LNMP环境搭建：Nginx安装、测试与域名配置

LNMP环境搭建：Nginx安装、测试与域名配置

Nginx作为一款优秀的Web Server软件同时也是一款优秀的负载均衡或前端反向代理、缓存服务软件

2.编译安装Nginx

（1）安装Nginx依赖函数库pcre

pcre为“perl兼容正则表达式”perl compatible regular expresssions,安装其是为了使Nginx支持具备URI重写功能的rewrite模块，如果不安装Nginx将无法使用rewrite模块功能，但是该功能却十分有用和常用。

检查系统中是否有安装：

[root@leaf ~]# rpm -q pcre pcre-devel

上面可以看到并没有安装使用yum方式安装如下：

[root@leaf ~]# yum install pcre pcre-devel -y

......

Installed:

pcre-devel.x86_64 0:7.8-7.el6

Updated:

pcre.x86_64 0:7.8-7.el6

Complete!

安装完后检查一下是否已经成功安装：

[root@leaf ~]# rpm -q pcre pcre-devel

pcre-7.8-7.el6.x86_64

pcre-devel-7.8-7.el6.x86_64

可以看到已经安装成功。

（2）安装Nginx依赖函数库openssl-devel

Nginx在使用HTTPS服务的时候要用到此模块，如果不安装openssl相关包，安装过程中是会报错的。

检查系统是否有安装openssl相关包：

[root@leaf ~]# rpm -q openssl openssl-devel

openssl-1.0.1e-15.el6.x86_64

package openssl-devel is not installed

可以看到只是安装了opensslopenssl-devel还没有安装使用yum安装如下：

[root@leaf ~]# yum install -y openssl-devel

......

Complete!

再次检查：

[root@leaf ~]# rpm -q openssl openssl-devel

openssl-1.0.1e-48.el6_8.4.x86_64

openssl-devel-1.0.1e-48.el6_8.4.x86_64

可以看到都已经成功安装上。

（3）下载Nginx软件包

这里使用的Nginx版本为1.6.3，下载方式如下：

[root@leaf ~]# pwd

/root

[root@leaf ~]# mkdir tools

[root@leaf ~]# cd tools/

[root@leaf tools]# wget http://nginx.org/download/nginx-1.6.3.tar.gz

......

100%[======================================>] 805,253 220K/s in 3.6s

2017-02-24 12:10:26 (220 KB/s) - anginx-1.6.3.tar.gza saved [805253/805253]

查看下载的Nginx软件包：

[root@leaf tools]# ll

total 788

-rw-r--r--. 1 root root 805253 Apr 8 2015 nginx-1.6.3.tar.gz

当然上面的方式是使用wget方式直接下载，前提是已经知道了Nginx的下载地址，也可以到官网下载，然后再上传到我们的CentOS操作系统上。

（4）开始安装Nginx

可以先在根目录下创建一个/application文件夹用来存放我们安装的软件：

[root@leaf ~]# mkdir /application

[root@leaf ~]# ls -d /application/

/application/

解压缩

将我们刚刚下载的Nginx软件包解压缩：

[root@leaf tools]# tar -zxvf nginx-1.6.3.tar.gz

......

[root@leaf tools]# ls

nginx-1.6.3 nginx-1.6.3.tar.gz

使用./configure指定编译参数

先创建一个nginx用户用来安装完成后运行nginx使用：

[root@leaf tools]# useradd nginx -s /sbin/nologin -M

[root@leaf tools]# tail -1 /etc/passwd

nginx:x:500:500::/home/nginx:/sbin/nologin

# -s参数后的/sbin/nologin指定不允许nginx进行登陆

# -M参数则是在创建该用户时不创建用户家目录

使用configure命令指定编译参数：

[root@leaf nginx-1.6.3]# ./configure --user=nginx --group=nginx --prefix=/application/nginx-1.6.3/ --with-http_stub_status_module --with-http_ssl_module

对于配置时使用的参数可以通过./configure --help来进行查询，上面使用的参数解析如下：

--prefix=PATH # 指定安装路径

--user=USER # 设置用户进程权限

--group=GROUP # 设置用户组进程权限

--with-http_stub_status_module # 激活状态信息

--with-http_ssl_module # 激活ssl功能

使用make进行编译

[root@leaf nginx-1.6.3]# make

......

检查编译是否成功：

[root@leaf nginx-1.6.3]# echo $?

0

返回0即说明编译成功。

使用make install安装

[root@leaf nginx-1.6.3]# make install

......

检查安装是否成功：

[root@leaf nginx-1.6.3]# echo $?

0

返回0即说明安装成功。

建立安装目录的软链接

[root@leaf nginx-1.6.3]# ln -s /application/nginx-1.6.3/ /application/nginx

[root@leaf nginx-1.6.3]# ls -l /application/

total 4

lrwxrwxrwx. 1 root root 25 Feb 24 12:32 nginx -> /application/nginx-1.6.3/

drwxr-xr-x. 6 root root 4096 Feb 24 12:28 nginx-1.6.3

到此Nginx的编译安装工作已经全部完成了，下面就需要对安装结果进行验证了即验证Nginx是否可以正常提供服务。

3.测试Nginx服务

（1）启动Nginx服务前检查配置文件语法

如下：

[root@leaf ~]# /application/nginx/sbin/nginx -t

nginx: the configuration file /application/nginx-1.6.3//conf/nginx.conf syntax is ok

nginx: configuration file /application/nginx-1.6.3//conf/nginx.conf test is successful

（2）启动Nginx服务

[root@leaf ~]# /application/nginx/sbin/nginx

如果在启动Nginx服务时出现了问题可以查看Nginx的日志/application/nginx/logs/error.log，再根据日志提供的信息来进行解决。

（3）验证Nginx服务是否正常

查看已开启的端口信息

[root@leaf ~]# netstat -lnp | grep 80

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 6772/nginx

unix 2 [ ACC ] STREAM LISTENING 9180 1/init @/com/ubuntu/upstart

可以看到Nginx已经在侦听80端口。

查看Nginx进程

[root@leaf ~]# ps aux | grep nginx

root 6772 0.0 0.1 45028 1140 ? Ss 12:34 0:00 nginx: master process /application/nginx/sbin/nginx

nginx 6773 0.0 0.1 45460 1716 ? S 12:34 0:00 nginx: worker process

root 6777 0.0 0.0 103256 832 pts/1 S+ 12:36 0:00 grep nginx

在宿主机上使用浏览器进行测试

在我们宿主机的浏览器上输入http://10.0.0.101/，查看测试结果

可以正常访问，当然前提是CentOS上的防火墙功能已经关闭。

使用wget命令和curl命令测试

wget命令：

[root@leaf tools]# wget 127.0.0.1

--2017-02-24 12:41:05-- http://127.0.0.1/

Connecting to 127.0.0.1:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 612 [text/html]

Saving to: aindex.htmla

100%[======================================>] 612 --.-K/s in 0s

2017-02-24 12:41:05 (44.1 MB/s) - aindex.htmla saved [612/612]

currl命令：

[root@leaf tools]# curl 127.0.0.1

<!DOCTYPE html>

<html>

<head>

<title>Welcome to nginx!</title>

<style>

body {

35em;

margin: 0 auto;

font-family: Tahoma, Verdana, Arial, sans-serif;

}

</style>

</head>

<body>

<h1>Welcome to nginx!</h1>

<p>If you see this page, the nginx web server is successfully installed and

working. Further configuration is required.</p>

<p>For online documentation and support please refer to

<a href="http://nginx.org/">nginx.org</a>.<br/>

Commercial support is available at

<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>

</body>

</html>

从上面的结果可以说明Nginx已经正常部署并运行。

4.进一步测试修改Nginx显示的页面

通过修改/application/nginx/html下的index.html文件，我们就可以改变Nginx主页显示的内容，操作如下：

[root@leaf tools]# cd /application/nginx/html/

[root@leaf html]# ls

50x.html index.html

[root@leaf html]# mv index.html index.html.source

[root@leaf html]# echo "<h1>Hello, I'm xpleaf.</h1>">index.html

[root@leaf html]# ls

50x.html index.html index.html.source

[root@leaf html]# cat index.html

<h1>Hello, I'm xpleaf.</h1>

这时在宿主机操作系统上访问http://10.0.0.101/

（1）Nginx安装

1.安装Nginx依赖函数库pcre、openssl-devel

[root@leaf ~]# yum install -y pcre pcre-devel openssl openssl-devel

......

