lnamp服務架構下配置多站點+阿里雲免費證書
1.關於lnamp架構介紹
linux+nginx+apache+mysql+php
2.給大家分享一個這種架構的一鍵安裝指令碼ezhttp
下載地址:https://www.oschina.net/p/ezhttp
備用下載地址:https://github.com/centos-bz/ezhttp
3.多站點配置:
nginx配置:
error_log logs/error.log error ; pid logs/nginx.pid; user www; worker_processes auto; worker_rlimit_nofile 51200; events { use epoll; worker_connections 51200; } http { client_body_buffer_size 32k; client_header_buffer_size 2k; client_max_body_size 2m; default_type application/octet-stream; log_not_found off; server_tokens off; include mime.types; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.0; gzip_comp_level 2; gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml application/rss+xml application/xhtml+xml application/atom_xml; gzip_vary on; #error_page 500 502 503 504 /50x.html; log_format access '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" $http_x_forwarded_for'; server { listen 80 default_server; server_name localhost; index index.php index.html index.htm; root /home/wwwroot/; location ~ .*\.(php|php5)?$ { proxy_pass http://127.0.0.1:88; include proxy.conf; } } include vhost/*.conf; }
nginx多站點配置:
|------nginc.conf
|-----------|vhost
|-----------|vhost-------|abc.com.config
|-----------|vhost-------|bcd.com.config
|-----------|vhost-------|efg.com.config
abc.com.config
server { server_name abc.com; listen 80; listen 443 ssl; ssl_certificate /usr/local/nginx/certificate/abc.com/1657267_abc.com.pem ; #crt檔案位置 ssl_certificate_key /usr/local/nginx/certificate/abc.com/1657267_abc.com.key ;#key檔案位置 ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; index index.php index.html index.htm; root /home/wwwroot/abc/; location / { try_files /index.html @apache; } location @apache { internal; proxy_pass http://127.0.0.1:88; include proxy.conf; } location ~ .*\.(php|php5)?$ { proxy_pass http://127.0.0.1:88; include proxy.conf; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; } location ~ .*\.(js|css)?$ { expires 12h; } access_log /home/wwwlog/abc.com/access_nginx.log access; error_log /home/wwwlog/abc.com/error_nginx.log error; }
bcd.com.config(參考abc.com.config)
efg.com.config(參考abc.com.config)
apache配置:
ServerRoot "/usr/local/apache"
Listen 127.0.0.1:88
LoadModule deflate_module modules/mod_deflate.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule php5_module modules/libphp5.so
<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
User www
Group www
</IfModule>
</IfModule>
ServerAdmin [email protected]
ServerName localhost:80
DocumentRoot "/usr/local/apache/htdocs"
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<Directory "/usr/local/apache/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" common
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"
</IfModule>
<IfModule cgid_module>
</IfModule>
<Directory "/usr/local/apache/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
DefaultType text/plain
<IfModule mime_module>
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
Addtype application/x-httpd-php .php
</IfModule>
Include conf/extra/httpd-vhosts.conf
Include conf/extra/httpd-ssl.conf
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
apache多站點配置:
|------nginc.conf
|-----------|vhost
|-----------|vhost-------|abc.com.config
|-----------|vhost-------|bcd.com.config
|-----------|vhost-------|efg.com.config
abc.com.config
<VirtualHost 127.0.0.1:88>
ServerName abc.com
ServerAlias abc.com
DocumentRoot /home/wwwroot/abc/
DirectoryIndex index.php index.html index.htm
<Directory /home/wwwroot/abc/>
Options +Includes -Indexes
AllowOverride All
Order Deny,Allow
Allow from All
php_admin_value open_basedir /home/wwwroot/abc/:/tmp:/proc
</Directory>
ErrorLog /home/wwwlog/abc.com/error_apache.log
TransferLog /home/wwwlog/abc.com/access_apache.log
</VirtualHost>
4.lnamp架構證書安裝
看似完美的一機負載均衡,那麼問題來了,lnamp架構如何安裝證書呢?
只給nginx安裝證書?或者只給apache安裝證書?或者兩者都安裝?
大家知道https協議的預設訪問埠是 443 ,如果給apache和nginx都安裝證書,那麼會存在端口占用問題,導致伺服器不能啟動
我的做法是隻在nginx監聽443埠,nginx配置證書。見abc.com.config檔案的證書配置
listen 443 ssl;
ssl_certificate /usr/local/nginx/certificate/abc.com/1657267_abc.com.pem ; #crt檔案位置
ssl_certificate_key /usr/local/nginx/certificate/abc.com/1657267_abc.com.key ;#key檔案位置
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
index index.php index.html index.htm;
本人也在質疑這種配置方式,但是線上專案能正常執行成功,歡迎大家嘗試我的配置方法,如果不能安裝成功,請在部落格下方留言,我再研究改進