任务一 安装MySQL 、PHP 、Nginx
- 安装MySQL
下载 mysql-5.6.45-linux-glibc2.12-x86_64.tar.gz
解压
[root@localhost ~]# cd /usr/local/src/
[root@localhost src]# tar -zxvf mysql-5.6.45-linux-glibc2.12-x86_64.tar.gz
配置
[root@localhost src]# mv mysql-5.6.36-linux-glibc2.5-x86_64 /usr/local/mysql
[root@localhost src]# useradd -s /sbin/nologin mysql
[root@localhost src]# cd /usr/local/mysql //注意切换目录
[root@localhost mysql]# mkdir -p /data/mysql
[root@localhost mysql]# chown -R mysql:mysql /data/mysql
[root@localhost mysql]# ./scripts/mysql/_install_db --user=mysql --datadir=/data/mysqld
[root@localhost mysql]# cp support-files/my-default.cnf /etc/my.cnf
[root@localhost mysql]# cp support-files/mysql.server /etc/init.d/mysqld
[root@localhost mysql]# chmod 755 /etc/init.d/mysqld
[root@localhost mysql]# yum install -y vim-enhanced
[root@localhost mysql]# vim /etc/init.d/mysqld //添加内容
basedir=/usr/local/mysql
datadir=/data/mysql
[root@localhost mysql]# chkconfig --add mysqld //把mysql服务加到系统服务列表中
[root@localhost mysql]# chkconfig mysqld on //设置开机自启
[root@localhost mysql]# service mysqld start //开启mysqld
[root@localhost mysql]# ps aux |grep mysqld //查看是否启动
2. 安装PHP
下载
php-5.6.30.tar.gz
解压
[root@localhost mysql]# cd /usr/local/src/
[root@localhost src]# tar -zxvf php-5.6.30.tar.gz
编译安装
[root@localhost src]# yum install -y gcc
[root@localhost src]# yum install -y libxml2-devel.x86_64 //安装libxml-devel
[root@localhost src]# yum install -y openssl openssl-devel //安装openssl和openssl-devel
[root@localhost src]# yum install -y libcurl-devel //安装libcurl-devel
[root@localhost src]# yum -y install libjpeg-devel //安装libjpeg-devel
[root@localhost src]# yum install -y libpng libpng-devel //安装libpng-devel
[root@localhost src]# yum install -y freetype freetype-devel //安装freetype-devel
[root@localhost src]# yum install -y epel-release
[root@localhost src]# yum install -y libmcrypt-devel
[root@localhost src]# useradd -s /sbin/nologin php-fpm
[root@localhost src]# cd php-5.6.30
[root@localhost php-5.6.30 ]# ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl
[root@localhost php-5.6.30 ]# make //编译php
[root@localhost php-5.6.30]# make install //安装php
[root@localhost php-5.6.30]# echo $? //查看返回值来确定是否编译安装成功
0
配置
[root@localhost php-5.6.30]# cp php.ini-production /usr/local/php-fpm/etc/php.ini
[root@localhost php-5.6.30]# vim /usr/local/php-fpm/etc/php-fpm.conf //增加如下内容
[global]
pid = /usr/local/php-fpm/var/run/php-fpm.pid
error_log = /usr/local/php-fpm/var/log/php-fpm.log
[www]
listen = /tmp/php-fcgi.sock
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
验证
[root@localhost php-5.6.30]# /usr/local/php-fpm/sbin/php-fpm -t
若是报错,根据提示检查配置文件
启动php-fpm
[root@localhost php-5.6.30]# cp /usr/local/src/php-5.6.30/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
[root@localhost php-5.6.30]# chmod 755 /etc/init.d/php-fpm
[root@localhost php-5.6.30]# service php-fpm start //启动php-fpm
Starting php-fpm done
[root@localhost php-5.6.30]# ps aux |grep php-fpm //检测php-fpm是否启动
[root@localhost php-5.6.30]# chkconfig php-fpm on //设置php-fpm开机启动
3.安装 Nginx
下载
nginx-1.12.2.tar.gz
解压
[root@localhost src]# tar -zvxf nginx-1.12.2.tar.gz
编译安装
[root@localhost src]# cd nginx-1.12.2
[root@localhost nginx-1.12.2]# ./configure --prefix=/usr/local/nginx
[root@localhost nginx-1.12.2]# make &&make install
[root@localhost nginx-1.12.2]# echo $?
