12.17 Nginx負載均衡
藉助 upstream 模塊來實現負載均衡
upstream來指定多個web server
如何查到網站解析的ip?
——使用dig命令 需要安裝bind-utils
[root@arslinux-01 ~]# yum install -y bind-utils [root@arslinux-01 ~]# dig qq.com
上圖紅框中是網站的3臺服務器ip
可以用紅框中的 ip 來做負載均衡
配置負載均衡
--創建 load.conf 配置文件
[root@arslinux-01 ~]# vim /usr/local/nginx/conf/vhost/load.conf
upstream qq_com
{
ip_hash;
server 59.37.96.63:80;
server 58.60.9.21:80;
}
server
{
listen 80;
server_name www.qq.com;
location /
{
proxy_pass http://qq_com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
-- 紅框中的名稱需要一致
-- ip_hash 網站有兩臺服務器提供服務,想讓訪問者始終訪問一臺服務器,用 ip_hash
訪問測試
[root@arslinux-01 ~]# curl -x127.0.0.1:80 www.qq.com This is default site! [root@arslinux-01 ~]# /usr/local/nginx/sbin/nginx -t [root@arslinux-01 ~]# /usr/local/nginx/sbin/nginx -s reload [root@arslinux-01 ~]# curl -x127.0.0.1:80 www.qq.com
在重新加載配置之前, curl 訪問 www.qq.com 時,訪問到了默認虛擬服務器上,而在加載了配置之後,訪問到了 www.qq.com 的源代碼
Nginx 不支持代理 https
Nginx 不支持訪問 web 服務器的 433 端口
12.18 ssl原理
SSL 工作流程
·瀏覽器發送一個https的請求給服務器;
·服務器要有一套數字證書,可以自己製作,也可以向組織申請,區別就是自己頒發的證書需要客戶端驗證通過,纔可以繼續訪問,而使用受信任的公司申請的證書則不會彈出>提示頁面,這套證書其實就是一對公鑰和私鑰;
·服務器會把公鑰傳輸給客戶端;
·客戶端(瀏覽器)收到公鑰後,會驗證其是否合法有效,無效會有警告提醒,有效則會生成一串隨機數,並用收到的公鑰加密;
·客戶端把加密後的隨機字符串傳輸給服務器;
·服務器收到加密隨機字符串後,先用私鑰解密(公鑰加密,私鑰解密),獲取到這一串隨機數後,再用這串隨機字符串加密傳輸的數據(該加密爲對稱加密,所謂對稱加密,就是將數據和私鑰也就是這個隨機字符串>通過某種算法混合在一起,這樣除非知道私鑰,否則無法獲取數據內容);
服務器把加密後的數據傳輸給客戶端;
·客戶端收到數據後,再用自己的私鑰也就是那個隨機字符串解密
12.19 生成ssl密鑰對
安裝openssl
[root@arslinux-01 ~]# rpm -qf `which openssl` openssl-1.0.2k-16.el7_6.1.x86_64 [root@arslinux-01 ~]# yum install -y opnessl
1、公鑰和私鑰都放到 /usr/local/nginx/conf 下
[root@arslinux-01 ~]# cd /usr/local/nginx/conf/
2、生成私鑰(生成 rsa 形式的私鑰,長度 2048,名稱爲 tmp.key)
[root@arslinux-01 conf]# openssl genrsa -des3 -out tmp.key 2048 Generating RSA private key, 2048 bit long modulus ...........+++ .............................................................+++ e is 65537 (0x10001) Enter pass phrase for tmp.key: Verifying - Enter pass phrase for tmp.key: [root@arslinux-01 conf]#
3、轉換 key,取消密碼,刪除 tmp.key
[root@arslinux-01 conf]# openssl rsa -in tmp.key -out arslinux.key Enter pass phrase for tmp.key: writing RSA key [root@arslinux-01 conf]# rm -rf tmp.key
4、生成請求文件,需要拿這個文件和私鑰一起生產公鑰文件
[root@arslinux-01 conf]# openssl req -new -key aminglinux.key -out aminglinux.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:cn State or Province Name (full name) []:jiangsu Locality Name (eg, city) [Default City]:nanjing Organization Name (eg, company) [Default Company Ltd]:arslinux Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:arslinux Email Address []:[email protected] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:11111111 An optional company name []:arslinux
5、生成公鑰
[root@arslinux-01 conf]# openssl x509 -req -days 365 -in arslinux.csr -signkey arslinux.key -out arslinux.crt Signature ok subject=/C=cn/ST=jiangsu/L=nanjing/O=arslinux/CN=arslinux/[email protected] Getting Private key
6、查看公鑰私鑰(crt是公鑰,key是私鑰)
