IO:模型
nginx:
web服務器
反向代理:代理web,mail
tengine:淘寶的nginx
varnish,squid:緩存服務器
nginx:緩存在磁盤上和memcached
httpd:緩存在磁盤和內存上。
nginx熱部署:平滑升級
安裝nginx:
yum groupinstall "Development Tools" "Server Platform Development"
yum install pcre-devel openssl-devel
groupadd -r -g 108 nginx
user -r -g 108 -u 108 nginx
tar -zxvf nginx-1.41.tar.gz
cd nginx-1.41
./configure --prefix=/usr --sbin-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/log/nginx.lock --user=nginx --group=nginx --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gizp_static_module --http-client-temp-path=/var/tmp/nginx/client --http-proxy-temp-path=/var/tmp/nginx/proxy/ --http-fastcgi-temp-path=/var/tmp/nginx/fcgi/ --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi --http-scgi-temp-path=/var/tmp/nginx/scgi --http-scgi-temp-path=/var/tmp/nginx/scgi --with-pcre=/usr --with-file-aio
make && make install
採用源碼rpm包安裝:
rpm -ivh nginx-1.4.1-1.el5.ngx.src.rpm
cd /usr/src/redhat/SPECS/
vim nginx.spec
rpmbuild -ba nginx.spec
nginx:
server{}:虛擬主機
location{}:
location /URI/ {
root "/web/htdocs";
}
httpd:
<DocumentRoot "">
</DocumentRoot>
<location "/bbs">
</location>
URI路徑:
http://www.magedu.com/
nagle算法:主要解決網絡擁塞
每一個server{}:定義一個虛擬主機
location{}:
location /uri/ {
root “/web/htdocs”;
}
httpd:
基於本地文件系統的路徑:<documentroot "">
</documentroot>
定義uri路徑:<location "/bbs">
</location>
uri路徑:http://www.baidu.com/(從這裏開始後面就稱uri路徑)
location [ =| ~| ~*| ^~ ] uri{...}
location uri{}:對當前路徑及子路徑下的所有對象都生效
location = uri {}:精確匹配指定的路徑,不包括子路徑,因此,只對當前資源生效
location ~ uri {}:
location ~ uri {}:
模式匹配uri,此處的uri可使用正則表達式,~區分字符大小寫,~不區分字符大小寫:
location ^~ uri {}:不使用正則表達式
location / {
root /web/htdocs;
}
location /bbs/ {
root /web;
}
訪問控制:
基於IP模式的訪問控制
location / {
root /web/htdocs;
deny 192.168.1.25;
}
location / {
root /web/htdocs;
allow 192.168.1.25;
deny all;
}
基於用戶模式的訪問控制
location / {
root /web/htdocs;
auth_basic "Restricted Area...";
auth_basic_user_file /etc/nginx/.users;
autoindex on;
}
httppasswd -cm /etc/nginx/.users tom
location /status {
stub_status on;
}
其status各項表示的意思:已經接受的連接的個數,已經處理的連接的個數,已經連接的請求的個數
reading:nginx正在讀取其首部請求的個數;
writing:nginx正在讀取其主體的請求的個數,或正處理着其請求響應的內容的請求的個數或者正在向其客戶端發送響應的個數;
waiting:長連接模式的保持的連接個數
建立證書頒發簽署機構:
1.製作私鑰
vim /etc/pki/openssl.cnf
[CA_default]
dir = /etc/pki/CA
cd /etc/pki/CA
mkdir certs crl newcerts private
(umask 077;openssl genrsa 2048 > private/cakey.pem)
2.生成自簽名證書:
openssl req -new -x509 -key private/cakey.pem -out cacert.pem
touch serial
echo 01 > serial
touch index.txt
用戶向證書頒發機構申請簽署證書:
cd /etc/nginx
mkdir ssl
cd ssl
1.製作私鑰
(umask 077;openssl genrsa 1024 > nginx.key)
2.生成向證書頒發機構的證書籤署請求
openssl -req -new -key nginx.key -out nginx.csr
3.證書機構簽署證書籤署請求
openssl ca -in nginx.csr -out nginx.crt -days 3650
server {
listen 443;
server_name localhost;
ssl on;
ssl_cerificate /etc/nginx/ssl/nginx.crt;
ssl_session_key /etc/nginx/ssl/nginx.key;
ssl_protocols SSLv2 SSLv3 TLSv1;
location / {
root /web/htdocs;
index index.html index.htm;
}
}
虛擬主機:
server {
listen 80;
server_name sina.uplook.com;
location / {
