Nginx实验-2
Nginx中的变量
变量可以分为内置变量和自定义变量
内置变量是由nginx模块自带,通过变量可以获取到众多的与客户端访问相关的值
[root@nginx ~]# cd /usr/local/nginx/
[root@nginx nginx]# cd conf.d/
[root@nginx conf.d]# ls status.conf vhost.conf
[root@nginx conf.d]# vim vars.conf
server {
listen 80;
server_name var.hh.org;
root /data/web/html;
index index.html;
location /var {
default_type text/html;
echo "why not let me go oh";
}
}
[root@nginx conf.d]# vim /etc/hosts 在Linux中做解析
172.25.254.100 nginx.hui.org www.huihui.org hx.hx.org var.hh.org
测试:
[root@nginx conf.d]# curl var.hh.org/var
why not let me go oh
#nginx的内置变量
server {
listen 80;
server_name var.timinglee.org;
root /data/web/html;
index index.html;location /var {
default_type text/html;
echo $remote_addr;
echo $args;
echo $is_args;
echo $document_root;
echo $document_uri;
echo $host;
echo $remote_port;
echo $remote_user;
echo $request_method;
echo $request_filename;
echo $request_uri;
echo $scheme;
echo $server_protocol;
echo $server_addr;
echo $server_name;
echo $server_port;
echo $http_user_agent;
echo $http_cookie;
echo $cookie_key2;
}
}
#nginx自定义变量
server {
listen 80;
server_name var.timinglee.org;
root /data/web/html;
index index.html;
location /var {
default_type text/html;
set $hh hui;
echo $hh;
}
}
返回值
[root@nginx conf.d]# curl -b "key1=x,key2=y1" -u lee:lee var.hh.org/var?name=hui&&id=6666
why not let me go oh
172.25.254.100
name=hui
?
/data/web/html
/var
var.hh.org
34140
lee
GET
/data/web/html/var
/var?name=hui
http
HTTP/1.1
172.25.254.100
var.hh.org
80
curl/7.76.1
key1=x,key2=y1
Nginx Rewrite模块功能
if 指令
注意:
#如果$变量的值为空字符串或0,则if指令认为该条件为false,其他条件为true。
#nginx 1.0.1之前$变量的值如果以0开头的任意字符串会返回false
eg:if判定
[root@nginx conf.d]# vim vars.conf
location /test2 {
if ( !-e $request_filename ){
echo "$request_filename is not exist";
return 409;
}
}
[root@nginx conf.d]# nginx -s reload
[root@nginx conf.d]# curl var.hh.org/test2
<html>
<head><title>409 Conflict</title></head>
<body>
<center><h1>409 Conflict</h1></center>
<hr><center>nginx/1.26.2</center>
</body>
</html>
[root@nginx conf.d]# curl var.hh.org/test2
/data/web/html/test2 is not exist 文件不存在
[root@nginx conf.d]# mkdir -p /data/web/html/test2/ [root@nginx conf.d]# echo test2 > /data/web/html/test2/index.html [root@nginx conf.d]# curl var.hh.org/test2/index.html test2
set 指令
指定key并给其定义一个变量,变量可以调用Nginx内置变量赋值给key(#自定义变量)
set $name hui;
echo $name;
返回值
hui
break 指令
eg:break
[root@nginx conf.d]# vim vars.conf
location /break {
default_type text/html;
set $name love;
echo $name;
#break;
set $id 666;
echo $id;
}
[root@nginx conf.d]# nginx -s reload
返回值
[root@nginx conf.d]# curl var.hh.org/break
love 666
location /break {
default_type text/html;
set $name love;
echo $name;
break;
set $id 666;
echo $id;
}
[root@nginx conf.d]# nginx -s reload
[root@nginx conf.d]# curl var.hh.org/break
love
[root@nginx conf.d]# vim vars.conf
location /break {
default_type text/html;
set $name love;
echo $name;
if ( $http_user_agent = "curl/7.76.1" ){
break;
}
set $id 666;
echo $id;
}
[root@nginx conf.d]# curl var.hh.org/break love
