Nginx作为一款优秀的Web Server软件同时也是一款优秀的负载均衡或前端反向代理、缓存服务软件
2.编译安装Nginx
(1)安装Nginx依赖函数库pcre
pcre为“perl兼容正则表达式”perl compatible regular expresssions,安装其是为了使Nginx支持具备URI重写功能的rewrite模块,如果不安装Nginx将无法使用rewrite模块功能,但是该功能却十分有用和常用。
检查系统中是否有安装:
[root@leaf ~]# rpm -q pcre pcre-devel
上面可以看到并没有安装使用yum方式安装如下:
[root@leaf ~]# yum install pcre pcre-devel -y
......
Installed:
pcre-devel.x86_64 0:7.8-7.el6
Updated:
pcre.x86_64 0:7.8-7.el6
Complete!
安装完后检查一下是否已经成功安装:
[root@leaf ~]# rpm -q pcre pcre-devel
pcre-7.8-7.el6.x86_64
pcre-devel-7.8-7.el6.x86_64
可以看到已经安装成功。
(2)安装Nginx依赖函数库openssl-devel
Nginx在使用HTTPS服务的时候要用到此模块,如果不安装openssl相关包,安装过程中是会报错的。
检查系统是否有安装openssl相关包:
[root@leaf ~]# rpm -q openssl openssl-devel
openssl-1.0.1e-15.el6.x86_64
package openssl-devel is not installed
可以看到只是安装了opensslopenssl-devel还没有安装使用yum安装如下:
[root@leaf ~]# yum install -y openssl-devel
......
Complete!
再次检查:
[root@leaf ~]# rpm -q openssl openssl-devel
openssl-1.0.1e-48.el6_8.4.x86_64
openssl-devel-1.0.1e-48.el6_8.4.x86_64
可以看到都已经成功安装上。
(3)下载Nginx软件包
这里使用的Nginx版本为1.6.3,下载方式如下:
[root@leaf ~]# pwd
/root
[root@leaf ~]# mkdir tools
[root@leaf ~]# cd tools/
[root@leaf tools]# wget http://nginx.org/download/nginx-1.6.3.tar.gz
......
100%[======================================>] 805,253 220K/s in 3.6s
2017-02-24 12:10:26 (220 KB/s) - anginx-1.6.3.tar.gza saved [805253/805253]
查看下载的Nginx软件包:
[root@leaf tools]# ll
total 788
-rw-r--r--. 1 root root 805253 Apr 8 2015 nginx-1.6.3.tar.gz
当然上面的方式是使用wget方式直接下载,前提是已经知道了Nginx的下载地址,也可以到官网下载,然后再上传到我们的CentOS操作系统上。
(4)开始安装Nginx
可以先在根目录下创建一个/application文件夹用来存放我们安装的软件:
[root@leaf ~]# mkdir /application
[root@leaf ~]# ls -d /application/
/application/
解压缩
将我们刚刚下载的Nginx软件包解压缩:
[root@leaf tools]# tar -zxvf nginx-1.6.3.tar.gz
......
[root@leaf tools]# ls
nginx-1.6.3 nginx-1.6.3.tar.gz
使用./configure指定编译参数
先创建一个nginx用户用来安装完成后运行nginx使用:
[root@leaf tools]# useradd nginx -s /sbin/nologin -M
[root@leaf tools]# tail -1 /etc/passwd
nginx:x:500:500::/home/nginx:/sbin/nologin
# -s参数后的/sbin/nologin指定不允许nginx进行登陆
# -M参数则是在创建该用户时不创建用户家目录
使用configure命令指定编译参数:
[root@leaf nginx-1.6.3]# ./configure --user=nginx --group=nginx --prefix=/application/nginx-1.6.3/ --with-http_stub_status_module --with-http_ssl_module
对于配置时使用的参数可以通过./configure --help来进行查询,上面使用的参数解析如下:
--prefix=PATH # 指定安装路径
--user=USER # 设置用户进程权限
--group=GROUP # 设置用户组进程权限
--with-http_stub_status_module # 激活状态信息
--with-http_ssl_module # 激活ssl功能
使用make进行编译
[root@leaf nginx-1.6.3]# make
......
检查编译是否成功:
[root@leaf nginx-1.6.3]# echo $?
0
返回0即说明编译成功。
使用make install安装
[root@leaf nginx-1.6.3]# make install
......
检查安装是否成功:
[root@leaf nginx-1.6.3]# echo $?
0
返回0即说明安装成功。
建立安装目录的软链接
[root@leaf nginx-1.6.3]# ln -s /application/nginx-1.6.3/ /application/nginx
[root@leaf nginx-1.6.3]# ls -l /application/
total 4
lrwxrwxrwx. 1 root root 25 Feb 24 12:32 nginx -> /application/nginx-1.6.3/
drwxr-xr-x. 6 root root 4096 Feb 24 12:28 nginx-1.6.3
到此Nginx的编译安装工作已经全部完成了,下面就需要对安装结果进行验证了即验证Nginx是否可以正常提供服务。
3.测试Nginx服务
(1)启动Nginx服务前检查配置文件语法
如下:
[root@leaf ~]# /application/nginx/sbin/nginx -t
nginx: the configuration file /application/nginx-1.6.3//conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx-1.6.3//conf/nginx.conf test is successful
(2)启动Nginx服务
[root@leaf ~]# /application/nginx/sbin/nginx
如果在启动Nginx服务时出现了问题可以查看Nginx的日志/application/nginx/logs/error.log,再根据日志提供的信息来进行解决。
(3)验证Nginx服务是否正常
查看已开启的端口信息
[root@leaf ~]# netstat -lnp | grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 6772/nginx
unix 2 [ ACC ] STREAM LISTENING 9180 1/init @/com/ubuntu/upstart
可以看到Nginx已经在侦听80端口。
查看Nginx进程
[root@leaf ~]# ps aux | grep nginx
root 6772 0.0 0.1 45028 1140 ? Ss 12:34 0:00 nginx: master process /application/nginx/sbin/nginx
nginx 6773 0.0 0.1 45460 1716 ? S 12:34 0:00 nginx: worker process
root 6777 0.0 0.0 103256 832 pts/1 S+ 12:36 0:00 grep nginx
在宿主机上使用浏览器进行测试
在我们宿主机的浏览器上输入http://10.0.0.101/,查看测试结果
可以正常访问,当然前提是CentOS上的防火墙功能已经关闭。
使用wget命令和curl命令测试
wget命令:
[root@leaf tools]# wget 127.0.0.1
--2017-02-24 12:41:05-- http://127.0.0.1/
Connecting to 127.0.0.1:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 612 [text/html]
Saving to: aindex.htmla
100%[======================================>] 612 --.-K/s in 0s
2017-02-24 12:41:05 (44.1 MB/s) - aindex.htmla saved [612/612]
currl命令:
[root@leaf tools]# curl 127.0.0.1
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
从上面的结果可以说明Nginx已经正常部署并运行。
4.进一步测试修改Nginx显示的页面
通过修改/application/nginx/html下的index.html文件,我们就可以改变Nginx主页显示的内容,操作如下:
[root@leaf tools]# cd /application/nginx/html/
[root@leaf html]# ls
50x.html index.html
[root@leaf html]# mv index.html index.html.source
[root@leaf html]# echo "<h1>Hello, I'm xpleaf.</h1>">index.html
[root@leaf html]# ls
50x.html index.html index.html.source
[root@leaf html]# cat index.html
<h1>Hello, I'm xpleaf.</h1>
这时在宿主机操作系统上访问http://10.0.0.101/
(1)Nginx安装
1.安装Nginx依赖函数库pcre、openssl-devel
[root@leaf ~]# yum install -y pcre pcre-devel openssl openssl-devel
......
