[关闭]
@Great-Chinese 2016-12-05T08:13:21.000000Z 字数 11367 阅读 1142

LNMP架构搭建与优化

LNMP架构搭建与优化

1.1 php编译安装

A:下载与解压

  1. wget http://cn2.php.net/distributions/php-5.4.37.tar.bz2
  2. tar jxvf php-5.4.37.tar.bz2

B:配置编译参数

  1. cd php-5.4.37  # 进入此目录中
  2. ./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6

C:编译

  1.  make
  2.  echo $?

D:安装

  1. rm -rf /usr/local/php/ # 在安装前,要把之前旧的php目录删除掉
  2. make install
  3. echo $?
  1. cp php.ini-production /usr/local/php/etc/php.ini # 拷贝生产环境的配置文件
  2. cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm   # 拷贝启动脚本
  3. vim /etc/init.d/php-fpm        # 编辑启动的shell脚本
  4. chmod 755 /etc/init.d/php-fpm  # 授予执行权限
  5. cd /usr/local/php/etc/
  6. mv php-fpm.conf.default php-fpm.conf
  7. chkconfig --add php-fpm        # 加入系统服务列表中
  8. chkconfig php-fpm on           # 开机启动
  9. useradd -s /sbin/nologin php-fpm  # 增加用户
  10. service php-fpm start          # 启动
  11. /usr/local/php/sbin/php-fpm -t # 检查是否有问题
  12. ps aux|grep php-fpm
  13. netstat -lnp

1.2 Nginx编译安装

A:下载与解压

  1. cd /usr/local/src   # 进入此目录中
  2. wget http://nginx.org/download/nginx-1.6.2.tar.gz
  3. tar zxvf nginx-1.6.2.tar.gz

B:配置编译参数

  1. cd nginx-1.6.2   # 进入此目录中
  2. ./configure --prefix=/usr/local/nginx --with-pcre
  3. yum install -y pcre-devel

C:编译/安装

  1. make 
  2. make install 
  1. cd /usr/local/nginx
  2. /usr/local/apache2/bin/apachectl stop
  3. /usr/local/nginx/sbin/nginx  # 启动nginx
  4. ps aux |grep nginx
  5. netstat lnp

1.3 测试php解析

  1. # 打开nginx默认的配置文件
  2. vim /usr/local/nginx/conf/nginx.conf  # 打开下面的内容
  3. location ~ \.php$ {
  4.             root           html;
  5.             fastcgi_pass   127.0.0.1:9000;
  6.             fastcgi_index  index.php;
  7.             fastcgi_param  SCRIPT_FILENAME  /usr/local/nginx/html$fastcgi_script_name;
  8.             include        fastcgi_params;
  9.         }
  11.  cat /usr/local/nginx/html/index.html
  12.  cd /usr/local/nginx/html/  #进入html目录
  13.  vi info.php  # 然后编辑info文件
  14.  /usr/local/nginx/sbin/nginx -t  # 检查是否有错
  15.  /usr/local/nginx/sbin/nginx -s reload  # 重启后,在网址上输入IP,就可以解析php了
  16.  curl localhost
  17.  curl localhost/info.php

1.4 nginx启动脚本和配置文件

A:编写nginx启动脚本,并加入系统服务

  1. vim /etc/init.d/nginx   # 加入以下内容
  2. #!/bin/bash
  3. # chkconfig: - 30 21
  4. # description: http service.
  5. # Source Function Library
  6. . /etc/init.d/functions
  7. # Nginx Settings
  9. NGINX_SBIN="/usr/local/nginx/sbin/nginx"
  10. NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
  11. NGINX_PID="/usr/local/nginx/logs/nginx.pid"
  12. RETVAL=0
  13. prog="Nginx"
  15. start() {
  16.         echo -n $"Starting $prog: "
  17.         mkdir -p /dev/shm/nginx_temp
  18.         daemon $NGINX_SBIN -c $NGINX_CONF
  19.         RETVAL=$?
  20.         echo
  21.         return $RETVAL
  22. }
  24. stop() {
  25.         echo -n $"Stopping $prog: "
  26.         killproc -p $NGINX_PID $NGINX_SBIN -TERM
  27.         rm -rf /dev/shm/nginx_temp
  28.         RETVAL=$?
  29.         echo
  30.         return $RETVAL
  31. }
  33. reload(){
  34.         echo -n $"Reloading $prog: "
  35.         killproc -p $NGINX_PID $NGINX_SBIN -HUP
  36.         RETVAL=$?
  37.         echo
  38.         return $RETVAL
  39. }
  41. restart(){
  42.         stop
  43.         start
  44. }
  46. configtest(){
  47.     $NGINX_SBIN -c $NGINX_CONF -t
  48.     return 0
  49. }
  51. case "$1" in
  52.   start)
  53.         start
  54.         ;;
  55.   stop)
  56.         stop
  57.         ;;
  58.   reload)
  59.         reload
  60.         ;;
  61.   restart)
  62.         restart
  63.         ;;
  64.   configtest)
  65.         configtest
  66.         ;;
  67.   *)
  68.         echo $"Usage: $0 {start|stop|reload|restart|configtest}"
  69.         RETVAL=1
  70. esac
  72. exit $RETVAL