[root@nginx conf.d]# curl -A "firefox" var.hh.org/break love 666
return 指令
[root@nginx conf.d]# vim vars.conf
location /return {
default_type text/html;
if ( !-e $request_filename){
return 301 http://www.baidu.com; #没有找到文件就访问百度
}
echo "$request_filename is exist";
}
[root@nginx conf.d]# nginx -s reload
[root@nginx conf.d]# curl -I var.hh.org/return
HTTP/1.1 301 Moved Permanently
Server: nginx/1.26.2
Date: Mon, 19 Aug 2024 06:23:53 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive Keep-Alive: timeout=60
Location: 百度一下,你就知道
没有查找到文件,访问百度
[root@nginx conf.d]# mkdir -p /data/web/html/return
[root@nginx conf.d]# curl -I var.hh.org/return
HTTP/1.1 200 OK
Server: nginx/1.26.2
Date: Mon, 19 Aug 2024 06:33:04 GMT
Content-Type: text/html
Connection: keep-alive Keep-Alive: timeout=60
Vary: Accept-Encoding
rewrite 指令
通过正则表达式的匹配来改变URI,可以同时存在一个或多个指令,按照顺序依次对URI进行匹配,
rewrite主要是针对用户请求的URL或者是URI做具体处理
语法格式 :
rewrite regex replacement [flag];
flag 说明
redirect;#临时重定向 重写完成后以临时重定向方式直接返回重写后生成的新URL给客户端
浏览器里不会存放重写产生的新的配置文件信息
permanent; #重写完成后以永久重定向方式直接返回重写后生成的新URL给客户端
#由客户端重新发起请求,状态码:301
break;#重写完成后,停止对当前URL在当前location中后续的其它重写操作
#而后直接跳转至重写规则配置块之后的其它配置,结束循环,建议在location中使用
#适用于一个URL一次重写
last;#重写完成后,停止对当前URI在当前location中后续的其它重写操作,
#而后对新的URL启动新一轮重写检查,不建议在location中使用
#适用于一个URL多次重写,要注意避免出现超过十次以及URL重写后返回错误的给用户
[root@nginx conf.d]# vim vars.conf
location / {
root /data/web/var;
index index.html;
#rewrite / http://www.huihui.com permanent; #永久
#rewrite / http://www.huihui.com redirect; #临时
}
[root@nginx conf.d]# mkdir /data/web/var -p
[root@nginx conf.d]# echo var page > /data/web/var/index.html
[root@nginx conf.d]# nginx -s reload
[root@nginx conf.d]# curl var.hh.org
var page
[root@nginx conf.d]# curl www.huihui.org www.huihui.org
[root@nginx conf.d]# vim vars.conf
[root@nginx conf.d]# nginx -s reload
[root@nginx conf.d]# curl var.hh.org
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.26.2</center>
</body>
</html>
[root@nginx conf.d]# curl -I var.hh.org
HTTP/1.1 301 Moved Permanently
Server: nginx/1.26.2
Date: Mon, 19 Aug 2024 07:43:48 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Keep-Alive: timeout=60
Location: http://www.huihui.com
在Windows加编译:var.huihui.org
location / {
root /data/web/var;
index index.html;
#rewrite / http://www.huihui.com permanent; #永久
}
location / {
root /data/web/var;
index index.html;
rewrite / http://www.timinglee.com redirect;
}
#break 和last
创建文件:
[root@nginx conf.d]# mkdir /data/web/html/{test1,test2,break,last} -p
写入内容:
[root@nginx conf.d]# echo test1 > /data/web/html/test1/index.html
[root@nginx conf.d]# echo test2 > /data/web/html/test2/index.html
[root@nginx conf.d]# echo last > /data/web/html/last/index.html
[root@nginx conf.d]# echo break > /data/web/html/break/index.html
[root@nginx conf.d]# vim vars.conf
server {
listen 80;
server_name var.hh.org;
root /data/web/html;
index index.html;
location /break {
rewrite ^/break/(.*) /test1/$1; #break 如果输入break访问的时候会返回test1的值,中断下面查找test2
rewrite ^/test1/(.*) /test2/$1;
}
location /last {
rewrite ^/last/(.*) /test1/$1;
rewrite ^/test1/(.*) /test2/$2;
