1. fanxiang代理与负载均衡
nginx通常被用作后端服务器的fanxiang代理,这样就可以很方便的实现动静分离以及负载均衡,从而大大提高服务器的处理能力。
nginx实现动静分离,其实就是在fanxiang代理的时候,如果是静态资源,就直接从nginx发布的路径去读取,而不需要从后台服务器获取了。
但是要注意,这种情况下需要保证后端跟前端的程序保持一致,可以使用Rsync做服务端自动同步或者使用NFS、MFS分布式共享存储。
Http Proxy模块,功能很多,最常用的是proxy_pass和proxy_cache
如果要使用proxy_cache,需要集成第三方的ngx_cache_purge模块,用来清除指定的URL缓存。这个集成需要在安装nginx的时候去做,如:
./configure --add-module=…/ngx_cache_purge-1.0 …
nginx通过upstream模块来实现简单的负载均衡,upstream需要定义在http段内
在upstream段内,定义一个服务器列表,默认的方式是轮询,如果要确定同一个访问者发出的请求总是由同一个后端服务器来处理,可以设置ip_hash,如:
upstream idfsoft.com {
ip_hash;
server 127.0.0.1:9080 weight=5;
server 127.0.0.1:8080 weight=5;
server 127.0.0.1:1111;
}
注意:这个方法本质还是轮询,而且由于客户端的ip可能是不断变化的,比如动态ip,代理,翻墙等,因此ip_hash并不能完全保证同一个客户端总是由同一个服务器来处理。
定义好upstream后,需要在server段内添加如下内容:
server {
location / {
proxy_pass http://idfsoft.com;
}
}
1.1 动静分离
Nginx 动静分离,简单来说,就是动态请求和静态请求分开,也可以理解成使用 Nginx处理静态页面,Tomcat 处理动态页面。动静分离从目前实现角度来讲大致分为两种。
第一种:纯粹把静态文件独立成单独的域名,放在独立的服务器上(主流推崇的方案);
第二种:动态跟静态文件混合在一起发布,通过 nginx 来分开。
通过 location 指定不同的后缀名实现不同的请求转发,也可以通过 expires 参数设置,使浏览器缓存文件的过期时间,从而减少与服务器之前的请求和流量。
Expires 具体含义:给一个资源设定一个过期时间,也就是说无需去服务端验证,直接通过浏览器自身确认是否过期即可,所以不会产生额外的流量,也就是所谓的客户端缓存。此种方法非常适合不经常变动的资源。(如果经常更新的文件,不建议使用 Expires 来缓存),假设一下,我们把这个Expires设置 3d,表示在 3 天之内访问这个 URL,发送一个请求,比对服务器该文件最后更新时间没有变化,则不会从服务器抓取,返回状态码304,如果有修改,则直接从服务器重新下载,返回状态码 200。
我们先来了解一下,使用动静分离的目的是什么呢?
