LNAMP: Nginx + Apache(php) + MariaDB
ngx_http_proxy_module <– 代理http协议,自定义请求首部
proxy_pass http://IP:PORT;
proxy_set_header X-Real-IP $remote_addr;
proxy_cache_path
proxy_cache
proxy_cache_key
proxy_cache_methods
proxy_cache_min_uses
proxy_cache_valid
proxy_cache_use_stale
proxy_connect_timeout
proxy_read_timeout
proxy_send_timeout
ngx_http_headers_module <– 自定义响应首部
add_header X-Via $server_addr; 代理修改响应给客户端的报文
LNMP: Nginx + fpm + MariaDB
ngx_http_fastcgi_module <– 代理fastcgi协议
fastcgi_pass IP:PORT;
fastcgi_cache_path
fastcgi_cache
fastcgi_cache_key
fastcgi_cache_methods
fastcgi_cache_valid
fastcgi_keep_conn
注意:fpm是一个进程管理器,管理能力并不如apache(php)所以较好的模型是LNAMP: Nginx + Apache(php) + MariaDB
同网段的LNAMP,,LNMP可以实现,跨网段,无能为力;
架构一、静态在本地:动态在后端(amp/p):
server {
listen 80;
server_name www.ilinux.io;
index index.php index.html
location / {
root /data/nginx/html;
}
location ~* \.php$ {
fastcgi_pass 192.168.10.11:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/apps$fastcgi_script_name;
include fastcgi_params;
或
proxy_pass http://192.168.10.11:80;
}
}
架构二、静态在后端:动态在后端(amp/p):
server {
listen 80;
server_name www.ilinux.io;
location / {
proxy_pass http://192.168.10.11:80;
}
location ~* \.php$ {
fastcgi_pass 192.168.10.11:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/apps$fastcgi_script_name;
include fastcgi_params;
或
proxy_pass http://192.168.10.11:80;
}
}
listen Nginx 监听在哪个地址端口接收请求,做应用层的SNAT+DNAT=fullnat;
server_name 基于主机名访问
proxy_pass http://HOST;
HOST: IP, IP:PORT, FQDN;
proxy_pass后的斜线差距;
(1)、在正则表达式模式中,location中不能加斜线;
(2)、proxy_pass 后不加斜线;
location / {
root
}
location /admin/ {
proxy_pass http://:upstream_server_ip1:80;
}
访问:server1/admin/ –> 后端documentRoot下存在admin;
(3)、proxy_pass 后加斜线;
location / {
root
}
location /admin/ {
proxy_pass http://upstream_server_ip1:80/;
}
访问:server1/admin/ –> 后端documentRoot下不存在admin;
(4)、location后是 /,没有区别;
注意: 代理至后端时,都需要配置后端DocuementRoot
proxy_pass 由后端程序决定;
fastcgi_pass 由 fastcgi_param SCRIPT_FILENAME 决定
1、如果是proxy_pass,额外附加功能:
(1)设定首部:
自定义请求首部: 代理修改发给upstremserver请求报文, ngx_http_proxy_module
目的: 后端服务器可获取真正的客户端地址,便于日志分析;修改后端httpd日志格式: ${X-Real-IP}i, 表示替换请求报文的X-Real-IP首部的值;
也可抓包分析请求报文首部;
proxy_set_header X-Real-IP $remote_addr;
注意: 多级代理时,应该使用:proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
自定义响应首部: 代理修改响应给客户端的报文, ngx_http_headers_module
add_header X-Via $server_addr;
了解: 代理服务器并非只能修改首部,也可以将传递来的首部直接发给服务器 或 响应给客户端
proxy_pass_header 将headers直接传递给代理的Client; 是upstream_server发来的指定headers;
proxy_pass_request_headers 将headers直接传递给代理的Server; 是client发来的请求报文headers;
proxy_pass_request_body 将body直接传递给代理的Server; 是client发来的请求报文body;
(2)代理缓存: 基于http协议,一般在proxy_pass生效的范围内定义;
缓存的作用:
1、将网络IO+磁盘IO 转换为磁盘IO
2、基于URL hash值存储,查找O(1);
缓存思路:
存储在内存中,有多大;满了存储在磁盘中,磁盘满了LRU;
内存中存储时,以什么当作键;
哪些方法可以存,哪些内容存多久;
哪些不可以存:GET时,set_cookie,基于cookie请求,认证… 不应该缓存;
后端挂了怎么办;
缓存清理机制:
时间内,访问次数;
purge: 人工按需清理;原服务器发布了新版本;遗憾的是社区版不支持,varnish上是灵活使用;
动态生成的缓存是否可以缓存?
随时可以,就看用户是否接受过期的内容;但对数据不能缓存,对描述信息可缓存;
例如:你的QQ被点赞多少次,你现在看到过去的100次和看到现在200次没有什么影响;
定义缓存:
http {
proxy_cache_path /data/nginx/cache levels=1:2:1 keys_zone=pcache:10m max_size=2g;
// proxy_cache_path path [levels=levels keys_zone=name:size [inactive=time] [max_size=size]
// 磁盘路径 路径下的层级 键区域=保存hash表的内存空间名字,大小 [非活动时间=10m] 最大多大空间磁盘空间:满了LRU
}
调用缓存:
http, server, location {
//调用缓存 Default: proxy_cache off;
proxy_cache pacache;
//把什么做为hash表的键;
proxy_cache_key $scheme$proxy_host$request_uri;
$request_uri:多个域名指向同一个站点时,更容易命中;不同站点时,需要定义
//哪些方法缓存?
proxy_cache_methods GET HEAD;
//10分钟内至少访问1次缓存; 10相当于定义缓存中Inactive=10,默认的
proxy_cache_min_uses 1;
//定义不同的内容缓存时间:
proxy_cache_valid 200 302 10m;
proxy_cache_valid 301 1h;
proxy_cache_valid any 1m;
//后端哪些情况下,可以使用缓存响应客户端;
proxy_cache_use_stale error | timeout | invalid_header | updating | http_500 | http_502 | http_503 | http_504 | http_403 | http_404 | http_429 | off …;
off:表示联系不上就一定不能响应;
}
(3)超时定义:
面向服务器:proxy指定超时;
与服务器建立连接的超时时长;(<=75s) http, server, location
proxy_connect_timeout 60s;
向服务器发送请求的超时时长;到了60s即返回 502 bad gateway.
proxy_send_timeout 60s;
从服务器读取响应的超时时长;
proxy_read_timeout 60s;
面向客户端:
server中keepalive定义
2、如果是fastcgi_pass,额外附加功能:
(1)代理缓存:fastcgi协议,在location中定义;
定义缓存:
http {
fastcgi_cache_path /data/nginx/fcgicache levels=2:2:2 keys_zone=fcache:10m max_size=2g;
}
调用缓存:
location ~* \.php$ {
fastcgi_pass 192.168.10.11:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/apps/$fastcgi_script_name; /data/apps/ 表示fpm的DocumentRoot
include fastcgi_params; <– 向后端传递参数
fastcgi_cache fcache;
fastcgi_cache_key $request_uri;
fastcgi_cache_valid 200 302 10m;
fastcgi_cache_valid 301 1h;
fastcgi_cache_valid any 1m;
fastcgi_keep_conn on;
}
删除^M:tr -d ‘\r’ < file | tee file
(2)Nginx要求保持连接,fastcgi_keep_conn on;
(3)面向fpm服务端的连接超时:
fastcgi_connect_timeout 60s;
fastcgi_send_timeout 60s;
fastcgi_read_timeout 60s;
(4)ping status
location ~* ^/(status|ping)$ {
fastcgi_pass 192.168.10.11:9000;
fastcgi_param SCRIPT_FILENAME /data/apps$fastcgi_script_name;
include fastcgi_params;
}
LNMP:
拓扑:
fpm: 192.168.10.11 eno16777736 vmnet1
mariadb-server: 192.168.10.12 eno16777736 vmnet1
Nginx:
eno16777736: 172.16.0.6 bridge
eno33554984: 192.168.10.254 vmnet1
1)桥接模式下安装fpm,mariadb-server
fpm: yum install php-fpm php-mysql php-mbstring php-mcrypt
mariadb-server: yum install mariadb-server
2)配置fpm和mariadb-server
~]# vim /etc/php-fpm.d/www.conf
listen = 0.0.0.0:9000 <监听在外网地址上才能接收外部请求>
;listen.allowed_clients = 127.0.0.1 <允许哪些客户端>,注释表示所有;iptables有访问控制功能;
user = nginx
group = nginx
