27 LNMP

时间 2020-01-08

标签 lnmp 栏目 PHP 繁體版

原文原文链接

LNMP
Linux + Nginx + MySQL + PHPjavascript

MySQL的安装
与LAMP中同样php
PHP的安装
须要开启php-fpm服务
cd /usr/local/src/
wget http://cn2.php.net/distributions/php-5.6.30.tar.gz
tar zxf php-5.6.30.tar.gz
useradd -s /sbin/nologin php-fpm
cd php-5.6.30
./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-pdo-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --with-pear --with-curl --with-openssl
make && make install
cp php.ini-production /usr/local/php-fpm/etc/php.ini
vi /usr/local/php-fpm/etc/php-fpm.conf //写入以下内容
[global] 定义全局参数，以下面的pid error_log
pid = /usr/local/php-fpm/var/run/php-fpm.pid
error_log = /usr/local/php-fpm/var/log/php-fpm.log
[www] 模块名
listen = /tmp/php-fcgi.sock 监听地址
listen.mode = 666 定义listen文件的权限
user = php-fpm 用户
group = php-fpm 组
pm = dynamic 进程信息(pm开头的)
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024css

cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
chmod 755 /etc/init.d/php-fpm
chkconfig --add php-fpm
chkconfig php-fpm on
service php-fpm start
ps aux |grep php-fpmhtml
Nginx的安装
cd /usr/local/src
wget http://nginx.org/download/nginx-1.12.1.tar.gz
tar zxf nginx-1.12.1.tar.gz
./configure --prefix=/usr/local/nginx
make && make install
vim /etc/init.d/nginx //复制以下内容：
#!/bin/bash
#chkconfig: - 30 21
#description: http service.
#Source Function Library
. /etc/init.d/functions
#Nginx Settings
NGINX_SBIN="/usr/local/nginx/sbin/nginx"
NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
NGINX_PID="/usr/local/nginx/logs/nginx.pid"
RETVAL=0
prog="Nginx"
start()
{
echo -n $"Starting $prog: "
mkdir -p /dev/shm/nginx_temp
daemon $NGINX_SBIN -c $NGINX_CONF
RETVAL=$?
echo
return $RETVAL
}
stop()
{
echo -n $"Stopping $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -TERM
rm -rf /dev/shm/nginx_temp
RETVAL=$?
echo
return $RETVAL
}
reload()
{
echo -n $"Reloading $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -HUP
RETVAL=$?
echo
return $RETVAL
}
restart()
{
stop
start
}
configtest()
{
$NGINX_SBIN -c $NGINX_CONF -t
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
restart
;;
configtest)
configtest
;;
*)
echo $"Usage: $0 {start|stop|reload|restart|configtest}"
RETVAL=1
esac
exit $RETVAL
chmod 755 /etc/init.d/nginx
chkconfig --add nginx
chkconfig nginx on
cd /usr/local/nginx/conf/; mv nginx.conf nginx.conf.bak
vim nginx.conf //写入以下内容：
user nobody nobody;
worker_processes 2;
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 6000;
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 3526;
server_names_hash_max_size 4096;
log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
' $host "$request_uri" $status'
' "$http_referer" "$http_user_agent"';
sendfile on;
tcp_nopush on;
keepalive_timeout 30;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 8 4k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
client_max_body_size 10m;
client_body_buffer_size 256k;
client_body_temp_path /usr/local/nginx/client_body_temp;
proxy_temp_path /usr/local/nginx/proxy_temp;
fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
fastcgi_intercept_errors on;
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css text/htm
application/xml;
server
{
listen 80;
server_name localhost;
index index.html index.htm index.php;
root /usr/local/nginx/html;
location ~ .php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
}
}
}
/etc/init.d/nginx start
Nginx默认虚拟主机
vim nginx.conf 删除如下内容
server
{
listen 80;
server_name localhost;
index index.html index.htm index.php;
root /usr/local/nginx/html;
location ~ .php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
}
}
再在末行加入include vhost/*.conf；
mkdir /usr/local/nginx/conf/vhost
cd !$; vim default.conf //加入以下内容
server
{
listen 80 default_server; //有这个表示默认虚拟主机
server_name aaa.com;
index index.html index.htm index.php; //指定索引页
root /data/wwwroot/default; //目标目录
}java

