Nginx实验-2

Nginx中的变量

变量可以分为内置变量和自定义变量

内置变量是由nginx模块自带,通过变量可以获取到众多的与客户端访问相关的值

[root@nginx ~]# cd /usr/local/nginx/

[root@nginx nginx]# cd conf.d/

[root@nginx conf.d]# ls status.conf vhost.conf

[root@nginx conf.d]# vim vars.conf

server {
    listen 80;
    server_name var.hh.org;
    root /data/web/html;
    index index.html;

    location /var {
        default_type text/html;
        echo "why not let me go oh";
    }

}

[root@nginx conf.d]# vim /etc/hosts 在Linux中做解析

172.25.254.100	nginx.hui.org www.huihui.org hx.hx.org var.hh.org

测试:

[root@nginx conf.d]# curl var.hh.org/var

why not let me go oh

#nginx的内置变量

server {

listen 80;

server_name var.timinglee.org;

root /data/web/html;

index index.html;

location /var {

default_type text/html;

echo $remote_addr;

echo $args;

echo $is_args;

echo $document_root;

echo $document_uri;

echo $host;

echo $remote_port;

echo $remote_user;

echo $request_method;

echo $request_filename;

echo $request_uri;

echo $scheme;

echo $server_protocol;

echo $server_addr;

echo $server_name;

echo $server_port;

echo $http_user_agent;

echo $http_cookie;

echo $cookie_key2;

}

}

#nginx自定义变量
server {
    listen 80;
    server_name var.timinglee.org;
    root /data/web/html;
    index index.html;

    location /var {
        default_type text/html;
        set $hh hui;
        echo $hh;
    }
}

返回值

[root@nginx conf.d]# curl -b "key1=x,key2=y1" -u lee:lee var.hh.org/var?name=hui&&id=6666

why not let me go oh

172.25.254.100

name=hui

?

/data/web/html

/var

var.hh.org

34140

lee

GET

/data/web/html/var

/var?name=hui

http

HTTP/1.1

172.25.254.100

var.hh.org

80

curl/7.76.1

key1=x,key2=y1

Nginx Rewrite模块功能

if 指令

注意:

#如果$变量的值为空字符串或0,则if指令认为该条件为false,其他条件为true。

#nginx 1.0.1之前$变量的值如果以0开头的任意字符串会返回false

eg:if判定

[root@nginx conf.d]# vim vars.conf

	location /test2 {
	if ( !-e $request_filename ){
		echo "$request_filename is not exist";
			return 409;
		}
	}

[root@nginx conf.d]# nginx -s reload

[root@nginx conf.d]# curl var.hh.org/test2

<html>

<head><title>409 Conflict</title></head>

<body>

<center><h1>409 Conflict</h1></center>

<hr><center>nginx/1.26.2</center>

</body>

</html>

[root@nginx conf.d]# curl var.hh.org/test2

/data/web/html/test2 is not exist 文件不存在

[root@nginx conf.d]# mkdir -p /data/web/html/test2/ [root@nginx conf.d]# echo test2 > /data/web/html/test2/index.html [root@nginx conf.d]# curl var.hh.org/test2/index.html test2

set 指令

指定key并给其定义一个变量,变量可以调用Nginx内置变量赋值给key(#自定义变量)

set $name hui;

echo $name;

返回值

hui

break 指令

eg:break

[root@nginx conf.d]# vim vars.conf

location /break {
        default_type text/html;
        set $name love;
        echo $name;
        
		#break;
		set $id 666;
		echo $id;
    }

[root@nginx conf.d]# nginx -s reload

返回值

[root@nginx conf.d]# curl var.hh.org/break

love 666

location /break {
        default_type text/html;
        set $name love;
        echo $name;
        
		break;
		set $id 666;
		echo $id;
    }

[root@nginx conf.d]# nginx -s reload

[root@nginx conf.d]# curl var.hh.org/break

love

[root@nginx conf.d]# vim vars.conf

	location /break {
        default_type text/html;
        set $name love;
        echo $name;
        
		if ( $http_user_agent = "curl/7.76.1" ){
            break;
        }
		set $id 666;
		echo $id;
        }

[root@nginx conf.d]# curl var.hh.org/break love

[root@nginx conf.d]# curl -A "firefox" var.hh.org/break love 666

return 指令

[root@nginx conf.d]# vim vars.conf

     location /return {
        default_type text/html;
        if ( !-e $request_filename){
            return 301 http://www.baidu.com;	#没有找到文件就访问百度
        }
        echo "$request_filename is exist";
    }

