LNMP環境搭建與配置
1 安裝MySQL
LNMP中MySQL的安裝步驟和LAMP一樣。
- 下載軟體包:
# cd /usr/local/src/
# wget http://mirrors.sohu.com/mysql/MySQL-5.6/mysql-5.6.36-linux-glibc2.5-x86_64.tar.gz #下載mysql二進位制包
- 初始化:
# tar zxf mysql-5.6.36-linux-glibc2.5-x86_64.tar.gz #解壓二進位制包
# [ -d /usr/local/mysql ] && mv /usr/local/mysql /usr/local/mysql_old
# mv mysql-5.6.36-linux-glibc2.5-x86_64 /usr/local/mysql
# useradd -s /sbin/nologin mysql #建立使用者mysql
# cd /usr/local/mysql
# mkdir -p data/mysql #建立datadir,資料庫檔案會放到這裡
# chown -R mysql:mysql data/mysql #更改許可權,否則後面會出問題
# ./scripts/mysql_install_db --user=mysql --datadir=/usr/local/mysql/data/mysql #這裡datadir儘量使用絕對路徑,不然後面可能報錯
FATAL ERROR: please install the following Perl modules before executing ./scripts/mysql_install_db:
Data::Dumper #有報錯,安裝所缺包
# yum list |grep -i dumper
perl-Data-Dumper.x86_64 2.145-3.el7 @base
perl-XML-Dumper.noarch 0.81-17.el7 base
# yum install -y perl-Data-Dumper.x86_64
# ./scripts/mysql_install_db --user=mysql --datadir=/usr/local/mysql/data/mysql
Installing MySQL system tables..../bin/mysqld: error while loading shared libraries: libaio.so.1: cannot open shared object file: No such file or directory #再次報錯,安裝所缺包
# yum install -y libaio-devel
# ./scripts/mysql_install_db --user=mysql --datadir=/usr/local/mysql/data/mysql #有兩個OK,就說明初始化成功
# echo $?
0 #檢驗上條命令是否執行成功,0表示執行成功
- 配置MySQL:
# cp support-files/my-default.cnf /etc/my.cnf
cp:是否覆蓋"/etc/my.cnf"? y
# vim /etc/my.cnf #修改配置檔案如下
[mysqld]
# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
innodb_buffer_pool_size = 128M
# Remove leading # to turn on a very important data integrity option: logging
# changes to the binary log between backups.
# log_bin =
# These are commonly set, remove the # and set as required.
basedir = /usr/local/mysql #這裡做3處修改,basedir 是MySQL包所在的路徑,datadir 是定義的存放資料的地方,port 定義MySQL服務監聽的埠,如果不定義預設就是3306
datadir = /usr/local/mysql/data/mysql
port = 3306
# server_id = .....
# socket = .....
# Remove leading # to set options mainly useful for reporting servers.
# cp support-files/mysql.server /etc/init.d/mysqld
# chmod 755 /etc/init.d/mysqld
# vim /etc/init.d/mysqld
basedir=/usr/local/mysql
datadir=/usr/local/mysql/data/mysql #修改成這樣
# chkconfig --add mysqld #將mysqld加入系統服務項
# chkconfig mysqld on #設定開機啟動
- 啟動MySQL:
# service mysqld start #啟動mysqld服務
Starting MySQL.Logging to '/usr/local/mysql/data/mysql/localhost.localdomain.err'.
. SUCCESS! #mysqld服務啟動成功
# netstat -lntp |grep 3306 #檢驗mysqld服務是否啟動成功,檢視是否在監聽3306埠
tcp6 0 0 :::3306 :::* LISTEN 3655/mysqld
2 安裝PHP
- 下載原始碼包:
# cd /usr/local/src/
# wget http://cn2.php.net/distributions/php-5.6.36.tar.gz
- 解壓原始碼包,建立賬號:
# tar zxf php-5.6.36.tar.gz
# useradd -s /sbin/nologin php-fpm
- 配置編譯選項:
# ./configure \
> --prefix=/usr/local/php-fpm \
> --with-config-file-path=/usr/local/php-fpm/etc \
> --enable-fpm \
> --with-fpm-user=php-fpm \
> --with-fpm-group=php-fpm \
> --with-mysql=/usr/local/mysql \
> --with-mysql-sock=/tmp/mysql.sock \
> --with-libxml-dir \
> --with-gd \
> --with-jpeg-dir \
> --with-png-dir \
> --with-freetype-dir \
> --with-iconv-dir \
> --with-zlib-dir \
> --with-mcrypt \
> --enable-soap \
> --enable-gd-native-ttf \
> --enable-ftp \
> --enable-mbstring \
> --enable-exif \
> --disable-ipv6 \
> --with-pear \
> --with-curl \
> --with-openssl #多了--enable-fpm,如果不加該引數,則不會有php-fpm執行檔案生成,更不能啟動php-fpm服務
- 錯誤1:
checking for cc... no
checking for gcc... no
configure: error: in `/usr/local/src/php-5.6.36':
configure: error: no acceptable C compiler found in $PATH
See `config.log' for more details
# yum install -y gcc #這裡提示安裝gcc,是因為我用了新的虛擬機器
# ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl #繼續執行這一步
- 錯誤2:
checking for xml2-config path...
configure: error: xml2-config not found. Please check your libxml2 installation.
# yum list |grep libxml2
libxml2.x86_64 2.9.1-6.el7_2.3 @anaconda
libxml2.i686 2.9.1-6.el7_2.3 base
libxml2-devel.i686 2.9.1-6.el7_2.3 base
libxml2-devel.x86_64 2.9.1-6.el7_2.3 base
libxml2-python.x86_64 2.9.1-6.el7_2.3 base
libxml2-static.i686 2.9.1-6.el7_2.3 base
libxml2-static.x86_64 2.9.1-6.el7_2.3 base
# yum install -y libxml2-devel.x86_64 #安裝libxml-devel
# ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl #繼續執行這一步
- 錯誤3:
configure: error: Cannot find OpenSSL's <evp.h>
# yum install -y openssl openssl-devel #安裝openssl和openssl-devel
# ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl #繼續執行這一步
- 錯誤4:
checking for cURL in default path... not found
configure: error: Please reinstall the libcurl distribution -
easy.h should be in <curl-dir>/include/curl/
# yum install -y libcurl-devel #安裝libcurl-devel
# ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl #繼續執行這一步
- 錯誤5:
configure: error: jpeglib.h not found.
# yum -y install libjpeg-devel #安裝libjpeg-devel
# ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl #繼續執行這一步
- 錯誤6:
configure: error: png.h not found.
# yum install -y libpng libpng-devel #安裝libpng-devel
# ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl #繼續執行這一步
- 錯誤7:
configure: error: freetype-config not found.
# yum install -y freetype freetype-devel #安裝freetype-devel
# ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl #繼續執行這一步
- 錯誤8:
configure: error: mcrypt.h not found. Please reinstall libmcrypt.
# yum install -y epel-release
# yum install -y libmcrypt-devel #安裝libmcrypt-devel(安裝之前要安裝epel-release這個擴充套件源)
# ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl #繼續執行這一步
- 終於不再提示錯誤,有這樣的資訊:
+--------------------------------------------------------------------+
| License: |
| This software is subject to the PHP License, available in this |
| distribution in the file LICENSE. By continuing this installation |
| process, you are bound by the terms of this license agreement. |
| If you do not agree with the terms of this license, you must abort |
| the installation process at this point. |
+--------------------------------------------------------------------+
Thank you for using PHP.
config.status: creating php5.spec
config.status: creating main/build-defs.h
config.status: creating scripts/phpize
config.status: creating scripts/man1/phpize.1
config.status: creating scripts/php-config
config.status: creating scripts/man1/php-config.1
config.status: creating sapi/cli/php.1
config.status: creating sapi/fpm/php-fpm.conf
config.status: creating sapi/fpm/init.d.php-fpm
config.status: creating sapi/fpm/php-fpm.service
config.status: creating sapi/fpm/php-fpm.8
config.status: creating sapi/fpm/status.html
config.status: creating sapi/cgi/php-cgi.1
config.status: creating ext/phar/phar.1
config.status: creating ext/phar/phar.phar.1
config.status: creating main/php_config.h
config.status: executing default commands
這就說明PHP配置編譯引數完成。
- 編譯php:
# make
Build complete.
Don't forget to run 'make test'.
# echo $?
0
編譯完成(在這一步,也有可能會遇到問題)。
- 安裝php:
# make install
Wrote PEAR system config file at: /usr/local/php-fpm/etc/pear.conf
You may want to add: /usr/local/php-fpm/lib/php to your php.ini include_path
/usr/local/src/php-5.6.36/build/shtool install -c ext/phar/phar.phar /usr/local/php-fpm/bin
ln -s -f phar.phar /usr/local/php-fpm/bin/phar
Installing PDO headers: /usr/local/php-fpm/include/php/ext/pdo/
# echo $?
0
安裝完成。
- 修改配置檔案:
# cp php.ini-production /usr/local/php-fpm/etc/php.ini
# vim /usr/local/php-fpm/etc/php-fpm.conf #這裡是新檔案,直接複製貼上下面的指令碼內容即可
[global]
pid = /usr/local/php-fpm/var/run/php-fpm.pid
error_log = /usr/local/php-fpm/var/log/php-fpm.log
[www]
listen = /tmp/php-fcgi.sock
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
# /usr/local/php-fpm/sbin/php-fpm -t
[01-Jul-2018 21:08:57] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful #顯示 test is successful ,說明配置沒有問題
- 啟動php-fpm:
# cp /usr/local/src/php-5.6.36/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
# chmod 755 /etc/init.d/php-fpm
# useradd -s /sbin/nologin php-fpm
useradd:使用者“php-fpm”已存在 #如果之前進行過這一步,那這裡就可以省略
# service php-fpm start
Starting php-fpm done
# ps aux |grep php-fpm #檢測php-fpm是否啟動
root 30222 0.0 0.1 123452 4812 ? Ss 21:14 0:00 php-fpm: master process (/usr/local/php-fpm/etc/php-fpm.conf)
php-fpm 30223 0.0 0.1 123452 4580 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30224 0.0 0.1 123452 4580 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30225 0.0 0.1 123452 4580 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30226 0.0 0.1 123452 4580 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30227 0.0 0.1 123452 4584 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30228 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30229 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30230 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30231 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30232 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30233 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30234 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30235 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30236 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30237 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30238 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30239 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30240 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30241 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30242 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www
root 30248 0.0 0.0 112720 980 pts/0 S+ 21:16 0:00 grep --color=auto php-fpm #說明php-fpm成功啟動
# chkconfig php-fpm on #設定php-fpm開機啟動
3 安裝Nginx
- 下載和解壓Nginx:
# cd /usr/local/src/
# wget http://nginx.org/download/nginx-1.12.1.tar.gz
# tar zxf nginx-1.12.1.tar.gz
- 配置編譯選項:
# cd nginx-1.12.1
# ./configure --prefix=/usr/local/nginx
Configuration summary
+ using system PCRE library
+ OpenSSL library is not used
+ using system zlib library
nginx path prefix: "/usr/local/nginx"
nginx binary file: "/usr/local/nginx/sbin/nginx"
nginx modules path: "/usr/local/nginx/modules"
nginx configuration prefix: "/usr/local/nginx/conf"
nginx configuration file: "/usr/local/nginx/conf/nginx.conf"
nginx pid file: "/usr/local/nginx/logs/nginx.pid"
nginx error log file: "/usr/local/nginx/logs/error.log"
nginx http access log file: "/usr/local/nginx/logs/access.log"
nginx http client request body temporary files: "client_body_temp"
nginx http proxy temporary files: "proxy_temp"
nginx http fastcgi temporary files: "fastcgi_temp"
nginx http uwsgi temporary files: "uwsgi_temp"
nginx http scgi temporary files: "scgi_temp"
# echo $?
0
- 編譯和安裝Nginx:
# make
# echo $?
0
# make install
# echo $?
0
- 編寫Nginx啟動指令碼,並加入系統服務:
# vim /etc/init.d/nginx #寫入下面內容
- 1
#!/bin/bash
# chkconfig: - 30 21
# description: http service.
# Source Function Library
. /etc/init.d/functions
# Nginx Settings
NGINX_SBIN="/usr/local/nginx/sbin/nginx"
NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
NGINX_PID="/usr/local/nginx/logs/nginx.pid"
RETVAL=0
prog="Nginx"
start()
{
echo -n $"Starting $prog: "
mkdir -p /dev/shm/nginx_temp
daemon $NGINX_SBIN -c $NGINX_CONF
RETVAL=$?
echo
return $RETVAL
}
stop()
{
echo -n $"Stopping $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -TERM
rm -rf /dev/shm/nginx_temp
RETVAL=$?
echo
return $RETVAL
}
reload()
{
echo -n $"Reloading $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -HUP
RETVAL=$?
echo
return $RETVAL
}
restart()
{
stop
start
}
configtest()
{
$NGINX_SBIN -c $NGINX_CONF -t
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
restart
;;
configtest)
configtest
;;
*)
echo $"Usage: $0 {start|stop|reload|restart|configtest}"
RETVAL=1
esac
exit $RETVAL
# chmod 755 /etc/init.d/nginx #更改啟動指令碼許可權
# chkconfig --add nginx #將Nginx加入系統服務項
# chkconfig nginx on #設定Nginx開機啟動
- 更改Nginx的配置檔案:
# > /usr/local/nginx/conf/nginx.conf # > 表示重定向,單獨使用時,可以把一個文字文件快速清空
# vim /usr/local/nginx/conf/nginx.conf #寫入下面內容
user nobody nobody;
worker_processes 2;
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 6000;
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 3526;
server_names_hash_max_size 4096;
log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
' $host "$request_uri" $status'
' "$http_referer" "$http_user_agent"';
sendfile on;
tcp_nopush on;
keepalive_timeout 30;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 8 4k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
client_max_body_size 10m;
client_body_buffer_size 256k;
client_body_temp_path /usr/local/nginx/client_body_temp;
proxy_temp_path /usr/local/nginx/proxy_temp;
fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
fastcgi_intercept_errors on;
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css text/htm
application/xml;
server
{
listen 80;
server_name localhost;
index index.html index.htm index.php;
root /usr/local/nginx/html;
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
}
}
}
# /usr/local/nginx/sbin/nginx -t #檢驗配置檔案是否有問題
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful #顯示上面兩行說明配置正確
- 啟動Nginx:
# service nginx start #啟動Nginx服務
Starting nginx (via systemctl): [ 確定 ] #如果不能啟動,可以檢視/usr/local/nginx/logs/error.log檔案
# ps aux |grep nginx #檢驗Nginx服務是否啟動
root 32821 0.0 0.0 20540 624 ? Ss 21:47 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody 32822 0.0 0.0 22984 3204 ? S 21:47 0:00 nginx: worker process
nobody 32823 0.0 0.0 22984 3204 ? S 21:47 0:00 nginx: worker process
root 32825 0.0 0.0 112720 984 pts/0 S+ 21:48 0:00 grep --color=auto nginx
可以看到,Nginx服務成功啟動。
- 測試是否正確解析PHP:
# vim /usr/local/nginx/html/1.php
<?php
echo "php解析正常";
?>
# curl localhost/1.php
php解析正常[root@localhost nginx-1.12.1]#
說明PHP解析正常。
4 Nginx配置
LNMP環境搭建好之後,其實僅僅是安裝上了軟體,我們還有很多具體的配置工作要做。
預設虛擬主機
預設虛擬主機指的是,任何一個域名指向這臺伺服器,只要是沒有對應的虛擬主機,就會由這個預設虛擬主機來處理。
與httpd相同,在Nginx中也有預設虛擬主機,並且類似的,第一個被Nginx載入的虛擬主機就是預設主機。但不同的是,它還有一個配置用來標記預設虛擬主機,也就是說,如果沒有這個標記,第一個虛擬主機為預設虛擬主機。
- 要先修改主配置檔案:
# vim /usr/local/nginx/conf/nginx.conf
include vhost/*.conf; #在結束符號 } 上面加入這行配置
}
上面那行配置就是載入/usr/local/nginx/conf/vhost/
下面的所有以.conf結尾的檔案,這樣我們就可以把所有虛擬主機的配置檔案放到vhost目錄下面了。
- 編輯預設主機配置檔案:
# mkdir /usr/local/nginx/conf/vhost
# cd /usr/local/nginx/conf/vhost
# vim default.conf #這裡是新檔案,寫入下面內容
server
{
listen 80 default_server; #有這個 default_server 標記的就是預設虛擬主機
server_name 123.com;
index index.html index.htm index.php;
root /data/nginx/default;
}
- 驗證上面配置:
# /usr/local/nginx/sbin/nginx -t #檢驗上面配置
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful #說明配置沒有問題
# /usr/local/nginx/sbin/nginx -s reload #過載配置,這樣就不用重啟了
# mkdir -p /data/nginx/default/
# echo "default" > /data/nginx/default/index.html #建立索引頁
# curl -x127.0.0.1:80 123.com
default
# curl -x192.168.33.128:80 123.com
default #這裡輸入127.0.0.1和192.168.33.128(linux的IP)都行
# curl -x127.0.0.1:80 aaa.com
default #訪問一個沒有定義過的域名,也會訪問到123.com
如果想讓瀏覽器訪問到這個,可以這樣:
# iptables -I INPUT -p tcp --dport 80 -j ACCEPT #開啟linux的80埠
然後再在瀏覽器上訪問即可
使用者認證
在使用者訪問網站的時候,需要輸入使用者名稱密碼才能順利訪問,一些重要的站點或網站後臺通常會加上使用者認證,目的當然是保障安全。
- 建立一個新的虛擬主機:
# cd /usr/local/nginx/conf/vhost/
# vim test.com.conf #這是新檔案,寫入下面內容
server
{
listen 80;
server_name test.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
location /
{
auth_basic "Auth"; #auth_basic開啟使用者認證
auth_basic_user_file /usr/local/nginx/conf/htpasswd; #指定使用者密碼檔案
}
}
- 驗證上面配置:
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# /usr/local/nginx/sbin/nginx -s reload
# yum install -y httpd #安裝httpd,因為生成密碼檔案需要用到htpasswd命令
# htpasswd -c /usr/local/nginx/conf/htpasswd lzx #建立lzx使用者,並設定密碼
New password:
Re-type new password:
Adding password for user lzx
# mkdir /data/nginx/test.com
# echo "test" > /data/nginx/test.com/index.html
# curl -x127.0.0.1:80 test.com -I
HTTP/1.1 401 Unauthorized #狀態碼401說明該網站需要驗證
Server: nginx/1.12.1
Date: Thu, 05 Jul 2018 08:06:39 GMT
Content-Type: text/html
Content-Length: 195
Connection: keep-alive
WWW-Authenticate: Basic realm="Auth"
開啟Windows的hosts檔案,加入一行:
192.168.33.128 test.com
然後在瀏覽器中訪問test.com
點選取消之後出現
輸入賬號密碼
然後出現
另外,如果是針對某個目錄做使用者認證,需要配置location後面的路徑:
location /admin/ #這裡以admin目錄為例
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
域名重定向
Nginx和httpd的域名重定向和httpd的類似。
- 配置虛擬主機檔案:
# vim test.com.conf
server
{
listen 80;
server_name test.com test1.com test2.com; #Nginx中,server_name 後面可以跟多個域名
index index.html index.htm index.php;
root /data/nginx/test.com;
if ($host != 'test.com')
{
rewrite ^/(.*)$ http://test.com/$1 permanent; #permanent為永久重定向,相當於httpd的R=301;還有個redirect,為臨時重定向,相當於R=302
}
}
- 驗證上面配置:
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# /usr/local/nginx/sbin/nginx -s reload
# curl -x127.0.0.1:80 test1.com/123.txt -I
HTTP/1.1 301 Moved Permanently #301 永久moved
Server: nginx/1.12.1
Date: Thu, 05 Jul 2018 08:41:51 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: http://test.com/123.txt #這裡變成test.com/123.txt
Nginx的訪問日誌
- 先檢視一下Nginx的日誌格式:
# grep -A2 log_format /usr/local/nginx/conf/nginx.conf
log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
' $host "$request_uri" $status'
' "$http_referer" "$http_user_agent"';
和httpd類似,也是在主配置檔案中定義的日誌格式
combined_realip 日誌格式的名字,後面可以呼叫它;
$remote_addr 訪問網站的使用者的出口ip;
$http_x_forwarded_for 代理伺服器的ip,如果使用了代理則會記錄代理的ip;
$time_local 當前的時間;
$host 訪問的主機名;
$request_uri 訪問的URL地址;
$status 狀態碼;
$http_referer referer地址;
$http_user_agent user_agent。
- 指定訪問日誌的路徑:
# cd /usr/local/nginx/conf/vhost/
# vim test.com.conf
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
if ($host != 'test.com')
{
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
access_log /tmp/1.log combined_realip; #使用access_log來指定日誌的儲存路徑,最後面指定日誌的格式名字
}
- 驗證上面配置:
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# /usr/local/nginx/sbin/nginx -s reload
# curl -x127.0.0.1:80 test.com/111
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.12.1</center>
</body>
</html>
# cat /tmp/1.log
127.0.0.1 - [06/Jul/2018:11:15:12 +0800] test.com "/111" 404 "-" "curl/7.29.0" #curl訪問記錄
192.168.33.1 - [06/Jul/2018:11:18:35 +0800] test.com "/" 200 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36" #Windows上面瀏覽器訪問記錄
192.168.33.1 - [06/Jul/2018:11:18:35 +0800] test.com "/favicon.ico" 404 "http://test.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
192.168.33.1 - [06/Jul/2018:11:18:41 +0800] test.com "/111" 404 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
Nginx的日誌比較簡單,但沒有像httpd那樣自帶的切割工具,要想切割Ngin日誌需要藉助系統的切割工具或自定義指令碼。
這裡我們自定義一個日誌切割指令碼:
# vim /usr/local/sbin/nginx_log_rotate.sh #寫入下面內容
#! /bin/bash
d= `data -d "-1 day" +%Y%m%d`
logdir="/data/logs" #假設Nginx的日誌存放路徑為/data/logs
nginx_pid="/usr/local/nginx/logs/nginx.log"
cd $logdir
for log in `ls *.log`
do
mv $log $log-$d
done
/bin/kill -HUP `cat $nginx_pid`
寫完指令碼之後,還需要增加任務計劃:
0 0 * * * /bin/bash /usr/local/sbin/nginx_log_rotate.sh
配置靜態檔案不記錄日誌並新增過期時間
- 修改虛擬主機配置檔案:
# vim test.com.conf
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
if ($host != 'test.com')
{
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ #指定對於的靜態檔案
{
expires 7d; #配置過期時間
access_log off; #off就不記錄訪問日誌了
}
location ~ .*\.(js|css)$
{
expires 12h;
access_log off;
}
access_log /tmp/1.log combined_realip;
}
- 驗證上面配置:
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# /usr/local/nginx/sbin/nginx -s reload
# echo "111" > /data/nginx/test.com/1.js #建立js檔案
# echo "222" > /data/nginx/test.com//2.jpg #建立jpg檔案
# touch /data/nginx/test.com/3.jss #建立一個對比檔案
# curl -x127.0.0.1:80 test.com/1.js -I
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Fri, 06 Jul 2018 03:52:47 GMT
Content-Type: application/javascript
Content-Length: 4
Last-Modified: Fri, 06 Jul 2018 03:50:55 GMT
Connection: keep-alive
ETag: "5b3ee71f-4"
Expires: Fri, 06 Jul 2018 15:52:47 GMT
Cache-Control: max-age=43200 #43200秒即12小時,js檔案過期時間為12h
Accept-Ranges: bytes
# curl -x127.0.0.1:80 test.com/2.jpg -I
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Fri, 06 Jul 2018 03:56:15 GMT
Content-Type: image/jpeg
Content-Length: 4
Last-Modified: Fri, 06 Jul 2018 03:51:35 GMT
Connection: keep-alive
ETag: "5b3ee747-4"
Expires: Fri, 13 Jul 2018 03:56:15 GMT
Cache-Control: max-age=604800 #jpg檔案過期時間為7天
Accept-Ranges: bytes
# curl -x127.0.0.1:80 test.com/3.jss -I #jss檔案無過期時間
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Fri, 06 Jul 2018 03:57:33 GMT
Content-Type: application/octet-stream
Content-Length: 0
Last-Modified: Fri, 06 Jul 2018 03:52:00 GMT
Connection: keep-alive
ETag: "5b3ee760-0"
Accept-Ranges: bytes
# cat /tmp/1.log
127.0.0.1 - [06/Jul/2018:11:15:12 +0800] test.com "/111" 404 "-" "curl/7.29.0"
192.168.33.1 - [06/Jul/2018:11:18:35 +0800] test.com "/" 200 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
192.168.33.1 - [06/Jul/2018:11:18:35 +0800] test.com "/favicon.ico" 404 "http://test.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
192.168.33.1 - [06/Jul/2018:11:18:41 +0800] test.com "/111" 404 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
127.0.0.1 - [06/Jul/2018:11:57:33 +0800] test.com "/3.jss" 200 "-" "curl/7.29.0"
這裡可以看到,並沒有js和jpg檔案的訪問日誌記錄。
Nginx防盜鏈
- 修改虛擬主機的配置檔案:
# vim test.com.conf
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
if ($host != 'test.com')
{
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
{
expires 7d;
valid_referers none blocked server_names *.test.com;
if ($invalid_referer)
{
return 403;
}
access_log off;
}
access_log /tmp/1.log combined_realip;
}
- 驗證上面配置:
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# /usr/local/nginx/sbin/nginx -s reload
# curl -x127.0.0.1:80 -e "http://123.com/1.txt" test.com/2.jpg -I #使用-e選項時,必須補全http://
HTTP/1.1 403 Forbidden
Server: nginx/1.12.1
Date: Fri, 06 Jul 2018 04:13:19 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
# curl -x127.0.0.1:80 -e "http://test.com/1.txt" test.com/2.jpg -I
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Fri, 06 Jul 2018 04:15:06 GMT
Content-Type: image/jpeg
Content-Length: 4
Last-Modified: Fri, 06 Jul 2018 03:51:35 GMT
Connection: keep-alive
ETag: "5b3ee747-4"
Expires: Fri, 13 Jul 2018 04:15:06 GMT
Cache-Control: max-age=604800 #過期時間為7d
Accept-Ranges: bytes
可以看到不僅有過期時間,還有防盜鏈的功能。
訪問控制
Nginx需要限制某些IP不能訪問或只允許某些IP訪問,配置訪問和httpd類似。
- 使訪問admin目錄的請求只允許192.168.33.128和127.0.0.1訪問:
location /admin/
{
allow 192.168.33.128;
allow 127.0.0.1;
deny all;
}
配置httpd的時候還有個order來先定義allow或deny,在Nginx中沒有,只要逐條匹配規則就結束了。
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# /usr/local/nginx/sbin/nginx -s reload
# mkdir /data/nginx/test.com/admin/
# echo "123" > /data/nginx/test.com/admin/1.html
# curl -x127.0.0.1:80 test.com/admin/1.html
123
# curl -x192.168.33.129:80 test.com/admin/1.html
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.12.1</center>
</body>
</html>
配置檔案中的IP也可以為IP段,比如可以寫成allow 192.168.33.0/24
。如果只是拒絕幾個IP,可以寫成這樣:
location /admin/
{
deny 192.168.33.128;
deny 127.0.0.1;
}
Nginx預設就是允許所有,所以不需要寫allow all
。
另外,還可以根據正則匹配來限制:
location ~ .*(abc|image)/.*\.php$ #禁止解析PHP
{
return 403;
}
|
為分隔符,表示“或”的意思,這樣就可以把訪問的URL中帶有abc或者image字串,並且是PHP的請求拒絕訪問。
在Nginx裡,也可以針對user_agent做一些限制:
if ($http_user_agent ~ `Spider/3.0|YoudaoBot|Tomato`)
{
return 403;
}
~
為匹配符,只要user_agent
中含有Spider3.0
或者YoudaoBot
或者Tomato
字串的,都會被拒絕。
Nginx解析PHP
在LNMP中,PHP是以一個服務(php—fpm)的形式存在的,首先要啟動php-fpm服務,然後Nginx再和php-fpm通訊。
下面是相關配置:
# vim test.com.conf
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
if ($host != 'test.com')
{
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/nginx/test.com$fastcgi_script_name;
}
access_log /tmp/1.log combined_realip;
}
其中fastcgi_pass
用來指定php-fom的地址,fastcgi_param SCRIPT_FILENAME
後面跟的路徑為該站點的根目錄,必須和前面定義的root的路徑保持一致,否則會報502錯誤。
Nginx代理
Nginx的代理功能非常實用,如果一個沒有公網IP的伺服器要提供web服務,就可以通過Nginx代理來實現。如果Nginx後面有多臺伺服器,如果同時代理,那Nginx在這裡就起到一個負載均衡的作用。
- 配置Nginx代理:
# cd /usr/local/nginx/conf/vhost/
# vim proxy.conf #寫入下面內容
server
{
listen 80;
server_name lzx.com;
location /
{
proxy_pass http://61.135.169.125/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Proxy_pass 指定要代理的域名所在的伺服器IP;
後面的三行為定義發往後端web服務取的請求頭,第二行必須有,否則代理不會成功,它表示後端web伺服器的域名和當前配置檔案中的server_name保持一致;
$remote_addr 訪問網站的使用者的出口ip;
$http_x_forwarded_for 代理伺服器的ip,如果使用了代理則會記錄代理的ip。
- 配置檔案儲存後,重新載入Nginx服務並驗證:
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# /usr/local/nginx/sbin/nginx -s reload
# curl -x127.0.0.1:80 123.com -I