本節會用到的軟體壓縮包:mysql-5.6.45-linux-glibc2.12-x86_64.tar.gz
一、安裝MySQL
#cd /usr/local/src/
#tar zxvf mysql-5.6.45-linux-glibc2.12-x86_64.tar.gz
#mv mysql-5.6.45-linux-glibc2.12-x86_64 /usr/local/mysql
#useradd -s /sbin/nologin mysql
#cd /usr/local/mysql
#mkdir -p /data/mysql
#chown -R mysql:mysql /data/mysql/
#yum install -y perl-Module-Install //建議提前安裝否則下一步會報錯
#./scripts/mysql_install_db --user=mysql --datadir=/data/mysql
#cp support-files/my-default.cnf /etc/my.cnf
#cp support-files/mysql.server /etc/init.d/mysqld
#chmod 755 /etc/init.d/mysqld //修改檔案權限
#vim /etc/init.d/mysqld
修改:datadir=/data/mysql
#chkconfig --add mysqld //在系統服務項中加入啟動腳本
#chkconfig mysqld on //設定開機自啟動mysql
#service mysqld start //啟動mysql
#ps aux |grep mysqld //查看mysql是否啟動
二、安裝PHP
#cd /usr/local/src/
#tar zxf php-5.6.30.tar.gz
#useradd -s /sbin/nologin php-fpm //添加用戶
#cd php-5.6.30
#yum install -y gcc
#yum install -y libxml2-devel
#yum install -y openssl-devel
#yum install -y bzip2 bzip2-devel
#yum install -y libpng libpng-devel
#yum install -y freetype freetype-devel
#yum install -y epel-release
#yum install -y libmcrypt-devel
//建議提前安裝以上工具,否則會報錯
#make &&make install //編譯安裝
#echo $? //回傳值為0
#cp php.ini-production /usr/local/php-fpm/etc/php.ini
#vim /usr/local/php-fpm/etc/php-fpm.conf
修改:
[global]
pid = /usr/local/php-fpm/var/run/php-fpm.pid
error_log = /usr/local/php-fpm/var/log/php-fpm.log
[www]
listen = /tmp/php-fcgi.sock
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
# /usr/local/php-fpm/sbin/php-fpm -t
# cp /usr/local/src/php-5.6.30/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
# chmod 755 /etc/init.d/php-fpm //修改檔案權限
# useradd -s /sbin/nologin php-fpm //添加用戶
# service php-fpm start //啟動服務
# chkconfig php-fpm on //設定開機自啟
# ps aux |grep php-fpm //查看是否啟動
三、安裝Nginx
#cd /usr/local/src/
#yum install -y wget //安裝wget工具
#wget http://nginx.org/download/nginx-1.10.3.tar.gz //下載nginx安裝包
#tar zxvf nginx-1.10.3.tar.gz //解壓nginx
#cd nginx-1.10.3
#./configure --prefix=/usr/local/nginx //配置編譯選項
#make && make install //編譯安裝
#vi /etc/init.d/nginx
以下為增加的內容
#!/bin/bash
# chkconfig: - 30 21
# description: http service.
# Source Function Library
. /etc/init.d/functions
# Nginx Settings
NGINX_SBIN="/usr/local/nginx/sbin/nginx"
NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
NGINX_PID="/usr/local/nginx/logs/nginx.pid"
RETVAL=0
prog="Nginx"
start()
{
echo -n $"Starting $prog: "
mkdir -p /dev/shm/nginx_temp
daemon $NGINX_SBIN -c $NGINX_CONF
RETVAL=$?
echo
return $RETVAL
}
·
stop()
{
echo -n $"Stopping $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -TERM
rm -rf /dev/shm/nginx_temp
RETVAL=$?
echo
return $RETVAL
}
reload()
{
echo -n $"Reloading $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -HUP
RETVAL=$?
