Nginx 服务器
Nginx是一款高性能的HTTP和反向代理服务器,能够选择高效的epoll、kqueue、eventport最为网络I/O模型,在高连接并发的情况下,能够支持高达5万个并发连接数的响应,而内存、CPU等系统资源消耗却非常低,运行非常稳定。
安装 nginx
bash
#安装nginx
[root@www ~ ]# yum install -y nginx
#启动
[root@www ~ ]# systemctl enable nginx --now
#准备主页
[root@www ~ ]# mv /usr/share/nginx/html/index.html{,.ori}
[root@www ~ ]# echo hello world from nginx > /usr/share/nginx/html/index.html
[root@client ~ ]# curl http://www.tongxi66.top
# windows客户端修改C:\Windows\System32\drivers\etc\hosts
# Linux或Unix修改 /etc/hosts
# 添加如下记录
10.1.8.10 www.tongxi66.top虚拟主机
同一个web服务器提供多个站点。
根据名称
bash
# 参考主配置文件/etc/nginx/nginx.conf中server块配置
[root@www ~]# vim /etc/nginx/conf.d/vhost-name.conf
bash
server {
server_name web1.tongxi66.top;
root /usr/share/nginx/web1;
}
server {
server_name web2.tongxi66.top;
root /usr/share/nginx/web2;
}
bash
[root@www ~]# mkdir /usr/share/nginx/web{1,2}
[root@www ~]# echo web1.tongxi66.top > /usr/share/nginx/web1
[root@www ~]# echo web2.tongxi66.top > /usr/share/nginx/web2
[root@www ~]# systemctl restart nginx客户端测试
bash
# 配置名称解析,假设web服务器ip地址为10.1.8.10
10.1.8.10 web1.tongxi66.top web2.tongxi66.top
[root@client ~]#curl http://web1.tongxi66.top
[root@client ~]#curl http://web2.tongxi66.top提示:清理环境,避免影响后续实验。
bash
#创建个新文件给/etc/nginx/conf.d/vhost-name.conf 移过去
[root@www ~ 10:23:48]# mkdir /etc/nginx/conf.d/vhosts
[root@www ~ 10:39:12]# mv /etc/nginx/conf.d/vhost-name.conf /etc/nginx/conf.d/vhosts根据 port
bash
[root@www ~]# vim /etc/nginx/conf.d/vhost-port.conf
bash
server {
listen 8081;
server_name www.tongxi66.top;
root /usr/share/nginx/web1.8081;
}
server {
listen 8082;
server_name www.tongxi66.top;
root /usr/share/nginx/web2.8082;
}
bash
[root@www ~]# mkdir /usr/share/nginx/808{1,2}
[root@www ~]# echo hello 8081 > /usr/share/nginx/web1.8081/index.html
[root@www ~]# echo hello 8082 > /usr/share/nginx/web2.8082/index.html
[root@www ~]# systemctl restart nginx客户端测试
bash
# 配置名称解析,假设web服务器ip地址为10.1.8.10
10.1.8.10 web1.tongxi66.top web2.tongxi66.top
[root@client ~]# curl http://www.tongxi66.top:8081
hello 8081
[root@client ~]# curl http://www.tongxi66.top:8082
hello 8082提示:清理环境,避免影响后续实验。
bash
[root@www ~ 10:39:12]# mv /etc/nginx/conf.d/vhost-port.conf /etc/nginx/conf.d/vhosts配置SSL/TLS
生成证书
bash
#--1--生成私钥
[root@www ~]# mkdir certs && cd certs
[root@www certs]# openssl genrsa -out www.key 2048
#--2--生成请求文件csr
[root@www certs]# openssl req -new -key www.key -out www.csr -subj "/C=CN/ST=JS/L=NJ/O=LM/OU=DEVOPS/CN=www.tongxi66.top/emailAddress='邮箱'"
#CN的值必须是网站域名
#--3--使用自己的私钥对请求文件签名,以生成证书
[root@www certs]# openssl x509 -req -days 3650 -in www.csr -signkey www.key -out www.crt配置站点
bash
[root@www certs]# mkdir /etc/ssl/certs/www.tongxi66.top
[root@www certs]# mv www* /etc/ssl/certs/www.tongxi66.top
# 参照默认配置修改
[root@www ~]# cp /etc/nginx/nginx.conf /etc/nginx/conf.d/vhost-www.tongxi66.top-ssl.conf
[root@www ~]# vim /etc/nginx/conf.d/vhost-www.tongxi66.top-ssl.conf
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.tongxi66.top;
root /usr/share/nginx/html;
# 证书
ssl_certificate "/etc/ssl/certs/www.tongxi66.top/www.crt";
# 私钥
ssl_certificate_key "/etc/ssl/certs/www.tongxi66.top/www.key";
}
[root@www ~]# systemctl restart nginx配置HTTP重定向到https
bash
[root@www ~]# vim /etc/nginx/conf.d/vhost-www.tongxi66.top-ssl.conf
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.tongxi66.top;
root /usr/share/nginx/html;
# 证书
ssl_certificate "/etc/ssl/certs/www.tongxi66.top/www.crt";
# 私钥
ssl_certificate_key "/etc/ssl/certs/www.tongxi66.top/www.key";
}
# 配置HTTP重定向到https
server {
listen 80;
listen [::]:80;
server_name www.tongxi66.top;
root /usr/share/nginx/html;
# 添加重定向
return 301 https://$host$request_uri;
}
[root@www ~]# systemctl restart nginx
# 测试
[root@client ~]# curl http://www.tongxi66.top/
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.20.1</center>
</body>
</html>
# 使用-k指明目标站点不是一个安全站点
[root@client ~]# curl -k https://www.tongxi66.top/配置基本认证(选学)
用户名和密码使用plain text发送,所以最好配置SSL/TLS。
bash
#安装工具
[root@www ~]# yum -y install httpd-tools
[root@www ~]# vim /etc/nginx/conf.d/ssl.conf
# add into the [server] section
server {
.....