[root@nginx conf.d]# nginx -s reload

[root@nginx conf.d]# curl -I var.hh.org/return

HTTP/1.1 301 Moved Permanently

Server: nginx/1.26.2

Date: Mon, 19 Aug 2024 06:23:53 GMT

Content-Type: text/html

Content-Length: 169

Connection: keep-alive Keep-Alive: timeout=60

Location: 百度一下,你就知道

没有查找到文件,访问百度

[root@nginx conf.d]# mkdir -p /data/web/html/return

[root@nginx conf.d]# curl -I var.hh.org/return

HTTP/1.1 200 OK

Server: nginx/1.26.2

Date: Mon, 19 Aug 2024 06:33:04 GMT

Content-Type: text/html

Connection: keep-alive Keep-Alive: timeout=60

Vary: Accept-Encoding

rewrite 指令

通过正则表达式的匹配来改变URI,可以同时存在一个或多个指令,按照顺序依次对URI进行匹配,

rewrite主要是针对用户请求的URL或者是URI做具体处理

语法格式 :

rewrite regex replacement [flag];

flag 说明

redirect;#临时重定向 重写完成后以临时重定向方式直接返回重写后生成的新URL给客户端
浏览器里不会存放重写产生的新的配置文件信息
permanent; #重写完成后以永久重定向方式直接返回重写后生成的新URL给客户端
#由客户端重新发起请求,状态码:301
break;#重写完成后,停止对当前URL在当前location中后续的其它重写操作
#而后直接跳转至重写规则配置块之后的其它配置,结束循环,建议在location中使用
#适用于一个URL一次重写
last;#重写完成后,停止对当前URI在当前location中后续的其它重写操作,
#而后对新的URL启动新一轮重写检查,不建议在location中使用
#适用于一个URL多次重写,要注意避免出现超过十次以及URL重写后返回错误的给用户

[root@nginx conf.d]# vim vars.conf

 location / {
        root /data/web/var;
        index index.html;
        #rewrite / http://www.huihui.com permanent;		#永久
        #rewrite / http://www.huihui.com redirect;		#临时
}

[root@nginx conf.d]# mkdir /data/web/var -p

[root@nginx conf.d]# echo var page > /data/web/var/index.html

[root@nginx conf.d]# nginx -s reload

[root@nginx conf.d]# curl var.hh.org

var page

[root@nginx conf.d]# curl <www.huihui.org> <www.huihui.org>

[root@nginx conf.d]# vim vars.conf

[root@nginx conf.d]# nginx -s reload

[root@nginx conf.d]# curl var.hh.org
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.26.2</center>
</body>
</html>

[root@nginx conf.d]# curl -I var.hh.org

HTTP/1.1 301 Moved Permanently

Server: nginx/1.26.2

Date: Mon, 19 Aug 2024 07:43:48 GMT

Content-Type: text/html

Content-Length: 169

Connection: keep-alive

Keep-Alive: timeout=60

Location: http://www.huihui.com

在Windows加编译:var.huihui.org

 location / {
        root /data/web/var;
        index index.html;
        #rewrite / http://www.huihui.com permanent;		#永久
}
 location / {
        root /data/web/var;
        index index.html;
        rewrite / http://www.timinglee.com redirect;
    }

#break 和last

创建文件:

[root@nginx conf.d]# mkdir /data/web/html/{test1,test2,break,last} -p

写入内容:

[root@nginx conf.d]# echo test1 > /data/web/html/test1/index.html

[root@nginx conf.d]# echo test2 > /data/web/html/test2/index.html

[root@nginx conf.d]# echo last > /data/web/html/last/index.html

[root@nginx conf.d]# echo break > /data/web/html/break/index.html

[root@nginx conf.d]# vim vars.conf

server {
	listen 80;
	server_name var.hh.org;
	root /data/web/html;
	index index.html;

	location /break {
		rewrite ^/break/(.*)  /test1/$1;	#break   如果输入break访问的时候会返回test1的值,中断下面查找test2
		rewrite ^/test1/(.*)  /test2/$1;
    }

	location /last {
		rewrite ^/last/(.*) /test1/$1;		
		rewrite ^/test1/(.*) /test2/$2;
	}
	location /test1 {
		default_type text/html;
		echo  "why not let me go oh,why you speak so low oh";
	}
	location /test2 {
		root /data/web/html;
	}
}

