第六章 Nginx服務與LNMP部署
一、Nginx服務基礎
1、Nginx安裝及運行控制
(1)編譯安裝
①安裝支持軟件:yum install -y gcc gcc-c++ pcre-devel zlib-devel
②創建用戶、組:useradd -M -s /sbin/nologin nginx
③編譯安裝
1)./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module
2)make && make install
④命令優化
1)ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
(2)Nginx的運行控制
①檢查配置文件:nginx -t
②啓動:nginx
③停止:
1)killall -s QUIT nginx
2)kill -s QUIT [PID]
④重載:
1)killall -s HUP nginx
2)kill -s HUP [PID]
(3)編寫服務腳本
#!/bin/bash
#chkconfig:- 99 20
#server file for Nginx
file="/usr/local/nginx/sbin/nginx"
pid="/usr/local/nginx/logs/nginx.pid"
st(){
netstat -anput | grep nginx >>/dev/null
if [ $? -eq 0 ]
then
echo -e "\033[1;31mnginx:nginx is already running...\033[0m"
else
$file
echo -e "\033[1;32mStarting nginxd success...\033[0m"
fi
}
sto(){
netstat -anput | grep nginx >>/dev/null
if [ $? -eq 0 ]
then
kill -s QUIT $(cat $pid)
echo -e "\033[1;32mStopping nginxd success...\033[0m"
else
echo -e "\033[1;31mnginx:nginx not running\033[0m"
fi
}
rel(){
netstat -anput | grep nginx >>/dev/null
if [ $? -eq 0 ]
then
kill -s HUP $(cat $pid)
echo -e "\033[1;32mReload nginxd success...\033[0m"
else
echo -e "\033[1;31mnginx:nginx not running\033[0m"
fi
}
sta(){
$file -v
netstat -anput | grep nginx >>/dev/null
if [ $? -eq 0 ]
then
echo -e "\033[1;32mnginx:nginx is running\033[0m"
else
echo -e "\033[1;31mnginx:nginx not running\033[0m"
fi
}
case $1 in
start)
st
;;
stop)
sto
;;
reload)
rel
;;
restart)
sto
st
;;
status)
sta
;;
*)
echo "Usage:$0 {start|stop|restart|reload|status}"
exit 1
esac
exit 0
(4)添加系統服務
①chmod +x /etc/init.d/nginxd
②chkconfig --add nginx
③chkconfig nginx on
2、配置文件nginx.conf
(1)全局配置
①user nobody:運行用戶
②worker_processes 1:工作進程數量(通常根據CPU性能進行設置)
③error_log logs/error.log:錯誤日誌位置
④pid logs/nginx.pid:PID文件位置
(2)I/O事件配置
①events{}:界定標記,指定nginx的I/O響應模型及連接數等設置
②use epoll:使用epoll模型
③worker_connections 1024:每個進程處理的連接數
(3)HTTP配置
①http{}:界定標記,內部包含訪問日誌、http端口、網頁目錄,虛擬主機等
②access_log logs/access.log main:訪問日誌位置
③sendfile on:支持文件發送(下載)
④keepalive_timeout 65:連接保持超時
⑤server{}:web服務監聽配置
1)listen 80:監聽地址及端口
2)server_name www.luobin.com:網站名稱
3)charset utf-8:默認字符集
4)location /{}:根目錄配置
a.root html:網站根目錄位置
b.index index.html index.php:默認首頁
5)error_page 500 502 503 504/50x.html:內部錯誤反饋頁面
6)location= /50x.html{}:錯誤頁面配置
a.root html:錯誤頁面目錄位置
3、訪問狀態統計
(1)啓用模塊:--with-http_stub_status_module
(2)配置文件修改:
①相關server中添加location/status{}
②stub_status on:打開狀態統計功能
③access_log off:關閉此位置的日誌記錄
(3)訪問:直接訪問網站的/status位置
(4)status詳解
①active connections:活躍的連接數量
②server accepts handled requests:總共處理了89個連接 , 成功創建89次握手, 總共處理了87個請求
③reading:讀取客戶端的連接數.
