NGINX + PHP FastCGI для 1С-Битрикс

Опубликовано автором

Установка и настройка NGINX + PHP FastCGI

Конфиг PHP FastCGI для сайта (/etc/php-fpm.d/site.net.conf)

[site.net]
user = site
group = site
listen = 127.0.0.1:9001
listen.allowed_clients = 127.0.0.1

pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.process_idle_timeout = 10s;
;pm.max_requests = 500
;pm.status_path = /status
;ping.path = /ping
;ping.response = pong
;access.log = /home/site/site.net/logs/$pool.access.log
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
slowlog = /home/site/site.net/logs/slow.log
;request_slowlog_timeout = 0
;request_slowlog_trace_depth = 20
;request_terminate_timeout = 0
;rlimit_files = 1024
;rlimit_core = 0
;chroot =
chdir = /home/site/site.net/public
;catch_workers_output = yes
;clear_env = no
;security.limit_extensions = .php .php3 .php4 .php5 .php7

;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp

;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
php_admin_value[error_log] = /home/site/site.net/logs
php_admin_flag[log_errors] = on
php_admin_value[memory_limit] = 128M
php_admin_value[mbstring.func_overload] = 2
php_admin_value[mbstring.internal_encoding] = UTF-8
php_value[session.save_handler] = files
php_value[session.save_path]    = /home/site/site.net/session
php_value[soap.wsdl_cache_dir]  = /var/lib/php/wsdlcache
;php_value[opcache.file_cache]  = /var/lib/php/opcache

Конфиг NGINX (/etc/nginx/nginx.conf)

user  user;
worker_processes 8;
error_log /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;
worker_rlimit_nofile 10240;

events {
	use epoll;
	worker_connections  10240;
}

http {
    include       /etc/nginx/mime.types;
    default_type application/force-download;
	server_names_hash_bucket_size 128;

    log_format main	'$remote_addr - $remote_user [$time_local - $upstream_response_time] '
                  '$status "$request" $body_bytes_sent '
                  '"$http_referer" "$http_user_agent" "$http_x_forwarded_for"';

	log_format common '$remote_addr - - [$time_local - $upstream_response_time] '
                    '"$request" $status $bytes_sent '
                    '"$http_referer" "$http_user_agent" $msec';
					
	log_format balancer '$remote_addr - $remote_user [$time_iso8601] "$host" '
                    '"$request" $status $body_bytes_sent "schema: $scheme" '
                    '"$http_referer" "$http_user_agent" "$http_x_forwarded_for" '
                    '"$request_length" : "$request_time" -> $upstream_response_time';
	
	log_format debug '$upstream_response_time,"$time_local","$remote_addr","$request",$status,$body_bytes_sent';
	
	# upload default maps
	include bx/maps/*.conf;
	
	# settings files
	include bx/settings/*.conf;

	# Disable request logging in nginx by default
	#access_log /var/log/nginx/access.log  common;
    access_log			off;

    sendfile			on;
	tcp_nopush			on;
	tcp_nodelay			on;
	
	client_max_body_size		1024m;
	client_body_buffer_size		4m;
	
	# Parameters for back-end request proxy
    proxy_connect_timeout		300;
	proxy_send_timeout		300;
	proxy_read_timeout		300;
	proxy_buffer_size		64k;
	proxy_buffers			8 256k;
	proxy_busy_buffers_size		256k;
	proxy_temp_file_write_size	10m;
	
	# Assign default error handlers
	error_page 500 502 503 504 /500.html;
	error_page 404 = /404.html;

    # Content compression parameters
	gzip				on;
	gzip_proxied			any;
	gzip_static			on;
	gzip_http_version		1.0;
	gzip_types			application/x-javascript application/javascript text/css;

    include /etc/nginx/conf.d/*.conf;
}

Конфиг NGINX для сайта (/etc/nginx/conf.d/site.net.conf)

server {
    listen       80;
    server_name  site.net www.site.net;

    access_log  /home/site/site.net/logs/host.access.log  main;

    location / {
        location / {
			return 301 https://$host$request_uri;
		}
    }
}

server {
	listen	443 http2 ssl;
	server_name	site.net www.site.net;
	
	proxy_set_header	X-Real-IP        $remote_addr;
	proxy_set_header	X-Forwarded-For  $proxy_add_x_forwarded_for;
	proxy_set_header	Host $host:80;
	
	set $fastcgi_port	9001;
	set $fastcgi_root	/home/site/site.net/public;
	
	root	/home/site/site.net/public;
	index	index.php;

	charset	utf-8;
	access_log	/home/site/site.net/logs/host.access.ssl.log  main;
	
	ssl_certificate	"/var/www/ssl/site.net/certificate.pem";
	ssl_certificate_key	"/var/www/ssl/site.net/private.pem";
	ssl_session_cache	shared:SSL:1m;
	ssl_session_timeout	10m;
	ssl_ciphers	HIGH:!SSLv2:!SSLv3;
	ssl_prefer_server_ciphers	on;
	
	include /etc/nginx/bx/general.conf;
}

Конфиг NGINX битрикса (/etc/nginx/bx/general.conf)

set $test_file "bitrix/html_pages/$host$uri/index@$args.html";
set $storedAuth "";
set $usecache "";

add_header X-Content-Type-Options nosniff;

# check user auth
if ( $cookie_BITRIX_SM_LOGIN != "" ) { set $storedAuth "A"; }
if ( $cookie_BITRIX_SM_UIDH != "" ) { set $storedAuth "${storedAuth}B"; }
if ( $cookie_BITRIX_SM_CC != "Y" ) { set $storedAuth "${storedAuth}C"; }

