites-enabled/my-site.conf中有一行

upstream fastcgi_backend {
server   127.0.0.1:9000;
}

Nginx配置沒有

location~ * .php $

線。

因此，每次更改php版本時都不必更改配置。

我的問題是我沒有檢查php-fpm7.0是否在socket 9000上運行。

解決方案是在php-fpm7.2中更改php.ini以在socket 9000上運行