root /sina;
index index.html;
}
LEMP:
php-fpm:
127.0.0.1:9000
nginx+PHP+MySQL
vim /etc/php.ini
vim /etc/php-fpm.conf
vim /etc/init.d.php-fpm
tar -zxvf mysql-5.6.10-linux-glibc2.5-i686.tar.gz -C /usr/local
mkdir /mydata/data
useradd -r mysql
chown -R mysql.msyql /mydata/data
cd /usr/local
ln -sv mysql-5.6.10 mysql
chown -R root.mysql ./*
scripts/mysql_install_db --user=mysql --datadir=/mydata/data/
vim /etc/my.cnf
datadir = /mydata/data
innodb_file_per_table = on
log-bin = master-bin
socket = /tmp/mysql.sock
cp support-files/mysql.server /etc/init.d/mysqld
service mysqld start
vim /etc/ld.so.conf.d/mysql.conf
/usr/local/mysql/lib
ldconf -v
ln -sv /usr/local/mysql/include /usr/include/mysql
tar -jxvf php-5.4.13.tar.bz2
cd php-5.4.13
./configure --prefix=/usr/local/php --with-mysql=/usr/local/mysql --with-openssl --enable-fpm --enable-sockets --enable-sysvshm --with-mysqli=/usr/local/mysql/_config --enable-mbstring --with-freetype-dir --with-png-dir --with-zlib-dir --with-libxml-dir=/usr --enable-xml --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --with-bz2 --with-curl
make && make install
cp php.ini-production /etc/php.ini
cd /usr/local/php/etc/
cp php-fpm.conf.default php-fpm.conf
cd /root/php-5.4.13/
cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
service php-fpm start
整合nginx和php
vim /etc/nginx/nginx.conf
location ~ .php$ {
root /web/htdocs;
index index.php index.html
fastcgi_pass 127.0.0.1:9000;(用來定義代理的)
fastcgi_index index.php;
fastcgi_param script_filename ..;
include fastcgi_params;
}
vim /etc/nginx/fastcgi_params
fastcgi_param ...
fastcgi_param ...
fastcgi_param ...
fastcgi_param ...
fastcgi_param ...
fastcgi_param ...
fastcgi_param ...
vim /web/htdocs/index.php
<?php
phpinfo();
?>
IO模型:
阻塞:等待
非阻塞:一直輪詢
同步:把數據獲取到以後在離開
異步:獲取數據的時候,可以不用等到獲取後在離開
同步阻塞:
異步阻塞:IO複用
同步非阻塞:event-driven
異步非阻塞:AIO
nginx:
mmap
event-driven
一個進程響應多個請求;單線程進程
memcached:萬金油,存儲可序列化數據string,object,key:value
hash bucket,O(1)
redis:databases,nosql
lvs
nginx
haproxy
LEMP:
enginx
web:nginx,lnmp,memcached,haproxy,tomcat,varnish
location ~* .php$ {
fastcgi_pass 127.0.0.1:9000;
}
fastcgi
nginx配置文件
main,
worker_process
error_log
user
group
events {
}
事件驅動
httpd {
}
關於http相關的配置
server {
}
虛擬主機
location uri {
directive <parameters>;
}
uri訪問屬性
上下文
server {
listen 80;
server_name www.maoshou.com
location / {
後端服務器;
}
}
反向代理:
proxy_pass
location [op] URI {
http://172.16.100.11/;
}
~
~*
^~
location @name
location /forum/ {
proxy_pass http://172.16.100.11:8080/bbs/;
}
http://www.magedu.com/forum/
--->http://172.16.100.11:8080/bbs/
location ~* ^/forum {
proxy_pass http://172.16.100.11:8080;
}
http://www.magedu.com/forum/ --->
http://172.16.100.11:8080/forum
vim /etc/nginx.conf
location /forum/ {
proxy_pass http://172.16.100.6/bbs/;
}
在172.16.100.6上mkdir /var/www/html/bbs
vim /etc/nginx.conf
location ~* /forum {
proxy_pass http://172.16.100.6;
proxy_set_header X-Real-IP $remote_addr;
}
在 172.16.100.6上mkdir /var/www/html/forum
vim /etc/http.conf
LogFormat "%{X-Real-IP}i" ...
