Nginx实验-2

Nginx中的变量

变量可以分为内置变量和自定义变量

内置变量是由nginx模块自带，通过变量可以获取到众多的与客户端访问相关的值

root@nginx \~\]# cd /usr/local/nginx/ \[root@nginx nginx\]# cd conf.d/ \[root@nginx conf.d\]# ls status.conf vhost.conf \[root@nginx conf.d\]# vim vars.conf server { listen 80; server_name var.hh.org; root /data/web/html; index index.html; location /var { default_type text/html; echo "why not let me go oh"; } } \[root@nginx conf.d\]# vim /etc/hosts 在Linux中做解析 172.25.254.100 nginx.hui.org www.huihui.org hx.hx.org var.hh.org 测试： \[root@nginx conf.d\]# curl var.hh.org/var why not let me go oh > #nginx的内置变量 > > server { > > listen 80; > > server_name var.timinglee.org; > > root /data/web/html; > > index index.html; > > location /var { > > default_type text/html; > > echo $remote_addr; > > echo $args; > > echo $is_args; > > echo $document_root; > > echo $document_uri; > > echo $host; > > echo $remote_port; > > echo $remote_user; > > echo $request_method; > > echo $request_filename; > > echo $request_uri; > > echo $scheme; > > echo $server_protocol; > > echo $server_addr; > > echo $server_name; > > echo $server_port; > > echo $http_user_agent; > > echo $http_cookie; > > echo $cookie_key2; > > } > > } #nginx自定义变量 server { listen 80; server_name var.timinglee.org; root /data/web/html; index index.html; location /var { default_type text/html; set $hh hui; echo $hh; } } 返回值 \[root@nginx conf.d\]# curl -b "key1=x,key2=y1" -u lee:lee var.hh.org/var?name=hui\&\&id=6666 why not let me go oh 172.25.254.100 name=hui ? /data/web/html /var var.hh.org 34140 lee GET /data/web/html/var /var?name=hui http HTTP/1.1 172.25.254.100 var.hh.org 80 curl/7.76.1 key1=x,key2=y1 ### Nginx Rewrite模块功能 **if** **指令** 注意： #如果$变量的值为空字符串或0，则if指令认为该条件为false，其他条件为true。 #nginx 1.0.1之前$变量的值如果以0开头的任意字符串会返回false eg：if判定 \[root@nginx conf.d\]# vim vars.conf location /test2 { if ( !-e $request_filename ){ echo "$request_filename is not exist"; return 409; } } \[root@nginx conf.d\]# nginx -s reload > \[root@nginx conf.d\]# curl var.hh.org/test2 > > \ > > \\409 Conflict\\ > > \ > > \\409 Conflict\\ > > \\nginx/1.26.2\ > > \ > > \ \[root@nginx conf.d\]# curl var.hh.org/test2 /data/web/html/test2 is not exist 文件不存在 \[root@nginx conf.d\]# mkdir -p /data/web/html/test2/ \[root@nginx conf.d\]# echo test2 \> /data/web/html/test2/index.html \[root@nginx conf.d\]# curl var.hh.org/test2/index.html test2 **set** **指令** 指定key并给其定义一个变量，变量可以调用Nginx内置变量赋值给key（#自定义变量） set $name hui; echo $name; 返回值 hui **break** **指令** eg：break \[root@nginx conf.d\]# vim vars.conf location /break { default_type text/html; set $name love; echo $name; #break; set $id 666; echo $id; } \[root@nginx conf.d\]# nginx -s reload 返回值 \[root@nginx conf.d\]# curl var.hh.org/break love 666 location /break { default_type text/html; set $name love; echo $name; break; set $id 666; echo $id; } \[root@nginx conf.d\]# nginx -s reload \[root@nginx conf.d\]# curl var.hh.org/break love \[root@nginx conf.d\]# vim vars.conf location /break { default_type text/html; set $name love; echo $name; if ( $http_user_agent = "curl/7.76.1" ){ break; } set $id 666; echo $id; } \[root@nginx conf.d\]# curl var.hh.org/break love \[root@nginx conf.d\]# curl -A "firefox" var.hh.org/break love 666 **return** **指令** \[root@nginx conf.d\]# vim vars.conf location /return { default_type text/html; if ( !