可参考:
https://blog.51cto.com/zero01/2052407
https://blog.51cto.com/zero01/2052428
https://blog.51cto.com/zero01/2052429
location优先级: https://dev.tencent.com/u/aminglinux/p/nginx/git/blob/master/location/priority.md
301 、302规则: 跳转两种:1)跳域名 2)跳网址的 (uri) 301 --> 域名 302 --> 网址
设置zabbix 及源码安装(以此为准) https://www.cnblogs.com/sanduzxcvbnm/p/6138642.html?utm_source=itdadao&utm_medium=referral
两台Linux系统之间传输文件的几种方法: https://blog.csdn.net/gatieme/article/details/51673229
配置nginx负载均衡时的后端服务器的健康检查:https://dev.tencent.com/u/aminglinux/p/nginx/git/blob/master/proxy/lb.md案例三下方说明部分
什么是广域网和局域网?https://help.aliyun.com/knowledge_detail/40637.html?spm=a2c4g.11186623.6.847.bd20161bSBq3KU#h2-url-2
关于nginx的文档 nginx.aminglinux.com
不做重点参考:
https://blog.csdn.net/u011709380/article/details/94068386 https://blog.csdn.net/u011709380/article/details/94149736 https://blog.csdn.net/u011709380/article/details/94208304 https://blog.csdn.net/u011709380/article/details/94298012
mysql 总是显示pid 各种问题,最后其实是内存太低,需要性能调优,此处的云主机内存为0.5,也会导致mysql无法启动,或启动中自动关闭
[mysqld] datadir=/data/mysql socket=/tmp/mysql.sock log-error=/data/mysql/error.log key_buffer=16K table_open_cache=4 query_cache_limit=256K query_cache_size=4M max_allowed_packet=1M sort_buffer_size=64K read_buffer_size=256K thread_stack=64K innodb_buffer_pool_size = 56M
配置nginx默认虚拟主机,把nginx配置文件里定义的虚拟主机删除 vim /usr/local/nginx/conf/nginx.conf #并添加以下内容 include vhost/*.conf; include /usr/local/nginx/conf/vhost/*.conf; 创建目录 mkdir /usr/local/nginx/conf/vhost
搭建3个站点,并给三个站点的后台做二次认证,增加安全性,设置访问日志(access_log )
首先安装httpd: yum install -y httpd 然后使用httpd里的htpasswd 命令去生成一个用户密码文件: htpasswd -c /usr/local/nginx/conf/htpasswd admin New password: Re-type new password: Adding password for user admin 生成完成后cat一下htpasswd 文件可以看到如下内容: cat /usr/local/nginx/conf/htpasswd admin:$apr1$bwCvGuw9$71cc8LnzGEG0AEiSSB1uO. 如果还需要再次添加用户的话就不需要加上-c选项了,加上-c选项会覆盖原来的htpasswd 文件。
重新加载nginx的配置文件:
/usr/local/nginx/sbin/nginx -t /usr/local/nginx/sbin/nginx -s reload
搭建dedecms
创建默认站点目录
mkdir /data/wwwroot/dedecms.com/
cd /usr/local/src/ wget http://updatenew.dedecms.com/base-v57/package/DedeCMS-V5.7-UTF8-SP2.tar.gz tar -zxvf DedeCMS-V5.7-UTF8-SP2.tar.gz mv DedeCMS-V5.7-UTF8-SP2/uploads/* /data/wwwroot/dedecms.com/
创建并编辑虚拟主机配置文件
vim /usr/local/nginx/conf/vhost/dedecms.com.conf server { listen 80; server_name www.dedecms.com; index index.html index.htm index.php; root /data/wwwroot/dedecms.com; location ~ \.php$ { include fastcgi_params; fastcgi_pass unix:/tmp/php-fcgi.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /data/wwwroot/dedecms.com$fastcgi_script_name; } location ^~ /dedecms/ { auth_basic "Auth"; auth_basic_user_file /usr/local/nginx/conf/htpasswd; #密码文件路径 } access_log /tmp/dedecms.com.log combined_realip; }
搭建discuz
创建默认站点目录
mkdir /data/wwwroot/discuz.com/
下载discuz主程序
cd /usr/local/src/ wget http://download.comsenz.com/DiscuzX/3.3/Discuz_X3.3_SC_UTF8.zip unzip Discuz_X3.3_SC_UTF8.zip mv upload/* /data/wwwroot/discuz.com/
创建并编辑虚拟主机配置文件
vim /usr/local/nginx/conf/vhost/discuz.com.conf server { listen 80; server_name www.discuz.com; index index.html index.htm index.php; root /data/wwwroot/discuz.com; location ~ \.php$ { include fastcgi_params; fastcgi_pass unix:/tmp/php-fcgi.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /data/wwwroot/discuz.com$fastcgi_script_name; } location ^~ /admin.php { auth_basic "Auth"; auth_basic_user_file /usr/local/nginx/conf/htpasswd; } access_log /tmp/discuz.com.log combined_realip; }
搭建zrlog站点
创建默认站点目录
mkdir /data/wwwroot/zrlog.com/
下载zrlog主程序 cd /usr/local/src/ wget http://dl.zrlog.com/release/zrlog-1.7.1-baaecb9-release.war unzip zrlog-1.7.1-baaecb9-release.war unzip zrlog-1.7.1-baaecb9-release.war -d /data/wwwroot/zrlog.com
编辑虚拟主机配置文件
vim /usr/local/tomcat/conf/server.xml
