011-LAMP_fcgi

最新推荐文章于 2022-08-16 15:59:05 发布

原创最新推荐文章于 2022-08-16 15:59:05 发布 · 406 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#php-fpm #fastCGI

LinuxAdministration 专栏收录该内容

51 篇文章

订阅专栏

本文详细介绍了LAMP架构中FastCGI和PHP-FPM的工作原理及其在处理动态资源时的高效配置方法，包括在不同版本的CentOS上进行安装、配置和测试的过程。

011-LAMP_fcgi

Term

cgi：web server能够直接把static resource反馈给client，但是不能处理dynamic resource；因此web server要把client的dynamic request发送给能够处理的解释器；cgi就是在web server和解释器之间的一种传输协议。

fast-cgi：也是一种协议，比cgi先进，在这种写一下，php-cgi能够被预先fork出来，加快了处理动态资源的效率。

php-fpm：php fastcgi process manager，用于调度php-cgi进程，内置了php解释器；因此不能和php共存

php-cgi：用于解析动态请求的进程。

不一定精确，但是够用了。

使用php-fpm

1 CentOS 6：

PHP-5.3.2-：默认不支持fpm机制，需要自行打补丁并编译安装
httpd-2.2：默认不支持fcgi协议，需要自行编译此模块

解决方案：编译安装httpd-2.4，php-5.3.3+

2 CentOS 7：

httpd-2.4：rpm包默认编译支持了fcgi
php-fpm：专用于将php运行于fpm模式，不能和php共存

配置文件

fpm服务配置文件
    /etc/php-fpm.conf   /etc/php-fpm.d/www.conf


php配置文件(这个配置文件对于php-fpm和)
    /etc/php.ini

配置文件由php-common包提供

[root@husa ~]# yum install php-common

/etc/php-fpm.d/www.conf配置文件详解

/etc/php-fpm.d/www.conf文件

# 接受 FastCGI协议发送的请求 的地址，这里的地址是php-fpm所在主机的某个地址
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific addre
ss on
;                            a specific port;
;   'port'                 - to listen on a TCP socket to all addresses on
 a
;                            specific port;
;   '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = 127.0.0.1:9000

;listen.backlog = -1    # 进程池等待队列，-1表示无限个


; accepted from any ip address.
; Default Value: any
listen.allowed_clients = 127.0.0.1  # 允许哪个客户端发送请求，如果httpd和php-fpm分离，此处应该是httpd的所在主机的地址。


# 表示httpd进程的属主属组设定，默认是谁运行都可以
; Default Values: user and group are set as the running user
;                 mode is set to 0666
;listen.owner = nobody
;listen.group = nobody
;listen.mode = 0666

# 这里是表示php-fpm以何种身份访问文件
; RPM: apache Choosed to be able to access some dir as httpd
user = apache
; RPM: Keep a group allowed to write in log dir.
group = apache


# 这里表示php-fmp如何管理php-cgi进程

; Choose how the process manager will control the number of child processes.
; Possible Values:
;   static  - a fixed number (pm.max_children) of child processes;
;   dynamic - the number of child processes are set dynamically based on the
;             following directives:
;             pm.max_children      - the maximum number of children that can
;                                    be alive at the same time.
;             pm.start_servers     - the number of children created on startup.
;             pm.min_spare_servers - the minimum number of children in 'idle'
;                                    state (waiting to process). If the number
;                                    of 'idle' processes is less than this
;                                    number then some children will be created.
;             pm.max_spare_servers - the maximum number of children in 'idle'
;                                    state (waiting to process). If the number
;                                    of 'idle' processes is greater than this
;                                    number then some children will be killed.
; Note: This value is mandatory.
pm = dynamic


# pm的状态
;pm.status_path = /status


# php控制

;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 128M


# php的session配置
; Set session path to a directory owned by process user
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session

httpd的fcgi配置

[root@husa conf.d]# pwd
/etc/httpd/conf.d
[root@husa conf.d]# vim fcgi.conf

DirectoryIndex index.php    #设置fcgi主页文件
ProxyRequests Off   #关闭正向代理
ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/var/www/html/$1    #把哪些请求发送到后端，$1表示括号中的内容，也就是php文件的路径，127.0.0.1表示php-fpm监听本地所有IP的9000端口

注意：以上只是中心主机的配置方法，如果是虚拟主机，就要把上面的fcgi配置文件定义在VirtualHost容器中，也可以单独配置VirtualHost文件，也就不用在httpd.conf文件中配置

