当前位置: 首页 > article >正文

Nginx实验-2

Nginx中的变量

变量可以分为内置变量和自定义变量

内置变量是由nginx模块自带,通过变量可以获取到众多的与客户端访问相关的值

[root@nginx ~]# cd /usr/local/nginx/

[root@nginx nginx]# cd conf.d/

[root@nginx conf.d]# ls status.conf vhost.conf

[root@nginx conf.d]# vim vars.conf

server {
    listen 80;
    server_name var.hh.org;
    root /data/web/html;
    index index.html;

    location /var {
        default_type text/html;
        echo "why not let me go oh";
    }

}

[root@nginx conf.d]# vim /etc/hosts 在Linux中做解析

172.25.254.100	nginx.hui.org www.huihui.org hx.hx.org var.hh.org

测试:

[root@nginx conf.d]# curl var.hh.org/var

why not let me go oh

#nginx的内置变量
server {
    listen 80;
    server_name var.timinglee.org;
    root /data/web/html;
    index index.html;

    location /var {
        default_type text/html;
        echo $remote_addr;
        echo $args;
        echo $is_args;
        echo $document_root;
        echo $document_uri;
        echo $host;
        echo $remote_port;
        echo $remote_user;
        echo $request_method;
        echo $request_filename;
        echo $request_uri;
        echo $scheme;
        echo $server_protocol;
        echo $server_addr;
        echo $server_name;
        echo $server_port;
        echo $http_user_agent;
        echo $http_cookie;
        echo $cookie_key2;
    }
}

#nginx自定义变量
server {
    listen 80;
    server_name var.timinglee.org;
    root /data/web/html;
    index index.html;

    location /var {
        default_type text/html;
        set $hh hui;
        echo $hh;
    }
}

返回值
[root@nginx conf.d]#  curl -b "key1=x,key2=y1" -u lee:lee var.hh.org/var?name=hui&&id=6666
why not let me go oh
172.25.254.100
name=hui
?
/data/web/html
/var
var.hh.org
34140
lee
GET
/data/web/html/var
/var?name=hui
http
HTTP/1.1
172.25.254.100
var.hh.org
80
curl/7.76.1
key1=x,key2=y1

Nginx Rewrite模块功能

if 指令

注意:

#如果$变量的值为空字符串或0,则if指令认为该条件为false,其他条件为true。

#nginx 1.0.1之前$变量的值如果以0开头的任意字符串会返回false

eg:if判定

[root@nginx conf.d]# vim vars.conf

	location /test2 {
	if ( !-e $request_filename ){
		echo "$request_filename is not exist";
			return 409;
		}
	}

[root@nginx conf.d]# nginx -s reload

[root@nginx conf.d]# curl var.hh.org/test2
<html>
<head><title>409 Conflict</title></head>
<body>
<center><h1>409 Conflict</h1></center>
<hr><center>nginx/1.26.2</center>
</body>
</html>

[root@nginx conf.d]# curl var.hh.org/test2

/data/web/html/test2 is not exist 文件不存在

[root@nginx conf.d]# mkdir -p /data/web/html/test2/ [root@nginx conf.d]# echo test2 > /data/web/html/test2/index.html [root@nginx conf.d]# curl var.hh.org/test2/index.html test2

set 指令

指定key并给其定义一个变量,变量可以调用Nginx内置变量赋值给key(#自定义变量)

set $name hui;

echo $name;

返回值

hui

break 指令

eg:break

[root@nginx conf.d]# vim vars.conf

location /break {
        default_type text/html;
        set $name love;
        echo $name;
        
		#break;
		set $id 666;
		echo $id;
    }

[root@nginx conf.d]# nginx -s reload

返回值

[root@nginx conf.d]# curl var.hh.org/break

love 666

location /break {
        default_type text/html;
        set $name love;
        echo $name;
        
		break;
		set $id 666;
		echo $id;
    }

[root@nginx conf.d]# nginx -s reload

[root@nginx conf.d]# curl var.hh.org/break

love

[root@nginx conf.d]# vim vars.conf

	location /break {
        default_type text/html;
        set $name love;
        echo $name;
        
		if ( $http_user_agent = "curl/7.76.1" ){
            break;
        }
		set $id 666;
		echo $id;
        }

[root@nginx conf.d]# curl var.hh.org/break love

[root@nginx conf.d]# curl -A "firefox" var.hh.org/break love 666

return 指令

[root@nginx conf.d]# vim vars.conf

     location /return {
        default_type text/html;
        if ( !-e $request_filename){
            return 301 http://www.baidu.com;	#没有找到文件就访问百度
        }
        echo "$request_filename is exist";
    }