为了加快网站的解析速度,我们可以把动态页面和静态页面交给不同的服务器来解析,来加快解析速度,提高请求的访问效率,降低原来单个服务器的压力。
配置动静分离
三台主机,一台lnmp192.168.47.158,一台nginx192.168.47.164,一台httpd192.168.47.133
lnmp
//关闭防火墙
[root@lnmp ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@lnmp ~]# vi /etc/selinux/config
[root@lnmp ~]# setenforce 0
//下载包,解压
[root@lnmp ~]# ls
anaconda-ks.cfg nginx-1.20.1.tar.gz
mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz php-8.0.10.tar.xz
[root@lnmp ~]# tar xf nginx-1.20.1.tar.gz -C /usr/local/
[root@lnmp ~]# tar xf mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz -C /usr/local/
[root@lnmp ~]# tar xf php-8.0.10.tar.xz -C /usr/local/
[root@lnmp ~]# cd /usr/local/
[root@lnmp local]# ls
bin games lib libexec nginx-1.20.1 sbin src
etc include lib64 mysql-5.7.34-linux-glibc2.12-x86_64 php-8.0.10 share
nginx
//创用户
[root@lnmp local]# useradd -r -M -s /sbin/nologin nginx
//安装依赖环境
[root@lnmp local]# yum -y install pcre-devel openssl openssl-devel gd-devel gcc gcc-c++
[root@lnmp local]# yum -y groups mark install 'Development Tools'
//创建日志存放目录,改属主
[root@lnmp local]# mkdir -p /var/log/nginx
[root@lnmp local]# chown -R nginx.nginx /var/log/nginx
[root@lnmp local]# ls
bin games lib libexec nginx-1.20.1 sbin src
etc include lib64 mysql-5.7.34-linux-glibc2.12-x86_64 php-8.0.10 share
//编译
[root@localhost ~]# cd /usr/local/nginx-1.20.1
./configure \
--prefix=$nginx_installdir/nginx \
--user=nginx \
--group=nginx \
--with-debug \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_image_filter_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=/var/log/nginx/error.log && make && make install
//设置环境变量
[root@localhost ~]# echo 'export PATH=/usr/local/nginx/sbin:$PATH' > /etc/profile.d/nginx.sh
[root@localhost ~]# . /etc/profile.d/nginx.sh
//启动
[root@localhost ~]# nginx
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
mysql
//创建用户下载依赖包
[root@localhost ~]# useradd -r -M -s /sbin/nologin mysql
[root@localhost ~]# yum -y install ncurses-devel openssl-devel openssl cmake mariadb-devel ncurses-compat-libs
//创建软连接
[root@localhost local]# ln -sv mysql-5.7.22-linux-glibc2.12-x86_64/ mysql
'mysql' -> 'mysql-5.7.22-linux-glibc2.12-x86_64/'
//修改目录/usr/local/mysql的属主属组
[root@localhost local]# chown -R mysql.mysql /usr/local/mysql
[root@localhost local]# ll -d /usr/local/mysql
lrwxrwxrwx. 1 mysql mysql 36 10月 26 18:47 /usr/local/mysql -> mysql-5.7.34-linux-glibc2.12-x86_64/
//添加环境变量
[root@localhost local]# echo 'export PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
[root@localhost local]# . /etc/profile.d/mysql.sh
[root@localhost local]# echo $PATH
/usr/local/mysql/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
//创建数据存放目录
[root@localhost local]# mkdir /opt/data
[root@localhost local]# chown -R mysql.mysql /opt/data/
//初始化数据存放目录
[root@localhost local]# /usr/local/mysql/bin/mysqld --initialize --user=mysql --datadir=/opt/data/
2021-10-26T10:50:19.914342Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2021-10-26T10:50:20.048178Z 0 [Warning] InnoDB: New log files created, LSN=45790
2021-10-26T10:50:20.074070Z 0 [Warning] InnoDB: Creating foreign key constraint system tables.
2021-10-26T10:50:20.130295Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: 83611f6b-364a-11ec-8f23-000c290c3a5c.
2021-10-26T10:50:20.131188Z 0 [Warning] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened.
2021-10-26T10:50:20.456896Z 0 [Warning] CA certificate ca.pem is self signed.
2021-10-26T10:50:20.616721Z 1 [Note] A temporary password is generated for root@localhost: s8gVGuWNTZ<t
//配置mysql
[root@localhost ~]# ln -sv /usr/local/mysql/include/ /usr/local/include/mysql
'/usr/local/include/mysql' -> '/usr/local/mysql/include/'
[root@localhost ~]# echo '/usr/local/mysql/lib' > /etc/ld.so.conf.d/mysql.conf
[root@localhost ~]# ldconfig
//生成配置文件
[root@localhost ~]# vi /etc/my.cnf
[root@localhost ~]# cat /etc/my.cnf
[mysqld]
basedir = /usr/local/mysql
datadir = /opt/data
socket = /tmp/mysql.sock
port = 3306
pid-file = /opt/data/mysql.pid
user = mysql
skip-name-resolve
//配置服务启动脚本
[root@localhost ~]# cp -a /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
[root@localhost ~]# sed -ri 's#^(basedir=).*#\1/usr/local/mysql#g' /etc/init.d/mysqld
[root@localhost ~]# sed -ri 's#^(datadir=).*#\1/opt/data#g' /etc/init.d/mysqld
[root@localhost ~]# service mysqld start
Starting MySQL.Logging to '/opt/data/localhost.localdomain.err'.
