LNMP环境搭建与配置
1 安装MySQL
LNMP中MySQL的安装步骤和LAMP一样。
- 下载软件包:
# cd /usr/local/src/
# wget http://mirrors.sohu.com/mysql/MySQL-5.6/mysql-5.6.36-linux-glibc2.5-x86_64.tar.gz #下载mysql二进制包- 初始化:
# tar zxf mysql-5.6.36-linux-glibc2.5-x86_64.tar.gz #解压二进制包
# [ -d /usr/local/mysql ] && mv /usr/local/mysql /usr/local/mysql_old
# mv mysql-5.6.36-linux-glibc2.5-x86_64 /usr/local/mysql
# useradd -s /sbin/nologin mysql #创建用户mysql
# cd /usr/local/mysql
# mkdir -p data/mysql #创建datadir,数据库文件会放到这里
# chown -R mysql:mysql data/mysql #更改权限,否则后面会出问题
# ./scripts/mysql_install_db --user=mysql --datadir=/usr/local/mysql/data/mysql #这里datadir尽量使用绝对路径,不然后面可能报错
FATAL ERROR: please install the following Perl modules before executing ./scripts/mysql_install_db:
Data::Dumper #有报错,安装所缺包
# yum list |grep -i dumper
perl-Data-Dumper.x86_64 2.145-3.el7 @base
perl-XML-Dumper.noarch 0.81-17.el7 base
# yum install -y perl-Data-Dumper.x86_64
# ./scripts/mysql_install_db --user=mysql --datadir=/usr/local/mysql/data/mysql
Installing MySQL system tables..../bin/mysqld: error while loading shared libraries: libaio.so.1: cannot open shared object file: No such file or directory #再次报错,安装所缺包
# yum install -y libaio-devel
# ./scripts/mysql_install_db --user=mysql --datadir=/usr/local/mysql/data/mysql #有两个OK,就说明初始化成功
# echo $?
0 #检验上条命令是否执行成功,0表示执行成功- 配置MySQL:
# cp support-files/my-default.cnf /etc/my.cnf
cp:是否覆盖"/etc/my.cnf"? y
# vim /etc/my.cnf #修改配置文件如下
[mysqld]
# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
innodb_buffer_pool_size = 128M
# Remove leading # to turn on a very important data integrity option: logging
# changes to the binary log between backups.
# log_bin =
# These are commonly set, remove the # and set as required.
basedir = /usr/local/mysql #这里做3处修改,basedir 是MySQL包所在的路径,datadir 是定义的存放数据的地方,port 定义MySQL服务监听的端口,如果不定义默认就是3306
datadir = /usr/local/mysql/data/mysql
port = 3306
# server_id = .....
# socket = .....
# Remove leading # to set options mainly useful for reporting servers.
# cp support-files/mysql.server /etc/init.d/mysqld
# chmod 755 /etc/init.d/mysqld
# vim /etc/init.d/mysqld
basedir=/usr/local/mysql
datadir=/usr/local/mysql/data/mysql #修改成这样
# chkconfig --add mysqld #将mysqld加入系统服务项
# chkconfig mysqld on #设置开机启动- 启动MySQL:
# service mysqld start #启动mysqld服务
Starting MySQL.Logging to '/usr/local/mysql/data/mysql/localhost.localdomain.err'.
. SUCCESS! #mysqld服务启动成功
# netstat -lntp |grep 3306 #检验mysqld服务是否启动成功,查看是否在监听3306端口
tcp6 0 0 :::3306 :::* LISTEN 3655/mysqld2 安装PHP
- 下载源码包:
# cd /usr/local/src/
# wget http://cn2.php.net/distributions/php-5.6.36.tar.gz- 解压源码包,创建账号:
# tar zxf php-5.6.36.tar.gz
# useradd -s /sbin/nologin php-fpm- 配置编译选项:
# ./configure \
> --prefix=/usr/local/php-fpm \
> --with-config-file-path=/usr/local/php-fpm/etc \
> --enable-fpm \
> --with-fpm-user=php-fpm \
> --with-fpm-group=php-fpm \
> --with-mysql=/usr/local/mysql \
> --with-mysql-sock=/tmp/mysql.sock \
> --with-libxml-dir \
> --with-gd \
> --with-jpeg-dir \
> --with-png-dir \
> --with-freetype-dir \
> --with-iconv-dir \
> --with-zlib-dir \
> --with-mcrypt \
> --enable-soap \
> --enable-gd-native-ttf \
> --enable-ftp \
> --enable-mbstring \
> --enable-exif \
> --disable-ipv6 \
> --with-pear \
> --with-curl \
> --with-openssl #多了--enable-fpm,如果不加该参数,则不会有php-fpm执行文件生成,更不能启动php-fpm服务- 错误1:
checking for cc... no
checking for gcc... no
configure: error: in `/usr/local/src/php-5.6.36':
configure: error: no acceptable C compiler found in $PATH
See `config.log' for more details
# yum install -y gcc #这里提示安装gcc,是因为我用了新的虚拟机
# ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl #继续执行这一步- 错误2:
checking for xml2-config path...