pm.max_children = 150
pm.status_path = /status
ping.path = /ping
ping.response = pong
php_value[session.save_path] = /var/lib/php/session <保存session的目录属主和属组应该与php-fpm进程的用户相同>
~]# useradd -r nginx
~]# install -d -o nginx -g nginx /var/lib/php/session
~]# systemctl start php-fpm.service
~]# ss -tnl (*:9000)
~]# ps axu
nginx 2479 0.0 0.6 331300 5032 ? S 14:07 0:00 php-fpm: pool www
~]# vim /etc/my.cnf.d/server.cnf
[mysqld]
skip_name_resolve=ON
innodb_file_per_table=ON
log_bin=mysql-bin
~]# systemctl start mariadb.service
~]# ss -tnl (*:3306)
~]# ps axu
mysql 2520 0.0 0.2 115344 1704 ? Ss 14:10 0:00 /bin/sh /usr/bin/mysqld_safe –basedi
~]# mysql_secure_installation
~]# mysql -uroot -pmagedu
MariaDB [(none)]> GRANT ALL ON *.* TO ‘admin’@’%’ IDENTIFIED BY ‘pass’;
MariaDB [(none)]> FLUSH PRIVILEGES;
3)安装配置Nginx。静态在本地:动态在后端(p)
~]# yum install nginx
~]# cd /etc/nginx
虚拟主机配置:
1)打开nginx.conf
2)查看http { .. }上下文中是否存在片段化配置选项:
此处捕捉:
http {
include /etc/nginx/conf.d/*.conf;
}
配置虚拟主机:
# vim conf.d/vhost1.conf
server {
listen 80;
server_name www.ilinux.io;
location / {
root /data/nginx/html;
}
}
# mkdir -pv /data/nginx/html
# 生成测试页
测试:# nginx -t
启动:# systemctl start nginx.service
查看:# ss -tnlp (*:80) (((“nginx”,3469,6))
# ps axu
网页中输入:http://www.ilinux.io/
172.16.0.6
配置反代fastcgi协议;
# cat conf.d/vhost1.conf
server {
listen 80;
server_name www.ilinux.io;
index index.php index.html
location / {
root /data/nginx/html;
}
location ~* \.php$ {
fastcgi_pass 192.168.10.11:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/apps$fastcgi_script_name;
include fastcgi_params;
}
}
在后端主机上创建此DocumentRoot
# mkdir -pv /data/apps
生成测试页:
测试:# nginx -t
重载:# nginx -s reload
网页中输入:http://www.ilinux.io/
192.168.10.11
4)动静分离;需要将phpMyadmin在两个DocumentRoot中布署;
在fpm布署;
# cd /data/apps
# unzip phpMyAdmin-4.0.10.20-all-languages.zip
# ln -sv phpMyAdmin-4.0.10.20-all-languages pma
# cp pma/config.sample.inc.php pma/config.inc.php
# openssl rand -hex 4
57a1a64b
# vim pma/config.inc.php
$cfg[‘blowfish_secret’] = ’57a1a64ba8b7c6d’; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
$cfg[‘Servers’][$i][‘host’] = ‘192.168.10.12’;
网页中输入:http://www.ilinux.io/pma
404 Not Found
因为location只定义了\.php$ 反代到后端;
http://www.ilinux.io/pma/index.php
登陆: admin
密码: pass
在Nginx上布署:
# cd /data/nginx/html
# unzip phpMyAdmin-4.0.10.20-all-languages.zip
# ln -sv phpMyAdmin-4.0.10.20-all-languages pma
# cp pma/config.sample.inc.php pma/config.inc.php
# openssl rand -hex 4
57a1a64b
# vim pma/config.inc.php
$cfg[‘blowfish_secret’] = ’57a1a64ba8b7c6d’; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
$cfg[‘Servers’][$i][‘host’] = ‘192.168.10.12’;
网页中输入:http://www.ilinux.io/pma
5)将静态资源反代至后端主机192.168.10.12;
在12上安装httpd服务: httpd
# systemctl start httpd.service
生成测试页:
配置Nginx:
http {
fastcgi_cache_path /data/nginx/fcgicache levels=2:2:2 keys_zone=fcache:10m max_size=2g;
}
server {
listen 80;
server_name www.ilinux.io;
index index.php index.html;
location / {
root /data/nginx/html;
proxy_pass http://192.168.10.12:80;
}
location ~* \.php$ {
fastcgi_pass 192.168.10.11:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/apps/$fastcgi_script_name;
include fastcgi_params;
fastcgi_cache fcache;
fastcgi_cache_key $request_uri;
fastcgi_cache_valid 200 302 10m;
fastcgi_cache_valid 301 1h;
fastcgi_cache_valid any 1m;
fastcgi_keep_conn on;
}
location ~* ^/(status|ping)$ {
fastcgi_pass 192.168.10.11:9000;
fastcgi_param SCRIPT_FILENAME /data/apps$fastcgi_script_name;
include fastcgi_params;
}
}
测试、重载;
配置后端httpd:
~]# vim /etc/httpd/conf/httpd.conf
LogFormat “%{X-Real-IP}i %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\”” combined
~]# httpd -t
~]# systemctl reload httpd.service
网页中输入:http://www.ilinux.io/pma
Not Found
~]# tail /var/log/httpd/access_log
172.16.0.179 – – [16/Dec/2017:15:03:09 +0800] “GET /pma/ HTTP/1.0” 404 202 “-” “Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36”
布署wordpress至/var/www/html
# cd /var/www/html
# unzip phpMyAdmin-4.0.10.20-all-languages.zip
# ln -sv phpMyAdmin-4.0.10.20-all-languages pma
# cp pma/config.sample.inc.php pma/config.inc.php
# vim pma/config.inc.php
$cfg[‘blowfish_secret’] = ’57a1a64ba8b7c6d’; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
$cfg[‘Servers’][$i][‘host’] = ‘192.168.10.12’;
网页中输入:http://www.ilinux.io/pma
是索引;需要在配置文件未中添加
DirectoryIndex index.php index.html
ProxyRequests Off
ProxyPassMatch ^/(.*\.php)$ fcgi://192.168.10.11:9000/data/apps/$1
测试语法、重启httpd服务;
# httpd -t
# systemctl restart httpd.service
6) 布署wordpress至192.168.10.12, 192.168.10.11;
mariadb-server上新增用户;
~]# mysql -uroot -pmagedu
MariaDB [(none)]> CREATE DATABASE wordpress;
MariaDB [(none)]> GRANT ALL ON wordpress.* TO ‘wpuser’@’%’ IDENTIFIED BY ‘wppass’;
MariaDB [(none)]> FLUSH PRIVILEGES;
~]# mysql -uwpuser -h192.168.10.12 -pwppass
MariaDB [(none)]>
fpm: 1.11
# pwd
/data/apps
# unzip wordpress-4.9.1-zh_CN.zip
# ln -sv wordpress wp
# cp wp/wp-config-sample.php wp/wp-config.php
# vim wp/wp-config.php
/** WordPress数据库的名称 */
define(‘DB_NAME’, ‘wordpress’);
/** MySQL数据库用户名 */