SUCCESS!
//登录并更改密码
[root@localhost ~]# mysql -uroot -p's8gVGuWNTZ<t'
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.34
Copyright (c) 2000, 2021, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> set password = password('1');
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> exit
Bye
php//下载依赖包
[root@localhost ~]# yum -y install sqlite-devel libzip-devel libxml2 libxml2-devel openssl openssl-devel bzip2 bzip2-devel libcurl libcurl-devel libicu-devel libjpeg libjpeg-devel libpng libpng-devel openldap-devel pcre-devel freetype freetype-devel gmp gmp-devel readline readline-devel libxslt libxslt-devel
[root@localhost ~]# yum -y install http://mirror.centos.org/centos/8-stream/PowerTools/x86_64/os/Packages/oniguruma-devel-6.8.2-2.el8.x86_64.rpm
//编译安装
[root@localhost]# cd /usr/local/php-8.0.10/
[root@localhost php-8.0.10]# ./configure --prefix=/usr/local/php8 \
--with-config-file-path=/etc \
--enable-fpm \
--disable-debug \
--disable-rpath \
--enable-shared \
--enable-soap \
--with-openssl \
--enable-bcmath \
--with-iconv \
--with-bz2 \
--enable-calendar \
--with-curl \
--enable-exif \
--enable-ftp \
--enable-gd \
--with-jpeg \
--with-zlib-dir \
--with-freetype \
--with-gettext \
--enable-mbstring \
--enable-pdo \
--with-mysqli=mysqlnd \
--with-pdo-mysql=mysqlnd \
--with-readline \
--enable-shmop \
--enable-simplexml \
--enable-sockets \
--with-zip \
--enable-mysqlnd-compression-support \
--with-pear \
--enable-pcntl \
--enable-posix
[root@localhost php-8.0.10]# make && make install
//安装后配置
[root@localhost php-8.0.10]# echo 'export PATH=/usr/local/php8/bin:$PATH' > /etc/profile.d/php.sh
[root@localhost php-8.0.10]# source /etc/profile.d/php.sh
[root@localhost php-8.0.10]# which php
/usr/local/php8/bin/php
[root@localhost php-8.0.10]# php -v
PHP 8.0.10 (cli) (built: Oct 26 2021 03:20:37) ( NTS )
Copyright (c) The PHP Group
Zend Engine v4.0.10, Copyright (c) Zend Technologies
//配置php-fpm
[root@localhost php-8.0.10]# cp -f /usr/local/php-8.0.10/php.ini-production /etc/php.ini
[root@localhost php-8.0.10]# cp /usr/local/php-8.0.10/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm -f
[root@localhost php-8.0.10]# chmod +x /etc/init.d/php-fpm
[root@localhost php-8.0.10]# cp -f /usr/local/php8/etc/php-fpm.conf.default /usr/local/php8/etc/php-fpm.conf
[root@localhost php-8.0.10]# cp -f /usr/local/php8/etc/php-fpm.d/www.conf.default /usr/local/php8/etc/php-fpm.d/www.conf
//启动
[root@localhost php-8.0.10]# service php-fpm start
Starting php-fpm done
[root@localhost php-8.0.10]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 127.0.0.1:9000 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 80 *:3306 *:*
创建php访问界面
[root@localhost ~]# vim /usr/local/nginx/html/index.php
<?php
phpinfo();
?>
修改nginx配置文件
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
......
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.php index.htm; #在此行中添加index.php
}
#error_page 404 /404.html;
......