0
配置
[root@localhost nginx-1.12.2]# vim /etc/init.d/nginx //添加如下内容
#!/bin/bash
# chkconfig: - 30 21
# description: http service.
# Source Function Library
. /etc/init.d/functions
# Nginx Settings
NGINX_SBIN="/usr/local/nginx/sbin/nginx"
NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
NGINX_PID="/usr/local/nginx/logs/nginx.pid"
RETVAL=0
prog="Nginx"
start()
{
echo -n $"Starting $prog: "
mkdir -p /dev/shm/nginx_temp
daemon $NGINX_SBIN -c $NGINX_CONF
RETVAL=$?
echo
return $RETVAL
}
stop()
{
echo -n $"Stopping $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -TERM
rm -rf /dev/shm/nginx_temp
RETVAL=$?
echo
return $RETVAL
}
reload()
{
echo -n $"Reloading $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -HUP
RETVAL=$?
echo
return $RETVAL
}
restart()
{
stop
start
}
configtest()
{
$NGINX_SBIN -c $NGINX_CONF -t
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
restart
;;
configtest)
configtest
;;
*)
echo $"Usage: $0 {start|stop|reload|restart|configtest}"
RETVAL=1
esac
exit $RETVAL
[root@localhost nginx-1.12.2]# chmod 755 /etc/init.d/nginx //更改启动脚本权限
[root@localhost nginx-1.12.2]# chkconfig --add nginx //将Nginx加入系统服务项
[root@localhost nginx-1.12.2]# chkconfig nginx on //设置Nginx开机启动
[root@localhost nginx-1.12.2]# > /usr/local/nginx/conf/nginx.conf //清空原来的配置文件
[root@localhost nginx-1.12.2]# vim /usr/local/nginx/conf/nginx.conf //添加如下内容
user nobody nobody;
worker_processes 2;
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 6000;
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 3526;
server_names_hash_max_size 4096;
log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
' $host "$request_uri" $status'
' "$http_referer" "$http_user_agent"';
sendfile on;
tcp_nopush on;
keepalive_timeout 30;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 8 4k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
client_max_body_size 10m;
client_body_buffer_size 256k;
client_body_temp_path /usr/local/nginx/client_body_temp;
proxy_temp_path /usr/local/nginx/proxy_temp;
fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
fastcgi_intercept_errors on;
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css text/htm
application/xml;
server
{
listen 80;
server_name localhost;
index index.html index.htm index.php;
root /usr/local/nginx/html;
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
}
}
}
[root@localhost nginx-1.12.2]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
启动Nginx服务
[root@localhost nginx-1.12.2]# service nginx start //启动Nginx服务
[root@localhost nginx-1.12.2]# ps aux |grep nginx //检验Nginx服务是否启动
由此看出,Nginx服务成功启动;
如果不能启动,查看 /usr/local/nginx/logs/error.log 文件。
测试
[root@localhost nginx-1.12.2]# vim /usr/local/nginx/html/1.php //添加如下内容
<?php
echo "php解析正常";
?>
[root@localhost nginx-1.12.2]# curl localhost/1.php //测试是否正确解析PHP
任务二 配置Nginx
- 默认虚拟主机
配置
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
include vhost/*.conf; //在最后一个结束符号 } 上面加入这行配置
}
[root@localhost ~]# mkdir /usr/local/nginx/conf/vhost
[root@localhost ~]# cd /usr/local/nginx/conf/vhost
[root@localhost vhost]# vim default.conf //写入下面内容
server
{
listen 80 default_server; //有这个 default_server 标记的就是默认虚拟主机
server_name 123.com;
index index.html index.htm index.php;
root /data/nginx/default;
}
验证
[root@localhost vhost]# /usr/local/nginx/sbin/nginx -t
[root@localhost vhost]# /usr/local/nginx/sbin/nginx -s reload //重载配置,这样就不用重启了
[root@localhost vhost]# mkdir -p /data/nginx/default/
[root@localhost vhost]# echo "default_server" > /data/nginx/default/index.html //创建索引页
[root@localhost vhost]# curl -x127.0.0.1:80 123.com
default_server
[root@localhost vhost]# curl -x127.0.0.1:80 aaa.com
//访问一个没有定义过的域名,也会访问到123.com
default_server
[root@localhost vhost]# curl -x127.0.0.1:80 gjy.com
//访问一个没有定义过的域名,也会访问到123.com
default_server
[root@localhost vhost]# iptables -I INPUT -p tcp --dport 80 -j ACCEPT //打开linux的80端口
成功!