[root@arslinux-01 conf]# ls aminglinux. arslinux.crt arslinux.csr arslinux.key
12.20 Nginx配置ssl
創建 ssl.conf
[root@arslinux-01 ~]# cd /usr/local/nginx/conf/vhost/ [root@arslinux-01 vhost]# vim ssl.conf
server
{
listen 443;
server_name arslinux.com;
index index.html index.php;
root /data/wwwroot/arslinux.com;
ssl on;
ssl_certificate aminglinux.crt;
ssl_certificate_key aminglinux.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;}
[root@arslinux-01 vhost]# mkdir /data/wwwroot/arslinux.com [root@arslinux-01 vhost]# /usr/local/nginx/sbin/nginx -t nginx: [emerg] unknown directive "ssl" in /usr/local/nginx/conf/vhost/ssl.conf:7 nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
若報錯unknown directive “ssl”
nginx可能不支持ssl,需要重新編譯nginx,加上--with-http_ssl_module
[root@arslinux-01 vhost]# /usr/local/nginx/sbin/nginx -V nginx version: nginx/1.14.2 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) configure arguments: --prefix=/usr/local/nginx
查看需要添加哪個參數,是 --with-http_ssl_module
[root@arslinux-01 nginx-1.14.2]# ./configure --help | grep -i ssl --with-http_ssl_module enable ngx_http_ssl_module --with-mail_ssl_module enable ngx_mail_ssl_module --with-stream_ssl_module enable ngx_stream_ssl_module --with-stream_ssl_preread_module enable ngx_stream_ssl_preread_module --with-openssl=DIR set path to OpenSSL library sources --with-openssl-opt=OPTIONS set additional build options for OpenSSL
重新編譯 nginx,並安裝
[root@arslinux-01 nginx-1.14.2]# ./configure --prefix=/usr/local/nginx --with-http_ssl_module [root@arslinux-01 nginx-1.14.2]# make && make install [root@arslinux-01 nginx-1.14.2]# echo $? 0 [root@arslinux-01 nginx-1.14.2]# /usr/local/nginx/sbin/nginx -V nginx version: nginx/1.14.2 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017 TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx --with-http_ssl_module
重新加載配置,並重啓服務器,查看是否監聽 443 端口
[root@arslinux-01 nginx-1.14.2]# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@arslinux-01 nginx-1.14.2]# /etc/init.d/nginx restart Restarting nginx (via systemctl): [ 確定 ] [root@arslinux-01 nginx-1.14.2]# netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 10699/nginx: master tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 7459/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 7798/master tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 10699/nginx: master tcp6 0 0 :::3306 :::* LISTEN 7716/mysqld tcp6 0 0 :::22 :::* LISTEN 7459/sshd tcp6 0 0 ::1:25 :::* LISTEN 7798/master
已經監聽 443 端口
創建測試文件
[root@arslinux-01 nginx-1.14.2]# cd /data/wwwroot/arslinux.com/ [root@arslinux-01 arslinux.com]# vim index.html This is ssl.
添加 hosts
[root@arslinux-01 arslinux.com]# vim /etc/hosts 127.0.0.1 arslinux.com
訪問測試
[root@arslinux-01 conf]# curl https://arslinux.com curl: (60) Peer's certificate issuer has been marked as not trusted by the user. More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.
證書不可信任,其實是自己頒發的,實際上已經配置成功了
編輯 windows 的 hosts,用瀏覽器去訪問測試
高級——> 繼續前往
買證書,上沃通?
