nginx的优化
优化
隐藏版本号
server_tokens off;
2.在解压出的源码文件,vim nginx.h里面改,然后重新编译一下,make &&make install
修改用户组
vim nginx.conf
user nginx nginx #mster进程会由root创建,子进程会由nginx用户来创建,前一个是用户,后一个是所在组
:wq
systemctl restart nginx
ps -elf|grep nginx
设置页面的缓存时间
主要是针对动态页面,图片的缓存
#从外部扔一张图片到nginx的html目录
vim /usr/local/nginx/conf/nginx.conf
location ~ \.(gif|jpg|png)$ {
root html
#设置图片的缓存时间
expires 1d;
}
:wq
nginx -t
systemctl restart nginx
192.168.118.10/ls.jpg
日志分割
apache是自带日志分割的,按天来进行收集日志,access-2024.7-03.log
nginx可以借助脚本来实现日志分割
vim nginx-logs.sh
#!/bin/bash
#分割前一天的日志
day=$(date -d "-1 day" "+%Y%m%d")
logs_path="/usr/local/nginx/logs/"
#指定pid文件的位置
pid_path="/usr/local/nginx/run/nginx.pid"
mv /usr/local/nginx/logs/access.log ${logs_path}access-${day}.log
mv /usr/local/nginx/logs/error.log ${logs_path}error-${day}.log
#重新创建一个新的日志,主要就是用来做日志分割
kill -USR1 $(cat ${pid_path})
#加上日志清理
find ${logs_path} -mitime +30 -exec rm -rf {} \;
:wq
chmod 777 nginx-logs.sh
c
1 0 * * * /usr/local/nginx/run/nginx_logs.sh
更改进程数以及设置cpu绑定
vim /usr/local/nginx/conf/nginx.conf
#表示进程有2个,这里和cpu数挂钩,不绑定cpu的话,进程可能会在两个cpu之间来回切换使用,浪费资源
#通过绑定cpu的方式,避免进程切换
worker_processes 2;
#是用二进制表示的
worker_cpu_affinity 0001 0010;
:wq
nginx -t
systemctl restart nginx
连接超时
vim /usr/local/nginx/conf/nginx.conf
server {
#请求完成之后的连接保持时间,
keepalive_timeout 65;
#客户端发送一个完整的请求头的超时时间,如果是80秒之内没有一个完整的请求头,nginx会返回码408,408就是request time out
client_header_timeout 80;
#客户端和服务端建立连接之后,发送请求体的超时时间,客户端在10秒内没有发送任何内容,nginx同样会返回408
client_body_timeout 10;
}
:wq
nginx -t
页面压缩
gzip on;
#最小的压缩文件,小于或等于1k的文件就不压缩了
gzip_min_length 1k;
#设置压缩的缓冲区,4个,每个缓冲区大小是64k
gzip_buffers 4 64k;
#压缩比例 1-9,数字越小,压缩的比率越小,速度越快,数字越大,压缩的比率就越高,速度越慢
gzip_comp_level 6;
#支持压缩的类型
gzip_types text/plain text/javascript application/x-javascript text/css text/xml application/xml application/xml+rss image/jpg image/jpeg image/png image/gif application/x-httpd-php application/javascript application/json;
挥手TIME_WAIT:
time_wait是tcp连接当中的一种状态,出现在四次挥手之后,处于等待状态,双方不再发送数据
time_wait所占用的系统资源很小,数量比较少,完全可以忽略不计,但是太多了就有一定的影响
连接断开(四次挥手之后),尽快的把time_wait状态的连接进行回收
netstat -n|awk '/^tcp/ {++[$NF]} END {for (a in s) print a s [a]}'
vim /etc/sysctl.conf
#防止tcp的半连接队列溢出,可以达到服务端在收到tcp的syn同步的请求时能够快速响应
net.ipv4.tcp_syncookies=1
#允许复用time_wait状态的连接,新的连接可以直接使用time_wait状态的端口,可以提高连接的重用率
net.ipv4.tcp_tw_resuse=1
#老版本配置,加上后,时间戳记进行连接复用
net.ipv4.tcp_tw_recycle=1
#控制time_wait持续的事件,持续30秒,不是说立即time状态收回,而是尽可能的把time_wait状态进行回收
net.ipv4.tcp_fin_timeout=30
sysctl -p
防盗链
#防止别人偷图之类的
test1
systemctl stop firewalld
setenforce 0
location ~* \.(jpg|gif)$ { #盗链图片格式不要加上去
#允许xy102.com的网址访问图片
valid_referers none blocked *.xy102.com xy102.com;
如果不是xy102.com的网址访问图片.一律跳转到盗链的提示
if ( $invalid_referer ) {
rewrite ^/ http://www.xy102.com/error.png;
}
}
:wq
nginx -t
systemctl restart nginx
cd html/
#扔图片
vim index.html
<img src="Dome4_4k_74bec.jpg"/>
</body>
</html>
:wq
echo "192.168.118.10 www.xy102.com" >> /etc/hosts
echo "192.168.118.20 www.xy103.com" >> /etc/hosts
test2
systemctl stop firewalld
setenforce 0
cd /usr/local/nginx/html
vim index.html
<img src="http://www.xy102.com/error.png"/>
</body>
</html>
:wq
echo "192.168.118.10 www.xy102.com" >> /etc/hosts
echo "192.168.118.20 www.xy103.com" >> /etc/hosts
lnmp+DISCUZ 论坛架构
l:linux操作系统
n:nginx前端页面的web服务
m:mysql数据库,保存用户和密码,以及论坛的相关内容
p:php动态请求转发的中间件
[root@test1 ~]# systemctl stop firewalld
[root@test1 ~]# setenforce 0
[root@test1 ~]# systemctl restart nginx.service
[root@test1 ~]# cd /opt
#向xshell扔一个mysql安装包
[root@test1 opt]# rz -E
rz waiting to receive.