echo
return $RETVAL
}
restart()
{
stop
start
}
configtest()
{
$NGINX_SBIN -c $NGINX_CONF -t
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
restart
;;
configtest)
configtest
;;
*)
echo $"Usage: $0 {start|stop|reload|restart|configtest}"
RETVAL=1
esac
exit $RETVAL
#chmod 755 /etc/init.d/nginx //修改檔案權限
#chkconfig nginx on //開啟nginx服務
#chkconfig --add nginx //設定開機自啟
#> /usr/local/nginx/conf/nginx.conf //清空檔案內容
#vim /usr/local/nginx/conf/nginx.conf //重新編輯檔案內容
以下為增加內容
user nobody nobody;
worker_processes 2;
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 6000;
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 3526;
server_names_hash_max_size 4096;
log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
' $host "$request_uri" $status'
' "$http_referer" "$http_user_agent"';
sendfile on;
tcp_nopush on;
keepalive_timeout 30;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 8 4k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
client_max_body_size 10m;
client_body_buffer_size 256k;
client_body_temp_path /usr/local/nginx/client_body_temp;
proxy_temp_path /usr/local/nginx/proxy_temp;
fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
fastcgi_intercept_errors on;
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css text/htm
application/xml;
server
{
listen 80;
server_name localhost;
index index.html index.htm index.php;
root /usr/local/nginx/html;
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
}
}
}
注意千萬不要錯了
#/usr/local/nginx/sbin/nginx -t //驗證是否成功
#service nginx start //開啟nginx服務
#ps aux |grep nginx //檢測nginx是否啟動
#vi /usr/local/nginx/html/2.php //編輯一個php檔案
#curl localhost/2.php // 測驗nginx是否決議成功
四、Nginx配置
1.默認虛擬主機
#vi /usr/local/nginx/conf/nginx.conf //編輯
在檔案最后面}前添加include vhost/*.conf;
#mkdir /usr/local/nginx/conf/vhost //創建目錄
#cd /usr/local/nginx/conf/vhost/
#vi default.conf //修改組態檔
以下為增加內容:
server
{
listen 80 default_server; //監聽80埠
server_name aaa.com; //全部跳轉到aaa.com
index index.html index.htl index.php;
root /data/nginx/default;
}
#/usr/local/nginx/sbin/nginx -t //檢驗
#/usr/local/nginx/sbin/nginx -s reload
#mkdir -p /data/nginx/default
#touch /data/nginx/default/index.html
#echo "defaule_server" > /data/nginx/default/index.html
#curl -x127.0.0.1:80 aaa.com
2.用戶認證
#cd /usr/local/nginx/conf/vhost/
#vi test.com.conf //創建新的虛擬主機
以下為增加內容
server
{
listen 80;
server_name test.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
location /
{
auth_basic "Auth"; //打開認證
auth_basic_user_file /usr/local/nginx/conf/htpasswd; //指定用戶密碼檔案
}
}
#yum install -y httpd
#htpasswd -c /usr/local/nginx/conf/htpasswd jl //設定密碼
#/usr/local/nginx/sbin/nginx -t //驗證
#/usr/local/nginx/sbin/nginx -s reload
#mkdir /data/nginx/test.com //創建網頁存盤位置檔案夾
#echo "test.com" > /data/nginx/test.com/index.html //輸入網頁內容
#curl -I -x127.0.0.1:80 test.com //測驗用戶認證是否成功
在去瀏覽器登陸之前,在自己本地的hosts檔案中加入虛擬機ip和地址
如果無法訪問,可以關閉防火墻之后,進行嘗試,
#setenforce 0 //關閉防火墻
#systemctl stop firewalld
3.域名重定向
#vi test.com.conf //編輯修改
以下為增加內容
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
if ($host != 'test.com' ){
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
}
#/usr/local/nginx/sbin/nginx -t
#/usr/local/nginx/sbin/nginx -s reload
#curl -x127.0.0.1:80 test1.com/123.txt -I
4.Nginx訪問日志
#grep -A2 log_format /usr/local/nginx/conf/nginx.conf
#vi test.com.conf
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
# curl -x127.0.0.1:80 test.com/111
以下為新增內容
<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>
# cat /tmp/1.log
#! /bin.bash
##假設nginx日志存放路徑為/data/logs/
d=`date -d ""-1 day" +%Y%m%d`
logdir="/data/logs"
nginx_pid="/usr/local/nginx/logs/nginx.pid"
cd $logdir
for log in `ls *.log`
do
mv $llog-$d
done
/bin/kill -HUP `cat $nginx_pid`
添加任務計劃:
crontab -e
no crontab for root - using an empty one
0 0 * * * /bin/bash /usr/local/sbin/nginx_log_rotate.sh
5.配置靜態檔案不記錄日志并添加過期時間
# vi test.com.conf
以下為新增內容
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
location ~ .*\.(gif|jpeg|png|bmp|swf)$
{
expires 7d;
access_log off;
}
location ~ .*\.(js|css)$
{
expires 12h;
access_log off;
}
access_log /tmp/1.log combined_realip;
}