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name; #将/script改为/usr/local/nginx/html
include fastcgi_params;
}
重启服务访问
[root@localhost conf]# nginx -s stop;nginx
[root@localhost conf]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 127.0.0.1:9000 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 80 *:3306 *:*
访问
nginx
```bash
//创建系统用户nginx
[root@localhost ~]# useradd -r -M -s /sbin/nologin nginx
//安装依赖环境
[root@localhost ~]# yum -y install pcre-devel openssl openssl-devel gd-devel gcc gcc-c++
[root@localhost ~]# yum -y groups mark install 'Development Tools'
上次元数据过期检查:2:59:11 前,执行于 2021年10月25日 星期一 01时04分32秒。
依赖关系解决。
=============================================================
软件包 架构 版本 仓库 大小
=============================================================
安装组:
Development Tools
事务概要
=============================================================
完毕!
//创建日志存放目录
[root@localhost ~]# mkdir -p /var/log/nginx
[root@localhost ~]# chown -R nginx.nginx /var/log/nginx
//下载nginx
[root@localhost ~]# cd /usr/src/
[root@localhost src]# wget http://nginx.org/download/nginx-1.20.1.tar.gz
--2021-10-25 04:06:16-- http://nginx.org/download/nginx-1.20.1.tar.gz
正在解析主机 nginx.org (nginx.org)...
//编译安装
[root@localhost src]# ls
debug kernels nginx-1.20.1.tar.gz
[root@localhost src]# tar xf nginx-1.20.1.tar.gz
[root@localhost src]# cd nginx-1.20.1
[root@localhost nginx-1.20.1]# ./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-debug \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_image_filter_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=/var/log/nginx/error.log
[root@localhost nginx-1.20.1]# make && makeinstall
//配置环境变量
[root@localhost ~]# echo 'export PATH=/usr/local/nginx/sbin:$PATH' > /etc/profile.d/nginx.sh
[root@localhost ~]# . /etc/profile.d/nginx.sh
//启动nginx
[root@localhost ~]# nginx
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
httpd
[root@localhost ~]# cd /usr/src/
[root@localhost src]# ls
debug kernels
[root@localhost src]# wget https://mirrors.tuna.tsinghua.edu.cn/apache/httpd/httpd-2.4.49.tar.gz
[root@localhost src]# wget https://mirrors.tuna.tsinghua.edu.cn/apache/apr/apr-1.7.0.tar.gz
[root@localhost src]# wget https://mirrors.tuna.tsinghua.edu.cn/apache/apr/apr-util-1.6.1.tar.gz
[root@localhost src]# tar xf apr-1.7.0.tar.gz
[root@localhost src]# tar xf apr-util-1.6.1.tar.gz
[root@localhost src]# tar xf httpd-2.4.49.tar.gz
[root@localhost src]# ls
apr-1.7.0 apr-util-1.6.1 debug httpd-2.4.49.tar.gz
apr-1.7.0.tar.gz apr-util-1.6.1.tar.gz httpd-2.4.49 kernels
[root@localhost src]# cd apr-1.7.0
[root@localhost apr-1.7.0]# vim configure
cfgfile=${ofile}T
trap "$RM \"$cfgfile\"; exit 1" 1 2 15
# $RM "$cfgfile" //这行注释或删除
[root@localhost apr-1.7.0]# yum -y install epel-release
[root@localhost apr-1.7.0]# ls /etc/yum.repos.d/
CentOS-Base.repo CentOS-fasttrack.repo CentOS-Vault.repo
CentOS-CR.repo CentOS-Media.repo epel.repo
CentOS-Debuginfo.repo CentOS-Sources.repo epel-testing.repo
[root@localhost apr-1.7.0]# yum clean all
[root@localhost apr-1.7.0]# yum makecache //清理一下缓存比较快,也可以不清
//安装开发工具包
[root@localhost apr-1.7.0]# yum groups mark install 'Development Tools' -y
[root@localhost apr-1.7.0]# useradd -r -M -s /sbin/nologin apache
//安装依赖包
[root@localhost apr-1.7.0]# yum -y install openssl-devel pcre-devel expat-devel libtool gcc gcc-c++ make
