LNMPアーキテクチャ——open_basedirパラメータ設定

open_basedirの役割はphpが指定したディレクトリで活動することを制限することです.
関連構成コード

[root@dl-001 etc]# vim /usr/local/php-fpm/etc/php-fpm.d/test.conf 
#       
php_admin_value[open_basedir]=/data/www/test.com:/tmp/

効果テスト
エラー構成時のphpスクリプトの効果を先にテスト

[root@dl-001 etc]# vim /usr/local/php-fpm/etc/php-fpm.d/test.conf 
#               aaa.com
php_admin_value[open_basedir]=/data/www/aaa.com:/tmp/

php-fpmサービスの再起動

[root@dl-001 etc]# /usr/local/php-fpm/sbin/php-fpm -t
[09-Jan-2018 18:35:50] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful

[root@dl-001 etc]# /etc/init.d/php-fpm restart
Gracefully shutting down php-fpm . done
Starting php-fpm  done

curlを使用してWebアクセスをテストする

#        open_basedir，      
[root@dl-001 etc]# curl -x 127.0.0.1:80 test.com/test.php -I
HTTP/1.1 404 Not Found
Server: nginx/1.12.2
Date: Tue, 09 Jan 2018 10:38:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.6.30

修正後の検証

[root@dl-001 etc]# vim /usr/local/php-fpm/etc/php-fpm.d/test.conf 
#            
php_admin_value[open_basedir]=/data/www/test.com:/tmp/

サービスの再起動と検証

[root@dl-001 etc]# /usr/local/php-fpm/sbin/php-fpm -t
[09-Jan-2018 18:39:10] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful

[root@dl-001 etc]# /etc/init.d/php-fpm restart
Gracefully shutting down php-fpm . done
Starting php-fpm  done

#     
[root@dl-001 etc]# curl -x 127.0.0.1:80 test.com/test.php -I
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Tue, 09 Jan 2018 10:39:20 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.6.30

phpエラーログ設定
修復php.iniプロファイル、display_を閉じるErrorsパラメータ

#             
display_errors = Off

#         
log_errors = On
#       
error_log = /usr/local/php-fpm/var/log/php_errors.log
#         
error_reporting = E_ALL

エラー・ログが作成および変更できないように、先に作成して権限を与えることが望ましい.

[root@dl-001 etc]# touch /usr/local/php-fpm/var/log/php_errors.log
[root@dl-001 etc]# chmod 777 /usr/local/php-fpm/var/log/php_errors.log 

エラーメッセージを生成するためにphpコードをわざと書き間違えた

[root@dl-001 etc]# touch /usr/local/php-fpm/var/log/php_errors.log
[root@dl-001 etc]# chmod 777 /usr/local/php-fpm/var/log/php_errors.log 
php_admin_value[open_basedir]=/data/www/aaa.com:/tmp/

次のエラーメッセージでWebページにアクセスします.

[root@dl-001 etc]# curl -x 127.0.0.1:80 test.com/test.php -I
HTTP/1.1 404 Not Found
Server: nginx/1.12.2
Date: Tue, 09 Jan 2018 10:52:01 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.6.30

#                aaa.com  
[root@dl-001 etc]# cat /usr/local/php-fpm/var/log/php_errors.log 
[09-Jan-2018 10:52:01 UTC] PHP Warning:  Unknown: open_basedir restriction in effect. File(/data/www/test.com/test.php) is not within the allowed path(s): (/data/www/aaa.com:/tmp/) in Unknown on line 0
[09-Jan-2018 10:52:01 UTC] PHP Warning:  Unknown: failed to open stream: Operation not permitted in Unknown on line 0

正しく変更してからログを表示します(phpファイルは解析されました)

[root@dl-001 etc]# cat /usr/local/php-fpm/var/log/php_errors.log 
...
[09-Jan-2018 10:53:18 UTC] PHP Warning:  phpinfo(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /data/www/test.com/test.php on line 2