第十六周作业
一、对常用I/O模型进行比较说明
1.1 阻塞型I/O模型
应用进程向内核发起recvfrom通过系统调用读取数据-->内核准备数据报,此时应用进程阻塞-->内核将准备好的数据报复制到用户空间-->复制完成后,返回成功提示。
1.2 非阻塞型
应用进程向内核发起recfrom通过系统调用读取数据-->如果没有数据准备好,返回EWOULDBLOCK错误码-->应用进程再一次向内核发起recvfrom读取数据-->数据准备完成进行下一步,否则返回错误码-->将数据从内核空间拷贝到用户空间-->数据拷贝完成,返回成功提示
1.3 多路复用型
应用进程不在独自发起recvfrom读取数据,多个应用进程将自己的请求发往select代理程序,由select统一进行系统调用,等待select的返回成功,期间处于阻塞状态;之后如果有某一个进程的数据报准备好,select就会通知该进程,之后由该进程本身发起read操作,内核将准备好的数据复制到用户空间,拷贝完成后返回成功提示。
1.4 信号驱动型
首先开启套接口信号驱动I/O功能,通过系统调用sigaction执行一个信号处理函数,要求即刻返回,当数据准备就绪时,就生成对应进程的SIGIO信号,在此过程中,该进程不处于阻塞状态,最后应用进程收到信号回调通知后调用recvfrom来读取数据。
1.5 异步I/O模型
应用进程通知内核启动某个操作,让内核在整个操作完成之后通知应用进程。
二、nginx中的模块分类及常见核心模块有哪些
Nginx中的模块分类:
- 核心模块
- Nginx服务器中必不可少的模块,提供错误日志记录、配置文件解析、事件驱动机制、进程管理等核心功能
- 标准HTTP模块
- 提供HTTP协议解析相关的功能,如端口配置、网页编码设置、HTTP相应头设置等
- 可选http模块
- 主要用于扩展标准的HTTP功能,让Nginx能处理一些特殊的服务,比如flash多媒体传输、解析GeoIP请求、网络传输压缩、安全协议SSL支持等
- 邮件服务模块
- 只要用于支持Nginx的邮件服务,包括对POP3协议、IMAP协议和SMTP协议的支持
- 第三方模块
- 为了扩展Nginx服务器应用,完成开发者自定义功能,比如JSON支持、Luau支持等
常见核心模块:
- ngx_core
- ngx_errlog
- ngx_conf
- ngx_events
- ngx_event
- ngx_epoll
- ngx_regex
三、描述nginx中worker_processes、worker_cpu_affinity、worker_rlimit_nofile、worker_connections配置项的含义
worker_processes: 启动工作进程工作数的数量,一般设置为和CPU核心数相同。
worker_cpu_affinity:将Nginx工作进程绑定到指定的CPU核心,默认Nginx不进行进程绑定。绑定不意味着当前Nginx进程独占一核心CPU,但可保证此进程不会运行在其它核心上,极大减少了Nginx的工作进程在不同的CPU核心上的来回跳转,减少了CPU对进程的资源分配与回收以及内存管理等,能够有效的提升Nginx服务器的性能。
worker_rlimit_nofile:所有worker进程能够打开的文件数量上限,包括Nginx的所有连接(例如与代理服务器的连接等),不仅仅是与客户端的连接,另一个考虑因素是实际的并发连接数不能超过系统级别的最大文件数的限制,最好与ulimit -n 或者limit.conf的值保持一致。
worker_connections:设置单个Nginx工作进程可以接受的最大并发,作为web服务器的时候最大并发数为worker_connections/worker_processes,作为反向代理的时候为( worker_connectionsworker_processes)/2
四、编译安装nginx,实现多域名 https"
编译安装Nginx
# 安装相关软件包
[root@Rocky8-mini ~]# yum -y install gcc pcre-devel openssl-devel zlib-devel
# 创建Nginx用户账户和安装目录
[root@Rocky8-mini ~]# useradd -s /sbin/nologin nginx
[root@Rocky8-mini ~]# mkdir -p /apps/nginx
# 获取Nginx源码包并进行安装
[root@Rocky8-mini ~]# cd /usr/local/src/
[root@Rocky8-mini src]# wget http://nginx.org/download/nginx-1.18.0.tar.gz
[root@Rocky8-mini src]# tar xf nginx-1.18.0.tar.gz
[root@Rocky8-mini src]# cd nginx-1.18.0/
[root@Rocky8-mini nginx-1.18.0]# ./configure --prefix=/apps/nginx \
> --user=nginx \
> --group=nginx \
> --with-http_ssl_module \
> --with-http_v2_module \
> --with-http_realip_module \
> --with-http_stub_status_module \
> --with-http_gzip_static_module \
> --with-pcre \
> --with-stream \
> --with-stream_ssl_module \
> --with-stream_realip_module
[root@Rocky8-mini nginx-1.18.0]# make && make install
# 修改权限
[root@Rocky8-mini objs]# chown -R nginx:nginx /apps/nginx/
# 启动程序
[root@Rocky8-mini objs]# ln -s /apps/nginx/sbin/nginx /usr/sbin/
[root@Rocky8-mini objs]# nginx
# 创建service文件,并设置Nginx服务开机自启动
[root@Rocky8-mini objs]# vim /usr/lib/systemd/system/nginx.service
[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
PIDFile=/apps/nginx/run/nginx.pid
ExecStart=/apps/nginx/sbin/nginx -c /apps/nginx/conf/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID
LimitNOFILE=100000
[Install]
WantedBy=multi-user.target
[root@Rocky8-mini nginx-1.18.0]# mkdir /apps/nginx/run/
[root@Rocky8-mini nginx-1.18.0]# vim /apps/nginx/conf/nginx.conf // 修改配置文件
pid /apps/nginx/run/nginx.pid;
[root@Rocky8-mini objs]# systemctl daemon-reload
[root@Rocky8-mini objs]# killall nginx
[root@Rocky8-mini objs]# systemctl enable --now nginx.service
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.