#解压
[root@test1 opt]# tar -xf mysql-8.0.30-el7-x86_64.tar.gz
[root@test1 opt]# mv mysql-8.0.30-el7-x86_64 mysql
[root@test1 opt]# mv mysql /usr/local/
[root@test1 opt]# useradd -M -s /sbin/nologin mysql
[root@test1 opt]# chown -R mysql.mysql /usr/local/mysql/
[root@test1 opt]# cat /etc/my.cnf
[root@test1 opt]# chown mysql.mysql /etc/my.cnf
[root@test1 opt]# vim /etc/my.cnf
#先清空
#然后
[client]
#客户端访问的端口
port = 3306
#指定mysql的通信套接字文件
socket=/usr/local/mysql/mysql.sock
[mysqld]
user = mysql
#mysql的安装目录
basedir=/usr/local/mysql
#mysql数据保存的目录
datadir=/usr/local/mysql/data
#服务端的端口
port = 3306
#字符集的编码
character-set-server=utf8
pid-file = /usr/local/mysql/mysqld.pid
socket=/usr/local/mysql/mysql.sock
#任意地址都可以访问数据库
bind-address = 0.0.0.0
skip-name-resolve
max_connections=2048
#mysql默认的存储引擎
default-storage-engine=INNODB
max_allowed_packet=16M
server-id = 1
#mysql支持的数据类型和相关的模块
sql_mode = STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION
:wq
[root@test1 opt]# echo "PATH=$PATH:/usr/local/mysql/bin" >> /etc/profile
[root@test1 opt]# source /etc/profile
[root@test1 opt]# cd /usr/local/mysql/bin/
[root@test1 bin]# ls
[root@test1 bin]# ./mysqld \
> --initialize-insecure \
> --user=mysql \
> --basedir=/usr/local/mysql \
> --datadir=/usr/local/mysql/data
[root@test1 bin]# cd ..
[root@test1 mysql]# ls
[root@test1 mysql]# cd support-files/
[root@test1 support-files]# ls
[root@test1 support-files]# cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
[root@test1 support-files]# chmod +x /etc/init.d/mysqld
[root@test1 support-files]# systemctl daemon-reload
[root@test1 support-files]# systemctl restart mysqld
[root@test1 support-files]# netstat -antp | grep 3306
[root@test1 support-files]# mysqladmin -u root -p password "123456"
[root@test1 support-files]# mysql -u root -p123456
mysql> show databases;
mysql> CREATE USER 'root'@'%' IDENTIFIED BY '123456';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%';
mysql> flush privileges;
mysql> ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY '123456';
mysql> flush privileges;
mysql> exit
[root@test1 support-files]# cd /opt/
[root@test1 opt]# ls
[root@test1 opt]#
yum -y install gd \
libjpeg libjpeg-devel \
libpng libpng-devel \
freetype freetype-devel \
libxml2 libxml2-devel \
zlib zlib-devel \
curl curl-devel \
openssl openssl-devel \
oniguruma-devel \
sqlite-devel
#扔php包
[root@test1 opt]# rz -E
rz waiting to receive.