[root@nginx conf.d]# nginx -s reload

[root@nginx conf.d]# curl -I var.hh.org/return

HTTP/1.1 301 Moved Permanently

Server: nginx/1.26.2

Date: Mon, 19 Aug 2024 06:23:53 GMT

Content-Type: text/html

Content-Length: 169

Connection: keep-alive Keep-Alive: timeout=60

Location: 百度一下,你就知道

没有查找到文件,访问百度

[root@nginx conf.d]# mkdir -p /data/web/html/return

[root@nginx conf.d]# curl -I var.hh.org/return

HTTP/1.1 200 OK

Server: nginx/1.26.2

Date: Mon, 19 Aug 2024 06:33:04 GMT

Content-Type: text/html

Connection: keep-alive Keep-Alive: timeout=60

Vary: Accept-Encoding

rewrite 指令

通过正则表达式的匹配来改变URI,可以同时存在一个或多个指令,按照顺序依次对URI进行匹配,

rewrite主要是针对用户请求的URL或者是URI做具体处理

语法格式 :

rewrite regex replacement [flag];

flag 说明

redirect;#临时重定向        重写完成后以临时重定向方式直接返回重写后生成的新URL给客户端
浏览器里不会存放重写产生的新的配置文件信息
permanent;    #重写完成后以永久重定向方式直接返回重写后生成的新URL给客户端
#由客户端重新发起请求,状态码:301
break;#重写完成后,停止对当前URL在当前location中后续的其它重写操作
#而后直接跳转至重写规则配置块之后的其它配置,结束循环,建议在location中使用
#适用于一个URL一次重写
last;#重写完成后,停止对当前URI在当前location中后续的其它重写操作,
#而后对新的URL启动新一轮重写检查,不建议在location中使用
#适用于一个URL多次重写,要注意避免出现超过十次以及URL重写后返回错误的给用户

[root@nginx conf.d]# vim vars.conf

 location / {
        root /data/web/var;
        index index.html;
        #rewrite / http://www.huihui.com permanent;		#永久
        #rewrite / http://www.huihui.com redirect;		#临时
}

[root@nginx conf.d]# mkdir /data/web/var -p

[root@nginx conf.d]# echo var page > /data/web/var/index.html

[root@nginx conf.d]# nginx -s reload

[root@nginx conf.d]# curl var.hh.org

var page

[root@nginx conf.d]# curl www.huihui.org www.huihui.org

[root@nginx conf.d]# vim vars.conf

[root@nginx conf.d]# nginx -s reload

[root@nginx conf.d]# curl var.hh.org
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.26.2</center>
</body>
</html>

[root@nginx conf.d]# curl -I var.hh.org
HTTP/1.1 301 Moved Permanently
Server: nginx/1.26.2
Date: Mon, 19 Aug 2024 07:43:48 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Keep-Alive: timeout=60
Location: http://www.huihui.com

在Windows加编译:var.huihui.org

 location / {
        root /data/web/var;
        index index.html;
        #rewrite / http://www.huihui.com permanent;		#永久
}

 location / {
        root /data/web/var;
        index index.html;
        rewrite / http://www.timinglee.com redirect;
    }

#break 和last

创建文件:

[root@nginx conf.d]# mkdir /data/web/html/{test1,test2,break,last} -p

写入内容:

[root@nginx conf.d]# echo test1 > /data/web/html/test1/index.html

[root@nginx conf.d]# echo test2 > /data/web/html/test2/index.html

[root@nginx conf.d]# echo last > /data/web/html/last/index.html

[root@nginx conf.d]# echo break > /data/web/html/break/index.html

[root@nginx conf.d]# vim vars.conf

server {
	listen 80;
	server_name var.hh.org;
	root /data/web/html;
	index index.html;

	location /break {
		rewrite ^/break/(.*)  /test1/$1;	#break   如果输入break访问的时候会返回test1的值,中断下面查找test2
		rewrite ^/test1/(.*)  /test2/$1;
    }

	location /last {
		rewrite ^/last/(.*) /test1/$1;		
		rewrite ^/test1/(.*) /test2/$2;
	}
	location /test1 {
		default_type text/html;
		echo  "why not let me go oh,why you speak so low oh";
	}
	location /test2 {
		root /data/web/html;
	}
}

访问结果:

Nginx-rewrite的企业级防盗链

全站加密

创建一个认证目录:

[root@nginx conf.d]# cd /usr/local/nginx/
[root@nginx nginx]# ls
client_body_temp  conf  conf.d  fastcgi_temp  html  logs  proxy_temp  sbin  scgi_temp  uwsgi_temp
[root@nginx nginx]# mkdir certs
[root@nginx nginx]# ls
certs  client_body_temp  conf  conf.d  fastcgi_temp  html  logs  proxy_temp  sbin  scgi_temp  uwsgi_temp

[root@nginx nginx]# cd  certs/

[root@nginx certs]# cd 

[root@nginx ~]# openssl req -newkey rsa:2048 -nodes -sha256 -keyout /usr/local/nginx/certs/huihui.org.key -x509 -days 365 -out /usr/local/nginx/certs/huihui.org.crt

Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Shaanxi 
Locality Name (eg, city) [Default City]:Xi'an
Organization Name (eg, company) [Default Company Ltd]:lhx
Organizational Unit Name (eg, section) []:webserver
Common Name (eg, your name or your server's hostname) []:www.huihui.org
Email Address []:admin@huihui.org

[root@nginx ~]# cd /usr/local/nginx/

[root@nginx nginx]# cd certs/

[root@nginx certs]# ls huihui.org.crt huihui.org.key

[root@nginx certs]# cd ..

[root@nginx nginx]# cd conf.d/

[root@nginx conf.d]# ls

[root@nginx conf.d]# vim jiam.conf

server {
    listen 80;
    listen 443 ssl;
    server_name www.huihui.org;
    root /data/web/html;
    index index.html;
    ssl_certificate /usr/local/nginx/certs/huihui.org.crt;
    ssl_certificate_key /usr/local/nginx/certs/huihui.org.key;
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;
}

[root@nginx conf.d]# nginx -t

[root@nginx conf.d]# nginx -s reload

测试:

强制走加密:

[root@nginx conf.d]# vim jiam.conf

server {
    listen 80;
    listen 443 ssl;
    server_name www.huihui.org;
    root /data/web/html;
    index index.html;
    ssl_certificate /usr/local/nginx/certs/huihui.org.crt;
    ssl_certificate_key /usr/local/nginx/certs/huihui.org.key;
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

	location / {
		if ( $scheme = http ){
			rewrite /(.*) https://$host/$1 redirect;
			rewrite / https://$host redirect;	#如果不加,不管在浏览器上输入的对不对最后还是会访问https://www.huihui.org
		}
	}
}

[root@nginx conf.d]# nginx -s reload

[root@nginx conf.d]# curl -L www.huihui.org
curl: (60) SSL certificate problem: self-signed certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
[root@nginx conf.d]# curl -kL www.huihui.org
www.huihui.org

[root@nginx conf.d]# curl -I www.huihui.org
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.26.2
Date: Mon, 19 Aug 2024 15:39:35 GMT
Content-Type: text/html
Content-Length: 145
Connection: keep-alive
Keep-Alive: timeout=60
Location: https://www.huihui.org

测试:

防盗链

在一个web 站点盗链另一个站点的资源信息,比如:图片、视频等

nginx:

[root@nginx conf.d]# mkdir -p /data/web/html/images

xftp传图片,一张在images里,一张在html里,两张图片不能放在一起;

[root@nginx ~]# cd /usr/local/nginx/ [root@nginx nginx]# cd conf.d/ [root@nginx conf.d]# ls jiam.conf status.conf vhost.conf

[root@nginx conf.d]# vim jiam.con

server {
    listen 80;
    listen 443 ssl;
    server_name www.hhhoo.org;
    root /data/web/html;
    index index.html;
    ssl_certificate /usr/local/nginx/certs/hhhoo.org.crt;
    ssl_certificate_key /usr/local/nginx/certs/hhhoo.org.key;
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

	location / {
       if ( $scheme = http ){
            rewrite /(.*) https://$host/$1 redirect;
        }

        if ( !-e $request_filename ){
            rewrite /(.*) https://$host/index.html redirect;
        }
    }


	location /images  {
        valid_referers none blocked server_names *.hhhoo.org ~/.baidu/.;
        if ( $invalid_referer ){
                rewrite ^/   http://www.hhhoo.org/shiwan.jpg;
        }


    }

}

web1:

[root@web1 ~]# dnf install httpd

[root@web1 ~]# cd /var/www/html

[root@web1 html]# ls

[root@web1 html]# vim index.html

<html>

  <head>
    <meta http-equiv=Content-Type content="text/html;charset=utf-8">
    <title>盗链</title>
</head>