访问结果:

Nginx-rewrite的企业级防盗链

全站加密

创建一个认证目录:

[root@nginx conf.d]# cd /usr/local/nginx/

[root@nginx nginx]# ls

client_body_temp conf conf.d fastcgi_temp html logs proxy_temp sbin scgi_temp uwsgi_temp

[root@nginx nginx]# mkdir certs

[root@nginx nginx]# ls

certs client_body_temp conf conf.d fastcgi_temp html logs proxy_temp sbin scgi_temp uwsgi_temp

[root@nginx nginx]# cd certs/

[root@nginx certs]# cd

[root@nginx ~]# openssl req -newkey rsa:2048 -nodes -sha256 -keyout /usr/local/nginx/certs/huihui.org.key -x509 -days 365 -out /usr/local/nginx/certs/huihui.org.crt

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:Shaanxi

Locality Name (eg, city) [Default City]:Xi'an

Organization Name (eg, company) [Default Company Ltd]:lhx

Organizational Unit Name (eg, section) []:webserver

Common Name (eg, your name or your server's hostname) []:www.huihui.org

Email Address []:admin@huihui.org

[root@nginx ~]# cd /usr/local/nginx/

[root@nginx nginx]# cd certs/

[root@nginx certs]# ls huihui.org.crt huihui.org.key

[root@nginx certs]# cd ..

[root@nginx nginx]# cd conf.d/

[root@nginx conf.d]# ls

[root@nginx conf.d]# vim jiam.conf

server {
    listen 80;
    listen 443 ssl;
    server_name www.huihui.org;
    root /data/web/html;
    index index.html;
    ssl_certificate /usr/local/nginx/certs/huihui.org.crt;
    ssl_certificate_key /usr/local/nginx/certs/huihui.org.key;
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;
}

[root@nginx conf.d]# nginx -t

[root@nginx conf.d]# nginx -s reload

测试:

强制走加密:

[root@nginx conf.d]# vim jiam.conf

server {
    listen 80;
    listen 443 ssl;
    server_name www.huihui.org;
    root /data/web/html;
    index index.html;
    ssl_certificate /usr/local/nginx/certs/huihui.org.crt;
    ssl_certificate_key /usr/local/nginx/certs/huihui.org.key;
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

	location / {
		if ( $scheme = http ){
			rewrite /(.*) https://$host/$1 redirect;
			rewrite / https://$host redirect;	#如果不加,不管在浏览器上输入的对不对最后还是会访问https://www.huihui.org
		}
	}
}

[root@nginx conf.d]# nginx -s reload

[root@nginx conf.d]# curl -L www.huihui.org

curl: (60) SSL certificate problem: self-signed certificate

More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not

establish a secure connection to it. To learn more about this situation and

how to fix it, please visit the web page mentioned above.

[root@nginx conf.d]# curl -kL www.huihui.org

www.huihui.org

[root@nginx conf.d]# curl -I www.huihui.org

HTTP/1.1 302 Moved Temporarily

Server: nginx/1.26.2

Date: Mon, 19 Aug 2024 15:39:35 GMT

Content-Type: text/html

Content-Length: 145

Connection: keep-alive

Keep-Alive: timeout=60

Location: https://www.huihui.org

测试:

防盗链

在一个web 站点盗链另一个站点的资源信息,比如:图片、视频等

nginx:

[root@nginx conf.d]# mkdir -p /data/web/html/images

xftp传图片,一张在images里,一张在html里,两张图片不能放在一起;

[root@nginx ~]# cd /usr/local/nginx/ [root@nginx nginx]# cd conf.d/ [root@nginx conf.d]# ls jiam.conf status.conf vhost.conf

[root@nginx conf.d]# vim jiam.con

server {
    listen 80;
    listen 443 ssl;
    server_name www.hhhoo.org;
    root /data/web/html;
    index index.html;
    ssl_certificate /usr/local/nginx/certs/hhhoo.org.crt;
    ssl_certificate_key /usr/local/nginx/certs/hhhoo.org.key;
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

	location / {
       if ( $scheme = http ){
            rewrite /(.*) https://$host/$1 redirect;
        }

        if ( !-e $request_filename ){
            rewrite /(.*) https://$host/index.html redirect;
        }
    }


	location /images  {
        valid_referers none blocked server_names *.hhhoo.org ~/.baidu/.;
        if ( $invalid_referer ){
                rewrite ^/   http://www.hhhoo.org/shiwan.jpg;
        }