2.用户认证
配置
[root@localhost ~]# cd /usr/local/nginx/conf/vhost/
[root@localhost vhost]# vim test.com.conf //加入如下内容
server
{
listen 80;
server_name test.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
location /
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
}
验证
[root@localhost vhost]# /usr/local/nginx/sbin/nginx -t
[root@localhost vhost]# /usr/local/nginx/sbin/nginx -s reload
[root@localhost vhost]# yum install -y httpd //安装httpd,因为生成密码文件需要用到htpasswd命令
[root@localhost vhost]# htpasswd -c /usr/local/nginx/conf/htpasswd gjy //创建用户,并设置密码
New password:
Re-type new password:
Adding password for user gjy
[root@localhost vhost]# /usr/local/nginx/sbin/nginx -t
[root@localhost vhost]# /usr/local/nginx/sbin/nginx -s reload
[root@localhost vhost]# mkdir /data/nginx/test.com
[root@localhost vhost]# echo "test.com" > /data/nginx/test.com/index.html
[root@localhost vhost]# curl -I -x127.0.0.1:80 test.com -I
HTTP/1.1 401 Unauthorized //状态码401说明该网站需要验证
Server: nginx/1.12.2
Date: Wed, 13 Oct 2021 01:35:18 GMT
Content-Type: text/html
Content-Length: 195
Connection: keep-alive
WWW-Authenticate: Basic realm="Auth"
下面进行验证:
打开 C:\windows\System32\drivers\etc\hosts 加入一行
192.168.xxx.xxx test.com //ip地址 test.com
然后再浏览器中访问 test.com, 出现验证对话框
验证后:
3.域名重定向
配置
[root@localhost vhost]# vim test.com.conf //配置虚拟主机文件 //根据下面的示例删减和增加内容
server
{
listen 80;
server_name test.com test1.com test2.com;
//#Nginx中,server_name 后面可以跟多个域名
index index.html index.htm index.php;
root /data/nginx/test.com;
# location /
# {
# auth_basic "Auth";
# auth_basic_user_file /usr/local/nginx/conf/htpasswd;
# }
if ($host != 'test.com')
{
rewrite ^/(.*)$ http://test.com/$1 permanent; // //#permanent为永久重定向,相当于httpd的R=301;还有个redirect,为临时重定向,相当于R=302
}
}
验证
[root@localhost vhost]# /usr/local/nginx/sbin/nginx -t
[root@localhost vhost]# /usr/local/nginx/sbin/nginx -s reload
[root@localhost vhost]# curl -x127.0.0.1:80 test1.com/123.txt -I
HTTP/1.1 301 Moved Permanently
Server: nginx/1.12.2
Date: Wed, 13 Oct 2021 02:10:12 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: http://test.com/123.txt //注意这里的变化
4.Nginx的访问日志
查看Nginx的日志格式 (在主配置文件中定义的日志格式)
[root@localhost vhost]# grep -A2 log_format /usr/local/nginx/conf/nginx.conf
log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
' $host "$request_uri" $status'
' "$http_referer" "$http_user_agent"';
//combined_realip 日志格式的名字,后面可以调用它;
$remote_addr 访问网站的用户的出口ip;
$http_x_forwarded_for 代理服务器的ip,如果使用了代理则会记录代理的ip;
$time_local 当前的时间;
$host 访问的主机名;
$request_uri 访问的URL地址;
$status 状态码;
$http_referer referer地址;
$http_user_agent user_agent。
指定访问日志的路径
[root@localhost vhost]# cd /usr/local/nginx/conf/vhost
[root@localhost vhost]# vim test.com.conf //增加内容
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
# location /
# {
# auth_basic "Auth";
# auth_basic_user_file /usr/local/nginx/conf/htpasswd;
# }
if ($host != 'test.com')
{
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
access_log /tmp/1.log combined_realip;
}