[root@test1 opt]# ls
[root@test1 opt]# tar -xf php-8.1.27.tar.gz
#yum -y install epel-release
#yum -y install oniguruma-devel
[root@test1 opt]# cd php-8.1.27/
./configure \
--prefix=/usr/local/php \
--with-mysql-sock=/usr/local/mysql/mysql.sock \
--with-mysqli \
--with-zlib \
--with-curl \
--with-gd \
--with-jpeg-dir \
--with-png-dir \
--with-freetype-dir \
--with-pdo-mysql \
--with-openssl \
--with-sqlite-devel \
--with-oniguruma-devel \
--enable-fpm \
--enable-mbstring \
--enable-xml \
--enable-session \
--enable-ftp \
--enable-pdo \
--enable-tokenizer \
--enable-zip
make -j 4 && make install
[root@test1 php-8.1.27]# ln -s /usr/local/php/bin/* /usr/local/bin/
[root@test1 php-8.1.27]# ln -s /usr/local/php/sbin/* /usr/local/sbin/
[root@test1 php-8.1.27]# cp /opt/php-8.1.27/php.ini-development /usr/local/php/lib/php.ini
[root@test1 php-8.1.27]# vim /usr/local/php/lib/php.ini
#--976行--取消注释,修改
date.timezone = Asia/Shanghai
#--1181行--修改
mysqli.default_socket = /usr/local/mysql/mysql.sock
[root@test1 php-8.1.27]# php -m
[root@test1 php-8.1.27]# cd /usr/local/php/etc/
[root@test1 etc]# cp php-fpm.conf.default php-fpm.conf
[root@test1 etc]# vim php-fpm.conf
#--17行--去掉";"注释
pid = run/php-fpm.pid
[root@test1 etc]# cd /usr/local/php/etc/php-fpm.d/
[root@test1 php-fpm.d]# cp www.conf.default www.conf
[root@test1 php-fpm.d]# /usr/local/php/sbin/php-fpm -c /usr/local/php/lib/php.ini
[root@test1 php-fpm.d]# cd /opt/php-8.1.27/sapi/fpm
[root@test1 fpm]# cp php-fpm.service /usr/lib/systemd/system/php-fpm.service
[root@test1 fpm]# systemctl restart php-fpm.service
[root@test1 fpm]# netstat -anpt | grep 9000
[root@test1 fpm]# cd /usr/local/nginx/conf/
[root@test1 conf]# vim nginx.conf
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
include fastcgi_params;
}
[root@test1 conf]# systemctl restart nginx.service
[root@test1 conf]# cd ..
[root@test1 nginx]# cd html/
[root@test1 html]# ls
[root@test1 html]# vim index.php
#浏览器实验一下http://192.168.118.10/index.php
[root@test1 html]# mysql -u root -p123456
mysql> show databases;
mysql> create database bbs;
mysql> show databases;
mysql> create user 'bbsuser'@'%' identified by 'admin123';
mysql> grant all privileges on bbs.* to 'bbsuser'@'%';
mysql> flush privileges;
mysql> create user 'bbsuser'@'localhost' identified by 'admin123';
mysql> grant all privileges on bbs.* to 'bbsuser'@'localhost';
mysql> flush privileges;
mysql> exit
[root@test1 html]# vim index.php
<?php
$link=mysqli_connect('192.168.118.10','bbsuser','admin123');
if($link) echo "<h1>Success!!</h1>";
else echo "Fail!!";
?>
[root@test1 html]# cd /opt
#扔论坛包
[root@test1 opt]# rz -E
rz waiting to receive.
[root@test1 opt]# unzip Discuz_X3.5_SC_UTF8.zip -d /opt/dis
[root@test1 opt]# cd dis/
[root@test1 dis]# cp -r upload/ /usr/local/nginx/html/bbs/
[root@test1 dis]# cd /usr/local/nginx/html/
[root@test1 html]# chown -R nginx.nginx bbs/
[root@test1 html]# chmod -R 777 bbs/
[root@test1 html]# cd bbs/
[root@test1 bbs]# cd ..
#游览器实验http://192.168.118.10/bbs/install/index.php
test1 opt]# unzip Discuz_X3.5_SC_UTF8.zip -d /opt/dis
[root@test1 opt]# cd dis/
[root@test1 dis]# cp -r upload/ /usr/local/nginx/html/bbs/
[root@test1 dis]# cd /usr/local/nginx/html/
[root@test1 html]# chown -R nginx.nginx bbs/
[root@test1 html]# chmod -R 777 bbs/
[root@test1 html]# cd bbs/
[root@test1 bbs]# cd …
#游览器实验http://192.168.118.10/bbs/install/index.php
扫一扫
1352
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