[root@leaf ~]# rpm -q pcre pcre-devel openssl openssl-devel
pcre-7.8-7.el6.x86_64
pcre-devel-7.8-7.el6.x86_64
openssl-1.0.1e-48.el6_8.4.x86_64
openssl-devel-1.0.1e-48.el6_8.4.x86_64
2.下载安装Nginx
这里使用Nginx1.6.3,如下:
# 下载Nginx
[root@leaf ~]# yum install -y wget
[root@leaf ~]# mkdir tools
[root@leaf ~]# cd tools/
[root@leaf tools]# wget
[root@leaf tools]# ll
总用量 788
-rw-r--r--. 1 root root 805253 4月 8 2015 nginx-1.6.3.tar.gz
# 解压缩
[root@leaf tools]# tar zxf nginx-1.6.3.tar.gz
[root@leaf tools]# ll
总用量 792
drwxr-xr-x. 8 1001 1001 4096 4月 7 2015 nginx-1.6.3
-rw-r--r--. 1 root root 805253 4月 8 2015 nginx-1.6.3.tar.gz
# 指定编译参数
[root@leaf tools]# yum install -y gcc # 需要先安装gcc
[root@leaf tools]# mkdir /application # 作为Nginx的安装目录
[root@leaf tools]# useradd nginx -s /sbin/nologin -M
[root@leaf tools]# tail -1 /etc/passwd
nginx:x:500:500::/home/nginx:/sbin/nologin
[root@leaf tools]# cd nginx-1.6.3
[root@leaf nginx-1.6.3]# ./configure --user=nginx --group=nginx --prefix=/application/nginx-1.6.3/ --with-http_stub_status_module --with-http_ssl_module
[root@leaf nginx-1.6.3]# echo $? # 结果输出0则说明命令执行成功
# 编译
[root@leaf nginx-1.6.3]# make
[root@leaf nginx-1.6.3]# echo $?
# 安装
[root@leaf nginx-1.6.3]# make install
[root@leaf nginx-1.6.3]# echo $?
# 建立安装目录的软链接
[root@leaf nginx-1.6.3]# ln -s /application/nginx-1.6.3/ /application/nginx
[root@leaf nginx-1.6.3]# ls -l /application/
总用量 4
lrwxrwxrwx. 1 root root 25 3月 4 04:28 nginx -> /application/nginx-1.6.3/
drwxr-xr-x. 6 root root 4096 3月 4 04:27 nginx-1.6.3
(2)Nginx测试
1.启动Nginx
[root@leaf ~]# /application/nginx/sbin/nginx -t # 检查配置文件
nginx: the configuration file /application/nginx-1.6.3//conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx-1.6.3//conf/nginx.conf test is successful
[root@leaf ~]# /application/nginx/sbin/nginx # 启动Nginx服务
2.CentOS上验证Nginx服务
[root@leaf ~]# netstat -lntup | grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3929/nginx
[root@leaf ~]# curl localhost
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
3.宿主机上验证Nginx服务
在宿主机浏览器上输入CentOS主机的IP地址10.0.0.101,如下:
(3)域名配置
因为要搭建一个博客服务,所以这里配置的域名为blog.xpleaf.org,操作过程如下:
1.最小化配置文件
[root@leaf ~]# cd /application/nginx/conf/
[root@leaf conf]# wc -l nginx.conf
117 nginx.conf
[root@leaf conf]# wc -l nginx.conf.default
117 nginx.conf.default
[root@leaf conf]# egrep -v "#|^$" nginx.conf.default >nginx.conf
[root@leaf conf]# wc -l nginx.conf
22 nginx.conf
[root@leaf conf]# cat nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
2.修改配置文件
修改nginx.conf,并且增加配置文件extra/blog.conf,如下:
[root@leaf conf]# cat nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include extra/blog.conf;
}
[root@leaf conf]# cat extra/blog.conf
server {
listen 80;
server_name blog.xpleaf.org;
location / {
root html/blog;
index index.html index.htm;
}
}
3.创建域名对应的站点目录及文件
[root@leaf conf]# cd ../html/
[root@leaf html]# mkdir blog
[root@leaf html]# echo "This page is: blog.xpleaf.org">blog/index.html
[root@leaf html]# cat blog/index.html
This page is: blog.xpleaf.org
4.重启Nginx服务
[root@leaf html]# /application/nginx/sbin/nginx -t
nginx: the configuration file /application/nginx-1.6.3//conf/nginx.conf syntax is ok
[root@leaf html]# /application/nginx/sbin/nginx -s reload # 平滑重启
5.CentOS 6.5上进行测试
先修改/etc/hosts文件:
[root@leaf html]# echo "127.0.0.1 blog.xpleaf.org" >>/etc/hosts
[root@leaf html]# tail -1 /etc/hosts
127.0.0.1 blog.xpleaf.org
再使用命令测试:
[root@leaf html]# curl blog.xpleaf.org
This page is: blog.xpleaf.org
[root@leaf html]# wget blog.xpleaf.org
--2017-03-04 04:58:42-- http://blog.xpleaf.org/
正在解析主机 blog.xpleaf.org... 127.0.0.1
正在连接 blog.xpleaf.org|127.0.0.1|:80... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:30 [text/html]
正在保存至: “index.html.1”
100%[====================================>] 30 --.-K/s in 0s
2017-03-04 04:58:42 (2.14 MB/s) - 已保存 “index.html.1” [30/30])
6.宿主机Windows 7上进行测试
同样是先修改hosts文件,Windows 7的hosts文件在C:WindowsSystem32driversetc,同样添加下面一行:
1
10.0.0.101 blog.xpleaf.org
使用浏览器访问blog.xpleaf.org,如下:
3.LNMP环境搭建:MySQL安装与基本安全优化
这里采用二进制安装的方式来安装MySQL,安装的版本为:MySQL Server 5.5.54,可以在https://dev.mysql.com/downloads/mysql/5.5.html#downloads中下载。
MySQL安装完成后会做一些基本的安全优化。
(1)MySQL安装
1.创建MySQL用户的账号
[root@leaf ~]# groupadd mysql
[root@leaf ~]# useradd -s /sbin/nologin -g mysql -M mysql
[root@leaf ~]# tail -1 /etc/passwd
mysql:x:501:501::/home/mysql:/sbin/nologin
2.下载MySQL
可以使用wget来进行安装,也可以先下载到Windows 7上,然后使用SecureCRT,在CentOS上使用rz命令(需要使用yum install -y lrzsz命令安装)上传到我们的CentOS上,其实不管哪一种方式,只要有方式获取到该安装包就可以了,下面使用的是wget获取安装包的方式:
[root@leaf tools]# wget
[root@leaf tools]# ls -l mysql-5.5.54-linux2.6-x86_64.tar.gz
-rw-r--r--. 1 root root 185911232 3月 3 13:34 mysql-5.5.54-linux2.6-x86_64.tar.gz
3.解压并移到指定目录
[root@leaf tools]# tar xf mysql-5.5.54-linux2.6-x86_64.tar.gz
[root@leaf tools]# mv mysql-5.5.54-linux2.6-x86_64 /application/mysql-5.5.54
[root@leaf tools]# ln -s /application/mysql-5.5.54/ /application/mysql
[root@leaf tools]# ls -l /application/
总用量 8
lrwxrwxrwx. 1 root root 26 3月 4 06:43 mysql -> /application/mysql-5.5.54/
drwxr-xr-x. 13 root root 4096 3月 4 06:42 mysql-5.5.54
lrwxrwxrwx. 1 root root 25 3月 4 04:28 nginx -> /application/nginx-1.6.3/
drwxr-xr-x. 11 root root 4096 3月 4 04:30 nginx-1.6.3
4.初始化MySQL配置文件
[root@leaf mysql]# cp support-files/my-small.cnf /etc/my.cnf
cp:是否覆盖"/etc/my.cnf"? y
5.初始化MySQL数据库文件
[root@leaf mysql]# mkdir -p /application/mysql/data/
[root@leaf mysql]# chown -R mysql.mysql /application/mysql
[root@leaf mysql]# yum install -y libaio # 安装MySQL依赖函数库,否则下面的初始化会失败
[root@leaf mysql]# /application/mysql/scripts/mysql_install_db --basedir=/application/mysql --datadir=/application/mysql/data --user=mysql
......
