• LNMP的环境配置


    LNMP环境配置

    1.安装mysql

    上传MySQL压缩包并解压 tar zxvf mysql
    
    # mv mysql-5.6.43-linux-glibc2.12-x86_64 /usr/local/mysql //移动mysql包
    
    # useradd -s /sbin/nologin mysql //创建用户
    
    # cd /usr/local/mysql //进入文件
    
    # mkdir -p /data/mysql
    
    # chown -R mysql:mysql /data/mysql
    
    # ./scripts/mysql_install_db --user=mysql --datadir=/data/mysql
    
    # cp support-files/my-default.cnf /etc/my.cnf
    
    # cp support-files/mysql.server /etc/init.d/mysqld
    
    # chmod 755 /etc/init.d/mysqld
    
    # vi /etc/init.d/mysqld //修改配置文件中的datedir=/data/mysql
    
    # chkconfig --add mysqld   //把启动脚本加入系统服务
    
    # chkconfig mysqld on //设置开机自启
    
    # service mysqld start
    
    # ps aux |grep mysqld //查看是否启动

    2. 安装php

    上传php包并解压

    # useradd -s /sbin/nologin php-fpm        //创建用户
    # cd php-5.6.30
    # ./configure  --prefix=/usr/local/php-fpm  --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm  --with-fpm-user=php-fpm  --with-fpm-group=php-fpm  --with-mysql=/usr/local/mysql  --with-mysql-sock=/tmp/mysql.sock  --with-libxml-dir --with-gd  --with-png-dir  --with-freetype-dir --with-iconv-dir --with-zlib-dir  --with-mcrypt  --enable-soap  --enable-gd-native-ttf  --enable-ftp  --enable-mbstring --enable-exif  --disable-ipv6  -with-pear --with-curl  --with-openssl            //配置编译选项

    以上在配置编译过程中会出现错误,安装一下的包

    # yum install -y libxml2-devel
    # yum install -y gcc 
    # yum install -y openssl openssl-devel 
    # yum install -y bzip2 bzip2-devel 
    # yum install -y libpng libpng-devel
    # yum install -y freetype freetype-devel 
    # yum install -y epel-release 
    # yum install -y libmcrypt-devel

    由于这回和lanp相比多了一个--enable-fpm(如果不加这个参数,php-fpm文件就不会产生,更不能启动php-fpm服务)

    #yum install -y libcurl-devel
    在编译之前先更改一下配置我呢见防止后面编译时候出错。
    #vi Makefile    //在102行。在-lcrypt后面加上“-lpthread”
    #make && make install        //如果忘记更改配置文件进行make了,再去更改的配置文件,就make clean一下    

    修改配置文件

    # cd php.ini-production /usr/local/php-fpm/etc/php.ini
    # vi /usr/local/php-fpm/etc/php-fpm.conf
    [global]
    pid = /usr/local/php-fpm/var/run/php-fpm.pid
    error_log = /usr/local/php-fpm/var/log/php-fpm.log
    [www]
    listen = /tmp/php-fcgi.sock
    listen.mode = 666
    user = php-fpm
    group = php-fpm
    pm = dynamic
    pm.max_children = 50
    pm.start_servers = 20 
    pm.min_spare_servers = 5
    pm.max_spare_servers = 35
    pm.max_requests = 500
    rlimit_files = 1024

    检验配置文件是否正确

    # /usr/local/php-fpm/sbin/php-fpm -t

    显示的是test is successful则配置文件正确否则检查配置文件

    启动php

    # cp /local/src/php-5.6.30/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
    # chmod 755 /etc/init.d/php-fpm
    # useradd -s /sbin/nologin php-fpm
    # service php-fpm start

    设置开机自启

    # chkconfig php-fpm on

    检查启动是否成功

    # ps aux |grep php-fpm

    2. 安装nginx

    上传nginx包并解压

    # cd nginx-1.10.3
    # ./configure --prefix=/usr/local/nginx        //配置编译选项
    # make && make install         //如果这里出现错误就重来吧