configure: error: xml2-config not found. Please check your libxml2 installation.
# yum list |grep libxml2
libxml2.x86_64 2.9.1-6.el7_2.3 @anaconda
libxml2.i686 2.9.1-6.el7_2.3 base
libxml2-devel.i686 2.9.1-6.el7_2.3 base
libxml2-devel.x86_64 2.9.1-6.el7_2.3 base
libxml2-python.x86_64 2.9.1-6.el7_2.3 base
libxml2-static.i686 2.9.1-6.el7_2.3 base
libxml2-static.x86_64 2.9.1-6.el7_2.3 base
# yum install -y libxml2-devel.x86_64 #安装libxml-devel
# ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl #继续执行这一步- 错误3:
configure: error: Cannot find OpenSSL's <evp.h>
# yum install -y openssl openssl-devel #安装openssl和openssl-devel
# ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl #继续执行这一步- 错误4:
checking for cURL in default path... not found
configure: error: Please reinstall the libcurl distribution -
easy.h should be in <curl-dir>/include/curl/
# yum install -y libcurl-devel #安装libcurl-devel
# ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl #继续执行这一步- 错误5:
configure: error: jpeglib.h not found.
# yum -y install libjpeg-devel #安装libjpeg-devel
# ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl #继续执行这一步- 错误6:
configure: error: png.h not found.
# yum install -y libpng libpng-devel #安装libpng-devel
# ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl #继续执行这一步- 错误7:
configure: error: freetype-config not found.
# yum install -y freetype freetype-devel #安装freetype-devel
# ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl #继续执行这一步- 错误8:
configure: error: mcrypt.h not found. Please reinstall libmcrypt.
# yum install -y epel-release
# yum install -y libmcrypt-devel #安装libmcrypt-devel(安装之前要安装epel-release这个扩展源)
# ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl #继续执行这一步- 终于不再提示错误,有这样的信息:
+--------------------------------------------------------------------+
| License: |
| This software is subject to the PHP License, available in this |
| distribution in the file LICENSE. By continuing this installation |
| process, you are bound by the terms of this license agreement. |
| If you do not agree with the terms of this license, you must abort |
| the installation process at this point. |
+--------------------------------------------------------------------+
Thank you for using PHP.
config.status: creating php5.spec
config.status: creating main/build-defs.h
config.status: creating scripts/phpize
config.status: creating scripts/man1/phpize.1
config.status: creating scripts/php-config
config.status: creating scripts/man1/php-config.1
config.status: creating sapi/cli/php.1
config.status: creating sapi/fpm/php-fpm.conf
config.status: creating sapi/fpm/init.d.php-fpm
config.status: creating sapi/fpm/php-fpm.service
config.status: creating sapi/fpm/php-fpm.8
config.status: creating sapi/fpm/status.html
config.status: creating sapi/cgi/php-cgi.1
config.status: creating ext/phar/phar.1
config.status: creating ext/phar/phar.phar.1
config.status: creating main/php_config.h
config.status: executing default commands这就说明PHP配置编译参数完成。
- 编译php:
# make
Build complete.
Don't forget to run 'make test'.
