Nginx配置实例
Nginx一、安装nginx
pcre-8.01
# ./configure --prefix=/usr&& make -j 8 && make install
nginx
# ./configure --prefix=/usr/local/nginx --user=daemon --group=daemon --with-http_stub_status_module
# make && make install
为了方便启动
# ln -s /usr/local/nginx/sbin/* /usr/local/sbin/
# nginx
二、nginx的基本使用
1、nginx的基本配置结构
# vim /usr/local/nginx/conf/nginx.conf
worker_processes1;
events {
worker_connections1024;
}
http {
server {//每个server都代表一个网站
}
server {
}
}
http://www.upl.com/bbs/index.php
http:// 协议
www.upl.com ---> ip主机名/域名
/bbs/index.php 网络路径,资源路径,location
关键选项的说明
location / {
root html; 练习:
建立两个基于域名的虚拟主机,网站的根目录分别是:
www.upl.com /web/www/wwwroot
/web/www/logs
bbs.upl.com /web/bbs/wwwroot
/web/bbs/logs
userdaemon;
worker_processes2;
error_loglogs/error.loginfo;
pid logs/nginx.pid;
events {
worker_connections10240;
}
http {
include mime.types;
default_typeapplication/octet-stream;
log_formatmain'$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
sendfile on;
keepalive_timeout65;
server {
listen 80;
server_namewww.upl.com;
access_log/web/www/logs/upl.com.access.logmain;
location / {
root /web/www/wwwroot;
indexindex.html index.htm index.php;
}
}
server {
listen 80;
server_name bbs.upl.com;
root /web/bbs/wwwroot;
access_log /web/bbs/logs/bbs.upl.com.access.log;
index index.php index.html index.htm;
}
}
# mkdir -p /web/{www,bbs}/{wwwroot,logs}
# chown daemon:daemon !$
http://10.1.1.22:8080/
GET / HTTP/1.1
Host: 10.1.1.22 apache ---> libphp5.so ---> client
rpm包: httpd,php,php-mysql,mysql-server
LNMP
Linux + nginx + mysql + php
index.php --> nginx ---tcp/ip 或者 socket--> php-cgi进程---> nginx---> clients
1、启动nginx
2、启动mysql
3、使用php-fpm启动php-cgi进程
php-fpm start
php-fpm 读取 /usr/local/php/etc/php-fpm.conf 根据里面的选项来决定如何启动php-cgi进程
php-cgi进程启动之后,该如何工作,是受限于php.ini
nginx
mysql ,安装完毕,会提供一些头文件(接口文件.h)、动态连接库(.so)
php ,编译的时候,为了实现其他功能,就会调用其他软件头文件或者连接库
一、安装nginx
1、pcre
2、nginx
二、安装mysql
为了安装一个更干净的mysql,把原有的系统自带的旧版本的mysql卸载
# yum remove mysql mysql-server mysql-devel -y
1、安装cmake编译工具
# yum install cmake -y
或者源码安装cmake-2.8.3.tar.gz
查看配置参数:
# cmake . -LAH
INSTALL_INCLUDEDIR 头文件 PREFIX/include
INSTALL_LIBDIR动态连接库 PREFIX/lib
配置
# cmake . -DCMAKE_INSTALL_PREFIX=/usr/local/mysql/ -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci-DENABLED_LOCAL_INFILE=ON
编译
# make -j 8
安装
# make install
# ls /usr/local/mysql/ 《---BaseDir
# ln -s /usr/local/mysql/bin/*/usr/bin/
三、安装php
1、安装php第三方模块
# vim /etc/ld.so.conf
...
/usr/local/lib
php安装之前的第三方模块
# yum install libjpeg.x86_64 libjpeg-devel.x86_64 libpng.x86_64 libpng-devel.x86_64freetype.x86_64 freetype-devel.x86_64 fontconfig.x86_64 fontconfig-devel.x86_64 gd.x86_64 gd-devel.x86_64 libxml2.x86_64 libxml2-devel.x86_64 curl.x86_64 curl-devel.x86_64 libXpm.x86_64 libXpm-devel.x86_64 net-snmp.x86_64net-snmp-devel.x86_64-y
libiconv-1.13.tar.gz
# ./configure --prefix=/usr/local && make && make install
# ldconfig
libevent-1.4.11-stable.tar.gz
# ./configure --prefix=/usr/local && make && make install
# ldconfig
libmcrypt-2.5.8.tar.gz
# ./configure --prefix=/usr/local && make && make install
# cd libltdl/
# ./configure --enable-ltdl-install && make -j 8 && make install
# ldconfig
mcrypt-2.6.8.tar.gz
# ./configure --prefix=/usr/local && make && make install
# ldconfig
mhash-0.9.9.9.tar.gz
# ./configure --prefix=/usr/local && make && make install
# ldconfig
2、给php打补丁,支持php-fpm平滑管理php-cgi进程
# tar xvf php-5.2.13.tar.gz-C /usr/src
# cd /usr/src/php-5.2.13/
# gzip -cd /share/06/lnmp/php-5.2.13-fpm-0.5.13.diff.gz | patch -d ./ -p1
...
patching file configure
patching file configure.in
patching file libevent/ChangeLog
patching file libevent/Makefile.am
patching file libevent/Makefile
....