location /auth-basic/ {
auth_basic "Basic Auth";
auth_basic_user_file "/etc/nginx/.htpasswd";
}
}
[root@www ~]# systemctl restart nginx
# add user for Basic authentication
[root@www ~]# yum install -y httpd-tools
[root@www ~]# htpasswd -b -c /etc/nginx/.htpasswd ltx 123
# create a test page
[root@www ~]# mkdir /usr/share/nginx/html/auth-basic
[root@www ~]# vim /usr/share/nginx/html/auth-basic/index.html
<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: ltx;">
Test Page for Basic Authentication
</div>
</body>
</html>
# 测试,通过-u选项指定用户名和密码
[root@client ~]# curl -ku ltx:123 https://www.tongxi66.top/auth-basic/支持动态脚本
使用 PHP
bash
# 安装PHP和php-fpm,建议把其他的扩展包一起安装
[root@www ~]# yum install -y php php-fpm
# php-fpm: 负责接收web程序发来的php代码
# php:负责解析和执行php代码,并将结果返回给php-fpm
# php-fpm 将结果返回给web程序,web程序将结果返回给客户端
#当客户端访问PHP站点时,web站点接受用户请求
#并转发PHP代码给php-fpm
#php-fpm服务调用
# 建议把其他的扩展包一起安装
[root@www ~]# yum install -y php-gd php-common php-pear php-mbstring php-mcrypt
# 查看 php 版本
[root@www ~]# php -v
# 测试 php 是否正常
[root@www ~]# echo "<?php echo 'PHP Test Page'.\"\n\"; ?>" > php_test.php
[root@www ~]# php php_test.php
PHP Test Page
# 准备测试页,使用phpinfo查看详细信息
[root@www ~]# echo "<?php phpinfo(); ?>" > /usr/share/nginx/html/info.php 配置虚拟机主机支持php
bash
# 修改配置文件
[root@www ~]# vim /etc/nginx/conf.d/vhost-www.tongxi66.top-ssl.conf
# add into the [server] section
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.tongxi66.top;
root /usr/share/nginx/html;
ssl_certificate "/etc/ssl/certs/www.tongxi66.top/www.crt";
ssl_certificate_key "/etc/ssl/certs/www.tongxi66.top/www.key";
# 添加代理
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
# 配置HTTP重定向到https
server {
listen 80;
listen [::]:80;
server_name www.tongxi66.top;
root /usr/share/nginx/html;
# 添加重定向
return 301 https://$host$request_uri;
}客户端测试
bash
[root@client ~]# curl -k https://www.tongxi66.top/info.phpwordpress服务器
客户端:网站公钥
服务端:网站私钥
非对称加密和解密开销比较大。
对称加密,加密和解密开销小,加密和解密钥匙只有1个,实现数据的保密性。
客户端使用网站公钥,将对称加密的钥匙,传给服务器,服务器使用私钥解密。
如何确保数据完整性?
数字签名 hash
bash
[root@www conf.d 14:46:28]# pwd
/etc/nginx/conf.d
[root@www conf.d 14:46:53]# ls
bak vhost-www.tongxi66.top-ssl.conf
[root@www conf.d 14:46:18]# cat vhost-www.tongxi66.top-ssl.conf
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.tongxi66.top;
root /usr/share/nginx/html;
ssl_certificate "/etc/ssl/certs/www.tongxi66.top/tongxi66.top.pem";
ssl_certificate_key "/etc/ssl/certs/www.tongxi66.top/tongxi66.top.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
# 配置HTTP重定向到https
server {
listen 80;
listen [::]:80;
server_name www.tongxi66.top;
root /usr/share/nginx/html;
# 添加重定向
return 301 https://$host$request_uri;
}网站根据动静:
动态:网页中有脚本文件(执行程序),当访问该页面的时候,页面中脚本会执行,将执行的结果返回给客户端。
例如用户查询双11期间买了哪些产品。这些购买记录是存储在数据库中的,此时需要执行select语句查询。
静态:就是普通的html网页、视频、图片等。
php 就是这么一种。
bash
[root@www ~]# echo "<?php echo 'PHP Test Page'.\"\n\"; ?>" > /usr/share/nginx/html/index.php