12.21 php-fpm的pool
php-fpm支持定義多個pool,每個pool可以監聽不同的socket或者不同的tcp/ip;
如果nginx有多個不同的站點,那麼每個站點都可以使用一個pool;
如果所有網站都使用了同一個pool,當其中給一個php資源不夠了,或者其他原因導致502了,網站出問題了,那麼所有站點都不能正常使用了;
因此我們有必要把不同的站點隔離開,使用不同pool。
設置多個pool,在 [www] 後增加 [arslinux]
[root@arslinux-01 conf]# vim /usr/local/php-fpm/etc/php-fpm.conf [arslinux] listen = /tmp/arslinux.sock listen.mode = 666 user = php-fpm group = php-fpm pm = dynamic pm.max_children = 50 pm.start_servers = 20 pm.min_spare_servers = 5 pm.max_spare_servers = 35 pm.max_requests = 500 rlimit_files = 1024
重新加載後查看進程
[root@arslinux-01 conf]# /usr/local/php-fpm/sbin/php-fpm -t [19-May-2019 21:46:15] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful [root@arslinux-01 conf]# /etc/init.d/php-fpm reload Reload service php-fpm done
[root@arslinux-01 conf]# ps aux|grep php-fpm root 11034 0.6 0.5 229580 4984 ? Ss 21:46 0:00 php-fpm: master process (/usr/local/php-fpm/etcphp-fpm.conf) php-fpm 11035 0.0 0.4 229520 4728 ? S 21:46 0:00 php-fpm: pool www php-fpm 11036 0.0 0.4 229520 4728 ? S 21:46 0:00 php-fpm: pool www php-fpm 11037 0.0 0.4 229520 4728 ? S 21:46 0:00 php-fpm: pool www php-fpm 11038 0.0 0.4 229520 4728 ? S 21:46 0:00 php-fpm: pool www php-fpm 11039 0.0 0.4 229520 4732 ? S 21:46 0:00 php-fpm: pool www php-fpm 11040 0.0 0.4 229520 4732 ? S 21:46 0:00 php-fpm: pool www php-fpm 11041 0.0 0.4 229520 4732 ? S 21:46 0:00 php-fpm: pool www php-fpm 11042 0.0 0.4 229520 4736 ? S 21:46 0:00 php-fpm: pool www php-fpm 11043 0.0 0.4 229520 4736 ? S 21:46 0:00 php-fpm: pool www php-fpm 11044 0.0 0.4 229520 4736 ? S 21:46 0:00 php-fpm: pool www php-fpm 11045 0.0 0.4 229520 4736 ? S 21:46 0:00 php-fpm: pool www php-fpm 11046 0.0 0.4 229520 4736 ? S 21:46 0:00 php-fpm: pool www php-fpm 11047 0.0 0.4 229520 4736 ? S 21:46 0:00 php-fpm: pool www php-fpm 11048 0.0 0.4 229520 4736 ? S 21:46 0:00 php-fpm: pool www php-fpm 11049 0.0 0.4 229520 4736 ? S 21:46 0:00 php-fpm: pool www php-fpm 11050 0.0 0.4 229520 4736 ? S 21:46 0:00 php-fpm: pool www php-fpm 11051 0.0 0.4 229520 4736 ? S 21:46 0:00 php-fpm: pool www php-fpm 11052 0.0 0.4 229520 4736 ? S 21:46 0:00 php-fpm: pool www php-fpm 11053 0.0 0.4 229520 4736 ? S 21:46 0:00 php-fpm: pool www php-fpm 11054 0.0 0.4 229520 4736 ? S 21:46 0:00 php-fpm: pool www php-fpm 11055 0.0 0.4 229520 4732 ? S 21:46 0:00 php-fpm: pool arslinux php-fpm 11056 0.0 0.4 229520 4732 ? S 21:46 0:00 php-fpm: pool arslinux php-fpm 11057 0.0 0.4 229520 4732 ? S 21:46 0:00 php-fpm: pool arslinux php-fpm 11058 0.0 0.4 229520 4736 ? S 21:46 0:00 php-fpm: pool arslinux php-fpm 11059 0.0 0.4 229520 4740 ? S 21:46 0:00 php-fpm: pool arslinux php-fpm 11060 0.0 0.4 229520 4740 ? S 21:46 0:00 php-fpm: pool arslinux php-fpm 11061 0.0 0.4 229520 4740 ? S 21:46 0:00 php-fpm: pool arslinux php-fpm 11062 