proxy_set_header X-real-IP $remote_addr
get,post,head,put,trace,options,connection,delete
nginx:
round-robin
ip_hash
least_conn
vim /etc/nginx.conf
upstream websrvs {
ip_hash(請註釋掉backup這行);
server 172.16.100.6 weight=1 max_fails=2 fail_timeout=2;
server 172.16.100.7 weight=1 max_fails=2 fail_timeout=2;
#server 127.0.0.1:8080 backup;
}
proxy_cache_path /nginx/cache/first levels=1:2:1 keys_zone=first:20m max_size=1g;
location / {
proxy_pass http://websrvs/;
proxy_set_header X-Real-IP $remote_addr;
proxy_cache first;
proxy_cache_valid 200 10m;
}
server {
listen 8080;
server_name 127.0.0.1;
location / {
root /web/error;
index index.html index.htm
}
}
mkdir /web/error
vim html
mkdir /nginx/cache/first
nginx:
cache:共享內存:存儲健和緩存對象元數據
磁盤空間:存儲數據
proxy_cache_path:不能定義在server{}上下文
緩存對象命名
緩存目錄:子目錄級別
proxy_cache_path /nginx/cache/first levels=1:2:1 keys_zone=first:20m max_size=1g;
表示有三個子級目錄,1:表示第一子級目錄有一個字符 2:表示第二子級目錄有2個字符 1:表示第三子級目錄有1個字符
cache_manager:LRU
另外常用的三種緩存:
open_log_cache:日誌緩存
open_file_cache:
fastcgi_cache:
nginx的limit限制也基於共享內存實現
nginx:gzip
upstream phpsrvs {
server ....
server ....
}
upstream imgsrvs {
server ....
server ....
}
ustream staticfilesrvs {
server ....
server ....
}
location / {
root /web/htdocs;
index index.php index.html
}
location ~* .php$ {
fastcgi_pass http://phpsrvs;
}
location ~* .(jpg|jpeg|gif|png)$ {
proxy_pass http://imgsrvs;
}
rewirte:URL重寫模塊
if (condition) {
}
測試:
雙目測試:
~,!~
,!
~,!~
if ($request_method="POST") {
}
if ($request_uri ~* "/forum") {
}
單目測試:
referer:
location / {
root /web;
rewrite "/images/" http://172.16.100.19/images/
}
支持正則表達式:
locstion / {
root html;
index index.html;
rewrite "^/bbs/(.*)$" http://www.magedu.com/forum/$1 last;
}
http://www.magedu.com/bbs/index.html --> http://www.magedu.com/forum/index.html
locstion / {
root html;
index index.html;
rewrite "^/bbs/(.)/images/(.).jpg$" http://www.magedu.com/bbs/$2/images/$1.jpg last;
}
http://www.magedu.com/bbs/a/images/b.jpg --> http://www.magedu.com/bbs/b/images/a.jpg --> http://www.magedu.com/bbs/a/images/b.jpg
last:本次重寫完成之後,重啓下一輪檢查;
break:本次重寫完成之後,直接執行後續操作;
locstion / {
root html;
index index.html;
rewrite "^/bbs/(.*)$" /forum/$1;
}
zeromq:連接池
mmap:內存映射
Facebook:日誌收集器
nginx:
IO模型:
阻塞:
非阻塞:一遍一遍的輪詢
同步:對方完完整整收到數據後,才響應說收到了
異步:數據發送出去就不管了,不管對方收到沒有
同步阻塞
異步阻塞:IO複用
異步阻塞:event-driven
異步非阻塞:aio
nginx:
mmap
event-driven
一個進程響應多個請求:單線程進程
aio
PHP和nginx結合要通過fastcgi
redis:能夠實現持久存儲
nosql:是一種技術,有很多不同的類別
location [op] uri {
proxy_pass http://172.16.100.11/;
}
~
~*
^~
location @name(可以調用另外一個location):
location / {
error 404 @fallback(即調用下面的fallback)
}
location @fallback {
proxy_pass http://1
92.168.1.20;
}
location /forum/ {
proxy_pass http://192.168.1.100:8080/bbs/;
}