B:保存后,更改权限:

  1. chmod 755 /etc/init.d/nginx
  2. chkconfig --add nginx  # 加到启动列表中
  3. chkconfig nginx on     # 开机启动,执行此条命令

C: nginx的启动,重启,停止,检测

  1. service nginx start
  2. service nginx restart
  3. service nginx stop
  4. service nginx configtest

D:更改nginx配置

  1. vim /usr/local/nginx/conf/nginx.conf  #增加以下内容
  2. user nobody nobody;
  3. worker_processes 2;
  4. error_log /usr/local/nginx/logs/nginx_error.log crit;
  5. pid /usr/local/nginx/logs/nginx.pid;
  6. worker_rlimit_nofile 51200;
  8. events
  9. {
  10.     use epoll;
  11.     worker_connections 6000;
  12. }
  14. http
  15. {
  16.     include mime.types;
  17.     default_type application/octet-stream;
  18.     server_names_hash_bucket_size 3526;
  19.     server_names_hash_max_size 4096;
  20.     log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
  21.     '$host "$request_uri" $status'
  22.     '"$http_referer" "$http_user_agent"';
  23.     sendfile on;
  24.     tcp_nopush on;
  25.     keepalive_timeout 30;
  26.     client_header_timeout 3m;
  27.     client_body_timeout 3m;
  28.     send_timeout 3m;
  29.     connection_pool_size 256;
  30.     client_header_buffer_size 1k;
  31.     large_client_header_buffers 8 4k;
  32.     request_pool_size 4k;
  33.     output_buffers 4 32k;
  34.     postpone_output 1460;
  35.     client_max_body_size 10m;
  36.     client_body_buffer_size 256k;
  37.     client_body_temp_path /usr/local/nginx/client_body_temp;
  38.     proxy_temp_path /usr/local/nginx/proxy_temp;
  39.     fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
  40.     fastcgi_intercept_errors on;
  41.     tcp_nodelay on;
  42.     gzip on;
  43.     gzip_min_length 1k;
  44.     gzip_buffers 4 8k;
  45.     gzip_comp_level 5;
  46.     gzip_http_version 1.1;
  47.     gzip_types text/plain application/x-javascript text/css text/htm application/xml;
  48.     include vhosts/*.conf;
  49. }
  1. cd /usr/local/nginx/conf
  2. mkdir vhosts
  3. cd vhosts
  4. mkdir /tmp/1233
  5. # 创建虚拟主机配置文件
  6. vim default.conf  # 增加内容如下
  7. server
  8. {
  9.     listen 80 default_server;
  10.     server_name localhost;
  11.     index index.html index.htm index.php;
  12.     root /tmp/1233;
  13.     deny all;
  14. }
  15. /usr/local/nginx/sbin/nginx -t  # 检查配置文件是否有错
  16. /etc/init.d/nginx reload   # 加载配置文件
  17. curl -x127.0.0.1:80 www.baidu.com
  18. # 创建新的虚拟主机配置文件
  19. vim 111.conf  # 增加内容如下
  20. server
  21. {
  22.     listen 80;
  23.     server_name 111.com;
  24.     index index.html index.htm index.php;
  25.     root /data/www;
  27.     location ~ \.php$ {
  28.         include fastcgi_params;
  29.       # fastcgi_pass unix:/tmp/php-fcgi.sock;
  30.         fastcgi_pass 127.0.0.1:9000;
  31.         fastcgi_index index.php;
  32.         fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
  33.     }
  34. }
  35. /usr/local/nginx/sbin/nginx -t   # 检查配置文件是否有错
  36. /etc/init.d/nginx reload         # 加载配置文件 
  37. curl -x127.0.0.1:80 111.com/forum.php -I