0.0 0.4 229520 4740 ? S 21:46 0:00 php-fpm: pool arslinux php-fpm 11063 0.0 0.4 229520 4740 ? S 21:46 0:00 php-fpm: pool arslinux php-fpm 11064 0.0 0.4 229520 4740 ? S 21:46 0:00 php-fpm: pool arslinux php-fpm 11065 0.0 0.4 229520 4740 ? S 21:46 0:00 php-fpm: pool arslinux php-fpm 11066 0.0 0.4 229520 4740 ? S 21:46 0:00 php-fpm: pool arslinux php-fpm 11067 0.0 0.4 229520 4740 ? S 21:46 0:00 php-fpm: pool arslinux php-fpm 11068 0.0 0.4 229520 4740 ? S 21:46 0:00 php-fpm: pool arslinux php-fpm 11069 0.0 0.4 229520 4740 ? S 21:46 0:00 php-fpm: pool arslinux php-fpm 11070 0.0 0.4 229520 4740 ? S 21:46 0:00 php-fpm: pool arslinux php-fpm 11071 0.0 0.4 229520 4740 ? S 21:46 0:00 php-fpm: pool arslinux php-fpm 11072 0.0 0.4 229520 4740 ? S 21:46 0:00 php-fpm: pool arslinux php-fpm 11073 0.0 0.4 229520 4740 ? S 21:46 0:00 php-fpm: pool arslinux php-fpm 11074 0.0 0.4 229520 4744 ? S 21:46 0:00 php-fpm: pool arslinux root 11078 0.0 0.0 112724 984 pts/0 R+ 21:46 0:00 grep --color=auto php-fpm
最右側已經多了 pool arslinux
此時有兩個pool能夠使用,那麼將另外一個站點定義在 arslinux 這個pool下
[root@arslinux-01 conf]# vim vhost/aaa.com.conf
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/arslinux.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/default.com$fastcgi_script_name;
}
爲了讓不同的 poo l能夠顯示的更加清楚,可以把不同 pool 的參數信息分開到不同的 conf 中
添加一行 include = etc/php-fpm.d/*.conf
[root@arslinux-01 conf]# vim /usr/local/php-fpm/etc/php-fpm.conf [global] pid = /usr/local/php-fpm/var/run/php-fpm.pid error_log = /usr/local/php-fpm/var/log/php-fpm.log include = etc/php-fpm.d/*.conf
將 [www] 和 [arslinux],分別編輯進 /usr/local/php-fpm/etc/php-fpm.d/ 下的 conf 文件中
[root@arslinux-01 php-fpm.d]# vim www.conf [www] listen = /tmp/php-fcgi.sock #listen = 127.0.0.1:9000 listen.mode = 666 user = php-fpm group = php-fpm pm = dynamic pm.max_children = 50 pm.start_servers = 20 pm.min_spare_servers = 5 pm.max_spare_servers = 35 pm.max_requests = 500 rlimit_files = 1024
[root@arslinux-01 php-fpm.d]# vim arslinux.conf [arslinux] listen = /tmp/arslinux.sock #listen = 127.0.0.1:9000 listen.mode = 666 user = php-fpm group = php-fpm pm = dynamic pm.max_children = 50 pm.start_servers = 20 pm.min_spare_servers = 5 pm.max_spare_servers = 35 pm.max_requests = 500 rlimit_files = 1024
重新加載配置文件,重啓 php-fpm
[root@arslinux-01 php-fpm.d]# /usr/local/php-fpm/sbin/php-fpm -t [19-May-2019 22:02:12] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful [root@arslinux-01 php-fpm.d]# /etc/init.d/php-fpm restart Gracefully shutting down php-fpm . done Starting php-fpm done