    }

}

web1:

[root@web1 ~]# dnf install httpd

[root@web1 ~]# cd /var/www/html

[root@web1 html]# ls

[root@web1 html]# vim index.html

<html>

  <head>
    <meta http-equiv=Content-Type content="text/html;charset=utf-8">
    <title>盗链</title>
</head>

  <body>
    <img src="http://www.hhhoo.org/images/he.jpg" >
    <h1 style="color:red">why not let me go oh</h1>
    <p><a href=http://www.hhhoo.org>你没事吧</a>你没事吧</p>
  </body>

</html>

测试:

[root@nginx conf.d]# vim jiam.conf

server {
    listen 80;
    listen 443 ssl;
    server_name www.hhhoo.org;
    root /data/web/html;
    index index.html;
    ssl_certificate /usr/local/nginx/certs/hhhoo.org.crt;
    ssl_certificate_key /usr/local/nginx/certs/hhhoo.org.key;
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

	location / {
        valid_referers none blocked server_names *.hhhoo.org ~/.baidu/.;
        if ( $invalid_referer ){
                return 404;
        }


    }

}

测试:

但是直接访问<www.hhhoo.org>

[root@nginx conf.d]# vim jiam.conf

server {
    listen 80;
    listen 443 ssl;
    server_name www.hhhoo.org;
    root /data/web/html;
    index index.html;
    ssl_certificate /usr/local/nginx/certs/hhhoo.org.crt;
    ssl_certificate_key /usr/local/nginx/certs/hhhoo.org.key;
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

	location /images  {
        valid_referers none blocked server_names *.hhhoo.org ~/.baidu/ .;
        if ( $invalid_referer ){
                rewrite ^/   http://www.hhhoo.org/images/he.jpg;
        }

    }
}

测试没有

some tips:

[root@nginx conf.d]# cat status.conf 
server {
    listen 80;
    server_name hx.hx.org;
    root /data/web/html;
    index index.html;

	location /status {
		stub_status;
		#auth_basic"login"
		#auth_basic_user_file "/use/local/nginx/.htpasswd"
	}
}

[root@nginx conf.d]# cat vars.conf 
#server {
#	listen 80;
#	server_name var.hh.org;
#	root /data/web/html;
#	index index.html;
#
#	location /break {
#		rewrite ^/break/(.*)  /test1/$1;
#		rewrite ^/test1/(.*)  /test2/$1;
#    }
#
#	location /last {
#		rewrite ^/last/(.*) /test1/$1;
#		rewrite ^/test1/(.*) /test2/$2;
#	}
#	location /test1 {
#		default_type text/html;
#		echo  "why not let me go oh,why you speak so low oh";
#	}
#	location /test2 {
#		root /data/web/html;
#	}
#}

[root@nginx conf.d]# cat vhost.conf 
server {
	listen 80;
	server_name www.huihui.org;
	root /data/web/html;
	index index.html;
	error_page 404  /40x.html;
	error_log /var/log/huihui.org/error.log;
	access_log /var/log/huihui.org/access.log;
	try_files $uri $uri.html $uri/index.html /error/default.html;


	location /hui {
		root /data/web;
		#auth_basic "login password !!";
		#auth_basic_user_file "/usr/local/nginx/.htpasswd";
	}
	location = /40x.html{
		root /data/web/errorpage;
		}
	location /download {
		root /data/web;
		autoindex on;
		autoindex_localtime on;
	}
}

Nginx 反向代理及动静分离

反向代理

通过location可以写

ngx_http_proxy_module: #将客户端的请求以http协议转发至指定服务器进行处理

ngx_http_upstream_module #用于定义为proxy_pass,fastcgi_pass(解析php),uwsgi_pass(解析python)#等指令引用的后端服务器分组

ngx_stream_proxy_module: #将客户端的请求以tcp协议转发至指定服务器处理(后端是两个dns、数据库)

ngx_http_fastcgi_module: #将客户端对php的请求以fastcgi协议转发至指定服务器助理

ngx_http_uwsgi_module: #将客户端对Python的请求以uwsgi协议转发至指定服务器处理

proxy_pass:只能写一个

反向代理单台 web 服务器

在nginx:

[root@nginx conf.d]# cd /usr/local/nginx/conf.d/

[root@nginx conf.d]# vim icome.conf

server {
    listen 80;
    server_name www.hhhoo.org;

    location / {
        proxy_pass http://172.25.254.10:80;
    }

}

[root@nginx conf.d]# nginx -s reload

测试:

[root@nginx conf.d]# curl 172.25.254.100 172.25.254.10

web2:

[root@web2 ~]# vim /etc/httpd/conf/httpd.conf

#Listen 12.34.56.78:80
Listen 8080
:wq

[root@web2 ~]# systemctl restart httpd

nginx:

[root@nginx conf.d]# vim icome.conf

server {
	listen 80;
	server_name www.hhhoo.org;

	location / {
		#proxy_pass http://172.25.254.10:80;
		proxy_pass http://172.25.254.20:8080;		#二选一
	}

}

[root@nginx conf.d]# nginx -s reload

测试:

如果想访问172.25.254.20:

[root@nginx conf.d]# vim icome.conf

server {
    listen 80;
    server_name www.hhhoo.org;

    location / {
        proxy_pass http://172.25.254.10:80;
        #proxy_pass http://172.25.254.20:8080;
    }
    location /static {								#加静态
        proxy_pass http://172.25.254.20:8080;
    }

}

[root@web2 ~]# mkdir -p /var/www/html/static

[root@web2 ~]# echo static 172.25.254.20 > /var/www/html/static/index.html

测试:

动静分离:

[root@nginx conf.d]# vim icome.conf

server {
    listen 80;
    server_name www.hhhoo.org;

    location ~ \.php$ {
        proxy_pass http://172.25.254.10:80;
        #proxy_pass http://172.25.254.20:8080;
    }
    location /static {
        proxy_pass http://172.25.254.20:8080;
    }

}

[root@web1 ~]# dnf install php -y

[root@web1 ~]# systemctl restart httpd

[root@web1 ~]# vim /var/www/html/index.php

<?php
  phpinfo();
?>

[root@web2 ~]# dnf install httpd

[root@web2 ~]# systemctl enable --now httpd Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service. [root@web2 ~]# echo 172.25.254.20 > /var/www/html/index.html [root@web2 ~]# vim /etc/httpd/conf/httpd.conf (把listen改为8080)

[root@web2 ~]# systemctl restart httpd [root@web2 ~]# mkdir -p /var/www/html/static [root@web2 ~]# echo static 172.25.254.20 > /var/www/html/static/index.html

测验:

静态

php

反向代理的缓存功能

[root@nginx conf.d]# vim /usr/local/nginx/conf/nginx.conf

加在http下

proxy_cache_path /apps/nginx/proxy_cache levels=1:2:2 keys_zone=proxycache:20m
inactive=120s max_size=1g;

[root@nginx conf.d]# vim icome.conf

server {
    listen 80;
    server_name www.hhhoo.org;

    location ~ \.php$ {
        proxy_pass http://172.25.254.10:80;
        #proxy_pass http://172.25.254.20:8080;
    }
    location /static {
        proxy_pass http://172.25.254.20:8080;
        proxy_cache proxycache;
        proxy_cache_key $request_uri;
        proxy_cache_valid 200 302 301 10m;
        proxy_cache_valid any 1m;
    }

}

[root@nginx conf.d]# nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[root@nginx conf.d]# nginx -s reload

Nginx的反向代理负载均衡

http upstream配置参数

#自定义一组服务器,配置在http块内

[root@nginx ~]# cd /usr/local/nginx/conf.d/

[root@nginx conf.d]# vim icome.conf

upstream webcluster {
	server 172.25.254.10:80 fail_timeout=15s max_fails=3;
	server 172.25.254.20:8080 fail_timeout=15s max_fails=3;
	server 172.25.254.100:80 backup;
}
server {
	listen 80;
	server_name www.hhhoo.org;
	
	location / {
		proxy_pass http://webcluster;
	}

}

[root@nginx conf.d]# nginx -s reload

测试:默认是轮询

[root@nginx conf.d]# vim icome.conf

upstream webcluster {
	ip_hash;(加入算法时backup不能写)
	server 172.25.254.10:80 fail_timeout=15s max_fails=3;
	server 172.25.254.20:8080 fail_timeout=15s max_fails=3;
	#server 172.25.254.100:80 backup;
}

测试:(hash算法------找最近的后端服务器)

hash $request_uri consistent;

在web1

[root@web1 ~]# mkdir -p /var/www/html/static [root@web1 ~]# echo 172.25.254.10 static > /var/www/html/static/index.html

测试:

hash $cookie_hui;