[root@leaf ~]# rpm -q pcre pcre-devel openssl openssl-devel

pcre-7.8-7.el6.x86_64

pcre-devel-7.8-7.el6.x86_64

openssl-1.0.1e-48.el6_8.4.x86_64

openssl-devel-1.0.1e-48.el6_8.4.x86_64

2.下载安装Nginx

这里使用Nginx1.6.3，如下：

# 下载Nginx

[root@leaf ~]# yum install -y wget

[root@leaf ~]# mkdir tools

[root@leaf ~]# cd tools/

[root@leaf tools]# wget

[root@leaf tools]# ll

总用量 788

-rw-r--r--. 1 root root 805253 4月 8 2015 nginx-1.6.3.tar.gz

# 解压缩

[root@leaf tools]# tar zxf nginx-1.6.3.tar.gz

[root@leaf tools]# ll

总用量 792

drwxr-xr-x. 8 1001 1001 4096 4月 7 2015 nginx-1.6.3

-rw-r--r--. 1 root root 805253 4月 8 2015 nginx-1.6.3.tar.gz

# 指定编译参数

[root@leaf tools]# yum install -y gcc   # 需要先安装gcc

[root@leaf tools]# mkdir /application # 作为Nginx的安装目录

[root@leaf tools]# useradd nginx -s /sbin/nologin -M

[root@leaf tools]# tail -1 /etc/passwd

nginx:x:500:500::/home/nginx:/sbin/nologin

[root@leaf tools]# cd nginx-1.6.3

[root@leaf nginx-1.6.3]# ./configure --user=nginx --group=nginx --prefix=/application/nginx-1.6.3/ --with-http_stub_status_module --with-http_ssl_module

[root@leaf nginx-1.6.3]# echo $? # 结果输出0则说明命令执行成功

# 编译

[root@leaf nginx-1.6.3]# make

[root@leaf nginx-1.6.3]# echo $?

# 安装

[root@leaf nginx-1.6.3]# make install

[root@leaf nginx-1.6.3]# echo $?

# 建立安装目录的软链接

[root@leaf nginx-1.6.3]# ln -s /application/nginx-1.6.3/ /application/nginx

[root@leaf nginx-1.6.3]# ls -l /application/

总用量 4

lrwxrwxrwx. 1 root root 25 3月 4 04:28 nginx -> /application/nginx-1.6.3/

drwxr-xr-x. 6 root root 4096 3月 4 04:27 nginx-1.6.3

（2）Nginx测试

1.启动Nginx

[root@leaf ~]# /application/nginx/sbin/nginx -t   # 检查配置文件

nginx: the configuration file /application/nginx-1.6.3//conf/nginx.conf syntax is ok

nginx: configuration file /application/nginx-1.6.3//conf/nginx.conf test is successful

[root@leaf ~]# /application/nginx/sbin/nginx   # 启动Nginx服务

2.CentOS上验证Nginx服务

[root@leaf ~]# netstat -lntup | grep 80

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3929/nginx

[root@leaf ~]# curl localhost

<!DOCTYPE html>

<html>

<head>

<title>Welcome to nginx!</title>

<style>

body {

35em;

margin: 0 auto;

font-family: Tahoma, Verdana, Arial, sans-serif;

}

</style>

</head>

<body>

<h1>Welcome to nginx!</h1>

<p>If you see this page, the nginx web server is successfully installed and

working. Further configuration is required.</p>

<p>For online documentation and support please refer to

<a href="http://nginx.org/">nginx.org</a>.<br/>

Commercial support is available at

<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>

</body>

</html>

3.宿主机上验证Nginx服务

在宿主机浏览器上输入CentOS主机的IP地址10.0.0.101，如下：

（3）域名配置

因为要搭建一个博客服务，所以这里配置的域名为blog.xpleaf.org，操作过程如下：

1.最小化配置文件

[root@leaf ~]# cd /application/nginx/conf/

[root@leaf conf]# wc -l nginx.conf

117 nginx.conf

[root@leaf conf]# wc -l nginx.conf.default

117 nginx.conf.default

[root@leaf conf]# egrep -v "#|^$" nginx.conf.default >nginx.conf

[root@leaf conf]# wc -l nginx.conf

22 nginx.conf

[root@leaf conf]# cat nginx.conf

worker_processes 1;

events {

worker_connections 1024;

}

http {

include mime.types;

default_type application/octet-stream;

sendfile on;

keepalive_timeout 65;

server {

listen 80;

server_name localhost;

location / {

root html;

index index.html index.htm;

}

error_page 500 502 503 504 /50x.html;

location = /50x.html {

  root html;

}

}

}

2.修改配置文件

修改nginx.conf，并且增加配置文件extra/blog.conf，如下：

[root@leaf conf]# cat nginx.conf

worker_processes 1;

events {

worker_connections 1024;

}

http {

include mime.types;

default_type application/octet-stream;

sendfile on;

keepalive_timeout 65;

include extra/blog.conf;

}

[root@leaf conf]# cat extra/blog.conf

server {

listen 80;

server_name blog.xpleaf.org;

location / {

  root html/blog;

index index.html index.htm;

}

}

3.创建域名对应的站点目录及文件

[root@leaf conf]# cd ../html/

[root@leaf html]# mkdir blog

[root@leaf html]# echo "This page is: blog.xpleaf.org">blog/index.html

[root@leaf html]# cat blog/index.html

This page is: blog.xpleaf.org

4.重启Nginx服务

[root@leaf html]# /application/nginx/sbin/nginx -t

nginx: the configuration file /application/nginx-1.6.3//conf/nginx.conf syntax is ok

[root@leaf html]# /application/nginx/sbin/nginx -s reload # 平滑重启

5.CentOS 6.5上进行测试

先修改/etc/hosts文件：

[root@leaf html]# echo "127.0.0.1 blog.xpleaf.org" >>/etc/hosts

[root@leaf html]# tail -1 /etc/hosts

127.0.0.1 blog.xpleaf.org

再使用命令测试：

[root@leaf html]# curl blog.xpleaf.org

This page is: blog.xpleaf.org

[root@leaf html]# wget blog.xpleaf.org

--2017-03-04 04:58:42-- http://blog.xpleaf.org/

正在解析主机 blog.xpleaf.org... 127.0.0.1

正在连接 blog.xpleaf.org|127.0.0.1|:80... 已连接。

已发出 HTTP 请求，正在等待回应... 200 OK

长度：30 [text/html]

正在保存至: “index.html.1”

100%[====================================>] 30 --.-K/s in 0s

2017-03-04 04:58:42 (2.14 MB/s) - 已保存 “index.html.1” [30/30])

6.宿主机Windows 7上进行测试

同样是先修改hosts文件，Windows 7的hosts文件在C:WindowsSystem32driversetc，同样添加下面一行：

1

10.0.0.101 blog.xpleaf.org

使用浏览器访问blog.xpleaf.org，如下：

3.LNMP环境搭建：MySQL安装与基本安全优化

这里采用二进制安装的方式来安装MySQL，安装的版本为：MySQL Server 5.5.54，可以在https://dev.mysql.com/downloads/mysql/5.5.html#downloads中下载。

MySQL安装完成后会做一些基本的安全优化。

（1）MySQL安装

1.创建MySQL用户的账号

[root@leaf ~]# groupadd mysql

[root@leaf ~]# useradd -s /sbin/nologin -g mysql -M mysql

[root@leaf ~]# tail -1 /etc/passwd

mysql:x:501:501::/home/mysql:/sbin/nologin

2.下载MySQL

可以使用wget来进行安装，也可以先下载到Windows 7上，然后使用SecureCRT，在CentOS上使用rz命令（需要使用yum install -y lrzsz命令安装）上传到我们的CentOS上，其实不管哪一种方式，只要有方式获取到该安装包就可以了，下面使用的是wget获取安装包的方式：