打了补丁后,以后管理php-cgi
php-fpm start 启动php-cgi进程
3、安装php
编译出来的php,就已经具有编译时候通过参数添加的额外的功能,而这些额外功能都是第一步安装的模块提供的。
要检查:snmp和libXpm安装了没有,没有的要安装。
# ./configure --prefix=/usr/local/php --enable-fastcgi --enable-force-cgi-redirect --enable-fpm --with-config-file-path=/usr/local/php/etc/ --with-config-file-scan-dir=/usr/local/etc/ --with-libxml-dir --with-zlib --enable-bcmath --with-curl --enable-ftp --with-gd --with-jpeg-dir --with-png-dir --with-xpm-dir --with-zlib-dir--with-ttf --with-freetype-dir--enable-gd-native-ttf --enable-mbstring --with-mcrypt--with-mhash --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-snmp --with-iconv-dir=/usr/local --enable-zip
# make ZEND_EXTRA_LIBS='-liconv' 匹配location /phpmyadmin
确定root /web
--> 由于在/web/找默认首页,只找到index.php
-->index.php是 .php结尾,所以匹配location ~ \.php$
--> 由于php这个location默认是继承全局选项中root /web/www/wwwroot目录,所以nginx尝试去找到/web/www/wwwroot/phpmyadmin/index.php,所以无法找到,最后解决:在php的location前面添加一个判断:
if ($uri ~ /phpmyadmin) {
root /web;
}
最后去/web/phpmyadmin/index.php
参考:
userdaemon;
worker_processes2;
error_loglogs/error.loginfo;
pid logs/nginx.pid;
events {
worker_connections10240;
}
http {
include mime.types;
default_typeapplication/octet-stream;
log_formatmain'$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
sendfile on;
keepalive_timeout65;
server {
listen 80;
server_namewww.upl.com;
access_log/web/www/logs/upl.com.access.logmain;
root /web/www/wwwroot;
indexindex.html index.htm index.php;
location/phpmyadmin {
root/web/;
auth_basic "Wel to Uplooking";
auth_basic_user_file/usr/local/nginx/conf/htpasswd;
}
location ~* \.(gif|jpg|png|bmp|jpeg)$ {
expires 7d;
}
location ~*\.(js|css)$ {
expires 1d;
}
location ~ \.php$ {
if ($uri ~ /phpmyadmin) {
root /web;
}
fastcgi_pass 127.0.0.1:9000;
fastcgi_indexindex.php;
fastcgi_paramSCRIPT_FILENAME$document_root/$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 80;
server_name bbs.upl.com;
root /web/bbs/wwwroot;
access_log /web/bbs/logs/bbs.upl.com.access.log;
index index.php index.html index.htm;
}
}
========================================
clients ---> squid ---> webs(apaches)
www.upl.com---> ip指向squid
原理:
squid接受到请求之后,判断缓存中是否包含静态文件(一般:.html,.htm,.js,.css ,图片),如果缓存命中,就会直接把缓存中的文件返回给客户端。
如果缓存中没有命中,或者根本不缓存的内容(动态页面php,asp,jsp),squid都会背后作为后端webs的客户端去建立新的请求去访问这些后端服务器。
/ imgs服务器(该组服务器专门存放图片)
clients ---> nginx(proxy) --->
\ phps服务器
http://www.upl.com --> ip 指向 nginx(proxy)
要求:
nginx_proxy充当反向代理,为了提高整个架构的效率,代理需要设定缓存功能。
nginx实现动静分离
如果访问的是指定静态文件(图片)就把请求调度给后端imgs服务器
如果访问的是动态页面或者出了上述的静态文件外的文件都把请求调度给后端php服务器
实现简单安全功能:
能够抵御轻量型的ddos***
实现伪静态页面
准备:
必须静态IP,FQDN主机名(www.upl.com,img.upl.com,proxy.upl.com)
必须相互静态绑定到hosts
hosts:
....
