1.前言
LNMP代表的就是:Linux系统下Nginx+MySQL+PHP这种网站服务器架构。
Linux是一类Unix计算机操作系统的统称,是目前最流行的免费操作系统。Nginx是一个高性能的HTTP和反向代理服务器,也是一个IMAP/POP3/SMTP代理服务器。Mysql是一个小型关系型数据库管理系统。PHP是一种在服务器端执行的嵌入HTML文档的脚本语言。这四种软件均为免费开源软件,组合到一起,成为一个免费、高效、扩展性强的网站服务系统。
2. 下载软件包
下载软件包到 /usr/local/src中(我这里是已经下完的了)
3.安装软件包
3.1安装mysql
# tar -zxvf mysql-5.6.43-linux-glibc2.12-x86_64.tar.gz //解压软件包
# mv mysql-5.6.43-linux-glibc2.12-x86_64 /usr/local/mysql/ //将解压完的包移动到/mysql下
# useradd -s /sbin/nologin mysql
# cd /usr/local/mysql/
# mkdir -p /data/mysql
# chown -R mysql:mysql /data/mysql
# ./scripts/mysql_install_db --user=mysql --datadir=/data/mysql //执行编译
# cp support-files/my-default.cnf /etc/my.cnf
# cp support-files/mysql.server /etc/init.d/mysqld
# chmod 755 /etc/init.d/mysqld
# vi /etc/init.d/mysqld //添加以下内容
basedir=/usr/local
datadir=/data/mysql
把启动脚本加入系统服务项,设定开机自启MySql服务
# chkconfig --add mysqld
# chkconfig mysqld on
# service mysqld start
# ps aux | grep mysqld //查看mysql是否启动
3.2安装PHP
# tar -zxvf php-5.6.30.tar.gz //解压软件包
# useradd -s/sbin/nologin php-fpm
# yum install -y gcc libcurl-devel libxml2-devel.x86_64 openssl openssl-devel libcurl-devel libcurl-devel libjpeg-devel libpng libpng-devel freetype freetype-devel epel-release libmcrypt-devel libmcrypt
# ./configure \
--prefix=/usr/local/php-fpm \
--with-config-file-path=/usr/local/php-fpm/etc \
--enable-fpm \
--with-fpm-user=php-fpm \
--with-fpm-group=php-fpm \
--with-mysql=/usr/local/mysql \
--with-mysql-sock=/tmp/mysql.sock \
--with-libxml-dir \
--with-gd \
--with-jpeg-dir \
--with-png-dir \
--with-freetype-dir \
--with-iconv-dir \
--with-zlib-dir \
--with-mcrypt \
--enable-soap \
--enable-gd-native-ttf \
--enable-ftp \
--enable-mbstring \
--enable-exif \
--disable-ipv6 \
--with-pear \
--with-curl \
--with-openssl
# make && make install
# echo $? //查看返回值来确定是否编译安装成功 0为成功
# cp php.ini-production /usr/local/php-fpm/etc/php.ini
# vi /usr/local/php-fpm/etc/php-fpm.conf
改成以下内容
# /usr/local/php-fpm/sbin/php-fpm -t //检查配置文件是否正确
# cp /usr/local/src/php-5.6.30/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
# chmod 755 /etc/init.d/php-fpm
# service php-fpm start
# chkconfig php-fpm on
# ps aux |grep php-fpm
3.3安装nginx
# tar -zxvf nginx-1.10.3.tar.gz //解压软件包
# cd nginx-1.10.3
# ./configure --prefix=/usr/local/nginx
# make && make install
# vi /etc/init.d/nginx //编写nginx启动脚本
#!/bin/bash
#chkconfig: - 30 21
#description: http service
#Source Function Library
. /etc/init.d/functions
# Nginx Settings
NGINX_SBIN="/usr/local/nginx/sbin/nginx"
NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
NGINX_PID="/usr/local/nginx/logs/nginx.pid"
RETVAL=0
prog="Nginx"
start()
{
echo -n $"Starting $prog: "
mkdir -p /dev/shm/nginx_temp
daemon $NGINX_SBIN -c $NGINX_CONF
RETVAL=$?
