首页 > 系统 > Linux >

LNMP环境搭建:Nginx安装、测试与域名配置

2017-03-06

LNMP环境搭建:Nginx安装、测试与域名配置,Nginx作为一款优秀的Web Server软件同时也是一款优秀的负载均衡或前端反向代理、缓存服务软件。

LNMP环境搭建:Nginx安装、测试与域名配置,Nginx作为一款优秀的Web Server软件同时也是一款优秀的负载均衡或前端反向代理、缓存服务软件。

2.编译安装Nginx

(1)安装Nginx依赖函数库pcre

pcre为“perl兼容正则表达式”perl compatible regular expresssions,安装其是为了使Nginx支持具备URI重写功能的rewrite模块,如果不安装Nginx将无法使用rewrite模块功能,但是该功能却十分有用和常用。

检查系统中是否有安装:

[root@leaf ~]# rpm -q pcre pcre-devel

上面可以看到并没有安装使用yum方式安装如下:

[root@leaf ~]# yum install pcre pcre-devel -y

......

Installed:

pcre-devel.x86_64 0:7.8-7.el6

Updated:

pcre.x86_64 0:7.8-7.el6

Complete!

安装完后检查一下是否已经成功安装:

[root@leaf ~]# rpm -q pcre pcre-devel

pcre-7.8-7.el6.x86_64

pcre-devel-7.8-7.el6.x86_64

可以看到已经安装成功。

(2)安装Nginx依赖函数库openssl-devel

Nginx在使用HTTPS服务的时候要用到此模块,如果不安装openssl相关包,安装过程中是会报错的。

检查系统是否有安装openssl相关包:

[root@leaf ~]# rpm -q openssl openssl-devel

openssl-1.0.1e-15.el6.x86_64

package openssl-devel is not installed

可以看到只是安装了opensslopenssl-devel还没有安装使用yum安装如下:

[root@leaf ~]# yum install -y openssl-devel

......

Complete!

再次检查:

[root@leaf ~]# rpm -q openssl openssl-devel

openssl-1.0.1e-48.el6_8.4.x86_64

openssl-devel-1.0.1e-48.el6_8.4.x86_64

可以看到都已经成功安装上。

(3)下载Nginx软件包

这里使用的Nginx版本为1.6.3,下载方式如下:

[root@leaf ~]# pwd

/root

[root@leaf ~]# mkdir tools

[root@leaf ~]# cd tools/

[root@leaf tools]# wget http://nginx.org/download/nginx-1.6.3.tar.gz

......

100%[======================================>] 805,253 220K/s in 3.6s

2017-02-24 12:10:26 (220 KB/s) - anginx-1.6.3.tar.gza saved [805253/805253]

查看下载的Nginx软件包:

[root@leaf tools]# ll

total 788

-rw-r--r--. 1 root root 805253 Apr 8 2015 nginx-1.6.3.tar.gz

当然上面的方式是使用wget方式直接下载,前提是已经知道了Nginx的下载地址,也可以到官网下载,然后再上传到我们的CentOS操作系统上。

(4)开始安装Nginx

可以先在根目录下创建一个/application文件夹用来存放我们安装的软件:

[root@leaf ~]# mkdir /application

[root@leaf ~]# ls -d /application/

/application/

解压缩

将我们刚刚下载的Nginx软件包解压缩:

[root@leaf tools]# tar -zxvf nginx-1.6.3.tar.gz

......

[root@leaf tools]# ls

nginx-1.6.3 nginx-1.6.3.tar.gz

使用./configure指定编译参数

先创建一个nginx用户用来安装完成后运行nginx使用:

[root@leaf tools]# useradd nginx -s /sbin/nologin -M

[root@leaf tools]# tail -1 /etc/passwd

nginx:x:500:500::/home/nginx:/sbin/nologin

# -s参数后的/sbin/nologin指定不允许nginx进行登陆

# -M参数则是在创建该用户时不创建用户家目录

使用configure命令指定编译参数:

[root@leaf nginx-1.6.3]# ./configure --user=nginx --group=nginx --prefix=/application/nginx-1.6.3/ --with-http_stub_status_module --with-http_ssl_module

对于配置时使用的参数可以通过./configure --help来进行查询,上面使用的参数解析如下:

--prefix=PATH # 指定安装路径

--user=USER # 设置用户进程权限

--group=GROUP # 设置用户组进程权限

--with-http_stub_status_module # 激活状态信息

--with-http_ssl_module # 激活ssl功能

使用make进行编译

[root@leaf nginx-1.6.3]# make

......

检查编译是否成功:

[root@leaf nginx-1.6.3]# echo $?

0

返回0即说明编译成功。

使用make install安装

[root@leaf nginx-1.6.3]# make install

......

检查安装是否成功:

[root@leaf nginx-1.6.3]# echo $?

0

返回0即说明安装成功。

建立安装目录的软链接

[root@leaf nginx-1.6.3]# ln -s /application/nginx-1.6.3/ /application/nginx

[root@leaf nginx-1.6.3]# ls -l /application/

total 4

lrwxrwxrwx. 1 root root 25 Feb 24 12:32 nginx -> /application/nginx-1.6.3/

drwxr-xr-x. 6 root root 4096 Feb 24 12:28 nginx-1.6.3

到此Nginx的编译安装工作已经全部完成了,下面就需要对安装结果进行验证了即验证Nginx是否可以正常提供服务。

3.测试Nginx服务

(1)启动Nginx服务前检查配置文件语法

如下:

[root@leaf ~]# /application/nginx/sbin/nginx -t

nginx: the configuration file /application/nginx-1.6.3//conf/nginx.conf syntax is ok

nginx: configuration file /application/nginx-1.6.3//conf/nginx.conf test is successful

(2)启动Nginx服务

[root@leaf ~]# /application/nginx/sbin/nginx

如果在启动Nginx服务时出现了问题可以查看Nginx的日志/application/nginx/logs/error.log,再根据日志提供的信息来进行解决。

(3)验证Nginx服务是否正常

查看已开启的端口信息

[root@leaf ~]# netstat -lnp | grep 80

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 6772/nginx

unix 2 [ ACC ] STREAM LISTENING 9180 1/init @/com/ubuntu/upstart

可以看到Nginx已经在侦听80端口。

查看Nginx进程

[root@leaf ~]# ps aux | grep nginx

root 6772 0.0 0.1 45028 1140 ? Ss 12:34 0:00 nginx: master process /application/nginx/sbin/nginx

nginx 6773 0.0 0.1 45460 1716 ? S 12:34 0:00 nginx: worker process

root 6777 0.0 0.0 103256 832 pts/1 S+ 12:36 0:00 grep nginx

在宿主机上使用浏览器进行测试

在我们宿主机的浏览器上输入http://10.0.0.101/,查看测试结果

可以正常访问,当然前提是CentOS上的防火墙功能已经关闭。

使用wget命令和curl命令测试

wget命令:

[root@leaf tools]# wget 127.0.0.1

--2017-02-24 12:41:05-- http://127.0.0.1/

Connecting to 127.0.0.1:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 612 [text/html]

Saving to: aindex.htmla

100%[======================================>] 612 --.-K/s in 0s

2017-02-24 12:41:05 (44.1 MB/s) - aindex.htmla saved [612/612]

currl命令:

[root@leaf tools]# curl 127.0.0.1

Welcome to nginx!

If you see this page, the nginx web server is successfully installed and

working. Further configuration is required.

For online documentation and support please refer to

nginx.org.

Commercial support is available at

nginx.com.

Thank you for using nginx.


从上面的结果可以说明Nginx已经正常部署并运行。

4.进一步测试修改Nginx显示的页面

通过修改/application/nginx/html下的index.html文件,我们就可以改变Nginx主页显示的内容,操作如下:

[root@leaf tools]# cd /application/nginx/html/

[root@leaf html]# ls

50x.html index.html

[root@leaf html]# mv index.html index.html.source

[root@leaf html]# echo "

Hello, I'm xpleaf.

">index.html

[root@leaf html]# ls

50x.html index.html index.html.source

[root@leaf html]# cat index.html

Hello, I'm xpleaf.