<Host name="www.zrlog.com" appBase="" unpackWARs= "true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false"> <Context path="" docBase="/data/wwwroot/zrlog.com/" debug="0" reloadable="true" crossContext="true"/> </Host>
编辑nginx的反向代理配置文件
vim /usr/local/nginx/conf/vhost/zrlog.com.conf
server { listen 80; server_name www.zrlog.com; location / { proxy_pass http://127.0.0.1:8080/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /admin/ { auth_basic "Auth"; auth_basic_user_file /usr/local/nginx/conf/htpasswd; proxy_pass http://127.0.0.1:8080/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /admin/ { auth_basic "Auth"; auth_basic_user_file /usr/local/nginx/conf/htpasswd; proxy_pass http://127.0.0.1:8080/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } access_log /tmp/zrlog.com.log combined_realip; }
php-fpm服务要求设置慢执行日志,超时时间为2s,并做日志切割,日志保留一月
编辑php-fpm的配置文件,并如下添加内容:
vim /usr/local/php-fpm/etc/php-fpm.conf
request_slowlog_timeout = 2 # 定义超过2秒就要记录日志 slowlog = /usr/local/php-fpm/var/log/www-slow.log # 定义日志文件的存放路径
修改完成,测试一下配置文件的语法,并重新加载配置文件:
/usr/local/php-fpm/sbin/php-fpm -t
日志切割
vim /usr/local/sbin/phpslow_logrotate.sh
#! /bin/bash d=`date -d "-1 day" +%Y%m%d` logdir="/usr/local/php-fpm/var/log/" nginx_pid="/usr/local/nginx/logs/nginx.pid" cd $logdir for log in `ls *.log` do mv $log $log-$d done /bin/kill -HUP `cat $nginx_pid`
写完脚本后,需要定期的自动执行日志切割,所以我们要设置一个任务计划:
crontab -e
## 增加以下内容,这是定义0点的时候执行这个脚本 0 0 * * * /bin/bash /usr/local/sbin/nginx_log_rotate.sh 日志只保留一个月,还需要往crontab里添加以下这一行,每个月的1号就删除一次旧的日志文件: * * 1 * * /usr/bin/find /usr/local/php-fpm/var/log/ -name *.log.* -type f -mtime +30 |xargs rm
所有站点都需要配置访问日志,并做日志切割,要求静态文件日志不做记录,日志保留一月
访问日志
在nginx里,日志的格式可以在主配置文件里定义,编辑主配置文件:
vim /usr/local/nginx/conf/nginx.conf
搜索log_format,这一段就是用来定义日志格式的: log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]' ' $host "$request_uri" $status' ' "$http_referer" "$http_user_agent"'; 其中的combined_realip是日志的名称,这个名称可以自定义。
获取到日志名称后编辑站点的虚拟主机配置文件:
vim /usr/local/nginx/conf/vhost/discuz.com.conf
增加以下内容: access_log /tmp/discuz.com.log combined_realip; #日志的目录可以自己定义 这里的combined_realip就是在nginx.conf中定义的日志格式名字。 然后重新加载配置文件: /usr/local/nginx/sbin/nginx -t /usr/local/nginx/sbin/nginx -s reload
静态文件不记录日志的配置如下:
vim /usr/local/nginx/conf/vhost/discuz.com.conf
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 7d; access_log off; } location ~ .*\.(js|css)$ { expires 12h; access_log off; } 配置完后重新加载配置文件: /usr/local/nginx/sbin/nginx -t /usr/local/nginx/sbin/nginx -s reload
至于日志切割其实就修改一下之前那个脚本文件即可,把logdir变量定义的路径换成参数的形式,然后在定时任务计划里传递相应的路径即可:
vim /usr/local/sbin/nginx_log_rotate.sh
#! /bin/bash d=`date -d "-1 day" +%Y%m%d` logdir="$1" nginx_pid="/usr/local/nginx/logs/nginx.pid" cd $logdir for log in `ls *.log` do mv $log $log-$d done /bin/kill -HUP `cat $nginx_pid` crontab -e 0 0 * * * /bin/bash /usr/local/sbin/nginx_log_rotate.sh "/usr/local/php-fpm/var/log/" 0 0 * * * /bin/bash /usr/local/sbin/nginx_log_rotate.sh "/data/wwwroot/discuz.com/data/log/" * * 1 * * /usr/bin/find /usr/local/php-fpm/var/log/ -name *.log.* -type f -mtime +30 |xargs rm * * 1 * * /usr/bin/find /data/wwwroot/discuz.com/data/log/ -name *.log.* -type f -mtime +30 |xargs rm 剩下的站点都是和以上步骤一样照葫芦画瓢即可,最后将文件都同步到其他web服务器上就可以了。
所有服务器要求只能普通用户登录,而且只能密钥登录,root只能普通用户sudo
使用visudo命令编辑配置文件,设置用户的alias: User_Alias ADMINS = user1, user2, user3
然后批量执行useradd命令在全部服务器上添加user1、user2、user3用户
找到Allow root to run any commands anywhere,在这行下面添加以下内容:
ADMINS ALL=(ALL) NOPASSWD: /usr/bin/su, /usr/bin/ls, /usr/bin/cat, /usr/bin/mkdir
sshd.config配置文件,修改以下内容:
vim /etc/ssh/sshd_config PermitRootLogin no PubkeyAuthentication yes PasswordAuthentication no 重启服务:systemctl restart sshd.service
服务器A生成公钥 ssh-keygen
查看公钥内容 cat .ssh/id_rsa.pub
登录服务器B,设置权限 .ssh/authorized_keys chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys