Nginx实验-2

Nginx中的变量

变量可以分为内置变量和自定义变量

内置变量是由nginx模块自带,通过变量可以获取到众多的与客户端访问相关的值

root@nginx \~\]# cd /usr/local/nginx/ \[root@nginx nginx\]# cd conf.d/ \[root@nginx conf.d\]# ls status.conf vhost.conf \[root@nginx conf.d\]# vim vars.conf server { listen 80; server_name var.hh.org; root /data/web/html; index index.html; location /var { default_type text/html; echo "why not let me go oh"; } } \[root@nginx conf.d\]# vim /etc/hosts 在Linux中做解析 172.25.254.100 nginx.hui.org www.huihui.org hx.hx.org var.hh.org 测试: \[root@nginx conf.d\]# curl var.hh.org/var why not let me go oh > #nginx的内置变量 > > server { > > listen 80; > > server_name var.timinglee.org; > > root /data/web/html; > > index index.html; > > location /var { > > default_type text/html; > > echo $remote_addr; > > echo $args; > > echo $is_args; > > echo $document_root; > > echo $document_uri; > > echo $host; > > echo $remote_port; > > echo $remote_user; > > echo $request_method; > > echo $request_filename; > > echo $request_uri; > > echo $scheme; > > echo $server_protocol; > > echo $server_addr; > > echo $server_name; > > echo $server_port; > > echo $http_user_agent; > > echo $http_cookie; > > echo $cookie_key2; > > } > > } #nginx自定义变量 server { listen 80; server_name var.timinglee.org; root /data/web/html; index index.html; location /var { default_type text/html; set $hh hui; echo $hh; } } 返回值 \[root@nginx conf.d\]# curl -b "key1=x,key2=y1" -u lee:lee var.hh.org/var?name=hui\&\&id=6666 why not let me go oh 172.25.254.100 name=hui ? /data/web/html /var var.hh.org 34140 lee GET /data/web/html/var /var?name=hui http HTTP/1.1 172.25.254.100 var.hh.org 80 curl/7.76.1 key1=x,key2=y1 ### Nginx Rewrite模块功能 **if** **指令** 注意: #如果$变量的值为空字符串或0,则if指令认为该条件为false,其他条件为true。 #nginx 1.0.1之前$变量的值如果以0开头的任意字符串会返回false eg:if判定 \[root@nginx conf.d\]# vim vars.conf location /test2 { if ( !-e $request_filename ){ echo "$request_filename is not exist"; return 409; } } \[root@nginx conf.d\]# nginx -s reload > \[root@nginx conf.d\]# curl var.hh.org/test2 > > \ > > \\409 Conflict\\ > > \ > > \\409 Conflict\\ > > \\nginx/1.26.2\ > > \ > > \ \[root@nginx conf.d\]# curl var.hh.org/test2 /data/web/html/test2 is not exist 文件不存在 \[root@nginx conf.d\]# mkdir -p /data/web/html/test2/ \[root@nginx conf.d\]# echo test2 \> /data/web/html/test2/index.html \[root@nginx conf.d\]# curl var.hh.org/test2/index.html test2 **set** **指令** 指定key并给其定义一个变量,变量可以调用Nginx内置变量赋值给key(#自定义变量) set $name hui; echo $name; 返回值 hui **break** **指令** eg:break \[root@nginx conf.d\]# vim vars.conf location /break { default_type text/html; set $name love; echo $name; #break; set $id 666; echo $id; } \[root@nginx conf.d\]# nginx -s reload 返回值 \[root@nginx conf.d\]# curl var.hh.org/break love 666 location /break { default_type text/html; set $name love; echo $name; break; set $id 666; echo $id; } \[root@nginx conf.d\]# nginx -s reload \[root@nginx conf.d\]# curl var.hh.org/break love \[root@nginx conf.d\]# vim vars.conf location /break { default_type text/html; set $name love; echo $name; if ( $http_user_agent = "curl/7.76.1" ){ break; } set $id 666; echo $id; } \[root@nginx conf.d\]# curl var.hh.org/break love \[root@nginx conf.d\]# curl -A "firefox" var.hh.org/break love 666 **return** **指令** \[root@nginx conf.d\]# vim vars.conf location /return { default_type text/html; if ( !