[root@Rocky8-mini objs]# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
创建PC页面和mobile页面
# 定义子配置文件
[root@Rocky8-mini ~]# mkdir /apps/nginx/conf/conf.d
[root@Rocky8-mini ~]# vim /apps/nginx/conf/nginx.conf // 添加子配置文件路径
http {
··· ··· ···
include /apps/nginx/conf/conf.d/*.conf; // 在该模块中的最后一行添加
}
# 创建PC网站配置
[root@Rocky8-mini ~]# cat /apps/nginx/conf/conf.d/pc.conf
server {
listen 80;
server_name www.wuhao.org;
location / {
root /data/nginx/html/pc;
}
}
[root@Rocky8-mini ~]# mkdir -p /data/nginx/html/pc
[root@Rocky8-mini pc]# echo "pc web" > /data/nginx/html/pc/index.html
# 创建mobile网站配置
[root@Rocky8-mini pc]# cat /apps/nginx/conf/conf.d/mobile.conf
server {
listen 80;
server_name m.wuhao.org;
location / {
root /data/nginx/html/mobile;
}
}
[root@Rocky8-mini ~]# mkdir -p /data/nginx/html/mobile
[root@Rocky8-mini pc]# echo "mobile web" > /data/nginx/html/pc/index.html
创建PC端证书
# 自签名CA证书
[root@Rocky8-mini nginx]# mkdir /apps/nginx/certs
[root@Rocky8-mini nginx]# cd /apps/nginx/certs
[root@Rocky8-mini certs]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 3650 -out ca.crt
Generating a RSA private key
...............................................................................................++++
............................................................................................................................................++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:AnHui
Locality Name (eg, city) [Default City]:LuZhou
Organization Name (eg, company) [Default Company Ltd]:wuhao
Organizational Unit Name (eg, section) []:devops
Common Name (eg, your name or your server's hostname) []:wuhao.org
Email Address []:
# 自制key和csr文件
[root@Rocky8-mini certs]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout www.wuhao.org.key -out www.wuhao.org.csr
Generating a RSA private key
...++++
.....++++
writing new private key to 'www.wuhao.org.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:AnHui
Locality Name (eg, city) [Default City]:LuZhou
Organization Name (eg, company) [Default Company Ltd]:wuhao.ltd
Organizational Unit Name (eg, section) []:wuhao.ltd
Common Name (eg, your name or your server's hostname) []:www.wuhao.org
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
# 签发证书
[root@Rocky8-mini certs]# openssl x509 -req -days 3650 -in www.wuhao.org.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out www.wuhao.org.crt
Signature ok
subject=C = CN, ST = AnHui, L = LuZhou, O = wuhao.ltd, OU = wuhao.ltd, CN = www.wuhao.org
Getting CA Private Key
# 合并CA和服务器证书成一个文件
[root@Rocky8-mini certs]# cat www.wuhao.org.crt ca.crt > www.wuhao.org.pem
创建手机端证书
# 制作key和csr文件
[root@Rocky8-mini certs]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout m.wuhao.org.key -out m.wuhao.org.csr
Generating a RSA private key
....................................++++
..............++++
writing new private key to 'm.wuhao.org.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:AnHui
Locality Name (eg, city) [Default City]:LuZhou
Organization Name (eg, company) [Default Company Ltd]:wuhao
Organizational Unit Name (eg, section) []:wuhao
Common Name (eg, your name or your server's hostname) []:m.wuhao.org
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
# 签名证书
[root@Rocky8-mini certs]# openssl x509 -req -days 3650 -in m.wuhao.org.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out m.wuhao.org.crt
Signature ok
subject=C = CN, ST = AnHui, L = LuZhou, O = wuhao, OU = wuhao, CN = m.wuhao.org
Getting CA Private Key
# 合并证书
[root@Rocky8-mini certs]# cat m.wuhao.org.crt ca.crt > m.wuhao.org.pem
HTTPS配置
# 修改PC端配置
[root@Rocky8-mini certs]# vim /apps/nginx/conf/conf.d/pc.conf
server {
listen 80;
server_name www.wuhao.org;
listen 443 ssl;
ssl_certificate /apps/nginx/certs/www.wuhao.org.pem;
ssl_certificate_key /apps/nginx/certs/www.wuhao.org.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
location / {
root /data/nginx/html/pc;
}
}
# 修改mobile端设置
[root@Rocky8-mini certs]# cat /apps/nginx/conf/conf.d/mobile.conf
server {
listen 80;
server_name m.wuhao.org;
listen 443 ssl;
ssl_certificate /apps/nginx/certs/m.wuhao.org.pem;
ssl_certificate_key /apps/nginx/certs/m.wuhao.org.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
location / {
root /data/nginx/html/mobile;
}
}
验证
[root@Rocky8-mini certs]# nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
[root@Rocky8-mini certs]# nginx -s reload