    编写脚本

    # vi /etc/init.d/nginx        //脚本如下!!!注意不要错,可能我这里面也会有错误,如果后边出错就查下日志排一下吧,顺便在这评论出来吧

    #!/bin/bash

    # chkconfig: - 30 21

    # description: http service.

    # Source Function Library

    . /etc/init.d/functions

    # Nginx Settings

    NGINX_SBIN="/usr/local/nginx/sbin/nginx"

    NGINX_CONF="/usr/local/nginx/conf/nginx.conf"

    NGINX_PID="/usr/local/nginx/logs/nginx.pid"

    RETVAL=0

    prog="Nginx"

    start()

    {

        echo -n $"Starting $prog: "

        mkdir -p /dev/shm/nginx_temp

        daemon $NGINX_SBIN -c $NGINX_CONF

        RETVAL=$?

        echo

        return $RETVAL

    }

    ·

    stop()

    {

        echo -n $"Stopping $prog: "

        killproc -p $NGINX_PID $NGINX_SBIN -TERM

        rm -rf /dev/shm/nginx_temp

        RETVAL=$?

        echo

        return $RETVAL

    }

    reload()

    {

        echo -n $"Reloading $prog: "

        killproc -p $NGINX_PID $NGINX_SBIN -HUP

        RETVAL=$?

        echo

        return $RETVAL

    }

    restart()

    {

        stop

        start

    }

    configtest()

    {

        $NGINX_SBIN -c $NGINX_CONF -t

        return 0

    }

    case "$1" in

        start)

             start

             ;;

        stop)

             stop

             ;;

        reload)

             reload

             ;;

        restart)

             restart

             ;;

        configtest)

             configtest

             ;;

        *)

             echo $"Usage: $0 {start|stop|reload|restart|configtest}"

             RETVAL=1

    esac

    exit $RETVAL

    保存脚本更改权限

    # chmod 755 /etc/init.d/nginx
    # chkconfig nginx on
    # chkconfig --add nginx 

    更改配置文件,在更改配置文件之前先进行清空。

    #  > /usr/local/nginx/conf/nginx.conf        //重定向符单独用可以对文档进行快速清空
    # vi /usr/local/nginx/conf/nginx.conf
    [root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
    user nobody nobody;
    worker_processes 2;
    error_log /usr/local/nginx/logs/nginx_error.log crit;
    pid /usr/local/nginx/logs/nginx.pid;
    worker_rlimit_nofile 51200;
    
    events
    {
        use epoll;
        worker_connections 6000;
    }
    
    http
    {
        include mime.types;
        default_type application/octet-stream;
        server_names_hash_bucket_size 3526;
        server_names_hash_max_size 4096;
        log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
        ' $host "$request_uri" $status'
        ' "$http_referer" "$http_user_agent"';
        sendfile on;
        tcp_nopush on;
        keepalive_timeout 30;
        client_header_timeout 3m;
        client_body_timeout 3m;
        send_timeout 3m;
        connection_pool_size 256;
        client_header_buffer_size 1k;
        large_client_header_buffers 8 4k;
        request_pool_size 4k;
        output_buffers 4 32k;
        postpone_output 1460;
        client_max_body_size 10m;
        client_body_buffer_size 256k;
        client_body_temp_path /usr/local/nginx/client_body_temp;
        proxy_temp_path /usr/local/nginx/proxy_temp;
        fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
        fastcgi_intercept_errors on;
        tcp_nodelay on;
        gzip on;
        gzip_min_length 1k;
        gzip_buffers 4 8k;
        gzip_comp_level 5;
        gzip_http_version 1.1;
        gzip_types text/plain application/x-javascript text/css text/htm
        application/xml;
    
        server
        {
            listen 80;
            server_name localhost;
            index index.html index.htm index.php;
            root /usr/local/nginx/html;
    
            location ~ .php$
            {
                include fastcgi_params;
                fastcgi_pass unix:/tmp/php-fcgi.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
            }
        }
    }