[root@leaf tools]# wget

[root@leaf tools]# ls -l mysql-5.5.54-linux2.6-x86_64.tar.gz

-rw-r--r--. 1 root root 185911232 3月 3 13:34 mysql-5.5.54-linux2.6-x86_64.tar.gz

3.解压并移到指定目录

[root@leaf tools]# tar xf mysql-5.5.54-linux2.6-x86_64.tar.gz

[root@leaf tools]# mv mysql-5.5.54-linux2.6-x86_64 /application/mysql-5.5.54

[root@leaf tools]# ln -s /application/mysql-5.5.54/ /application/mysql

[root@leaf tools]# ls -l /application/

总用量 8

lrwxrwxrwx. 1 root root 26 3月 4 06:43 mysql -> /application/mysql-5.5.54/

drwxr-xr-x. 13 root root 4096 3月 4 06:42 mysql-5.5.54

lrwxrwxrwx. 1 root root 25 3月 4 04:28 nginx -> /application/nginx-1.6.3/

drwxr-xr-x. 11 root root 4096 3月 4 04:30 nginx-1.6.3

4.初始化MySQL配置文件

[root@leaf mysql]# cp support-files/my-small.cnf /etc/my.cnf

cp：是否覆盖"/etc/my.cnf"？ y

5.初始化MySQL数据库文件

[root@leaf mysql]# mkdir -p /application/mysql/data/

[root@leaf mysql]# chown -R mysql.mysql /application/mysql

[root@leaf mysql]# yum install -y libaio # 安装MySQL依赖函数库，否则下面的初始化会失败

[root@leaf mysql]# /application/mysql/scripts/mysql_install_db --basedir=/application/mysql --datadir=/application/mysql/data --user=mysql

......

# 输出结果可以看到两个OK，即说明初始化成功

[root@leaf mysql]# echo $? # 或者通过该命令，输出为0，即说明上一个步骤的命令执行成功

0

# 上面之后可以看到/application/mysql/data/目录下生成的数据库文件

6.配置并启动MySQL数据库

#（1）设置MySQL启动脚本

[root@leaf mysql]# cp support-files/mysql.server /etc/init.d/mysqld

[root@leaf mysql]# chmod +x /etc/init.d/mysqld

[root@leaf mysql]# ls -l /etc/init.d/mysqld

-rwxr-xr-x. 1 root root 10875 3月 4 06:56 /etc/init.d/mysqld

#（2）替换启动脚本中MySQL默认的安装路径/usr/local/mysql

[root@leaf mysql]# sed -i 's#/usr/local/mysql#/application/mysql#g' /application/mysql/bin/mysqld_safe /etc/init.d/mysqld

#（3）启动MySQL数据库

[root@leaf mysql]# /etc/init.d/mysqld start

Starting MySQL.Logging to '/application/mysql/data/leaf.err'.

... SUCCESS!

#（4）检查MySQL数据库是否启动

[root@leaf mysql]# netstat -lntup | grep mysql

tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 4400/mysqld

#（5）查看日志

[root@leaf mysql]# tail -10 /application/mysql/data/leaf.err

InnoDB: Creating foreign key constraint system tables

InnoDB: Foreign key constraint system tables created

170304 7:00:28 InnoDB: Waiting for the background threads to start

170304 7:00:29 InnoDB: 5.5.54 started; log sequence number 0

170304 7:00:29 [Note] Server hostname (bind-address): '0.0.0.0'; port: 3306

170304 7:00:29 [Note] - '0.0.0.0' resolves to '0.0.0.0';

170304 7:00:29 [Note] Server socket created on IP: '0.0.0.0'.

170304 7:00:29 [Note] Event Scheduler: Loaded 0 events

170304 7:00:29 [Note] /application/mysql/bin/mysqld: ready for connections.

Version: '5.5.54' socket: '/tmp/mysql.sock' port: 3306 MySQL Community Server (GPL)

#（6）设置MySQL开机启动

[root@leaf mysql]# chkconfig --add mysqld

[root@leaf mysql]# chkconfig mysqld on

[root@leaf mysql]# chkconfig --list mysqld

mysqld 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭

#（7）配置mysql命令的全局使用路径（注意这里配置的是命令，前面配置的只是启动脚本）

[root@leaf mysql]# echo 'export PATH=/application/mysql/bin:$PATH' >>/etc/profile

[root@leaf mysql]# source /etc/profile

[root@leaf mysql]# echo $PATH

/application/mysql/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin

#（8）登陆MySQL测试

[root@leaf mysql]# mysql

Welcome to the MySQL monitor. Commands end with ; or g.

Your MySQL connection id is 1

Server version: 5.5.54 MySQL Community Server (GPL)

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.

Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

mysql> show databases;

+--------------------+

| Database |

+--------------------+

| information_schema |

| mysql |

| performance_schema |

| test |

+--------------------+

4 rows in set (0.05 sec)

mysql> select user(); # 查看当前登陆的用户

+----------------+

| user() |

+----------------+

| root@localhost |

+----------------+

1 row in set (0.00 sec)

mysql> select host, user from mysql.user;

+-----------+------+

| host | user |

+-----------+------+

| 127.0.0.1 | root |

| ::1 | root |

| leaf | |

| leaf | root |

| localhost | |

| localhost | root |

+-----------+------+

6 rows in set (0.00 sec)

mysql> quit

Bye

（2）MySQL基本安全优化

1.为root用户设置密码

1

[root@leaf mysql]# mysqladmin -u root password '123456'

2.清理无用的MySQL用户及数据库

[root@leaf mysql]# mysql -u root -p

Enter password:

Welcome to the MySQL monitor. Commands end with ; or g.

Your MySQL connection id is 3

Server version: 5.5.54 MySQL Community Server (GPL)

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.

Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

mysql> select user, host from mysql.user;

+------+-----------+

| user | host |

+------+-----------+

| root | 127.0.0.1 |

| root | ::1 |

| | leaf |

| root | leaf |

| | localhost |

| root | localhost |

+------+-----------+

6 rows in set (0.00 sec)

mysql> drop user "root"@"::1";

Query OK, 0 rows affected (0.00 sec)

mysql> drop user ""@"leaf";

Query OK, 0 rows affected (0.00 sec)

mysql> drop user "root"@"leaf";

Query OK, 0 rows affected (0.01 sec)

mysql> drop user ""@"localhost";

Query OK, 0 rows affected (0.01 sec)

mysql> select user, host from mysql.user;

+------+-----------+

| user | host |

+------+-----------+

| root | 127.0.0.1 |

| root | localhost |

+------+-----------+

2 rows in set (0.00 sec)

mysql> flush privileges;

Query OK, 0 rows affected (0.00 sec)

# 删除无用的数据库

mysql> show databases;

+--------------------+

| Database |

+--------------------+

| information_schema |

| mysql |

| performance_schema |

| test |

+--------------------+

4 rows in set (0.00 sec)

mysql> drop database test;

Query OK, 0 rows affected (0.01 sec)

mysql> show databases;

+--------------------+

| Database |

+--------------------+

| information_schema |

| mysql |

| performance_schema |

+--------------------+

3 rows in set (0.00 sec)

到此为此，MySQL也安装完成了！

4.LNMP环境搭建：PHP（FastCGI方式）安装、配置与启动

（1）安装PHP依赖函数库

1.安装lib库

需要安装的lib库如下：

zlib-devel libxml2-devel libjpeg-devel libjpeg-turbo-devel libiconv-devel

freetype-devel libpng-devel gd-devel libcurl-devel libxslt-devel

其中除了libiconv库外，其他都可以通过yum的方式进行安装，安装如下：

# 使用yum安装除libiconv-devel之外的其它lib库

[root@leaf mysql]# yum install -y zlib-devel libxml2-devel libjpeg-devel libjpeg-turbo-devel libiconv-devel freetype-devel libpng-devel gd-devel libcurl-devel libxslt-devel

