Nginx实验-2

已于 2024-08-29 23:14:06 修改
阅读量1k 收藏 13
点赞数 17
文章标签: nginx 运维
于 2024-08-29 23:12:39 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/lhxwished/article/details/141527527
版权

Nginx中的变量

变量可以分为内置变量和自定义变量

内置变量是由nginx模块自带,通过变量可以获取到众多的与客户端访问相关的值

[root@nginx ~]# cd /usr/local/nginx/

[root@nginx nginx]# cd conf.d/

[root@nginx conf.d]# ls status.conf vhost.conf

[root@nginx conf.d]# vim vars.conf

server {
    listen 80;
    server_name var.hh.org;
    root /data/web/html;
    index index.html;

    location /var {
        default_type text/html;
        echo "why not let me go oh";
    }

}

[root@nginx conf.d]# vim /etc/hosts 在Linux中做解析

172.25.254.100	nginx.hui.org www.huihui.org hx.hx.org var.hh.org

测试:

[root@nginx conf.d]# curl var.hh.org/var

why not let me go oh

#nginx的内置变量
server {
    listen 80;
    server_name var.timinglee.org;
    root /data/web/html;
    index index.html;

    location /var {
        default_type text/html;
        echo $remote_addr;
        echo $args;
        echo $is_args;
        echo $document_root;
        echo $document_uri;
        echo $host;
        echo $remote_port;
        echo $remote_user;
        echo $request_method;
        echo $request_filename;
        echo $request_uri;
        echo $scheme;
        echo $server_protocol;
        echo $server_addr;
        echo $server_name;
        echo $server_port;
        echo $http_user_agent;
        echo $http_cookie;
        echo $cookie_key2;
    }
}

#nginx自定义变量
server {
    listen 80;
    server_name var.timinglee.org;
    root /data/web/html;
    index index.html;

    location /var {
        default_type text/html;
        set $hh hui;
        echo $hh;
    }
}

返回值
[root@nginx conf.d]#  curl -b "key1=x,key2=y1" -u lee:lee var.hh.org/var?name=hui&&id=6666
why not let me go oh
172.25.254.100
name=hui
?
/data/web/html
/var
var.hh.org
34140
lee
GET
/data/web/html/var
/var?name=hui
http
HTTP/1.1
172.25.254.100
var.hh.org
80
curl/7.76.1
key1=x,key2=y1

Nginx Rewrite模块功能

if 指令

注意:

#如果$变量的值为空字符串或0,则if指令认为该条件为false,其他条件为true。

#nginx 1.0.1之前$变量的值如果以0开头的任意字符串会返回false

eg:if判定

[root@nginx conf.d]# vim vars.conf

	location /test2 {
	if ( !-e $request_filename ){
		echo "$request_filename is not exist";
			return 409;
		}
	}

[root@nginx conf.d]# nginx -s reload

[root@nginx conf.d]# curl var.hh.org/test2
<html>
<head><title>409 Conflict</title></head>
<body>
<center><h1>409 Conflict</h1></center>
<hr><center>nginx/1.26.2</center>
</body>
</html>

[root@nginx conf.d]# curl var.hh.org/test2

/data/web/html/test2 is not exist 文件不存在

[root@nginx conf.d]# mkdir -p /data/web/html/test2/ [root@nginx conf.d]# echo test2 > /data/web/html/test2/index.html [root@nginx conf.d]# curl var.hh.org/test2/index.html test2

set 指令

指定key并给其定义一个变量,变量可以调用Nginx内置变量赋值给key(#自定义变量)

set $name hui;

echo $name;

返回值

hui

break 指令

eg:break

[root@nginx conf.d]# vim vars.conf

location /break {
        default_type text/html;
        set $name love;
        echo $name;
        
		#break;
		set $id 666;
		echo $id;
    }

[root@nginx conf.d]# nginx -s reload

返回值

[root@nginx conf.d]# curl var.hh.org/break

love 666

location /break {
        default_type text/html;
        set $name love;
        echo $name;
        
		break;
		set $id 666;
		echo $id;
    }

[root@nginx conf.d]# nginx -s reload

[root@nginx conf.d]# curl var.hh.org/break

love

[root@nginx conf.d]# vim vars.conf

	location /break {
        default_type text/html;
        set $name love;
        echo $name;
        
		if ( $http_user_agent = "curl/7.76.1" ){
            break;
        }
		set $id 666;
		echo $id;
        }

[root@nginx conf.d]# curl var.hh.org/break love

[root@nginx conf.d]# curl -A "firefox" var.hh.org/break love 666

return 指令

[root@nginx conf.d]# vim vars.conf

     location /return {
        default_type text/html;
        if ( !-e $request_filename){
            return 301 http://www.baidu.com;	#没有找到文件就访问百度
        }
        echo "$request_filename is exist";
    }