-e $request_filename){ return 301 http://www.baidu.com; #没有找到文件就访问百度 } echo "$request_filename is exist"; } \[root@nginx conf.d\]# nginx -s reload \[root@nginx conf.d\]# curl -I var.hh.org/return HTTP/1.1 301 Moved Permanently Server: nginx/1.26.2 Date: Mon, 19 Aug 2024 06:23:53 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive Keep-Alive: timeout=60 Location: [百度一下,你就知道](http://www.baidu.com "百度一下,你就知道") 没有查找到文件,访问百度 \[root@nginx conf.d\]# mkdir -p /data/web/html/return \[root@nginx conf.d\]# curl -I var.hh.org/return HTTP/1.1 200 OK Server: nginx/1.26.2 Date: Mon, 19 Aug 2024 06:33:04 GMT Content-Type: text/html Connection: keep-alive Keep-Alive: timeout=60 Vary: Accept-Encoding **rewrite** **指令** 通过正则表达式的匹配来改变URI,可以同时存在一个或多个指令,按照顺序依次对URI进行匹配, rewrite主要是针对用户请求的URL或者是URI做具体处理 语法格式 : rewrite regex replacement \[flag\]; **flag** **说明** > redirect;#临时重定向 重写完成后以临时重定向方式直接返回重写后生成的新URL给客户端 > 浏览器里不会存放重写产生的新的配置文件信息 > permanent; #重写完成后以永久重定向方式直接返回重写后生成的新URL给客户端 > #由客户端重新发起请求,状态码:301 > break;#重写完成后,停止对当前URL在当前location中后续的其它重写操作 > #而后直接跳转至重写规则配置块之后的其它配置,结束循环,建议在location中使用 > #适用于一个URL一次重写 > last;#重写完成后,停止对当前URI在当前location中后续的其它重写操作, > #而后对新的URL启动新一轮重写检查,不建议在location中使用 > #适用于一个URL多次重写,要注意避免出现超过十次以及URL重写后返回错误的给用户 \[root@nginx conf.d\]# vim vars.conf location / { root /data/web/var; index index.html; #rewrite / http://www.huihui.com permanent; #永久 #rewrite / http://www.huihui.com redirect; #临时 } \[root@nginx conf.d\]# mkdir /data/web/var -p \[root@nginx conf.d\]# echo var page \> /data/web/var/index.html \[root@nginx conf.d\]# nginx -s reload \[root@nginx conf.d\]# curl var.hh.org var page \[root@nginx conf.d\]# curl \[root@nginx conf.d\]# vim vars.conf \[root@nginx conf.d\]# nginx -s reload [root@nginx conf.d]# curl var.hh.org 301 Moved Permanently

301 Moved Permanently


nginx/1.26.2
\[root@nginx conf.d\]# curl -I var.hh.org HTTP/1.1 301 Moved Permanently Server: nginx/1.26.2 Date: Mon, 19 Aug 2024 07:43:48 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive Keep-Alive: timeout=60 Location: http://www.huihui.com 在Windows加编译:var.huihui.org ![](https://i-blog.csdnimg.cn/direct/412333669741495698ca6d6743368ecd.png) location / { root /data/web/var; index index.html; #rewrite / http://www.huihui.com permanent; #永久 } ![](https://i-blog.csdnimg.cn/direct/4f33485b60d94f8e90fb194e15272287.png) ![](https://i-blog.csdnimg.cn/direct/d30e249c677446b297209084a5b1dfd2.png) location / { root /data/web/var; index index.html; rewrite / http://www.timinglee.com redirect; } ![](https://i-blog.csdnimg.cn/direct/1ecef7412c0244dd91d9ee8fec1a1ea1.png) ![](https://i-blog.csdnimg.cn/direct/fe50771b1ff84ea6b43e68dc47038ab6.png) #break 和last 创建文件: \[root@nginx conf.d\]# mkdir /data/web/html/{test1,test2,break,last} -p 写入内容: \[root@nginx conf.d\]# echo test1 \> /data/web/html/test1/index.html \[root@nginx conf.d\]# echo test2 \> /data/web/html/test2/index.html \[root@nginx conf.d\]# echo last \> /data/web/html/last/index.html \[root@nginx conf.d\]# echo break \> /data/web/html/break/index.html \[root@nginx conf.d\]# vim vars.conf server { listen 80; server_name var.hh.org; root /data/web/html; index index.html; location /break { rewrite ^/break/(.*) /test1/$1; #break 如果输入break访问的时候会返回test1的值,中断下面查找test2 rewrite ^/test1/(.*) /test2/$1; } location /last { rewrite ^/last/(.*) /test1/$1; rewrite ^/test1/(.