# 输出结果可以看到两个OK,即说明初始化成功
[root@leaf mysql]# echo $? # 或者通过该命令,输出为0,即说明上一个步骤的命令执行成功
0
# 上面之后可以看到/application/mysql/data/目录下生成的数据库文件
6.配置并启动MySQL数据库
#(1)设置MySQL启动脚本
[root@leaf mysql]# cp support-files/mysql.server /etc/init.d/mysqld
[root@leaf mysql]# chmod +x /etc/init.d/mysqld
[root@leaf mysql]# ls -l /etc/init.d/mysqld
-rwxr-xr-x. 1 root root 10875 3月 4 06:56 /etc/init.d/mysqld
#(2)替换启动脚本中MySQL默认的安装路径/usr/local/mysql
[root@leaf mysql]# sed -i 's#/usr/local/mysql#/application/mysql#g' /application/mysql/bin/mysqld_safe /etc/init.d/mysqld
#(3)启动MySQL数据库
[root@leaf mysql]# /etc/init.d/mysqld start
Starting MySQL.Logging to '/application/mysql/data/leaf.err'.
... SUCCESS!
#(4)检查MySQL数据库是否启动
[root@leaf mysql]# netstat -lntup | grep mysql
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 4400/mysqld
#(5)查看日志
[root@leaf mysql]# tail -10 /application/mysql/data/leaf.err
InnoDB: Creating foreign key constraint system tables
InnoDB: Foreign key constraint system tables created
170304 7:00:28 InnoDB: Waiting for the background threads to start
170304 7:00:29 InnoDB: 5.5.54 started; log sequence number 0
170304 7:00:29 [Note] Server hostname (bind-address): '0.0.0.0'; port: 3306
170304 7:00:29 [Note] - '0.0.0.0' resolves to '0.0.0.0';
170304 7:00:29 [Note] Server socket created on IP: '0.0.0.0'.
170304 7:00:29 [Note] Event Scheduler: Loaded 0 events
170304 7:00:29 [Note] /application/mysql/bin/mysqld: ready for connections.
Version: '5.5.54' socket: '/tmp/mysql.sock' port: 3306 MySQL Community Server (GPL)
#(6)设置MySQL开机启动
[root@leaf mysql]# chkconfig --add mysqld
[root@leaf mysql]# chkconfig mysqld on
[root@leaf mysql]# chkconfig --list mysqld
mysqld 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭
#(7)配置mysql命令的全局使用路径(注意这里配置的是命令,前面配置的只是启动脚本)
[root@leaf mysql]# echo 'export PATH=/application/mysql/bin:$PATH' >>/etc/profile
[root@leaf mysql]# source /etc/profile
[root@leaf mysql]# echo $PATH
/application/mysql/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
#(8)登陆MySQL测试
[root@leaf mysql]# mysql
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 1
Server version: 5.5.54 MySQL Community Server (GPL)
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| test |
+--------------------+
4 rows in set (0.05 sec)
mysql> select user(); # 查看当前登陆的用户
+----------------+
| user() |
+----------------+
| root@localhost |
+----------------+
1 row in set (0.00 sec)
mysql> select host, user from mysql.user;
+-----------+------+
| host | user |
+-----------+------+
| 127.0.0.1 | root |
| ::1 | root |
| leaf | |
| leaf | root |
| localhost | |
| localhost | root |
+-----------+------+
6 rows in set (0.00 sec)
mysql> quit
Bye
(2)MySQL基本安全优化
1.为root用户设置密码
1
[root@leaf mysql]# mysqladmin -u root password '123456'
2.清理无用的MySQL用户及数据库
[root@leaf mysql]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 3
Server version: 5.5.54 MySQL Community Server (GPL)
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql> select user, host from mysql.user;
+------+-----------+
| user | host |
+------+-----------+
| root | 127.0.0.1 |
| root | ::1 |
| | leaf |
| root | leaf |
| | localhost |
| root | localhost |
+------+-----------+
6 rows in set (0.00 sec)
mysql> drop user "root"@"::1";
Query OK, 0 rows affected (0.00 sec)
mysql> drop user ""@"leaf";
Query OK, 0 rows affected (0.00 sec)
mysql> drop user "root"@"leaf";
Query OK, 0 rows affected (0.01 sec)
mysql> drop user ""@"localhost";
Query OK, 0 rows affected (0.01 sec)
mysql> select user, host from mysql.user;
+------+-----------+
| user | host |
+------+-----------+
| root | 127.0.0.1 |
| root | localhost |
+------+-----------+
2 rows in set (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
# 删除无用的数据库
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| test |
+--------------------+
4 rows in set (0.00 sec)
mysql> drop database test;
Query OK, 0 rows affected (0.01 sec)
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)
到此为此,MySQL也安装完成了!