# echo $?
0编译完成(在这一步,也有可能会遇到问题)。
- 安装php:
# make install
Wrote PEAR system config file at: /usr/local/php-fpm/etc/pear.conf
You may want to add: /usr/local/php-fpm/lib/php to your php.ini include_path
/usr/local/src/php-5.6.36/build/shtool install -c ext/phar/phar.phar /usr/local/php-fpm/bin
ln -s -f phar.phar /usr/local/php-fpm/bin/phar
Installing PDO headers: /usr/local/php-fpm/include/php/ext/pdo/
# echo $?
0安装完成。
- 修改配置文件:
# cp php.ini-production /usr/local/php-fpm/etc/php.ini
# vim /usr/local/php-fpm/etc/php-fpm.conf #这里是新文件,直接复制粘贴下面的脚本内容即可
[global]
pid = /usr/local/php-fpm/var/run/php-fpm.pid
error_log = /usr/local/php-fpm/var/log/php-fpm.log
[www]
listen = /tmp/php-fcgi.sock
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
# /usr/local/php-fpm/sbin/php-fpm -t
[01-Jul-2018 21:08:57] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful #显示 test is successful ,说明配置没有问题- 启动php-fpm:
# cp /usr/local/src/php-5.6.36/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
# chmod 755 /etc/init.d/php-fpm
# useradd -s /sbin/nologin php-fpm
useradd:用户“php-fpm”已存在 #如果之前进行过这一步,那这里就可以省略
# service php-fpm start
Starting php-fpm done
# ps aux |grep php-fpm #检测php-fpm是否启动
root 30222 0.0 0.1 123452 4812 ? Ss 21:14 0:00 php-fpm: master process (/usr/local/php-fpm/etc/php-fpm.conf)
php-fpm 30223 0.0 0.1 123452 4580 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30224 0.0 0.1 123452 4580 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30225 0.0 0.1 123452 4580 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30226 0.0 0.1 123452 4580 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30227 0.0 0.1 123452 4584 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30228 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30229 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30230 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30231 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30232 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30233 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30234 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30235 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30236 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30237 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30238 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30239 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30240 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30241 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www
php-fpm 30242 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www
root 30248 0.0 0.0 112720 980 pts/0 S+ 21:16 0:00 grep --color=auto php-fpm #说明php-fpm成功启动
# chkconfig php-fpm on #设置php-fpm开机启动3 安装Nginx
- 下载和解压Nginx:
# cd /usr/local/src/
# wget http://nginx.org/download/nginx-1.12.1.tar.gz
# tar zxf nginx-1.12.1.tar.gz- 配置编译选项:
# cd nginx-1.12.1
# ./configure --prefix=/usr/local/nginx
Configuration summary
+ using system PCRE library
+ OpenSSL library is not used
+ using system zlib library
nginx path prefix: "/usr/local/nginx"
nginx binary file: "/usr/local/nginx/sbin/nginx"
nginx modules path: "/usr/local/nginx/modules"
nginx configuration prefix: "/usr/local/nginx/conf"
nginx configuration file: "/usr/local/nginx/conf/nginx.conf"
nginx pid file: "/usr/local/nginx/logs/nginx.pid"
nginx error log file: "/usr/local/nginx/logs/error.log"
nginx http access log file: "/usr/local/nginx/logs/access.log"
nginx http client request body temporary files: "client_body_temp"
nginx http proxy temporary files: "proxy_temp"
nginx http fastcgi temporary files: "fastcgi_temp"
nginx http uwsgi temporary files: "uwsgi_temp"
nginx http scgi temporary files: "scgi_temp"
# echo $?
0- 编译和安装Nginx:
# make
# echo $?
0
# make install
# echo $?
0- 编写Nginx启动脚本,并加入系统服务:
# vim /etc/init.d/nginx #写入下面内容
- 1
#!/bin/bash
# chkconfig: - 30 21
# description: http service.
# Source Function Library
. /etc/init.d/functions
# Nginx Settings
NGINX_SBIN="/usr/local/nginx/sbin/nginx"
NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
NGINX_PID="/usr/local/nginx/logs/nginx.pid"
RETVAL=0
prog="Nginx"
start()
{
echo -n $"Starting $prog: "
mkdir -p /dev/shm/nginx_temp
daemon $NGINX_SBIN -c $NGINX_CONF
RETVAL=$?
echo
return $RETVAL
}
stop()
{
echo -n $"Stopping $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -TERM
rm -rf /dev/shm/nginx_temp
RETVAL=$?