}
location /test1 {
default_type text/html;
echo "why not let me go oh,why you speak so low oh";
}
location /test2 {
root /data/web/html;
}
}
访问结果:
Nginx-rewrite的企业级防盗链
全站加密
创建一个认证目录:
[root@nginx conf.d]# cd /usr/local/nginx/
[root@nginx nginx]# ls
client_body_temp conf conf.d fastcgi_temp html logs proxy_temp sbin scgi_temp uwsgi_temp
[root@nginx nginx]# mkdir certs
[root@nginx nginx]# ls
certs client_body_temp conf conf.d fastcgi_temp html logs proxy_temp sbin scgi_temp uwsgi_temp
[root@nginx nginx]# cd certs/
[root@nginx certs]# cd
[root@nginx ~]# openssl req -newkey rsa:2048 -nodes -sha256 -keyout /usr/local/nginx/certs/huihui.org.key -x509 -days 365 -out /usr/local/nginx/certs/huihui.org.crt
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Shaanxi
Locality Name (eg, city) [Default City]:Xi'an
Organization Name (eg, company) [Default Company Ltd]:lhx
Organizational Unit Name (eg, section) []:webserver
Common Name (eg, your name or your server's hostname) []:www.huihui.org
Email Address []:admin@huihui.org
[root@nginx ~]# cd /usr/local/nginx/
[root@nginx nginx]# cd certs/
[root@nginx certs]# ls huihui.org.crt huihui.org.key
[root@nginx certs]# cd ..
[root@nginx nginx]# cd conf.d/
[root@nginx conf.d]# ls
无
[root@nginx conf.d]# vim jiam.conf
server {
listen 80;
listen 443 ssl;
server_name www.huihui.org;
root /data/web/html;
index index.html;
ssl_certificate /usr/local/nginx/certs/huihui.org.crt;
ssl_certificate_key /usr/local/nginx/certs/huihui.org.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
}
[root@nginx conf.d]# nginx -t
[root@nginx conf.d]# nginx -s reload
测试:
强制走加密:
[root@nginx conf.d]# vim jiam.conf
server {
listen 80;
listen 443 ssl;
server_name www.huihui.org;
root /data/web/html;
index index.html;
ssl_certificate /usr/local/nginx/certs/huihui.org.crt;
ssl_certificate_key /usr/local/nginx/certs/huihui.org.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
location / {
if ( $scheme = http ){
rewrite /(.*) https://$host/$1 redirect;
rewrite / https://$host redirect; #如果不加,不管在浏览器上输入的对不对最后还是会访问https://www.huihui.org
}
}
}
[root@nginx conf.d]# nginx -s reload
[root@nginx conf.d]# curl -L www.huihui.org
curl: (60) SSL certificate problem: self-signed certificate
More details here: https://curl.se/docs/sslcerts.htmlcurl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
[root@nginx conf.d]# curl -kL www.huihui.org
www.huihui.org[root@nginx conf.d]# curl -I www.huihui.org
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.26.2
Date: Mon, 19 Aug 2024 15:39:35 GMT
Content-Type: text/html
Content-Length: 145
Connection: keep-alive
Keep-Alive: timeout=60
Location: https://www.huihui.org
测试:
防盗链
在一个web 站点盗链另一个站点的资源信息,比如:图片、视频等
nginx:
[root@nginx conf.d]# mkdir -p /data/web/html/images
xftp传图片,一张在images里,一张在html里,两张图片不能放在一起;
[root@nginx ~]# cd /usr/local/nginx/ [root@nginx nginx]# cd conf.d/ [root@nginx conf.d]# ls jiam.conf status.conf vhost.conf
[root@nginx conf.d]# vim jiam.con
server {
listen 80;
listen 443 ssl;
server_name www.hhhoo.org;
root /data/web/html;