-e $request_filename){ return 301 http://www.baidu.com; #没有找到文件就访问百度 } echo "$request_filename is exist"; } \[root@nginx conf.d\]# nginx -s reload \[root@nginx conf.d\]# curl -I var.hh.org/return HTTP/1.1 301 Moved Permanently Server: nginx/1.26.2 Date: Mon, 19 Aug 2024 06:23:53 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive Keep-Alive: timeout=60 Location: [百度一下，你就知道](http://www.baidu.com "百度一下，你就知道") 没有查找到文件，访问百度 \[root@nginx conf.d\]# mkdir -p /data/web/html/return \[root@nginx conf.d\]# curl -I var.hh.org/return HTTP/1.1 200 OK Server: nginx/1.26.2 Date: Mon, 19 Aug 2024 06:33:04 GMT Content-Type: text/html Connection: keep-alive Keep-Alive: timeout=60 Vary: Accept-Encoding **rewrite** **指令** 通过正则表达式的匹配来改变URI，可以同时存在一个或多个指令，按照顺序依次对URI进行匹配， rewrite主要是针对用户请求的URL或者是URI做具体处理 语法格式 ： rewrite regex replacement \[flag\]; **flag** **说明** > redirect;#临时重定向 重写完成后以临时重定向方式直接返回重写后生成的新URL给客户端 > 浏览器里不会存放重写产生的新的配置文件信息 > permanent; #重写完成后以永久重定向方式直接返回重写后生成的新URL给客户端 > #由客户端重新发起请求，状态码：301 > break;#重写完成后,停止对当前URL在当前location中后续的其它重写操作 > #而后直接跳转至重写规则配置块之后的其它配置，结束循环，建议在location中使用 > #适用于一个URL一次重写 > last;#重写完成后,停止对当前URI在当前location中后续的其它重写操作， > #而后对新的URL启动新一轮重写检查，不建议在location中使用 > #适用于一个URL多次重写，要注意避免出现超过十次以及URL重写后返回错误的给用户 \[root@nginx conf.d\]# vim vars.conf location / { root /data/web/var; index index.html; #rewrite / http://www.huihui.com permanent; #永久 #rewrite / http://www.huihui.com redirect; #临时 } \[root@nginx conf.d\]# mkdir /data/web/var -p \[root@nginx conf.d\]# echo var page \> /data/web/var/index.html \[root@nginx conf.d\]# nginx -s reload \[root@nginx conf.d\]# curl var.hh.org var page \[root@nginx conf.d\]# curl \[root@nginx conf.d\]# vim vars.conf \[root@nginx conf.d\]# nginx -s reload [root@nginx conf.d]# curl var.hh.org

301 Moved Permanently

---

nginx/1.26.2 \[root@nginx conf.d\]# curl -I var.hh.org HTTP/1.1 301 Moved Permanently Server: nginx/1.26.2 Date: Mon, 19 Aug 2024 07:43:48 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive Keep-Alive: timeout=60 Location: http://www.huihui.com 在Windows加编译：var.huihui.org  location / { root /data/web/var; index index.html; #rewrite / http://www.huihui.com permanent; #永久 }   location / { root /data/web/var; index index.html; rewrite / http://www.timinglee.com redirect; }   #break 和last 创建文件： \[root@nginx conf.d\]# mkdir /data/web/html/{test1,test2,break,last} -p 写入内容： \[root@nginx conf.d\]# echo test1 \> /data/web/html/test1/index.html \[root@nginx conf.d\]# echo test2 \> /data/web/html/test2/index.html \[root@nginx conf.d\]# echo last \> /data/web/html/last/index.html \[root@nginx conf.d\]# echo break \> /data/web/html/break/index.html \[root@nginx conf.d\]# vim vars.conf server { listen 80; server_name var.hh.org; root /data/web/html; index index.html; location /break { rewrite ^/break/(.*) /test1/$1; #break 如果输入break访问的时候会返回test1的值，中断下面查找test2 rewrite ^/test1/(.*) /test2/$1; } location /last { rewrite ^/last/(.*) /test1/$1; rewrite ^/test1/(.