主题: nginx+iredadmin 配置分享

==== 提供基本信息便于分析问题并得到快速回复 ====
- iRedMail 版本:
- 使用的 Linux/BSD 发行版名称及版本号:
- 与您的问题相关的日志信息:
====

我的环境使用最新的 nginx-1.2.0,关于编译安装这里不再复述,请查阅相关文档。
关于iredmail的安装,这里也不再复述。
1. 安装 uwsgi
首先去官方下载 uwsgi (http://projects.unbit.it/downloads/uwsgi-1.2.tar.gz)

# tar zxvf uwsgi-1.2.tar.gz
# cd uwsgi-1.2
# make ( 直接 make,不需要 make install )
# cp uwsgi /usr/bin/ (复制过去就安装好uwsgi了)

2. 配置 uwsgi 系统服务,可以用 service uwsgi start|stop|restart 操作
# vi /etc/init.d/uwsgi

#!/bin/bash
#
# chkconfig: 235 83 18
# description: starts the uWSGI Process Manager daemon
# processname: uwsgi
#

PROG='uWSGI'
BINPATH='/usr/bin/uwsgi'
PIDFILE='/var/run/uwsgi.pid'
SOCKFILE='/var/run/uwsgi.sock'
LOGFILE='/var/log/uwsgi.log'

check_status() {
    # Usage: check_status pid_number
    PID="${1}"
    l=$(ps -p ${PID} | wc -l | awk '{print $1}')
    if [ X"$l" == X"2" ]; then
        echo "running"
    else
        echo "stopped"
    fi
}

start() {
    if [ -f ${PIDFILE} ]; then
        PID="$(cat ${PIDFILE})"
        s="$(check_status ${PID})"

        if [ X"$s" == X"running" ]; then
            echo "${PROG} is already running."
        else
            rm -f ${PIDFILE} >/dev/null 2>&1
            echo "Starting ${PROG} ..."
            ${BINPATH} -s ${SOCKFILE} --vhost --pidfile ${PIDFILE} --daemonize ${LOGFILE}
        fi
    else
        echo "Starting ${PROG} ..."
        ${BINPATH} -s ${SOCKFILE} --vhost --pidfile ${PIDFILE} --daemonize ${LOGFILE}
    fi
    unset s
}

stop() {
    if [ -f ${PIDFILE} ]; then
        PID="$(cat ${PIDFILE})"
        s="$(check_status ${PID})"

        if [ X"$s" == X"running" ]; then
            echo "Stopping ${PROG} ..."
            kill -9 ${PID}
            if [ X"$?" == X"0" ]; then
                rm -f ${PIDFILE} >/dev/null 2>&1
                rm -f ${SOCKFILE} >/dev/null 2>&1
            else
                echo -e "\t\t[ FAILED ]"
            fi
        else
            echo "${PROG} is already stopped."
            rm -f ${PIDFILE} >/dev/null 2>&1
            rm -f ${SOCKFILE} >/dev/null 2>&1
        fi
    else
        echo "${PROG} is already stopped."
    fi
    unset s
}

status() {
    if [ -f ${PIDFILE} ]; then
        PID="$(cat ${PIDFILE})"
        s="$(check_status ${PID})"

        if [ X"$s" == X"running" ]; then
            echo "${PROG} is running."
        else
            echo "${PROG} is stopped."
        fi
    else
        echo "${PROG} is stopped."
    fi
    unset s
}

case "$1" in
    start) start ;;
    stop) stop ;;
    status) status ;;
    restart) stop && start ;;
    *)
        echo $"Usage: $0 {start|stop|restart|status}"
        RETVAL=1
        ;;
esac

# chmod +x /etc/init.d/uwsgi
# chkconfig uwsgi on
# service uwsgi start

3. 配置 nginx
(nginx 本身就支持 uwsgi 来运行 python 程序,所以我们配置nginx 的 uwsgi )
# vi /path/to/nginx.conf 添加一个站点

server{
    listen  80;
    server_name mailadmin.yourdomain.com;
    location / {
      include uwsgi_params;  
      uwsgi_pass unix:/var/run/uwsgi.sock;  
      uwsgi_param UWSGI_PYHOME /path/to/iRedAdmin-0.1.6/iredadmin.py/;  
      uwsgi_param UWSGI_SCRIPT iredadmin;  
      uwsgi_param UWSGI_CHDIR /path/to/iRedAdmin-0.1.6/;
    }
    location /static {
      alias /path/to/iRedAdmin-0.1.6/static;
    }
    access_log /dev/null;
  }

# service nginx restart

到些nginx + uwsgi + iredadmin 安装配置完成
访问 mailadmin.yourdomain.com 即可开工了

回复: nginx+iredadmin 配置分享

Hi bottle,

感谢分享。

是否有空帮忙试试将其它 Web 程序也迁移到 Nginx?例如 Roundcube, phpMyAdmin, phpLDAPadmin, phpPgAdmin。
之后我们可以增加对 Nginx 的支持,用户可以选择是用 Apache 还是 Nginx。如何?