4.LNMP环境搭建:PHP(FastCGI方式)安装、配置与启动
(1)安装PHP依赖函数库
1.安装lib库
需要安装的lib库如下:
zlib-devel libxml2-devel libjpeg-devel libjpeg-turbo-devel libiconv-devel
freetype-devel libpng-devel gd-devel libcurl-devel libxslt-devel
其中除了libiconv库外,其他都可以通过yum的方式进行安装,安装如下:
# 使用yum安装除libiconv-devel之外的其它lib库
[root@leaf mysql]# yum install -y zlib-devel libxml2-devel libjpeg-devel libjpeg-turbo-devel libiconv-devel freetype-devel libpng-devel gd-devel libcurl-devel libxslt-devel
# 编译安装libiconv-devel
[root@leaf tools]# wget
[root@leaf tools]# tar zxf libiconv-1.14.tar.gz
[root@leaf tools]# cd libiconv-1.14
[root@leaf libiconv-1.14]# ./configure --prefix=/usr/local/libiconv
[root@leaf libiconv-1.14]# make
[root@leaf libiconv-1.14]# make install
2.安装libmcrypt库
[root@leaf ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
[root@leaf ~]# yum install -y libmcrypt-devel
3.安装mhash加密扩展库
[root@leaf ~]# yum install -y mhash
4.安装mcrypt加密扩展库
[root@leaf ~]# yum install -y mcrypt
(2)安装PHP
使用的PHP版本号为5.3.27,如下:
1.下载PHP安装包
[root@leaf tools]# wget http://cn2.php.net/get/php-5.3.27.tar.gz/from/this/mirror
[root@leaf tools]# mv mirror php-5.3.27.tar.gz
[root@leaf tools]# ls -l php-5.3.27.tar.gz
-rw-r--r--. 1 root root 15008639 1月 21 2015 php-5.3.27.tar.gz
2.解压缩
[root@leaf tools]# tar zxf php-5.3.27.tar.gz
[root@leaf tools]# cd php-5.3.27
[root@leaf php-5.3.27]# pwd
/root/tools/php-5.3.27
3.配置PHP的安装参数
配置项非常多,如下:
./configure
--prefix=/application/php5.3.27
--with-mysql=/application/mysql
--with-iconv-dir=/usr/local/libiconv
--with-freetype-dir
--with-jpeg-dir
--with-png-dir
--with-zlib
--with-libxml-dir=/usr
--enable-xml
--disable-rpath
--enable-safe-mode
--enable-bcmath
--enable-shmop
--enable-sysvsem
--enable-inline-optimization
--with-curl
--with-curlwrappers
--enable-mbregex
--enable-fpm
--enable-mbstring
--with-mcrypt
--with-gd
--enable-gd-native-ttf
--with-openssl
--with-mhash
--enable-pcntl
--enable-sockets
--with-xmlrpc
--enable-zip
--enable-soap
--enable-short-tags
--enable-zend-multibyte
--enable-static
--with-xsl
--with-fpm-user=nginx
--with-fpm-group=nginx
--enable-ftp
可以将其直接复制到命令行进行配置,这样就可以减少出错的概率:
[root@leaf php-5.3.27]# ./configure
> --prefix=/application/php5.3.27
> --with-mysql=/application/mysql
> --with-iconv-dir=/usr/local/libiconv
> --with-freetype-dir
> --with-jpeg-dir
> --with-png-dir
> --with-zlib
> --with-libxml-dir=/usr
> --enable-xml
> --disable-rpath
> --enable-safe-mode
> --enable-bcmath
> --enable-shmop
> --enable-sysvsem
> --enable-inline-optimization
> --with-curl
> --with-curlwrappers
> --enable-mbregex
> --enable-fpm
> --enable-mbstring
> --with-mcrypt
> --with-gd
> --enable-gd-native-ttf
> --with-openssl
> --with-mhash
> --enable-pcntl
> --enable-sockets
> --with-xmlrpc
> --enable-zip
> --enable-soap
> --enable-short-tags
> --enable-zend-multibyte
> --enable-static
> --with-xsl
> --with-fpm-user=nginx
> --with-fpm-group=nginx
> --enable-ftp
......
+--------------------------------------------------------------------+
| License: |
| This software is subject to the PHP License, available in this |
| distribution in the file LICENSE. By continuing this installation |
| process, you are bound by the terms of this license agreement. |
| If you do not agree with the terms of this license, you must abort |
| the installation process at this point. |
+--------------------------------------------------------------------+
Thank you for using PHP.
4.编译PHP
[root@leaf php-5.3.27]# ln -s /application/mysql/lib/libmysqlclient.so.18
libmysqlclient.so.18 libmysqlclient.so.18.0.0
[root@leaf php-5.3.27]# ln -s /application/mysql/lib/libmysqlclient.so.18 /usr/lib64/
[root@leaf php-5.3.27]# touch ext/phar/phar.phar
[root@leaf php-5.3.27]# make
......
[root@leaf php-5.3.27]# echo $?
0
5.安装PHP
[root@leaf php-5.3.27]# make install
/root/tools/php-5.3.27/build/shtool install -c ext/phar/phar.phar /application/php5.3.27/bin
ln -s -f /application/php5.3.27/bin/phar.phar /application/php5.3.27/bin/phar
Installing PDO headers: /application/php5.3.27/include/php/ext/pdo/
......
[root@leaf php-5.3.27]# echo $?
0
(3)配置与启动PHP
1.设置PHP安装目录软链接
[root@leaf php-5.3.27]# ln -s /application/php5.3.27/ /application/php
[root@leaf php-5.3.27]# ls -l /application/php
lrwxrwxrwx. 1 root root 23 3月 4 08:59 /application/php -> /application/php5.3.27/
2.拷贝PHP配置文件到PHP默认目录
[root@leaf php-5.3.27]# cp php.ini-production /application/php/lib/php.ini
[root@leaf php-5.3.27]# ls -l /application/php/lib/php.ini
-rw-r--r--. 1 root root 69627 3月 4 09:00 /application/php/lib/php.ini
3.配置php-fpm.conf文件
[root@leaf php-5.3.27]# cd /application/php/etc/
[root@leaf etc]# ls
pear.conf php-fpm.conf.default
[root@leaf etc]# cp php-fpm.conf.default php-fpm.conf
4.启动PHP服务php-fpm
[root@leaf etc]# /application/php/sbin/php-fpm
5.检查启动进程与侦听端口号
[root@leaf etc]# ps -ef | grep php-fpm
root 129256 1 0 09:05 ? 00:00:00 php-fpm: master process (/application/php5.3.27/etc/php-fpm.conf)
nginx 129257 129256 0 09:05 ? 00:00:00 php-fpm: pool www
nginx 129258 129256 0 09:05 ? 00:00:00 php-fpm: pool www
root 129260 13743 0 09:06 pts/1 00:00:00 grep php-fpm
[root@leaf etc]# netstat -lntup | grep 9000
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 129256/php-fpm
至此,PHP也安装完成了!LNMP的各个组件都安装好了,下面就要对LNMP环境进行测试了。
5.LNMP环境测试
(1)配置Nginx支持PHP程序请求访问
1.查看当前Nginx配置
[root@leaf etc]# cd /application/nginx/conf/
[root@leaf conf]# cat nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include extra/blog.conf;
}
[root@leaf conf]# cat extra/blog.conf
server {
listen 80;
server_name blog.xpleaf.org;
location / {
root html/blog;
index index.html index.htm;
}
}
2.修改extra/blog.conf配置文件
[root@leaf conf]# cat extra/blog.conf
server {
listen 80;
server_name blog.xpleaf.org;
location / {
root html/blog;
index index.html index.htm;
}
location ~ .*.(php|php5)?$ {
root html/blog;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
}
3.检查并启动Nginx
[root@leaf conf]# /application/nginx/sbin/nginx -t
nginx: the configuration file /application/nginx-1.6.3//conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx-1.6.3//conf/nginx.conf test is successful
[root@leaf conf]# /application/nginx/sbin/nginx -s reload
(2)测试LNMP环境是否生效
1.配置域名站点目录
[root@leaf conf]# cd /application/nginx/html/blog/
[root@leaf blog]# echo "<?php phpinfo(); ?>" >test_info.php
[root@leaf blog]# cat test_info.php
<?php phpinfo(); ?>
2.宿主机上在浏览器中输入地址http://blog.xpleaf.org/test_info.php进行访问
(3)测试PHP连接MySQL是否正常
1.编辑text_mysql.php
[root@leaf blog]# cat test_mysql.php
<?php
$link_id=mysql_connect('localhost', 'root', '123456');
if($link_id){
echo "mysql succesful by xpleaf !";
}else{
echo mysql_error();
}
?>
2.宿主机上在浏览器中输入地址http://blog.xpleaf.org/test_mysql.php进行访问
至此,LNMP环境搭建与测试完成了,下面就可以开始部署WordPress了!