echo
return $RETVAL
}
reload()
{
echo -n $"Reloading $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -HUP
RETVAL=$?
echo
return $RETVAL
}
restart()
{
stop
start
}
configtest()
{
$NGINX_SBIN -c $NGINX_CONF -t
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
restart
;;
configtest)
configtest
;;
*)
echo $"Usage: $0 {start|stop|reload|restart|configtest}"
RETVAL=1
esac
exit $RETVAL
# chmod 755 /etc/init.d/nginx #更改启动脚本权限
# chkconfig --add nginx #将Nginx加入系统服务项
# chkconfig nginx on #设置Nginx开机启动- 更改Nginx的配置文件:
# > /usr/local/nginx/conf/nginx.conf # > 表示重定向,单独使用时,可以把一个文本文档快速清空
# vim /usr/local/nginx/conf/nginx.conf #写入下面内容
user nobody nobody;
worker_processes 2;
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 6000;
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 3526;
server_names_hash_max_size 4096;
log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
' $host "$request_uri" $status'
' "$http_referer" "$http_user_agent"';
sendfile on;
tcp_nopush on;
keepalive_timeout 30;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 8 4k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
client_max_body_size 10m;
client_body_buffer_size 256k;
client_body_temp_path /usr/local/nginx/client_body_temp;
proxy_temp_path /usr/local/nginx/proxy_temp;
fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
fastcgi_intercept_errors on;
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css text/htm
application/xml;
server
{
listen 80;
server_name localhost;
index index.html index.htm index.php;
root /usr/local/nginx/html;
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
}
}
}
# /usr/local/nginx/sbin/nginx -t #检验配置文件是否有问题
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful #显示上面两行说明配置正确- 启动Nginx:
# service nginx start #启动Nginx服务
Starting nginx (via systemctl): [ 确定 ] #如果不能启动,可以查看/usr/local/nginx/logs/error.log文件
# ps aux |grep nginx #检验Nginx服务是否启动
root 32821 0.0 0.0 20540 624 ? Ss 21:47 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody 32822 0.0 0.0 22984 3204 ? S 21:47 0:00 nginx: worker process
nobody 32823 0.0 0.0 22984 3204 ? S 21:47 0:00 nginx: worker process
root 32825 0.0 0.0 112720 984 pts/0 S+ 21:48 0:00 grep --color=auto nginx可以看到,Nginx服务成功启动。
- 测试是否正确解析PHP:
# vim /usr/local/nginx/html/1.php
<?php
echo "php解析正常";
?>
# curl localhost/1.php
php解析正常[root@localhost nginx-1.12.1]# 说明PHP解析正常。
4 Nginx配置
LNMP环境搭建好之后,其实仅仅是安装上了软件,我们还有很多具体的配置工作要做。
默认虚拟主机
默认虚拟主机指的是,任何一个域名指向这台服务器,只要是没有对应的虚拟主机,就会由这个默认虚拟主机来处理。
与httpd相同,在Nginx中也有默认虚拟主机,并且类似的,第一个被Nginx加载的虚拟主机就是默认主机。但不同的是,它还有一个配置用来标记默认虚拟主机,也就是说,如果没有这个标记,第一个虚拟主机为默认虚拟主机。
- 要先修改主配置文件:
# vim /usr/local/nginx/conf/nginx.conf
include vhost/*.conf; #在结束符号 } 上面加入这行配置
}上面那行配置就是加载/usr/local/nginx/conf/vhost/下面的所有以.conf结尾的文件,这样我们就可以把所有虚拟主机的配置文件放到vhost目录下面了。
- 编辑默认主机配置文件:
# mkdir /usr/local/nginx/conf/vhost
# cd /usr/local/nginx/conf/vhost
# vim default.conf #这里是新文件,写入下面内容
server
{
listen 80 default_server; #有这个 default_server 标记的就是默认虚拟主机
server_name 123.com;
index index.html index.htm index.php;
root /data/nginx/default;
}- 验证上面配置:
# /usr/local/nginx/sbin/nginx -t #检验上面配置
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful #说明配置没有问题