  <body>
    <img src="http://www.hhhoo.org/images/he.jpg" >
    <h1 style="color:red">why not let me go oh</h1>
    <p><a href=http://www.hhhoo.org>你没事吧</a>你没事吧</p>
  </body>

</html>

测试:

[root@nginx conf.d]# vim jiam.conf

server {
    listen 80;
    listen 443 ssl;
    server_name www.hhhoo.org;
    root /data/web/html;
    index index.html;
    ssl_certificate /usr/local/nginx/certs/hhhoo.org.crt;
    ssl_certificate_key /usr/local/nginx/certs/hhhoo.org.key;
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

	location / {
        valid_referers none blocked server_names *.hhhoo.org ~/.baidu/.;
        if ( $invalid_referer ){
                return 404;
        }


    }

}

测试:

但是直接访问www.hhhoo.org

[root@nginx conf.d]# vim jiam.conf

server {
    listen 80;
    listen 443 ssl;
    server_name www.hhhoo.org;
    root /data/web/html;
    index index.html;
    ssl_certificate /usr/local/nginx/certs/hhhoo.org.crt;
    ssl_certificate_key /usr/local/nginx/certs/hhhoo.org.key;
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

	location /images  {
        valid_referers none blocked server_names *.hhhoo.org ~/.baidu/ .;
        if ( $invalid_referer ){
                rewrite ^/   http://www.hhhoo.org/images/he.jpg;
        }

    }
}

测试没有

some tips:

[root@nginx conf.d]# cat status.conf 
server {
    listen 80;
    server_name hx.hx.org;
    root /data/web/html;
    index index.html;

	location /status {
		stub_status;
		#auth_basic"login"
		#auth_basic_user_file "/use/local/nginx/.htpasswd"
	}
}
[root@nginx conf.d]# cat vars.conf 
#server {
#	listen 80;
#	server_name var.hh.org;
#	root /data/web/html;
#	index index.html;
#
#	location /break {
#		rewrite ^/break/(.*)  /test1/$1;
#		rewrite ^/test1/(.*)  /test2/$1;
#    }
#
#	location /last {
#		rewrite ^/last/(.*) /test1/$1;
#		rewrite ^/test1/(.*) /test2/$2;
#	}
#	location /test1 {
#		default_type text/html;
#		echo  "why not let me go oh,why you speak so low oh";
#	}
#	location /test2 {
#		root /data/web/html;
#	}
#}
[root@nginx conf.d]# cat vhost.conf 
server {
	listen 80;
	server_name www.huihui.org;
	root /data/web/html;
	index index.html;
	error_page 404  /40x.html;
	error_log /var/log/huihui.org/error.log;
	access_log /var/log/huihui.org/access.log;
	try_files $uri $uri.html $uri/index.html /error/default.html;


	location /hui {
		root /data/web;
		#auth_basic "login password !!";
		#auth_basic_user_file "/usr/local/nginx/.htpasswd";
	}
	location = /40x.html{
		root /data/web/errorpage;
		}
	location /download {
		root /data/web;
		autoindex on;
		autoindex_localtime on;
	}
}

Nginx 反向代理及动静分离

反向代理

通过location可以写

ngx_http_proxy_module: #将客户端的请求以http协议转发至指定服务器进行处理
ngx_http_upstream_module #用于定义为proxy_pass,fastcgi_pass(解析php),uwsgi_pass(解析python)#等指令引用的后端服务器分组
ngx_stream_proxy_module: #将客户端的请求以tcp协议转发至指定服务器处理(后端是两个dns、数据库)
ngx_http_fastcgi_module: #将客户端对php的请求以fastcgi协议转发至指定服务器助理
ngx_http_uwsgi_module: #将客户端对Python的请求以uwsgi协议转发至指定服务器处理

proxy_pass:只能写一个

反向代理单台 web 服务器

在nginx:

[root@nginx conf.d]# cd /usr/local/nginx/conf.d/

[root@nginx conf.d]# vim icome.conf

server {
    listen 80;
    server_name www.hhhoo.org;

    location / {
        proxy_pass http://172.25.254.10:80;
    }

}

[root@nginx conf.d]# nginx -s reload

测试:

[root@nginx conf.d]# curl 172.25.254.100 172.25.254.10

web2:

[root@web2 ~]# vim /etc/httpd/conf/httpd.conf

#Listen 12.34.56.78:80
Listen 8080
:wq

[root@web2 ~]# systemctl restart httpd

nginx:

[root@nginx conf.d]# vim icome.conf

server {
	listen 80;
	server_name www.hhhoo.org;

	location / {
		#proxy_pass http://172.25.254.10:80;
		proxy_pass http://172.25.254.20:8080;		#二选一
	}

}

[root@nginx conf.d]# nginx -s reload

测试:

如果想访问172.25.254.20:

[root@nginx conf.d]# vim icome.conf

server {
    listen 80;
    server_name www.hhhoo.org;

    location / {
        proxy_pass http://172.25.254.10:80;
        #proxy_pass http://172.25.254.20:8080;
    }
    location /static {								#加静态
        proxy_pass http://172.25.254.20:8080;
    }

}

[root@web2 ~]# mkdir -p /var/www/html/static

[root@web2 ~]# echo static 172.25.254.20 > /var/www/html/static/index.html

测试:

动静分离:

[root@nginx conf.d]# vim icome.conf

server {
    listen 80;
    server_name www.hhhoo.org;

    location ~ \.php$ {
        proxy_pass http://172.25.254.10:80;
        #proxy_pass http://172.25.254.20:8080;
    }
    location /static {
        proxy_pass http://172.25.254.20:8080;
    }

}

[root@web1 ~]# dnf install php -y

[root@web1 ~]# systemctl restart httpd

[root@web1 ~]# vim /var/www/html/index.php

<?php
  phpinfo();
?>

[root@web2 ~]# dnf install httpd

[root@web2 ~]# systemctl enable --now httpd Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service. [root@web2 ~]# echo 172.25.254.20 > /var/www/html/index.html [root@web2 ~]# vim /etc/httpd/conf/httpd.conf (把listen改为8080)

[root@web2 ~]# systemctl restart httpd [root@web2 ~]# mkdir -p /var/www/html/static [root@web2 ~]# echo static 172.25.254.20 > /var/www/html/static/index.html

测验:

静态

php

反向代理的缓存功能

[root@nginx conf.d]# vim /usr/local/nginx/conf/nginx.conf

加在http下

proxy_cache_path /apps/nginx/proxy_cache levels=1:2:2 keys_zone=proxycache:20m
inactive=120s max_size=1g;

[root@nginx conf.d]# vim icome.conf

server {
    listen 80;
    server_name www.hhhoo.org;

    location ~ \.php$ {
        proxy_pass http://172.25.254.10:80;
        #proxy_pass http://172.25.254.20:8080;
    }
    location /static {
        proxy_pass http://172.25.254.20:8080;
        proxy_cache proxycache;
        proxy_cache_key $request_uri;
        proxy_cache_valid 200 302 301 10m;
        proxy_cache_valid any 1m;
    }

}

[root@nginx conf.d]# nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[root@nginx conf.d]# nginx -s reload

Nginx的反向代理负载均衡

http upstream配置参数

#自定义一组服务器,配置在http块内

[root@nginx ~]# cd /usr/local/nginx/conf.d/

[root@nginx conf.d]# vim icome.conf

upstream webcluster {
	server 172.25.254.10:80 fail_timeout=15s max_fails=3;
	server 172.25.254.20:8080 fail_timeout=15s max_fails=3;
	server 172.25.254.100:80 backup;
}
server {
	listen 80;
	server_name www.hhhoo.org;
	
	location / {
		proxy_pass http://webcluster;
	}

}

[root@nginx conf.d]# nginx -s reload

测试:默认是轮询

[root@nginx conf.d]# vim icome.conf

upstream webcluster {
	ip_hash;(加入算法时backup不能写)
	server 172.25.254.10:80 fail_timeout=15s max_fails=3;
	server 172.25.254.20:8080 fail_timeout=15s max_fails=3;
	#server 172.25.254.100:80 backup;
}

测试:(hash算法——找最近的后端服务器)

hash $request_uri consistent;

在web1

[root@web1 ~]# mkdir -p /var/www/html/static [root@web1 ~]# echo 172.25.254.10 static > /var/www/html/static/index.html

测试:

hash $cookie_hui;

测试:

curl -b "hui=1"(取模运算) www.hhhoo.org

tcp负载均衡配置参数

web1、web2:都下载bind

[root@web1 ~]# dnf install bind -y

[root@web1 ~]# vim /etc/named.conf

注释
//      listen-on port 53 { 127.0.0.1; };
//      listen-on-v6 port 53 { ::1; };
//      allow-query     { localhost; };
        dnssec-validation no; 

