Symfony是基於PHP開發的Web應用框架,具體介紹見What is SymfonySymfony的安裝、配置參見官方文檔 Installing & Setting up the Symfony Framework,也可參考本人Blog Symfony Installation Full Record。本文關注的是如何在Nginx中部署Symfony項目。

Symfony is a set of PHP Components, a Web Application framework, a Philosophy, and a Community — all working together in harmony.

References

如何在Web服務器中部署Symfony項目,主要參考2篇官方文檔

Official Documentation
Symfony Configuring a Web Server
Nginx Symfony Configuration

Analysis

在Symfony官方的文檔Configuring a Web Server中,提供了在Nginx中的最小化配置,源碼如下

server {
    server_name domain.tld www.domain.tld;
    root /var/www/project/web;

    location / {
        # try to serve file directly, fallback to app.php
        try_files $uri /app.php$is_args$args;
    }
    # DEV
    # This rule should only be placed on your development environment
    # In production, don't include this and don't deploy app_dev.php or config.php
    location ~ ^/(app_dev|config)\.php(/|$) {
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        include fastcgi_params;
        # When you are using symlinks to link the document root to the
        # current version of your application, you should pass the real
        # application path instead of the path to the symlink to PHP
        # FPM.
        # Otherwise, PHP's OPcache may not properly detect changes to
        # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
        # for more information).
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        fastcgi_param DOCUMENT_ROOT $realpath_root;
    }
    # PROD
    location ~ ^/app\.php(/|$) {
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        include fastcgi_params;
        # When you are using symlinks to link the document root to the
        # current version of your application, you should pass the real
        # application path instead of the path to the symlink to PHP
        # FPM.
        # Otherwise, PHP's OPcache may not properly detect changes to
        # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
        # for more information).
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        fastcgi_param DOCUMENT_ROOT $realpath_root;
        # Prevents URIs that include the front controller. This will 404:
        # http://domain.tld/app.php/some-path
        # Remove the internal directive to allow URIs like this
        internal;
    }

    # return 404 for all other php files not matching the front controller
    # this prevents access to other php files you don't want to be accessible.
    location ~ \.php$ {
      return 404;
    }

    error_log /var/log/nginx/project_error.log;
    access_log /var/log/nginx/project_access.log;
}

Depending on your PHP-FPM config, the fastcgi_pass can also be fastcgi_pass 127.0.0.1:9000.

This executes only app.php, app_dev.php and config.php in the web directory. All other files ending in “.php” will be denied.

If you have other PHP files in your web directory that need to be executed, be sure to include them in the location block above.

After you deploy to production, make sure that you cannot access the app_dev.php or config.php scripts (i.e. http://example.com/app_dev.php and http://example.com/config.php). If you can access these, be sure to remove the DEV section from the above configuration.

重要: 1. 指令root的路徑 必須 指定到Symfony項目下的web子目錄; 2. 部署在生產服務器時,需將location ~ ^/(app_dev|config)\.php(/|$)移除,同時確保文件app_dev.phpconfig.php無法通過瀏覽器URL訪問; 3. 指令fastcgi_pass根據實際情況設置,取決於PHP-FPM的設置,使用端口或socket進行通信;

Production Deployment

在生產服務器

CentOS Linux release 7.2.1511 (Core)

部署

Nginx信息

item detail
配置文件路徑 /etc/nginx/conf.d
Web路徑 /usr/share/nginx/html/

在Web路徑中創建子目錄arsenal用於存放Symfony項目,完整路徑

/usr/share/nginx/html/arsenal

為Symfony項目創建Nginx配置文件,完整路徑

/etc/nginx/conf.d/arsenal.conf

將代碼部署到目錄/usr/share/nginx/html/arsenal後,強烈建議 執行如下操作

# 更改owner, group為nginx
sudo chown -R nginx:nginx /usr/share/nginx/html/arsenal
sudo chown -R nginx:nginx /var/lib/php/session

假設需要綁定的域名為

as.raxtone.com

通過php-fpm管理PHP,socket路徑為

/var/run/php-fpm/php-fpm.sock

Configuration File

以下爲生產環境中的配置文件(設置只能公司內網訪問)

# /etc/nginx/conf.d/arsenal.conf
server {
    listen 80;
    server_name as.raxtone.com;
    root   /usr/share/nginx/html/arsenal/web;
    index index.php index.html;
    error_log /var/log/nginx/arsenal_error.log;
    access_log /var/log/nginx/arsenal_access.log;
    charset utf-8;

    location / {
        try_files $uri /app.php$is_args$args;
        allow 192.168.0.0/16;
        allow 127.0.0.1;
        deny all;
    }

    # PROD
    location ~ ^/app\.php(/|$) {
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        fastcgi_param DOCUMENT_ROOT $realpath_root;
        internal;
    }

    location ~ \.php$ {
     return 404;
    }

    location ~* .(woff|eot|ttf|svg|mp4|webm|jpg|jpeg|png|gif|bmp|ico|css|js)$ {
        expires 1d;
        log_not_found off;
        access_log off;
    }

}

Domain Resolution Checking

通過digpingcurl等命令查看域名解析信息

# dig
[flying@lempstacker ~]$ dig as.raxtone.com

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.4 <<>> as.raxtone.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10830
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;as.raxtone.com.			IN	A

;; ANSWER SECTION:
as.raxtone.com.		552	IN	A	192.168.4.250

;; Query time: 11 msec
;; SERVER: 114.114.114.114#53(114.114.114.114)
;; WHEN: Tue Nov 15 17:11:56 CST 2016
;; MSG SIZE  rcvd: 59

# ping
[flying@lempstacker ~]$ ping -c 4 as.raxtone.com
PING as.raxtone.com (192.168.4.250) 56(84) bytes of data.
64 bytes from arsenal.raxtone.com (192.168.4.250): icmp_seq=1 ttl=63 time=0.638 ms
64 bytes from arsenal.raxtone.com (192.168.4.250): icmp_seq=2 ttl=63 time=0.326 ms
64 bytes from arsenal.raxtone.com (192.168.4.250): icmp_seq=3 ttl=63 time=0.549 ms
64 bytes from arsenal.raxtone.com (192.168.4.250): icmp_seq=4 ttl=63 time=0.536 ms

--- as.raxtone.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.326/0.512/0.638/0.115 ms

# curl
[flying@lempstacker ~]$ curl -I as.raxtone.com
HTTP/1.1 302 Found
Server: nginx
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Set-Cookie: PHPSESSID=rcd6vek80tctca5a7vfmra0ar6; path=/; HttpOnly
Cache-Control: no-cache
Location: /login
Date: Tue, 15 Nov 2016 09:12:07 GMT

[flying@lempstacker ~]$

Snapshot

項目快照,更多截圖見 GitHub

Login Page

Dashboard Page

Change Logs

  • 2016.11.15 17:21 Tue Asia/Shanghai
    • 初稿完成