[root@nginx conf.d]# nginx -s reload

[root@nginx conf.d]# curl -I var.hh.org/return

HTTP/1.1 301 Moved Permanently

Server: nginx/1.26.2

Date: Mon, 19 Aug 2024 06:23:53 GMT

Content-Type: text/html

Content-Length: 169

Connection: keep-alive Keep-Alive: timeout=60

Location: 百度一下,你就知道

没有查找到文件,访问百度

[root@nginx conf.d]# mkdir -p /data/web/html/return

[root@nginx conf.d]# curl -I var.hh.org/return

HTTP/1.1 200 OK

Server: nginx/1.26.2

Date: Mon, 19 Aug 2024 06:33:04 GMT

Content-Type: text/html

Connection: keep-alive Keep-Alive: timeout=60

Vary: Accept-Encoding

rewrite 指令

通过正则表达式的匹配来改变URI,可以同时存在一个或多个指令,按照顺序依次对URI进行匹配,

rewrite主要是针对用户请求的URL或者是URI做具体处理

语法格式 :

rewrite regex replacement [flag];

flag 说明

redirect;#临时重定向        重写完成后以临时重定向方式直接返回重写后生成的新URL给客户端
浏览器里不会存放重写产生的新的配置文件信息
permanent;    #重写完成后以永久重定向方式直接返回重写后生成的新URL给客户端
#由客户端重新发起请求,状态码:301
break;#重写完成后,停止对当前URL在当前location中后续的其它重写操作
#而后直接跳转至重写规则配置块之后的其它配置,结束循环,建议在location中使用
#适用于一个URL一次重写
last;#重写完成后,停止对当前URI在当前location中后续的其它重写操作,
#而后对新的URL启动新一轮重写检查,不建议在location中使用
#适用于一个URL多次重写,要注意避免出现超过十次以及URL重写后返回错误的给用户

[root@nginx conf.d]# vim vars.conf

 location / {
        root /data/web/var;
        index index.html;
        #rewrite / http://www.huihui.com permanent;		#永久
        #rewrite / http://www.huihui.com redirect;		#临时
}

[root@nginx conf.d]# mkdir /data/web/var -p

[root@nginx conf.d]# echo var page > /data/web/var/index.html

[root@nginx conf.d]# nginx -s reload

[root@nginx conf.d]# curl var.hh.org

var page

[root@nginx conf.d]# curl www.huihui.org www.huihui.org

[root@nginx conf.d]# vim vars.conf

[root@nginx conf.d]# nginx -s reload

[root@nginx conf.d]# curl var.hh.org
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.26.2</center>
</body>
</html>

[root@nginx conf.d]# curl -I var.hh.org
HTTP/1.1 301 Moved Permanently
Server: nginx/1.26.2
Date: Mon, 19 Aug 2024 07:43:48 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Keep-Alive: timeout=60
Location: http://www.huihui.com

在Windows加编译:var.huihui.org

 location / {
        root /data/web/var;
        index index.html;
        #rewrite / http://www.huihui.com permanent;		#永久
}

 location / {
        root /data/web/var;
        index index.html;
        rewrite / http://www.timinglee.com redirect;
    }

#break 和last

创建文件:

[root@nginx conf.d]# mkdir /data/web/html/{test1,test2,break,last} -p

写入内容:

[root@nginx conf.d]# echo test1 > /data/web/html/test1/index.html

[root@nginx conf.d]# echo test2 > /data/web/html/test2/index.html

[root@nginx conf.d]# echo last > /data/web/html/last/index.html

[root@nginx conf.d]# echo break > /data/web/html/break/index.html

[root@nginx conf.d]# vim vars.conf

server {
	listen 80;
	server_name var.hh.org;
	root /data/web/html;
	index index.html;

	location /break {
		rewrite ^/break/(.*)  /test1/$1;	#break   如果输入break访问的时候会返回test1的值,中断下面查找test2
		rewrite ^/test1/(.*)  /test2/$1;
    }

	location /last {
		rewrite ^/last/(.*) /test1/$1;		
		rewrite ^/test1/(.*) /test2/$2;
	}
	location /test1 {
		default_type text/html;
		echo  "why not let me go oh,why you speak so low oh";
	}
	location /test2 {
		root /data/web/html;
	}
}

访问结果:

Nginx-rewrite的企业级防盗链

全站加密

创建一个认证目录:

[root@nginx conf.d]# cd /usr/local/nginx/
[root@nginx nginx]# ls
client_body_temp  conf  conf.d  fastcgi_temp  html  logs  proxy_temp  sbin  scgi_temp  uwsgi_temp
[root@nginx nginx]# mkdir certs
[root@nginx nginx]# ls
certs  client_body_temp  conf  conf.d  fastcgi_temp  html  logs  proxy_temp  sbin  scgi_temp  uwsgi_temp

[root@nginx nginx]# cd  certs/

[root@nginx certs]# cd 

[root@nginx ~]# openssl req -newkey rsa:2048 -nodes -sha256 -keyout /usr/local/nginx/certs/huihui.org.key -x509 -days 365 -out /usr/local/nginx/certs/huihui.org.crt

Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Shaanxi 
Locality Name (eg, city) [Default City]:Xi'an
Organization Name (eg, company) [Default Company Ltd]:lhx
Organizational Unit Name (eg, section) []:webserver
Common Name (eg, your name or your server's hostname) []:www.huihui.org
Email Address []:admin@huihui.org

[root@nginx ~]# cd /usr/local/nginx/

[root@nginx nginx]# cd certs/

[root@nginx certs]# ls huihui.org.crt huihui.org.key

[root@nginx certs]# cd ..