3 最后由 bottle (2012-05-04 22:42:17) 编辑

回复: nginx+iredadmin 配置分享

关于Roundcube, phpMyAdmin, phpLDAPadmin, phpPgAdmin迁移到nginx其实非常简单
这里把我的iredmail安装方法分享给大家

首先,假设有一个干净的系统环境,
我们直接下载iredmail.0.7.4进行安装,安装完成后是运行在apahce2下的,我们先停止apahce2服务,开始把iredmail 造移到nginx


我们需要一个 nginx + php + mysql 的 web 环境( for centos 5.8 x86_64)
如果你的系统是 centos 6.*,建议先下载安装 epel (http://rpmfind.net/linux/rpm2html/searc … el-release)
-----------------------------------------------------------------------------------------------------------------
1. 安装必要的包,主要用用编译

yum -y install \
"autoconf" \
"automake" \
"bison.x86_64" \
"bzip2-devel.x86_64" \
"cpp.x86_64" \
"cyrus-sasl.x86_64" \
"cyrus-sasl-plain.x86_64" \
"expect.x86_64" \
"flex" \
"fam-devel" \
"freetype-devel.x86_64" \
"gd.x86_64" \
"gcc.x86_64" \
"gcc-c++.x86_64" \
"gcc-g77" \
"gdbm-devel.x86_64" \
"glibc-devel" \
"glibc-headers" \
"glibc-kernheaders" \
"libtool.x86_64" \
"libxml2.x86_64" \
"libf2c" \
"libjpeg-devel.x86_64" \
"libpng-devel.x86_64" \
"libtiff-devel.x86_64" \
"libc-client-devel.x86_64" \
"libstdc++-devel.x86_64" \
"libmcrypt.x86_64" \
"libmcrypt-devel.x86_64" \
"libtool-ltdl.x86_64" \
"mhash.x86_64" \
"mhash-devel.x86_64" \
"libxslt-devel.x86_64" \
"libtidy-devel.x86_64" \
"libtidy.x86_64" \
"zlib-devel.x86_64" \
"expat.x86_64" \
"expat-devel.x86_64" \
"mysql.x86_64" \
"mysql-devel.x86_64" \
"mysql-server.x86_64" \
"neon.x86_64" \
"neon-devel.x86_64" \
"pcre.x86_64" \
"pcre-devel.x86_64" \
"libXp.x86_64" \
"yum-fastestmirror"

2. 下载安装 nginx-1.2.0最新稳定版(http://www.nginx.org/download/nginx-1.2.0.tar.gz)
# tar zxvf nginx-1.2.0.tar.gz
# cd nginx-1.2.0

 ./configure --prefix=/opt/lamps/nginx \
--user=nobody \
--group=nobody \
--conf-path=/opt/lamps/etc/nginx.conf \
--with-http_ssl_module \
--with-http_stub_status_module \
--http-fastcgi-temp-path=/opt/lamps/tmp/http_fastcgi_temp \
--http-proxy-temp-path=/opt/lamps/tmp/http_proxy_temp \
--http-client-body-temp-path=/opt/lamps/tmp/http_client_body_temp \
--http-log-path=/opt/lamps/logs/nginx_access_log \
--pid-path=/opt/lamps/run/nginx.pid \
--lock-path=/opt/lamps/run/nginx.lock \
--error-log-path=/opt/lamps/logs/nginx_error.log

# make && make install
# mkdir -p /opt/lamps/tmp/ (手动创建这个目录,因为nginx安装时不会自动创建,会造成启动失败)
# mkdir -p /opt/lamps/run/

3. 将 nginx 添加到系统服务
# vi /etc/init.d/nginx
---------------------------------------------------------------------------------------