此/forum/和/bbs/要事先建立,且這兩個目錄在兩臺服務器上不用相同
當在瀏覽器中輸入http://www.psmov.com/forum/則被代理到http://192.168.1.100:8080/bbs/後端http服務器中
如果採用正則表達式(即採用模式匹配)則只能寫地址,後面不能接路徑,且兩個目錄要相同
location ~* ^/forum {
proxy_pass http://192.168.1.100:8080;
}
http://www.psmov.com/forum/則被代理到http://192.168.1.100:8080/forum/後端http服務器中
proxy_set_header x-real-IP $remote_addr(當客戶端訪問時都是代理服務器去獲得資源然後給客戶端,這樣就無法得知是哪個客戶端訪問了,所有就採用proxy_set_header x-real-IP $remote_addr)
客戶端請求內容的方法:
get、post、head、put、trace、options、connection、delete
location ~* ^/forum {
proxy_pass http://192.168.1.100:8080;
proxy_set_header x-real-ip $remote_addr;
}
nginx的三種算法:
round-robin
ip_hash:在這種算法下不能使用backup
least_com
nginx作爲緩存代理服務器
cache:共享內存(存儲和緩存對象元數據)
proxy_cache_path:用來定義緩存的目錄,且不能定義在server字段中
proxy_cache_path /nginx/cache/first levels=1:2:1 keys_zone=first(這是要被location配置中引用的名稱):20m max_size=1G
cache_manager:lru
location / {
proxy_pass http://192.168.1.100:8080/webservs/;
proxy_cache first;
proxy_cache_valie 200 10m;
}
另外常用的三種緩存
open_log_cache:日誌緩存
open_file_cache:打開文件緩存
fastcgi_cache:
而nginx的limit限制也基於共享內存實現
nginx:gzip
請求不同內容的代理
upstream phpserver {
server ...
server ...
}
upstream imgsrvs {
server ...
server ...
}
location / {
root /web;
index index.php index.html;
}
location ~* .php$ {
fastcgi_pass http://phpserver;
}
location ~* “.(jpg|jpeg|gif|png)$”
proxy_pass http://imgsrvs;
}
rewrited:URL重寫模塊(主要是來防盜鏈的)
if (condition){
}
測試:
雙目測試;
~,!~
,!
~,!~
if ($request_method=“POST”){
}
if ($request_uri ~* "/forum") {
}
單目測試:
referer:
location /images/ {
rewrite http://192.168.1.20/images/
}
支持正則表達式:
location / {
root html;
index index.html;
rewrite “^/bbs/(.)$” http://192.168.1.20/forum/$1 last;
}
這裏面的/bbs/目錄不需要存在,其中$1爲(.)$,類似於後向引用
last:本次重寫完成之後,重啓下一輪檢查;
break:本次重寫完成之後,直接執行後續操作;
讀寫分離
webdav:基於http協議的讀寫分離
在後端的http服務中配置:
<director "/var/www/html">
Dav on
/etc/init.d/httpd restart
setfacl -m u:apache:rwx /var/www/html
在前端的nginx中配置:
location / {
proxy_pass http://192.168.1.20/;
if ($request_method = "PUT")
proxy_pass http://192.168.1.21;
}
curl -T /etc/fstab http://172.16.100.106 上傳文件
PHP+nginx分別部署在不通的服務器上面需要注意的地方:
1.nginx.conf配置如下:
注意index中需要設置添加index.php,location php需要注意fastcgi_pass和fastcgi_param項
server {
listen 80;
server_name localhost;
location / {
root html;
index index.php index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location ~ .php$ {
root html;
fastcgi_pass 172.18.0.5:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
include fastcgi_params;
}
}
2.由於fastcgi_pass連接至不同的服務器,故php服務器需要設置index root
3.ls -l /usr/local/nginx/html/index.php
4.總結:1.如果nginx與php服務器是分開部署的話,那麼172.18.0.5這臺服務器上需要有nginx的root文件,既index.php
2.如果nginx與php是在同一服務器,且php是使用127.0.0.1進行連接的話,那麼可以修改nginx.conf爲:
(fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;)