# /usr/local/nginx/sbin/nginx -s reload #重载配置,这样就不用重启了
# mkdir -p /data/nginx/default/
# echo "default" > /data/nginx/default/index.html #创建索引页
# curl -x127.0.0.1:80 123.com
default
# curl -x192.168.33.128:80 123.com
default #这里输入127.0.0.1和192.168.33.128(linux的IP)都行
# curl -x127.0.0.1:80 aaa.com
default #访问一个没有定义过的域名,也会访问到123.com如果想让浏览器访问到这个,可以这样:
# iptables -I INPUT -p tcp --dport 80 -j ACCEPT #打开linux的80端口然后再在浏览器上访问即可
用户认证
在用户访问网站的时候,需要输入用户名密码才能顺利访问,一些重要的站点或网站后台通常会加上用户认证,目的当然是保障安全。
- 创建一个新的虚拟主机:
# cd /usr/local/nginx/conf/vhost/
# vim test.com.conf #这是新文件,写入下面内容
server
{
listen 80;
server_name test.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
location /
{
auth_basic "Auth"; #auth_basic打开用户认证
auth_basic_user_file /usr/local/nginx/conf/htpasswd; #指定用户密码文件
}
}- 验证上面配置:
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# /usr/local/nginx/sbin/nginx -s reload
# yum install -y httpd #安装httpd,因为生成密码文件需要用到htpasswd命令
# htpasswd -c /usr/local/nginx/conf/htpasswd lzx #创建lzx用户,并设置密码
New password:
Re-type new password:
Adding password for user lzx
# mkdir /data/nginx/test.com
# echo "test" > /data/nginx/test.com/index.html
# curl -x127.0.0.1:80 test.com -I
HTTP/1.1 401 Unauthorized #状态码401说明该网站需要验证
Server: nginx/1.12.1
Date: Thu, 05 Jul 2018 08:06:39 GMT
Content-Type: text/html
Content-Length: 195
Connection: keep-alive
WWW-Authenticate: Basic realm="Auth"打开Windows的hosts文件,加入一行:
192.168.33.128 test.com然后在浏览器中访问test.com
点击取消之后出现
输入账号密码
然后出现
另外,如果是针对某个目录做用户认证,需要配置location后面的路径:
location /admin/ #这里以admin目录为例
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}域名重定向
Nginx和httpd的域名重定向和httpd的类似。
- 配置虚拟主机文件:
# vim test.com.conf
server
{
listen 80;
server_name test.com test1.com test2.com; #Nginx中,server_name 后面可以跟多个域名
index index.html index.htm index.php;
root /data/nginx/test.com;
if ($host != 'test.com')
{
rewrite ^/(.*)$ http://test.com/$1 permanent; #permanent为永久重定向,相当于httpd的R=301;还有个redirect,为临时重定向,相当于R=302
}
} - 验证上面配置:
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# /usr/local/nginx/sbin/nginx -s reload
# curl -x127.0.0.1:80 test1.com/123.txt -I
HTTP/1.1 301 Moved Permanently #301 永久moved
Server: nginx/1.12.1
Date: Thu, 05 Jul 2018 08:41:51 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: http://test.com/123.txt #这里变成test.com/123.txtNginx的访问日志
- 先查看一下Nginx的日志格式:
# grep -A2 log_format /usr/local/nginx/conf/nginx.conf
log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
' $host "$request_uri" $status'
' "$http_referer" "$http_user_agent"';和httpd类似,也是在主配置文件中定义的日志格式
combined_realip 日志格式的名字,后面可以调用它;
$remote_addr 访问网站的用户的出口ip;
$http_x_forwarded_for 代理服务器的ip,如果使用了代理则会记录代理的ip;
$time_local 当前的时间;
$host 访问的主机名;
$request_uri 访问的URL地址;
$status 状态码;
$http_referer referer地址;
$http_user_agent user_agent。 - 指定访问日志的路径:
# cd /usr/local/nginx/conf/vhost/
# vim test.com.conf
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
if ($host != 'test.com')
{
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
access_log /tmp/1.log combined_realip; #使用access_log来指定日志的存储路径,最后面指定日志的格式名字
}- 验证上面配置:
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# /usr/local/nginx/sbin/nginx -s reload
# curl -x127.0.0.1:80 test.com/111
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.12.1</center>