[root@nginx nginx]# cd conf.d/

[root@nginx conf.d]# ls

[root@nginx conf.d]# vim jiam.conf

server {
    listen 80;
    listen 443 ssl;
    server_name www.huihui.org;
    root /data/web/html;
    index index.html;
    ssl_certificate /usr/local/nginx/certs/huihui.org.crt;
    ssl_certificate_key /usr/local/nginx/certs/huihui.org.key;
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;
}

[root@nginx conf.d]# nginx -t

[root@nginx conf.d]# nginx -s reload

测试:

强制走加密:

[root@nginx conf.d]# vim jiam.conf

server {
    listen 80;
    listen 443 ssl;
    server_name www.huihui.org;
    root /data/web/html;
    index index.html;
    ssl_certificate /usr/local/nginx/certs/huihui.org.crt;
    ssl_certificate_key /usr/local/nginx/certs/huihui.org.key;
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

	location / {
		if ( $scheme = http ){
			rewrite /(.*) https://$host/$1 redirect;
			rewrite / https://$host redirect;	#如果不加,不管在浏览器上输入的对不对最后还是会访问https://www.huihui.org
		}
	}
}

[root@nginx conf.d]# nginx -s reload

[root@nginx conf.d]# curl -L www.huihui.org
curl: (60) SSL certificate problem: self-signed certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
[root@nginx conf.d]# curl -kL www.huihui.org
www.huihui.org

[root@nginx conf.d]# curl -I www.huihui.org
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.26.2
Date: Mon, 19 Aug 2024 15:39:35 GMT
Content-Type: text/html
Content-Length: 145
Connection: keep-alive
Keep-Alive: timeout=60
Location: https://www.huihui.org

测试:

防盗链

在一个web 站点盗链另一个站点的资源信息,比如:图片、视频等

nginx:

[root@nginx conf.d]# mkdir -p /data/web/html/images

xftp传图片,一张在images里,一张在html里,两张图片不能放在一起;

[root@nginx ~]# cd /usr/local/nginx/ [root@nginx nginx]# cd conf.d/ [root@nginx conf.d]# ls jiam.conf status.conf vhost.conf

[root@nginx conf.d]# vim jiam.con

server {
    listen 80;
    listen 443 ssl;
    server_name www.hhhoo.org;
    root /data/web/html;
    index index.html;
    ssl_certificate /usr/local/nginx/certs/hhhoo.org.crt;
    ssl_certificate_key /usr/local/nginx/certs/hhhoo.org.key;
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

	location / {
       if ( $scheme = http ){
            rewrite /(.*) https://$host/$1 redirect;
        }

        if ( !-e $request_filename ){
            rewrite /(.*) https://$host/index.html redirect;
        }
    }


	location /images  {
        valid_referers none blocked server_names *.hhhoo.org ~/.baidu/.;
        if ( $invalid_referer ){
                rewrite ^/   http://www.hhhoo.org/shiwan.jpg;
        }


    }

}

web1:

[root@web1 ~]# dnf install httpd

[root@web1 ~]# cd /var/www/html

[root@web1 html]# ls

[root@web1 html]# vim index.html

<html>

  <head>
    <meta http-equiv=Content-Type content="text/html;charset=utf-8">
    <title>盗链</title>
</head>

  <body>
    <img src="http://www.hhhoo.org/images/he.jpg" >
    <h1 style="color:red">why not let me go oh</h1>
    <p><a href=http://www.hhhoo.org>你没事吧</a>你没事吧</p>
  </body>

</html>

测试:

[root@nginx conf.d]# vim jiam.conf

server {
    listen 80;
    listen 443 ssl;
    server_name www.hhhoo.org;
    root /data/web/html;
    index index.html;
    ssl_certificate /usr/local/nginx/certs/hhhoo.org.crt;
    ssl_certificate_key /usr/local/nginx/certs/hhhoo.org.key;
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

	location / {
        valid_referers none blocked server_names *.hhhoo.org ~/.baidu/.;
        if ( $invalid_referer ){
                return 404;
        }


    }

}

测试:

但是直接访问www.hhhoo.org

[root@nginx conf.d]# vim jiam.conf

server {
    listen 80;
    listen 443 ssl;
    server_name www.hhhoo.org;
    root /data/web/html;
    index index.html;
    ssl_certificate /usr/local/nginx/certs/hhhoo.org.crt;
    ssl_certificate_key /usr/local/nginx/certs/hhhoo.org.key;
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

	location /images  {
        valid_referers none blocked server_names *.hhhoo.org ~/.baidu/ .;
        if ( $invalid_referer ){
                rewrite ^/   http://www.hhhoo.org/images/he.jpg;
        }

    }
}

测试没有

some tips:

[root@nginx conf.d]# cat status.conf 
server {
    listen 80;
    server_name hx.hx.org;
    root /data/web/html;
    index index.html;

	location /status {
		stub_status;
		#auth_basic"login"
		#auth_basic_user_file "/use/local/nginx/.htpasswd"
	}
}
[root@nginx conf.d]# cat vars.conf 
#server {
#	listen 80;
#	server_name var.hh.org;
#	root /data/web/html;
#	index index.html;
#
#	location /break {
#		rewrite ^/break/(.*)  /test1/$1;
#		rewrite ^/test1/(.*)  /test2/$1;
#    }
#
#	location /last {
#		rewrite ^/last/(.*) /test1/$1;
#		rewrite ^/test1/(.*) /test2/$2;
#	}
#	location /test1 {
#		default_type text/html;
#		echo  "why not let me go oh,why you speak so low oh";
#	}
#	location /test2 {
#		root /data/web/html;
#	}
#}
[root@nginx conf.d]# cat vhost.conf 
server {
	listen 80;
	server_name www.huihui.org;
	root /data/web/html;
	index index.html;
	error_page 404  /40x.html;
	error_log /var/log/huihui.org/error.log;
	access_log /var/log/huihui.org/access.log;
	try_files $uri $uri.html $uri/index.html /error/default.html;


	location /hui {
		root /data/web;
		#auth_basic "login password !!";
		#auth_basic_user_file "/usr/local/nginx/.htpasswd";
	}
	location = /40x.html{
		root /data/web/errorpage;
		}
	location /download {
		root /data/web;
		autoindex on;
		autoindex_localtime on;
	}
}

Nginx 反向代理及动静分离

反向代理

通过location可以写

ngx_http_proxy_module: #将客户端的请求以http协议转发至指定服务器进行处理
ngx_http_upstream_module #用于定义为proxy_pass,fastcgi_pass(解析php),uwsgi_pass(解析python)#等指令引用的后端服务器分组
ngx_stream_proxy_module: #将客户端的请求以tcp协议转发至指定服务器处理(后端是两个dns、数据库)
ngx_http_fastcgi_module: #将客户端对php的请求以fastcgi协议转发至指定服务器助理
ngx_http_uwsgi_module: #将客户端对Python的请求以uwsgi协议转发至指定服务器处理

proxy_pass:只能写一个

反向代理单台 web 服务器

在nginx:

[root@nginx conf.d]# cd /usr/local/nginx/conf.d/

[root@nginx conf.d]# vim icome.conf

server {
    listen 80;
    server_name www.hhhoo.org;

    location / {
        proxy_pass http://172.25.254.10:80;
    }

}

[root@nginx conf.d]# nginx -s reload

测试:

[root@nginx conf.d]# curl 172.25.254.100 172.25.254.10

web2:

[root@web2 ~]# vim /etc/httpd/conf/httpd.conf

#Listen 12.34.56.78:80
Listen 8080
:wq

[root@web2 ~]# systemctl restart httpd

nginx:

[root@nginx conf.d]# vim icome.conf

server {
	listen 80;
	server_name www.hhhoo.org;

	location / {
		#proxy_pass http://172.25.254.10:80;
		proxy_pass http://172.25.254.20:8080;		#二选一
	}

}

[root@nginx conf.d]# nginx -s reload

测试:

如果想访问172.25.254.20:

[root@nginx conf.d]# vim icome.conf

server {
    listen 80;
    server_name www.hhhoo.org;

    location / {
        proxy_pass http://172.25.254.10:80;
        #proxy_pass http://172.25.254.20:8080;
    }
    location /static {								#加静态
        proxy_pass http://172.25.254.20:8080;
    }

}

[root@web2 ~]# mkdir -p /var/www/html/static

[root@web2 ~]# echo static 172.25.254.20 > /var/www/html/static/index.html

测试:

动静分离:

[root@nginx conf.d]# vim icome.conf

server {
    listen 80;
    server_name www.hhhoo.org;

    location ~ \.php$ {
        proxy_pass http://172.25.254.10:80;
        #proxy_pass http://172.25.254.20:8080;
    }
    location /static {
        proxy_pass http://172.25.254.20:8080;
    }

}

[root@web1 ~]# dnf install php -y

[root@web1 ~]# systemctl restart httpd

[root@web1 ~]# vim /var/www/html/index.php

<?php
  phpinfo();
?>

[root@web2 ~]# dnf install httpd

[root@web2 ~]# systemctl enable --now httpd Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service. [root@web2 ~]# echo 172.25.254.20 > /var/www/html/index.html [root@web2 ~]# vim /etc/httpd/conf/httpd.conf (把listen改为8080)

[root@web2 ~]# systemctl restart httpd [root@web2 ~]# mkdir -p /var/www/html/static [root@web2 ~]# echo static 172.25.254.20 > /var/www/html/static/index.html

测验:

静态

php

反向代理的缓存功能

[root@nginx conf.d]# vim /usr/local/nginx/conf/nginx.conf

加在http下

proxy_cache_path /apps/nginx/proxy_cache levels=1:2:2 keys_zone=proxycache:20m
inactive=120s max_size=1g;

[root@nginx conf.d]# vim icome.conf

server {
    listen 80;
    server_name www.hhhoo.org;

    location ~ \.php$ {
        proxy_pass http://172.25.254.10:80;
        #proxy_pass http://172.25.254.20:8080;
    }
    location /static {
        proxy_pass http://172.25.254.20:8080;
        proxy_cache proxycache;
        proxy_cache_key $request_uri;
        proxy_cache_valid 200 302 301 10m;
        proxy_cache_valid any 1m;
    }

}

[root@nginx conf.d]# nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[root@nginx conf.d]# nginx -s reload