# 编译安装libiconv-devel

[root@leaf tools]# wget

[root@leaf tools]# tar zxf libiconv-1.14.tar.gz

[root@leaf tools]# cd libiconv-1.14

[root@leaf libiconv-1.14]# ./configure --prefix=/usr/local/libiconv

[root@leaf libiconv-1.14]# make

[root@leaf libiconv-1.14]# make install

2.安装libmcrypt库

[root@leaf ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo

[root@leaf ~]# yum install -y libmcrypt-devel

3.安装mhash加密扩展库

[root@leaf ~]# yum install -y mhash

4.安装mcrypt加密扩展库

[root@leaf ~]# yum install -y mcrypt

（2）安装PHP

使用的PHP版本号为5.3.27，如下：

1.下载PHP安装包

[root@leaf tools]# wget http://cn2.php.net/get/php-5.3.27.tar.gz/from/this/mirror

[root@leaf tools]# mv mirror php-5.3.27.tar.gz

[root@leaf tools]# ls -l php-5.3.27.tar.gz

-rw-r--r--. 1 root root 15008639 1月 21 2015 php-5.3.27.tar.gz

2.解压缩

[root@leaf tools]# tar zxf php-5.3.27.tar.gz

[root@leaf tools]# cd php-5.3.27

[root@leaf php-5.3.27]# pwd

/root/tools/php-5.3.27

3.配置PHP的安装参数

配置项非常多，如下：

./configure

--prefix=/application/php5.3.27

--with-mysql=/application/mysql

--with-iconv-dir=/usr/local/libiconv

--with-freetype-dir

--with-jpeg-dir

--with-png-dir

--with-zlib

--with-libxml-dir=/usr

--enable-xml

--disable-rpath

--enable-safe-mode

--enable-bcmath

--enable-shmop

--enable-sysvsem

--enable-inline-optimization

--with-curl

--with-curlwrappers

--enable-mbregex

--enable-fpm

--enable-mbstring

--with-mcrypt

--with-gd

--enable-gd-native-ttf

--with-openssl

--with-mhash

--enable-pcntl

--enable-sockets

--with-xmlrpc

--enable-zip

--enable-soap

--enable-short-tags

--enable-zend-multibyte

--enable-static

--with-xsl

--with-fpm-user=nginx

--with-fpm-group=nginx

--enable-ftp

可以将其直接复制到命令行进行配置，这样就可以减少出错的概率：

[root@leaf php-5.3.27]# ./configure

> --prefix=/application/php5.3.27

> --with-mysql=/application/mysql

> --with-iconv-dir=/usr/local/libiconv

> --with-freetype-dir

> --with-jpeg-dir

> --with-png-dir

> --with-zlib

> --with-libxml-dir=/usr

> --enable-xml

> --disable-rpath

> --enable-safe-mode

> --enable-bcmath

> --enable-shmop

> --enable-sysvsem

> --enable-inline-optimization

> --with-curl

> --with-curlwrappers

> --enable-mbregex

> --enable-fpm

> --enable-mbstring

> --with-mcrypt

> --with-gd

> --enable-gd-native-ttf

> --with-openssl

> --with-mhash

> --enable-pcntl

> --enable-sockets

> --with-xmlrpc

> --enable-zip

> --enable-soap

> --enable-short-tags

> --enable-zend-multibyte

> --enable-static

> --with-xsl

> --with-fpm-user=nginx

> --with-fpm-group=nginx

> --enable-ftp

......

+--------------------------------------------------------------------+

| License: |

| This software is subject to the PHP License, available in this |

| distribution in the file LICENSE. By continuing this installation |

| process, you are bound by the terms of this license agreement. |

| If you do not agree with the terms of this license, you must abort |

| the installation process at this point. |

+--------------------------------------------------------------------+

Thank you for using PHP.

4.编译PHP

[root@leaf php-5.3.27]# ln -s /application/mysql/lib/libmysqlclient.so.18

libmysqlclient.so.18 libmysqlclient.so.18.0.0

[root@leaf php-5.3.27]# ln -s /application/mysql/lib/libmysqlclient.so.18 /usr/lib64/

[root@leaf php-5.3.27]# touch ext/phar/phar.phar

[root@leaf php-5.3.27]# make

......

[root@leaf php-5.3.27]# echo $?

0

5.安装PHP

[root@leaf php-5.3.27]# make install

/root/tools/php-5.3.27/build/shtool install -c ext/phar/phar.phar /application/php5.3.27/bin

ln -s -f /application/php5.3.27/bin/phar.phar /application/php5.3.27/bin/phar

Installing PDO headers: /application/php5.3.27/include/php/ext/pdo/

......

[root@leaf php-5.3.27]# echo $?

0

（3）配置与启动PHP

1.设置PHP安装目录软链接

[root@leaf php-5.3.27]# ln -s /application/php5.3.27/ /application/php

[root@leaf php-5.3.27]# ls -l /application/php

lrwxrwxrwx. 1 root root 23 3月 4 08:59 /application/php -> /application/php5.3.27/

2.拷贝PHP配置文件到PHP默认目录

[root@leaf php-5.3.27]# cp php.ini-production /application/php/lib/php.ini

[root@leaf php-5.3.27]# ls -l /application/php/lib/php.ini

-rw-r--r--. 1 root root 69627 3月 4 09:00 /application/php/lib/php.ini

3.配置php-fpm.conf文件

[root@leaf php-5.3.27]# cd /application/php/etc/

[root@leaf etc]# ls

pear.conf php-fpm.conf.default

[root@leaf etc]# cp php-fpm.conf.default php-fpm.conf

4.启动PHP服务php-fpm

[root@leaf etc]# /application/php/sbin/php-fpm

5.检查启动进程与侦听端口号

[root@leaf etc]# ps -ef | grep php-fpm

root 129256 1 0 09:05 ? 00:00:00 php-fpm: master process (/application/php5.3.27/etc/php-fpm.conf)

nginx 129257 129256 0 09:05 ? 00:00:00 php-fpm: pool www

nginx 129258 129256 0 09:05 ? 00:00:00 php-fpm: pool www

root 129260 13743 0 09:06 pts/1 00:00:00 grep php-fpm

[root@leaf etc]# netstat -lntup | grep 9000

tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 129256/php-fpm

至此，PHP也安装完成了！LNMP的各个组件都安装好了，下面就要对LNMP环境进行测试了。

5.LNMP环境测试

（1）配置Nginx支持PHP程序请求访问

1.查看当前Nginx配置

[root@leaf etc]# cd /application/nginx/conf/

[root@leaf conf]# cat nginx.conf

worker_processes 1;

events {

worker_connections 1024;

}

http {

include mime.types;

default_type application/octet-stream;

sendfile on;

keepalive_timeout 65;

include extra/blog.conf;

}

[root@leaf conf]# cat extra/blog.conf

server {

listen 80;

server_name blog.xpleaf.org;

location / {

root html/blog;

index index.html index.htm;

}

}

2.修改extra/blog.conf配置文件

[root@leaf conf]# cat extra/blog.conf

server {

listen 80;

server_name blog.xpleaf.org;

location / {

root html/blog;

index index.html index.htm;

}

  location ~ .*.(php|php5)?$ {

root html/blog;

fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

include fastcgi.conf;

}

}

3.检查并启动Nginx

[root@leaf conf]# /application/nginx/sbin/nginx -t

nginx: the configuration file /application/nginx-1.6.3//conf/nginx.conf syntax is ok

nginx: configuration file /application/nginx-1.6.3//conf/nginx.conf test is successful

[root@leaf conf]# /application/nginx/sbin/nginx -s reload

（2）测试LNMP环境是否生效

1.配置域名站点目录

[root@leaf conf]# cd /application/nginx/html/blog/

[root@leaf blog]# echo "<?php phpinfo(); ?>" >test_info.php

[root@leaf blog]# cat test_info.php

<?php phpinfo(); ?>

2.宿主机上在浏览器中输入地址http://blog.xpleaf.org/test_info.php进行访问

（3）测试PHP连接MySQL是否正常

1.编辑text_mysql.php

[root@leaf blog]# cat test_mysql.php

<?php

$link_id=mysql_connect('localhost', 'root', '123456');

if($link_id){

echo "mysql succesful by xpleaf !";

}else{

echo mysql_error();

}

?>

2.宿主机上在浏览器中输入地址http://blog.xpleaf.org/test_mysql.php进行访问

至此，LNMP环境搭建与测试完成了，下面就可以开始部署WordPress了！

6.部署WordPress

（1）MySQL数据库准备

1.登陆mysql

[root@leaf blog]# mysql -u root -p

Enter password:

Welcome to the MySQL monitor. Commands end with ; or g.