*) /test2/$2; } location /test1 { default_type text/html; echo "why not let me go oh,why you speak so low oh"; } location /test2 { root /data/web/html; } } 访问结果：     ### Nginx-rewrite的企业级防盗链 全站加密 创建一个认证目录： \[root@nginx conf.d\]# cd /usr/local/nginx/ \[root@nginx nginx\]# ls client_body_temp conf conf.d fastcgi_temp html logs proxy_temp sbin scgi_temp uwsgi_temp \[root@nginx nginx\]# mkdir certs \[root@nginx nginx\]# ls certs client_body_temp conf conf.d fastcgi_temp html logs proxy_temp sbin scgi_temp uwsgi_temp \[root@nginx nginx\]# cd certs/ \[root@nginx certs\]# cd \[root@nginx \~\]# openssl req -newkey rsa:2048 -nodes -sha256 -keyout /usr/local/nginx/certs/huihui.org.key -x509 -days 365 -out /usr/local/nginx/certs/huihui.org.crt > Country Name (2 letter code) \[XX\]:CN > > State or Province Name (full name) \[\]:Shaanxi > > Locality Name (eg, city) \[Default City\]:Xi'an > > Organization Name (eg, company) \[Default Company Ltd\]:lhx > > Organizational Unit Name (eg, section) \[\]:webserver > > Common Name (eg, your name or your server's hostname) \[\]:www.huihui.org > > Email Address \[\]:admin@huihui.org \[root@nginx \~\]# cd /usr/local/nginx/ \[root@nginx nginx\]# cd certs/ \[root@nginx certs\]# ls huihui.org.crt huihui.org.key \[root@nginx certs\]# cd .. \[root@nginx nginx\]# cd conf.d/ \[root@nginx conf.d\]# ls 无 \[root@nginx conf.d\]# vim jiam.conf server { listen 80; listen 443 ssl; server_name www.huihui.org; root /data/web/html; index index.html; ssl_certificate /usr/local/nginx/certs/huihui.org.crt; ssl_certificate_key /usr/local/nginx/certs/huihui.org.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; } \[root@nginx conf.d\]# nginx -t \[root@nginx conf.d\]# nginx -s reload 测试：   强制走加密： \[root@nginx conf.d\]# vim jiam.conf server { listen 80; listen 443 ssl; server_name www.huihui.org; root /data/web/html; index index.html; ssl_certificate /usr/local/nginx/certs/huihui.org.crt; ssl_certificate_key /usr/local/nginx/certs/huihui.org.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; location / { if ( $scheme = http ){ rewrite /(.*) https://$host/$1 redirect; rewrite / https://$host redirect; #如果不加，不管在浏览器上输入的对不对最后还是会访问https://www.huihui.org } } } > \[root@nginx conf.d\]# nginx -s reload > > \[root@nginx conf.d\]# curl -L www.huihui.org > > curl: (60) SSL certificate problem: self-signed certificate > > More details here: https://curl.se/docs/sslcerts.html > > curl failed to verify the legitimacy of the server and therefore could not > > establish a secure connection to it. To learn more about this situation and > > how to fix it, please visit the web page mentioned above. > > \[root@nginx conf.d\]# curl -kL www.huihui.org > > www.huihui.org > > \[root@nginx conf.d\]# curl -I www.huihui.org > > HTTP/1.1 302 Moved Temporarily > > Server: nginx/1.26.2 > > Date: Mon, 19 Aug 2024 15:39:35 GMT > > Content-Type: text/html > > Content-Length: 145 > > Connection: keep-alive > > Keep-Alive: timeout=60 > > Location: https://www.huihui.org 测试：  > 防盗链 > > 在一个web 站点盗链另一个站点的资源信息，比如:图片、视频等 > > nginx： > > \[root@nginx conf.d\]# mkdir -p /data/web/html/images > > xftp传图片，一张在images里，一张在html里，两张图片不能放在一起； > > \[root@nginx \~\]# cd /usr/local/nginx/ \[root@nginx nginx\]# cd conf.d/ \[root@nginx conf.d\]# ls jiam.conf status.conf vhost.conf > > \[root@nginx conf.d\]# vim jiam.con server { listen 80; listen 443 ssl; server_name www.hhhoo.org; root /data/web/html; index index.html; ssl_certificate /usr/local/nginx/certs/hhhoo.org.crt; ssl_certificate_key /usr/local/nginx/certs/hhhoo.org.