Nginx的反向代理负载均衡

http upstream配置参数

#自定义一组服务器,配置在http块内

[root@nginx ~]# cd /usr/local/nginx/conf.d/

[root@nginx conf.d]# vim icome.conf

upstream webcluster {
	server 172.25.254.10:80 fail_timeout=15s max_fails=3;
	server 172.25.254.20:8080 fail_timeout=15s max_fails=3;
	server 172.25.254.100:80 backup;
}
server {
	listen 80;
	server_name www.hhhoo.org;
	
	location / {
		proxy_pass http://webcluster;
	}

}

[root@nginx conf.d]# nginx -s reload

测试:默认是轮询

[root@nginx conf.d]# vim icome.conf

upstream webcluster {
	ip_hash;(加入算法时backup不能写)
	server 172.25.254.10:80 fail_timeout=15s max_fails=3;
	server 172.25.254.20:8080 fail_timeout=15s max_fails=3;
	#server 172.25.254.100:80 backup;
}

测试:(hash算法——找最近的后端服务器)

hash $request_uri consistent;

在web1

[root@web1 ~]# mkdir -p /var/www/html/static [root@web1 ~]# echo 172.25.254.10 static > /var/www/html/static/index.html

测试:

hash $cookie_hui;

测试:

curl -b "hui=1"(取模运算) www.hhhoo.org

tcp负载均衡配置参数

web1、web2:都下载bind

[root@web1 ~]# dnf install bind -y

[root@web1 ~]# vim /etc/named.conf

注释
//      listen-on port 53 { 127.0.0.1; };
//      listen-on-v6 port 53 { ::1; };
//      allow-query     { localhost; };
        dnssec-validation no;

[root@web1 ~]# vim /etc/named.rfc1912.zones

zone "hhhoo.org" IN {
        type master;
        file "hhhoo.org.zone";
        allow-update { none; };
};

[root@web1 ~]# cd /var/named/

[root@web1 named]# cp named.localhost hhhoo.org.zone -p

[root@web1 named]# vim hhhoo.org.zone

$TTL 1D
@       IN SOA  ns.hhhoo.org. root.hhhoo.org. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      ns.hhhoo.org.
ns      A       172.25.254.10
www     A		172.25.254.10

[root@web1 named]# dig www.hhhoo.org @172.25.254.10

; <<>> DiG 9.16.23-RH <<>> www.hhhoo.org @172.25.254.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35951
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: aac45499bb8562eb0100000066c6f9e2f0abc9b22209a6a8 (good)
;; QUESTION SECTION:
;www.hhhoo.org.            IN    A

;; ANSWER SECTION:
www.hhhoo.org.        86400    IN    A    172.25.254.10

;; Query time: 0 msec
;; SERVER: 172.25.254.10#53(172.25.254.10)
;; WHEN: Thu Aug 22 16:42:10 CST 2024
;; MSG SIZE  rcvd: 86

[root@web1 named]# scp -p /etc/named.{conf,rfc1912.zones} root@172.25.254.20:/etc/

cp到20

[root@web1 named]# scp -p /var/named/hhhoo.org.zone root@172.25.254.20:/var/named/hhhoo.org.zone

在web2把ip改成20

[root@web2 ~]# vim /var/named/hhhoo.org.zone

[root@web2 ~]# systemctl start named [root@web2 ~]# dig www.hhhoo.org @172.25.254.20

[root@web2 ~]# cd /var/named [root@web2 named]# ll

[root@web2 named]# chgrp named hhhoo.org.zone

[root@web2 named]# ll

总用量 20

[root@web2 named]# dig www.hhhoo.org @172.25.254.20

加数据库

在web1、web2上下载:

[root@web2 named]# dnf install mariadb-server -y

回nginx中加入:

[root@nginx conf.d]# vim dns.conf

stream {
	upstream dns { 
    server 172.25.254.10:53 fail_timeout=15s max_fails=3;
    server 172.25.254.20:53 fail_timeout=15s max_fails=3;
	}
	
	server {
    	listen 53 udp reuseport;
    	proxy_timeout 20s;
    	proxy_pass dns;
	}

在主配置文件加入

[root@nginx conf.d]# vim /usr/local/nginx/conf/nginx.conf

events {
    worker_connections  1024;
    use epoll;
}

include "/usr/local/nginx/tcpconf.d/*.conf";			!!!

http {
    include       mime.types;
    default_type  application/octet-stream;

负载均衡:mysql

web1

[root@web1 ~]# vim /etc/my.cnf.d/mariadb-server.cnf

[mysqld]
server-id=10				!!
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
log-error=/var/log/mariadb/mariadb.log
pid-file=/run/mariadb/mariadb.pid

[root@web1 ~]# systemctl start mariadb.service

登陆mysql

MariaDB [(none)]> CREATE USER hhhoo@'%' identified by 'hhhoo';
Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> GRANT ALL ON *.* to hhhoo@'%';
Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> quit;
Bye

web2

[root@web2 ~]# vim /etc/my.cnf.d/mariadb-server.cnf

[mysqld]
server-id=20
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
log-error=/var/log/mariadb/mariadb.log
pid-file=/run/mariadb/mariadb.pid