[root@localhost vhost]# /usr/local/nginx/sbin/nginx -t
[root@localhost vhost]# /usr/local/nginx/sbin/nginx -s reload
[root@localhost vhost]# curl -x127.0.0.1:80 test.com/111
[root@localhost vhost]# cat /tmp/1.log
定义一个日志切割脚本
Nginx的日志比较简单,但没有像httpd那样自带的切割工具,要想切割Nginx日志需要借助系统的切割工具或自定义脚本。
[root@localhost vhost]# vim /usr/local/sbin/nginx_log_rotate.sh //添加内容
#! /bin/bash
d= `data -d "-1 day" +%Y%m%d`
logdir="/data/logs"
nginx_pid="/usr/local/nginx/logs/nginx.log"
cd $logdir
for log in `ls *.log`
do
mv $log $log-$d
done
/bin/kill -HUP `cat $nginx_pid`
0 0 * * * /bin/bash /usr/local/sbin/nginx_log_rotate.sh //需要增加任务计划
5. 配置静态文件不记录日志并添加过期时间
配置
[root@localhost vhost]# vim test.com.conf //修改虚拟主机配置文件//增加内容
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
# location /
# {
# auth_basic "Auth";
# auth_basic_user_file /usr/local/nginx/conf/htpasswd;
# }
if ($host != 'test.com')
{
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 7d;
access_log off;
}
location ~ .*\.(js|css)$
{
expires 12h;
access_log off;
}
access_log /tmp/1.log combined_realip;
}
验证
[root@localhost vhost]# /usr/local/nginx/sbin/nginx -t
[root@localhost vhost]# /usr/local/nginx/sbin/nginx -s reload
[root@localhost vhost]# echo "111" > /data/nginx/test.com/1.js
[root@localhost vhost]# echo "222222" > /data/nginx/test.com/2.jpg
[root@localhost vhost]# touch /data/nginx/test.com/1.jss
[root@localhost vhost]# curl -I -x127.0.0.1:80 test.com/1.js
[root@localhost vhost]# curl -I -x127.0.0.1:80 test.com/2.jpg
[root@localhost vhost]# curl -I -x127.0.0.1:80 test.com/1.jss
[root@localhost vhost]# cat /tmp/1.log
6.Nginx防盗链
配置
[root@localhost vhost]# vim test.com.conf //修改主机配置文件
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
# location /
# {
# auth_basic "Auth";
# auth_basic_user_file /usr/local/nginx/conf/htpasswd;
# }
if ($host != 'test.com')
{
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|rac|zip|doc|pdf|gz|bz2|jpeg|xls)$
{
expires 7d;
valid_referers none blocked server_names *.test.com;
if ($invalid_referer)
{
return 403;
}
access_log off;
}
# location ~ .*\.(js|css)$
# {
# expires 12h;
# access_log off;
# }
access_log /tmp/1.log combined_realip;
}
验证
[root@localhost vhost]# /usr/local/nginx/sbin/nginx -t
[root@localhost vhost]# /usr/local/nginx/sbin/nginx -s reload
[root@localhost vhost]# curl -x127.0.0.1:80 -e "http://123.com/1.txt" test.com/2.jpg -I
[root@localhost vhost]# curl -x127.0.0.1:80 -e "http://test.com/1.txt" test.com/2.jpg -I
7.访问控制
介绍
Nginx需要限制某些IP不能访问或只允许某些IP访问,配置访问和httpd类似。
配置
[root@localhost vhost]# vim test.com.conf //增加内容
server
{
listen 80;
server_name test.com test1.com test2.com;
location /admin/
{
allow 192.168.222.133;
deny 127.0.0.1;
deny all;
}
index index.html index.htm index.php;
root /data/nginx/test.com;
# location /
# {
# auth_basic "Auth";
# auth_basic_user_file /usr/local/nginx/conf/htpasswd;
# }
if ($host != 'test.com')
{
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|rac|zip|doc|pdf|gz|bz2|jpeg|xls)$
{
expires 7d;