6.部署WordPress
(1)MySQL数据库准备
1.登陆mysql
[root@leaf blog]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 5
Server version: 5.5.54 MySQL Community Server (GPL)
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql>
2.创建数据库wordpress
mysql> create database wordpress;
Query OK, 1 row affected (0.32 sec)
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| wordpress |
+--------------------+
4 rows in set (0.00 sec)
3.创建wordpress blog管理用户
mysql> grant all on wordpress.* to wordpress@'localhost' identified by '123456';
Query OK, 0 rows affected (0.08 sec)
mysql> show grants for wordpress@'localhost';
+------------------------------------------------------------------------------------------------------------------+
| Grants for wordpress@localhost |
+------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'wordpress'@'localhost' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' |
| GRANT ALL PRIVILEGES ON `wordpress`.* TO 'wordpress'@'localhost' |
+------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
4.刷新MySQL用户权限
mysql> flush privileges;
Query OK, 0 rows affected (0.31 sec)
5.检查MySQL登录用户
mysql> select user,host from mysql.user;
+-----------+-----------+
| user | host |
+-----------+-----------+
| root | 127.0.0.1 |
| root | localhost |
| wordpress | localhost |
+-----------+-----------+
3 rows in set (0.00 sec)
(2)Nginx配置准备
1.修改blog.conf配置文件
[root@leaf conf]# cat extra/blog.conf
server {
listen 80;
server_name blog.xpleaf.org;
location / {
root html/blog;
index index.php index.html index.htm;
}
location ~ .*.(php|php5)?$ {
root html/blog;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
}
# 相比前面的配置文件,只是在/下添加了index.php
# 不过需要注意的是,index.php一定要放在index关键字之后,
# 这样访问blog.xpleaf.org时,才会打开我们的WordPress页面
2.重启Nginx服务
[root@leaf conf]# /application/nginx/sbin/nginx -s reload
(3)配置WordPress
1.获取WordPress安装包
[root@leaf tools]# wget
[root@leaf tools]# ls -lh wordpress-4.7.2-zh_CN.tar.gz
-rw-r--r--. 1 root root 8.1M 1月 28 08:53 wordpress-4.7.2-zh_CN.tar.gz
2.解压缩与配置站点目录
[root@leaf tools]# cp wordpress-4.7.2-zh_CN.tar.gz /application/nginx/html/blog/
[root@leaf tools]# cd /application/nginx/html/blog/
[root@leaf blog]# tar zxf wordpress-4.7.2-zh_CN.tar.gz
[root@leaf blog]# ls
index.html test_mysql.php wordpress-4.7.2-zh_CN.tar.gz
test_info.php wordpress
[root@leaf blog]# rm -rf test_* wordpress-4.7.2-zh_CN.tar.gz # 删除无用的文件
[root@leaf blog]# ls
index.html wordpress
[root@leaf blog]# mv wordpress/* ./ # 将wordpress程序移到当前blog目录下
[root@leaf blog]# ls
index.html wp-admin wp-includes wp-signup.php
index.php wp-blog-header.php wp-links-opml.php wp-trackback.php
license.txt wp-comments-post.php wp-load.php xmlrpc.php
readme.html wp-config-sample.php wp-login.php
wordpress wp-content wp-mail.php
wp-activate.php wp-cron.php wp-settings.php
[root@leaf blog]# ls -l
总用量 196
-rw-r--r--. 1 root root 30 3月 4 04:54 index.html
-rw-r--r--. 1 nobody 65534 418 9月 25 2013 index.php
-rw-r--r--. 1 nobody 65534 19935 1月 3 02:51 license.txt
-rw-r--r--. 1 nobody 65534 6956 1月 28 08:53 readme.html
drwxr-xr-x. 2 nobody 65534 4096 3月 4 09:50 wordpress
......
3.对blog下所有文件授予nginx用户和组的权限
[root@leaf blog]# chown -R nginx.nginx ../blog/
[root@leaf blog]# ls -l
总用量 196
-rw-r--r--. 1 nginx nginx 30 3月 4 04:54 index.html
-rw-r--r--. 1 nginx nginx 418 9月 25 2013 index.php
-rw-r--r--. 1 nginx nginx 19935 1月 3 02:51 license.txt
-rw-r--r--. 1 nginx nginx 6956 1月 28 08:53 readme.html
drwxr-xr-x. 2 nginx nginx 4096 3月 4 09:50 wordpress
......
(4)安装WordPress
在宿主机浏览器上输入地址:http://blog.xpleaf.org,如下:
接下来的安装都是非常人性化的,点击“现在就开始”,出现下面的页面:
填好信息后,点击“提交”,如下:
点击“进行安装”,接下来就会让我们填写一些信息,如下:
点击“安装WordPress”,之后就会显示如下页面:
显示上面的页面,就说明我们的WordPress安装成功了!接下来就可以好好管理自己的个人WordPress博客站点了!
7.下一步要做什么
可以在云主机上,如腾讯云或者阿里云上搭建LNMP环境,再部署一个WordPress博客程序,为了达到域名访问的效果,可以购买一个域名,然后自己搭建DNS服务器,这会是非常不错的体验!