    保存文件并检查是否有错误

    # /usr/local/nginx/sbin/nginx -t        //显示一个ok一个successful就是正确的
    # service nginx start        //启动nginx
    # ps aux |grep nginx        //检测nginx是否启动
    测试nginx能否解析php 
    # vi /usr/local/nginx/html/2.php
    <?php
        echo "test php scripts.";
    ?>
    # curl localhost/2.php
    test php scripts.[root@localhost php-5.6.30]#
    ****在curl的时候可能会出现拒绝连接的情况那么请检测配置文件是否出错**

    NGINX配置

    默认虚拟主机

    # vi /usr/local/nginx/conf/nginx.conf        //在这个配置文件中最后一个}号里面加include 
    # vhost/*.conf;
    # mkdir /usr/local/nginx/conf/vhost        //创建目录、
    # cd /usr/local/nginx/conf/vhost/
    # vi default.conf        //修改配置文件
    server 
    {
        listen 80 default_server;   //监听80端口
        server_name aaa.com;  //全部跳转到aaa.com
        index index.html index.htl index.php;
        root /data/nginx/default;
    }
    #  /usr/local/nginx/sbin/nginx -t        //编辑完成后进行检验
    # /usr/local/nginx/sbin/nginx -s reload        //重新加载文件
    # mkdir -p /data/nginx/default
    # touch /data/nginx/default/index.html        //创建这个目录与文件因为下一步进行的时会用到
    # echo "defaule_server" > /data/nginx/default/index.html        //向这个文件输入这段字符下一步会进行读取
    # curl -x127.0.0.1:80 aaa.com
    defaule_server        //读取成功

    用户认证

    创建一个新的虚拟主机

    # cd /usr/local/nginx/conf/vhost/    
    # vi test.com.conf            //创建一个新的虚拟主机
    server
    {
        listen 80;
        server_name test.com;
        index index.html index.htm index.php;
        root /data/nginx/test.com;
    
        location  /
        {
            auth_basic    "Auth";            //打开认证
            auth_basic_user_file   /usr/local/nginx/conf/htpasswd;        //指定用户密码文件
        }
    }    
    # yum install -y httpd        //安装httpd也可以使用前边apaceh2.4
    # htpasswd -c /usr/local/nginx/conf/htpasswd dai        //设置密码
    New password: 
    Re-type new password: 
    Adding password for user dai
    # /usr/local/nginx/sbin/nginx -t           //检验是否正确
    # /usr/local/nginx/sbin/nginx -s reload        //重新加载文件  
    **reload会重新加载文件服务也不会中断**
    # mkdir /data/nginx/test    .com         //创建网页存储位置文件夹
    # echo "test.com" > /data/nginx/test.com/index.html            //在网页中输入文件夹
    # curl -I -x127.0.0.1:80 test.com            //测试用户认证是否设置成功
    HTTP/1.1 401 Unauthorized
    Server: nginx/1.12.2
    Date: Mon, 07 Dec 2020 12:50:58 GMT
    Content-Type: text/html
    Content-Length: 195
    Connection: keep-alive
    WWW-Authenticate: Basic realm="Auth"
    状态码为401表示网站想要认证
    在去浏览器登陆之前,在自己本地的hosts文件中加入虚拟机ip和地址

    浏览器访问

    针对某个目录做用户认证

     location  /dai
        {
            auth_basic    "Auth";
            auth_basic_user_file   /usr/local/nginx/conf/htpasswd;
        }

    域名重定向

    # vi test.com.conf
    server
    {
        listen 80;
        server_name test.com test1.com test2.com;
        index index.html index.htm index.php;
    root /data/nginx/test.com;
    
        if ($host != 'test.com' ){
                rewrite ^/(.*)$ http://test.com/$1 permanent;
            }
    //在nginx中server_name后面可以跟多个域名,permanent就是永久重定向,和lamp中httpd的R=301一样。还有一个常用的redirect相当于httpd的R=302。