以上httpd和php分开之后，php的文件目录和和httpd的页面目录可以不同，因为上面已经指定了

示例

1 一台CentOS 7(A：IP为192.168.200.137)上安装httpd-2.4

[root@husa etc]# rpm -q httpd
httpd-2.4.6-31.el7.centos.x86_64

配置/etc/httpd/conf.d/fcgi.conf用以转发动态资源

[root@husa conf.d]# vim fcgi.conf
DirectoryIndex index.php
#设置fcgi主页文件
ProxyRequests Off
#关闭正向代理
ProxyPassMatch ^/(.*\.php)$ fcgi://192.168.200.143:9000/php/$1
#哪些请求发送到后端，$1表示括号中的内容(也就是URL中的除了开头斜线的所有内容)，也就是php文件的路径，比如http://www.baidu.com/admin/index.php URL，就是把admin/index.php内容通过fcgi协议发送到php-fpm所在主机IP127.0.0.1的9000端口，

–

2 另一台CentOS 7(B:IP为192.168.200.143)上安装php-fpm、mariadb-server、php-mysql

[root@husa ~]# rpm -q php-fpm mariadb-server php-mysql   
php-fpm-5.4.16-23.el7_0.3.x86_64
mariadb-server-5.5.41-2.el7_0.x86_64
php-mysql-5.4.16-23.el7_0.3.x86_64

配置/etc/php-fpm.d/www.conf用以设置php-fpm如何接收前端请求

listen = 192.168.200.143:9000
listen.allowed_clients = 192.168.200.137

# 创建A中指定的/php目录及index.php
[root@husa ~]# mkdir /php
    <?php
            phpinfo();
    ?>

3 A启动httpd

[root@husa conf.d]# systemctl start httpd
[root@husa ~]# netstat -ntl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN     
tcp6       0      0 :::80                   :::*                    LISTEN     
tcp6       0      0 :::22                   :::*                    LISTEN     
tcp6       0      0 ::1:25                  :::*                    LISTEN

4 B启动php-fpm

[root@husa php-fpm.d]# systemctl start php-fpm.service

[root@husa php]# ss -ntl
State      Recv-Q Send-Q                            Local Address:Port                              Peer Address:Port 
LISTEN     0      100                                           *:22022                                        *:*     
LISTEN     0      128                             192.168.200.143:9000                                         *:*     
LISTEN     0      128                                           *:22                                           *:*     
LISTEN     0      100                                   127.0.0.1:25                                           *:*     
LISTEN     0      100                                          :::22022                                       :::*     
LISTEN     0      128                                          :::22                                          :::*     
LISTEN     0      100                                         ::1:25                                          :::*

5 B中编辑/php/index.php文件

因为A主机web server将请求发给了B，因此动态资源是在B主机上而不是A主机上

[root@husa php]# cd /php

[root@husa php]# vim index.php
<?php

        phpinfo();

?>

6 测试

在ArchLinux(192.168.200.128)中使用chromium访问web server。http://192.168.200.137/index.php，结果如下：

可以看到ServerAPI使用的是FPM/FastCGI

7 在B主机配置mariadb

启动mariadb-server

[root@husa php]# systemctl start mariadb.service

修改/php/index.php

[root@husa php]# vim index.php
<?php

        //phpinfo();
        $conn = mysql_connect('127.0.0.1','root');
        if ($conn)
                echo "this is amazing!";
        else
                echo "sad ...";

?>

8 在ArchLinux下测试php-fpm是否能够连接到mariadb

9 在B主机安装pma，此时是安装在/php/目录下，且A主机下也要有pma

之所以两台主机都需要pma目录的存在，是因为client不仅仅只是访问动态资源，而client只有在访问动态资源的时候才会把request转发给backend，因此对于静态请求，web server端还要保留一份；这就是为什么httpd所在主机A和php-fpm所在主机两端都需要pma目录的存在。

pma的安装见

http://blog.youkuaiyun.com/u010796631/article/details/50550396

10 设置B主机的mariadb的root密码

使用mysql_secure_installation命令设置root密码

[root@husa pma]# mysql_secure_installation
/usr/bin/mysql_secure_installation:行379: find_mysql_client: 未找到命令

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] n
 ... skipping.

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] n
 ... skipping.

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

11 配置php的session

[root@husa pma]# mkdir  /var/lib/php/session    #创建session目录
[root@husa pma]# chown apache.apache /var/lib/php/session/      #确保php-fpm进程的用户对此目录有读写权限

12 ArchLinux测试pma

一开始其实不是这个结果而是出现404Forbidden，这是因为我之前配置了Require not ip 192.168.200.128导致ArchLinux没有权限访问页面。

总结：
在这两台虚拟机中，不知道为什么不能使用桥接，只要是桥接，二者就不能ping通；
另外，php-fpm所在主机也不知道为什么不能使用127.0.0.1监听本机所有IP，只能明确指定端口为桥接的IP地址