[root@www ~]# echo "<?php phpinfo(); ?>" > /usr/share/nginx/html/info.php
[root@www conf.d 16:18:25]# ls
vhosts vhost-www.tongxi66.top.conf
[root@www conf.d 16:18:28]# vim vhost-www.tongxi66.top.conf
# Settings for a TLS enabled server.
#
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.tongxi66.top;
root /usr/share/nginx/html;
ssl_certificate "/etc/pki/nginx/server.crt";
ssl_certificate_key "/etc/pki/nginx/private/server.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
#include /etc/nginx/default.d/*.conf;
# 添加代理
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
server_name www.tongxi66.top;
root /usr/share/nginx/html;
return 301 https://$host$request_uri;
}
# 部署wordpress
# 部署数据库
# 安装服务端
[root@blog ~]# yum install -y mariadb-server
# 启用并启动服务
[root@blog ~]# systemctl enable --now mariadb
# 配置防火墙
[root@blog ~]# firewall-cmd --permanent --add-service=mysql
[root@blog ~]# firewall-cmd --reload
# 加固 MariaDB
[root@blog ~]# mysql_secure_installation
# 交互式提示您进行更改,包括:
# - 为root帐户设置密码,例如redhat。
# - 禁止root帐户从本地主机外部访问数据库。
# - 删除匿名用户帐户。
# - 删除用于演示的test数据库。
[root@blog ~]# mysql -uroot -p
mysql> CREATE DATABASE wordpress;
mysql> CREATE USER wordpress@'%' identified by 'Laoma@123';
mysql> GRANT ALL PRIVILEGES ON wordpress.* TO 'wordpress'@'%';
mysql> FLUSH PRIVILEGES;
mysql> exit
# 测试
[root@www ~ 16:52:04]# mysql -u wordpress -pLaoma@123 wordpress -e 'select 1;'
+---+
| 1 |
+---+
| 1 |
+---+
# 部署 nginx
[root@blog ~]# yum install -y nginx
[root@blog ~]# echo 'Hello World !' > /usr/share/nginx/html/index.html
[root@blog ~]# systemctl enable nginx --now
# 部署 php
[root@blog ~]# yum install -y php php-fpm php-mysqlnd
[root@blog ~]# systemctl enable php-fpm.service --now
# 配置nginx对接php,新增配置文件
[root@blog ~]# vim /etc/nginx/default.d/php.conf
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
[root@blog ~]# systemctl restart nginx
# 准备 index.php
[root@blog ~]# cat > index.php <<EOF
<?php
echo "<h1>Hello World !</h1>\n";
?>
EOF
# 准备 test-mysql.php
[root@blog ~]# cat > test-mysql.php <<'EOF'
<?php
$link=mysqli_connect('10.1.8.10','wordpress','Laoma@123');
if($link)
echo "<h1>Connect Mysql Success !</h1>\n";
else
echo "<h1>Connect Mysql Failed !</h1>\n";
$link->close();
?>
EOF
# 准备 info.php
[root@blog ~]# cat > info.php <<EOF
<?php
phpinfo()
?>
EOF
# 移动到 Nginx 服务器默认主目录
[root@blog ~]# mv *.php /usr/share/nginx/html
## 准备虚拟主机
[root@www ~ 17:26:35]# vim /etc/nginx/conf.d/vhost-www.tongxi66.top.conf
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.tongxi66.top;
root /usr/share/nginx/html;
# 设置默认主页
index index.php;
ssl_certificate "/etc/pki/nginx/server.crt";
ssl_certificate_key "/etc/pki/nginx/private/server.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
}
server {
server_name www.tongxi66.top;
root /usr/share/nginx/html;
return 301 https://$host$request_uri;
}
# 如果不使用https,使用以下虚拟主机
[root@www ~ 17:26:35]# vim /etc/nginx/conf.d/vhost-www.tongxi66.top.conf
server {
server_name www.tongxi66.top;
root /usr/share/nginx/html;
index index.php;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
}
# 配置nginx对接php
[root@www ~ 17:29:53]# vim /etc/nginx/default.d/php.conf
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
[root@blog ~]# systemctl restart nginx
部署wordpress 网页
# 如果 Web 服务是 Nginx,则解压文件到/usr/share/nginx/html
[root@blog ~]# unzip -o wordpress-4.9.4-zh_CN.zip -d /usr/share/nginx/html
[root@blog ~]# chown -R nginx:nginx /usr/share/nginx/html/wordpress
# php-fpm 进程默认以 apache 用户身份运行,修改运行用户为 nginx,并重启服务
[root@blog ~]# vim /etc/php-fpm.d/www.conf
user=nginx
group=nginx
[root@blog ~]# systemctl restart php-fpm
客户端配置 blog.tongxi66.top 名称解析。访问http://blog.tongxi66.top/wordpress/。