define(‘DB_USER’, ‘wpuser’);
/** MySQL数据库密码 */
define(‘DB_PASSWORD’, ‘wppass’);
/** MySQL主机 */
define(‘DB_HOST’, ‘192.168.10.12’);
静态服务器上:
~]# cd /var/www/html
# unzip wordpress-4.9.1-zh_CN.zip
# ln -sv wordpress wp
# cp wp/wp-config-sample.php wp/wp-config.php
# vim wp/wp-config.php
/** WordPress数据库的名称 */
define(‘DB_NAME’, ‘wordpress’);
/** MySQL数据库用户名 */
define(‘DB_USER’, ‘wpuser’);
/** MySQL数据库密码 */
define(‘DB_PASSWORD’, ‘wppass’);
/** MySQL主机 */
define(‘DB_HOST’, ‘192.168.10.12’);
lnamp:
将192.168.10.11修改为一个amp即可;
~]# systemctl stop php-fpm
# yum install httpd php php-mysql php-mbstring php-mcrypt mariadb-server
~]# vim /etc/httpd/conf/httpd.conf
DocumentRoot “/data/apps”
<Directory “/data/apps”>
# systemctl start httpd.service
# vim conf.d/ilinux.conf
http {
proxy_cache_path /data/nginx/cache levels=1:1:1 keys_zone=pcache:10m max_size=2g;
}
# vim conf.d/ilinux.conf
server {
listen 80;
server_name www.ilinux.io;
index index.php index.html;
proxy_cache pcache;
proxy_cache_key $request_uri;
proxy_cache_valid 200 302 10m;
proxy_cache_valid 301 1h;
proxy_cache_valid any 1m;
proxy_cache_use_stale http_502;
location / {
root /data/nginx/html;
proxy_pass http://192.168.10.12:80;
}
location ~* \.php$ {
proxy_pass http://192.168.10.11:80;
}
}
访问: http://www.ilinux.io/pma/index.php
https提供pma
# vim ilinux.conf
server {
listen 443 ssl http2 default_server;
server_name www.ilinux.io;
index index.php index.html;
ssl_certificate “/etc/nginx/ssl/nginx.crt”;
ssl_certificate_key “/etc/nginx/ssl/nginx.key”;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
proxy_cache pcache;
proxy_cache_key $request_uri;
proxy_cache_valid 200 302 10m;
proxy_cache_valid 301 1h;
proxy_cache_valid any 1m;
proxy_cache_use_stale http_502;
location / {
root /data/nginx/html;
proxy_pass http://192.168.10.12:80;
}
location ~* \.php$ {
proxy_pass http://192.168.10.11:80;
}
}
本地完成证书签发;
# dir=/etc/pki/CA
# (umask 077; openssl genrsa -out $dir/private 2048)
# openssl req -new -x509 -out $dir/cacert.pem -key $dir/private/cakey.pem -days 7533
# touch $dir/index.txt
# echo 01 > $dir/serial
~]# mkdir /etc/nginx/ssl
~]# cd /etc/nginx/ssl
# (umask 077; openssl genrsa -out nginx.key 2048)
# openssl req -new -key nginx.key -out nginx.csr -days 365
# openssl ca -in nginx.csr -out nginx.crt -days 365
# systemctl restart nginx.service
# curl –cacert $dir/cacert.pem https://www.ilinux.io/pma/index.php
本文来自投稿,不代表Linux运维部落立场,如若转载,请注明出处:http://www.178linux.com/90451
评论列表(1条)
搭建一个项目试验的时候,建议先把拓扑图和实验目的写出来,这样更有利于阅读和了解文章~继续加油~