Nginx 手册

安装 Nginx

# 停止
sudo service apache2 stop
# sudo systemctl disable apache2

# 安装 Nginx
sudo apt install nginx
# sudo apt remove nginx
# sudo apt autoremove nginx

# 启动 Nginx
sudo service nginx start

浏览服务器,如果能看到页面,表示安装成功。Nginx 缺省把网页文件保存在 /var/www/html 目录,是由 /etc/nginx/sites-enabled/default 来设置,在目录内您可以看到已经有一个 index.nginx-debian.html,如果有安装 apache2 那么页面可能是 index.html,但那不影响检查 nginx 运作是否正确,只要有任一页面正常显示即可。

nginx 服务器的组态路径为 /etc/nginx 目录结构如下
/etc/nginx
├── conf.d (1)
├── modules-available
├── modules-enabled
├── sites-available (2)
├── sites-enabled (3)
└── snippets (4)
1 静态文件放置于该目录,可应用于固定 (不会切换) 的虚拟主机。
2 网站设置档是在 /etc/nginx/sites-available 的位置,激活站台要以 ln 链接指令在 sites-enabled 文件夹中创建一个链接连回到 sites-available 组态档。
3 激活站台就是在 sites-enabled 的目录中创建链接,不激活则是删除该链接。
4 由其他网站设置档引入共通组态。
创建新的网站目录 /var/www/test-site 并加入测试网页.
mkdir /var/www/test-site

cat > /var/www/test-site/index.html << "EOF"
<html>
    <head>
        <title>Welcome to Test Site!</title>
    </head>
    <body>
        <h1>Hello World!</h1>
    </body>
</html>
EOF
在 /etc/nginx/sites-available 创建虚拟主机配置文件 test-site。
sudo bash -c 'cat > /etc/nginx/sites-available/test-site.conf' << "EOF"
server {
    listen 80;
    listen [::]:80;
    root /var/www/test-site;
    index index.html;
    server_name test-site;
    location / {
    try_files $uri $uri/ =404;
    }
}
EOF

# 取消所有站台. 注:这里用 rm 如果用 unlink 则只能一个一个取消.
sudo rm /etc/nginx/sites-enabled/*

# 激活 test-site 站台
sudo ln -s /etc/nginx/sites-available/test-site.conf /etc/nginx/sites-enabled/

# reload
sudo service nginx reload
Nginx 相关命令
# start nginx
sudo service nginx start

# stop nginx
sudo service nginx stop

# reload
sudo service nginx reload

# restart
sudo service nginx restart

# show nginx status
sudo systemctl status nginx

# nginx 日志
sudo journalctl -u nginx --since today

# 列出激活中的站台
ls /etc/nginx/sites-enabled -l

# 列出可使用的站台
ls /etc/nginx/sites-available -l

# 激活站台
sudo ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/

# 取消站台
sudo unlink /etc/nginx/sites-enabled/default

Drupal 的 Nginx 配置

参考: Drupal configuration recipe 
server {
    server_name example.com;
    root /var/www/drupal8; ## <-- Your only path reference. (1)

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # Very rarely should these ever be accessed outside of your lan
    location ~* \.(txt|log)$ {
        allow 192.168.0.0/16; (2)
        deny all;
    }

    location ~ \..*/.*\.php$ {
        return 403;
    }

    location ~ ^/sites/.*/private/ {
        return 403;
    }

    # Block access to scripts in site files directory
    location ~ ^/sites/[^/]+/files/.*\.php$ {
        deny all;
    }

    # Allow "Well-Known URIs" as per RFC 5785
    location ~* ^/.well-known/ {
        allow all;
    }

    # Block access to "hidden" files and directories whose names begin with a
    # period. This includes directories used by version control systems such
    # as Subversion or Git to store control files.
    location ~ (^|/)\. {
        return 403;
    }

    location / {
        # try_files $uri @rewrite; # For Drupal <= 6
        try_files $uri /index.php?$query_string; # For Drupal >= 7
    }

    location @rewrite {
        #rewrite ^/(.*)$ /index.php?q=$1; # For Drupal <= 6
        rewrite ^ /index.php; # For Drupal >= 7
    }