Your MySQL connection id is 5

Server version: 5.5.54 MySQL Community Server (GPL)

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.

Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

mysql>

2.创建数据库wordpress

mysql> create database wordpress;

Query OK, 1 row affected (0.32 sec)

mysql> show databases;

+--------------------+

| Database |

+--------------------+

| information_schema |

| mysql |

| performance_schema |

| wordpress |

+--------------------+

4 rows in set (0.00 sec)

3.创建wordpress blog管理用户

mysql> grant all on wordpress.* to wordpress@'localhost' identified by '123456';

Query OK, 0 rows affected (0.08 sec)

mysql> show grants for wordpress@'localhost';

+------------------------------------------------------------------------------------------------------------------+

| Grants for wordpress@localhost |

+------------------------------------------------------------------------------------------------------------------+

| GRANT USAGE ON *.* TO 'wordpress'@'localhost' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' |

| GRANT ALL PRIVILEGES ON `wordpress`.* TO 'wordpress'@'localhost' |

+------------------------------------------------------------------------------------------------------------------+

2 rows in set (0.00 sec)

4.刷新MySQL用户权限

mysql> flush privileges;

Query OK, 0 rows affected (0.31 sec)

5.检查MySQL登录用户

mysql> select user,host from mysql.user;

+-----------+-----------+

| user | host |

+-----------+-----------+

| root | 127.0.0.1 |

| root | localhost |

| wordpress | localhost |

+-----------+-----------+

3 rows in set (0.00 sec)

（2）Nginx配置准备

1.修改blog.conf配置文件

[root@leaf conf]# cat extra/blog.conf

server {

listen 80;

server_name blog.xpleaf.org;

location / {

root html/blog;

index index.php index.html index.htm;

}

location ~ .*.(php|php5)?$ {

root html/blog;

fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

include fastcgi.conf;

}

}

# 相比前面的配置文件，只是在/下添加了index.php

# 不过需要注意的是，index.php一定要放在index关键字之后，

# 这样访问blog.xpleaf.org时，才会打开我们的WordPress页面

2.重启Nginx服务

[root@leaf conf]# /application/nginx/sbin/nginx -s reload

（3）配置WordPress

1.获取WordPress安装包

[root@leaf tools]# wget

[root@leaf tools]# ls -lh wordpress-4.7.2-zh_CN.tar.gz

-rw-r--r--. 1 root root 8.1M 1月 28 08:53 wordpress-4.7.2-zh_CN.tar.gz

2.解压缩与配置站点目录

[root@leaf tools]# cp wordpress-4.7.2-zh_CN.tar.gz /application/nginx/html/blog/

[root@leaf tools]# cd /application/nginx/html/blog/

[root@leaf blog]# tar zxf wordpress-4.7.2-zh_CN.tar.gz

[root@leaf blog]# ls

index.html test_mysql.php wordpress-4.7.2-zh_CN.tar.gz

test_info.php wordpress

[root@leaf blog]# rm -rf test_* wordpress-4.7.2-zh_CN.tar.gz # 删除无用的文件

[root@leaf blog]# ls

index.html wordpress

[root@leaf blog]# mv wordpress/* ./ # 将wordpress程序移到当前blog目录下

[root@leaf blog]# ls

index.html wp-admin wp-includes wp-signup.php

index.php wp-blog-header.php wp-links-opml.php wp-trackback.php

license.txt wp-comments-post.php wp-load.php xmlrpc.php

readme.html wp-config-sample.php wp-login.php

wordpress wp-content wp-mail.php

wp-activate.php wp-cron.php wp-settings.php

[root@leaf blog]# ls -l

总用量 196

-rw-r--r--. 1 root root 30 3月 4 04:54 index.html

-rw-r--r--. 1 nobody 65534 418 9月 25 2013 index.php

-rw-r--r--. 1 nobody 65534 19935 1月 3 02:51 license.txt

-rw-r--r--. 1 nobody 65534 6956 1月 28 08:53 readme.html

drwxr-xr-x. 2 nobody 65534 4096 3月 4 09:50 wordpress

......

3.对blog下所有文件授予nginx用户和组的权限

[root@leaf blog]# chown -R nginx.nginx ../blog/

[root@leaf blog]# ls -l

总用量 196

-rw-r--r--. 1 nginx nginx 30 3月 4 04:54 index.html

-rw-r--r--. 1 nginx nginx 418 9月 25 2013 index.php

-rw-r--r--. 1 nginx nginx 19935 1月 3 02:51 license.txt

-rw-r--r--. 1 nginx nginx 6956 1月 28 08:53 readme.html

drwxr-xr-x. 2 nginx nginx 4096 3月 4 09:50 wordpress

......

（4）安装WordPress

在宿主机浏览器上输入地址：http://blog.xpleaf.org，如下：

接下来的安装都是非常人性化的，点击“现在就开始”，出现下面的页面：

填好信息后，点击“提交”，如下：

点击“进行安装”，接下来就会让我们填写一些信息，如下：

点击“安装WordPress”，之后就会显示如下页面：

显示上面的页面，就说明我们的WordPress安装成功了！接下来就可以好好管理自己的个人WordPress博客站点了！

7.下一步要做什么

可以在云主机上，如腾讯云或者阿里云上搭建LNMP环境，再部署一个WordPress博客程序，为了达到域名访问的效果，可以购买一个域名，然后自己搭建DNS服务器，这会是非常不错的体验！

接下来就可以考虑对LNMP进行优化了。

Nginx功能非常强大，仅仅是通过主配置文件nginx.conf的使用就可以体现出来，为了方便学习和查漏，将其主配置文件的完整内容列出来，并加上个人的一些理解以作为笔记，从而去加深记忆。

1.Nginx主配置文件与说明

如下：

#user nobody;

# ====================================Main区==================================== #

# Main区为Nginx核心功能模块

worker_processes 1; # worker进程的数量

#error_log logs/error.log; # Nginx错误日志配

#error_log logs/error.log notice; # notice, info为错误日志级别

#error_log logs/error.log info; # 一般使用warn|error|crit这三个级别

#pid logs/nginx.pid;

# ====================================Main区==================================== #

# ====================================events区==================================== #

# events区为Nginx核心功能模块

events {

worker_connections 1024; # 每个worker进程支持的最大连接数

}

# ====================================events区==================================== #

# ====================================HTTP区==================================== #

# http区为Nginx核心功能模块

http {

include mime.types; # Nginx支持的媒体类型库文件

default_type application/octet-stream; # 默认的媒体类型

# =========访问日志配置======== #

# 开始这三行为日志格式

#log_format main '$remote_addr - $remote_user [$time_local] "$request" '

# '$status $body_bytes_sent "$http_referer" '

# '"$http_user_agent" "$http_x_forwarded_for"';

# 这一行为记录日志的参数，第一个参数为关键字参数，第二个为日志目录，第三个为使用的日志格式

#access_log logs/access.log main;

# =========访问日志配置======== #

sendfile on; # 开启高效传输模式

#tcp_nopush on;

#keepalive_timeout 0;

keepalive_timeout 65; # 连接超时时间

#gzip on;

server { # server区块，表示一个独立的虚拟主机站点

listen 80; # 提供服务的端口

server_name localhost; # 提供服务的域名主机名

#charset koi8-r;

#access_log logs/host.access.log main;

location / { # location区块

root html; # 站点的根目录，相当于Nginx的安装目录

index index.html index.htm; # 默认的首页文件，多个用空格分开

}

# [扩展功能1：实现Nginx status] #

##status

server{

listen 80;

server_name status.etiantian.org;

location / {

stub_status on;

access_log off;