# /usr/local/nginx/sbin/nginx -t
# echo "dddddddddd" > /data/nginx/test.com/1.js
# echo "aaaaaaaaaa" > /data/nginx/test.com/2.jpg
# touch /data/nginx/test.com/1.jss //對比檔案
# curl -I -udai:a -x127.0.0.1:80 test.com/1.js //由于前面設定了用戶認證這里加上用戶名密碼才能正常訪問
給的回應是200 OK但是沒有沒有顯示過期時間,這里重繪一下組態檔,
6.Nginx防盜鏈
#vi test.com.conf
以下為新增內容
location ~ .*\.(gif|jpg|png|bmp|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
{
expires 7d;
valid_referers none blocked server_names *.test.com; //有效的地址
if ($invalid_referer) { //否則回傳值為403
return 403;
}
access_log off;
}
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
# curl -x127.0.0.1:80 -I -e "http://aaa.com/1.txt" test.com/2.jpg
# curl -x127.0.0.1:80 -I -e "http://test.com/1.txt" test.com/2.jpg
# curl -x127.0.0.1:80 -I -e "http://aaa.com/1.txt" test.com/2.jpg
以下為新增內容
HTTP/1.1 403 Forbidden
Server: nginx/1.12.2
Date: Mon, 07 Dec 2020 15:45:36 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
# curl -x127.0.0.1:80 -I -e "http://test.com/1.txt" test.com/2.jpg
以下為新增內容
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 07 Dec 2020 15:46:36 GMT
Content-Type: image/jpeg
Content-Length: 11
Last-Modified: Mon, 07 Dec 2020 14:48:23 GMT
Connection: keep-alive
ETag: "5fce40b7-b"
Expires: Mon, 14 Dec 2020 15:46:36 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
7.訪問控制
只允許192.168.222.150和127.0.0.1訪問/dai/目錄
#vi test.com.conf
以下為新增加內容
location /jl/ //這里會從上到下逐一進行匹配
{
allow 192.168.222.150; //允許192.168.222.150進行訪問
allow 127.0.0.1; //允許127.0.0.1訪問
deny all; //不允許訪問
}
#mkdir /data/nginx/test.com/jl/ //創建被限制的目錄
#echo "daiqh" > /data/nginx/test.com/dai/1.html //創建網頁
#/usr/local/nginx/sbin/nginx -t //重新加載組態檔
#/usr/local/nginx/sbin/nginx -s reload
#curl -x192.168.222.150:80 test.com/jl/1.html
403為正常狀態
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>
#curl -x127.0.0.1:80 test.com/jl/1.html
以下為新增內容
Jlqh
只拒絕幾個IP
location /jl/
{
deny 192.168.29.1;
deny 127.0.0.1;
}
正則匹配限制
location ~ .*(abc|image)/.*\.php$
{
deny all;
}
小括號里面的豎線為分隔符,是或者的意思,這樣就可以把訪問URL中帶有abc或者image字串,并且是PHP的請求拒絕訪問,這還能起到禁止決議PHP的作用
針對user_agent做限制
if ($http_user_agent ~ 'Spider/3.0|YouddaoBot|Tomato')
{
return 403;
}
~為匹配符號,只要user_agent中含有spider/3.0或者YouddaoBot,Tomato字串的就會被拒絕,return 403 為,直接回傳403狀態碼,
8.Nginx決議php
#vi test.com.conf
以下為新增內容
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
if ($host != 'test.com' ){
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/phpfcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/nginx/test.com$fastcgi_script_name;
}
access_log /tmp/1.log combined_realip;
}
五、php-fpm配置
1、php-fpm的pool
php-fpm可以支持多個pool 每一個pool監聽一個埠,也可以監聽一個socket,
#vi /usr/local/php-fpm/etc/php-fpm.conf
以下為新增內容
[global]
pid = /usr/local/php-fpm/var/run/php-fpm.pid
error_log = /usr/local/php-fpm/var/log/php-fpm.log
include = etc/php-fpm.d/*.conf
#mkdir /usr/local/php-fpm/etc/php-fpm.d //創建組態檔存放目錄
#cd /usr/local/php-fpm/etc/php-fpm.d
#vi www.conf
以下為新增內容
[www]
listen = /tmp/www.sock
listen.mode=666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
#vi jl.conf
以下為新增內容
[jl]
listen = /tmp/jl.sock
listen.mode=666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
#/usr/local/php-fpm/sbin/php-fpm -t //檢驗是否有問題
[08-Dec-2020 09:31:34] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful
#/etc/init.d/php-fpm restart //重啟php-fpm服務
#ls /tmp/*.sock
/tmp/dai.sock /tmp/mysql.sock /tmp/php-fcgi.sock
2.php-fpm慢日志執行
#vi /usr/local/php-fpm/etc/php-fpm.d/www.conf
request_slowlog_timeout = 1
slowlog = /usr/local/php-fpm/var/log/www-slow.log
**第一行定義的時超時時間,即php-fpm執行超過一秒就紀錄日志,第二行第一慢執行路徑和名字,
3.Php-fpm定義open_basedir
目的就是為了安全
#vim /usr/local/php-fpm/etc/php-fpm.d/jl.conf
在最后加入php_admin_value[open_basedir]=/data/www/:/tmp/
4.Php-fpm行程管理
pm = dynamic //定義php-fpm的子行程啟動模式,dynamic為動態模式,
根據實際需求,動態的增加或者減少子行程,最多不超過pm.max_children定義的數值
pm.max_children = 50 //另外一種是static,這種模式下子行程數量由pm.max_children決定,一次性啟動這么多,不增加也不減少
pm.start_servers = 20 //針對dynamic模式,定義在啟動服務時產生的子行程的數量
pm.min_spare_servers = 5 //針對dynamic模式,定義空閑時子行程的最小值
pm.max_spare_servers = 35 //針對dynamic模式,定義空閑時子行程的最大值
pm.max_requests = 500 //針對dynamic模式,定義一個子行程最多處理的請求數,達到這個數值時,它會自動退出
轉載請註明出處,本文鏈接:https://www.uj5u.com/ruanti/316514.html
標籤:其他
上一篇:什么是mqtt