1.5 php-fpm配置文件

  1. /usr/local/php/etc/php-fpm.conf  # 管理php-fpm相关服务的配置
  2. /usr/local/php/etc/php.ini       # php的全局配置
  3. >  /usr/local/php/etc/php-fpm.conf    # 清空所有内容,编辑配置文件前要把旧的内容全部清除
  4. vim /usr/local/php/etc/php-fpm.conf  # 增加内容如下
  5. [global]
  6. pid = /usr/local/php/var/run/php-fpm.pid
  7. error_log = /usr/local/php/var/log/php-fpm.log
  8. [www]
  9. listen = /tmp/www.sock
  10. user = php-fpm
  11. group = php-fpm
  12. pm = dynamic
  13. pm.max_children = 50
  14. pm.start_servers = 20
  15. pm.min_spare_servers = 5
  16. pm.max_spare_servers = 35
  17. pm.max_requests = 500
  18. rlimit_files = 1024
  19. slowlog= /tmp/www slow.log      # 可以排查网络慢的原因,优化网速
  20. request_slowlog_timeout = 1     # 只要执行这个脚本的时间超过1s,就要记录slow.log
  21. php_admin_value[open_basedir]=/data/www/:/tmp/   # 针对不同的域名进行不同的限制
  23. [www1]
  24. listen = /tmp/www1.sock
  25. user = php-fpm
  26. group = php-fpm
  27. pm = dynamic
  28. pm.max_children = 50
  29. pm.start_servers = 20
  30. pm.min_spare_servers = 5
  31. pm.max_spare_servers = 35
  32. pm.max_requests = 500
  33. rlimit_files = 1024
  34. # 检测是否有错
  35. usr/local/php/sbin/php-fpm -t
  36. # 重启
  37. /etc/init.d/php-fpm restart
  38. ps aux |grep fpm.conf   # 查看进程,默认有20个pool
  39. ls /usr/local/nginx/conf/vhosts  # 查看多个域名 
  40. cat /usr/local/nginx/conf/vhosts/111.conf # 查看指定的域名

1.6 常见的502问题解决

  1. cd /usr/local/nginx/conf/vhosts/  
  2. vim test.conf  # 增加内容如下:
  3. server
  4. {
  5.     listen 80;
  6.     server_name www.test.com;
  7.     index index.html index.htm index.php;
  8.     root /data/www;
  10.     location ~ \.php$ {
  11.         include fastcgi_params;
  12.         fastcgi_pass unix:/tmp/www.sock;
  13.         # fastcgi_pass 127.0.0.1:9000;
  14.         fastcgi_index index.php;
  15.         fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
  16.     }
  17. }
  18. # 检查配置文件是否有错
  19. /usr/local/nginx/sbin/nginx -t
  20. # 重启nginx
  21. /usr/local/nginx/sbin/nginx -s reload
  22. etc/init.d/nginx reload
  23. # 在主配置文件里找到错误日志
  24. vim ../nginx.conf
  25. # 查看错误日志,会发现/tmp/www.sock此文件权限被拒,所以网业会出现502
  26. cat /usr/local/nginx/logs/nginx_error.log  #
  27. ls -l /tmp/www.sock
  28. ps aux |grep nginx
  29. # 编辑php配置文件,
  30. vim /usr/local/php/etc/php-fpm.conf  #指定监听的用户与组如下
  31. [www]
  32. listen = /tmp/www.sock
  33. user = php-fpm
  34. group = php-fpm
  35. listen.owner = nobody
  36. listen.group = nobody
  37. # 检测配置文件是否有错
  38. /usr/local/php/sbin/php-fpm -t
  39. # 重启
  40. /etc/init.d/php-fpm restart

1.7 nginx用户认证

  1. cd /usr/local/nginx/conf/vhosts/  
  2. htpasswd -c /usr/local/nginx/conf/.htpasswd melody  # 增加加密新用户
  3. cat /usr/local/nginx/conf/.htpasswd
  4. htpasswd /usr/local/nginx/conf/.htpasswd melody1    # 增加另一个加密新用户
  5. vim test.conf  # 增加内容如下:
  6.  server
  7. {
  8.     listen 80;
  9.     server_name www.test.com 
  10.     index index.html index.htm index.php;
  11.     root /data/www;
  12.     location ~ .*admin\.php$  {
  13.         auth_basic "aminglinux auth";
  14.         auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
  15.         include fastcgi_params;
  16.         fastcgi_pass unix:/tmp/www.sock;
  17.         fastcgi_index index.php;
  18.         fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
  19.     }
  21.     location ~ \.php$ {
  22.         include fastcgi_params;
  23.         fastcgi_pass unix:/tmp/www.sock;
  24.         # fastcgi_pass 127.0.0.1:9000;
  25.         fastcgi_index index.php;
  26.         fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
  27.     }
  29. # 检测配置文件是否有错
  30. /usr/local/nginx/sbin/nginx -t
  31. # 重启
  32. /etc/init.d/nginx reload
  33. # 用curl检测是否解析成功
  34. curl -x127.0.0.1:80 www.test.com/admin.php
  35. curl -x127.0.0.1:80 -umelody:123456  www.test.com/admin.php  # 解析带密码的