mkdir -p /data/wwwroot/default/
echo “This is a default site.”>/data/wwwroot/default/index.html
/usr/local/nginx/sbin/nginx -t //语句检验
/usr/local/nginx/sbin/nginx -s reload //从新加载
curl -x127.0.0.1:80 123.com (123.com能够为任意) 返回结果“This is a default site.”node
Nginx用户认证
vim /usr/local/nginx/conf/vhost/test.com.conf//写入以下内容
server
{
listen 80;
server_name test.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
location /
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd; 密码文件
}
}mysql

yum install -y httpd 安装Apache
htpasswd -c /usr/local/nginx/conf/htpasswd [用户名] // -c表示建立，以后添加用户不须要用到
/usr/local/nginx/sbin/nginx -t && -s reload
curl -x127.0.0.1:80 test.com 返回结果401
curl -u[用户名][密码] -x127.0.0.1:80 123.com 返回结果“test.com”
对于目标下目录（如目标为/data/wwwroot/test.com，目标目录为/data/wwwroot/test.com/admin）单独用验证方式：
将配置文件里的location / 改成location /admin。nginx
Nginx域名重定向
更改test.com.conf为
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
if ($host != 'test.com' ) {
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
}
Nginx的server_name后面支持写多个域名
permanent为永久重定向，状态码为301，若是写redirect则为302web
Nginx访问日志
vim /usr/local/nginx/conf/nginx.conf 搜索log_format所在行为：
log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
' $host "$request_uri" $status'
' "$http_referer" "$http_user_agent"'; （分号算最终结束，combined_realip为格式名称，可自定义）

除了在主配置文件nginx.conf里定义日志格式外，还须要在虚拟主机配置文件中增长，因此在test.com.conf文件里增长一行access_log /tmp/test.log combined_realip;定义访问日志文件名sql

日志切割
Nginx没有自带切割日志的功能，须要自定义切割脚本
vim /usr/local/sbin/nginx_log_rotate.sh//写入以下内容
#! /bin/bash
#假设nginx的日志存放路径为/data/logs/
d=date -d "-1 day" +%Y%m%d 日期（前一天）
logdir="/tmp/" 日志所在目录
nginx_pid="/usr/local/nginx/logs/nginx.pid" 从新加载写新日志
cd $logdir
for log in ls *.log //给log赋值文件名，下面$log就返回文件名了
do
mv $log $log-$d //更名，后面增长日期
done
/bin/kill -HUP cat $nginx_pid
而后添加任务计划：
0 0 * /bin/bash /usr/local/sbin/nginx_log_rotate.sh

静态文件不记录日志和过时时间
vi test.com.conf 加入以下内容：
location ~ ..(gif|jpg|jpeg|png|bmp|swf)$ //~表示通配
{
expires 7d; 过时时间7d
access_log off;
}
location ~ ..(js|css)$
{
expires 12h; 过时时间12h
access_log off;
}

Nginx防盗链
vi test.com.conf 第一个location改成
location ~* ^.+.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
{
expires 7d;
valid_referers none blocked server_names *.test.com ;
if ($invalid_referer) {
return 403;
}
access_log off;
}

访问控制
来源ip的控制
location /admin/
{
allow 192.168.133.1;
allow 127.0.0.1;
deny all;
}
mkdir /data/wwwroot/test.com/admin/
echo “test,test”>/data/wwwroot/test.com/admin/1.html
-t && -s reload
文件名匹配控制
location ~ .(abc|image)/..php$
{
deny all;
}
根据user_agent限制
if ($http_user_agent ~ 'Spider/3.0|YoudaoBot|Tomato')
{
return 403;
}
deny all和return 403效果同样
Nginx解析PHP配置
vim test.com.conf 增长内容：
location ~ .php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock; //指定php-fpm监听的地址或者socket
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/test.com$fastcgi_script_name; 此处文件路径要与配置的前面部分的root 后跟路径一致
}
Nginx代理
cd /usr/local/nginx/conf/vhost
vim proxy.conf //加入以下内容
server
{
listen 80;
server_name ask.apelearn.com; 域名

location /
{
proxy_pass http://121.201.9.155/; 最终web服务器的ip
proxy_set_header Host $host; 返回的是server name，即上段定义的
proxy_set_header X-Real-IP $remote_addr; 定义变量
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 定义变量
}
}