接下来就可以考虑对LNMP进行优化了。
Nginx功能非常强大,仅仅是通过主配置文件nginx.conf的使用就可以体现出来,为了方便学习和查漏,将其主配置文件的完整内容列出来,并加上个人的一些理解以作为笔记,从而去加深记忆。
1.Nginx主配置文件与说明
如下:
#user nobody;
# ====================================Main区==================================== #
# Main区为Nginx核心功能模块
worker_processes 1; # worker进程的数量
#error_log logs/error.log; # Nginx错误日志配
#error_log logs/error.log notice; # notice, info为错误日志级别
#error_log logs/error.log info; # 一般使用warn|error|crit这三个级别
#pid logs/nginx.pid;
# ====================================Main区==================================== #
# ====================================events区==================================== #
# events区为Nginx核心功能模块
events {
worker_connections 1024; # 每个worker进程支持的最大连接数
}
# ====================================events区==================================== #
# ====================================HTTP区==================================== #
# http区为Nginx核心功能模块
http {
include mime.types; # Nginx支持的媒体类型库文件
default_type application/octet-stream; # 默认的媒体类型
# =========访问日志配置======== #
# 开始这三行为日志格式
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
# 这一行为记录日志的参数,第一个参数为关键字参数,第二个为日志目录,第三个为使用的日志格式
#access_log logs/access.log main;
# =========访问日志配置======== #
sendfile on; # 开启高效传输模式
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65; # 连接超时时间
#gzip on;
server { # server区块,表示一个独立的虚拟主机站点
listen 80; # 提供服务的端口
server_name localhost; # 提供服务的域名主机名
#charset koi8-r;
#access_log logs/host.access.log main;
location / { # location区块
root html; # 站点的根目录,相当于Nginx的安装目录
index index.html index.htm; # 默认的首页文件,多个用空格分开
}
# [扩展功能1:实现Nginx status] #
##status
server{
listen 80;
server_name status.etiantian.org;
location / {
stub_status on;
access_log off;
}
}
# [扩展功能1:实现Nginx status] #
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html; # 出现对应的http状态码时,使用50x.html回应客户
location = /50x.html { # location区块,访问50x.html
root html; # 指定对应的站点目录为html
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ .php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ .php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
# ====================================HTTP区==================================== #
vim /usr/local/nginx/conf/nginx.conf 文件下:
worker_processes 1;
worker_rlimit_nofile 100000;
events {
worker_connections 2048;
multi_accept on;
use epoll;
}
http {
server_tokens off;
sendfile on;
tcp_nopush on;
tcp_nodelay on; (提升速类)
access_log off;
error_log error.log crit;
keepalive_timeout 10; (如果客户打开该网页,长时间没请求,占着不用。服务端可以设置多长时间,断掉该客户端连接)
client_header_timeout 10;
client_body_timeout 10;
reset_timedout_connection on;
send_timeout 10;
include mime.types;
default_type text/html;
charset UTF-8;
gzip on; (压缩页面中 大于1000字节 压缩格式类型)([root@proxe conf]# vim /usr/local/nginx/conf/mime.types, application/msword doc;)
gzip_disable "msie6";
gzip_proxied any;
gzip_min_length 1000;
gzip_comp_level 6;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss
text/javascript;
client_header_buffer_size 1k;(当头部信息比较大,报414错时 加上这条和下面这条 )
large_client_header_buffers 4 4k;
open_file_cache max=100000 inactive=20s;
open_file_cache_valid 60s;
open_file_cache_min_uses 2;
open_file_cache_errors off;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
worker_processes 1; (cpu核心数量一致)
linux最大打开文件数量1024
worker_connections 65556;
ulimit -a (系统默认值)
...
open files 1024
++++++++++++
优化案例:
+++++++++++++
———————————————————————————————————————————
做并发连接数
1.[root@proxe conf]# vim /usr/local/nginx/conf/nginx.conf
events {
worker_connections 10000;
}
[root@proxe conf]# nginx -s reload
2.vim /etc/security/limits.conf (最下面有模板)
* soft nofile 100000
* hard nofile 100000
3.
ulimit -a
ulimit -Hn 100000
ulimit -Sn 100000
ulimit -a
[root@proxe conf]# ab -c 5000 -n 5000 http://192.168.4.5/ (OK)
压力测试:ab (yum中下一个httpd-tools)
[root@proxe conf]# ab -c 50 -n 5000 http://192.168.4.5/
——————————————————————————————————
安全设置 (屏蔽nginx版本号)
[root@proxe conf]# curl -I 192.168.4.5
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.8.0
Date: Thu, 16 Feb 2017 13:36:21 GMT
Content-Type: text/html
Content-Length: 160
Connection: keep-alive
Location: http://www.b.com/b.html
[root@proxe conf]# vim /usr/local/nginx/conf/nginx.conf
http {
server_tokens off; (加这个屏蔽版本号)
include mime.types;
default_type application/octet-stream;
[root@proxe conf]# nginx -s reload
[root@proxe conf]# curl -I 192.168.4.5
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 16 Feb 2017 13:36:42 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: http://www.b.com/b.html
———————————————————————————————————————————————————————————
解决客户机访问头部信息过长的问题。
当访问时输入的地址头部信息过长时报414错误时,查看buffer,默认时为1,改成下面这两行就行。若是发现本来buffers就设置为4 4k时,
不用再改了,可能是别人恶意攻击,最大 不要改到4 8k)
client_header_buffer_size 1k;(当头部信息比较大,报414错时 加上这条和下面这条 )
large_client_header_buffers 4 4k;
————————————————————————————————————————————————————————————
在客户机上做缓存
在服务器中设置格式为pdf|jpg|mp3|png的文件,使打开该格式页面文件的客户机浏览器中缓存30天(一般只做静态缓存)
[root@proxe ~]# vim /usr/local/nginx/conf/nginx.conf
location ~ .(pdf|jpg|mp3|png) ${
expires 30d;
}
[root@proxe ~]# cp knowledge point2.12.1.pdf /usr/local/nginx/html/a.pdf
[root@proxe ~]# nginx -s reload
[root@host ~]# firefox http://192.168.4.5/a.pdf
在打开的浏览器(firefox)地址栏中:输入 about:cache 可以看到刚打开的页面 找到它可以看到从哪天保存到哪天。(做实验时先把浏览器缓存清空)
——————————————————————————————————
防止盗链
Referer:告诉服务器,从哪里来
访问新浪:可以直接访问新浪,也可从百度中链接过去,但referer不一样。
------>sina
baidu ----->sina
referer:www.baidu.com
referer:www.sina.com
www.youku.com www.letv.com
www.bird.org :所有资源(做链接),搜索功能 目的是扩大自己网站的影响和点击,让别人知道自己域名。
防止盗链
vaild_referers (有效的 允许链接)
if 拒绝的
实验操作:
location ~*. (pdf|jpg|mp3|png|flv) ${
vaild_referers none blocked www.tarena.com;
if($invalid_referer){
rewrite ^/ http:www.a.com/a.html
}
}
————————————————————————————————————————————————————————
使用Nginx可以配置基于域名的虚拟主机、基于端口的虚拟主机和基于端口的虚拟主机,比较常用的是基于域名的虚拟主机,这里要做的配置是基于域名的虚拟主机,并且是配置多个基于域名的虚拟主机。
2.配置一个基于域名的虚拟主机与测试
先启动Nginx,验证服务是否正常:
[root@leaf ~]# /application/nginx/sbin/nginx
[root@leaf ~]# netstat -lnp | grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 6881/nginx
unix 2 [ ACC ] STREAM LISTENING 9180 1/init @/com/ubuntu/upstart
[root@leaf ~]# curl localhost
<h1>Hello, I'm xpleaf.</h1>
[root@leaf ~]# LANG=en
[root@leaf ~]# wget localhost
--2017-02-24 13:33:43-- http://localhost/
Resolving localhost... ::1, 127.0.0.1
Connecting to localhost|::1|:80... failed: Connection refused.