1.8 nginx域名跳转

  1. # 编辑test.conf,来设域名的跳转
  2. vim test.conf  # 增加内容如下 
  3. listen 80;
  4.     server_name www.test.com www.aaa.com www.bbb.com;
  5.     if ($host != 'www.test.com')
  6.     {
  7.         rewrite ^/(.*)$ http://www.test.com/$1 permanent;
  8.     }
  9. # 检查nginx的配置文件是否正确
  10. /usr/local/nginx/sbin/nginx -t
  11. # 重启nginx
  12. /usr/local/nginx/sbin/nginx -s reload
  13. # 用curl检测网址是否生效
  14. curl -x127.0.0.1:80 www.aaa.com/adajaklal -I  # 301跳转为www.test.com
  15. curl -x127.0.0.1:80 www.bbb.com/adajaklal -I  # 301跳转为www.test.com
  16. curl -x127.0.0.1:80 www.test.com/adajaklal -I # 404没有找到,因为网址不对
  17. http://ask.apelearn.com/question/4840         # nginx的301与302如何配置的网址

flag标记可以用以下几种格式:
last – 基本上都用这个Flag。
break – 中止Rewirte,不在继续匹配
redirect – 返回临时重定向的HTTP状态302
permanent – 返回永久重定向的HTTP状态301

1.9 nginx不记录指定文件类型日志

  1. # 编辑主配置文件,
  2. vim /usr/local/nginx/conf/nginx.conf  定义日志格式,把日志名称改成melody
  3. log_format melody '$remote_addr $http_x_forwarded_for [$time_local]' # 远程IP,代理IP
  4. # melody格式的日志如何用
  5. vim test.conf  # 进入此配置文件
  6. access_log /tmp/access.log melody;  # 首先指定目录位置
  7. # 限制gif|jpg|jpeg|png|bmp|swf这些日志不去记录
  8. location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$  
  9.      {
  10.          access_log off;
  11.      }
  12. location ~ (static|cache)
  13.      {
  14.          access_log off;
  15.      }  
  16. # 检查nginx的配置文件是否正确
  17. /usr/local/nginx/sbin/nginx -t
  18. # 重启nginx
  19. /usr/local/nginx/sbin/nginx -s reload  
  20. # 在刷新前先把旧的日志内容清空
  21. > /tmp/access.log
  22. # 查看日志内容
  23. cat /tmp/access.log

2.0 nginx日志切割

  1. # 进入此目录下
  2. cd /usr/local/nginx/conf/vhosts 
  3. # 编辑配置文件
  4. vim /usr/local/sbin/nginx_logrotate.sh  # 增加日志切割内容如下 
  5. #!/bin/bash
  6. d=`date -d "-1 day" +%F`
  7. [ -d /tmp/nginx_log ] || mkdir /tmp/nginx_log
  8. mv /tmp/access.log  /tmp/nginx_log/$d.log
  9. /etc/init.d/nginx reload > /dev/null
  10. cd /tmp/nginx_log/
  11. gzip -f $d.log
  12. # 执行日志文件
  13.  sh -x /usr/local/sbin/nginx_logrotate.sh
  14. # 查看日志文件
  15. ls /tmp/access.log
  16. cat /tmp/access.log
  17. ls /tmp/nginx_log/

2.1 nginx配置静态文件过期时间

  1. # 进入此目录下
  2. cd /usr/local/nginx/conf/vhosts/
  3. # 编辑配置文件
  4. vim test.conf  # 增加静态文件过期时间内容如下
  5. location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ 
  6.      { 
  7.          access_log off;
  8.          expires 15d; 
  9.      }
  10.      location ~ \.(js|css)
  11.      {
  12.          access_log off;
  13.          expires 2h;
  14.      }
  15. # 检查nginx的配置文件是否正确
  16. /usr/local/nginx/sbin/nginx -t
  17. # 重启nginx
  18. /usr/local/nginx/sbin/nginx -s reload