}

}

# [扩展功能1：实现Nginx status] #

#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html

#

error_page 500 502 503 504 /50x.html; # 出现对应的http状态码时，使用50x.html回应客户

location = /50x.html { # location区块，访问50x.html

root html; # 指定对应的站点目录为html

}

# proxy the PHP scripts to Apache listening on 127.0.0.1:80

#

#location ~ .php$ {

# proxy_pass http://127.0.0.1;

#}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000

#

#location ~ .php$ {

# root html;

# fastcgi_pass 127.0.0.1:9000;

# fastcgi_index index.php;

# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;

# include fastcgi_params;

#}

# deny access to .htaccess files, if Apache's document root

# concurs with nginx's one

#

#location ~ /.ht {

# deny all;

#}

}

# another virtual host using mix of IP-, name-, and port-based configuration

#

#server {

# listen 8000;

# listen somename:8080;

# server_name somename alias another.alias;

# location / {

# root html;

# index index.html index.htm;

# }

#}

# HTTPS server

#

#server {

# listen 443 ssl;

# server_name localhost;

# ssl_certificate cert.pem;

# ssl_certificate_key cert.key;

# ssl_session_cache shared:SSL:1m;

# ssl_session_timeout 5m;

# ssl_ciphers HIGH:!aNULL:!MD5;

# ssl_prefer_server_ciphers on;

# location / {

# root html;

# index index.html index.htm;

# }

#}

}

# ====================================HTTP区==================================== #

vim /usr/local/nginx/conf/nginx.conf 文件下：

worker_processes 1;

worker_rlimit_nofile 100000;

events {

worker_connections 2048;

multi_accept on;

use epoll;

}

http {

server_tokens off;

sendfile on;

tcp_nopush on;

tcp_nodelay on; (提升速类)

access_log off;

error_log error.log crit;

keepalive_timeout 10; （如果客户打开该网页，长时间没请求，占着不用。服务端可以设置多长时间，断掉该客户端连接）

client_header_timeout 10;

client_body_timeout 10;

reset_timedout_connection on;

send_timeout 10;

include mime.types;

default_type text/html;

charset UTF-8;

gzip on; （压缩页面中大于1000字节压缩格式类型）（[root@proxe conf]# vim /usr/local/nginx/conf/mime.types， application/msword doc;）

gzip_disable "msie6";

gzip_proxied any;

gzip_min_length 1000;

gzip_comp_level 6;

gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss

text/javascript;

client_header_buffer_size 1k;(当头部信息比较大，报414错时加上这条和下面这条 )

large_client_header_buffers 4 4k;

open_file_cache max=100000 inactive=20s;

open_file_cache_valid 60s;

open_file_cache_min_uses 2;

open_file_cache_errors off;

server {

   listen 80;

   server_name localhost;

location / {

   root html;

   index index.html index.htm;

     }

error_page 500 502 503 504 /50x.html;

   location = /50x.html {

   root html;

}

}

}

worker_processes 1; (cpu核心数量一致)

linux最大打开文件数量1024

worker_connections 65556;

ulimit -a (系统默认值)

...

open files 1024

++++++++++++

优化案例：

+++++++++++++

———————————————————————————————————————————

做并发连接数

1.[root@proxe conf]# vim /usr/local/nginx/conf/nginx.conf

events {

  worker_connections 10000;

}

[root@proxe conf]# nginx -s reload

2.vim /etc/security/limits.conf (最下面有模板）

* soft nofile 100000

* hard nofile 100000

3.

ulimit -a

ulimit -Hn 100000

ulimit -Sn 100000

ulimit -a

[root@proxe conf]# ab -c 5000 -n 5000 http://192.168.4.5/ （OK）

压力测试：ab （yum中下一个httpd-tools）

[root@proxe conf]# ab -c 50 -n 5000 http://192.168.4.5/

——————————————————————————————————

安全设置（屏蔽nginx版本号)

[root@proxe conf]# curl -I 192.168.4.5

HTTP/1.1 302 Moved Temporarily

Server: nginx/1.8.0

Date: Thu, 16 Feb 2017 13:36:21 GMT

Content-Type: text/html

Content-Length: 160

Connection: keep-alive

Location: http://www.b.com/b.html

[root@proxe conf]# vim /usr/local/nginx/conf/nginx.conf

http {

server_tokens off; （加这个屏蔽版本号）

include mime.types;

default_type application/octet-stream;

[root@proxe conf]# nginx -s reload

[root@proxe conf]# curl -I 192.168.4.5

HTTP/1.1 302 Moved Temporarily

Server: nginx

Date: Thu, 16 Feb 2017 13:36:42 GMT

Content-Type: text/html

Content-Length: 154

Connection: keep-alive

Location: http://www.b.com/b.html

———————————————————————————————————————————————————————————

解决客户机访问头部信息过长的问题。

当访问时输入的地址头部信息过长时报414错误时，查看buffer,默认时为1，改成下面这两行就行。若是发现本来buffers就设置为4 4k时，

不用再改了，可能是别人恶意攻击，最大不要改到4 8k)

client_header_buffer_size 1k;(当头部信息比较大，报414错时加上这条和下面这条 )

large_client_header_buffers 4 4k;

————————————————————————————————————————————————————————————

在客户机上做缓存

在服务器中设置格式为pdf|jpg|mp3|png的文件，使打开该格式页面文件的客户机浏览器中缓存30天（一般只做静态缓存）

[root@proxe ~]# vim /usr/local/nginx/conf/nginx.conf

location ~ .(pdf|jpg|mp3|png) ${

expires 30d;

}

[root@proxe ~]# cp knowledge point $2.1$

[root@proxe ~]# nginx -s reload

[root@host ~]# firefox http://192.168.4.5/a.pdf

在打开的浏览器（firefox）地址栏中：输入 about:cache 可以看到刚打开的页面找到它可以看到从哪天保存到哪天。（做实验时先把浏览器缓存清空）

——————————————————————————————————

防止盗链

Referer：告诉服务器，从哪里来

访问新浪：可以直接访问新浪，也可从百度中链接过去，但referer不一样。

------>sina

baidu ----->sina

referer:www.baidu.com

referer:www.sina.com

www.youku.com www.letv.com

www.bird.org :所有资源（做链接），搜索功能目的是扩大自己网站的影响和点击，让别人知道自己域名。

防止盗链

vaild_referers (有效的允许链接)

if 拒绝的

实验操作：

location ~*. (pdf|jpg|mp3|png|flv) ${

vaild_referers none blocked www.tarena.com;

if($invalid_referer){

rewrite ^/ http:www.a.com/a.html

}

}

————————————————————————————————————————————————————————

使用Nginx可以配置基于域名的虚拟主机、基于端口的虚拟主机和基于端口的虚拟主机，比较常用的是基于域名的虚拟主机，这里要做的配置是基于域名的虚拟主机，并且是配置多个基于域名的虚拟主机。

2.配置一个基于域名的虚拟主机与测试

先启动Nginx，验证服务是否正常：

[root@leaf ~]# /application/nginx/sbin/nginx

[root@leaf ~]# netstat -lnp | grep 80

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 6881/nginx

unix 2 [ ACC ] STREAM LISTENING 9180 1/init @/com/ubuntu/upstart

[root@leaf ~]# curl localhost

<h1>Hello, I'm xpleaf.</h1>

[root@leaf ~]# LANG=en

[root@leaf ~]# wget localhost

--2017-02-24 13:33:43-- http://localhost/

Resolving localhost... ::1, 127.0.0.1

Connecting to localhost|::1|:80... failed: Connection refused.