index index.html;
ssl_certificate /usr/local/nginx/certs/hhhoo.org.crt;
ssl_certificate_key /usr/local/nginx/certs/hhhoo.org.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
location / {
if ( $scheme = http ){
rewrite /(.*) https://$host/$1 redirect;
}
if ( !-e $request_filename ){
rewrite /(.*) https://$host/index.html redirect;
}
}
location /images {
valid_referers none blocked server_names *.hhhoo.org ~/.baidu/.;
if ( $invalid_referer ){
rewrite ^/ http://www.hhhoo.org/shiwan.jpg;
}
}
}
web1:
[root@web1 ~]# dnf install httpd
[root@web1 ~]# cd /var/www/html
[root@web1 html]# ls
[root@web1 html]# vim index.html
<html>
<head>
<meta http-equiv=Content-Type content="text/html;charset=utf-8">
<title>盗链</title>
</head>
<body>
<img src="http://www.hhhoo.org/images/he.jpg" >
<h1 style="color:red">why not let me go oh</h1>
<p><a href=http://www.hhhoo.org>你没事吧</a>你没事吧</p>
</body>
</html>
测试:
[root@nginx conf.d]# vim jiam.conf
server {
listen 80;
listen 443 ssl;
server_name www.hhhoo.org;
root /data/web/html;
index index.html;
ssl_certificate /usr/local/nginx/certs/hhhoo.org.crt;
ssl_certificate_key /usr/local/nginx/certs/hhhoo.org.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
location / {
valid_referers none blocked server_names *.hhhoo.org ~/.baidu/.;
if ( $invalid_referer ){
return 404;
}
}
}
测试:
但是直接访问www.hhhoo.org
[root@nginx conf.d]# vim jiam.conf
server {
listen 80;
listen 443 ssl;
server_name www.hhhoo.org;
root /data/web/html;
index index.html;
ssl_certificate /usr/local/nginx/certs/hhhoo.org.crt;
ssl_certificate_key /usr/local/nginx/certs/hhhoo.org.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
location /images {
valid_referers none blocked server_names *.hhhoo.org ~/.baidu/ .;
if ( $invalid_referer ){
rewrite ^/ http://www.hhhoo.org/images/he.jpg;
}
}
}
测试没有
some tips:
[root@nginx conf.d]# cat status.conf
server {
listen 80;
server_name hx.hx.org;
root /data/web/html;
index index.html;
location /status {
stub_status;
#auth_basic"login"
#auth_basic_user_file "/use/local/nginx/.htpasswd"
}
}
[root@nginx conf.d]# cat vars.conf
#server {
# listen 80;
# server_name var.hh.org;
# root /data/web/html;
# index index.html;
#
# location /break {
# rewrite ^/break/(.*) /test1/$1;
# rewrite ^/test1/(.*) /test2/$1;
# }
#
# location /last {
# rewrite ^/last/(.*) /test1/$1;
# rewrite ^/test1/(.*) /test2/$2;
# }
# location /test1 {
# default_type text/html;
# echo "why not let me go oh,why you speak so low oh";
# }
# location /test2 {
# root /data/web/html;
# }
#}
[root@nginx conf.d]# cat vhost.conf
server {
listen 80;
server_name www.huihui.org;
root /data/web/html;
index index.html;
error_page 404 /40x.html;
error_log /var/log/huihui.org/error.log;
access_log /var/log/huihui.org/access.log;
try_files $uri $uri.html $uri/index.html /error/default.html;
location /hui {
root /data/web;
#auth_basic "login password !!";
#auth_basic_user_file "/usr/local/nginx/.htpasswd";
}
location = /40x.html{
root /data/web/errorpage;
}
location /download {
root /data/web;
autoindex on;