*) /test2/$2; } location /test1 { default_type text/html; echo "why not let me go oh,why you speak so low oh"; } location /test2 { root /data/web/html; } } 访问结果: ![](https://i-blog.csdnimg.cn/direct/27cc794fa37a4ba98a2dec72188a8549.png) ![](https://i-blog.csdnimg.cn/direct/afd9ef1561cc4b9da0a1b6a72e7d2916.png) ![](https://i-blog.csdnimg.cn/direct/ba4374231f0c443ca0de8127b20d554d.png) ![](https://i-blog.csdnimg.cn/direct/5aff3d095660427bb400782ba208d6fc.png) ### Nginx-rewrite的企业级防盗链 全站加密 创建一个认证目录: \[root@nginx conf.d\]# cd /usr/local/nginx/ \[root@nginx nginx\]# ls client_body_temp conf conf.d fastcgi_temp html logs proxy_temp sbin scgi_temp uwsgi_temp \[root@nginx nginx\]# mkdir certs \[root@nginx nginx\]# ls certs client_body_temp conf conf.d fastcgi_temp html logs proxy_temp sbin scgi_temp uwsgi_temp \[root@nginx nginx\]# cd certs/ \[root@nginx certs\]# cd \[root@nginx \~\]# openssl req -newkey rsa:2048 -nodes -sha256 -keyout /usr/local/nginx/certs/huihui.org.key -x509 -days 365 -out /usr/local/nginx/certs/huihui.org.crt > Country Name (2 letter code) \[XX\]:CN > > State or Province Name (full name) \[\]:Shaanxi > > Locality Name (eg, city) \[Default City\]:Xi'an > > Organization Name (eg, company) \[Default Company Ltd\]:lhx > > Organizational Unit Name (eg, section) \[\]:webserver > > Common Name (eg, your name or your server's hostname) \[\]:www.huihui.org > > Email Address \[\]:admin@huihui.org \[root@nginx \~\]# cd /usr/local/nginx/ \[root@nginx nginx\]# cd certs/ \[root@nginx certs\]# ls huihui.org.crt huihui.org.key \[root@nginx certs\]# cd .. \[root@nginx nginx\]# cd conf.d/ \[root@nginx conf.d\]# ls 无 \[root@nginx conf.d\]# vim jiam.conf server { listen 80; listen 443 ssl; server_name www.huihui.org; root /data/web/html; index index.html; ssl_certificate /usr/local/nginx/certs/huihui.org.crt; ssl_certificate_key /usr/local/nginx/certs/huihui.org.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; } \[root@nginx conf.d\]# nginx -t \[root@nginx conf.d\]# nginx -s reload 测试: ![](https://i-blog.csdnimg.cn/direct/9c645d11782449abbb1ce388951838f7.png) ![](https://i-blog.csdnimg.cn/direct/2b313188529e4b10ac645677b0bd210f.png) 强制走加密: \[root@nginx conf.d\]# vim jiam.conf server { listen 80; listen 443 ssl; server_name www.huihui.org; root /data/web/html; index index.html; ssl_certificate /usr/local/nginx/certs/huihui.org.crt; ssl_certificate_key /usr/local/nginx/certs/huihui.org.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; location / { if ( $scheme = http ){ rewrite /(.*) https://$host/$1 redirect; rewrite / https://$host redirect; #如果不加,不管在浏览器上输入的对不对最后还是会访问https://www.huihui.org } } } > \[root@nginx conf.d\]# nginx -s reload > > \[root@nginx conf.d\]# curl -L www.huihui.org > > curl: (60) SSL certificate problem: self-signed certificate > > More details here: https://curl.se/docs/sslcerts.html > > curl failed to verify the legitimacy of the server and therefore could not > > establish a secure connection to it. To learn more about this situation and > > how to fix it, please visit the web page mentioned above. > > \[root@nginx conf.d\]# curl -kL www.huihui.org > > www.huihui.org > > \[root@nginx conf.d\]# curl -I www.huihui.org > > HTTP/1.1 302 Moved Temporarily > > Server: nginx/1.26.2 > > Date: Mon, 19 Aug 2024 15:39:35 GMT > > Content-Type: text/html > > Content-Length: 145 > > Connection: keep-alive > > Keep-Alive: timeout=60 > > Location: https://www.huihui.org 测试: ![](https://i-blog.csdnimg.cn/direct/e6af6d9a94124327967f444e91e2ce7d.png) > 防盗链 > > 在一个web 站点盗链另一个站点的资源信息,比如:图片、视频等 > > nginx: > > \[root@nginx conf.d\]# mkdir -p /data/web/html/images > > xftp传图片,一张在images里,一张在html里,两张图片不能放在一起; > > \[root@nginx \~\]# cd /usr/local/nginx/ \[root@nginx nginx\]# cd conf.d/ \[root@nginx conf.d\]# ls jiam.conf status.conf vhost.conf > > \[root@nginx conf.d\]# vim jiam.con server { listen 80; listen 443 ssl; server_name www.hhhoo.org; root /data/web/html; index index.html; ssl_certificate /usr/local/nginx/certs/hhhoo.org.crt; ssl_certificate_key /usr/local/nginx/certs/hhhoo.org.