     测试:

    # /usr/local/nginx/sbin/nginx -t
    # /usr/local/nginx/sbin/nginx -s reload
    # curl -x127.0.0.1:80 test1.com/123.txt -I
    HTTP/1.1 301 Moved Permanently
    Server: nginx/1.12.2
    Date: Mon, 07 Dec 2020 13:38:16 GMT
    Content-Type: text/html
    Content-Length: 185
    Connection: keep-alive
    Location: http://test.com/123.txt

    nginx访问日志

    nginx的日志搁置:

    # grep -A2 log_format /usr/local/nginx/conf/nginx.conf
        log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
        ' $host "$request_uri" $status'
    ' "$http_referer" "$http_user_agent"';
    //combined_realip为日志格式的名字,后面可以调用它;$remote_addr为访问网站的用户的出口IP;
    //$http_x_forwarded_for 为代理服务器的IP;$time_local为当前的时间; $host为访问的主机名;
    //$request_uri为访问的URL地址; $status为状态码;$http_referer为referer地址;$http_user_agent为user_agent。

    指定访问日志路径

    # vi test.com.conf 
    server
    {
        listen 80;
        server_name test.com test1.com test2.com;
        index index.html index.htm index.php;
        root /data/nginx/test.com;
        if ($host != 'test.com' ){
                rewrite ^/(.*)$ http://test.com/$1 permanent;
            }
        access_log /tmp/1.log combined_realip;
    }
    # /usr/local/nginx/sbin/nginx -t
    # /usr/local/nginx/sbin/nginx -s reload
    # curl -x127.0.0.1:80 test.com/111
    <html>
    <head><title>401 Authorization Required</title></head>
    <body bgcolor="white">
    <center><h1>401 Authorization Required</h1></center>
    <hr><center>nginx/1.12.2</center>
    </body>
    </html>
    # cat /tmp/1.log 
    127.0.0.1 - [07/Dec/2020:21:56:23 +0800] test.com "/111" 401 "-" "curl/7.29.0"

    切割nginx日志

    编写切割脚本:

    # vi /usr/local/sbin/nginx_log_rotate.sh
    #! /bin.bash
    ##假设nginx日志存放路径为/data/logs/
    d=`date -d ""-1 day" +%Y%m%d`
    logdir="/data/logs"
    nginx_pid="/usr/local/nginx/logs/nginx.pid"
    cd $logdir
    for log in `ls *.log`
    do
        mv $llog-$d
    done
    /bin/kill -HUP `cat $nginx_pid`
    添加任务计划:
    crontab -e
    no crontab for root - using an empty one
    0 0 * * * /bin/bash /usr/local/sbin/nginx_log_rotate.sh 

    配置静态文件不记录日志并添加过期时间

    # vi test.com.conf 
    server
    {
        listen 80;
        server_name test.com test1.com test2.com;
        index index.html index.htm index.php;
        root /data/nginx/test.com;
        location ~ .*.(gif|jpeg|png|bmp|swf)$
            {
                expires       7d;
                access_log off;
            }
        location ~ .*.(js|css)$
            {
                expires       12h;
                access_log off;
            }
        access_log /tmp/1.log combined_realip;
    }
    //location~可以指定对应的静态文件,expires配置过期时间,access_log配置为off就可以不记录访问日志了

    进行测试:

    # /usr/local/nginx/sbin/nginx -t
    # echo "dddddddddd" > /data/nginx/test.com/1.js        
    # echo "aaaaaaaaaa" > /data/nginx/test.com/2.jpg
    # touch /data/nginx/test.com/1.jss            //对比文件
    # curl -I -udai:a -x127.0.0.1:80 test.com/1.js        //由于前面设置了用户认证这里加上用户名密码才能正常访问

    给的回应是200但是没有没有显示过期时间,这里刷新一下配置文件。

    # /usr/local/nginx/sbin/nginx -s reload

     

     