valid_referers none blocked server_names *.test.com;
if ($invalid_referer)
{
return 403;
}
access_log off;
}
# location ~ .*\.(js|css)$
# {
# expires 12h;
# access_log off;
# }
access_log /tmp/1.log combined_realip;
}
验证
[root@localhost vhost]# /usr/local/nginx/sbin/nginx -t
[root@localhost vhost]# /usr/local/nginx/sbin/nginx -s reload
[root@localhost vhost]# curl -x127.0.0.1:80 test.com/admin/1.html
[root@localhost vhost]# curl -x192.168.222.133:80 test.com/admin/1.html
扩展
以下是几种限制类型:
Nginx默认就是允许所有,所以不需要写allow all。
配置文件中的IP也可以为IP段,比如可以写成allow 192.168.222.0/24
# location /admin/
# {
# allow 192.168.222.0/24;
# }
限制多个IP
# location /admin/
# {
# deny 192.168.222.133;
# deny 127.0.0.1;
# }
根据正则匹配来限制:
# location ~ .*(abc|image)/.*\.php$
# {
# return 403;
# }
// | 为分隔符,表示“或”的意思,这样就可以把访问的URL中带有abc或者image字符串,并且是PHP的请求拒绝访问。
针对user_agent限制:
# if ($http_user_agent ~ `Spider/3.0|YoudaoBot|Tomato`)
# {
# return 403;
# }
//~为匹配符,只要user_agent中含有Spider3.0或者YoudaoBot或者Tomato字符串的,都会被拒绝。
8.Nginx解析PHP
介绍
在LNMP中,PHP是以一个服务(php—fpm)的形式存在的,首先要启动php-fpm服务,然后Nginx再和php-fpm通信。
配置
[root@localhost vhost]# vim test.com.conf //修改配置文件
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
if ($host != 'test.com')
{
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/nginx/test.com$fastcgi_script_name;
}
access_log /tmp/1.log combined_realip;
}
9.Nginx代理
[root@localhost vhost]# ping ask.apelearn.com //获取要代理的域名所在的服务器IP
[root@localhost vhost]# vim proxy.cnf //添加内容//起始为空白文件
server
{
listen 80;
server_name ask.apelearn .com;
location /
{
proxy_pass http://xxx.xxx.xxx.xxx/; //指定要代理的域名所在的服务器IP
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
[root@localhost vhost]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost vhost]# /usr/local/nginx/sbin/nginx -s reload
[root@localhost vhost]# curl -x127.0.0.1:80 123.com -I
[root@localhost vhost]# curl -X127.0.0.1:80 ask.apelearn.com -I
[root@localhost vhost]# curl ask.apelearn.com -I
10.Nignx配置SSL
[root@localhost vhost]# cd /usr/local/nginx/conf/
[root@localhost conf]# openssl genrsa -des3 -out tmp.key 2048
[root@localhost conf]# openssl rsa -in tmp.key -out gjy.key
[root@localhost conf]# rm -f tmp.key
[root@localhost conf]# openssl req -new -key gjy.key -out gjy.csr
[root@localhost conf]# openssl x509 -req -days 365 -in xxx.csr -signkey xxx.key -out xxx.crt
//生成了crt证书文件——公钥
[root@localhost vhost]# chmod 755 .ssl.conf.swp //下面的文档为只读时,需要修改权限
[root@localhost vhost]# vim /usr/local/nginx/conf/vhost/ssl.conf
server
{
listen 443;
server_name gjy.com;
index index.html index.php;
root /data/nginx/gjy.com;
ssl on;
ssl_certificate gjy.crt;
ssl_certificate_key gjy.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/nginx/gjy.com$fastcgi_script_name;
}
access_log /tmp/1.log combined_realip;
}
[root@localhost vhost]# /usr/local/nginx/sbin/nginx -t
nginx: [emerg] unknown directive "ssl" in /usr/local/nginx/conf/vhost/ssl.conf:8
nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
[root@localhost vhost]# cd /usr/local/src/nginx-1.12.2