autoindex_localtime on;
}
}
Nginx 反向代理及动静分离
反向代理
通过location可以写
ngx_http_proxy_module: #将客户端的请求以http协议转发至指定服务器进行处理
ngx_http_upstream_module #用于定义为proxy_pass,fastcgi_pass(解析php),uwsgi_pass(解析python)#等指令引用的后端服务器分组
ngx_stream_proxy_module: #将客户端的请求以tcp协议转发至指定服务器处理(后端是两个dns、数据库)
ngx_http_fastcgi_module: #将客户端对php的请求以fastcgi协议转发至指定服务器助理
ngx_http_uwsgi_module: #将客户端对Python的请求以uwsgi协议转发至指定服务器处理
proxy_pass:只能写一个
反向代理单台 web 服务器
在nginx:
[root@nginx conf.d]# cd /usr/local/nginx/conf.d/
[root@nginx conf.d]# vim icome.conf
server {
listen 80;
server_name www.hhhoo.org;
location / {
proxy_pass http://172.25.254.10:80;
}
}
[root@nginx conf.d]# nginx -s reload
测试:
[root@nginx conf.d]# curl 172.25.254.100 172.25.254.10
web2:
[root@web2 ~]# vim /etc/httpd/conf/httpd.conf
#Listen 12.34.56.78:80
Listen 8080
:wq
[root@web2 ~]# systemctl restart httpd
nginx:
[root@nginx conf.d]# vim icome.conf
server {
listen 80;
server_name www.hhhoo.org;
location / {
#proxy_pass http://172.25.254.10:80;
proxy_pass http://172.25.254.20:8080; #二选一
}
}
[root@nginx conf.d]# nginx -s reload
测试:
如果想访问172.25.254.20:
[root@nginx conf.d]# vim icome.conf
server {
listen 80;
server_name www.hhhoo.org;
location / {
proxy_pass http://172.25.254.10:80;
#proxy_pass http://172.25.254.20:8080;
}
location /static { #加静态
proxy_pass http://172.25.254.20:8080;
}
}
[root@web2 ~]# mkdir -p /var/www/html/static
[root@web2 ~]# echo static 172.25.254.20 > /var/www/html/static/index.html
测试:
动静分离:
[root@nginx conf.d]# vim icome.conf
server {
listen 80;
server_name www.hhhoo.org;
location ~ \.php$ {
proxy_pass http://172.25.254.10:80;
#proxy_pass http://172.25.254.20:8080;
}
location /static {
proxy_pass http://172.25.254.20:8080;
}
}
[root@web1 ~]# dnf install php -y
[root@web1 ~]# systemctl restart httpd
[root@web1 ~]# vim /var/www/html/index.php
<?php
phpinfo();
?>
[root@web2 ~]# dnf install httpd
[root@web2 ~]# systemctl enable --now httpd Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service. [root@web2 ~]# echo 172.25.254.20 > /var/www/html/index.html [root@web2 ~]# vim /etc/httpd/conf/httpd.conf (把listen改为8080)
[root@web2 ~]# systemctl restart httpd [root@web2 ~]# mkdir -p /var/www/html/static [root@web2 ~]# echo static 172.25.254.20 > /var/www/html/static/index.html
测验:
静态
php
反向代理的缓存功能
[root@nginx conf.d]# vim /usr/local/nginx/conf/nginx.conf
加在http下
proxy_cache_path /apps/nginx/proxy_cache levels=1:2:2 keys_zone=proxycache:20m
inactive=120s max_size=1g;
[root@nginx conf.d]# vim icome.conf
server {
listen 80;
server_name www.hhhoo.org;
location ~ \.php$ {
proxy_pass http://172.25.254.10:80;
#proxy_pass http://172.25.254.20:8080;
}
location /static {
proxy_pass http://172.25.254.20:8080;
proxy_cache proxycache;
proxy_cache_key $request_uri;
proxy_cache_valid 200 302 301 10m;
proxy_cache_valid any 1m;
}
}
[root@nginx conf.d]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@nginx conf.d]# nginx -s reload
Nginx的反向代理负载均衡
http upstream配置参数
#自定义一组服务器,配置在http块内
[root@nginx ~]# cd /usr/local/nginx/conf.d/
[root@nginx conf.d]# vim icome.conf