负载均衡（代理多台）
vim /usr/local/nginx/conf/vhost/load.conf // 写入以下内容
upstream qq_com
{
ip_hash;
server 61.135.157.156:80;
server 125.39.240.113:80;
}
server
{
listen 80;
server_name www.qq.com;
location /
{
proxy_pass http://qq_com; 与upstream后跟的一致
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
upstream来指定多个web server
nginx不支持https
SSL

生成ssl密钥对
cd /usr/local/nginx/conf
openssl genrsa -des3 -out tmp.key 2048//key文件为私钥，genrsa表示生成rsa类型的私钥
openssl rsa -in tmp.key -out abc.key //转换key，取消密码
rm -f tmp.key 删除原有文件
openssl req -new -key abc.key -out abc.csr //生成证书请求文件，须要拿这个文件和私钥一块儿生产公钥文件
openssl x509 -req -days 365 -in abc.csr -signkey abc.key -out abc.crt 这里的abc.crt为公钥

Nginx配置ssl
vim /usr/local/nginx/conf/vhost/ssl.conf//加入以下内容
server
{
listen 443;
server_name aming.com;
index index.html index.php;
root /data/wwwroot/slx.com;
ssl on;
ssl_certificate abc.crt;
ssl_certificate_key abc.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
}
-t && -s reload //若报错unknown directive “ssl” ，须要从新编译nginx，加上--with-http_ssl_module
mkdir /data/wwwroot/aming.com
echo “ssl test page.”>/data/wwwroot/aming.com/index.html
编辑hosts，增长127.0.0.1 aming.com
curl https://aming.com/
pool
vim /usr/local/php-fpm/etc/php-fpm.conf//在[global]部分增长
include = etc/php-fpm.d/*.conf
mkdir /usr/local/php-fpm/etc/php-fpm.d/
cd /usr/local/php-fpm/etc/php-fpm.d/
vim www.conf //内容以下
[www]
listen = /tmp/www.sock
listen.mode=666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
继续编辑配置文件
vim slx.conf //内容以下
[slx]
listen = /tmp/aming.sock
listen.mode=666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
/usr/local/php/sbin/php-fpm –t
/etc/init.d/php-fpm restart
php-fpm的慢执行日志
vim /usr/local/php-fpm/etc/php-fpm.d/www.conf//加入以下内容
request_slowlog_timeout = 1 //执行超过1s进行记录，能够找到速度控制步骤（通常定2s较好，超过1s的执行时间算正常）
slowlog = /usr/local/php-fpm/var/log/www-slow.log
配置nginx的虚拟主机test.com.conf，把unix:/tmp/php-fcgi.sock改成unix:/tmp/www.sock
从新加载nginx服务
vim /data/wwwroot/test.com/sleep.php//写入以下内容
<?php echo “test slow log”;sleep(2);echo “done”;?>
curl -x127.0.0.1:80 test.com/sleep.php
cat /usr/local/php-fpm/var/log/www-slow.log
php-fpm进程管理在配置文件里有如下内容pm = dynamic //动态进程管理，也能够是staticpm.max_children = 50 //最大子进程数，ps aux能够查看pm.start_servers = 20 //启动服务时会启动的进程数pm.min_spare_servers = 5 //定义在空闲时段，子进程数的最少数量，若是达到这个数值时，php-fpm服务会自动派生新的子进程。pm.max_spare_servers = 35 //定义在空闲时段，子进程数的最大值，若是高于这个数值就开始清理空闲的子进程。pm.max_requests = 500 //定义一个子进程最多处理的请求数，也就是说在一个php-fpm的子进程最多能够处理这么多请求，当达到这个数值时，它会自动退出。