Connecting to localhost|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 28 [text/html]
Saving to: `index.html.1'
100%[======================================>] 28 --.-K/s in 0s
2017-02-24 13:33:43 (1.87 MB/s) - `index.html.1' saved [28/28]
从上面的输出可以看到,此时Nginx是可以正常运行和提供服务的。
(1)实验准备:最小化Nginx的主配置文件nginx.conf
Nginx的配置文件在安装目录下的conf目录中:
[root@leaf ~]# tree /application/nginx
/application/nginx
|-- client_body_temp
|-- conf
| |-- fastcgi.conf
| |-- fastcgi.conf.default
| |-- fastcgi_params
| |-- fastcgi_params.default
| |-- koi-utf
| |-- koi-win
| |-- mime.types
| |-- mime.types.default
| |-- nginx.conf
| |-- nginx.conf.default
| |-- scgi_params
| |-- scgi_params.default
| |-- uwsgi_params
| |-- uwsgi_params.default
| `-- win-utf
|-- fastcgi_temp
|-- html
| |-- 50x.html
| |-- index.html
| `-- index.html.source
|-- logs
| |-- access.log
| |-- error.log
| `-- nginx.pid
|-- proxy_temp
|-- sbin
| `-- nginx
|-- scgi_temp
`-- uwsgi_temp
nginx.conf便是主配置文件,nginx.conf.default则是它的备份,该配置文件有数百行:
1
2
[root@leaf conf]# wc -l nginx.conf
117 nginx.conf
为了学习的方便,可以考虑将其注释内容去掉:
[root@leaf conf]# egrep -v "#|^$" nginx.conf.default >nginx.conf
[root@leaf conf]# cat nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
[root@leaf conf]# wc -l nginx.conf
22 nginx.conf
去掉了注释和空白行后只有22行,就很方便我们待会做实验时进行配置了。
(2)修改配置文件
假设我们的Nginx为站点www.xpleaf.cn服务,则可以将主配置文件修改为如下:
[root@leaf conf]# cat nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name www.xpleaf.com;
location / {
root html/www;
index index.html index.htm;
}
}
}
主要是修改了第12行和第14行,其中第14行说明该站点的根目录的html文件在html/www/目录中。
(3)创建域名对应的站点目录及文件
[root@leaf nginx]# cd html/
[root@leaf html]# mkdir www
[root@leaf html]# echo "This page is: www.xpleaf.cn">www/index.html
[root@leaf html]# cat www/index.html
This page is: www.xpleaf.cn
(4)重新启动Nginx服务
[root@leaf html]# /application/nginx/sbin/nginx -t # 检查Nginx配置语法
nginx: the configuration file /application/nginx-1.6.3//conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx-1.6.3//conf/nginx.conf test is successful
[root@leaf html]# /application/nginx/sbin/nginx -s reload # 优雅重启Nginx
(5)在CentOS 6.5上进行测试
因为上面我们设置的域名www.xpleaf.cn实际是可能不存在,但为了达到测试的目的,即当访问www.xpleaf.cn时,能够解析到我们CentOS上的IP地址,从而可以访问其上面的Nginx服务,达到访问Nginx虚拟主机的目的,所以在CentOS上进行测试时,我们需要修改/etc/hosts文件,让www.xpleaf.cn解析为CentOS的IP地址:
[root@leaf html]# echo "127.0.0.1 www.xpleaf.cn" >>/etc/hosts
[root@leaf html]# tail -1 /etc/hosts
127.0.0.1 www.xpleaf.cn
此时,在CentOS上使用curl命令和wget命令来访问www.xpleaf.cn,查看测试结果:
[root@leaf html]# curl www.xpleaf.cn
This page is: www.xpleaf.cn
[root@leaf html]# wget www.xpleaf.cn
--2017-02-24 13:58:29-- http://www.xpleaf.cn/
Resolving www.xpleaf.cn... 127.0.0.1
Connecting to www.xpleaf.cn|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 28 [text/html]
Saving to: `index.html.1'
100%[======================================>] 28 --.-K/s in 0s
2017-02-24 13:58:29 (2.24 MB/s) - `index.html.1' saved [28/28]
从输出结果可以知道,此时Nginx成功地为域名为www.xpleaf.cn的虚拟主机提供了服务。
(6)在Windows 7主机上进行测试
为了达到前面说的目的,在Windows操作系统上同样需要修改hosts文件,Windows 7的hosts文件在C:WindowsSystem32driversetc,同样添加下面一行:
1
10.0.0.101 www.xpleaf.cn
这时在浏览器中输入地址www.xpleaf.cn,查看返回的结果:
wKiom1ixs6jzW6yTAAAjHHKgIE8656.png
可以看到,可以正常访问。
3.配置多个基于域名的虚拟主机与测试
上面的实验中只有一个站点www.xpleaf.cn,假如还有两个站点bbs.xpleaf.cn和log.xpleaf.cn,
同样需要Nginx来提供服务,这时就需要配置多个基于域名的虚拟主机了,不过有了上面的基础后,下面
的操作就会容易很多,因为思路都是一样的。
(1)修改主配置文件nginx.conf
在前面的基础上,修改为如下:
[root@leaf conf]# cat nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name www.xpleaf.com;
location / {
root html/www;
index index.html index.htm;
}
}
server {
listen 80;
server_name bbs.xpleaf.com;
location / {
root html/bbs;
index index.html index.htm;
}
}
server {
listen 80;
server_name blog.xpleaf.com;
location / {
root html/blog;
index index.html index.htm;
}
}
}
(2)创建域名对应的站点目录及文件
[root@leaf html]# mkdir bbs
[root@leaf html]# echo "This page is: bbs.xpleaf.cn" >bbs/index.html
[root@leaf html]# mkdir blog
[root@leaf html]# echo "This page is: blog.xpleaf.cn" >blog/index.html
[root@leaf html]# cat bbs/index.html blog/index.html
This page is: bbs.xpleaf.cn
This page is: blog.xpleaf.cn
(3)重新启动Nginx服务
[root@leaf html]# /application/nginx/sbin/nginx -t # 检查Nginx配置语法
nginx: the configuration file /application/nginx-1.6.3//conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx-1.6.3//conf/nginx.conf test is successful
[root@leaf html]# /application/nginx/sbin/nginx -s reload # 优雅重启Nginx
(4)在CentOS 6.5上进行测试
在原来基础上,修改/etc/hosts文件,在127.0.0.1地址后添加bbs.xpleaf.cn和blog.xpleaf.cn两个域名:
[root@leaf html]# tail -1 /etc/hosts
127.0.0.1 www.xpleaf.cn bbs.xpleaf.cn blog.xpleaf.cn
使用curl命令和wget命令进行测试:
[root@leaf html]# curl bbs.xpleaf.cn
This page is: www.xpleaf.cn
[root@leaf html]# curl blog.xpleaf.cn
This page is: www.xpleaf.cn
[root@leaf html]# wget bbs.xpleaf.cn
--2017-02-24 14:19:54-- http://bbs.xpleaf.cn/
Resolving bbs.xpleaf.cn... 127.0.0.1
Connecting to bbs.xpleaf.cn|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 28 [text/html]
Saving to: `index.html.2'
100%[======================================>] 28 --.-K/s in 0s
2017-02-24 14:19:54 (2.37 MB/s) - `index.html.2' saved [28/28]
[root@leaf html]# wget blog.xpleaf.cn
--2017-02-24 14:20:00-- http://blog.xpleaf.cn/
Resolving blog.xpleaf.cn... 127.0.0.1
Connecting to blog.xpleaf.cn|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 28 [text/html]
Saving to: `index.html.3'
100%[======================================>] 28 --.-K/s in 0s
2017-02-24 14:20:00 (2.24 MB/s) - `index.html.3' saved [28/28]
从上面结果可以知道,Nginx为各个虚拟主机正常提供服务。
(5)在Windows 7主机上进行测试
在原来基础上,修改hosts文件,如下:
1
10.0.0.101 www.xpleaf.cn bbs.xpleaf.cn blog.xpleaf.cn
在浏览器上分别访问各个域名,查看其返回结果:
访问www.xpleaf.cn:
访问bbs.xpleaf.cn:
访问blog.xpleaf.cn:
可以看到访问每个域名都返回了期待的页面,说明测试成功!