    # Don't allow direct access to PHP files in the vendor directory.
    location ~ /vendor/.*\.php$ {
        deny all;
        return 404;
    }

    # Protect files and directories from prying eyes.
    location ~* \.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|/(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|/#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$ {
        deny all;
        return 404;
    }

    # In Drupal 8, we must also match new paths where the '.php' appears in
    # the middle, such as update.php/selection. The rule we use is strict,
    # and only allows this pattern with the update.php front controller.
    # This allows legacy path aliases in the form of
    # blog/index.php/legacy-path to continue to route to Drupal nodes. If
    # you do not have any paths like that, then you might prefer to use a
    # laxer rule, such as:
    #   location ~ \.php(/|$) {
    # The laxer rule will continue to work if Drupal uses this new URL
    # pattern with front controllers other than update.php in a future
    # release.
    location ~ '\.php$|^/update.php' {
        fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
        # Ensure the php file exists. Mitigates CVE-2019-11043
        try_files $fastcgi_script_name =404;
        # Security note: If you're running a version of PHP older than the
        # latest 5.3, you should have "cgi.fix_pathinfo = 0;" in php.ini.
        # See http://serverfault.com/q/627903/94922 for details.
        include fastcgi_params;
        # Block httpoxy attacks. See https://httpoxy.org/.
        fastcgi_param HTTP_PROXY "";
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param QUERY_STRING $query_string;
        fastcgi_intercept_errors on;
        # PHP 5 socket location.
        #fastcgi_pass unix:/var/run/php5-fpm.sock;
        # PHP 7 socket location.
        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; (3)
    }

    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
        try_files $uri @rewrite;
        expires max;
        log_not_found off;
    }

    # Fighting with Styles? This little gem is amazing.
    # location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6
    location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7
        try_files $uri @rewrite;
    }

    # Handle private files through Drupal. Private file's path can come
    # with a language prefix.
    location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7
        try_files $uri /index.php?$query_string;
    }

    # Enforce clean URLs
    # Removes index.php from urls like www.example.com/index.php/my-page --> www.example.com/my-page
    # Could be done with 301 for permanent or other redirect codes.
    if ($request_uri ~* "^(.*/)index\.php/(.*)") {
        return 307 $1$2;
    }
}
1 修改为站台的路径。
2 改为实际的局域网路区段。
3 如果为 php 7.3 则文件名为 /var/run/php/php7.3-fpm.sock,若不正确则网页会出现 502 Bad Gateway。
Update Your Nginx Config for Drupal 8 提到下列问题

  1. 无法运行 Update.php

  2. 无法从管理接口安装模块

  3. 一些导航元素缺少 CSS 样式

Drupal configuration recipe 已经修正了,文章具有参考价值。

phpMyAdmin 的 Nginx 配置

在 conf.d 创建 phpmyadmin.conf 配置文件。
sudo bash -c 'cat > /etc/nginx/conf.d/phpmyadmin.conf' << "EOF"
server
{
  listen 80;
  listen [::]:80;
  index index.php index.html index.htm;
  server_name example.com www.example.com;

  client_max_body_size 100M;

  location /phpmyadmin
  {
    root /usr/share/;
    index index.php index.html index.htm;
    location ~ ^/phpmyadmin/(.+\.php)$
    {
      try_files $uri =404;
      root /usr/share/;
      fastcgi_pass unix:/run/php/php7.3-fpm.sock;
      fastcgi_index index.php;
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      include /etc/nginx/fastcgi_params;
    }

    location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$
    {
      root /usr/share/;
    }
  }

  location ~ \.php$
  {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
  }
}
EOF

sudo service nginx reload
Reference

How to Install phpMyAdmin with Nginx on Ubuntu 18.04
Manually Install phpMyAdmin Latest on Ubuntu 16.04 | 18.04 with Nginx, MariaDB and PHP 7.2-FPM – Website for Students