    这个jpg是没有限制的

    ngixn防盗链

    修改配置文件

    # vi test.com.conf 
    location ~ .*.(gif|jpg|png|bmp|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
            {
                expires       7d;
                valid_referers none blocked server_names *.test.com;        //有效的地址
                if ($invalid_referer) {        //否则返回值为403
                      return 403;
                  }
                access_log off;
    }
    # /usr/local/nginx/sbin/nginx -t
    # /usr/local/nginx/sbin/nginx -s reload
    # curl -x127.0.0.1:80 -I -e "http://aaa.com/1.txt" test.com/2.jpg
    # curl -x127.0.0.1:80 -I -e "http://test.com/1.txt" test.com/2.jpg
    [root@localhost vhost]# curl -x127.0.0.1:80 -I -e "http://aaa.com/1.txt" test.com/2.jpg
    HTTP/1.1 403 Forbidden
    Server: nginx/1.12.2
    Date: Mon, 07 Dec 2020 15:45:36 GMT
    Content-Type: text/html
    Content-Length: 169
    Connection: keep-alive
    [root@localhost vhost]# curl -x127.0.0.1:80 -I -e "http://test.com/1.txt" test.com/2.jpg
    HTTP/1.1 200 OK
    Server: nginx/1.12.2
    Date: Mon, 07 Dec 2020 15:46:36 GMT
    Content-Type: image/jpeg
    Content-Length: 11
    Last-Modified: Mon, 07 Dec 2020 14:48:23 GMT
    Connection: keep-alive
    ETag: "5fce40b7-b"
    Expires: Mon, 14 Dec 2020 15:46:36 GMT
    Cache-Control: max-age=604800
    Accept-Ranges: bytes

    访问控制

    只允许192.168.29.1127.0.0.1访问/dai/目录

    # vi test.com.conf 
        location /dai/                //这里会从上到下逐一进行匹配
            {
                allow 192.168.29.1;        //允许192.168.29.1进行访问
                allow 127.0.0.1;        //允许127.0.0.1访问
                deny all;            //不允许访问
            }
    # mkdir /data/nginx/test.com/dai/         //创建被限制的目录
    # echo "daiqh" > /data/nginx/test.com/dai/1.html        //创建网页
    # /usr/local/nginx/sbin/nginx -s reload            //重新加载配置文件
    # /usr/local/nginx/sbin/nginx -s reload
    # curl  -x192.168.29.141:80 test.com/dai/1.html
    <html>
    <head><title>403 Forbidden</title></head>
    <body bgcolor="white">
    <center><h1>403 Forbidden</h1></center>
    <hr><center>nginx/1.12.2</center>
    </body>
    </html>
    # curl -x127.0.0.1:80 test.com/dai/1.html
    daiqh
    
    只拒绝几个IP location
    /dai/ { deny 192.168.29.1; deny 127.0.0.1; }
    正则匹配限制 location
    ~ .*(abc|image)/.*.php$ { deny all; } //小括号里面的竖线为分隔符,是或者的意思,这样就可以把访问URL中带有abc或者image字符串,并且是PHP的请求拒绝访问,这还能起到禁止解析PHP的作用

    针对user_agent做限制 if ($http_user_agent ~ 'Spider/3.0|YouddaoBot|Tomato') { return 403; } //~为匹配符号,只要user_agent中含有spider/3.0或者YouddaoBot,Tomato字符串的就会被拒绝,return 403 为,直接返回403状态码。