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; location / { if ( $scheme = http ){ rewrite /(.*) https://$host/$1 redirect; } if ( !-e $request_filename ){ rewrite /(.*) https://$host/index.html redirect; } } location /images { valid_referers none blocked server_names *.hhhoo.org ~/.baidu/.; if ( $invalid_referer ){ rewrite ^/ http://www.hhhoo.org/shiwan.jpg; } } } web1: \[root@web1 \~\]# dnf install httpd \[root@web1 \~\]# cd /var/www/html \[root@web1 html\]# ls \[root@web1 html\]# vim index.html 盗链

why not let me go oh

你没事吧你没事吧

测试: ![](https://i-blog.csdnimg.cn/direct/155671b7cd84422db23d16c3e423f870.png) ![](https://i-blog.csdnimg.cn/direct/229dce788be54636b10d6d0460639566.png) \[root@nginx conf.d\]# vim jiam.conf server { listen 80; listen 443 ssl; server_name www.hhhoo.org; root /data/web/html; index index.html; ssl_certificate /usr/local/nginx/certs/hhhoo.org.crt; ssl_certificate_key /usr/local/nginx/certs/hhhoo.org.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; location / { valid_referers none blocked server_names *.hhhoo.org ~/.baidu/.; if ( $invalid_referer ){ return 404; } } } 测试: ![](https://i-blog.csdnimg.cn/direct/bf1fe44b0fe24d73b1f97d65d8a3e6e7.png) ![](https://i-blog.csdnimg.cn/direct/5482ce6a035b40b5a557634e915476cc.png) 但是直接访问 ![](https://i-blog.csdnimg.cn/direct/b5dab3b879ff4ec4a6c26b404a9adcf5.png) \[root@nginx conf.d\]# vim jiam.conf server { listen 80; listen 443 ssl; server_name www.hhhoo.org; root /data/web/html; index index.html; ssl_certificate /usr/local/nginx/certs/hhhoo.org.crt; ssl_certificate_key /usr/local/nginx/certs/hhhoo.org.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; location /images { valid_referers none blocked server_names *.hhhoo.org ~/.baidu/ .; if ( $invalid_referer ){ rewrite ^/ http://www.hhhoo.org/images/he.jpg; } } } 测试没有 some tips: [root@nginx conf.d]# cat status.conf server { listen 80; server_name hx.hx.org; root /data/web/html; index index.html; location /status { stub_status; #auth_basic"login" #auth_basic_user_file "/use/local/nginx/.htpasswd" } } [root@nginx conf.d]# cat vars.conf #server { # listen 80; # server_name var.hh.org; # root /data/web/html; # index index.html; # # location /break { # rewrite ^/break/(.*) /test1/$1; # rewrite ^/test1/(.*) /test2/$1; # } # # location /last { # rewrite ^/last/(.*) /test1/$1; # rewrite ^/test1/(.*) /test2/$2; # } # location /test1 { # default_type text/html; # echo "why not let me go oh,why you speak so low oh"; # } # location /test2 { # root /data/web/html; # } #} [root@nginx conf.d]# cat vhost.conf server { listen 80; server_name www.huihui.org; root /data/web/html; index index.html; error_page 404 /40x.html; error_log /var/log/huihui.org/error.log; access_log /var/log/huihui.org/access.log; try_files $uri $uri.html $uri/index.html /error/default.html; location /hui { root /data/web; #auth_basic "login password !!"; #auth_basic_user_file "/usr/local/nginx/.htpasswd"; } location = /40x.html{ root /data/web/errorpage; } location /download { root /data/web; autoindex on; autoindex_localtime on; } } ### Nginx 反向代理及动静分离 反向代理 通过location可以写 > ngx_http_proxy_module: #将客户端的请求以http协议转发至指定服务器进行处理 > > ngx_http_upstream_module #用于定义为proxy_pass,fastcgi_pass(解析php),uwsgi_pass(解析python)#等指令引用的后端服务器分组 > > ngx_stream_proxy_module: #将客户端的请求以tcp协议转发至指定服务器处理(后端是两个dns、数据库) > > ngx_http_fastcgi_module: #将客户端对php的请求以fastcgi协议转发至指定服务器助理 > > ngx_http_uwsgi_module: #将客户端对Python的请求以uwsgi协议转发至指定服务器处理 proxy_pass:只能写一个 **反向代理单台** **web** **服务器** 在nginx: \[root@nginx