echo
return $RETVAL
}
stop()
{
echo -n $"Stopping $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -TERM
rm -rf /dev/shm/nginx_temp
RETVAL=$?
echo
return $RETVAL
}
reload()
{
echo -n $"Reloading $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -HUP
RETVAL=$?
echo
return $RETVAL
}
restart()
{
stop
start
}
configtest()
{
$NGINX_SBIN -c $NGINX_CONF -t
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
restart
;;
configtest)
configtest
;;
*)
echo $"Usage: $0 {start|stop|reload|restart|configtest}"
RETVAL=1
esac
exit $RETVAL
# chmod 755 /etc/init.d/nginx
# chkconfig --add nginx
# chkconfig nginx on
# > /usr/local/nginx/conf/nginx.conf //清空原来的配置文件
# vi /usr/local/nginx/conf/nginx.conf //编辑配置文件
user nobody nobody;
worker_processes 2;
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 6000;
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 3526;
server_names_hash_max_size 4096;
log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
' $host "$request_uri" $status'
' "$http_referer" "$http_user_agent"';
sendfile on;
tcp_nopush on;
keepalive_timeout 30;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 8 4k;
request_pool_size 4k;
client_max_body_size 10m;
client_body_buffer_size 256k;
client_body_temp_path /usr/local/nginx/client_body_temp;
proxy_temp_path /usr/local/nginx/proxy_temp;
fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
fastcgi_intercept_errors on;
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css text/htm
application/xml;
server
{
listen 80;
server_name localhost;
index index.html index.htm index.php;
root /usr/local/nginx/html;
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
}
}
}
# /usr/local/nginx/sbin/nginx -t //检验是否有错误
# service nginx start
# ps aux |grep nginx //查看进程
测试是否可以正确的解析PHP
4.Nginx配置
4.1默认虚拟主机
# vi /usr/local/nginx/conf/nginx.conf
在最后一个结束符号上添加以下内容
include vhost/*.conf;
# mkdir /usr/local/nginx/conf/vhost
# cd /usr/local/nginx/conf/vhost
# vi default.conf
server
{
listen 80 default_server; //有这个 default_server 标记的就是默认虚拟主机
server_name 123.com;
index index.html index.htm index.php;
root /data/nginx/default;
}
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload //重启nginx
# echo "default_server" > /data/nginx/default/index.html
# curl -x127.0.0.1:80 aaa.com
default_server //返回的结果
# curl -x127.0.0.1:80 1212.com
default_server //返回的结果
4.2 用户认证
再创建一个新的虚拟主机
# cd /usr/local/nginx/conf/vhost
# vi test.com.conf
server
{
listen 80;
server_name test.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
location /
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
}
# yum install -y httpd
# htpasswd -c /usr/local/nginx/conf/htpasswd aming //创建aming用户
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
# mkdir /data/nginx/test.com
# echo "test.com" > /data/nginx/test.com/index.html
# curl -i -x127.0.0.1:80 test.com
HTTP/1.1 401 Unauthorized
Server: nginx/1.10.3
Date: Mon, 18 Oct 2021 03:18:55 GMT
Content-Type: text/html
Content-Length: 195
Connection: keep-alive
WWW-Authenticate: Basic realm="Auth"
状态码401代表该网站需要验证
此时打开windows的hosts文件在里面添加一行
打开浏览器访问一下
会发现此时网站是需要验证的
我们输入aming和刚才设置的密码就可以了
4.3 域名重定向
# vi test.com.conf
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