[root@web1 ~]# vim /etc/named.rfc1912.zones

zone "hhhoo.org" IN {
        type master;
        file "hhhoo.org.zone";
        allow-update { none; };
};

[root@web1 ~]# cd /var/named/

[root@web1 named]# cp named.localhost hhhoo.org.zone -p

[root@web1 named]# vim hhhoo.org.zone

$TTL 1D
@       IN SOA  ns.hhhoo.org. root.hhhoo.org. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      ns.hhhoo.org.
ns      A       172.25.254.10
www     A		172.25.254.10

[root@web1 named]# dig www.hhhoo.org @172.25.254.10

; <<>> DiG 9.16.23-RH <<>> www.hhhoo.org @172.25.254.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35951
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: aac45499bb8562eb0100000066c6f9e2f0abc9b22209a6a8 (good)
;; QUESTION SECTION:
;www.hhhoo.org.            IN    A

;; ANSWER SECTION:
www.hhhoo.org.        86400    IN    A    172.25.254.10

;; Query time: 0 msec
;; SERVER: 172.25.254.10#53(172.25.254.10)
;; WHEN: Thu Aug 22 16:42:10 CST 2024
;; MSG SIZE  rcvd: 86

[root@web1 named]# scp -p /etc/named.{conf,rfc1912.zones} root@172.25.254.20:/etc/

cp到20

[root@web1 named]# scp -p /var/named/hhhoo.org.zone root@172.25.254.20:/var/named/hhhoo.org.zone

在web2把ip改成20

[root@web2 ~]# vim /var/named/hhhoo.org.zone

[root@web2 ~]# systemctl start named [root@web2 ~]# dig www.hhhoo.org @172.25.254.20

[root@web2 ~]# cd /var/named [root@web2 named]# ll

[root@web2 named]# chgrp named hhhoo.org.zone

[root@web2 named]# ll

总用量 20

[root@web2 named]# dig www.hhhoo.org @172.25.254.20

加数据库

在web1、web2上下载:

[root@web2 named]# dnf install mariadb-server -y

回nginx中加入:

[root@nginx conf.d]# vim dns.conf

stream {
	upstream dns { 
    server 172.25.254.10:53 fail_timeout=15s max_fails=3;
    server 172.25.254.20:53 fail_timeout=15s max_fails=3;
	}
	
	server {
    	listen 53 udp reuseport;
    	proxy_timeout 20s;
    	proxy_pass dns;
	}   

在主配置文件加入

[root@nginx conf.d]# vim /usr/local/nginx/conf/nginx.conf

events {
    worker_connections  1024;
    use epoll;
}

include "/usr/local/nginx/tcpconf.d/*.conf";			!!!

http {
    include       mime.types;
    default_type  application/octet-stream;

负载均衡:mysql

web1

[root@web1 ~]# vim /etc/my.cnf.d/mariadb-server.cnf

[mysqld]
server-id=10				!!
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
log-error=/var/log/mariadb/mariadb.log
pid-file=/run/mariadb/mariadb.pid

[root@web1 ~]# systemctl start mariadb.service

登陆mysql

MariaDB [(none)]> CREATE USER hhhoo@'%' identified by 'hhhoo';
Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> GRANT ALL ON *.* to hhhoo@'%';
Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> quit;
Bye

web2

[root@web2 ~]# vim /etc/my.cnf.d/mariadb-server.cnf

[mysqld]
server-id=20
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
log-error=/var/log/mariadb/mariadb.log
pid-file=/run/mariadb/mariadb.pid

[root@web2 ~]# systemctl start mariadb.service

MariaDB [(none)]> CREATE USER hhhoo@'%' identified by 'hhhoo';
Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> GRANT ALL ON *.* to hhhoo@'%';
Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> quit;
Bye

回nginx

[root@nginx conf.d]# vim dns.conf

stream {
	upstream dns { 
    server 172.25.254.10:53 fail_timeout=15s max_fails=3;
    server 172.25.254.20:53 fail_timeout=15s max_fails=3;
	}

	upstream mysql {												!!!
	server 172.25.254.10:3306 fail_timeout=15s max_fails=3;
	server 172.25.254.20:3306 fail_timeout=15s max_fails=3;
	}
	
	server {
	listen 53 udp reuseport;
	proxy_timeout 20s;
	proxy_pass dns;
}       

[root@nginx conf.d]# nginx -s reload

[root@nginx conf.d]# netstat -antlup | grep 3306

[root@nginx conf.d]# dnf install mariadb-server -y

[root@nginx conf.d]# mysql -u hhhoo -p -h 172.25.254.100

password:

MariaDB [(none)]>SELECT @@SERVER_id;

MariaDB [(none)]>quit

Nginx 源码编译php

重新编译

先把 /usr/local/里面的 nginx/conf.d/ 删除

[root@nginx ~]# rm -rf /usr/local/nginx/

xftp 上传压缩包:memc-nginx-module-0.20.tar.gz

srcache-nginx-module-0.33.tar.gz

[root@nginx ~]# tar zxf memc-nginx-module-0.20.tar.gz

[root@nginx ~]# tar zxf srcache-nginx-module-0.33.tar.gz

cd到 nginx1.26.2下

[root@nginx nginx-1.26.2]# ./configure --prefix=/usr/local/nginx \
> --add-module=/root/echo-nginx-module-0.63 \
> --add-module=/root/memc-nginx-module-0.20 \
> --add-module=/root/srcache-nginx-module-0.33 \
> --user=nginx \
> --group=nginx \
> --with-http_v2_module \
> --with-http_realip_module \
> --with-http_stub_status_module \
> --with-http_gzip_static_module \
> --with-stream \
> --with-stream_ssl_module \
> --with-stream_realip_module \
> --with-pcre

[root@nginx nginx-1.26.2]# make && make install

[root@nginx ~]# systemctl start nginx

[root@nginx ~]# ps aux | grep nginx

[root@nginx ~]# nginx -V

下载php安装包和openresty,xtfp上传到/root下

[root@nginx ~]# tar zxf php-8.3.9.tar.gz [root@nginx ~]# cd php-8.3.9/

[root@nginx php-8.3.9]# dnf whatprovides * /libsystemd *

[root@nginx php-8.3.9]# dnf install systemd-devel -y

[root@nginx php-8.3.9]# ./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd

[root@nginx php-8.3.9]#  ./configure --prefix=/usr/local/php \

> --enable-fpm \
> --with-fpm-user=nginx \
> --with-fpm-group=nginx \
> --with-curl \
> --with-iconv \
> --with-mhash \
> --with-zlib \
> --with-openssl \
> --enable-mysqlnd \
> --with-mysqli \
> --with-pdo-mysql \
> --disable-debug \
> --enable-sockets \
> --enable-soap \
> --enable-xml \
> --enable-ftp \
> --enable-gd \
> --enable-exif \
> --enable-mbstring \
> --enable-bcmath \
> --with-fpm-systemd

一直报错没安装软件,可恶!!

 找:dnf whatprovides * /libxml-2.0 *

下:dnf install libxml2-devel-2.9.13-2.el9.x86_64

编:./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd

>  --dnf search sqlite3
>
>  --dnf install sqlite-devel.x86_64 -y
>
>  ——./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd
>  ——dnf whatprovides */libcurl*
>  —— dnf install libcurl-devel-7.76.1-19.el9.x86_64 -y
>  ——./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd
>
>  ——  dnf search libpng-devel*
>  —— dnf install libpng-devel.x86_64 -y
>  ——  ./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd
>  —— cd /mnt
>
>  去阿里云镜像站复制链接:
>
>  —— wget https://mirrors.aliyun.com/rockylinux/9.4/devel/x86_64/os/Packages/o/oniguruma-devel-6.9.6-1.el9.5.0.1.x86_64.rpm
>  ——  ls
>
>  回镜像站下载软件包,cd到root下
>
>  ——  dnf install oniguruma-6.9.6-1.el9.5.i686 -y
>
>  ——dnf install oniguruma-devel-6.9.6-1.el9.5.x86_64.rpm 
>  ——  cd php-8.3.9/
>  —— ./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd

Nginx-php的配置

[root@nginx ~]# cd /usr/local/php/etc

[root@nginx etc]# ls php-fpm.conf.default php-fpm.d [root@nginx etc]# cp -p php-fpm.conf.default php-fpm.conf [root@nginx etc]# vim php-fpm.conf

打开pid

pid = run/php-fpm.pid

[root@nginx etc]# cd php-fpm.d/

[root@nginx php-fpm.d]# ls www.conf.default

[root@nginx php-fpm.d]# cp www.conf.default www.conf -p

[root@nginx php-fpm.d]# vim www.conf

[root@nginx php-fpm.d]# cd /root/php-8.3.9/

[root@nginx php-8.3.9]# ls

[root@nginx php-8.3.9]# cp php.ini-production /usr/local/php/etc/php.ini

[root@nginx php-8.3.9]# cd /usr/local/php/etc/

[root@nginx etc]# vim php.ini 

date.timezone =Asia/Shanghai

生成启动脚本:

[root@nginx fpm]# cp php-fpm.service /lib/systemd/system/
[root@nginx fpm]# pwd
/root/php-8.3.9/sapi/fpm

[root@nginx fpm]# vim /lib/systemd/system/php-fpm.service 

注释掉:

# Mounts the /usr, /boot, and /etc directories read-only for processes invoked by this unit.
#ProtectSystem=full

[root@nginx fpm]# systemctl daemon-reload
[root@nginx fpm]# systemctl start php-fpm.service 
[root@nginx fpm]# netstat -antlupe | grep php

建议不要!!!!                修改监听端口

[root@nginx php]# cd etc/php-fpm.d/
[root@nginx php-fpm.d]# vim www.conf

listen = 0.0.0.0:9000

[root@nginx php-fpm.d]# systemctl restart php-fpm.service 
[root@nginx php-fpm.d]# netstat -antlupe | grep php
tcp6       0      0 ::1:9000                :::*                    LISTEN      0          188205     215256/php-fpm: mas

Nginx和php的整合

[root@nginx bin]# mkdir -p /data/web/php

[root@nginx bin]# cd /usr/local/php/

[root@nginx bin]# ls

[root@nginx bin]# cd bin/

[root@nginx bin]# vim ~/.bash_profile

export 
PATH=$PATH:/usr/local/nginx/sbin:/usr/local/php/bin:/usr/local/php/sbin

[root@nginx bin]# source ~/.bash_profile

[root@nginx bin]# cd /data/web/php/

[root@nginx php]# ls

[root@nginx php]# vim index.php

<?php
  phpinfo();
?>
:wq

[root@nginx php]# cd /usr/local/
[root@nginx local]# ls
bin  etc  games  include  lib  lib64  libexec  nginx  php  sbin  share  src
[root@nginx local]# cd nginx/

[root@nginx nginx]# ls
client_body_temp  conf  fastcgi_temp  html  logs  proxy_temp  sbin  scgi_temp  uwsgi_temp
[root@nginx nginx]# mkdir conf.d
[root@nginx nginx]# vim conf/nginx.conf

include "/usr/local/nginx/conf.d/*.conf";

[root@nginx nginx]# cd conf.d/

[root@nginx conf.d]# ls

[root@nginx conf.d]# vim vhost.conf

server{
    listen 80;
    server_name www.hhhoo.org;
    root /data/web/html;
    index index.html;

    location ~ \.php$ {
    	root /data/web/php;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        include fastcgi.conf;
    }
}


http://www.kler.cn/a/282244.html

相关文章:

  • MongoDB在现代Web开发中的应用
  • vuex和pinia的区别
  • 小程序19-微信小程序的样式和组件介绍
  • 鸿蒙学习生态应用开发能力全景图-赋能套件(1)
  • IDEA leetcode插件代码模板配置,登录闪退解决
  • 【Pikachu】XML外部实体注入实战
  • react native框架之 保存二维码方法
  • 学习记录——day40- 类中特殊的成员函数
  • 【C++ 面试 - 内存管理】每日 3 题(八)
  • 系统中没有安装 git
  • 鸿蒙南向开发:测试框架xdevice核心组件
  • pnpm国内源设置
  • 苹果手机系统修复如何操作,几种iOS系统修复办法分享
  • Oracle(89) 什么是等待事件(Wait Event)?
  • mysql-day03
  • 行为型设计模式-观察者(observer)模式
  • 机器学习/数据分析--通俗语言带你入门随机森林,并用随机森林进行天气分类预测(Accuracy为0.92)
  • Nginx中设置服务器备用(backup)状态的策略与实践
  • 16. 结构体占内存大小是怎么计算的,有哪些原则?
  • OJ-0829
  • Python 中的 `and`, `or`, `not` 运算符:介绍与使用
  • Linux进程间的通信(二)管道通信及其实际应用(主要是实际编程应用,底层涉及不太多,想了解底层参考《UNIX环境高级编程》)
  • C++ QT 单例模式
  • uniapp秋云图表报错json underfind的原因
  • 【C#】【EXCEL】Bumblebee/Components/Analysis/GH_Ex_Ana_CondBetween.cs
  • 《python语言程序设计》2018版第8章第6题统计字符串中的字母个数