conf.d\]# cd /usr/local/nginx/conf.d/ \[root@nginx conf.d\]# vim icome.conf server { listen 80; server_name www.hhhoo.org; location / { proxy_pass http://172.25.254.10:80; } } \[root@nginx conf.d\]# nginx -s reload 测试: \[root@nginx conf.d\]# curl 172.25.254.100 172.25.254.10 ![](https://i-blog.csdnimg.cn/direct/aa5525095c9344ef946e7cd667a4d857.png) web2: \[root@web2 \~\]# vim /etc/httpd/conf/httpd.conf #Listen 12.34.56.78:80 Listen 8080 :wq \[root@web2 \~\]# systemctl restart httpd nginx: \[root@nginx conf.d\]# vim icome.conf server { listen 80; server_name www.hhhoo.org; location / { #proxy_pass http://172.25.254.10:80; proxy_pass http://172.25.254.20:8080; #二选一 } } \[root@nginx conf.d\]# nginx -s reload 测试: ![](https://i-blog.csdnimg.cn/direct/6aac72083f25459f9ea890af7aa0af72.png) 如果想访问172.25.254.20: \[root@nginx conf.d\]# vim icome.conf server { listen 80; server_name www.hhhoo.org; location / { proxy_pass http://172.25.254.10:80; #proxy_pass http://172.25.254.20:8080; } location /static { #加静态 proxy_pass http://172.25.254.20:8080; } } \[root@web2 \~\]# mkdir -p /var/www/html/static \[root@web2 \~\]# echo static 172.25.254.20 \> /var/www/html/static/index.html 测试: ![](https://i-blog.csdnimg.cn/direct/7fa97e72c24c4e24bf817777fa564129.png) 动静分离: \[root@nginx conf.d\]# vim icome.conf server { listen 80; server_name www.hhhoo.org; location ~ \.php$ { proxy_pass http://172.25.254.10:80; #proxy_pass http://172.25.254.20:8080; } location /static { proxy_pass http://172.25.254.20:8080; } } \[root@web1 \~\]# dnf install php -y \[root@web1 \~\]# systemctl restart httpd \[root@web1 \~\]# vim /var/www/html/index.php \[root@web2 \~\]# dnf install httpd \[root@web2 \~\]# systemctl enable --now httpd Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service. \[root@web2 \~\]# echo 172.25.254.20 \> /var/www/html/index.html \[root@web2 \~\]# vim /etc/httpd/conf/httpd.conf (把listen改为8080) \[root@web2 \~\]# systemctl restart httpd \[root@web2 \~\]# mkdir -p /var/www/html/static \[root@web2 \~\]# echo static 172.25.254.20 \> /var/www/html/static/index.html 测验: 静态 ![](https://i-blog.csdnimg.cn/direct/94a85a9083254a9ca79583966ca8bdf0.png) ![](https://i-blog.csdnimg.cn/direct/2025cbf63e524b3f8df0582863fcdb6e.png) php ![](https://i-blog.csdnimg.cn/direct/37b900ded3fb479da54b91f2692223e9.png) ### 反向代理的缓存功能 \[root@nginx conf.d\]# vim /usr/local/nginx/conf/nginx.conf 加在http下 proxy_cache_path /apps/nginx/proxy_cache levels=1:2:2 keys_zone=proxycache:20m inactive=120s max_size=1g; \[root@nginx conf.d\]# vim icome.conf server { listen 80; server_name www.hhhoo.org; location ~ \.php$ { proxy_pass http://172.25.254.10:80; #proxy_pass http://172.25.254.20:8080; } location /static { proxy_pass http://172.25.254.20:8080; proxy_cache proxycache; proxy_cache_key $request_uri; proxy_cache_valid 200 302 301 10m; proxy_cache_valid any 1m; } } \[root@nginx conf.d\]# nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful \[root@nginx conf.d\]# nginx -s reload ### Nginx的反向代理负载均衡 **http upstream配置参数** #自定义一组服务器,配置在http块内 \[root@nginx \~\]# cd /usr/local/nginx/conf.d/ \[root@nginx conf.d\]# vim icome.conf upstream webcluster { server 172.25.254.10:80 fail_timeout=15s max_fails=3; server 172.25.254.20:8080 fail_timeout=15s max_fails=3; server 172.25.254.100:80 backup; } server { listen 80; server_name www.hhhoo.org; location / { proxy_pass http://webcluster; } } \[root@nginx conf.d\]# nginx -s reload 测试:默认是轮询 ![](https://i-blog.csdnimg.cn/direct/5e25dd32232549c5a050fe3e8b8fe33f.png) \[root@nginx conf.d\]# vim icome.conf upstream