[root@web2 ~]# systemctl start mariadb.service

MariaDB [(none)]> CREATE USER hhhoo@'%' identified by 'hhhoo';
Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> GRANT ALL ON *.* to hhhoo@'%';
Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> quit;
Bye

回nginx

[root@nginx conf.d]# vim dns.conf

stream {
	upstream dns { 
    server 172.25.254.10:53 fail_timeout=15s max_fails=3;
    server 172.25.254.20:53 fail_timeout=15s max_fails=3;
	}

	upstream mysql {												!!!
	server 172.25.254.10:3306 fail_timeout=15s max_fails=3;
	server 172.25.254.20:3306 fail_timeout=15s max_fails=3;
	}
	
	server {
	listen 53 udp reuseport;
	proxy_timeout 20s;
	proxy_pass dns;
}

[root@nginx conf.d]# nginx -s reload

[root@nginx conf.d]# netstat -antlup | grep 3306

[root@nginx conf.d]# dnf install mariadb-server -y

[root@nginx conf.d]# mysql -u hhhoo -p -h 172.25.254.100

password:

MariaDB [(none)]>SELECT @@SERVER_id;

MariaDB [(none)]>quit

Nginx 源码编译php

重新编译

先把 /usr/local/里面的 nginx/conf.d/ 删除

[root@nginx ~]# rm -rf /usr/local/nginx/

xftp 上传压缩包:memc-nginx-module-0.20.tar.gz

srcache-nginx-module-0.33.tar.gz

[root@nginx ~]# tar zxf memc-nginx-module-0.20.tar.gz

[root@nginx ~]# tar zxf srcache-nginx-module-0.33.tar.gz

cd到 nginx1.26.2下

[root@nginx nginx-1.26.2]# ./configure --prefix=/usr/local/nginx \
> --add-module=/root/echo-nginx-module-0.63 \
> --add-module=/root/memc-nginx-module-0.20 \
> --add-module=/root/srcache-nginx-module-0.33 \
> --user=nginx \
> --group=nginx \
> --with-http_v2_module \
> --with-http_realip_module \
> --with-http_stub_status_module \
> --with-http_gzip_static_module \
> --with-stream \
> --with-stream_ssl_module \
> --with-stream_realip_module \
> --with-pcre

[root@nginx nginx-1.26.2]# make && make install

[root@nginx ~]# systemctl start nginx

[root@nginx ~]# ps aux | grep nginx

[root@nginx ~]# nginx -V

下载php安装包和openresty,xtfp上传到/root下

[root@nginx ~]# tar zxf php-8.3.9.tar.gz [root@nginx ~]# cd php-8.3.9/

[root@nginx php-8.3.9]# dnf whatprovides * /libsystemd *

[root@nginx php-8.3.9]# dnf install systemd-devel -y

[root@nginx php-8.3.9]# ./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd

[root@nginx php-8.3.9]#  ./configure --prefix=/usr/local/php \

> --enable-fpm \
> --with-fpm-user=nginx \
> --with-fpm-group=nginx \
> --with-curl \
> --with-iconv \
> --with-mhash \
> --with-zlib \
> --with-openssl \
> --enable-mysqlnd \
> --with-mysqli \
> --with-pdo-mysql \
> --disable-debug \
> --enable-sockets \
> --enable-soap \
> --enable-xml \
> --enable-ftp \
> --enable-gd \
> --enable-exif \
> --enable-mbstring \
> --enable-bcmath \
> --with-fpm-systemd

一直报错没安装软件,可恶!!

 找:dnf whatprovides * /libxml-2.0 *

下:dnf install libxml2-devel-2.9.13-2.el9.x86_64

编:./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd

>  --dnf search sqlite3
>
>  --dnf install sqlite-devel.x86_64 -y
>
>  ——./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd
>  ——dnf whatprovides */libcurl*
>  —— dnf install libcurl-devel-7.76.1-19.el9.x86_64 -y
>  ——./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd
>
>  ——  dnf search libpng-devel*
>  —— dnf install libpng-devel.x86_64 -y
>  ——  ./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd
>  —— cd /mnt
>
>  去阿里云镜像站复制链接:
>
>  —— wget https://mirrors.aliyun.com/rockylinux/9.4/devel/x86_64/os/Packages/o/oniguruma-devel-6.9.6-1.el9.5.0.1.x86_64.rpm
>  ——  ls
>
>  回镜像站下载软件包,cd到root下
>
>  ——  dnf install oniguruma-6.9.6-1.el9.5.i686 -y
>
>  ——dnf install oniguruma-devel-6.9.6-1.el9.5.x86_64.rpm 
>  ——  cd php-8.3.9/
>  —— ./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd

Nginx-php的配置

[root@nginx ~]# cd /usr/local/php/etc

[root@nginx etc]# ls php-fpm.conf.default php-fpm.d [root@nginx etc]# cp -p php-fpm.conf.default php-fpm.conf [root@nginx etc]# vim php-fpm.conf

打开pid

pid = run/php-fpm.pid

[root@nginx etc]# cd php-fpm.d/

[root@nginx php-fpm.d]# ls www.conf.default

[root@nginx php-fpm.d]# cp www.conf.default www.conf -p

[root@nginx php-fpm.d]# vim www.conf

[root@nginx php-fpm.d]# cd /root/php-8.3.9/

[root@nginx php-8.3.9]# ls

[root@nginx php-8.3.9]# cp php.ini-production /usr/local/php/etc/php.ini

[root@nginx php-8.3.9]# cd /usr/local/php/etc/

[root@nginx etc]# vim php.ini 

date.timezone =Asia/Shanghai

生成启动脚本:

[root@nginx fpm]# cp php-fpm.service /lib/systemd/system/
[root@nginx fpm]# pwd
/root/php-8.3.9/sapi/fpm

[root@nginx fpm]# vim /lib/systemd/system/php-fpm.service 

注释掉:

# Mounts the /usr, /boot, and /etc directories read-only for processes invoked by this unit.
#ProtectSystem=full

[root@nginx fpm]# systemctl daemon-reload
[root@nginx fpm]# systemctl start php-fpm.service 
[root@nginx fpm]# netstat -antlupe | grep php

建议不要!!!!                修改监听端口

[root@nginx php]# cd etc/php-fpm.d/
[root@nginx php-fpm.d]# vim www.conf

listen = 0.0.0.0:9000

[root@nginx php-fpm.d]# systemctl restart php-fpm.service 
[root@nginx php-fpm.d]# netstat -antlupe | grep php
tcp6       0      0 ::1:9000                :::*                    LISTEN      0          188205     215256/php-fpm: mas

Nginx和php的整合

[root@nginx bin]# mkdir -p /data/web/php

[root@nginx bin]# cd /usr/local/php/

[root@nginx bin]# ls

[root@nginx bin]# cd bin/

[root@nginx bin]# vim ~/.bash_profile

export 
PATH=$PATH:/usr/local/nginx/sbin:/usr/local/php/bin:/usr/local/php/sbin

[root@nginx bin]# source ~/.bash_profile

[root@nginx bin]# cd /data/web/php/

[root@nginx php]# ls

[root@nginx php]# vim index.php

<?php
  phpinfo();
?>
:wq

[root@nginx php]# cd /usr/local/
[root@nginx local]# ls
bin  etc  games  include  lib  lib64  libexec  nginx  php  sbin  share  src
[root@nginx local]# cd nginx/

[root@nginx nginx]# ls
client_body_temp  conf  fastcgi_temp  html  logs  proxy_temp  sbin  scgi_temp  uwsgi_temp
[root@nginx nginx]# mkdir conf.d
[root@nginx nginx]# vim conf/nginx.conf

include "/usr/local/nginx/conf.d/*.conf";

[root@nginx nginx]# cd conf.d/

[root@nginx conf.d]# ls

[root@nginx conf.d]# vim vhost.conf

server{
    listen 80;
    server_name www.hhhoo.org;
    root /data/web/html;
    index index.html;

    location ~ \.php$ {
    	root /data/web/php;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        include fastcgi.conf;
    }
}