[root@localhost apr-1.7.0]# ./configure --prefix=/usr/local/apr
[root@localhost apr-1.7.0]# make
[root@localhost apr-1.7.0]# make install
[root@localhost apr-1.7.0]# cd ../apr-util-1.6.1/
[root@localhost apr-util-1.6.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
[root@localhost apr-util-1.6.1]# make
[root@localhost apr-util-1.6.1]# make install
[root@localhost apr-util-1.6.1]# cd ../httpd-2.4.49/
[root@localhost httpd-2.4.49]# ./configure --prefix=/usr/local/apache \
> --enable-so \
> --enable-ssl \
> --enable-cgi \
> --enable-rewrite \
> --with-zlib \
> --with-pcre \
> --with-apr=/usr/local/apr \
> --with-apr-util=/usr/local/apr-util/ \
> --enable-modules=most \
> --enable-mpms-shared=all \
> --with-mpm=prefork
[root@localhost httpd-2.4.49]# make
[root@localhost httpd-2.4.49]# make install
//设置环境变量
[root@localhost ~]# echo 'export PATH=/usr/local/apache/bin:$PATH' > /etc/profile.d/httpd.sh
[root@localhost ~]# source /etc/profile.d/httpd.sh
[root@localhost ~]# which httpd
/usr/local/apache/bin/httpd
[root@localhost ~]# ls /usr/local/apache/
bin build cgi-bin conf error htdocs icons include logs man manual modules
//为图文件添加软链接
[root@localhost ~]# ln -s /usr/local/apache/include /usr/include/httpd
[root@localhost ~]# vim /etc/man_db.conf
#MANDATORY_MANPATH /usr/src/pvm3/man
#
MANDATORY_MANPATH /usr/man
MANDATORY_MANPATH /usr/share/man
MANDATORY_MANPATH /usr/local/share/man
MANDATORY_MANPATH /usr/local/apache/man //添加帮助文档的位置
[root@localhost ~]# vim /usr/local/apache/conf/httpd.conf
ServerName www.example.com:80 //取消注释
//启动
[root@localhost ~]# apachectl start
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:111 *:*
LISTEN 0 5 192.168.122.1:53 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 127.0.0.1:631 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::111 :::*
LISTEN 0 128 :::80 :::*
[root@localhost ~]# systemctl disable --now firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# setenforce 0
//写一个service文件开机自启
[root@localhost ~]# cp /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/httpd.service
[root@localhost ~]# vim /usr/lib/systemd/system/httpd.service
[Unit]
Description=httpd server daemon
Documentation=man:httpd(8)
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/apache/bin/apachectl start
ExecStop=/usr/local/apache/bin/apachectl stop
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# apachectl stop //前面我把它开起来了,现在得关闭它
[root@localhost ~]# systemctl enable --now httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@localhost ~]# systemctl status httpd.service
● httpd.service - httpd server daemon
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since 四 2021-09-23 18:38:45 CST; 12s ago
Docs: man:httpd(8)
# 修改nginx配置文件
[root@nginx ~]# vi /usr/local/nginx/conf/nginx.conf
......
35 upstream Dynamic { # 添加 需要注意的是upstream要添加在server段的上面
36 server 192.168.47.158; # 添加
37 }
38
39 upstream Static { # 添加
40 server 192.168.47.133; # 添加
41 } # 添加
42
43
44 server { # server段
45 listen 80;
46 server_name localhost;
......
51 # location / {
52 # root html;
53 # index index.html index.htm;
54 # }
......
68 location ~ \.php$ { # 添加
69 proxy_pass http://Dynamic; # 添加
70 } # 添加
71
72 location / { # 添加
73 proxy_pass http://Static; # 添加
74 } # 添加
......