# check all conditions for enable composite
if ( $http_bx_action_type = "" )     { set $usecache "A"; }
if ( $request_method = "GET" ) { set $usecache "${usecache}B"; }
if ( $cookie_BITRIX_SM_NCC = "" ) { set $usecache "${usecache}C"; }
if ( $http_x_forwarded_scheme !~ "https" ){ set $usecache "${usecache}D"; }
if ( $storedAuth !~ "ABC" ) { set $usecache "${usecache}E"; }

## cache location
location ~* @.*\.html$ {
	internal;
	root $fastcgi_root/bitrix/cache;
}

location / {
	root   $fastcgi_root;
	index index.php  index.html index.htm;
	if (!-e $request_filename){
		rewrite ^(.*)$ /bitrix/urlrewrite.php last;
	}
	if ( -f "$document_root/$test_file" ) { set $usecache "${usecache}F"; }
	if ($usecache = "ABCDEF" ){ rewrite .* /$test_file last; }
	gzip_min_length 1100;
}

if ($request_filename ~* \.(css|js|gif|png|jpg|jpeg|ico)$) {
	break;
}

location ~ \.php$ {
	root           $fastcgi_root;
	fastcgi_pass   127.0.0.1:$fastcgi_port;
	fastcgi_index  index.php;
	fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;
	include        fastcgi_params;
	if (!-f $request_filename) {
		rewrite  ^(.*)/index.php$  $1/ redirect;
	}
	set $test_file "bitrix/html_pages/$host$1@$args.html";
	if ( -f "$document_root/$test_file" ) { set $usecache "${usecache}F"; }
	if ($usecache = "ABCDEF" ){ rewrite .* /$test_file last; }
}

location ^~ /bitrix/modules {
	deny all;
}

Конфиг NGINX битрикса (/etc/nginx/bx/maps/common_variables.conf)

# proxyserver
map $host $proxyserver {
	site.com                         "http://127.0.0.1:9001";
	www.site.com                         "http://127.0.0.1:9001";
	default                         "http://127.0.0.1:9000";
}

Конфиг NGINX битрикса (/etc/nginx/bx/maps/composite_settings.conf)

#################### compisite cache keys
## /path/to/asset             => /path/to/asset
## /path/to/asset/            => /path/to/asset
## /path/to/dir/index.php     => /path/to/dir
map $uri $composite_key {
  default                         $uri;
  ~^(/|/index.php|/index.html)$   "";
  ~^(?P<non_slash>.+)/$           $non_slash;
  ~^(?P<non_index>.+)/index.php$  $non_index;
  ~^(?P<non_index>.+)/index.html$ $non_index;
}

# disable composite cache if BX_ACTION_TYPE exists
map $http_bx_action_type $not_bx_action_type {
  default "0";
  ''      "1";
}

# disable composite cache if BX_AJAX
map $http_bx_ajax $not_bx_ajax {
  default "0";
  ''      "1";
}

# disable composite cache if method != GET
map $request_method $is_get {
  default "0";
  "GET"   "1";
}

# disable compisite cache if there next query string in agrs
# ncc
map $arg_ncc $non_arg_ncc {
  default "0";
  ''      "1";
}

# bxajaxid
map $arg_bxajaxid $non_arg_bxajaxid {
  default "0";
  ''      "1";
}

# sessid
map $arg_sessid $non_arg_sessid {
  default "0";
  ''      "1";
}

# test IE
map $http_user_agent $is_modern {
  default           "1";
  "~MSIE [5-9]"     "0";
}

# add common limit by uri path
map $uri $is_good_uri {
  default                 "1";
  ~^/bitrix/              "0";
  ~^/index_controller.php "0";
}

# not found NCC
map $cookie_BITRIX_SM_NCC $non_cookie_ncc {
  default     "0";
  ""          "1";
}

# complex test
# BITRIX_SM_LOGIN, BITRIX_SM_UIDH - hold values and BITRIX_SM_CC is empty
map $cookie_BITRIX_SM_LOGIN $is_bx_sm_login {
  default     "1";
  ""          "0";
}

map $cookie_BITRIX_SM_UIDH $is_bx_sm_uidh {
  default     "1";
  ""          "0";
}

map $cookie_BITRIX_SM_CC $is_bx_sm_cc {
  default     "1";
  "Y"         "0";
}

map "${is_bx_sm_login}${is_bx_sm_uidh}${is_bx_sm_cc}" $is_storedAuth {
  default     "1";
  "111"       "0";
}

# test all global conditions
map "${not_bx_action_type}${not_bx_ajax}${is_get}${non_arg_ncc}${non_arg_bxajaxid}${non_arg_sessid}${is_modern}${is_good_uri}${non_cookie_ncc}${is_storedAuth}" $is_global_composite {
  default     "1";
  ~0          "0";
}

##
#################### /compisite cache keys

#################### general cache setting
## /path/to/dir       => /path/to/dir/index
## /path/to/dir/      => /path/to/dir/index
## /path/to/file.php  => /path/to/php
map $uri $general_key {
  default                         $uri;
  ~^(?P<non_slash>.+)/$           $non_slash;
  ~^(?P<php_path>.+).php$         $php_path;
}

# if exists cookie PHPSESSID disable
map $cookie_PHPSESSID $non_cookie_phpsessid {
  default      "0";
  ''           "1";
}

# main condition for general cache
map "${is_get}${cookie_PHPSESSID}" $is_global_cache {
  default       "1";
  ~0            "0";
}