这时在宿主机操作系统上访问http://10.0.0.101/

(1)Nginx安装

1.安装Nginx依赖函数库pcre、openssl-devel

[root@leaf ~]# yum install -y pcre pcre-devel openssl openssl-devel

......

[root@leaf ~]# rpm -q pcre pcre-devel openssl openssl-devel

pcre-7.8-7.el6.x86_64

pcre-devel-7.8-7.el6.x86_64

openssl-1.0.1e-48.el6_8.4.x86_64

openssl-devel-1.0.1e-48.el6_8.4.x86_64

2.下载安装Nginx

这里使用Nginx1.6.3,如下:

# 下载Nginx

[root@leaf ~]# yum install -y wget

[root@leaf ~]# mkdir tools

[root@leaf ~]# cd tools/

[root@leaf tools]# wget

[root@leaf tools]# ll

总用量 788

-rw-r--r--. 1 root root 805253 4月 8 2015 nginx-1.6.3.tar.gz

# 解压缩

[root@leaf tools]# tar zxf nginx-1.6.3.tar.gz

[root@leaf tools]# ll

总用量 792

drwxr-xr-x. 8 1001 1001 4096 4月 7 2015 nginx-1.6.3

-rw-r--r--. 1 root root 805253 4月 8 2015 nginx-1.6.3.tar.gz

# 指定编译参数

[root@leaf tools]# yum install -y gcc # 需要先安装gcc

[root@leaf tools]# mkdir /application # 作为Nginx的安装目录

[root@leaf tools]# useradd nginx -s /sbin/nologin -M

[root@leaf tools]# tail -1 /etc/passwd

nginx:x:500:500::/home/nginx:/sbin/nologin

[root@leaf tools]# cd nginx-1.6.3

[root@leaf nginx-1.6.3]# ./configure --user=nginx --group=nginx --prefix=/application/nginx-1.6.3/ --with-http_stub_status_module --with-http_ssl_module

[root@leaf nginx-1.6.3]# echo $? # 结果输出0则说明命令执行成功

# 编译

[root@leaf nginx-1.6.3]# make

[root@leaf nginx-1.6.3]# echo $?

# 安装

[root@leaf nginx-1.6.3]# make install

[root@leaf nginx-1.6.3]# echo $?

# 建立安装目录的软链接

[root@leaf nginx-1.6.3]# ln -s /application/nginx-1.6.3/ /application/nginx

[root@leaf nginx-1.6.3]# ls -l /application/

总用量 4

lrwxrwxrwx. 1 root root 25 3月 4 04:28 nginx -> /application/nginx-1.6.3/

drwxr-xr-x. 6 root root 4096 3月 4 04:27 nginx-1.6.3

(2)Nginx测试

1.启动Nginx

[root@leaf ~]# /application/nginx/sbin/nginx -t # 检查配置文件

nginx: the configuration file /application/nginx-1.6.3//conf/nginx.conf syntax is ok

nginx: configuration file /application/nginx-1.6.3//conf/nginx.conf test is successful

[root@leaf ~]# /application/nginx/sbin/nginx # 启动Nginx服务

2.CentOS上验证Nginx服务

[root@leaf ~]# netstat -lntup | grep 80

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3929/nginx

[root@leaf ~]# curl localhost

Welcome to nginx!

If you see this page, the nginx web server is successfully installed and

working. Further configuration is required.

For online documentation and support please refer to

nginx.org.

Commercial support is available at

nginx.com.

Thank you for using nginx.

3.宿主机上验证Nginx服务

在宿主机浏览器上输入CentOS主机的IP地址10.0.0.101,如下:

(3)域名配置

因为要搭建一个博客服务,所以这里配置的域名为blog.xpleaf.org,操作过程如下:

1.最小化配置文件

[root@leaf ~]# cd /application/nginx/conf/

[root@leaf conf]# wc -l nginx.conf

117 nginx.conf

[root@leaf conf]# wc -l nginx.conf.default

117 nginx.conf.default

[root@leaf conf]# egrep -v "#|^$" nginx.conf.default >nginx.conf

[root@leaf conf]# wc -l nginx.conf

22 nginx.conf

[root@leaf conf]# cat nginx.conf

worker_processes 1;

events {

worker_connections 1024;

}

http {

include mime.types;

default_type application/octet-stream;

sendfile on;

keepalive_timeout 65;

server {

listen 80;

server_name localhost;

location / {

root html;

index index.html index.htm;

}

error_page 500 502 503 504 /50x.html;

location = /50x.html {

root html;

}

}

}

2.修改配置文件

修改nginx.conf,并且增加配置文件extra/blog.conf,如下:

[root@leaf conf]# cat nginx.conf

worker_processes 1;

events {

worker_connections 1024;

}

http {

include mime.types;

default_type application/octet-stream;

sendfile on;

keepalive_timeout 65;

include extra/blog.conf;

}

[root@leaf conf]# cat extra/blog.conf

server {

listen 80;

server_name blog.xpleaf.org;

location / {

root html/blog;

index index.html index.htm;

}

}

3.创建域名对应的站点目录及文件

[root@leaf conf]# cd ../html/

[root@leaf html]# mkdir blog

[root@leaf html]# echo "This page is: blog.xpleaf.org">blog/index.html

[root@leaf html]# cat blog/index.html

This page is: blog.xpleaf.org

4.重启Nginx服务

[root@leaf html]# /application/nginx/sbin/nginx -t

nginx: the configuration file /application/nginx-1.6.3//conf/nginx.conf syntax is ok

[root@leaf html]# /application/nginx/sbin/nginx -s reload # 平滑重启

5.CentOS 6.5上进行测试

先修改/etc/hosts文件:

[root@leaf html]# echo "127.0.0.1 blog.xpleaf.org" >>/etc/hosts

[root@leaf html]# tail -1 /etc/hosts

127.0.0.1 blog.xpleaf.org

再使用命令测试:

[root@leaf html]# curl blog.xpleaf.org

This page is: blog.xpleaf.org

[root@leaf html]# wget blog.xpleaf.org

--2017-03-04 04:58:42-- http://blog.xpleaf.org/

正在解析主机 blog.xpleaf.org... 127.0.0.1

正在连接 blog.xpleaf.org|127.0.0.1|:80... 已连接。

已发出 HTTP 请求,正在等待回应... 200 OK

长度:30 [text/html]

正在保存至: “index.html.1”

100%[====================================>] 30 --.-K/s in 0s

2017-03-04 04:58:42 (2.14 MB/s) - 已保存 “index.html.1” [30/30])

6.宿主机Windows 7上进行测试

同样是先修改hosts文件,Windows 7的hosts文件在C:\Windows\System32\drivers\etc,同样添加下面一行:

1

10.0.0.101 blog.xpleaf.org

使用浏览器访问blog.xpleaf.org,如下:

3.LNMP环境搭建:MySQL安装与基本安全优化

这里采用二进制安装的方式来安装MySQL,安装的版本为:MySQL Server 5.5.54,可以在https://dev.mysql.com/downloads/mysql/5.5.html#downloads中下载。

MySQL安装完成后会做一些基本的安全优化。

(1)MySQL安装

1.创建MySQL用户的账号

[root@leaf ~]# groupadd mysql

[root@leaf ~]# useradd -s /sbin/nologin -g mysql -M mysql

[root@leaf ~]# tail -1 /etc/passwd

mysql:x:501:501::/home/mysql:/sbin/nologin

2.下载MySQL

可以使用wget来进行安装,也可以先下载到Windows 7上,然后使用SecureCRT,在CentOS上使用rz命令(需要使用yum install -y lrzsz命令安装)上传到我们的CentOS上,其实不管哪一种方式,只要有方式获取到该安装包就可以了,下面使用的是wget获取安装包的方式:

[root@leaf tools]# wget

[root@leaf tools]# ls -l mysql-5.5.54-linux2.6-x86_64.tar.gz

-rw-r--r--. 1 root root 185911232 3月 3 13:34 mysql-5.5.54-linux2.6-x86_64.tar.gz

3.解压并移到指定目录

[root@leaf tools]# tar xf mysql-5.5.54-linux2.6-x86_64.tar.gz

[root@leaf tools]# mv mysql-5.5.54-linux2.6-x86_64 /application/mysql-5.5.54

[root@leaf tools]# ln -s /application/mysql-5.5.54/ /application/mysql

[root@leaf tools]# ls -l /application/

总用量 8

lrwxrwxrwx. 1 root root 26 3月 4 06:43 mysql -> /application/mysql-5.5.54/

drwxr-xr-x. 13 root root 4096 3月 4 06:42 mysql-5.5.54

lrwxrwxrwx. 1 root root 25 3月 4 04:28 nginx -> /application/nginx-1.6.3/

drwxr-xr-x. 11 root root 4096 3月 4 04:30 nginx-1.6.3

4.初始化MySQL配置文件

[root@leaf mysql]# cp support-files/my-small.cnf /etc/my.cnf

cp:是否覆盖"/etc/my.cnf"? y

5.初始化MySQL数据库文件

[root@leaf mysql]# mkdir -p /application/mysql/data/

[root@leaf mysql]# chown -R mysql.mysql /application/mysql

[root@leaf mysql]# yum install -y libaio # 安装MySQL依赖函数库,否则下面的初始化会失败

[root@leaf mysql]# /application/mysql/scripts/mysql_install_db --basedir=/application/mysql --datadir=/application/mysql/data --user=mysql

......

# 输出结果可以看到两个OK,即说明初始化成功

[root@leaf mysql]# echo $? # 或者通过该命令,输出为0,即说明上一个步骤的命令执行成功

0

# 上面之后可以看到/application/mysql/data/目录下生成的数据库文件

6.配置并启动MySQL数据库

#(1)设置MySQL启动脚本

[root@leaf mysql]# cp support-files/mysql.server /etc/init.d/mysqld

[root@leaf mysql]# chmod +x /etc/init.d/mysqld

[root@leaf mysql]# ls -l /etc/init.d/mysqld

-rwxr-xr-x. 1 root root 10875 3月 4 06:56 /etc/init.d/mysqld

#(2)替换启动脚本中MySQL默认的安装路径/usr/local/mysql

[root@leaf mysql]# sed -i 's#/usr/local/mysql#/application/mysql#g' /application/mysql/bin/mysqld_safe /etc/init.d/mysqld

#(3)启动MySQL数据库

[root@leaf mysql]# /etc/init.d/mysqld start

Starting MySQL.Logging to '/application/mysql/data/leaf.err'.

... SUCCESS!

#(4)检查MySQL数据库是否启动

[root@leaf mysql]# netstat -lntup | grep mysql

tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 4400/mysqld

#(5)查看日志

[root@leaf mysql]# tail -10 /application/mysql/data/leaf.err

InnoDB: Creating foreign key constraint system tables

InnoDB: Foreign key constraint system tables created

170304 7:00:28 InnoDB: Waiting for the background threads to start

170304 7:00:29 InnoDB: 5.5.54 started; log sequence number 0

170304 7:00:29 [Note] Server hostname (bind-address): '0.0.0.0'; port: 3306

170304 7:00:29 [Note] - '0.0.0.0' resolves to '0.0.0.0';

170304 7:00:29 [Note] Server socket created on IP: '0.0.0.0'.

170304 7:00:29 [Note] Event Scheduler: Loaded 0 events

170304 7:00:29 [Note] /application/mysql/bin/mysqld: ready for connections.

Version: '5.5.54' socket: '/tmp/mysql.sock' port: 3306 MySQL Community Server (GPL)

#(6)设置MySQL开机启动

[root@leaf mysql]# chkconfig --add mysqld

[root@leaf mysql]# chkconfig mysqld on

[root@leaf mysql]# chkconfig --list mysqld

mysqld 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭

#(7)配置mysql命令的全局使用路径(注意这里配置的是命令,前面配置的只是启动脚本)

[root@leaf mysql]# echo 'export PATH=/application/mysql/bin:$PATH' >>/etc/profile

[root@leaf mysql]# source /etc/profile

[root@leaf mysql]# echo $PATH

/application/mysql/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin

#(8)登陆MySQL测试

[root@leaf mysql]# mysql

Welcome to the MySQL monitor. Commands end with ; or \g.

Your MySQL connection id is 1

Server version: 5.5.54 MySQL Community Server (GPL)

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show databases;

+--------------------+

| Database |

+--------------------+

| information_schema |

| mysql |

| performance_schema |

| test |

+--------------------+

4 rows in set (0.05 sec)

mysql> select user(); # 查看当前登陆的用户

+----------------+

| user() |

+----------------+

| root@localhost |

+----------------+

1 row in set (0.00 sec)

mysql> select host, user from mysql.user;

+-----------+------+

| host | user |

+-----------+------+

| 127.0.0.1 | root |

| ::1 | root |

| leaf | |

| leaf | root |

| localhost | |

| localhost | root |

+-----------+------+

6 rows in set (0.00 sec)

mysql> quit

Bye

(2)MySQL基本安全优化

1.为root用户设置密码

1

[root@leaf mysql]# mysqladmin -u root password '123456'

2.清理无用的MySQL用户及数据库

[root@leaf mysql]# mysql -u root -p

Enter password:

Welcome to the MySQL monitor. Commands end with ; or \g.

Your MySQL connection id is 3

Server version: 5.5.54 MySQL Community Server (GPL)

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> select user, host from mysql.user;

+------+-----------+

| user | host |

+------+-----------+

| root | 127.0.0.1 |

| root | ::1 |

| | leaf |

| root | leaf |

| | localhost |

| root | localhost |

+------+-----------+

6 rows in set (0.00 sec)

mysql> drop user "root"@"::1";

Query OK, 0 rows affected (0.00 sec)

mysql> drop user ""@"leaf";

Query OK, 0 rows affected (0.00 sec)

mysql> drop user "root"@"leaf";

Query OK, 0 rows affected (0.01 sec)

mysql> drop user ""@"localhost";

Query OK, 0 rows affected (0.01 sec)

mysql> select user, host from mysql.user;

+------+-----------+

| user | host |

+------+-----------+

| root | 127.0.0.1 |

| root | localhost |

+------+-----------+

2 rows in set (0.00 sec)

mysql> flush privileges;

Query OK, 0 rows affected (0.00 sec)

# 删除无用的数据库

mysql> show databases;

+--------------------+

| Database |

+--------------------+

| information_schema |

| mysql |

| performance_schema |

| test |

+--------------------+

4 rows in set (0.00 sec)

mysql> drop database test;

Query OK, 0 rows affected (0.01 sec)

mysql> show databases;

+--------------------+

| Database |

+--------------------+

| information_schema |

| mysql |

| performance_schema |

+--------------------+

3 rows in set (0.00 sec)

到此为此,MySQL也安装完成了!

4.LNMP环境搭建:PHP(FastCGI方式)安装、配置与启动

(1)安装PHP依赖函数库

1.安装lib库

需要安装的lib库如下:

zlib-devel libxml2-devel libjpeg-devel libjpeg-turbo-devel libiconv-devel

freetype-devel libpng-devel gd-devel libcurl-devel libxslt-devel

其中除了libiconv库外,其他都可以通过yum的方式进行安装,安装如下:

# 使用yum安装除libiconv-devel之外的其它lib库

[root@leaf mysql]# yum install -y zlib-devel libxml2-devel libjpeg-devel libjpeg-turbo-devel libiconv-devel freetype-devel libpng-devel gd-devel libcurl-devel libxslt-devel

# 编译安装libiconv-devel

[root@leaf tools]# wget

[root@leaf tools]# tar zxf libiconv-1.14.tar.gz

[root@leaf tools]# cd libiconv-1.14

[root@leaf libiconv-1.14]# ./configure --prefix=/usr/local/libiconv

[root@leaf libiconv-1.14]# make

[root@leaf libiconv-1.14]# make install

2.安装libmcrypt库

[root@leaf ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo

[root@leaf ~]# yum install -y libmcrypt-devel

3.安装mhash加密扩展库

[root@leaf ~]# yum install -y mhash

4.安装mcrypt加密扩展库

[root@leaf ~]# yum install -y mcrypt

(2)安装PHP

使用的PHP版本号为5.3.27,如下:

1.下载PHP安装包

[root@leaf tools]# wget http://cn2.php.net/get/php-5.3.27.tar.gz/from/this/mirror

[root@leaf tools]# mv mirror php-5.3.27.tar.gz

[root@leaf tools]# ls -l php-5.3.27.tar.gz

-rw-r--r--. 1 root root 15008639 1月 21 2015 php-5.3.27.tar.gz

2.解压缩

[root@leaf tools]# tar zxf php-5.3.27.tar.gz

[root@leaf tools]# cd php-5.3.27

[root@leaf php-5.3.27]# pwd

/root/tools/php-5.3.27

3.配置PHP的安装参数

配置项非常多,如下:

./configure \

--prefix=/application/php5.3.27 \

--with-mysql=/application/mysql \

--with-iconv-dir=/usr/local/libiconv \

--with-freetype-dir \

--with-jpeg-dir \

--with-png-dir \

--with-zlib \

--with-libxml-dir=/usr \

--enable-xml \

--disable-rpath \

--enable-safe-mode \

--enable-bcmath \

--enable-shmop \

--enable-sysvsem \

--enable-inline-optimization \

--with-curl \

--with-curlwrappers \

--enable-mbregex \

--enable-fpm \

--enable-mbstring \

--with-mcrypt \

--with-gd \

--enable-gd-native-ttf \

--with-openssl \

--with-mhash \

--enable-pcntl \

--enable-sockets \

--with-xmlrpc \

--enable-zip \

--enable-soap \

--enable-short-tags \

--enable-zend-multibyte \

--enable-static \

--with-xsl \

--with-fpm-user=nginx \

--with-fpm-group=nginx \

--enable-ftp

可以将其直接复制到命令行进行配置,这样就可以减少出错的概率:

[root@leaf php-5.3.27]# ./configure \

> --prefix=/application/php5.3.27 \

> --with-mysql=/application/mysql \

> --with-iconv-dir=/usr/local/libiconv \

> --with-freetype-dir \

> --with-jpeg-dir \

> --with-png-dir \

> --with-zlib \

> --with-libxml-dir=/usr \

> --enable-xml \

> --disable-rpath \

> --enable-safe-mode \

> --enable-bcmath \

> --enable-shmop \

> --enable-sysvsem \

> --enable-inline-optimization \

> --with-curl \

> --with-curlwrappers \

> --enable-mbregex \

> --enable-fpm \

> --enable-mbstring \

> --with-mcrypt \

> --with-gd \

> --enable-gd-native-ttf \

> --with-openssl \

> --with-mhash \

> --enable-pcntl \

> --enable-sockets \

> --with-xmlrpc \

> --enable-zip \

> --enable-soap \

> --enable-short-tags \

> --enable-zend-multibyte \

> --enable-static \

> --with-xsl \

> --with-fpm-user=nginx \

> --with-fpm-group=nginx \

> --enable-ftp

......

+--------------------------------------------------------------------+

| License: |

| This software is subject to the PHP License, available in this |

| distribution in the file LICENSE. By continuing this installation |

| process, you are bound by the terms of this license agreement. |

| If you do not agree with the terms of this license, you must abort |

| the installation process at this point. |

+--------------------------------------------------------------------+

Thank you for using PHP.

4.编译PHP

[root@leaf php-5.3.27]# ln -s /application/mysql/lib/libmysqlclient.so.18

libmysqlclient.so.18 libmysqlclient.so.18.0.0

[root@leaf php-5.3.27]# ln -s /application/mysql/lib/libmysqlclient.so.18 /usr/lib64/

[root@leaf php-5.3.27]# touch ext/phar/phar.phar

[root@leaf php-5.3.27]# make

......

[root@leaf php-5.3.27]# echo $?

0

5.安装PHP

[root@leaf php-5.3.27]# make install

/root/tools/php-5.3.27/build/shtool install -c ext/phar/phar.phar /application/php5.3.27/bin

ln -s -f /application/php5.3.27/bin/phar.phar /application/php5.3.27/bin/phar

Installing PDO headers: /application/php5.3.27/include/php/ext/pdo/

......

[root@leaf php-5.3.27]# echo $?

0

(3)配置与启动PHP

1.设置PHP安装目录软链接

[root@leaf php-5.3.27]# ln -s /application/php5.3.27/ /application/php

[root@leaf php-5.3.27]# ls -l /application/php

lrwxrwxrwx. 1 root root 23 3月 4 08:59 /application/php -> /application/php5.3.27/

2.拷贝PHP配置文件到PHP默认目录

[root@leaf php-5.3.27]# cp php.ini-production /application/php/lib/php.ini

[root@leaf php-5.3.27]# ls -l /application/php/lib/php.ini

-rw-r--r--. 1 root root 69627 3月 4 09:00 /application/php/lib/php.ini

3.配置php-fpm.conf文件

[root@leaf php-5.3.27]# cd /application/php/etc/

[root@leaf etc]# ls

pear.conf php-fpm.conf.default

[root@leaf etc]# cp php-fpm.conf.default php-fpm.conf

4.启动PHP服务php-fpm

[root@leaf etc]# /application/php/sbin/php-fpm

5.检查启动进程与侦听端口号

[root@leaf etc]# ps -ef | grep php-fpm

root 129256 1 0 09:05 ? 00:00:00 php-fpm: master process (/application/php5.3.27/etc/php-fpm.conf)

nginx 129257 129256 0 09:05 ? 00:00:00 php-fpm: pool www

nginx 129258 129256 0 09:05 ? 00:00:00 php-fpm: pool www

root 129260 13743 0 09:06 pts/1 00:00:00 grep php-fpm

[root@leaf etc]# netstat -lntup | grep 9000

tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 129256/php-fpm

至此,PHP也安装完成了!LNMP的各个组件都安装好了,下面就要对LNMP环境进行测试了。

5.LNMP环境测试

(1)配置Nginx支持PHP程序请求访问

1.查看当前Nginx配置

[root@leaf etc]# cd /application/nginx/conf/

[root@leaf conf]# cat nginx.conf

worker_processes 1;

events {

worker_connections 1024;

}

http {

include mime.types;

default_type application/octet-stream;

sendfile on;

keepalive_timeout 65;

include extra/blog.conf;

}

[root@leaf conf]# cat extra/blog.conf

server {

listen 80;

server_name blog.xpleaf.org;

location / {

root html/blog;

index index.html index.htm;

}

}

2.修改extra/blog.conf配置文件

[root@leaf conf]# cat extra/blog.conf

server {

listen 80;

server_name blog.xpleaf.org;

location / {

root html/blog;

index index.html index.htm;

}

location ~ .*\.(php|php5)?$ {

root html/blog;

fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

include fastcgi.conf;

}

}

3.检查并启动Nginx

[root@leaf conf]# /application/nginx/sbin/nginx -t

nginx: the configuration file /application/nginx-1.6.3//conf/nginx.conf syntax is ok

nginx: configuration file /application/nginx-1.6.3//conf/nginx.conf test is successful

[root@leaf conf]# /application/nginx/sbin/nginx -s reload

(2)测试LNMP环境是否生效

1.配置域名站点目录

[root@leaf conf]# cd /application/nginx/html/blog/

[root@leaf blog]# echo "" >test_info.php

[root@leaf blog]# cat test_info.php

2.宿主机上在浏览器中输入地址http://blog.xpleaf.org/test_info.php进行访问

(3)测试PHP连接MySQL是否正常

1.编辑text_mysql.php

[root@leaf blog]# cat test_mysql.php

$link_id=mysql_connect('localhost', 'root', '123456');

if($link_id){

echo "mysql succesful by xpleaf !";

}else{

echo mysql_error();

}

?>

2.宿主机上在浏览器中输入地址http://blog.xpleaf.org/test_mysql.php进行访问

至此,LNMP环境搭建与测试完成了,下面就可以开始部署WordPress了!