[root@arslinux-01 php-fpm.d]# ps aux |grep php-fpm root 11297 0.1 0.5 229608 4996 ? Ss 22:02 0:00 php-fpm: master process (/usr/local/php-fpm/etcphp-fpm.conf) php-fpm 11298 0.0 0.4 229548 4740 ? S 22:02 0:00 php-fpm: pool arslinux php-fpm 11299 0.0 0.4 229548 4740 ? S 22:02 0:00 php-fpm: pool arslinux php-fpm 11300 0.0 0.4 229548 4740 ? S 22:02 0:00 php-fpm: pool arslinux php-fpm 11301 0.0 0.4 229548 4740 ? S 22:02 0:00 php-fpm: pool arslinux php-fpm 11302 0.0 0.4 229548 4744 ? S 22:02 0:00 php-fpm: pool arslinux php-fpm 11303 0.0 0.4 229548 4744 ? S 22:02 0:00 php-fpm: pool arslinux php-fpm 11304 0.0 0.4 229548 4744 ? S 22:02 0:00 php-fpm: pool arslinux php-fpm 11305 0.0 0.4 229548 4744 ? S 22:02 0:00 php-fpm: pool arslinux php-fpm 11306 0.0 0.4 229548 4744 ? S 22:02 0:00 php-fpm: pool arslinux php-fpm 11307 0.0 0.4 229548 4744 ? S 22:02 0:00 php-fpm: pool arslinux php-fpm 11308 0.0 0.4 229548 4744 ? S 22:02 0:00 php-fpm: pool arslinux php-fpm 11309 0.0 0.4 229548 4744 ? S 22:02 0:00 php-fpm: pool arslinux php-fpm 11310 0.0 0.4 229548 4744 ? S 22:02 0:00 php-fpm: pool arslinux php-fpm 11311 0.0 0.4 229548 4744 ? S 22:02 0:00 php-fpm: pool arslinux php-fpm 11312 0.0 0.4 229548 4744 ? S 22:02 0:00 php-fpm: pool arslinux php-fpm 11313 0.0 0.4 229548 4748 ? S 22:02 0:00 php-fpm: pool arslinux php-fpm 11314 0.0 0.4 229548 4748 ? S 22:02 0:00 php-fpm: pool arslinux php-fpm 11315 0.0 0.4 229548 4748 ? S 22:02 0:00 php-fpm: pool arslinux php-fpm 11316 0.0 0.4 229548 4748 ? S 22:02 0:00 php-fpm: pool arslinux php-fpm 11317 0.0 0.4 229548 4748 ? S 22:02 0:00 php-fpm: pool arslinux php-fpm 11318 0.0 0.4 229548 4744 ? S 22:02 0:00 php-fpm: pool www php-fpm 11319 0.0 0.4 229548 4744 ? S 22:02 0:00 php-fpm: pool www php-fpm 11320 0.0 0.4 229548 4744 ? S 22:02 0:00 php-fpm: pool www php-fpm 11321 0.0 0.4 229548 4744 ? S 22:02 0:00 php-fpm: pool www php-fpm 11322 0.0 0.4 229548 4748 ? S 22:02 0:00 php-fpm: pool www php-fpm 11323 0.0 0.4 229548 4748 ? S 22:02 0:00 php-fpm: pool www php-fpm 11324 0.0 0.4 229548 4748 ? S 22:02 0:00 php-fpm: pool www php-fpm 11325 0.0 0.4 229548 4748 ? S 22:02 0:00 php-fpm: pool www php-fpm 11326 0.0 0.4 229548 4748 ? S 22:02 0:00 php-fpm: pool www php-fpm 11327 0.0 0.4 229548 4748 ? S 22:02 0:00 php-fpm: pool www php-fpm 11328 0.0 0.4 229548 4748 ? S 22:02 0:00 php-fpm: pool www php-fpm 11329 0.0 0.4 229548 4752 ? S 22:02 0:00 php-fpm: pool www php-fpm 11330 0.0 0.4 229548 4752 ? S 22:02 0:00 php-fpm: pool www php-fpm 11331 0.0 0.4 229548 4752 ? S 22:02 0:00 php-fpm: pool www php-fpm 11332 0.0 0.4 229548 4752 ? S 22:02 0:00 php-fpm: pool www php-fpm 11333 0.0 0.4 229548 4752 ? S 22:02 0:00 php-fpm: pool www php-fpm 11334 0.0 0.4 229548 4752 ? S 22:02 0:00 php-fpm: pool www php-fpm 11335 0.0 0.4 229548 4752 ? S 22:02 0:00 php-fpm: pool www php-fpm 11336 0.0 0.4 229548 4752 ? S 22:02 0:00 php-fpm: pool www php-fpm 11337 0.0 0.4 229548 4752 ? S 22:02 0:00 php-fpm: pool www root 11341 0.0 0.0 112724 988 pts/0 R+ 22:02 0:00 grep --color=auto php-fpm
多個 pool 設置成功!