webcluster { ip_hash;(加入算法时backup不能写) server 172.25.254.10:80 fail_timeout=15s max_fails=3; server 172.25.254.20:8080 fail_timeout=15s max_fails=3; #server 172.25.254.100:80 backup; } 测试:(hash算法------找最近的后端服务器) ![](https://i-blog.csdnimg.cn/direct/3b9c6d0a9e2e48d9affe4438aa41b4e0.png) hash $request_uri consistent; 在web1 \[root@web1 \~\]# mkdir -p /var/www/html/static \[root@web1 \~\]# echo 172.25.254.10 static \> /var/www/html/static/index.html 测试: ![](https://i-blog.csdnimg.cn/direct/f551c318f0f84a62a6fcdcf1a758b7c0.png) hash $cookie_hui; 测试: curl -b "hui=1"(取模运算) ![](https://i-blog.csdnimg.cn/direct/09a45d1ad8b24c63baea0f64bcbd5027.png) **tcp负载均衡配置参数** web1、web2:都下载bind \[root@web1 \~\]# dnf install bind -y \[root@web1 \~\]# vim /etc/named.conf 注释 // listen-on port 53 { 127.0.0.1; }; // listen-on-v6 port 53 { ::1; }; // allow-query { localhost; }; dnssec-validation no; \[root@web1 \~\]# vim /etc/named.rfc1912.zones zone "hhhoo.org" IN { type master; file "hhhoo.org.zone"; allow-update { none; }; }; \[root@web1 \~\]# cd /var/named/ \[root@web1 named\]# cp named.localhost hhhoo.org.zone -p \[root@web1 named\]# vim hhhoo.org.zone $TTL 1D @ IN SOA ns.hhhoo.org. root.hhhoo.org. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS ns.hhhoo.org. ns A 172.25.254.10 www A 172.25.254.10 \[root@web1 named\]# dig @172.25.254.10 > ; \<\<\>\> DiG 9.16.23-RH \<\<\>\> www.hhhoo.org @172.25.254.10 > > ;; global options: +cmd > > ;; Got answer: > > ;; -\>\>HEADER\<\<- opcode: QUERY, status: NOERROR, id: 35951 > > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > > ; EDNS: version: 0, flags:; udp: 1232 > > ; COOKIE: aac45499bb8562eb0100000066c6f9e2f0abc9b22209a6a8 (good) > > ;; QUESTION SECTION: > > ;www.hhhoo.org. IN A > > ;; ANSWER SECTION: > > www.hhhoo.org. 86400 IN A 172.25.254.10 > > ;; Query time: 0 msec > > ;; SERVER: 172.25.254.10#53(172.25.254.10) > > ;; WHEN: Thu Aug 22 16:42:10 CST 2024 > > ;; MSG SIZE rcvd: 86 \[root@web1 named\]# scp -p /etc/named.{conf,rfc1912.zones} root@172.25.254.20:/etc/ cp到20 \[root@web1 named\]# scp -p /var/named/hhhoo.org.zone root@172.25.254.20:/var/named/hhhoo.org.zone 在web2把ip改成20 \[root@web2 \~\]# vim /var/named/hhhoo.org.zone \[root@web2 \~\]# systemctl start named \[root@web2 \~\]# dig @172.25.254.20 \[root@web2 \~\]# cd /var/named \[root@web2 named\]# ll \[root@web2 named\]# chgrp named hhhoo.org.zone \[root@web2 named\]# ll 总用量 20 \[root@web2 named\]# dig @172.25.254.20 加数据库 在web1、web2上下载: \[root@web2 named\]# dnf install mariadb-server -y 回nginx中加入: [root@nginx conf.d]# vim dns.conf stream { upstream dns { server 172.25.254.10:53 fail_timeout=15s max_fails=3; server 172.25.254.20:53 fail_timeout=15s max_fails=3; } server { listen 53 udp reuseport; proxy_timeout 20s; proxy_pass dns; } 在主配置文件加入 \[root@nginx conf.d\]# vim /usr/local/nginx/conf/nginx.conf events { worker_connections 1024; use epoll; } include "/usr/local/nginx/tcpconf.d/*.conf"; !!! http { include mime.types; default_type application/octet-stream; **负载均衡:mysql** web1 \[root@web1 \~\]# vim /etc/my.cnf.d/mariadb-server.cnf [mysqld] server-id=10 !! datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock log-error=/var/log/mariadb/mariadb.log pid-file=/run/mariadb/mariadb.pid \[root@web1 \~\]# systemctl start mariadb.service 登陆mysql MariaDB [(none)]> CREATE USER hhhoo@'%' identified by 'hhhoo'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> GRANT ALL ON *.