upstream webcluster {
server 172.25.254.10:80 fail_timeout=15s max_fails=3;
server 172.25.254.20:8080 fail_timeout=15s max_fails=3;
server 172.25.254.100:80 backup;
}
server {
listen 80;
server_name www.hhhoo.org;
location / {
proxy_pass http://webcluster;
}
}
[root@nginx conf.d]# nginx -s reload
测试:默认是轮询
[root@nginx conf.d]# vim icome.conf
upstream webcluster {
ip_hash;(加入算法时backup不能写)
server 172.25.254.10:80 fail_timeout=15s max_fails=3;
server 172.25.254.20:8080 fail_timeout=15s max_fails=3;
#server 172.25.254.100:80 backup;
}
测试:(hash算法——找最近的后端服务器)
hash $request_uri consistent;
在web1
[root@web1 ~]# mkdir -p /var/www/html/static [root@web1 ~]# echo 172.25.254.10 static > /var/www/html/static/index.html
测试:
hash $cookie_hui;
测试:
curl -b "hui=1"(取模运算) www.hhhoo.org
tcp负载均衡配置参数
web1、web2:都下载bind
[root@web1 ~]# dnf install bind -y
[root@web1 ~]# vim /etc/named.conf
注释
// listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };
// allow-query { localhost; };
dnssec-validation no;
[root@web1 ~]# vim /etc/named.rfc1912.zones
zone "hhhoo.org" IN {
type master;
file "hhhoo.org.zone";
allow-update { none; };
};
[root@web1 ~]# cd /var/named/
[root@web1 named]# cp named.localhost hhhoo.org.zone -p
[root@web1 named]# vim hhhoo.org.zone
$TTL 1D
@ IN SOA ns.hhhoo.org. root.hhhoo.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.hhhoo.org.
ns A 172.25.254.10
www A 172.25.254.10
[root@web1 named]# dig www.hhhoo.org @172.25.254.10
; <<>> DiG 9.16.23-RH <<>> www.hhhoo.org @172.25.254.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35951
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: aac45499bb8562eb0100000066c6f9e2f0abc9b22209a6a8 (good)
;; QUESTION SECTION:
;www.hhhoo.org. IN A;; ANSWER SECTION:
www.hhhoo.org. 86400 IN A 172.25.254.10;; Query time: 0 msec
;; SERVER: 172.25.254.10#53(172.25.254.10)
;; WHEN: Thu Aug 22 16:42:10 CST 2024
;; MSG SIZE rcvd: 86
[root@web1 named]# scp -p /etc/named.{conf,rfc1912.zones} root@172.25.254.20:/etc/
cp到20
[root@web1 named]# scp -p /var/named/hhhoo.org.zone root@172.25.254.20:/var/named/hhhoo.org.zone
在web2把ip改成20
[root@web2 ~]# vim /var/named/hhhoo.org.zone
[root@web2 ~]# systemctl start named [root@web2 ~]# dig www.hhhoo.org @172.25.254.20
[root@web2 ~]# cd /var/named [root@web2 named]# ll
[root@web2 named]# chgrp named hhhoo.org.zone
[root@web2 named]# ll
总用量 20
[root@web2 named]# dig www.hhhoo.org @172.25.254.20
加数据库
在web1、web2上下载:
[root@web2 named]# dnf install mariadb-server -y
回nginx中加入:
[root@nginx conf.d]# vim dns.conf
stream {
upstream dns {
server 172.25.254.10:53 fail_timeout=15s max_fails=3;
server 172.25.254.20:53 fail_timeout=15s max_fails=3;
}
server {
listen 53 udp reuseport;
proxy_timeout 20s;
proxy_pass dns;
}
在主配置文件加入
[root@nginx conf.d]# vim /usr/local/nginx/conf/nginx.conf
events {
worker_connections 1024;
use epoll;
}
include "/usr/local/nginx/tcpconf.d/*.conf"; !!!
http {
include mime.types;
default_type application/octet-stream;
负载均衡:mysql
web1
[root@web1 ~]# vim /etc/my.cnf.d/mariadb-server.cnf
[mysqld]
server-id=10 !!