测试:

curl -b "hui=1"(取模运算) <www.hhhoo.org>

tcp负载均衡配置参数

web1、web2:都下载bind

[root@web1 ~]# dnf install bind -y

[root@web1 ~]# vim /etc/named.conf

注释
//      listen-on port 53 { 127.0.0.1; };
//      listen-on-v6 port 53 { ::1; };
//      allow-query     { localhost; };
        dnssec-validation no; 

[root@web1 ~]# vim /etc/named.rfc1912.zones

zone "hhhoo.org" IN {
        type master;
        file "hhhoo.org.zone";
        allow-update { none; };
};

[root@web1 ~]# cd /var/named/

[root@web1 named]# cp named.localhost hhhoo.org.zone -p

[root@web1 named]# vim hhhoo.org.zone

$TTL 1D
@       IN SOA  ns.hhhoo.org. root.hhhoo.org. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      ns.hhhoo.org.
ns      A       172.25.254.10
www     A		172.25.254.10

[root@web1 named]# dig <www.hhhoo.org> @172.25.254.10

; <<>> DiG 9.16.23-RH <<>> www.hhhoo.org @172.25.254.10

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35951

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 1232

; COOKIE: aac45499bb8562eb0100000066c6f9e2f0abc9b22209a6a8 (good)

;; QUESTION SECTION:

;www.hhhoo.org. IN A

;; ANSWER SECTION:

www.hhhoo.org. 86400 IN A 172.25.254.10

;; Query time: 0 msec

;; SERVER: 172.25.254.10#53(172.25.254.10)

;; WHEN: Thu Aug 22 16:42:10 CST 2024

;; MSG SIZE rcvd: 86

[root@web1 named]# scp -p /etc/named.{conf,rfc1912.zones} root@172.25.254.20:/etc/

cp到20

[root@web1 named]# scp -p /var/named/hhhoo.org.zone root@172.25.254.20:/var/named/hhhoo.org.zone

在web2把ip改成20

[root@web2 ~]# vim /var/named/hhhoo.org.zone

[root@web2 ~]# systemctl start named [root@web2 ~]# dig <www.hhhoo.org> @172.25.254.20

[root@web2 ~]# cd /var/named [root@web2 named]# ll

[root@web2 named]# chgrp named hhhoo.org.zone

[root@web2 named]# ll

总用量 20

[root@web2 named]# dig <www.hhhoo.org> @172.25.254.20

加数据库

在web1、web2上下载:

[root@web2 named]# dnf install mariadb-server -y

回nginx中加入:

[root@nginx conf.d]# vim dns.conf

stream {
	upstream dns { 
    server 172.25.254.10:53 fail_timeout=15s max_fails=3;
    server 172.25.254.20:53 fail_timeout=15s max_fails=3;
	}
	
	server {
    	listen 53 udp reuseport;
    	proxy_timeout 20s;
    	proxy_pass dns;
	}   

在主配置文件加入

[root@nginx conf.d]# vim /usr/local/nginx/conf/nginx.conf

events {
    worker_connections  1024;
    use epoll;
}

include "/usr/local/nginx/tcpconf.d/*.conf";			!!!

http {
    include       mime.types;
    default_type  application/octet-stream;

负载均衡:mysql

web1

[root@web1 ~]# vim /etc/my.cnf.d/mariadb-server.cnf

[mysqld]
server-id=10				!!
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
log-error=/var/log/mariadb/mariadb.log
pid-file=/run/mariadb/mariadb.pid

[root@web1 ~]# systemctl start mariadb.service

登陆mysql

MariaDB [(none)]> CREATE USER hhhoo@'%' identified by 'hhhoo';
Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> GRANT ALL ON *.* to hhhoo@'%';
Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> quit;
Bye

web2

[root@web2 ~]# vim /etc/my.cnf.d/mariadb-server.cnf

[mysqld]
server-id=20
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
log-error=/var/log/mariadb/mariadb.log
pid-file=/run/mariadb/mariadb.pid

[root@web2 ~]# systemctl start mariadb.service

MariaDB [(none)]> CREATE USER hhhoo@'%' identified by 'hhhoo';
Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> GRANT ALL ON *.* to hhhoo@'%';
Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> quit;
Bye