    nginx解析PHP

    server
    {
        listen 80;
        server_name test.com test1.com test2.com;
        index index.html index.htm index.php;
        root /data/nginx/test.com;  
        if ($host != 'test.com' ){
                rewrite ^/(.*)$ http://test.com/$1 permanent;
            }
         location ~ .php$
            {
                include fastcgi_params;
                fastcgi_pass unix:/tmp/phpfcgi.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME /data/nginx/test.com$fastcgi_script_name;
            }
        access_log /tmp/1.log combined_realip;
    }
    /*nginx不像lamp一样,解析php脚本以模块的形式出现,在lnmp中是以服务的形式出现的php-fpm,首先启动php-fpm。然后nginx与php-fpm进行通讯。ngixn=搬运工。
    其中fastcgi_pass用来指定php-fpm的地址,如果php-fpm监听的是一个tcp:port的地址(比如 127.0.0.1:9000 ),那么也需要在这里改成fastcgi_pass 127.0.0.l:9000o这个地址一定要和php-fpm服 务监听的地址匹配,否则会报502错误。
    还有一个地方也需要注意,factcgi_param SCRIPT_FRENAME后面跟的路径为该站点的根目录,和 前面定义的root那个路径保持一致。如果这里配置不对,访问PHP页面会出现404。

    Ngixn代理

    nginx代理就是一个用户想要访问服务器将访问请求发送给代理服务器,由代理服务器进行传递这个信息并获取用户所需要的数据再转交给用户。

    如果nginx代理服务器后面跟着多台服务器,如果同时代理,还会起到一个负载均衡的作用

    nginx代理配置

    # cd /usr/local/nginx/conf/vhost/
    # vi peoxy.conf
    server
    
    {
        listen 80;
        server_name www.baidu.com;
        location /
           {
              proxy_pass       http://220.181.38.150;
              proxy_set_header Host    $host;
              proxy_set_header X-Real-IP    $remote_addr;
              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           }
    }

    **proxy_pass指定要代理的域名所在的服务器的IP(ping来获取),后面三行蒂尼工艺发往后端web服务器的请求头,第二行必须由否则代理不成功,表示后端web服务器的域名和当前配置文件中的server_name是一样的。后面的和日志文件中的相同意思。

    # /usr/local/nginx/sbin/nginx -t
    # /usr/local/nginx/sbin/nginx -s reload
    # curl -x127.0.0.1:80 www.baidu.com -I
    HTTP/1.1 200 OK
    Server: nginx/1.12.2
    Date: Mon, 07 Dec 2020 19:40:24 GMT
    Content-Type: text/html
    Content-Length: 277
    Connection: keep-alive
    Accept-Ranges: bytes
    Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
    Etag: "575e1f60-115"
    Last-Modified: Mon, 13 Jun 2016 02:50:08 GMT
    Pragma: no-cache
    # curl www.baidu.com -I
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
    Connection: keep-alive
    Content-Length: 277
    Content-Type: text/html
    Date: Tue, 08 Dec 2020 00:46:21 GMT
    Etag: "575e1f60-115"
    Last-Modified: Mon, 13 Jun 2016 02:50:08 GMT
    Pragma: no-cache
    Server: bfe/1.0.8.18

    负载均衡

    先来查看百度域名对应的IP

    上面这两个IP都可以访问到百度

     

    两个返回结果一样,因为其使用的就是web server软件为squid,有两个IP就可以走负载均衡了,配置如下:

    # vi /usr/local/nginx/conf/vhost/load.conf
        server 39.156.69.79:80;
    upstream baidu_com
    {
    ip_hash;
        server 220.181.38.148:80;
        server 39.156.69.79:80;
    }
    server
    {
        listen 80;
        server_name baidu.com;
        location /
            {
                proxy_pass      http://baidu_com;
                proxy_set_header Host   $host;
                proxy_set_header X-Real-IP    $remote_addr;
                proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
             }
    }
    # /usr/local/nginx/sbin/nginx -t
    # /usr/local/nginx/sbin/nginx -s reload

    Nginx配置SSL

    httpshttp更加安全。

     

    https通信流程:

    1. 客户端向服务端发送建立https请求。
    2. 服务器向客户段发送数字证书。
    3. 客户端验证数字证书,证书验证通过后客户端生成会话密钥(双向验证则此处客户端也会向服务器发送证书)。
    4. 服务器生成会话密钥(双向验证此处服务端也会对客户端的证书验证)。
    5. 客户端与服务端开始进行加密会话。