lhxwished
关注
  • 17
    点赞
  • 13
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
关于linux的综合实验lvs-nginx-dns-tomcat-httpd-nfs
05-24
- VI-2 设置漂移地址 `192.168.2.254(内网网关)`。 4. **192.168.1.254 作为 LVS 的 VIP 并设置 LVS 的 DR 模式**: - 将`192.168.1.254`作为LVS的VIP地址,并配置LVS的DR模式以实现更高效的流量调度。 **五...
从零开始的Nginx详解(5)【Nginx-负载均衡】
01-09
负载服务器配置2.负载均衡配置3.测试三、Nginx负载均衡算法四、Nginx相关文章链接 演示环境: 系统版本:CentOS Linux release 7.7.1908 (Core) nginx版本:nginx/1.16.1 当然讲解还是官方最棒:英语和俄语大佬请...
Nginx实验-1
lhxwished的博客
08-17 724
编译安装 Nginx
nginxnginx-rtmp-module安装
Solititude的博客
05-27 606
nginxnginx-rtmp-module安装
Nginx--监控
小李学不完的博客
08-22 1282
Nginx的基础监控、监控的主要指标:基本活跃指标、每秒请求数QPS、服务器错误率、请求处理时间;指标的收集:nginx Stub Status监控模块安装、nginx状态查看、Stub Status参参数说明、Request模块监控。补充:查看Web服务器TCP连接状态。
实战:ingress-nginx安装-2022.4.26
weixin_39246554的博客
04-26 3897
目录 文章目录目录实验环境实验软件前置条件基础知识1、helm方式安装ingress-nginx2、创建自定义Values.yaml文件3、安装4、验证5、第一个示例关于我最后最后 实验环境 实验环境: 1、win10,vmwrokstation虚机; 2、k8s集群:3台centos7.6 1810虚机,1个master节点,2个node节点 k8s version:v1.22.2 containerd://1.5.5 3、helm:v3.7.2 4、ingress-nginx:v4.1.0.
Nginx官方nginx-quic搭建
qq_37177958的博客
10-13 3585
参考资料: 尝鲜 部署 Nginx Quic_qingchuwudi的专栏-CSDN博客_nginx quic文章目录一、介绍二、操作说明2.1、boringssl2.2、Nginx使用参考资料及附录一、介绍尝鲜 Nginx Quic 版本。二、操作说明1、下载 boringssl2、下载 Nginx 并编译安装2.1、boringsslBoringSSL 是由谷歌开发,从 OpenSSL 中分离的一个分支。## 创建目录$ mkdir ~/NginxWithQuic$ cd ~/NginxWithQui
nginx--集群
我不是程序猿的博客
02-18 1729
使用nginx代理功能 该功能可以通过组建后台集群提高网站性能 1,环境准备 三台主机: proxy 2.5 web1 2.100 web2 2.200 检查ip,同网段要互通,检查yum 在web1、web2主机安装常用软件包与网站服务httpd yum -y install vim net-tools bash-completion psmisc httpd 然后继续准备网站页面 echo "web1~~" > /var/www/html/index.html...
Nginx--平滑升级
小李学不完的博客
08-19 999
信号说明TERM,INT立刻退出QUIT等待工作进程结束后再退出KILL强制终止进程HUP重新加载配置文件,使用新的配置启动工作进程,并逐步关闭旧进程USR1重新打开日志文件USR2启动新的主进程,实现热升级WINCH逐步关闭工作进程。
基于nginx-rtmp-module搭建直播系统
小鹏要逆袭的博客
07-04 931
基于nginx-rtmp-module 搭建直播系统nginx基础nginx-rtmp-module基础实验操作安装nginxNRM的搭建推流拉流实验效果展示 nginx基础 nginx-rtmp-module基础 实验操作 安装nginx 从官网下载稳定版本 nginx:http://nginx.org/en/download.html tar -zxvf nginx-1.12.0.tar.gz 接着使用configure进行配置,该脚本定义系统的各方面配置,最终输出makefile文件 cd n
使用Nginx搭建直播服务器(nginx-rtmp-module)
qq_37705525的博客
06-26 3210
使用Nginx搭建直播服务器
alpine-nginx-websocketd-nodejs-ui:alpine-nginx-websocketd-nodejs-ui
05-20
alpine-nginx-websocketd-nodejs-ui 带有NGINX,NodeJS,WebSocketd的Alpine Docker映像 问题:没有-DLWS_WITH_LIBUV = ON的libwebsockets破坏了ttyd包 ...为黑客实验室做准备 您必须将config.json.hl复制到confi
Linux实验-自动部署Nginx+PHP服务器.rar
01-01
2. **安装Nginx**:使用yum命令安装Nginx,执行`sudo yum install nginx`。 3. **安装PHP**:CentOS 7通常使用Remi仓库来安装最新版本的PHP,先安装Remi仓库`sudo yum install ...
线上考试系统
qq_69194497的博客
08-27 895
Docker镜像可以通过分层来进行继承,例如,用户基于基础镜像(用来生成其他镜像的基础,往往没有父镜像)来制作各种不同的应用镜像。从Docker 的官方文档来看,Docker 容器的定义和 Docker 镜像的定义几乎是相同,Docker 容器和Docker 镜像的区别主要在于docker 容器多出了一个可写层。Docker 镜像就是一组只读的目录,或者叫只读的 Docker 容器模板,镜像中含有--件系统,所以我们说Docker 镜像是启动一个Docker 容器的基础。3.在没有镜像的情况下。
linux 系统如何进行nfs(第五节)
最新发布
weixin_44767571的博客
08-30 546
首先是 在虚拟机中的操作。然后是在开发板上的操作。
Docker容器技术
LongHongYu908的博客
08-29 1018
Docker之父Docker就好比传统的货运集装箱。
前端开发学习Docker记录02容器操作
第⑦个前端
08-29 3852
使用docker ps 可以看到有哪些镜像在运行。
linux nginx实验
04-03
很抱歉,我作为AI语言模型无法进行实验,但是我可以提供一些关于Linux和Nginx的基础知识。 Linux是一种开源的操作系统,它的核心是由Linus Torvalds在1991年开发出来的。它的优点在于稳定性、安全性、可定制性和开放性。Linux是免费的,因此可以节省企业和个人的成本。 Nginx是一个高性能的HTTP和反向代理服务器,它最初在2004年由Igor Sysoev开发。它的优点在于高并发能力、低内存消耗、动态模块化和灵活的配置选项。Nginx也可以作为负载均衡器和Web服务器使用。 要在Linux上安装Nginx,可以使用以下命令: 1. 更新系统软件包列表:sudo apt-get update 2. 安装Nginx:sudo apt-get install nginx 3. 启动Nginx服务:sudo systemctl start nginx 要配置Nginx,可以编辑/etc/nginx/nginx.conf文件。该文件包含了Nginx的全局配置选项和服务器块配置。每个服务器块定义一个虚拟主机,它可以有自己的域名、SSL证书和代理规则。 例如,以下是一个Nginx服务器块的示例: server { listen 80; server_name example.com; root /var/www/example.com; index index.html; location / { try_files $uri $uri/ /index.html; } location /api/ { proxy_pass http://localhost:3000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; } error_page 404 /404.html; error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } } 该服务器块监听80端口,使用example.com域名作为主机名,将根目录设置为/var/www/example.com,并使用index.html作为默认文档。它还定义了两个位置块:/和/api/。/位置使用try_files指令来查找静态文件或调用/index.html,而/api/位置代理到本地的3000端口,并设置一些代理头部。 如果您需要在Linux上学习更多关于Nginx实验,请查看相关的在线教程和文档。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值