10.1.1.23img.upl.com
10.1.1.22www.upl.com
10.1.1.24proxy.upl.com
HTTP Upstream
HTTP 代理
一、部署nginx_proxy
1、部署软件
pcre
nginx
2、配置nginx
1)实现代理,负载均衡
2)实现缓存
userdaemon;
worker_processes2;
error_loglogs/error.loginfo;
pid logs/nginx.pid;
events {
worker_connections10240;
}
http {
include mime.types;
default_typeapplication/octet-stream;
log_formatproxy'$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_loglogs/access.logproxy;
sendfile on;
#tcp_nopush on;
#keepalive_timeout0;
keepalive_timeout8;
#gzipon;
upstream imgservs{
server 10.1.1.23 weight=1 max_fails=3fail_timeout=30s;
#server 10.1.1.28 weight=2;
}
upstream phpservs{
server 10.1.1.22 weight=1 max_fails=3fail_timeout=30s;
}
proxy_buffering on;
proxy_buffer_size 128k;
proxy_buffers 8 128k;
proxy_cache_path/tmp/nginx/cache/onelevels=1:2 keys_zone=upl:10m;
proxy_cache upl;
proxy_cache_use_stale error invalid_header http_500 http_502 http_503 http_504 http_404;
proxy_cache_valid 10m;
rewrite^(.*)-htm-(.*)$ $1.php?$2 last;
server {
listen 80;
server_namewww.upl.com;
location ~* \.(gif|bmp|jpg|jpeg|png|css|js) {
proxy_pass http://imgservs;
proxy_set_headerX-Real-IP$remote_addr;
proxy_set_header Host $host;
}
location ~ \.php$ {
proxy_pass http://phpservs;
proxy_set_headerX-Real-IP$remote_addr;
proxy_set_header Host $host;
}
location / {
proxy_pass http://phpservs;
proxy_set_headerX-Real-IP$remote_addr;
proxy_set_header Host $host;
}
}
}
二、img图片服务器
1、部署软件
httpd
三、部署php服务器
1、部署lnmp架构
2、启动相关服务 php,mysql,nginx
四、开始部署web应用(安装论坛)
1、把web应用的代码解压到php服务器的网站根目录
思考: 如果后端的php服务器是很多台,那么在不是web应用的开始节点,该如何处理?
问题1:代码是放在共享服务器还是每台服务器独立存放?
独立存放。因为考虑到代码文件修改频率比较低,当代码发生更改,再手工或者使用批量化部署软件实现同步
问题2:刚开始搭建的时候,代码部署是如何处理?
首先把代码部署到其中一台服务器还是同时解压到所有服务器?
选择首先在其中一台服务器上部署,部署完毕之后,再同步代码到其余的服务器
问题3:安装论坛的时候,是直接访问后段php服务器还是通过代理服务器来进行安装
三个选择:
1、 http://10.1.1.22(php节点)
2、 http://10.1.1.24(代理服务器)
3、 http://www.upl.com---> 该域名应该被客户端解析到10.1.1.24《--选择它
代码解压到其中一台php服务器,然后前端调度nginx_porxy临时调整,仅仅把请求调度给该php节点
把代码中的所有静态文件都同步img服务器。
# scp -r /web/www/wwwroot/*10.1.1.23:/var/www/html/
http://10.1.1.24
http://www.upl.com/index.php?m=bbs
http://www.upl.com/read.php?tid=1
http://www.upl.com/read.php?tid=2
http://www.upl.com/index.html
http://www.upl.com/read-htm-tid-1.html
-->/read-htm-tid-1.html --> /read.php?tid=1
http://www.upl.com/read.php?tid-2.html
http://www.upl.com/read-htm-tid-2.html
userdaemon;
worker_processes2;
error_loglogs/error.loginfo;
pid logs/nginx.pid;
events {
worker_connections10240;
}
http {
include mime.types;
default_typeapplication/octet-stream;
log_formatproxy'$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_loglogs/access.logproxy;
sendfile on;
#tcp_nopush on;
#keepalive_timeout0;
keepalive_timeout8;
#gzipon;
upstream imgservs{
server 10.1.1.23 weight=1 max_fails=3fail_timeout=30s;
#server 10.1.1.28 weight=2;
}
upstream phpservs{
server 10.1.1.22 weight=1 max_fails=3fail_timeout=30s;
}
proxy_buffering on;
proxy_buffer_size 128k;
proxy_buffers 8 128k;
proxy_cache_path/tmp/nginx/cache/onelevels=1:2 keys_zone=upl:10m;
proxy_cache upl;
proxy_cache_use_stale error invalid_header http_500 http_502 http_503 http_504 http_404;
proxy_cache_valid 10m;
limit_req_zone$binary_remote_addr zone=attack:10m rate=1r/s;
server {
listen 80;
server_namewww.upl.com;
rewrite^(.*)-htm-(.*)$ $1.php?$2 last;
if ( $http_user_agent ~ ApacheBench ){
return 403;
}
location = /index.php {
#limit_req zone=attackburst=1;
proxy_pass http://phpservs;
proxy_set_headerX-Real-IP$remote_addr;
proxy_set_header Host $host;
}
location ~* \.(gif|bmp|jpg|jpeg|png|css|js) {
proxy_pass http://imgservs;
proxy_set_headerX-Real-IP$remote_addr;
proxy_set_header Host $host;
}
location ~ \.php$ {
proxy_pass http://phpservs;
proxy_set_headerX-Real-IP$remote_addr;
proxy_set_header Host $host;
}
location / {
proxy_pass http://phpservs;
proxy_set_headerX-Real-IP$remote_addr;
proxy_set_header Host $host;
}
}
}
# ab -c 200 -n 2000 http://www.upl.com/index.php
mysql的socket涉及到两:个部分:php.ini ,my.cnf
页:
[1]