    自定义证书:

    # cd /usr/local/nginx/conf/
    # openssl genrsa -des3 -out tmp.key 2048        
    Generating RSA private key, 2048 bit long modulus
    ..............................................+++
    .......................+++
    e is 65537 (0x10001)
    Enter pass phrase for tmp.key:aaaaaaaaaa
    Verifying - Enter pass phrase for tmp.key:aaaaaaaaaa
    //这里是生成key文件(“私钥”),2048为加密字符的长度,这里输入一个密码,不要太短。
    # openssl rsa -in tmp.key -out dailinux.key
    Enter pass phrase for tmp.key:aaaaaaaaaa
    writing RSA key
    //这里是把刚刚生成的tmp.key再转换成dailinux.key。目的就是删除刚刚设置的密码,如果key文件有密码,则必须再nginx加载它的时候输入它的密码,因此很不方便
    # rm -rf tmp.key
    # openssl req -new -key dailinux.key -out dailinux.csr
    Country Name (2 letter code) [XX]:
    State or Province Name (full name) []:
    Locality Name (eg, city) [Default City]:
    Organization Name (eg, company) [Default Company Ltd]:
    Organizational Unit Name (eg, section) []:
    Common Name (eg, your name or your server's hostname) []:dai.com
    Email Address []:
    
    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:a      
    string is too short, it needs to be at least 4 bytes long
    A challenge password []:aaaa
    An optional company name []:
    //这里是生成证书请求文件,这个不是公钥,但是必须有,我们要拿的key文件和这个CSR文件一起成最终的公钥文件,其中Common Nnam为后面配置Nginx配置文件中的server_name。
    # openssl x509 -req -days 365 -in dailinux.csr -signkey dailinux.key -out dailinux.crt
    Signature ok
    subject=/C=XX/L=Default City/O=Default Company Ltd/CN=dai.com
    Getting Private key
    //这里的最终目的是生成dailinux.key和dailinux.crt两个文件。

    配置nginx

    # vi /usr/local/nginx/conf/vhost/ssl.conf
    server
    {
        listen 443;
        server_name dai.com;
        index index.html index.php;
        root /data/nginx/dai.com;
    
        ssl on;
        ssl_certificate dailinux.crt;
        ssl_cerificate_key dailinux.key;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    
        location ~.php$
        {
             include fastcgi_params;
             fastcgi_pass unix:/tmp/php-fcgi.sock;
             fastcgi_index index.php;
             fastcgi_param SCRIPT_FILENAME /data/nginx/dai.com$fastcgi_script_name;
        }
        access_log /tmp/1.log combined_realip;
    }
    # /usr/local/nginx/sbin/nginx -t            //这里出现错误
    nginx: [emerg] unknown directive "ssl" in /usr/local/nginx/conf/vhost/ssl.conf:8
    //这个位置显示nginx不支持ssl因为编译时没有设置额外配置支持ssl参数,重新编译一次就好了。
    # cd /usr/local/src/nginx-1.12.2
    # ./configure --prefix=/usr/local/nginx/ --with-http_ssl_module
    # make -j4 && make install
    # /usr/local/nginx/sbin/nginx -t
    # mkdir /data/nginx/dai.com
    # echo "<?php phpinfo(); ?>" > /data/nginx/dai.com/1.php
    # /etc/init.d/nginx restart
    Restarting nginx (via systemctl):  [  确定  ]

    hosts文件中将IP地址还有域名加入

    用网页访问

    点击高级继续进入也是可以进入的。

    php-fpm配置

    nginx中可以配置多台虚拟主机,在LNMPphp-fpm是一个独立的服务,必然有自己的配置文件,/usr/local/php-fpm/etc/php-fpm.conf     它同样支持include语句,类似于nginxconf里面的include

    php-fpmpool

    php-fpm可以支持多个pool 每一个pool监听一个端口,也可以监听一个socket

    # vi /usr/local/php-fpm/etc/php-fpm.conf
    [global]
    pid = /usr/local/php-fpm/var/run/php-fpm.pid
    error_log = /usr/local/php-fpm/var/log/php-fpm.log
    include = etc/php-fpm.d/*.conf
    