6.部署WordPress

(1)MySQL数据库准备

1.登陆mysql

[root@leaf blog]# mysql -u root -p

Enter password:

Welcome to the MySQL monitor. Commands end with ; or \g.

Your MySQL connection id is 5

Server version: 5.5.54 MySQL Community Server (GPL)

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

2.创建数据库wordpress

mysql> create database wordpress;

Query OK, 1 row affected (0.32 sec)

mysql> show databases;

+--------------------+

| Database |

+--------------------+

| information_schema |

| mysql |

| performance_schema |

| wordpress |

+--------------------+

4 rows in set (0.00 sec)

3.创建wordpress blog管理用户

mysql> grant all on wordpress.* to wordpress@'localhost' identified by '123456';

Query OK, 0 rows affected (0.08 sec)

mysql> show grants for wordpress@'localhost';

+------------------------------------------------------------------------------------------------------------------+

| Grants for wordpress@localhost |

+------------------------------------------------------------------------------------------------------------------+

| GRANT USAGE ON *.* TO 'wordpress'@'localhost' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' |

| GRANT ALL PRIVILEGES ON `wordpress`.* TO 'wordpress'@'localhost' |

+------------------------------------------------------------------------------------------------------------------+

2 rows in set (0.00 sec)

4.刷新MySQL用户权限

mysql> flush privileges;

Query OK, 0 rows affected (0.31 sec)

5.检查MySQL登录用户

mysql> select user,host from mysql.user;

+-----------+-----------+

| user | host |

+-----------+-----------+

| root | 127.0.0.1 |

| root | localhost |

| wordpress | localhost |

+-----------+-----------+

3 rows in set (0.00 sec)

(2)Nginx配置准备

1.修改blog.conf配置文件

[root@leaf conf]# cat extra/blog.conf

server {

listen 80;

server_name blog.xpleaf.org;

location / {

root html/blog;

index index.php index.html index.htm;

}

location ~ .*\.(php|php5)?$ {

root html/blog;

fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

include fastcgi.conf;

}

}

# 相比前面的配置文件,只是在/下添加了index.php

# 不过需要注意的是,index.php一定要放在index关键字之后,

# 这样访问blog.xpleaf.org时,才会打开我们的WordPress页面

2.重启Nginx服务

[root@leaf conf]# /application/nginx/sbin/nginx -s reload

(3)配置WordPress

1.获取WordPress安装包

[root@leaf tools]# wget

[root@leaf tools]# ls -lh wordpress-4.7.2-zh_CN.tar.gz

-rw-r--r--. 1 root root 8.1M 1月 28 08:53 wordpress-4.7.2-zh_CN.tar.gz

2.解压缩与配置站点目录

[root@leaf tools]# cp wordpress-4.7.2-zh_CN.tar.gz /application/nginx/html/blog/

[root@leaf tools]# cd /application/nginx/html/blog/

[root@leaf blog]# tar zxf wordpress-4.7.2-zh_CN.tar.gz

[root@leaf blog]# ls

index.html test_mysql.php wordpress-4.7.2-zh_CN.tar.gz

test_info.php wordpress

[root@leaf blog]# rm -rf test_* wordpress-4.7.2-zh_CN.tar.gz # 删除无用的文件

[root@leaf blog]# ls

index.html wordpress

[root@leaf blog]# mv wordpress/* ./ # 将wordpress程序移到当前blog目录下

[root@leaf blog]# ls

index.html wp-admin wp-includes wp-signup.php

index.php wp-blog-header.php wp-links-opml.php wp-trackback.php

license.txt wp-comments-post.php wp-load.php xmlrpc.php

readme.html wp-config-sample.php wp-login.php

wordpress wp-content wp-mail.php

wp-activate.php wp-cron.php wp-settings.php

[root@leaf blog]# ls -l

总用量 196

-rw-r--r--. 1 root root 30 3月 4 04:54 index.html

-rw-r--r--. 1 nobody 65534 418 9月 25 2013 index.php

-rw-r--r--. 1 nobody 65534 19935 1月 3 02:51 license.txt

-rw-r--r--. 1 nobody 65534 6956 1月 28 08:53 readme.html

drwxr-xr-x. 2 nobody 65534 4096 3月 4 09:50 wordpress

......

3.对blog下所有文件授予nginx用户和组的权限

[root@leaf blog]# chown -R nginx.nginx ../blog/

[root@leaf blog]# ls -l

总用量 196

-rw-r--r--. 1 nginx nginx 30 3月 4 04:54 index.html

-rw-r--r--. 1 nginx nginx 418 9月 25 2013 index.php

-rw-r--r--. 1 nginx nginx 19935 1月 3 02:51 license.txt

-rw-r--r--. 1 nginx nginx 6956 1月 28 08:53 readme.html

drwxr-xr-x. 2 nginx nginx 4096 3月 4 09:50 wordpress

......

(4)安装WordPress

在宿主机浏览器上输入地址:http://blog.xpleaf.org,如下:

接下来的安装都是非常人性化的,点击“现在就开始”,出现下面的页面:

填好信息后,点击“提交”,如下:

点击“进行安装”,接下来就会让我们填写一些信息,如下:

点击“安装WordPress”,之后就会显示如下页面:

显示上面的页面,就说明我们的WordPress安装成功了!接下来就可以好好管理自己的个人WordPress博客站点了!

7.下一步要做什么

可以在云主机上,如腾讯云或者阿里云上搭建LNMP环境,再部署一个WordPress博客程序,为了达到域名访问的效果,可以购买一个域名,然后自己搭建DNS服务器,这会是非常不错的体验!

接下来就可以考虑对LNMP进行优化了。

Nginx功能非常强大,仅仅是通过主配置文件nginx.conf的使用就可以体现出来,为了方便学习和查漏,将其主配置文件的完整内容列出来,并加上个人的一些理解以作为笔记,从而去加深记忆。

1.Nginx主配置文件与说明

如下:

#user nobody;

# ====================================Main区==================================== #

# Main区为Nginx核心功能模块

worker_processes 1; # worker进程的数量

#error_log logs/error.log; # Nginx错误日志配

#error_log logs/error.log notice; # notice, info为错误日志级别

#error_log logs/error.log info; # 一般使用warn|error|crit这三个级别

#pid logs/nginx.pid;

# ====================================Main区==================================== #

# ====================================events区==================================== #

# events区为Nginx核心功能模块

events {

worker_connections 1024; # 每个worker进程支持的最大连接数

}

# ====================================events区==================================== #

# ====================================HTTP区==================================== #

# http区为Nginx核心功能模块

http {

include mime.types; # Nginx支持的媒体类型库文件

default_type application/octet-stream; # 默认的媒体类型

# =========访问日志配置======== #

# 开始这三行为日志格式

#log_format main '$remote_addr - $remote_user [$time_local] "$request" '

# '$status $body_bytes_sent "$http_referer" '

# '"$http_user_agent" "$http_x_forwarded_for"';

# 这一行为记录日志的参数,第一个参数为关键字参数,第二个为日志目录,第三个为使用的日志格式

#access_log logs/access.log main;

# =========访问日志配置======== #

sendfile on; # 开启高效传输模式

#tcp_nopush on;

#keepalive_timeout 0;

keepalive_timeout 65; # 连接超时时间

#gzip on;

server { # server区块,表示一个独立的虚拟主机站点

listen 80; # 提供服务的端口

server_name localhost; # 提供服务的域名主机名

#charset koi8-r;

#access_log logs/host.access.log main;

location / { # location区块

root html; # 站点的根目录,相当于Nginx的安装目录

index index.html index.htm; # 默认的首页文件,多个用空格分开

}

# [扩展功能1:实现Nginx status] #

##status

server{

listen 80;

server_name status.etiantian.org;

location / {

stub_status on;

access_log off;