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; location / { if ( $scheme = http ){ rewrite /(.*) https://$host/$1 redirect; } if ( !-e $request_filename ){ rewrite /(.*) https://$host/index.html redirect; } } location /images { valid_referers none blocked server_names *.hhhoo.org ~/.baidu/.; if ( $invalid_referer ){ rewrite ^/ http://www.hhhoo.org/shiwan.jpg; } } } web1： \[root@web1 \~\]# dnf install httpd \[root@web1 \~\]# cd /var/www/html \[root@web1 html\]# ls \[root@web1 html\]# vim index.html

why not let me go oh

你没事吧你没事吧

测试：   \[root@nginx conf.d\]# vim jiam.conf server { listen 80; listen 443 ssl; server_name www.hhhoo.org; root /data/web/html; index index.html; ssl_certificate /usr/local/nginx/certs/hhhoo.org.crt; ssl_certificate_key /usr/local/nginx/certs/hhhoo.org.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; location / { valid_referers none blocked server_names *.hhhoo.org ~/.baidu/.; if ( $invalid_referer ){ return 404; } } } 测试：   但是直接访问  \[root@nginx conf.d\]# vim jiam.conf server { listen 80; listen 443 ssl; server_name www.hhhoo.org; root /data/web/html; index index.html; ssl_certificate /usr/local/nginx/certs/hhhoo.org.crt; ssl_certificate_key /usr/local/nginx/certs/hhhoo.org.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; location /images { valid_referers none blocked server_names *.hhhoo.org ~/.baidu/ .; if ( $invalid_referer ){ rewrite ^/ http://www.hhhoo.org/images/he.jpg; } } } 测试没有 some tips: [root@nginx conf.d]# cat status.conf server { listen 80; server_name hx.hx.org; root /data/web/html; index index.html; location /status { stub_status; #auth_basic"login" #auth_basic_user_file "/use/local/nginx/.htpasswd" } } [root@nginx conf.d]# cat vars.conf #server { # listen 80; # server_name var.hh.org; # root /data/web/html; # index index.html; # # location /break { # rewrite ^/break/(.*) /test1/$1; # rewrite ^/test1/(.*) /test2/$1; # } # # location /last { # rewrite ^/last/(.*) /test1/$1; # rewrite ^/test1/(.*) /test2/$2; # } # location /test1 { # default_type text/html; # echo "why not let me go oh,why you speak so low oh"; # } # location /test2 { # root /data/web/html; # } #} [root@nginx conf.d]# cat vhost.conf server { listen 80; server_name www.huihui.org; root /data/web/html; index index.html; error_page 404 /40x.html; error_log /var/log/huihui.org/error.log; access_log /var/log/huihui.org/access.log; try_files $uri $uri.html $uri/index.html /error/default.html; location /hui { root /data/web; #auth_basic "login password !!"; #auth_basic_user_file "/usr/local/nginx/.htpasswd"; } location = /40x.html{ root /data/web/errorpage; } location /download { root /data/web; autoindex on; autoindex_localtime on; } } ### Nginx 反向代理及动静分离 反向代理 通过location可以写 > ngx_http_proxy_module: #将客户端的请求以http协议转发至指定服务器进行处理 > > ngx_http_upstream_module #用于定义为proxy_pass,fastcgi_pass（解析php）,uwsgi_pass（解析python）#等指令引用的后端服务器分组 > > ngx_stream_proxy_module: #将客户端的请求以tcp协议转发至指定服务器处理（后端是两个dns、数据库） > > ngx_http_fastcgi_module: #将客户端对php的请求以fastcgi协议转发至指定服务器助理 > > ngx_http_uwsgi_module: #将客户端对Python的请求以uwsgi协议转发至指定服务器处理 proxy_pass：只能写一个 **反向代理单台** **web** **服务器** 在nginx： \[root@nginx conf.d\]# cd /usr/local/nginx/conf.d/ \[root@nginx conf.d\]# vim icome.conf server { listen 80; server_name www.hhhoo.org; location / { proxy_pass http://172.25.254.10:80; } } \[root@nginx conf.d\]# nginx -s reload 测试： \[root@nginx conf.d\]# curl 172.25.254.100 172.25.254.10  web2： \[root@web2 \~\]# vim /etc/httpd/conf/httpd.conf #Listen 12.34.56.78:80 Listen 8080 :wq \[root@web2 \~\]# systemctl restart httpd nginx： \[root@nginx conf.d\]# vim icome.conf server { listen 80; server_name www.hhhoo.org; location / { #proxy_pass http://172.25.254.10:80; proxy_pass http://172.25.254.20:8080; #二选一 } } \[root@nginx conf.d\]# nginx -s reload 测试：  如果想访问172.25.254.20： \[root@nginx conf.d\]# vim icome.conf server { listen 80; server_name www.hhhoo.org; location / { proxy_pass http://172.25.254.10:80; #proxy_pass http://172.25.254.20:8080; } location /static { #加静态 proxy_pass http://172.25.254.20:8080; } } \[root@web2 \~\]# mkdir -p /var/www/html/static \[root@web2 \~\]# echo static 172.25.254.20 \> /var/www/html/static/index.html 测试：  动静分离： \[root@nginx conf.d\]# vim icome.conf server { listen 80; server_name www.hhhoo.org; location ~ \.php$ { proxy_pass http://172.25.254.10:80; #proxy_pass http://172.25.254.20:8080; } location /static { proxy_pass http://172.25.254.20:8080; } } \[root@web1 \~\]# dnf install php -y \[root@web1 \~\]# systemctl restart httpd \[root@web1 \~\]# vim /var/www/html/index.php \[root@web2 \~\]# dnf install httpd \[root@web2 \~\]# systemctl enable --now httpd Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service. \[root@web2 \~\]# echo 172.25.254.20 \> /var/www/html/index.html \[root@web2 \~\]# vim /etc/httpd/conf/httpd.conf （把listen改为8080） \[root@web2 \~\]# systemctl restart httpd \[root@web2 \~\]# mkdir -p /var/www/html/static \[root@web2 \~\]# echo static 172.25.254.20 \> /var/www/html/static/index.html 测验： 静态   php  ### 反向代理的缓存功能 \[root@nginx conf.d\]# vim /usr/local/nginx/conf/nginx.conf 加在http下 proxy_cache_path /apps/nginx/proxy_cache levels=1:2:2 keys_zone=proxycache:20m inactive=120s max_size=1g; \[root@nginx conf.d\]# vim icome.conf server { listen 80; server_name www.hhhoo.org; location ~ \.php$ { proxy_pass http://172.25.254.10:80; #proxy_pass http://172.25.254.20:8080; } location /static { proxy_pass http://172.25.254.20:8080; proxy_cache proxycache; proxy_cache_key $request_uri; proxy_cache_valid 200 302 301 10m; proxy_cache_valid any 1m; } } \[root@nginx conf.d\]# nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful \[root@nginx conf.d\]# nginx -s reload ### Nginx的反向代理负载均衡 **http upstream配置参数** #自定义一组服务器，配置在http块内 \[root@nginx \~\]# cd /usr/local/nginx/conf.d/ \[root@nginx conf.d\]# vim icome.conf upstream webcluster { server 172.25.254.10:80 fail_timeout=15s max_fails=3; server 172.25.254.20:8080 fail_timeout=15s max_fails=3; server 172.25.254.100:80 backup; } server { listen 80; server_name www.hhhoo.org; location / { proxy_pass http://webcluster; } } \[root@nginx conf.d\]# nginx -s reload 测试：默认是轮询  \[root@nginx conf.d\]# vim icome.conf upstream webcluster { ip_hash;(加入算法时backup不能写) server 172.25.254.10:80 fail_timeout=15s max_fails=3; server 172.25.254.20:8080 fail_timeout=15s max_fails=3; #server 