#!/bin/bash
#
# chkconfig: 235 85 15
# description: Nginx is a high-performance web and proxy server.
#              It has a lot of features, but it's not for everyone.
# processname: nginx
# pidfile: /opt/lamps/run/nginx.pid
# config: /opt/lamps/etc/nginx.conf

nginxd=/opt/lamps/nginx/sbin/nginx
nginx_config=/opt/lamps/etc/nginx.conf
nginx_pid=/opt/lamps/run/nginx.pid
nginx_lock=/opt/lamps/run/nginx.lock

RETVAL=0
prog="nginx"

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0

[ -x $nginxd ] || exit 0


# Start nginx daemons functions.
start() {
if [ -e $nginx_pid ];then
   echo "nginx already running...."
   exit 1
fi

   echo -n $"Starting $prog: "
   daemon $nginxd -c ${nginx_config}
   RETVAL=$?
   echo
   [ $RETVAL = 0 ] && touch $nginx_lock
   return $RETVAL

}

# Stop nginx daemons functions.
stop() {
        echo -n $"Stopping $prog: "
        killproc $nginxd
        RETVAL=$?
        echo
        [ $RETVAL = 0 ] && rm -f $nginx_lock $nginx_pid
}

# reload nginx service functions.
reload() {
    echo -n $"Reloading $prog: "
    #kill -HUP `cat ${nginx_pid}`
    killproc $nginxd -HUP
    RETVAL=$?
    echo
}

# See how we were called.
case "$1" in
start)
        start
        ;;

stop)
        stop
        ;;

reload)
        reload
        ;;

restart)
        stop
        start
        ;;

status)
        status $prog
        RETVAL=$?
        ;;
*)
        echo $"Usage: $prog {start|stop|restart|reload|status|help}"
        exit 1
esac

exit $RETVAL

-----------------------------------------------------------------------
# chmod +x /etc/init.d/nginx
# chkconfig nginx on

4. 下载安装 php-5.3.11 (http://www.php.net/downloads.php)
# tar jxvf php-5.3.11.tar.br2
# cd php-5.3.11

./configure \
--prefix=/opt/lamps/php \
--with-libdir=lib64 \
--with-config-file-path=/opt/lamps/etc \
--with-zlib-dir \
--with-libxml-dir \
--with-bz2 \
--with-mcrypt \
--with-mhash \
--with-curl \
--with-curlwrappers \
--with-gd \
--with-jpeg-dir \
--with-png-dir \
--with-freetype-dir \
--with-iconv-dir \
--with-pear \
--with-openssl \
--with-tidy \
--with-mysql=mysqlnd \
--with-mysqli=mysqlnd \
--with-pdo-mysql=mysqlnd \
# --with-oci8=share,instantclient,/opt/instantclient/ \
--enable-sqlite-utf8 \
--enable-bcmath \
--enable-xml \
--enable-exif \
--enable-imap \
--enable-zip \
--enable-ftp \
--enable-soap \
--enable-zend-multibyte \
--enable-mbstring \
--enable-sockets \
--enable-gd-native-ttf \
--enable-inline-optimization \
--enable-mbregex \
--enable-fpm \
--disable-debug

# make && make install

5. nginx 是以 fastcgi 方式运行 php的,所以我们配置
# cp /opt/lamps/php/etc/php-fpm.conf.default /opt/lamps/etc/php-fpm.conf
# vi /opt/lamps/etc/php-fpm.conf
--------------------------------------------------------------------------

;include=/opt/lamps/php/etc/fpm.d/*.conf
[global]
pid = /opt/lamps/run/php-fpm.pid
error_log = /opt/lamps/logs/php.log
log_level = error
emergency_restart_threshold = 10
emergency_restart_interval = 1m
process_control_timeout = 5s
daemonize = yes

[www]
listen = /opt/lamps/run/php-fpm.sock
listen.backlog          = -1
listen.allowed_clients  = 127.0.0.1
listen.owner            = nobody
listen.group            = nobody
listen.mode             = 0666

user                        = nobody
group                       = nobody
pm                          = dynamic
pm.max_children             = 5120
pm.start_servers            = 50
pm.min_spare_servers        = 50
pm.max_spare_servers        = 100
pm.max_requests             = 5120
;pm.status_path             = /status
;ping.path                  = /ping
;ping.response              = pong
request_terminate_timeout   = 0
request_slowlog_timeout     = 2s
slowlog                     = /opt/lamps/logs/php_slow.log
rlimit_files                = 65536
rlimit_core                 = 0