}

}

# [扩展功能1:实现Nginx status] #

#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html

#

error_page 500 502 503 504 /50x.html; # 出现对应的http状态码时,使用50x.html回应客户

location = /50x.html { # location区块,访问50x.html

root html; # 指定对应的站点目录为html

}

# proxy the PHP scripts to Apache listening on 127.0.0.1:80

#

#location ~ \.php$ {

# proxy_pass http://127.0.0.1;

#}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000

#

#location ~ \.php$ {

# root html;

# fastcgi_pass 127.0.0.1:9000;

# fastcgi_index index.php;

# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;

# include fastcgi_params;

#}

# deny access to .htaccess files, if Apache's document root

# concurs with nginx's one

#

#location ~ /\.ht {

# deny all;

#}

}

# another virtual host using mix of IP-, name-, and port-based configuration

#

#server {

# listen 8000;

# listen somename:8080;

# server_name somename alias another.alias;

# location / {

# root html;

# index index.html index.htm;

# }

#}

# HTTPS server

#

#server {

# listen 443 ssl;

# server_name localhost;

# ssl_certificate cert.pem;

# ssl_certificate_key cert.key;

# ssl_session_cache shared:SSL:1m;

# ssl_session_timeout 5m;

# ssl_ciphers HIGH:!aNULL:!MD5;

# ssl_prefer_server_ciphers on;

# location / {

# root html;

# index index.html index.htm;

# }

#}

}

# ====================================HTTP区==================================== #

vim /usr/local/nginx/conf/nginx.conf 文件下:

worker_processes 1;

worker_rlimit_nofile 100000;

events {

worker_connections 2048;

multi_accept on;

use epoll;

}

http {

server_tokens off;

sendfile on;

tcp_nopush on;

tcp_nodelay on; (提升速类)

access_log off;

error_log error.log crit;

keepalive_timeout 10; (如果客户打开该网页,长时间没请求,占着不用。服务端可以设置多长时间,断掉该客户端连接)

client_header_timeout 10;

client_body_timeout 10;

reset_timedout_connection on;

send_timeout 10;

include mime.types;

default_type text/html;

charset UTF-8;

gzip on; (压缩页面中 大于1000字节 压缩格式类型)([root@proxe conf]# vim /usr/local/nginx/conf/mime.types, application/msword doc;)

gzip_disable "msie6";

gzip_proxied any;

gzip_min_length 1000;

gzip_comp_level 6;

gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss

text/javascript;

client_header_buffer_size 1k;(当头部信息比较大,报414错时 加上这条和下面这条 )

large_client_header_buffers 4 4k;

open_file_cache max=100000 inactive=20s;

open_file_cache_valid 60s;

open_file_cache_min_uses 2;

open_file_cache_errors off;

server {

listen 80;

server_name localhost;

location / {

root html;

index index.html index.htm;

}

error_page 500 502 503 504 /50x.html;

location = /50x.html {

root html;

}

}

}

worker_processes 1; (cpu核心数量一致)

linux最大打开文件数量1024

worker_connections 65556;

ulimit -a (系统默认值)

...

open files 1024

++++++++++++

优化案例:

+++++++++++++

———————————————————————————————————————————

做并发连接数

1.[root@proxe conf]# vim /usr/local/nginx/conf/nginx.conf

events {

worker_connections 10000;

}

[root@proxe conf]# nginx -s reload

2.vim /etc/security/limits.conf (最下面有模板)

* soft nofile 100000

* hard nofile 100000

3.

ulimit -a

ulimit -Hn 100000

ulimit -Sn 100000

ulimit -a

[root@proxe conf]# ab -c 5000 -n 5000 http://192.168.4.5/ (OK)

压力测试:ab (yum中下一个httpd-tools)

[root@proxe conf]# ab -c 50 -n 5000 http://192.168.4.5/

——————————————————————————————————

安全设置 (屏蔽nginx版本号)

[root@proxe conf]# curl -I 192.168.4.5

HTTP/1.1 302 Moved Temporarily

Server: nginx/1.8.0

Date: Thu, 16 Feb 2017 13:36:21 GMT

Content-Type: text/html

Content-Length: 160

Connection: keep-alive

Location: http://www.b.com/b.html

[root@proxe conf]# vim /usr/local/nginx/conf/nginx.conf

http {

server_tokens off; (加这个屏蔽版本号)

include mime.types;

default_type application/octet-stream;

[root@proxe conf]# nginx -s reload

[root@proxe conf]# curl -I 192.168.4.5

HTTP/1.1 302 Moved Temporarily

Server: nginx

Date: Thu, 16 Feb 2017 13:36:42 GMT

Content-Type: text/html

Content-Length: 154

Connection: keep-alive

Location: http://www.b.com/b.html

———————————————————————————————————————————————————————————

解决客户机访问头部信息过长的问题。

当访问时输入的地址头部信息过长时报414错误时,查看buffer,默认时为1,改成下面这两行就行。若是发现本来buffers就设置为4 4k时,

不用再改了,可能是别人恶意攻击,最大 不要改到4 8k)

client_header_buffer_size 1k;(当头部信息比较大,报414错时 加上这条和下面这条 )

large_client_header_buffers 4 4k;

————————————————————————————————————————————————————————————

在客户机上做缓存

在服务器中设置格式为pdf|jpg|mp3|png的文件,使打开该格式页面文件的客户机浏览器中缓存30天(一般只做静态缓存)

[root@proxe ~]# vim /usr/local/nginx/conf/nginx.conf

location ~ \.(pdf|jpg|mp3|png) ${

expires 30d;

}

[root@proxe ~]# cp knowledge\ point\(2.1\).pdf /usr/local/nginx/html/a.pdf

[root@proxe ~]# nginx -s reload

[root@host ~]# firefox http://192.168.4.5/a.pdf

在打开的浏览器(firefox)地址栏中:输入 about:cache 可以看到刚打开的页面 找到它可以看到从哪天保存到哪天。(做实验时先把浏览器缓存清空)

——————————————————————————————————

防止盗链

Referer:告诉服务器,从哪里来

访问新浪:可以直接访问新浪,也可从百度中链接过去,但referer不一样。

------>sina

baidu ----->sina

referer:www.baidu.com

referer:www.sina.com

www.youku.com www.letv.com

www.bird.org :所有资源(做链接),搜索功能 目的是扩大自己网站的影响和点击,让别人知道自己域名。

防止盗链

vaild_referers (有效的 允许链接)

if 拒绝的

实验操作:

location ~*\. (pdf|jpg|mp3|png|flv) ${

vaild_referers none blocked www.tarena.com;

if($invalid_referer){

rewrite ^/ http:www.a.com/a.html

}

}

————————————————————————————————————————————————————————

使用Nginx可以配置基于域名的虚拟主机、基于端口的虚拟主机和基于端口的虚拟主机,比较常用的是基于域名的虚拟主机,这里要做的配置是基于域名的虚拟主机,并且是配置多个基于域名的虚拟主机。

2.配置一个基于域名的虚拟主机与测试

先启动Nginx,验证服务是否正常:

[root@leaf ~]# /application/nginx/sbin/nginx

[root@leaf ~]# netstat -lnp | grep 80

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 6881/nginx

unix 2 [ ACC ] STREAM LISTENING 9180 1/init @/com/ubuntu/upstart

[root@leaf ~]# curl localhost

Hello, I'm xpleaf.

[root@leaf ~]# LANG=en

[root@leaf ~]# wget localhost

--2017-02-24 13:33:43-- http://localhost/

Resolving localhost... ::1, 127.0.0.1

Connecting to localhost|::1|:80... failed: Connection refused.