12.22 php-fpm慢執行日誌
分析滿執行日誌的目的:爲了記錄網站訪問慢的原因,方便查找原因
增加請求超時記錄的配置
[root@arslinux-01 php-fpm.d]# vim /usr/local/php-fpm/etc/php-fpm.d/www.conf [www] listen = /tmp/php-fcgi.sock #listen = 127.0.0.1:9000 listen.mode = 666 user = php-fpm group = php-fpm pm = dynamic pm.max_children = 50 pm.start_servers = 20 pm.min_spare_servers = 5 pm.max_spare_servers = 35 pm.max_requests = 500 rlimit_files = 1024 request_slowlog_timeout = 1 slowlog = /usr/local/php-fpm/var/log/www-slow.log
重新加載配置,重新加載 php-fpm
[root@arslinux-01 php-fpm.d]# /usr/local/php-fpm/sbin/php-fpm -t [19-May-2019 22:11:54] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful [root@arslinux-01 php-fpm.d]# /etc/init.d/php-fpm reload Reload service php-fpm done [root@arslinux-01 php-fpm.d]# ls /usr/local/php-fpm/var/log/ php-fpm.log www-slow.log
慢執行日誌已經生成
寫一個腳本,模擬超過1秒的php執行
因爲php-fcgi.sock被test.com這個站點使用者,因此在test.com下創建sleep.php
[root@arslinux-01 php-fpm.d]# vim /data/wwwroot/test.com/sleep.php <?php echo “test slow log”; sleep(2); echo “done”;?>
[root@arslinux-01 php-fpm.d]# curl -x127.0.0.1:80 test.com/sleep.php -I HTTP/1.1 500 Internal Server Error Server: nginx/1.14.2 Date: Sun, 19 May 2019 14:18:21 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.6.39
在配置文件中,打開display_error,訪問時如果有錯誤會顯示
[root@arslinux-01 php-fpm.d]# vim /usr/local/php-fpm/etc/php.ini display_errors = On
[root@arslinux-01 php-fpm.d]# curl -x127.0.0.1:80 test.com/sleep.php <br /> <b>Parse error</b>: syntax error, unexpected 'slow' (T_STRING), expecting ',' or ';' in <b>/data/wwwroot/test.com/sleep.php</b> on line <b>2</b><br />
重新查看 sleep.php 是否有錯誤後,再次訪問
[root@arslinux-01 php-fpm.d]# curl -x127.0.0.1:80 test.com/sleep.php test slow logdone[root@arslinux-01 php-fpm.d]#
查看慢日誌
[root@arslinux-01 php-fpm.d]# cat /usr/local/php-fpm/var/log/www-slow.log [19-May-2019 22:28:05] [pool www] pid 11876 script_filename = /data/wwwroot/test.com/sleep.php [0x00007f913b5e32f8] sleep() /data/wwwroot/test.com/sleep.php:3
腳本的第3行慢
·一般請求時間request_slowlog_timeout = 定義大於2秒,因爲大部分php執行時間介於1~2秒之間,定義大於2秒可以過濾掉很多不需要的信息
12.23 open_basedir
open_basedir 的作用是限制 php 在指定的目錄裏活動
如果服務器跑多個網站,多個網站又是不同的 conf ,那麼要分別配置 open_basedir
增加 open_basedir
[root@arslinux-01 php-fpm.d]# vim www.conf [www] listen = /tmp/php-fcgi.sock listen.mode = 666 user = php-fpm group = php-fpm pm = dynamic pm.max_children = 50 pm.start_servers = 20 pm.min_spare_servers = 5 pm.max_spare_servers = 35 pm.max_requests = 500 rlimit_files = 1024 request_slowlog_timeout = 1 slowlog = /usr/local/php-fpm/var/log/www-slow.log php_admin_value[open_basedir]=/data/wwwroot/test.com:/tmp/
[www]是test.comf在使用,所以限制在 /test.com/ 和 /tmp/ 下活動
重新加載,訪問測試
[root@arslinux-01 php-fpm.d]# /usr/local/php-fpm/sbin/php-fpm -t [19-May-2019 22:55:21] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful [root@arslinux-01 php-fpm.d]# /etc/init.d/php-fpm restart Gracefully shutting down php-fpm . done Starting php-fpm done
[root@arslinux-01 php-fpm.d]# curl -x127.0.0.1:80 test.com/3.php -I HTTP/1.1 200 OK Server: nginx/1.14.2 Date: Sun, 19 May 2019 14:55:56 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.6.39
如果顯示 No input file specified. 或 HTTP/1.1 404 Not Found 可能是配置文件路徑問題