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
log-error=/var/log/mariadb/mariadb.log
pid-file=/run/mariadb/mariadb.pid
[root@web1 ~]# systemctl start mariadb.service
登陆mysql
MariaDB [(none)]> CREATE USER hhhoo@'%' identified by 'hhhoo';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> GRANT ALL ON *.* to hhhoo@'%';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> quit;
Bye
web2
[root@web2 ~]# vim /etc/my.cnf.d/mariadb-server.cnf
[mysqld]
server-id=20
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
log-error=/var/log/mariadb/mariadb.log
pid-file=/run/mariadb/mariadb.pid
[root@web2 ~]# systemctl start mariadb.service
MariaDB [(none)]> CREATE USER hhhoo@'%' identified by 'hhhoo';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> GRANT ALL ON *.* to hhhoo@'%';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> quit;
Bye
回nginx
[root@nginx conf.d]# vim dns.conf
stream {
upstream dns {
server 172.25.254.10:53 fail_timeout=15s max_fails=3;
server 172.25.254.20:53 fail_timeout=15s max_fails=3;
}
upstream mysql { !!!
server 172.25.254.10:3306 fail_timeout=15s max_fails=3;
server 172.25.254.20:3306 fail_timeout=15s max_fails=3;
}
server {
listen 53 udp reuseport;
proxy_timeout 20s;
proxy_pass dns;
}
[root@nginx conf.d]# nginx -s reload
[root@nginx conf.d]# netstat -antlup | grep 3306
[root@nginx conf.d]# dnf install mariadb-server -y
[root@nginx conf.d]# mysql -u hhhoo -p -h 172.25.254.100
password:
MariaDB [(none)]>SELECT @@SERVER_id;
MariaDB [(none)]>quit
Nginx 源码编译php
重新编译
先把 /usr/local/里面的 nginx/conf.d/ 删除
[root@nginx ~]# rm -rf /usr/local/nginx/
xftp 上传压缩包:memc-nginx-module-0.20.tar.gz
srcache-nginx-module-0.33.tar.gz
[root@nginx ~]# tar zxf memc-nginx-module-0.20.tar.gz
[root@nginx ~]# tar zxf srcache-nginx-module-0.33.tar.gz
cd到 nginx1.26.2下
[root@nginx nginx-1.26.2]# ./configure --prefix=/usr/local/nginx \
> --add-module=/root/echo-nginx-module-0.63 \
> --add-module=/root/memc-nginx-module-0.20 \
> --add-module=/root/srcache-nginx-module-0.33 \
> --user=nginx \
> --group=nginx \
> --with-http_v2_module \
> --with-http_realip_module \
> --with-http_stub_status_module \
> --with-http_gzip_static_module \
> --with-stream \
> --with-stream_ssl_module \
> --with-stream_realip_module \
> --with-pcre
[root@nginx nginx-1.26.2]# make && make install
[root@nginx ~]# systemctl start nginx
[root@nginx ~]# ps aux | grep nginx
[root@nginx ~]# nginx -V
下载php安装包和openresty,xtfp上传到/root下
[root@nginx ~]# tar zxf php-8.3.9.tar.gz [root@nginx ~]# cd php-8.3.9/
[root@nginx php-8.3.9]# dnf whatprovides * /libsystemd *
[root@nginx php-8.3.9]# dnf install systemd-devel -y
[root@nginx php-8.3.9]# ./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd
[root@nginx php-8.3.9]# ./configure --prefix=/usr/local/php \
> --enable-fpm \
> --with-fpm-user=nginx \
> --with-fpm-group=nginx \
> --with-curl \
> --with-iconv \
> --with-mhash \
> --with-zlib \
> --with-openssl \
> --enable-mysqlnd \
> --with-mysqli \
> --with-pdo-mysql \
> --disable-debug \
> --enable-sockets \
> --enable-soap \
> --enable-xml \
> --enable-ftp \
> --enable-gd \
> --enable-exif \
> --enable-mbstring \
> --enable-bcmath \
> --with-fpm-systemd
一直报错没安装软件,可恶!!