回nginx

[root@nginx conf.d]# vim dns.conf

stream {
	upstream dns { 
    server 172.25.254.10:53 fail_timeout=15s max_fails=3;
    server 172.25.254.20:53 fail_timeout=15s max_fails=3;
	}

	upstream mysql {												!!!
	server 172.25.254.10:3306 fail_timeout=15s max_fails=3;
	server 172.25.254.20:3306 fail_timeout=15s max_fails=3;
	}
	
	server {
	listen 53 udp reuseport;
	proxy_timeout 20s;
	proxy_pass dns;
}       

[root@nginx conf.d]# nginx -s reload

[root@nginx conf.d]# netstat -antlup | grep 3306

[root@nginx conf.d]# dnf install mariadb-server -y

[root@nginx conf.d]# mysql -u hhhoo -p -h 172.25.254.100

password:

MariaDB [(none)]>SELECT @@SERVER_id;

MariaDB [(none)]>quit

Nginx 源码编译php

重新编译

先把 /usr/local/里面的 nginx/conf.d/ 删除

[root@nginx ~]# rm -rf /usr/local/nginx/

xftp 上传压缩包:memc-nginx-module-0.20.tar.gz

srcache-nginx-module-0.33.tar.gz

[root@nginx ~]# tar zxf memc-nginx-module-0.20.tar.gz

[root@nginx ~]# tar zxf srcache-nginx-module-0.33.tar.gz

cd到 nginx1.26.2下

[root@nginx nginx-1.26.2]# ./configure --prefix=/usr/local/nginx \
> --add-module=/root/echo-nginx-module-0.63 \
> --add-module=/root/memc-nginx-module-0.20 \
> --add-module=/root/srcache-nginx-module-0.33 \
> --user=nginx \
> --group=nginx \
> --with-http_v2_module \
> --with-http_realip_module \
> --with-http_stub_status_module \
> --with-http_gzip_static_module \
> --with-stream \
> --with-stream_ssl_module \
> --with-stream_realip_module \
> --with-pcre

[root@nginx nginx-1.26.2]# make && make install

[root@nginx ~]# systemctl start nginx

[root@nginx ~]# ps aux | grep nginx

[root@nginx ~]# nginx -V

下载php安装包和openresty,xtfp上传到/root下

[root@nginx ~]# tar zxf php-8.3.9.tar.gz [root@nginx ~]# cd php-8.3.9/

[root@nginx php-8.3.9]# dnf whatprovides * /libsystemd *

[root@nginx php-8.3.9]# dnf install systemd-devel -y

[root@nginx php-8.3.9]# ./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd

[root@nginx php-8.3.9]# ./configure --prefix=/usr/local/php \

> --enable-fpm \

> --with-fpm-user=nginx \

> --with-fpm-group=nginx \

> --with-curl \

> --with-iconv \

> --with-mhash \

> --with-zlib \

> --with-openssl \

> --enable-mysqlnd \

> --with-mysqli \

> --with-pdo-mysql \

> --disable-debug \

> --enable-sockets \

> --enable-soap \

> --enable-xml \

> --enable-ftp \

> --enable-gd \

> --enable-exif \

> --enable-mbstring \

> --enable-bcmath \

> --with-fpm-systemd

一直报错没安装软件,可恶!!

找:dnf whatprovides * /libxml-2.0 *

下:dnf install libxml2-devel-2.9.13-2.el9.x86_64

编:./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd

> --dnf search sqlite3

>

> --dnf install sqlite-devel.x86_64 -y

>

> ------./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd

> ------dnf whatprovides */libcurl*

> ------ dnf install libcurl-devel-7.76.1-19.el9.x86_64 -y

> ------./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd

>

> ------ dnf search libpng-devel*

> ------ dnf install libpng-devel.x86_64 -y

> ------ ./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd

> ------ cd /mnt

>

> 去阿里云镜像站复制链接:

>

> ------ wget https://mirrors.aliyun.com/rockylinux/9.4/devel/x86_64/os/Packages/o/oniguruma-devel-6.9.6-1.el9.5.0.1.x86_64.rpm

> ------ ls

>

> 回镜像站下载软件包,cd到root下

>

> ------ dnf install oniguruma-6.9.6-1.el9.5.i686 -y

>

> ------dnf install oniguruma-devel-6.9.6-1.el9.5.x86_64.rpm

> ------ cd php-8.3.9/

> ------ ./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd

Nginx-php的配置

[root@nginx ~]# cd /usr/local/php/etc

[root@nginx etc]# ls php-fpm.conf.default php-fpm.d [root@nginx etc]# cp -p php-fpm.conf.default php-fpm.conf [root@nginx etc]# vim php-fpm.conf