;chroot = 
;chdir = /var/www

catch_workers_output = yes

env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp

php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i
php_flag[display_errors] = on
php_admin_value[error_log] = /opt/lamps/logs/php_error.log
php_admin_flag[log_errors] = on
php_admin_value[memory_limit] = 128M

--------------------------------------------------------------------------
6. 配置 php-fpm 系统服务
# vi /etc/init.d/php-fpm
--------------------------------------------------------------------------

#!/bin/bash
#
# chkconfig: 2345 80 20
# description: starts the PHP FastCGI Process Manager daemon
# processname: php-fpm
# pidfile: /opt/lamps/run/php-fpm.pid
# config: /opt/lamps/etc/php-fpm.conf

prefix=/opt/lamps/php
exec_prefix=${prefix}

php_fpm_BIN=${exec_prefix}/sbin/php-fpm
php_fpm_CONF=/opt/lamps/etc/php-fpm.conf
php_fpm_PID=/opt/lamps/run/php-fpm.pid


php_opts="--fpm-config $php_fpm_CONF"


wait_for_pid () {
        try=0

        while test $try -lt 35 ; do

                case "$1" in
                        'created')
                        if [ -f "$2" ] ; then
                                try=''
                                break
                        fi
                        ;;

                        'removed')
                        if [ ! -f "$2" ] ; then
                                try=''
                                break
                        fi
                        ;;
                esac

                echo -n .
                try=`expr $try + 1`
                sleep 1

        done

}

case "$1" in
        start)
                echo -n "Starting php-fpm "

                $php_fpm_BIN $php_opts

                if [ "$?" != 0 ] ; then
                        echo " failed"
                        exit 1
                fi

                wait_for_pid created $php_fpm_PID

                if [ -n "$try" ] ; then
                        echo " failed"
                        exit 1
                else
                        echo " done"
                fi
        ;;

        stop)
                echo -n "Gracefully shutting down php-fpm "

                if [ ! -r $php_fpm_PID ] ; then
                        echo "warning, no pid file found - php-fpm is not running ?"
                        exit 1
                fi

                kill -QUIT `cat $php_fpm_PID`

                wait_for_pid removed $php_fpm_PID

                if [ -n "$try" ] ; then
                        echo " failed. Use force-exit"
                        exit 1
                else
                        echo " done"
                fi
        ;;

        force-quit)
                echo -n "Terminating php-fpm "

                if [ ! -r $php_fpm_PID ] ; then
                        echo "warning, no pid file found - php-fpm is not running ?"
                        exit 1
                fi

                kill -TERM `cat $php_fpm_PID`

                wait_for_pid removed $php_fpm_PID

                if [ -n "$try" ] ; then
                        echo " failed"
                        exit 1
                else
                        echo " done"
                fi
        ;;

        restart)
                $0 stop
                $0 start
        ;;

        reload)

                echo -n "Reload service php-fpm "

                if [ ! -r $php_fpm_PID ] ; then
                        echo "warning, no pid file found - php-fpm is not running ?"
                        exit 1
                fi

                kill -USR2 `cat $php_fpm_PID`

                echo " done"
        ;;

        *)
                echo "Usage: $0 {start|stop|force-quit|restart|reload}"
                exit 1
        ;;

esac

-------------------------------------------------------------------------------------
# chmod +x /etc/init.d/php-fpm
# chkconfig php-fpm on
-------------------------------------------------------------------------------------
7. 配置 iredmail 相关站点
# vi /opt/lamps/etc/nginx.conf
-------------------------------------------------------------------------------------

user  nobody nobody;
worker_processes 8;
error_log  /opt/lamps/logs/nginx_error.log;
#error_log /dev/null;
pid        /opt/lamps/run/nginx.pid;

worker_rlimit_nofile 65536;

events{
  use epoll;
  worker_connections 65536;
}

http{
  include       mime.types;
  default_type  application/octet-stream;

  charset  utf-8;

  server_names_hash_bucket_size 128;
  client_header_buffer_size     32k;
  large_client_header_buffers   4 32k;
  client_max_body_size          8m;

  sendfile          on;
  tcp_nopush        on;
  tcp_nodelay       on;
  keepalive_timeout 60;
  
  server_name_in_redirect off;
  #optimize_server_names off;

  fastcgi_connect_timeout       300;
  fastcgi_send_timeout          300;
  fastcgi_read_timeout          300;
  fastcgi_buffer_size           64k;
  fastcgi_buffers               4 64k;
  fastcgi_busy_buffers_size     128k;
  fastcgi_temp_file_write_size  128k;

  gzip              on;
  gzip_min_length   1k;
  gzip_buffers      4 16k;
  gzip_http_version 1.0;
  gzip_comp_level   6;
  gzip_types        text/plain application/json application/x-javascript text/css application/xml;
  gzip_vary         on;

  log_format access '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" $http_x_forwarded_for';
  index index.html index.htm index.php;

  server{
    listen  80;
    server_name status.domain.com;
    location / {
      stub_status on;
      access_log /dev/null;
      error_log /dev/null;
    }
  }