定義 php-fpm 錯誤日誌
[root@arslinux-01 etc]# vim /usr/local/php-fpm/etc/php.ini
1、關閉顯示錯誤:display_errors = Off
生產環境中需要關閉,以防被人利用
2、指定錯誤日誌:error_log=/usr/local/php-fpm/var/log/php_errors.log
3、定義日誌級別:error_reporting =E_ALL
4、打開錯誤日誌開關:log_errors = On
手動生成 php_errors.log,並改 777 權限
[root@arslinux-01 etc]# touch /usr/local/php-fpm/var/log/php_errors.log [root@arslinux-01 etc]# chmod 777 ../var/log/php_errors.log
將配置文件改錯,從而來測試php_errors.log
[root@arslinux-01 etc]# vim /usr/local/php-fpm/etc/php-fpm.d/www.conf [root@arslinux-01 etc]# /etc/init.d/php-fpm restart Gracefully shutting down php-fpm . done Starting php-fpm done
訪問測試
[root@arslinux-01 etc]# curl -x127.0.0.1:80 test.com/3.php No input file specified. [root@arslinux-01 etc]# cat /usr/local/php-fpm/var/log/php_errors.log [19-May-2019 15:15:30 UTC] PHP Warning: Unknown: open_basedir restriction in effect. File(/data/wwwroot/test.com/3.php) is not within the allowed path(s): (/data/wwwroot/est.com:/tmp/) in Unknown on line 0 [19-May-2019 15:15:30 UTC] PHP Warning: Unknown: failed to open stream: Operation not permitted in Unknown on line 0
路徑不同,所以錯誤
將配置改回,再測試
[root@arslinux-01 etc]# curl -x127.0.0.1:80 test.com/3.php -I HTTP/1.1 200 OK Server: nginx/1.14.2 Date: Sun, 19 May 2019 15:18:44 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.6.39
12.24 php-fpm 進程管理
配置進程管理參數配置說明
pm = dynamic //動態進程管理,也可以是static
pm.max_children = 50 //最大子進程數,ps aux 可以查看
pm.start_servers = 20 //啓動服務時會啓動的進程數
pm.min_spare_servers = 5 //定義在空閒時段,子進程數的最少數量,如果達到這個數值時,php-fpm服務會自動派生新的子進程。
pm.max_spare_servers = 35 //定義在空閒時段,子進程數的最大值,如果高於這個數值就開始清理空閒的子進程。
pm.max_requests = 500 //定義一個子進程最多處理的請求數,也就是說在一個php-fpm的子進程最多可以處理這麼多請求,當達到這個數值時,它會自動退出
pm=dynamic 動態,一開始先啓動20個,之後根據需求去生成或者銷燬子進程
如果把dynamic改爲static靜態,那麼紅框中配置將不再生效,啓動直接生成50個進程
測試 pm = static
[root@arslinux-01 etc]# vim /usr/local/php-fpm/etc/php-fpm.d/www.conf
[root@arslinux-01 etc]# /etc/init.d/php-fpm restart Gracefully shutting down php-fpm . done Starting php-fpm done [root@arslinux-01 etc]# ps aux|grep php-fpm
pool www 有 50 個子進程
更改參數數值看效果
[root@arslinux-01 etc]# vim /usr/local/php-fpm/etc/php-fpm.d/www.conf
[root@arslinux-01 etc]# /usr/local/php-fpm/sbin/php-fpm -t [19-May-2019 23:33:02] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful [root@arslinux-01 etc]# /etc/init.d/php-fpm restart Gracefully shutting down php-fpm . done Starting php-fpm done [root@arslinux-01 etc]# ps aux|grep php-fpm
啓動默認進程數 6 個
擴展
ssl相關
https://coding.net/u/aminglinux/p/nginx/git/blob/master/ssl/ca.md
https://coding.net/u/aminglinux/p/nginx/git/blob/master/ssl/ssl.md
負載均衡
https://coding.net/u/aminglinux/p/nginx/git/blob/master/proxy/lb.md
nginx算法分析https://blog.whsir.com/post-1482.html
root和alias
http://www.ttlsa.com/nginx/nginx-root_alias-file-path-configuration/
課堂筆記
nginx 重心應該放在哪裏?
1、負載均衡
https://github.com/aminglinux/nginx/blob/master/proxy/lb.md
輪詢 + ip_hash 權重
proxy_next_upstream 健康檢查
2、反向代理
相關緩存設置 https://github.com/aminglinux/nginx/blob/master/proxy/bu_ca.md
proxy_cache_path
引申:正向代理 squid
https://github.com/aminglinux/nginx/blob/master/proxy/z_proxy.md
--對於LNMP中的PHP-FPM,應該掌握兩點核心技能
1.學會查php-fpm的slow log
2.學會配置php的錯誤日誌(error_log,log_error,display_error,error_reporting)