2.2 nginx配置防盗链

  1. # 进入此目录下
  2. cd /usr/local/nginx/conf/vhosts/
  3. # 编辑配置文件
  4. vim test.conf  # 增加防盗链内容如下
  5. location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|rar|zip|gz|bz2)$
  6.      { 
  7.          access_log off;
  8.          expires 15d;
  9.          valid_referers none blocked  *.test.com *.aaa.com;
  10.          if ($invalid_referer)
  11.          {
  12.              return  403;
  13.          }
  14. # 检查nginx的配置文件是否正确
  15. /usr/local/nginx/sbin/nginx -t
  16. # 重启
  17. /usr/local/nginx/sbin/nginx -s reload
  18. # 用curl检查 (-e显示referer)
  19. curl -e "http://www.test.com/111" -I -x127.0.0.1:80 'http:www.test.com/static/image/smiley/default/kiss.gif'

2.3 nginx访问控制

  1. # 进入此目录下
  2. cd /usr/local/nginx/conf/vhosts/
  3. # 编辑配置文件
  4. vim test.conf  # 增加内容如下
  5. # 白名单允许指定的IP访问,其它的拒绝
  6.  location ~ .*admin\.php$  {
  7.         allow 127.0.0.1;  # 白名单格式
  8.         deny all;
  9. # 黑名单拒绝指定的IP访问
  10. access_log /tmp/access.log melody;   
  11.     deny 127.0.0.1; 
  12.     deny 192.168.31.0/24;
  13. # 检查nginx的配置文件是否正确
  14. /usr/local/nginx/sbin/nginx -t
  15. # 重启
  16. /usr/local/nginx/sbin/nginx -s reload
  17. # 用curl检查
  18. curl -x127.0.0.1:80 www.test.com/forum.php -I
  19. curl -x192.168.31.127:80 www.test.com/forum.php -I

2.4 nginx禁止指定user_agent

  1. # 进入此目录下
  2. cd /usr/local/nginx/conf/vhosts/
  3. # 编辑配置文件
  4. vim test.conf  # 增加禁止指定user_agent的内容如下
  5.  if ($http_user_agent ~* 'curl|baidu|111')  # ~*同时使用,代表不区别大小写
  6.     { 
  7.         return 403; 
  8.     } 
  9. # 检查nginx的配置文件是否正确
  10. /usr/local/nginx/sbin/nginx -t
  11. # 重启
  12. /usr/local/nginx/sbin/nginx -s reload
  13. # 用curl检查
  14. curl -A "fkl" -x192.168.31.127:80 www.test.com/forum.php -I # 结果200,因为没有禁止的user_agent
  15. curl -A "111a" -x192.168.31.127:80 www.test.com/forum.php -I # 结果403,因为有禁止的user_agent

2.5 nginx代理详解

  1. # 进入此目录下
  2. cd /usr/local/nginx/conf/vhosts/
  3. # 配置单个百度代理
  4. vim proxy.conf  # 增加内容如下
  5. server {
  6.     listen 80;
  7.     server_name www.baidu.com;
  9.     location / {
  10.         proxy_pass http://183.232.231.172/; #这里百度的IP是什么?需要PING一下
  11.         #proxy_set_header Host $host;
  12.     }
  13. }
  14. # PING出百度的IP
  15. ping www.baidu.com
  16. vim /etc/hosts  # 删除之前写的百度IP
  17. ping www.baidu.com
  18. # 检查nginx的配置文件是否正确
  19. /usr/local/nginx/sbin/nginx -t
  20. # 重启
  21. /usr/local/nginx/sbin/nginx -s reload
  22. # 用curl检查
  23. curl -x127.0.0.1:80 www.baidu.com # 把百度的IP指向本机,然后再去访问百度
  25. # 使用一个域名对应多个IP,相当于负载均衡(多个机器访问百度)
  26. dig www.baidu.com  # 探测你的域名解析到了哪些IP
  27. yum install bind*  # 安装
  28. #配置多个IP百度代理
  29. vim proxy.conf  # 增加内容如下
  30. upstream melody{
  31.     server 183.232.231.172:80;
  32.     server 183.232.231.173:80;
  34. server {
  35.     listen 80;
  36.     server_name www.baidu.com;
  38.     location / {
  39.         proxy_pass http://melody/;
  40.         proxy_set_header Host $host;
  41.     }
  42. }
  43. # 检查nginx的配置文件是否正确
  44. /usr/local/nginx/sbin/nginx -t
  45. # 重启
  46. /usr/local/nginx/sbin/nginx -s reload
  47. # 用curl检查
  48. curl -x127.0.0.1:80 www.baidu.com  # 把百度的IP指向本机,然后再去访问百度
添加新批注
在作者公开此批注前,只有你和作者可见。
回复批注