</body>
</html>
# cat /tmp/1.log
127.0.0.1 - [06/Jul/2018:11:15:12 +0800] test.com "/111" 404 "-" "curl/7.29.0" #curl访问记录
192.168.33.1 - [06/Jul/2018:11:18:35 +0800] test.com "/" 200 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36" #Windows上面浏览器访问记录
192.168.33.1 - [06/Jul/2018:11:18:35 +0800] test.com "/favicon.ico" 404 "http://test.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
192.168.33.1 - [06/Jul/2018:11:18:41 +0800] test.com "/111" 404 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"Nginx的日志比较简单,但没有像httpd那样自带的切割工具,要想切割Ngin日志需要借助系统的切割工具或自定义脚本。
这里我们自定义一个日志切割脚本:
# vim /usr/local/sbin/nginx_log_rotate.sh #写入下面内容
#! /bin/bash
d= `data -d "-1 day" +%Y%m%d`
logdir="/data/logs" #假设Nginx的日志存放路径为/data/logs
nginx_pid="/usr/local/nginx/logs/nginx.log"
cd $logdir
for log in `ls *.log`
do
mv $log $log-$d
done
/bin/kill -HUP `cat $nginx_pid`写完脚本之后,还需要增加任务计划:
0 0 * * * /bin/bash /usr/local/sbin/nginx_log_rotate.sh配置静态文件不记录日志并添加过期时间
- 修改虚拟主机配置文件:
# vim test.com.conf
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
if ($host != 'test.com')
{
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ #指定对于的静态文件
{
expires 7d; #配置过期时间
access_log off; #off就不记录访问日志了
}
location ~ .*\.(js|css)$
{
expires 12h;
access_log off;
}
access_log /tmp/1.log combined_realip;
} - 验证上面配置:
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# /usr/local/nginx/sbin/nginx -s reload
# echo "111" > /data/nginx/test.com/1.js #创建js文件
# echo "222" > /data/nginx/test.com//2.jpg #创建jpg文件
# touch /data/nginx/test.com/3.jss #创建一个对比文件
# curl -x127.0.0.1:80 test.com/1.js -I
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Fri, 06 Jul 2018 03:52:47 GMT
Content-Type: application/javascript
Content-Length: 4
Last-Modified: Fri, 06 Jul 2018 03:50:55 GMT
Connection: keep-alive
ETag: "5b3ee71f-4"
Expires: Fri, 06 Jul 2018 15:52:47 GMT
Cache-Control: max-age=43200 #43200秒即12小时,js文件过期时间为12h
Accept-Ranges: bytes
# curl -x127.0.0.1:80 test.com/2.jpg -I
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Fri, 06 Jul 2018 03:56:15 GMT
Content-Type: image/jpeg
Content-Length: 4
Last-Modified: Fri, 06 Jul 2018 03:51:35 GMT
Connection: keep-alive
ETag: "5b3ee747-4"
Expires: Fri, 13 Jul 2018 03:56:15 GMT
Cache-Control: max-age=604800 #jpg文件过期时间为7天
Accept-Ranges: bytes
# curl -x127.0.0.1:80 test.com/3.jss -I #jss文件无过期时间
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Fri, 06 Jul 2018 03:57:33 GMT
Content-Type: application/octet-stream
Content-Length: 0
Last-Modified: Fri, 06 Jul 2018 03:52:00 GMT
Connection: keep-alive
ETag: "5b3ee760-0"
Accept-Ranges: bytes
# cat /tmp/1.log
127.0.0.1 - [06/Jul/2018:11:15:12 +0800] test.com "/111" 404 "-" "curl/7.29.0"
192.168.33.1 - [06/Jul/2018:11:18:35 +0800] test.com "/" 200 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
192.168.33.1 - [06/Jul/2018:11:18:35 +0800] test.com "/favicon.ico" 404 "http://test.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
192.168.33.1 - [06/Jul/2018:11:18:41 +0800] test.com "/111" 404 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
127.0.0.1 - [06/Jul/2018:11:57:33 +0800] test.com "/3.jss" 200 "-" "curl/7.29.0"这里可以看到,并没有js和jpg文件的访问日志记录。