Connecting to localhost|127.0.0.1|:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 28 [text/html]

Saving to: `index.html.1'

100%[======================================>] 28 --.-K/s in 0s

2017-02-24 13:33:43 (1.87 MB/s) - `index.html.1' saved [28/28]

从上面的输出可以看到，此时Nginx是可以正常运行和提供服务的。

（1）实验准备：最小化Nginx的主配置文件nginx.conf

Nginx的配置文件在安装目录下的conf目录中：

[root@leaf ~]# tree /application/nginx

/application/nginx

|-- client_body_temp

|-- conf

| |-- fastcgi.conf

| |-- fastcgi.conf.default

| |-- fastcgi_params

| |-- fastcgi_params.default

| |-- koi-utf

| |-- koi-win

| |-- mime.types

| |-- mime.types.default

| |-- nginx.conf

| |-- nginx.conf.default

| |-- scgi_params

| |-- scgi_params.default

| |-- uwsgi_params

| |-- uwsgi_params.default

| `-- win-utf

|-- fastcgi_temp

|-- html

| |-- 50x.html

| |-- index.html

| `-- index.html.source

|-- logs

| |-- access.log

| |-- error.log

| `-- nginx.pid

|-- proxy_temp

|-- sbin

| `-- nginx

|-- scgi_temp

`-- uwsgi_temp

nginx.conf便是主配置文件，nginx.conf.default则是它的备份，该配置文件有数百行：

1

2

[root@leaf conf]# wc -l nginx.conf

117 nginx.conf

为了学习的方便，可以考虑将其注释内容去掉：

[root@leaf conf]# egrep -v "#|^$" nginx.conf.default >nginx.conf

[root@leaf conf]# cat nginx.conf

worker_processes 1;

events {

worker_connections 1024;

}

http {

include mime.types;

default_type application/octet-stream;

sendfile on;

keepalive_timeout 65;

server {

listen 80;

server_name localhost;

location / {

root html;

index index.html index.htm;

}

error_page 500 502 503 504 /50x.html;

location = /50x.html {

root html;

}

}

}

[root@leaf conf]# wc -l nginx.conf

22 nginx.conf

去掉了注释和空白行后只有22行，就很方便我们待会做实验时进行配置了。

（2）修改配置文件

假设我们的Nginx为站点www.xpleaf.cn服务，则可以将主配置文件修改为如下：

[root@leaf conf]# cat nginx.conf

worker_processes 1;

events {

worker_connections 1024;

}

http {

include mime.types;

default_type application/octet-stream;

sendfile on;

keepalive_timeout 65;

server {

listen 80;

  server_name www.xpleaf.com;

location / {

root html/www;

index index.html index.htm;

}

}

}

主要是修改了第12行和第14行，其中第14行说明该站点的根目录的html文件在html/www/目录中。

（3）创建域名对应的站点目录及文件

[root@leaf nginx]# cd html/

[root@leaf html]# mkdir www

[root@leaf html]# echo "This page is: www.xpleaf.cn">www/index.html

[root@leaf html]# cat www/index.html

This page is: www.xpleaf.cn

（4）重新启动Nginx服务

[root@leaf html]# /application/nginx/sbin/nginx -t   # 检查Nginx配置语法

nginx: the configuration file /application/nginx-1.6.3//conf/nginx.conf syntax is ok

nginx: configuration file /application/nginx-1.6.3//conf/nginx.conf test is successful

[root@leaf html]# /application/nginx/sbin/nginx -s reload   # 优雅重启Nginx

（5）在CentOS 6.5上进行测试

因为上面我们设置的域名www.xpleaf.cn实际是可能不存在，但为了达到测试的目的，即当访问www.xpleaf.cn时，能够解析到我们CentOS上的IP地址，从而可以访问其上面的Nginx服务，达到访问Nginx虚拟主机的目的，所以在CentOS上进行测试时，我们需要修改/etc/hosts文件，让www.xpleaf.cn解析为CentOS的IP地址：

[root@leaf html]# echo "127.0.0.1 www.xpleaf.cn" >>/etc/hosts

[root@leaf html]# tail -1 /etc/hosts

127.0.0.1 www.xpleaf.cn

此时，在CentOS上使用curl命令和wget命令来访问www.xpleaf.cn，查看测试结果：

[root@leaf html]# curl www.xpleaf.cn

This page is: www.xpleaf.cn

[root@leaf html]# wget www.xpleaf.cn

--2017-02-24 13:58:29-- http://www.xpleaf.cn/

Resolving www.xpleaf.cn... 127.0.0.1

Connecting to www.xpleaf.cn|127.0.0.1|:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 28 [text/html]

Saving to: `index.html.1'

100%[======================================>] 28 --.-K/s in 0s

2017-02-24 13:58:29 (2.24 MB/s) - `index.html.1' saved [28/28]

从输出结果可以知道，此时Nginx成功地为域名为www.xpleaf.cn的虚拟主机提供了服务。

（6）在Windows 7主机上进行测试

为了达到前面说的目的，在Windows操作系统上同样需要修改hosts文件，Windows 7的hosts文件在C:WindowsSystem32driversetc，同样添加下面一行：

1

10.0.0.101 www.xpleaf.cn

这时在浏览器中输入地址www.xpleaf.cn，查看返回的结果：

wKiom1ixs6jzW6yTAAAjHHKgIE8656.png

可以看到，可以正常访问。

3.配置多个基于域名的虚拟主机与测试

上面的实验中只有一个站点www.xpleaf.cn，假如还有两个站点bbs.xpleaf.cn和log.xpleaf.cn，

同样需要Nginx来提供服务，这时就需要配置多个基于域名的虚拟主机了，不过有了上面的基础后，下面

的操作就会容易很多，因为思路都是一样的。

（1）修改主配置文件nginx.conf

在前面的基础上，修改为如下：

[root@leaf conf]# cat nginx.conf

worker_processes 1;

events {

worker_connections 1024;

}

http {

include mime.types;

default_type application/octet-stream;

sendfile on;

keepalive_timeout 65;

  server {

listen 80;

  server_name www.xpleaf.com;

location / {

  root html/www;

index index.html index.htm;

}

}

  server {

listen 80;

  server_name bbs.xpleaf.com;

location / {

  root html/bbs;

index index.html index.htm;

}

}

  server {

listen 80;

  server_name blog.xpleaf.com;

location / {

  root html/blog;

index index.html index.htm;

}

}

}

（2）创建域名对应的站点目录及文件

[root@leaf html]# mkdir bbs

[root@leaf html]# echo "This page is: bbs.xpleaf.cn" >bbs/index.html

[root@leaf html]# mkdir blog

[root@leaf html]# echo "This page is: blog.xpleaf.cn" >blog/index.html



[root@leaf html]# cat bbs/index.html blog/index.html

This page is: bbs.xpleaf.cn

This page is: blog.xpleaf.cn

（3）重新启动Nginx服务

[root@leaf html]# /application/nginx/sbin/nginx -t   # 检查Nginx配置语法

nginx: the configuration file /application/nginx-1.6.3//conf/nginx.conf syntax is ok

nginx: configuration file /application/nginx-1.6.3//conf/nginx.conf test is successful

[root@leaf html]# /application/nginx/sbin/nginx -s reload   # 优雅重启Nginx

（4）在CentOS 6.5上进行测试

在原来基础上，修改/etc/hosts文件，在127.0.0.1地址后添加bbs.xpleaf.cn和blog.xpleaf.cn两个域名：

[root@leaf html]# tail -1 /etc/hosts

127.0.0.1 www.xpleaf.cn bbs.xpleaf.cn blog.xpleaf.cn

使用curl命令和wget命令进行测试：

[root@leaf html]# curl bbs.xpleaf.cn

This page is: www.xpleaf.cn

[root@leaf html]# curl blog.xpleaf.cn

This page is: www.xpleaf.cn

[root@leaf html]# wget bbs.xpleaf.cn

--2017-02-24 14:19:54-- http://bbs.xpleaf.cn/

Resolving bbs.xpleaf.cn... 127.0.0.1

Connecting to bbs.xpleaf.cn|127.0.0.1|:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 28 [text/html]

Saving to: `index.html.2'

100%[======================================>] 28 --.-K/s in 0s

2017-02-24 14:19:54 (2.37 MB/s) - `index.html.2' saved [28/28]

[root@leaf html]# wget blog.xpleaf.cn

--2017-02-24 14:20:00-- http://blog.xpleaf.cn/

Resolving blog.xpleaf.cn... 127.0.0.1

Connecting to blog.xpleaf.cn|127.0.0.1|:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 28 [text/html]

Saving to: `index.html.3'

100%[======================================>] 28 --.-K/s in 0s

2017-02-24 14:20:00 (2.24 MB/s) - `index.html.3' saved [28/28]