Connecting to localhost|127.0.0.1|:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 28 [text/html]

Saving to: `index.html.1'

100%[======================================>] 28 --.-K/s in 0s

2017-02-24 13:33:43 (1.87 MB/s) - `index.html.1' saved [28/28]

从上面的输出可以看到,此时Nginx是可以正常运行和提供服务的。

(1)实验准备:最小化Nginx的主配置文件nginx.conf

Nginx的配置文件在安装目录下的conf目录中:

[root@leaf ~]# tree /application/nginx

/application/nginx

|-- client_body_temp

|-- conf

| |-- fastcgi.conf

| |-- fastcgi.conf.default

| |-- fastcgi_params

| |-- fastcgi_params.default

| |-- koi-utf

| |-- koi-win

| |-- mime.types

| |-- mime.types.default

| |-- nginx.conf

| |-- nginx.conf.default

| |-- scgi_params

| |-- scgi_params.default

| |-- uwsgi_params

| |-- uwsgi_params.default

| `-- win-utf

|-- fastcgi_temp

|-- html

| |-- 50x.html

| |-- index.html

| `-- index.html.source

|-- logs

| |-- access.log

| |-- error.log

| `-- nginx.pid

|-- proxy_temp

|-- sbin

| `-- nginx

|-- scgi_temp

`-- uwsgi_temp

nginx.conf便是主配置文件,nginx.conf.default则是它的备份,该配置文件有数百行:

1

2

[root@leaf conf]# wc -l nginx.conf

117 nginx.conf

为了学习的方便,可以考虑将其注释内容去掉:

[root@leaf conf]# egrep -v "#|^$" nginx.conf.default >nginx.conf

[root@leaf conf]# cat nginx.conf

worker_processes 1;

events {

worker_connections 1024;

}

http {

include mime.types;

default_type application/octet-stream;

sendfile on;

keepalive_timeout 65;

server {

listen 80;

server_name localhost;

location / {

root html;

index index.html index.htm;

}

error_page 500 502 503 504 /50x.html;

location = /50x.html {

root html;

}

}

}

[root@leaf conf]# wc -l nginx.conf

22 nginx.conf

去掉了注释和空白行后只有22行,就很方便我们待会做实验时进行配置了。

(2)修改配置文件

假设我们的Nginx为站点www.xpleaf.cn服务,则可以将主配置文件修改为如下:

[root@leaf conf]# cat nginx.conf

worker_processes 1;

events {

worker_connections 1024;

}

http {

include mime.types;

default_type application/octet-stream;

sendfile on;

keepalive_timeout 65;

server {

listen 80;

server_name www.xpleaf.com;

location / {

root html/www;

index index.html index.htm;

}

}

}

主要是修改了第12行和第14行,其中第14行说明该站点的根目录的html文件在html/www/目录中。

(3)创建域名对应的站点目录及文件

[root@leaf nginx]# cd html/

[root@leaf html]# mkdir www

[root@leaf html]# echo "This page is: www.xpleaf.cn">www/index.html

[root@leaf html]# cat www/index.html

This page is: www.xpleaf.cn

(4)重新启动Nginx服务

[root@leaf html]# /application/nginx/sbin/nginx -t # 检查Nginx配置语法

nginx: the configuration file /application/nginx-1.6.3//conf/nginx.conf syntax is ok

nginx: configuration file /application/nginx-1.6.3//conf/nginx.conf test is successful

[root@leaf html]# /application/nginx/sbin/nginx -s reload # 优雅重启Nginx

(5)在CentOS 6.5上进行测试

因为上面我们设置的域名www.xpleaf.cn实际是可能不存在,但为了达到测试的目的,即当访问www.xpleaf.cn时,能够解析到我们CentOS上的IP地址,从而可以访问其上面的Nginx服务,达到访问Nginx虚拟主机的目的,所以在CentOS上进行测试时,我们需要修改/etc/hosts文件,让www.xpleaf.cn解析为CentOS的IP地址:

[root@leaf html]# echo "127.0.0.1 www.xpleaf.cn" >>/etc/hosts

[root@leaf html]# tail -1 /etc/hosts

127.0.0.1 www.xpleaf.cn

此时,在CentOS上使用curl命令和wget命令来访问www.xpleaf.cn,查看测试结果:

[root@leaf html]# curl www.xpleaf.cn

This page is: www.xpleaf.cn

[root@leaf html]# wget www.xpleaf.cn

--2017-02-24 13:58:29-- http://www.xpleaf.cn/

Resolving www.xpleaf.cn... 127.0.0.1

Connecting to www.xpleaf.cn|127.0.0.1|:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 28 [text/html]

Saving to: `index.html.1'

100%[======================================>] 28 --.-K/s in 0s

2017-02-24 13:58:29 (2.24 MB/s) - `index.html.1' saved [28/28]

从输出结果可以知道,此时Nginx成功地为域名为www.xpleaf.cn的虚拟主机提供了服务。

(6)在Windows 7主机上进行测试

为了达到前面说的目的,在Windows操作系统上同样需要修改hosts文件,Windows 7的hosts文件在C:\Windows\System32\drivers\etc,同样添加下面一行:

1

10.0.0.101 www.xpleaf.cn

这时在浏览器中输入地址www.xpleaf.cn,查看返回的结果:

wKiom1ixs6jzW6yTAAAjHHKgIE8656.png

可以看到,可以正常访问。

3.配置多个基于域名的虚拟主机与测试

上面的实验中只有一个站点www.xpleaf.cn,假如还有两个站点bbs.xpleaf.cn和log.xpleaf.cn,

同样需要Nginx来提供服务,这时就需要配置多个基于域名的虚拟主机了,不过有了上面的基础后,下面

的操作就会容易很多,因为思路都是一样的。

(1)修改主配置文件nginx.conf

在前面的基础上,修改为如下:

[root@leaf conf]# cat nginx.conf

worker_processes 1;

events {

worker_connections 1024;

}

http {

include mime.types;

default_type application/octet-stream;

sendfile on;

keepalive_timeout 65;

server {

listen 80;

server_name www.xpleaf.com;

location / {

root html/www;

index index.html index.htm;

}

}

server {

listen 80;

server_name bbs.xpleaf.com;

location / {

root html/bbs;

index index.html index.htm;

}

}

server {

listen 80;

server_name blog.xpleaf.com;

location / {

root html/blog;

index index.html index.htm;

}

}

}

(2)创建域名对应的站点目录及文件

[root@leaf html]# mkdir bbs

[root@leaf html]# echo "This page is: bbs.xpleaf.cn" >bbs/index.html

[root@leaf html]# mkdir blog

[root@leaf html]# echo "This page is: blog.xpleaf.cn" >blog/index.html

[root@leaf html]# cat bbs/index.html blog/index.html

This page is: bbs.xpleaf.cn

This page is: blog.xpleaf.cn

(3)重新启动Nginx服务

[root@leaf html]# /application/nginx/sbin/nginx -t # 检查Nginx配置语法

nginx: the configuration file /application/nginx-1.6.3//conf/nginx.conf syntax is ok

nginx: configuration file /application/nginx-1.6.3//conf/nginx.conf test is successful

[root@leaf html]# /application/nginx/sbin/nginx -s reload # 优雅重启Nginx

(4)在CentOS 6.5上进行测试

在原来基础上,修改/etc/hosts文件,在127.0.0.1地址后添加bbs.xpleaf.cn和blog.xpleaf.cn两个域名:

[root@leaf html]# tail -1 /etc/hosts

127.0.0.1 www.xpleaf.cn bbs.xpleaf.cn blog.xpleaf.cn

使用curl命令和wget命令进行测试:

[root@leaf html]# curl bbs.xpleaf.cn

This page is: www.xpleaf.cn

[root@leaf html]# curl blog.xpleaf.cn

This page is: www.xpleaf.cn

[root@leaf html]# wget bbs.xpleaf.cn

--2017-02-24 14:19:54-- http://bbs.xpleaf.cn/

Resolving bbs.xpleaf.cn... 127.0.0.1

Connecting to bbs.xpleaf.cn|127.0.0.1|:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 28 [text/html]

Saving to: `index.html.2'

100%[======================================>] 28 --.-K/s in 0s

2017-02-24 14:19:54 (2.37 MB/s) - `index.html.2' saved [28/28]

[root@leaf html]# wget blog.xpleaf.cn

--2017-02-24 14:20:00-- http://blog.xpleaf.cn/

Resolving blog.xpleaf.cn... 127.0.0.1

Connecting to blog.xpleaf.cn|127.0.0.1|:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 28 [text/html]

Saving to: `index.html.3'

100%[======================================>] 28 --.-K/s in 0s

2017-02-24 14:20:00 (2.24 MB/s) - `index.html.3' saved [28/28]

从上面结果可以知道,Nginx为各个虚拟主机正常提供服务。

(5)在Windows 7主机上进行测试

在原来基础上,修改hosts文件,如下:

1

10.0.0.101 www.xpleaf.cn bbs.xpleaf.cn blog.xpleaf.cn

在浏览器上分别访问各个域名,查看其返回结果:

访问www.xpleaf.cn:

访问bbs.xpleaf.cn:

访问blog.xpleaf.cn:

可以看到访问每个域名都返回了期待的页面,说明测试成功!