Nginx防盗链
- 修改虚拟主机的配置文件:
# vim test.com.conf
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
if ($host != 'test.com')
{
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
{
expires 7d;
valid_referers none blocked server_names *.test.com;
if ($invalid_referer)
{
return 403;
}
access_log off;
}
access_log /tmp/1.log combined_realip;
} - 验证上面配置:
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# /usr/local/nginx/sbin/nginx -s reload
# curl -x127.0.0.1:80 -e "http://123.com/1.txt" test.com/2.jpg -I #使用-e选项时,必须补全http://
HTTP/1.1 403 Forbidden
Server: nginx/1.12.1
Date: Fri, 06 Jul 2018 04:13:19 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
# curl -x127.0.0.1:80 -e "http://test.com/1.txt" test.com/2.jpg -I
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Fri, 06 Jul 2018 04:15:06 GMT
Content-Type: image/jpeg
Content-Length: 4
Last-Modified: Fri, 06 Jul 2018 03:51:35 GMT
Connection: keep-alive
ETag: "5b3ee747-4"
Expires: Fri, 13 Jul 2018 04:15:06 GMT
Cache-Control: max-age=604800 #过期时间为7d
Accept-Ranges: bytes可以看到不仅有过期时间,还有防盗链的功能。
访问控制
Nginx需要限制某些IP不能访问或只允许某些IP访问,配置访问和httpd类似。
- 使访问admin目录的请求只允许192.168.33.128和127.0.0.1访问:
location /admin/
{
allow 192.168.33.128;
allow 127.0.0.1;
deny all;
}配置httpd的时候还有个order来先定义allow或deny,在Nginx中没有,只要逐条匹配规则就结束了。
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# /usr/local/nginx/sbin/nginx -s reload
# mkdir /data/nginx/test.com/admin/
# echo "123" > /data/nginx/test.com/admin/1.html
# curl -x127.0.0.1:80 test.com/admin/1.html
123
# curl -x192.168.33.129:80 test.com/admin/1.html
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.12.1</center>
</body>
</html>配置文件中的IP也可以为IP段,比如可以写成allow 192.168.33.0/24。如果只是拒绝几个IP,可以写成这样:
location /admin/
{
deny 192.168.33.128;
deny 127.0.0.1;
}Nginx默认就是允许所有,所以不需要写allow all。
另外,还可以根据正则匹配来限制:
location ~ .*(abc|image)/.*\.php$ #禁止解析PHP
{
return 403;
}|为分隔符,表示“或”的意思,这样就可以把访问的URL中带有abc或者image字符串,并且是PHP的请求拒绝访问。
在Nginx里,也可以针对user_agent做一些限制:
if ($http_user_agent ~ `Spider/3.0|YoudaoBot|Tomato`)
{
return 403;
}~为匹配符,只要user_agent中含有Spider3.0或者YoudaoBot或者Tomato字符串的,都会被拒绝。
Nginx解析PHP
在LNMP中,PHP是以一个服务(php—fpm)的形式存在的,首先要启动php-fpm服务,然后Nginx再和php-fpm通信。
下面是相关配置:
# vim test.com.conf
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
if ($host != 'test.com')
{
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/nginx/test.com$fastcgi_script_name;
}
access_log /tmp/1.log combined_realip;
}其中fastcgi_pass用来指定php-fom的地址,fastcgi_param SCRIPT_FILENAME后面跟的路径为该站点的根目录,必须和前面定义的root的路径保持一致,否则会报502错误。
Nginx代理
Nginx的代理功能非常实用,如果一个没有公网IP的服务器要提供web服务,就可以通过Nginx代理来实现。如果Nginx后面有多台服务器,如果同时代理,那Nginx在这里就起到一个负载均衡的作用。
- 配置Nginx代理:
# cd /usr/local/nginx/conf/vhost/
# vim proxy.conf #写入下面内容
server
{
listen 80;
server_name lzx.com;
location /
{
proxy_pass http://61.135.169.125/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
} Proxy_pass 指定要代理的域名所在的服务器IP;
后面的三行为定义发往后端web服务取的请求头,第二行必须有,否则代理不会成功,它表示后端web服务器的域名和当前配置文件中的server_name保持一致;
$remote_addr 访问网站的用户的出口ip;
$http_x_forwarded_for 代理服务器的ip,如果使用了代理则会记录代理的ip。- 配置文件保存后,重新加载Nginx服务并验证:
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# /usr/local/nginx/sbin/nginx -s reload
# curl -x127.0.0.1:80 123.com -I