#location /
# {
# auth_basic "Auth";
# auth_basic_user_file /usr/local/nginx/conf/htpasswd;
# }
if ($host != 'test.com')
{
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
}
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload //重启nginx
[root@localhost vhost]# curl -x127.0.0.1:80 test1.com/123.txt -I
HTTP/1.1 301 Moved Permanently
Server: nginx/1.10.3
Date: Mon, 18 Oct 2021 05:08:30 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: http://test.com/123.txt
//permanent为永久重定向,相当于httpd的R=301;还有个redirect,为临时重定向,相当于R=302
4.4 Nginx的访问日志
先看一下Nginx的日志格式
# grep -A2 log_format /usr/local/nginx/conf/nginx.conf
log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
' $host "$request_uri" $status'
' "$http_referer" "$http_user_agent"';
上配置文件中指定访问日志路径
# vi test.com.conf
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
#location /
# {
# auth_basic "Auth";
# auth_basic_user_file /usr/local/nginx/conf/htpasswd;
# }
if ($host != 'test.com')
{
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
access_log /tmp/1.log combined_realip;
}
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload //重启nginx
# curl -x127.0.0.1:80 test.com/111
# cat /tmp/1.log
127.0.0.1 - [18/Oct/2021:01:20:22 -0400] test.com "/111" 404 "-" "curl/7.29.0"
# vi /usr/local/sbin/nginx_log_rotate.sh
#! /bin/bash
d= `data -d "-1 day" +%Y%m%d`
logdir="/data/logs"
nginx_pid="/usr/local/nginx/logs/nginx.log"
cd $logdir
for log in `ls *.log`
do
mv $log $log-$d
done
/bin/kill -HUP `cat $nginx_pid`
0 0 * * * /bin/bash /usr/local/sbin/nginx_log_rotate.sh
4.5配置静态文件不记录日志并添加过期时间
# vi test.com.conf
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
# location /
# {
# auth_basic "Auth";
# auth_basic_user_file /usr/local/nginx/conf/htpasswd;
# }
if ($host != 'test.com')
{
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 7d;
access_log off;
}
location ~ .*\.(js|css)$
{
expires 12h;
access_log off;
}
access_log /tmp/1.log combined_realip;
}
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload //重启nginx
# echo "111" > /data/nginx/test.com/1.js
# echo "222222" > /data/nginx/test.com/2.jpg
# touch /data/nginx/test.com/1.jss
我们可以curl一下
可以再看一下访问日志
4.6 Nginx防盗链
# vi test.com.conf
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
# location /
# {
# auth_basic "Auth";
# auth_basic_user_file /usr/local/nginx/conf/htpasswd;
# }
if ($host != 'test.com')
{
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|rac|zip|doc|pdf|gz|bz2|jpeg|xls)$
{
expires 7d;
valid_referers none blocked server_names *.test.com;
if ($invalid_referer)
{
return 403;
}
access_log off;
}
# location ~ .*\.(js|css)$
# {
# expires 12h;
# access_log off;
# }
access_log /tmp/1.log combined_realip;
}
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload //重启nginx
再curl一下
4.7 访问控制
# vi test.com.conf
server
{
listen 80;
server_name test.com test1.com test2.com;
location /admin/
{
allow 192.168.32.129;
deny 127.0.0.1;
deny all;
}
index index.html index.htm index.php;
root /data/nginx/test.com;
# location /
# {
# auth_basic "Auth";
# auth_basic_user_file /usr/local/nginx/conf/htpasswd;
# }
if ($host != 'test.com')
{