找:dnf whatprovides * /libxml-2.0 *
下:dnf install libxml2-devel-2.9.13-2.el9.x86_64
编:./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd
> --dnf search sqlite3
>
> --dnf install sqlite-devel.x86_64 -y
>
> ——./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd
> ——dnf whatprovides */libcurl*
> —— dnf install libcurl-devel-7.76.1-19.el9.x86_64 -y
> ——./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd
>
> —— dnf search libpng-devel*
> —— dnf install libpng-devel.x86_64 -y
> —— ./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd
> —— cd /mnt
>
> 去阿里云镜像站复制链接:
>
> —— wget https://mirrors.aliyun.com/rockylinux/9.4/devel/x86_64/os/Packages/o/oniguruma-devel-6.9.6-1.el9.5.0.1.x86_64.rpm
> —— ls
>
> 回镜像站下载软件包,cd到root下
>
> —— dnf install oniguruma-6.9.6-1.el9.5.i686 -y
>
> ——dnf install oniguruma-devel-6.9.6-1.el9.5.x86_64.rpm
> —— cd php-8.3.9/
> —— ./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd
Nginx-php的配置
[root@nginx ~]# cd /usr/local/php/etc
[root@nginx etc]# ls php-fpm.conf.default php-fpm.d [root@nginx etc]# cp -p php-fpm.conf.default php-fpm.conf [root@nginx etc]# vim php-fpm.conf
打开pid
pid = run/php-fpm.pid
[root@nginx etc]# cd php-fpm.d/
[root@nginx php-fpm.d]# ls www.conf.default
[root@nginx php-fpm.d]# cp www.conf.default www.conf -p
[root@nginx php-fpm.d]# vim www.conf
[root@nginx php-fpm.d]# cd /root/php-8.3.9/
[root@nginx php-8.3.9]# ls
[root@nginx php-8.3.9]# cp php.ini-production /usr/local/php/etc/php.ini
[root@nginx php-8.3.9]# cd /usr/local/php/etc/
[root@nginx etc]# vim php.ini
date.timezone =Asia/Shanghai
生成启动脚本:
[root@nginx fpm]# cp php-fpm.service /lib/systemd/system/
[root@nginx fpm]# pwd
/root/php-8.3.9/sapi/fpm
[root@nginx fpm]# vim /lib/systemd/system/php-fpm.service
注释掉:
# Mounts the /usr, /boot, and /etc directories read-only for processes invoked by this unit.
#ProtectSystem=full
[root@nginx fpm]# systemctl daemon-reload
[root@nginx fpm]# systemctl start php-fpm.service
[root@nginx fpm]# netstat -antlupe | grep php
建议不要!!!! 修改监听端口
[root@nginx php]# cd etc/php-fpm.d/
[root@nginx php-fpm.d]# vim www.conf
listen = 0.0.0.0:9000
[root@nginx php-fpm.d]# systemctl restart php-fpm.service
[root@nginx php-fpm.d]# netstat -antlupe | grep php
tcp6 0 0 ::1:9000 :::* LISTEN 0 188205 215256/php-fpm: mas
Nginx和php的整合
[root@nginx bin]# mkdir -p /data/web/php
[root@nginx bin]# cd /usr/local/php/
[root@nginx bin]# ls
[root@nginx bin]# cd bin/
[root@nginx bin]# vim ~/.bash_profile
export
PATH=$PATH:/usr/local/nginx/sbin:/usr/local/php/bin:/usr/local/php/sbin
[root@nginx bin]# source ~/.bash_profile
[root@nginx bin]# cd /data/web/php/
[root@nginx php]# ls
[root@nginx php]# vim index.php
<?php
phpinfo();
?>
:wq
[root@nginx php]# cd /usr/local/
[root@nginx local]# ls
bin etc games include lib lib64 libexec nginx php sbin share src
[root@nginx local]# cd nginx/
[root@nginx nginx]# ls
client_body_temp conf fastcgi_temp html logs proxy_temp sbin scgi_temp uwsgi_temp
[root@nginx nginx]# mkdir conf.d
[root@nginx nginx]# vim conf/nginx.conf
include "/usr/local/nginx/conf.d/*.conf";
[root@nginx nginx]# cd conf.d/
[root@nginx conf.d]# ls
[root@nginx conf.d]# vim vhost.conf
server{
listen 80;
server_name www.hhhoo.org;
root /data/web/html;
index index.html;
location ~ \.php$ {
root /data/web/php;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
}