  # 以站点方式配置
  # [url=http://www.domain.com]www.domain.com[/url] -> /web/www.domain.com        你的主站
  # pma.domain.com -> /web/pma.domain.com        phpmyadmin
  # mail.domain.com -> /web/mail.domain.com      Roundcube
  # ldap.domain.com -> /web/ldap.domain.com      phpLDAPadmin
  # pg.domain.com -> /web/pg.domain.com          phpPgAdmin
  server{
    listen  80;
    server_name  *.com; 
    set $root /web/$host;
    include common.conf; 
    access_log /opt/lamps/logs/all_site.access.log access;    
  }

  # 因为 iredadmin 是python 程序,所以要单独配置
  server{
    listen  80;
    server_name mailadmin.domain.com;
    location / {
      include uwsgi_params;  
      uwsgi_pass unix:/opt/lamps/run/uwsgi.sock;  
      uwsgi_param UWSGI_PYHOME /web/mailadmin.domain.com/iredadmin.py/;  
      uwsgi_param UWSGI_SCRIPT iredadmin;  
      uwsgi_param UWSGI_CHDIR /web/mailadmin.domain.com/;
    }
    location /static {
      alias /web/mailadmin.domain.com/static;
    }
    access_log /dev/null; # 我这里禁用日志 uwsgi 已经有日志了
  }
}

-------------------------------------------------------------------------------------

OK,安装完成
启动相关服务
# service php-fpm start
# service nginx stsrt

最后用yum 删除 iredmail 安装的apache2 和php
# yum remove php-* httpd

4 最后由 bottle (2012-05-04 22:02:31) 编辑

回复: nginx+iredadmin 配置分享

忘了一个common.conf的nginx配置文件
# vi /opt/lamps/etc/common.conf
----------------------------------------------------

root $root;

location / {
  if (-d $request_filename) {
    rewrite ^/(.*)([^/])$ http://$host/$1$2/ permanent;
  }
  #if (!-e $request_filename) {
  #  rewrite ^(.+)$ /index.php last;
  #}
  # nginx文件类型错误解析导致远程命令执行漏洞 Begin, nginx < 1.0
 if ( $fastcgi_script_name ~ \..*\/.*php ) {
   return 403;
 }
 # nginx 文件类型错误解析导致远程命令执行漏洞 End
}

location ~ .*\.php$  {
  fastcgi_pass   unix:/opt/lamps/run/php-fpm.sock;
  fastcgi_param  SCRIPT_FILENAME    $root$fastcgi_script_name;
  fastcgi_param  QUERY_STRING       $query_string;
  fastcgi_param  REQUEST_METHOD     $request_method;
  fastcgi_param  CONTENT_TYPE       $content_type;
  fastcgi_param  CONTENT_LENGTH     $content_length;

  fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
  fastcgi_param  REQUEST_URI        $request_uri;
  fastcgi_param  DOCUMENT_URI       $document_uri;
  fastcgi_param  DOCUMENT_ROOT      $document_root;
  fastcgi_param  SERVER_PROTOCOL    $server_protocol;

  fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
  fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

  fastcgi_param  REMOTE_ADDR        $remote_addr;
  fastcgi_param  REMOTE_PORT        $remote_port;
  fastcgi_param  SERVER_ADDR        $server_addr;
  fastcgi_param  SERVER_PORT        $server_port;
  fastcgi_param  SERVER_NAME        $host;
  fastcgi_param  REDIRECT_STATUS    200;
 
  fastcgi_index index.php;
}

location ~ robots\.txt$ {
  access_log /dev/null;
  error_log /dev/null;
}

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
  access_log /dev/null;
  error_log /dev/null;
  expires 1h;
}

location ~ .*\.(js|css)?$ {
  access_log /dev/null;
  error_log /dev/null;
  expires 1h;
}

回复: nginx+iredadmin 配置分享

多谢分享,我会尽快尝试让 iRedMail 支持 Nginx。:)