打开pid

pid = run/php-fpm.pid

[root@nginx etc]# cd php-fpm.d/

[root@nginx php-fpm.d]# ls <www.conf.default>

[root@nginx php-fpm.d]# cp <www.conf.default> www.conf -p

[root@nginx php-fpm.d]# vim www.conf

[root@nginx php-fpm.d]# cd /root/php-8.3.9/

[root@nginx php-8.3.9]# ls

[root@nginx php-8.3.9]# cp php.ini-production /usr/local/php/etc/php.ini

[root@nginx php-8.3.9]# cd /usr/local/php/etc/

[root@nginx etc]# vim php.ini

date.timezone =Asia/Shanghai

生成启动脚本:

[root@nginx fpm]# cp php-fpm.service /lib/systemd/system/
[root@nginx fpm]# pwd
/root/php-8.3.9/sapi/fpm

[root@nginx fpm]# vim /lib/systemd/system/php-fpm.service

注释掉:

# Mounts the /usr, /boot, and /etc directories read-only for processes invoked by this unit.
#ProtectSystem=full

[root@nginx fpm]# systemctl daemon-reload

[root@nginx fpm]# systemctl start php-fpm.service

[root@nginx fpm]# netstat -antlupe | grep php

建议不要!!!! 修改监听端口

[root@nginx php]# cd etc/php-fpm.d/

[root@nginx php-fpm.d]# vim www.conf

listen = 0.0.0.0:9000

[root@nginx php-fpm.d]# systemctl restart php-fpm.service

[root@nginx php-fpm.d]# netstat -antlupe | grep php

tcp6 0 0 ::1:9000 :::* LISTEN 0 188205 215256/php-fpm: mas

Nginx和php的整合

[root@nginx bin]# mkdir -p /data/web/php

[root@nginx bin]# cd /usr/local/php/

[root@nginx bin]# ls

[root@nginx bin]# cd bin/

[root@nginx bin]# vim ~/.bash_profile

export 
PATH=$PATH:/usr/local/nginx/sbin:/usr/local/php/bin:/usr/local/php/sbin

[root@nginx bin]# source ~/.bash_profile

[root@nginx bin]# cd /data/web/php/

[root@nginx php]# ls

[root@nginx php]# vim index.php

<?php
  phpinfo();
?>
:wq

[root@nginx php]# cd /usr/local/

[root@nginx local]# ls

bin etc games include lib lib64 libexec nginx php sbin share src

[root@nginx local]# cd nginx/

[root@nginx nginx]# ls

client_body_temp conf fastcgi_temp html logs proxy_temp sbin scgi_temp uwsgi_temp

[root@nginx nginx]# mkdir conf.d

[root@nginx nginx]# vim conf/nginx.conf

include "/usr/local/nginx/conf.d/*.conf";

[root@nginx nginx]# cd conf.d/

[root@nginx conf.d]# ls

[root@nginx conf.d]# vim vhost.conf

server{
    listen 80;
    server_name www.hhhoo.org;
    root /data/web/html;
    index index.html;

    location ~ \.php$ {
    	root /data/web/php;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        include fastcgi.conf;
    }
}
相关推荐
上海运维Q先生3 分钟前
面试题整理15----K8s常见的网络插件有哪些
运维·网络·kubernetes
hhhhhhh_hhhhhh_12 分钟前
ubuntu18.04连接不上网络问题
linux·运维·ubuntu
冷心笑看丽美人20 分钟前
探秘 DNS 服务器:揭开域名解析的神秘面纱
linux·运维·服务器·dns
wenxiaocsdn25 分钟前
某科技局国产服务器PVE虚拟化技术文档
运维·服务器
深圳安锐科技有限公司1 小时前
首次接触结构安全自动化监测系统,价格高吗?后期维护?
运维·自动化
冬天vs不冷1 小时前
Linux用户与权限管理详解
linux·运维·chrome
凯子坚持 c2 小时前
深入Linux权限体系:守护系统安全的第一道防线
linux·运维·系统安全
摸鱼也很难5 小时前
Docker 镜像加速和配置的分享 && 云服务器搭建beef-xss
运维·docker·容器
woshilys6 小时前
sql server 查询对象的修改时间
运维·数据库·sqlserver
疯狂飙车的蜗牛6 小时前
从零玩转CanMV-K230(4)-小核Linux驱动开发参考
linux·运维·驱动开发