172.25.254.100:80 backup; } 测试：（hash算法------找最近的后端服务器）  hash $request_uri consistent; 在web1 \[root@web1 \~\]# mkdir -p /var/www/html/static \[root@web1 \~\]# echo 172.25.254.10 static \> /var/www/html/static/index.html 测试:  hash $cookie_hui; 测试： curl -b "hui=1"(取模运算)  **tcp负载均衡配置参数** web1、web2：都下载bind \[root@web1 \~\]# dnf install bind -y \[root@web1 \~\]# vim /etc/named.conf 注释 // listen-on port 53 { 127.0.0.1; }; // listen-on-v6 port 53 { ::1; }; // allow-query { localhost; }; dnssec-validation no; \[root@web1 \~\]# vim /etc/named.rfc1912.zones zone "hhhoo.org" IN { type master; file "hhhoo.org.zone"; allow-update { none; }; }; \[root@web1 \~\]# cd /var/named/ \[root@web1 named\]# cp named.localhost hhhoo.org.zone -p \[root@web1 named\]# vim hhhoo.org.zone $TTL 1D @ IN SOA ns.hhhoo.org. root.hhhoo.org. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS ns.hhhoo.org. ns A 172.25.254.10 www A 172.25.254.10 \[root@web1 named\]# dig @172.25.254.10 > ; \<\<\>\> DiG 9.16.23-RH \<\<\>\> www.hhhoo.org @172.25.254.10 > > ;; global options: +cmd > > ;; Got answer: > > ;; -\>\>HEADER\<\<- opcode: QUERY, status: NOERROR, id: 35951 > > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > > ; EDNS: version: 0, flags:; udp: 1232 > > ; COOKIE: aac45499bb8562eb0100000066c6f9e2f0abc9b22209a6a8 (good) > > ;; QUESTION SECTION: > > ;www.hhhoo.org. IN A > > ;; ANSWER SECTION: > > www.hhhoo.org. 86400 IN A 172.25.254.10 > > ;; Query time: 0 msec > > ;; SERVER: 172.25.254.10#53(172.25.254.10) > > ;; WHEN: Thu Aug 22 16:42:10 CST 2024 > > ;; MSG SIZE rcvd: 86 \[root@web1 named\]# scp -p /etc/named.{conf,rfc1912.zones} root@172.25.254.20:/etc/ cp到20 \[root@web1 named\]# scp -p /var/named/hhhoo.org.zone root@172.25.254.20:/var/named/hhhoo.org.zone 在web2把ip改成20 \[root@web2 \~\]# vim /var/named/hhhoo.org.zone \[root@web2 \~\]# systemctl start named \[root@web2 \~\]# dig @172.25.254.20 \[root@web2 \~\]# cd /var/named \[root@web2 named\]# ll \[root@web2 named\]# chgrp named hhhoo.org.zone \[root@web2 named\]# ll 总用量 20 \[root@web2 named\]# dig @172.25.254.20 加数据库 在web1、web2上下载： \[root@web2 named\]# dnf install mariadb-server -y 回nginx中加入： [root@nginx conf.d]# vim dns.conf stream { upstream dns { server 172.25.254.10:53 fail_timeout=15s max_fails=3; server 172.25.254.20:53 fail_timeout=15s max_fails=3; } server { listen 53 udp reuseport; proxy_timeout 20s; proxy_pass dns; } 在主配置文件加入 \[root@nginx conf.d\]# vim /usr/local/nginx/conf/nginx.conf events { worker_connections 1024; use epoll; } include "/usr/local/nginx/tcpconf.d/*.conf"; ！！！ http { include mime.types; default_type application/octet-stream; **负载均衡：mysql** web1 \[root@web1 \~\]# vim /etc/my.cnf.d/mariadb-server.cnf [mysqld] server-id=10 ！！ datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock log-error=/var/log/mariadb/mariadb.log pid-file=/run/mariadb/mariadb.pid \[root@web1 \~\]# systemctl start mariadb.service 登陆mysql MariaDB [(none)]> CREATE USER hhhoo@'%' identified by 'hhhoo'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> GRANT ALL ON *.