从上面结果可以知道，Nginx为各个虚拟主机正常提供服务。

（5）在Windows 7主机上进行测试

在原来基础上，修改hosts文件，如下：

1

10.0.0.101 www.xpleaf.cn bbs.xpleaf.cn blog.xpleaf.cn

在浏览器上分别访问各个域名，查看其返回结果：

访问www.xpleaf.cn:

访问bbs.xpleaf.cn:

访问blog.xpleaf.cn:

可以看到访问每个域名都返回了期待的页面，说明测试成功！

6.进阶：Nginx虚拟主机的别名配置

所以虚拟主机别名，就是为虚拟主机设置除了主域名以外的一个或多个域名名字，这样就能实现用户访问的多个域名对应同一个虚拟主机网站的功能。

以www.xpleaf.cn为例，希望添加一个别名xpleaf.cn，这样当访问xpleaf.cn时，和访问www.xpleaf.cn得到的结果是一样的。

其实配置的思路非常简单，只需要在上面nginx.conf配置文件中www.xpleaf.cn的server域中再添加一个xpleaf.cn的域名就可以了，如下：

server {

listen 80;

  server_name www.xpleaf.com xpleaf.cn;

location / {

root html/www;

index index.html index.htm;

}

}

测试的话依然按照前面的方法进行，即先检查Nginx配置文件、平滑重启Nginx服务、配置hosts文件，最后通过命令行或浏览器的方式进行验证，因为跟前面是一样的，所以这里就不展开了。

5.下一步要做什么

可以考虑配置与测试基于端口的虚拟主机和基于IP地址的虚拟主机，其实只要把上面的弄清楚了，再做这些配置就会容易很多了。

grep -v "#" nginx.conf

user nobody;

worker_processes 8;

error_log /data/log/nginx/error.log notice;

pid logs/nginx.pid;

events {

worker_connections 20000;

}

http {

include mime.types;

default_type application/octet-stream;

log_format main '$remote_addr - $remote_user $upstream_response_time $request_time [$time_local] "$request" '

'$status $body_bytes_sent "$http_referer" '

'"$http_user_agent" "$http_x_forwarded_for"';

access_log /data/log/nginx/access.log main;

limit_req_zone $binary_remote_addr zone=allips:10m rate=10r/m;

gzip on;

server_names_hash_bucket_size 128;

client_header_buffer_size 32k;

large_client_header_buffers 4 32k;

client_max_body_size 8m;



sendfile on;

tcp_nopush on;

tcp_nodelay on;

fastcgi_connect_timeout 300;

fastcgi_send_timeout 300;

fastcgi_read_timeout 300;

fastcgi_buffer_size 64k;

fastcgi_buffers 4 64k;

fastcgi_busy_buffers_size 128k;

fastcgi_temp_file_write_size 128k;

chunked_transfer_encoding off;

server_tokens off;

upstream bbnews{

server 106.51.33.116:9091;

keepalive 60;

}

upstream xinhuasite{

server 106.51.33.124:80;

keepalive 60;

}



upstream bbimg2{

server 106.51.33.117:80;

server 106.51.33.120:80;

}

server {

listen 80;

location /M00{

alias /data/fastdfs_storaged;

ngx_fastdfs_module;

}

location / {

root html;

index index.html index.htm;

}

error_page 500 502 503 504 /50x.html;

location = /50x.html {

root html;

}

location ~ .php$ {

fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

include fastcgi_params;

}

location /server_status{

stub_status on;

access_log off;

allow 18.168.21.118;

allow 127.0.0.1;

deny all;

}

}

server {

listen 80;

server_name bimg.haoren.com bimg4.haoren.com;

set $root_path /usr/local/nginx/html/webxinhua_static/public;

index index.html;

root $root_path;

location /M00{

alias /data/fastdfs_storaged;

ngx_fastdfs_module;

}

location /assets{

add_header "Access-Control-Allow-Origin" "bb.haoren.com,xinhua.haoren.com,bbimg.haoren.com";

add_header "Access-Control-Allow-Credentials" "true";

}

gzip_disable "MSIE [1-6].";

gzip_types text/plain application/x-javascript text/css text/javascript image/jpeg image/gif image/png video/mp4;

}

server {

listen 80;

server_name imgcheck.ztsafe.com;

set $root_path /data/img;

index index.html;

root $root_path;

location /M00{

alias /data/fastdfs_storaged;

ngx_fastdfs_module;

}

location /assets{

add_header "Access-Control-Allow-Origin" "bb.haoren.com,xinhua.haoren.com,bbimg.haoren.com";

add_header "Access-Control-Allow-Credentials" "true";

}

gzip_disable "MSIE [1-6].";

gzip_types text/plain application/x-javascript text/css text/javascript image/jpeg image/gif image/png video/mp4;

}

server {

listen 80;

server_name bimg2.haoren.com;

index index.html index.php;

location /{

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header NetType-WT 1;

proxy_pass http://bimg2;

}

}

server {

listen 80;

listen 443 ssl;

server_name xinhua.haoren.com bb.haoren.com 2b.haoren.com b.haoren.com bian.tv www.xinhua.tv 10.51.103.11;

set $root_path /usr/local/nginx/html/webxinhua_deploy/public;

ssl_certificate /usr/local/nginx/conf/ssl/dbz.haoren.com.cn_bundle.crt;

ssl_certificate_key /usr/local/nginx/conf/ssl/dbz.haoren.com.cn.key;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_prefer_server_ciphers on;

ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;

ssl_session_timeout 5m;

if ( $http_user_agent ~ "(MIDP)|(WAP)|(UP.Browser)|(Smartphone)|(Obigo)|(Mobile)|(AU.Browser)|(wxd.Mms)|(WxdB.Browser)|(CLDC)|(UP.Link)|(KM.Browser)|(UCWEB)|(SEMC-Browser)|(Mini)|(Symbian)|(Palm)|(Nokia)|(Panasonic)|(MOT-)|(SonyEricsson)|(NEC-)|(Alcatel)|(Ericsson)|(BENQ)|(BenQ)|(Amoisonic)|(Amoi-)|(Capitel)|(PHILIPS)|(SAMSUNG)|(Lenovo)|(Mitsu)|(Motorola)|(SHARP)|(WAPPER)|(LG-)|(LG/)|(EG900)|(CECT)|(Compal)|(kejian)|(Bird)|(BIRD)|(G900/V1.0)|(Arima)|(CTL)|(TDG)|(Daxian)|(DAXIAN)|(DBTEL)|(Eastcom)|(EASTCOM)|(PANTECH)|(Dopod)|(Haier)|(HAIER)|(KONKA)|(KEJIAN)|(LENOVO)|(Soutec)|(SOUTEC)|(SAGEM)|(SEC-)|(SED-)|(EMOL-)|(INNO55)|(ZTE)|(iPhone)|(Android)|(Windows CE)|(Wget)|(Java)|(curl)|(Opera)" )

{

}

index index.html index.php;

root $root_path;

location ~* ^/login$ {

return 404;

}

location ~* ^/login/xinhua$ {

limit_req zone=allips;

try_files $uri $uri/ @rewrite;

}

location ~* ^/backend {

deny 11.130.19.9;

deny 14.141.19.95;

allow 106.51.33.156;

allow 18.168.21.18;

allow 18.168.12.45;

allow 18.168.12.17;

try_files $uri $uri/ @rewrite;

}

location /news/{

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_pass http://bbnews;

}

location /html/{

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_pass http://xinhuasite;

}

location ^~/gamehall/{

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_pass http://xinhuasite;

}

try_files $uri $uri/ @rewrite;

location @rewrite {

rewrite ^/(.*)$ /index.php?_url=/$1;

}

location ~ .php$ {

fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

fastcgi_param REQUEST_URI $uri?$args;

include fastcgi_params;

}

}

}
相关阅读:
bzoj 2599
bzoj 3697
poj 1741
bzoj 2741
bzoj 5495
bzoj 3261
网络流24题——骑士共存问题 luogu 3355
网络流24题——数字梯形问题 luogu 4013
bzoj 3998
网络流24题——魔术球问题 luogu 2765
原文地址：https://www.cnblogs.com/aaronguo/p/10056114.html