④writing:響應數據到客戶端的數量
⑤waiting:開啓 keep-alive 的情況下,這個值等於 active – (reading+writing), 意思就是 Nginx 已經處理完正在等候下一次請求指令的駐留連接
4、CentOS7中添加nginx服務腳本
(1)vim /lib/systemd/system/nginx.service
[Unit]
Description=nginx //描述
After=network.target //描述服務類別
[Service]
Type=forking //後臺運行形式
PIDFile=/usr/local/nginx/logs/nginx.pid //PID文件位置
ExecStart=/usr/local/nginx/sbin/nginx //啓動服務
ExecReload=/usr/bin/kill -s HUP $MAINPID //根據PID重載
ExecStop=/usr/bin/kill -s QUIT $MAINPID //根據PID關閉
[Install]
WantedBy=multi-user.target
(2)chmod 754 /lib/systemd/system/nginx.service
(3)systemctl enable nginx.service
二、Nginx訪問控制
1、基於授權的訪問控制
(1)使用htpasswd生成用戶認證文件(yum install httpd-tools):
①htpasswd -c /usr/local/nginx/passwd.db webadmin
(2)修改密碼文件權限:
①chmod 400 /usr/local/nginx/passwd.db
②chown nginx /usr/local/nginx/passwd.db
(3)修改配置文件nginx.conf
①location中添加
②auth_basic “secret”:添加認證配置
③auth_basic_user_file /usr/local/nginx/passwd.db
(4)檢測語法並重啓服務
①nginx -t
②ulimit -n 65530:增加連接限制數量
③service nginx restart
2、基於客戶端的訪問限制
(1)修改配置文件nginx.conf
①location中添加
②deny 192.168.85.1:禁止的客戶端IP
③allow all
(2)重啓服務
3、永久修改連接限制數
(1)修改/etc/security/limits.conf 文件(注意帶着前面的*號),如下:
①* soft nofile 65530
②* hard nofile 65530
(2)重新加載庫:
①打開文件:vi /etc/pam.d/login在最後加上:
1)session required /lib64/security/pam_limits.so
三、Nginx虛擬主機
1、基於域名的虛擬主機
server {
listen 80;
server_name www.luobin.com;
location / {
root html/www;
index index.html index.php index.htm;
}
}
server {
listen 80;
server_name test.luobin.com;
location / {
root html/test;
index index.html index.php index.htm;
}
}
2、基於IP的虛擬主機
listen 192.168.1.101:80;
server_name 192.168.1.101:80;
listen 192.168.1.102:80;
server_name 192.168.1.102:80;
3、基於端口的虛擬主機
listen 80;
server_name www.luobin.com;
listen 8080;
server_name www.luobin.com;
四、LNMP架構部署
1、編譯安裝MySQL
(1)yum -y install ncurses-devel
(2)安裝gmake
(3)編譯安裝mysql:cmake -DCMAKE_INSTALL_PREFIX=/usr/local/mysql -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DWITH_EXTRA_CHARSETS=all -DSYSCONFDIR=/etc
(4)make && make install
(5)優化
①cp support-files/my-medium.cnf /etc/my.cnf
②cp support-files/mysql.server /etc/rc.d/init.d/mysqld
③chmod +x /etc/rc.d/init.d/mysqld
④chkconfig --add mysqld
⑤echo “PATH=$PATH:/usr/local/mysql/bin”>>/etc/profile
⑥./etc/profile
(6)初始化數據庫
①groupadd mysql
②useradd -M -s /sbin/nologin mysql -g mysql
③chown -R mysql:mysql /usr/local/mysql
④/usr/local/mysql/scripts/mysql_install_db --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data --user=mysql
(7)啓動服務
①service mysqld start
②mysqladmin -u root password ‘111111’
2、安裝PHP解析環境
(1)安裝PHP依賴包:yum -y install libpng libpng-devel pcre pcre-devel libxml2-devel libjepeg-devel
(2)編譯安裝PHP
./configure
--prefix=/usr/local/php5
--with-gd
--with-curl
--with-zlib
--with-mysqli
--with-mysql=mysqlnd
--with-config-file-path=/usr/local/php5
--enable-mbstring
--enable-fpm
--with-jpeg-dir=/usr/lib
make &&make install
(3)複製模板文件件作爲PHP主配置文件
cp php.ini-development /usr/local/php5/php.ini
(4)安裝ZendGuardLoader提高PHP效率
①cp ZendGuardLoader.so /usr/local/php5/lib/php/
②修改php.ini
1)zend_extension=/usr/local/php5/lib/php/ZendGuardLoader.so
2)zend_loader.enable=1
3、配置nginx支持PHP環境
(1)PHP-FPM模塊配置
①複製模板文件作爲配置文件
cp /usr/local/php5/etc/php-fpm.conf.default /usr/local/php5/etc/php-fpm.conf
②修改php-fpm.conf文件
pid=run/php-fpm.pid
user=nginx
group=nginx
pm.max_children=50
pm.start_servers=20
pm.min_spare_servers=5
pm.max_spare_servers=20
③啓動PHP-FPM模塊(9000端口)
ln -s /usr/local/php5/bin/* /usr/local/bin
ln -s /usr/local/php5/sbin/* /usr/local/sbin
php-fpm
④修改nginx啓動腳本,添加php-fpm模塊
PROG_FPM=”/usr/local/sbin/php-fpm”
PID_FPM=”/usr/local/php5/var/run/php-fpm.pid”
$PROG_FPM
kill -s QUIT $(cat $PID_FPM)
kill -s HUP $(cat $PID_FPM)
(2)配置nginx.conf支持php解析
①修改server{}
location ~ \.php$ {
root /var/www/phpcom;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
②創建phpinfo頁面並測試
<?php
phpinfo();
?>
③創建php連接數據庫頁面並測試
<?php
//phpinfo();
$link=mysql_connect('192.168.11.20','root','111111');
if($link) echo “數據庫連接成功!”;
mysql_close();
?>