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|rac|zip|doc|pdf|gz|bz2|jpeg|xls)$
{
expires 7d;
valid_referers none blocked server_names *.test.com;
if ($invalid_referer)
{
return 403;
}
access_log off;
}
# location ~ .*\.(js|css)$
# {
# expires 12h;
# access_log off;
# }
access_log /tmp/1.log combined_realip;
}
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload //重启nginx
# mkdir /data/nginx/test.com/admin
# echo "123" > /data/nginx/test.com/admin/1.html
配置文件中的IP也可以为IP段,比如可以写成allow 192.168.222.0/24
# location /admin/
# {
# allow 192.168.222.0/24;
# }
限制多个IP
# location /admin/
# {
# deny 192.168.222.133;
# deny 127.0.0.1;
# }
4.8 Nginx解析php
# vi test.com.conf
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
if ($host != 'test.com')
{
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock; //用来指定php-fpm地址
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/nginx/test.com$fastcgi_script_name;
}
access_log /tmp/1.log combined_realip;
}
其中fastcgi_pass用来指定php-fom的地址,fastcgi_param SCRIPT_FILENAME后面跟的路径为该站点的根目录,必须和前面定义的root的路径保持一致,否则会报502错误。
4.9 Nginx代理
# vi proxy.cnf
server
{
listen 80;
server_name ask.apelearn .com;
location /
{
proxy_pass http://47.104.7.242/; //指定要代理的域名所在的服务器IP
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
服务器IP可以通过ping ask.apelearn.com获取
后面的三行为定义发往后端web服务取的请求头,第二行必须有,否则代理不会成功,它表示后端web服务器的域名和当前配置文件中的server_name保持一致;
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload //重启nginx
5.php-fpm配置
5.1php-fpm的pool
Nginx可以配置多个虚拟主机,php-fpm也支持配置多个pool
# vi /usr/local/php-fpm/etc/php-fpm.conf
[global]
pid = /usr/local/php-fpm/var/run/php-fpm.pid
error_log = /usr/local/php-fpm/var/log/php-fpm.log
include=etc/php-fpm.d/*.conf
创建两个pool
# mkdir /usr/local/php-fpm/etc/php-fpm.d
# cd /usr/local/php-fpm/etc/php-fpm.d
# vi www.conf
[www]
listen = /tmp/www.sock
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
# vi gjy.conf
[gjy]
listen=/tmp/gjy.sock
listen.mode=666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
这样就有了两个pool了,第一个pool监听/tmp/www.sock,第二个pool监听/tmp/gjy.sock。这样,就可以在Nginx不同的虚拟主机中调用不同的pool,从而达到相互隔离的目的,两个pool互不影响。
# /usr/local/php-fpm/sbin/php-fpm -t
# /etc/init.d/php-fpm restart //重启php-fpm服务
# ls /tmp/*.sock
5.2php-fpm的慢执行日志
php-fpm的慢执行日志,可以看到php的脚本哪里执行时间长。通过php-fpm的慢执行日志,我们有时可以解决PHP的网站php-fpm进程占用资源过多而导致网站很卡的问题。
# vi /usr/local/php-fpm/etc/php-fpm.d/www.conf
[www]
listen = /tmp/www.sock
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
request_slowlog_timeout=1 //定义超时时间
slowlog=/usr/local/php-fpm/var/www-slow.log //定义慢执行日志的路径和名字
5.3php-fpm定义open_basedir
定义open-basedir的目的就是为了安全,httpd可以针对每个虚拟主机设置一个open-basedir,php-fpm也可以针对每个pool设置不同的open_basedir。
# vi /usr/local/php-fpm/etc/php-fpm.d/gjy.conf //在最后加入
gjy]
listen=/tmp/gjy.sock
listen.mode=666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
php_admin_value[open_basedir]=/data/www/:/tmp/
5.4php-fpm进程管理
pm = dynamic //定义php-fpm的子进程启动模式,dynamic为动态模式
pm.max_children = 50 //另外一种是static
pm.start_servers = 20 //针对dynamic模式定义在启动服务时产生的子进程的数量
pm.min_spare_servers = 5 //针对dynamic模式,定义空闲时段子进程数的最小值
pm.max_spare_servers = 35 //针对dynamic模式,定义空闲时段子进程数的最大值
pm.max_requests = 500 //针对dynamic模式,定义一个子进程最多处理的请求数达到这个数值时,它会自动退出