* to hhhoo@'%'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> quit; Bye web2 \[root@web2 \~\]# vim /etc/my.cnf.d/mariadb-server.cnf [mysqld] server-id=20 datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock log-error=/var/log/mariadb/mariadb.log pid-file=/run/mariadb/mariadb.pid \[root@web2 \~\]# systemctl start mariadb.service MariaDB [(none)]> CREATE USER hhhoo@'%' identified by 'hhhoo'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> GRANT ALL ON *.* to hhhoo@'%'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> quit; Bye 回nginx \[root@nginx conf.d\]# vim dns.conf stream { upstream dns { server 172.25.254.10:53 fail_timeout=15s max_fails=3; server 172.25.254.20:53 fail_timeout=15s max_fails=3; } upstream mysql { ！！！ server 172.25.254.10:3306 fail_timeout=15s max_fails=3; server 172.25.254.20:3306 fail_timeout=15s max_fails=3; } server { listen 53 udp reuseport; proxy_timeout 20s; proxy_pass dns; } \[root@nginx conf.d\]# nginx -s reload \[root@nginx conf.d\]# netstat -antlup \| grep 3306 \[root@nginx conf.d\]# dnf install mariadb-server -y \[root@nginx conf.d\]# mysql -u hhhoo -p -h 172.25.254.100 password: MariaDB [(none)]>SELECT @@SERVER_id; MariaDB [(none)]>quit ### Nginx 源码编译php 重新编译 先把 /usr/local/里面的 nginx/conf.d/ 删除 \[root@nginx \~\]# rm -rf /usr/local/nginx/ xftp 上传压缩包：memc-nginx-module-0.20.tar.gz srcache-nginx-module-0.33.tar.gz \[root@nginx \~\]# tar zxf memc-nginx-module-0.20.tar.gz \[root@nginx \~\]# tar zxf srcache-nginx-module-0.33.tar.gz cd到 nginx1.26.2下 [root@nginx nginx-1.26.2]# ./configure --prefix=/usr/local/nginx \ > --add-module=/root/echo-nginx-module-0.63 \ > --add-module=/root/memc-nginx-module-0.20 \ > --add-module=/root/srcache-nginx-module-0.33 \ > --user=nginx \ > --group=nginx \ > --with-http_v2_module \ > --with-http_realip_module \ > --with-http_stub_status_module \ > --with-http_gzip_static_module \ > --with-stream \ > --with-stream_ssl_module \ > --with-stream_realip_module \ > --with-pcre \[root@nginx nginx-1.26.2\]# make \&\& make install \[root@nginx \~\]# systemctl start nginx \[root@nginx \~\]# ps aux \| grep nginx \[root@nginx \~\]# nginx -V 下载php安装包和openresty，xtfp上传到/root下 \[root@nginx \~\]# tar zxf php-8.3.9.tar.gz \[root@nginx \~\]# cd php-8.3.9/ \[root@nginx php-8.3.9\]# dnf whatprovides \* /libsystemd \* \[root@nginx php-8.3.9\]# dnf install systemd-devel -y \[root@nginx php-8.3.9\]# ./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd > \[root@nginx php-8.3.9\]# ./configure --prefix=/usr/local/php \\ > > \> --enable-fpm \\ > > \> --with-fpm-user=nginx \\ > > \> --with-fpm-group=nginx \\ > > \> --with-curl \\ > > \> --with-iconv \\ > > \> --with-mhash \\ > > \> --with-zlib \\ > > \> --with-openssl \\ > > \> --enable-mysqlnd \\ > > \> --with-mysqli \\ > > \> --with-pdo-mysql \\ > > \> --disable-debug \\ > > \> --enable-sockets \\ > > \> --enable-soap \\ > > \> --enable-xml \\ > > \> --enable-ftp \\ > > \> --enable-gd \\ > > \> --enable-exif \\ > > \> --enable-mbstring \\ > > \> --enable-bcmath \\ > > \> --with-fpm-systemd 一直报错没安装软件，可恶！！ > 找：dnf whatprovides \* /libxml-2.0 \* > > 下：dnf install libxml2-devel-2.9.13-2.el9.x86_64 > > 编：./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd > > \> --dnf search sqlite3 > > \> > > \> --dnf install sqlite-devel.x86_64 -y > > \> > > \> ------./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd > > \> ------dnf whatprovides \*/libcurl\* > > \> ------ dnf install libcurl-devel-7.76.1-19.el9.x86_64 -y > > \> ------./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd > > \> > > \> ------ dnf search libpng-devel\* > > \> ------ dnf install libpng-devel.x86_64 -y > > \> ------ ./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd > > \> ------ cd /mnt > > \> > > \> 去阿里云镜像站复制链接： > > \> > > \> ------ wget https://mirrors.aliyun.com/rockylinux/9.4/devel/x86_64/os/Packages/o/oniguruma-devel-6.9.6-1.el9.5.0.1.x86_64.rpm > > \> ------ ls > > \> > > \> 回镜像站下载软件包，cd到root下 > > \> > > \> ------ dnf install oniguruma-6.9.6-1.el9.5.i686 -y > > \> > > \> ------dnf install oniguruma-devel-6.9.6-1.el9.5.x86_64.rpm > > \> ------ cd php-8.3.9/ > > \> ------ ./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd ### Nginx-php的配置 \[root@nginx \~\]# cd /usr/local/php/etc \[root@nginx etc\]# ls php-fpm.conf.default php-fpm.d \[root@nginx etc\]# cp -p php-fpm.conf.default php-fpm.conf \[root@nginx etc\]# vim php-fpm.conf 打开pid pid = run/php-fpm.pid \[root@nginx etc\]# cd php-fpm.d/ \[root@nginx php-fpm.d\]# ls \[root@nginx php-fpm.d\]# cp www.conf -p \[root@nginx php-fpm.d\]# vim www.conf \[root@nginx php-fpm.d\]# cd /root/php-8.3.9/ \[root@nginx php-8.3.9\]# ls \[root@nginx php-8.3.9\]# cp php.ini-production /usr/local/php/etc/php.ini \[root@nginx php-8.3.9\]# cd /usr/local/php/etc/ \[root@nginx etc\]# vim php.ini date.timezone =Asia/Shanghai 生成启动脚本： [root@nginx fpm]# cp php-fpm.service /lib/systemd/system/ [root@nginx fpm]# pwd /root/php-8.3.9/sapi/fpm \[root@nginx fpm\]# vim /lib/systemd/system/php-fpm.service 注释掉： # Mounts the /usr, /boot, and /etc directories read-only for processes invoked by this unit. #ProtectSystem=full \[root@nginx fpm\]# systemctl daemon-reload \[root@nginx fpm\]# systemctl start php-fpm.service \[root@nginx fpm\]# netstat -antlupe \| grep php 建议不要！！！！ 修改监听端口 \[root@nginx php\]# cd etc/php-fpm.d/ \[root@nginx php-fpm.d\]# vim www.conf listen = 0.0.0.0:9000 \[root@nginx php-fpm.d\]# systemctl restart php-fpm.service \[root@nginx php-fpm.d\]# netstat -antlupe \| grep php tcp6 0 0 ::1:9000 :::\* LISTEN 0 188205 215256/php-fpm: mas ### Nginx和php的整合 \[root@nginx bin\]# mkdir -p /data/web/php \[root@nginx bin\]# cd /usr/local/php/ \[root@nginx bin\]# ls \[root@nginx bin\]# cd bin/ \[root@nginx bin\]# vim \~/.bash_profile export PATH=$PATH:/usr/local/nginx/sbin:/usr/local/php/bin:/usr/local/php/sbin \[root@nginx bin\]# source \~/.bash_profile \[root@nginx bin\]# cd /data/web/php/ \[root@nginx php\]# ls \[root@nginx php\]# vim index.php ：wq \[root@nginx php\]# cd /usr/local/ \[root@nginx local\]# ls bin etc games include lib lib64 libexec nginx php sbin share src \[root@nginx local\]# cd nginx/ \[root@nginx nginx\]# ls client_body_temp conf fastcgi_temp html logs proxy_temp sbin scgi_temp uwsgi_temp \[root@nginx nginx\]# mkdir conf.d \[root@nginx nginx\]# vim conf/nginx.conf include "/usr/local/nginx/conf.d/*.conf"; \[root@nginx nginx\]# cd conf.d/ \[root@nginx conf.d\]# ls \[root@nginx conf.d\]# vim vhost.conf server{ listen 80; server_name www.hhhoo.org; root /data/web/html; index index.html; location ~ \.php$ { root /data/web/php; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi.conf; } }