    */    //这行是因为上面/*conf的/*会将下文显示为注释,所以在这行加和注释结尾,这行忽略,当没有这行
    # mkdir /usr/local/php-fpm/etc/php-fpm.d        //创建配置文件存放目录
    # cd /usr/local/php-fpm/etc/php-fpm.d
    # vi www.conf
    [www]
    listen = /tmp/www.sock
    listen.mode=666
    user = php-fpm
    group = php-fpm
    pm = dynamic
    pm.max_children = 50
    pm.start_servers = 20
    pm.min_spare_servers = 5
    pm.max_spare_servers = 35
    pm.max_requests = 500
    rlimit_files = 1024
    # vi dai.conf 
    [dai]
    listen = /tmp/dai.sock
    listen.mode=666
    user = php-fpm
    group = php-fpm
    pm = dynamic
    pm.max_children = 50
    pm.start_servers = 20
    pm.min_spare_servers = 5
    pm.max_spare_servers = 35
    pm.max_requests = 500
    rlimit_files = 1024
    //这样我们就有两个子配置文件了。也就是两个pool。第一个pool监听/tmp/www.sock。第二个监听 /tmp/dai.sock。这样可以在nginx里不同虚拟主机中调用不同的pool,从而达到相互隔离的目的,
    # /usr/local/php-fpm/sbin/php-fpm -t            //检验是否有问题
    [08-Dec-2020 09:31:34] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful
    # /etc/init.d/php-fpm restart
    # ls /tmp/*.sock
    /tmp/dai.sock  /tmp/mysql.sock  /tmp/php-fcgi.sock

    php-fpm慢执行日志

    php-fpm慢执行日志的作用就是可以清晰的了解到php的脚本那里执行时间长,可以定位到具体的行。

    # vi /usr/local/php-fpm/etc/php-fpm.d/www.conf 
    request_slowlog_timeout = 1
    slowlog = /usr/local/php-fpm/var/log/www-slow.log
    //第一行定义的时超时时间,即php-fpm执行超过一秒就纪录日志,第二行第一慢执行路径和名字。

    php-fpm进程管理

    pm = dynamic
    pm.max_children = 50
    pm.start_servers = 20
    pm.min_spare_servers = 5
    pm.max_spare_servers = 35
    pm.max_requests = 500

    第一行,定义php-fpm的子进程启动模式,dynamic为动态模式;一开始只启动少量的子进程,根据实际需求,动态地增加或者减少子进程,最多不会超过pm.max_children定义的数值。另外一种模式 static,这种模式下子进程数量由pm.max_children决定,一次性启动这么多,不会减少也不会增加。

    pm.start_servers针对dynamic模式,它定义php-fpm服务在启动服务时产生的子进程数量。pm.min_spare_servers针对dynamic模式,它定义在空闲时段子进程数的最少数量,如果达到这个数值时,php-fpm服务会自动派生新的子进程。pm.max_spa:re_se:rvers也是针对dynamic模式的,它定义在空 闲时段子进程数的最大值,如果高于这个数值就开始清理空闲的子进程 pm.max_requests针对dynamic模式,它定义一个子进程最多处理的请求数,也就是说在一个php-fpm的子进程市最多可以处理这么多请求,当达到这个数值时,它会自动退出。

  • 相关阅读:
    综合日语第一册第十课
    综合日语第一册第九课
    荒木毬菜 小情歌日文版
    c# 匿名函数
    字典取KEY,占位符,延迟刷新
    flash GC
    自定义滤镜 ColorMatrixFilter
    sql join
    NSLog Release
    Windows 运行中的命令
  • 原文地址:https://www.cnblogs.com/daiqinghui/p/14107040.html
Copyright © 2020-2023  润新知