6.进阶:Nginx虚拟主机的别名配置
所以虚拟主机别名,就是为虚拟主机设置除了主域名以外的一个或多个域名名字,这样就能实现用户访问的多个域名对应同一个虚拟主机网站的功能。
以www.xpleaf.cn为例,希望添加一个别名xpleaf.cn,这样当访问xpleaf.cn时,和访问www.xpleaf.cn得到的结果是一样的。
其实配置的思路非常简单,只需要在上面nginx.conf配置文件中www.xpleaf.cn的server域中再添加一个xpleaf.cn的域名就可以了,如下:
server {
listen 80;
server_name www.xpleaf.com xpleaf.cn;
location / {
root html/www;
index index.html index.htm;
}
}
测试的话依然按照前面的方法进行,即先检查Nginx配置文件、平滑重启Nginx服务、配置hosts文件,最后通过命令行或浏览器的方式进行验证,因为跟前面是一样的,所以这里就不展开了。
5.下一步要做什么
可以考虑配置与测试基于端口的虚拟主机和基于IP地址的虚拟主机,其实只要把上面的弄清楚了,再做这些配置就会容易很多了。
grep -v "#" nginx.conf
user nobody;
worker_processes 8;
error_log /data/log/nginx/error.log notice;
pid logs/nginx.pid;
events {
worker_connections 20000;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user $upstream_response_time $request_time [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /data/log/nginx/access.log main;
limit_req_zone $binary_remote_addr zone=allips:10m rate=10r/m;
gzip on;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 8m;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
chunked_transfer_encoding off;
server_tokens off;
upstream bbnews{
server 106.51.33.116:9091;
keepalive 60;
}
upstream xinhuasite{
server 106.51.33.124:80;
keepalive 60;
}
upstream bbimg2{
server 106.51.33.117:80;
server 106.51.33.120:80;
}
server {
listen 80;
location /M00{
alias /data/fastdfs_storaged;
ngx_fastdfs_module;
}
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location ~ .php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
}
location /server_status{
stub_status on;
access_log off;
allow 18.168.21.118;
allow 127.0.0.1;
deny all;
}
}
server {
listen 80;
server_name bimg.haoren.com bimg4.haoren.com;
set $root_path /usr/local/nginx/html/webxinhua_static/public;
index index.html;
root $root_path;
location /M00{
alias /data/fastdfs_storaged;
ngx_fastdfs_module;
}
location /assets{
add_header "Access-Control-Allow-Origin" "bb.haoren.com,xinhua.haoren.com,bbimg.haoren.com";
add_header "Access-Control-Allow-Credentials" "true";
}
gzip_disable "MSIE [1-6].";
gzip_types text/plain application/x-javascript text/css text/javascript image/jpeg image/gif image/png video/mp4;
}
server {
listen 80;
server_name imgcheck.ztsafe.com;
set $root_path /data/img;
index index.html;
root $root_path;
location /M00{
alias /data/fastdfs_storaged;
ngx_fastdfs_module;
}
location /assets{
add_header "Access-Control-Allow-Origin" "bb.haoren.com,xinhua.haoren.com,bbimg.haoren.com";
add_header "Access-Control-Allow-Credentials" "true";
}
gzip_disable "MSIE [1-6].";
gzip_types text/plain application/x-javascript text/css text/javascript image/jpeg image/gif image/png video/mp4;
}
server {
listen 80;
server_name bimg2.haoren.com;
index index.html index.php;
location /{
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header NetType-WT 1;
proxy_pass http://bimg2;
}
}
server {
listen 80;
listen 443 ssl;
server_name xinhua.haoren.com bb.haoren.com 2b.haoren.com b.haoren.com bian.tv www.xinhua.tv 10.51.103.11;
set $root_path /usr/local/nginx/html/webxinhua_deploy/public;
ssl_certificate /usr/local/nginx/conf/ssl/dbz.haoren.com.cn_bundle.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/dbz.haoren.com.cn.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_session_timeout 5m;
if ( $http_user_agent ~ "(MIDP)|(WAP)|(UP.Browser)|(Smartphone)|(Obigo)|(Mobile)|(AU.Browser)|(wxd.Mms)|(WxdB.Browser)|(CLDC)|(UP.Link)|(KM.Browser)|(UCWEB)|(SEMC-Browser)|(Mini)|(Symbian)|(Palm)|(Nokia)|(Panasonic)|(MOT-)|(SonyEricsson)|(NEC-)|(Alcatel)|(Ericsson)|(BENQ)|(BenQ)|(Amoisonic)|(Amoi-)|(Capitel)|(PHILIPS)|(SAMSUNG)|(Lenovo)|(Mitsu)|(Motorola)|(SHARP)|(WAPPER)|(LG-)|(LG/)|(EG900)|(CECT)|(Compal)|(kejian)|(Bird)|(BIRD)|(G900/V1.0)|(Arima)|(CTL)|(TDG)|(Daxian)|(DAXIAN)|(DBTEL)|(Eastcom)|(EASTCOM)|(PANTECH)|(Dopod)|(Haier)|(HAIER)|(KONKA)|(KEJIAN)|(LENOVO)|(Soutec)|(SOUTEC)|(SAGEM)|(SEC-)|(SED-)|(EMOL-)|(INNO55)|(ZTE)|(iPhone)|(Android)|(Windows CE)|(Wget)|(Java)|(curl)|(Opera)" )
{
}
index index.html index.php;
root $root_path;
location ~* ^/login$ {
return 404;
}
location ~* ^/login/xinhua$ {
limit_req zone=allips;
try_files $uri $uri/ @rewrite;
}
location ~* ^/backend {
deny 11.130.19.9;
deny 14.141.19.95;
allow 106.51.33.156;
allow 18.168.21.18;
allow 18.168.12.45;
allow 18.168.12.17;
try_files $uri $uri/ @rewrite;
}
location /news/{
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://bbnews;
}
location /html/{
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://xinhuasite;
}
location ^~/gamehall/{
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://xinhuasite;
}
try_files $uri $uri/ @rewrite;
location @rewrite {
rewrite ^/(.*)$ /index.php?_url=/$1;
}
location ~ .php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REQUEST_URI $uri?$args;
include fastcgi_params;
}
}
}