* to hhhoo@'%'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> quit; Bye web2 \[root@web2 \~\]# vim /etc/my.cnf.d/mariadb-server.cnf [mysqld] server-id=20 datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock log-error=/var/log/mariadb/mariadb.log pid-file=/run/mariadb/mariadb.pid \[root@web2 \~\]# systemctl start mariadb.service MariaDB [(none)]> CREATE USER hhhoo@'%' identified by 'hhhoo'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> GRANT ALL ON *.* to hhhoo@'%'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> quit; Bye 回nginx \[root@nginx conf.d\]# vim dns.conf stream { upstream dns { server 172.25.254.10:53 fail_timeout=15s max_fails=3; server 172.25.254.20:53 fail_timeout=15s max_fails=3; } upstream mysql { !!! server 172.25.254.10:3306 fail_timeout=15s max_fails=3; server 172.25.254.20:3306 fail_timeout=15s max_fails=3; } server { listen 53 udp reuseport; proxy_timeout 20s; proxy_pass dns; } \[root@nginx conf.d\]# nginx -s reload \[root@nginx conf.d\]# netstat -antlup \| grep 3306 \[root@nginx conf.d\]# dnf install mariadb-server -y \[root@nginx conf.d\]# mysql -u hhhoo -p -h 172.25.254.100 password: MariaDB [(none)]>SELECT @@SERVER_id; MariaDB [(none)]>quit ### Nginx 源码编译php 重新编译 先把 /usr/local/里面的 nginx/conf.d/ 删除 \[root@nginx \~\]# rm -rf /usr/local/nginx/ xftp 上传压缩包:memc-nginx-module-0.20.tar.gz srcache-nginx-module-0.33.tar.gz \[root@nginx \~\]# tar zxf memc-nginx-module-0.20.tar.gz \[root@nginx \~\]# tar zxf srcache-nginx-module-0.33.tar.gz cd到 nginx1.26.2下 [root@nginx nginx-1.26.2]# ./configure --prefix=/usr/local/nginx \ > --add-module=/root/echo-nginx-module-0.63 \ > --add-module=/root/memc-nginx-module-0.20 \ > --add-module=/root/srcache-nginx-module-0.33 \ > --user=nginx \ > --group=nginx \ > --with-http_v2_module \ > --with-http_realip_module \ > --with-http_stub_status_module \ > --with-http_gzip_static_module \ > --with-stream \ > --with-stream_ssl_module \ > --with-stream_realip_module \ > --with-pcre \[root@nginx nginx-1.26.2\]# make \&\& make install \[root@nginx \~\]# systemctl start nginx \[root@nginx \~\]# ps aux \| grep nginx \[root@nginx \~\]# nginx -V 下载php安装包和openresty,xtfp上传到/root下 \[root@nginx \~\]# tar zxf php-8.3.9.tar.gz \[root@nginx \~\]# cd php-8.3.9/ \[root@nginx php-8.3.9\]# dnf whatprovides \* /libsystemd \* \[root@nginx php-8.3.9\]# dnf install systemd-devel -y \[root@nginx php-8.3.9\]# ./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd > \[root@nginx php-8.3.9\]# ./configure --prefix=/usr/local/php \\ > > \> --enable-fpm \\ > > \> --with-fpm-user=nginx \\ > > \> --with-fpm-group=nginx \\ > > \> --with-curl \\ > > \> --with-iconv \\ > > \> --with-mhash \\ > > \> --with-zlib \\ > > \> --with-openssl \\ > > \> --enable-mysqlnd \\ > > \> --with-mysqli \\ > > \> --with-pdo-mysql \\ > > \> --disable-debug \\ > > \> --enable-sockets \\ > > \> --enable-soap \\ > > \> --enable-xml \\ > > \> --enable-ftp \\ > > \> --enable-gd \\ > > \> --enable-exif \\ > > \> --enable-mbstring \\ > > \> --enable-bcmath \\ > > \> --with-fpm-systemd 一直报错没安装软件,可恶!! > 找:dnf whatprovides \* /libxml-2.0 \* > > 下:dnf install libxml2-devel-2.9.13-2.el9.x86_64 > > 编:./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd > > \> --dnf search sqlite3 > > \> > > \> --dnf install sqlite-devel.x86_64 -y > > \> > > \> ------./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd > > \> ------dnf whatprovides \*/libcurl\* > > \> ------ dnf install libcurl-devel-7.76.1-19.el9.x86_64 -y > > \> ------./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd > > \> > > \> ------ dnf search libpng-devel\* > > \> ------ dnf install libpng-devel.x86_64 -y > > \> ------ ./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd > > \> ------ cd /mnt > > \> > > \> 去阿里云镜像站复制链接: > > \> > > \> ------ wget https://mirrors.aliyun.com/rockylinux/9.4/devel/x86_64/os/Packages/o/oniguruma-devel-6.9.6-1.el9.5.0.1.x86_64.rpm > > \> ------ ls > > \> > > \> 回镜像站下载软件包,cd到root下 > > \> > > \> ------ dnf install oniguruma-6.9.6-1.el9.5.i686 -y > > \> > > \> ------dnf install oniguruma-devel-6.9.6-1.el9.5.x86_64.rpm > > \> ------ cd php-8.3.9/ > > \> ------ ./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd ### Nginx-php的配置 \[root@nginx \~\]# cd /usr/local/php/etc \[root@nginx etc\]# ls php-fpm.conf.default php-fpm.d \[root@nginx etc\]# cp -p php-fpm.conf.default php-fpm.conf \[root@nginx etc\]# vim php-fpm.conf 打开pid pid = run/php-fpm.pid \[root@nginx etc\]# cd php-fpm.d/ \[root@nginx php-fpm.d\]# ls \[root@nginx php-fpm.d\]# cp www.conf -p \[root@nginx php-fpm.d\]# vim www.conf \[root@nginx php-fpm.d\]# cd /root/php-8.3.9/ \[root@nginx php-8.3.9\]# ls \[root@nginx php-8.3.9\]# cp php.ini-production /usr/local/php/etc/php.ini \[root@nginx php-8.3.9\]# cd /usr/local/php/etc/ \[root@nginx etc\]# vim php.ini date.timezone =Asia/Shanghai 生成启动脚本: [root@nginx fpm]# cp php-fpm.service /lib/systemd/system/ [root@nginx fpm]# pwd /root/php-8.3.9/sapi/fpm \[root@nginx fpm\]# vim /lib/systemd/system/php-fpm.service 注释掉: # Mounts the /usr, /boot, and /etc directories read-only for processes invoked by this unit. #ProtectSystem=full \[root@nginx fpm\]# systemctl daemon-reload \[root@nginx fpm\]# systemctl start php-fpm.service \[root@nginx fpm\]# netstat -antlupe \| grep php 建议不要!!!! 修改监听端口 \[root@nginx php\]# cd etc/php-fpm.d/ \[root@nginx php-fpm.d\]# vim www.conf listen = 0.0.0.0:9000 \[root@nginx php-fpm.d\]# systemctl restart php-fpm.service \[root@nginx php-fpm.d\]# netstat -antlupe \| grep php tcp6 0 0 ::1:9000 :::\* LISTEN 0 188205 215256/php-fpm: mas ### Nginx和php的整合 \[root@nginx bin\]# mkdir -p /data/web/php \[root@nginx bin\]# cd /usr/local/php/ \[root@nginx bin\]# ls \[root@nginx bin\]# cd bin/ \[root@nginx bin\]# vim \~/.bash_profile export PATH=$PATH:/usr/local/nginx/sbin:/usr/local/php/bin:/usr/local/php/sbin \[root@nginx bin\]# source \~/.bash_profile \[root@nginx bin\]# cd /data/web/php/ \[root@nginx php\]# ls \[root@nginx php\]# vim index.php :wq \[root@nginx php\]# cd /usr/local/ \[root@nginx local\]# ls bin etc games include lib lib64 libexec nginx php sbin share src \[root@nginx local\]# cd nginx/ \[root@nginx nginx\]# ls client_body_temp conf fastcgi_temp html logs proxy_temp sbin scgi_temp uwsgi_temp \[root@nginx nginx\]# mkdir conf.d \[root@nginx nginx\]# vim conf/nginx.conf include "/usr/local/nginx/conf.d/*.conf"; \[root@nginx nginx\]# cd conf.d/ \[root@nginx conf.d\]# ls \[root@nginx conf.d\]# vim vhost.conf server{ listen 80; server_name www.hhhoo.org; root /data/web/html; index index.html; location ~ \.php$ { root /data/web/php; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi.conf; } }

相关推荐
一心0923 小时前
ubuntu 20.04.6 sudo 源码包在线升级到1.9.17p1
运维·ubuntu·sudo·漏洞升级
好好学习啊天天向上3 小时前
世上最全:ubuntu 上及天河超算上源码编译llvm遇到的坑,cmake,ninja完整过程
linux·运维·ubuntu·自动性能优化
你想考研啊4 小时前
三、jenkins使用tomcat部署项目
运维·tomcat·jenkins
代码老y4 小时前
Docker:容器化技术的基石与实践指南
运维·docker·容器
典学长编程5 小时前
Linux操作系统从入门到精通!第二天(命令行)
linux·运维·chrome
DuelCode5 小时前
Windows VMWare Centos Docker部署Springboot 应用实现文件上传返回文件http链接
java·spring boot·mysql·nginx·docker·centos·mybatis
你想考研啊7 小时前
四、jenkins自动构建和设置邮箱
运维·jenkins
Code blocks7 小时前
使用Jenkins完成springboot项目快速更新
java·运维·spring boot·后端·jenkins
饥饿的半导体8 小时前
Linux快速入门
linux·运维
还是奇怪11 小时前
Linux - 安全排查 2
linux·运维·安全