6.进阶:Nginx虚拟主机的别名配置

所以虚拟主机别名,就是为虚拟主机设置除了主域名以外的一个或多个域名名字,这样就能实现用户访问的多个域名对应同一个虚拟主机网站的功能。

以www.xpleaf.cn为例,希望添加一个别名xpleaf.cn,这样当访问xpleaf.cn时,和访问www.xpleaf.cn得到的结果是一样的。

其实配置的思路非常简单,只需要在上面nginx.conf配置文件中www.xpleaf.cn的server域中再添加一个xpleaf.cn的域名就可以了,如下:

server {

listen 80;

server_name www.xpleaf.com xpleaf.cn;

location / {

root html/www;

index index.html index.htm;

}

}

测试的话依然按照前面的方法进行,即先检查Nginx配置文件、平滑重启Nginx服务、配置hosts文件,最后通过命令行或浏览器的方式进行验证,因为跟前面是一样的,所以这里就不展开了。

5.下一步要做什么

可以考虑配置与测试基于端口的虚拟主机和基于IP地址的虚拟主机,其实只要把上面的弄清楚了,再做这些配置就会容易很多了。

grep -v "#" nginx.conf

user nobody;

worker_processes 8;

error_log /data/log/nginx/error.log notice;

pid logs/nginx.pid;

events {

worker_connections 20000;

}

http {

include mime.types;

default_type application/octet-stream;

log_format main '$remote_addr - $remote_user $upstream_response_time $request_time [$time_local] "$request" '

'$status $body_bytes_sent "$http_referer" '

'"$http_user_agent" "$http_x_forwarded_for"';

access_log /data/log/nginx/access.log main;

limit_req_zone $binary_remote_addr zone=allips:10m rate=10r/m;

gzip on;

server_names_hash_bucket_size 128;

client_header_buffer_size 32k;

large_client_header_buffers 4 32k;

client_max_body_size 8m;

sendfile on;

tcp_nopush on;

tcp_nodelay on;

fastcgi_connect_timeout 300;

fastcgi_send_timeout 300;

fastcgi_read_timeout 300;

fastcgi_buffer_size 64k;

fastcgi_buffers 4 64k;

fastcgi_busy_buffers_size 128k;

fastcgi_temp_file_write_size 128k;

chunked_transfer_encoding off;

server_tokens off;

upstream bbnews{

server 106.51.33.116:9091;

keepalive 60;

}

upstream xinhuasite{

server 106.51.33.124:80;

keepalive 60;

}

upstream bbimg2{

server 106.51.33.117:80;

server 106.51.33.120:80;

}

server {

listen 80;

location /M00{

alias /data/fastdfs_storaged;

ngx_fastdfs_module;

}

location / {

root html;

index index.html index.htm;

}

error_page 500 502 503 504 /50x.html;

location = /50x.html {

root html;

}

location ~ \.php$ {

fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

include fastcgi_params;

}

location /server_status{

stub_status on;

access_log off;

allow 18.168.21.118;

allow 127.0.0.1;

deny all;

}

}

server {

listen 80;

server_name bimg.haoren.com bimg4.haoren.com;

set $root_path /usr/local/nginx/html/webxinhua_static/public;

index index.html;

root $root_path;

location /M00{

alias /data/fastdfs_storaged;

ngx_fastdfs_module;

}

location /assets{

add_header "Access-Control-Allow-Origin" "bb.haoren.com,xinhua.haoren.com,bbimg.haoren.com";

add_header "Access-Control-Allow-Credentials" "true";

}

gzip_disable "MSIE [1-6].";

gzip_types text/plain application/x-javascript text/css text/javascript image/jpeg image/gif image/png video/mp4;

}

server {

listen 80;

server_name imgcheck.ztsafe.com;

set $root_path /data/img;

index index.html;

root $root_path;

location /M00{

alias /data/fastdfs_storaged;

ngx_fastdfs_module;

}

location /assets{

add_header "Access-Control-Allow-Origin" "bb.haoren.com,xinhua.haoren.com,bbimg.haoren.com";

add_header "Access-Control-Allow-Credentials" "true";

}

gzip_disable "MSIE [1-6].";

gzip_types text/plain application/x-javascript text/css text/javascript image/jpeg image/gif image/png video/mp4;

}

server {

listen 80;

server_name bimg2.haoren.com;

index index.html index.php;

location /{

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header NetType-WT 1;

proxy_pass http://bimg2;

}

}

server {

listen 80;

listen 443 ssl;

server_name xinhua.haoren.com bb.haoren.com 2b.haoren.com b.haoren.com bian.tv www.xinhua.tv 10.51.103.11;

set $root_path /usr/local/nginx/html/webxinhua_deploy/public;

ssl_certificate /usr/local/nginx/conf/ssl/dbz.haoren.com.cn_bundle.crt;

ssl_certificate_key /usr/local/nginx/conf/ssl/dbz.haoren.com.cn.key;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_prefer_server_ciphers on;

ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;

ssl_session_timeout 5m;

if ( $http_user_agent ~ "(MIDP)|(WAP)|(UP.Browser)|(Smartphone)|(Obigo)|(Mobile)|(AU.Browser)|(wxd.Mms)|(WxdB.Browser)|(CLDC)|(UP.Link)|(KM.Browser)|(UCWEB)|(SEMC\-Browser)|(Mini)|(Symbian)|(Palm)|(Nokia)|(Panasonic)|(MOT\-)|(SonyEricsson)|(NEC\-)|(Alcatel)|(Ericsson)|(BENQ)|(BenQ)|(Amoisonic)|(Amoi\-)|(Capitel)|(PHILIPS)|(SAMSUNG)|(Lenovo)|(Mitsu)|(Motorola)|(SHARP)|(WAPPER)|(LG\-)|(LG/)|(EG900)|(CECT)|(Compal)|(kejian)|(Bird)|(BIRD)|(G900/V1.0)|(Arima)|(CTL)|(TDG)|(Daxian)|(DAXIAN)|(DBTEL)|(Eastcom)|(EASTCOM)|(PANTECH)|(Dopod)|(Haier)|(HAIER)|(KONKA)|(KEJIAN)|(LENOVO)|(Soutec)|(SOUTEC)|(SAGEM)|(SEC\-)|(SED\-)|(EMOL\-)|(INNO55)|(ZTE)|(iPhone)|(Android)|(Windows CE)|(Wget)|(Java)|(curl)|(Opera)" )

{

}

index index.html index.php;

root $root_path;

location ~* ^/login$ {

return 404;

}

location ~* ^/login/xinhua$ {

limit_req zone=allips;

try_files $uri $uri/ @rewrite;

}

location ~* ^/backend {

deny 11.130.19.9;

deny 14.141.19.95;

allow 106.51.33.156;

allow 18.168.21.18;

allow 18.168.12.45;

allow 18.168.12.17;

try_files $uri $uri/ @rewrite;

}

location /news/{

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_pass http://bbnews;

}

location /html/{

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_pass http://xinhuasite;

}

location ^~/gamehall/{

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_pass http://xinhuasite;

}

try_files $uri $uri/ @rewrite;

location @rewrite {

rewrite ^/(.*)$ /index.php?_url=/$1;

}

location ~ \.php$ {

fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

fastcgi_param REQUEST_URI $uri?$args;

include fastcgi_params;

}

}

}


相关文章
最新文章
热点推荐