[root@localhost nginx-1.12.2]# ./configure --prefix=/usr/local/nginx --with-http_ssl_module
//这里增加配置SSL参数
[root@localhost nginx-1.12.2]# make && make install
[root@localhost nginx-1.12.2]# /usr/local/nginx/sbin/nginx -t //编译完成后,进行第二次检查
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost nginx-1.12.2]# /usr/local/nginx/sbin/nginx -s reload
[root@localhost nginx-1.12.2]# mkdir -p /data/nginx/gjy.com
[root@localhost nginx-1.12.2]# echo "<?php phpinfo(); ?>" >/data/nginx/gjy.com/1.php
[root@localhost nginx-1.12.2]# /etc/init.d/nginx restart
Restarting nginx (via systemctl): [ 确定 ]
然后进入 C:\windows\system32\drivers\etc中,编辑 hosts 文件,写入一行
192.168.222.133 gjy.com
然后访问 https://gjy.com/1.php
继续访问gjy.com, 则会进入gjy.com
任务三 Php-fpm配置
和LAMP不同,在LNMP架构中,php-fpm作为一个独立的服务存在,php-fpm的配置文件为/usr/local/php-fpm/etc/php-fpm.conf,它同样支持include语句。
- php-fpm的pool
配置
[root@localhost conf]# vim /usr/local/php-fpm/etc/php-fpm.conf //增加内容
[global]
pid = /usr/local/php-fpm/var/run/php-fpm.pid
error_log = /usr/local/php-fpm/var/log/php-fpm.log
include=etc/php-fpm.d/*.conf //新增这一行,必须写上etc目录,注意等号后面路径
创建两个pool:
[root@localhost conf]# mkdir /usr/local/php-fpm/etc/php-fpm.d
[root@localhost conf]# cd /usr/local/php-fpm/etc/php-fpm.d
[root@localhost php-fpm.d]# vim www.conf //写入以下内容
[www]
listen = /tmp/www.sock
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
[root@localhost php-fpm.d]# vim gjy.conf //写入如下内容
[gjy]
listen=/tmp/gjy.sock
listen.mode=666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
这样就有了两个pool了,第一个pool监听/tmp/www.sock,第二个pool监听/tmp/gjy.sock。这样,就可以在Nginx不同的虚拟主机中调用不同的pool,从而达到相互隔离的目的,两个pool互不影响。
验证
[root@localhost php-fpm.d]# /usr/local/php-fpm/sbin/php-fpm -t
[root@localhost php-fpm.d]# /etc/init.d/php-fpm restart //重启php-fpm服务
[root@localhost php-fpm.d]# ls /tmp/*.sock //除了默认自带的pool,也有刚刚创建的两个pool
2.php-fpm的慢执行日志
介绍
php-fpm的慢执行日志,可以看到php的脚本哪里执行时间长,它可以定位到具体的行。通过php-fpm的慢执行日志,我们有时可以解决PHP的网站php-fpm进程占用资源过多而导致网站很卡的问题。
配置
[root@localhost php-fpm.d]# vim /usr/local/php-fpm/etc/php-fpm.d/www.conf //在最后加
[www]
listen = /tmp/www.sock
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
request_slowlog_timeout=1 //定义超时时间,即PHP的脚本执行时间超过1秒就会记录日志
slowlog=/usr/local/php-fpm/var/www-slow.log //定义慢执行日志的路径和名字
3.php-fpm定义open_basedir
介绍
定义open-basedir的目的就是为了安全,httpd可以针对每个虚拟主机设置一个open-basedir,php-fpm也可以针对每个pool设置不同的open_basedir。
配置
[root@localhost php-fpm.d]# vim /usr/local/php-fpm/etc/php-fpm.d/gjy.conf //在最后加入
[gjy]
listen=/tmp/gjy.sock
listen.mode=666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
php_admin_value[open_basedir]=/data/www/:/tmp/
4.php-fpm进程管理
看一段配置
pm = dynamic //定义php-fpm的子进程启动模式,dynamic为动态模式,根据实际需求,动态地增加或减少子进程,最多不超过pm.max_children定义的数值
pm.max_children = 50 //另外一种是static,这种模式下子进程数量由pm.max_children决定,一次性启动这么多,不增加也不减少
pm.start_servers = 20 //针对dynamic模式,定义在启动服务时产生的子进程的数量
pm.min_spare_servers = 5 //针对dynamic模式,定义空闲时段子进程数的最小值
pm.max_spare_servers = 35 //针对dynamic模式,定义空闲时段子进程数的最大值
pm.max_requests = 500 //针对dynamic模式,定义一个子进程最多处理的请求数,达到这个数值时,它会自动退出