MySQL
[root@localhost ~]# cd /usr/local/src/
[root@localhost src]# yum install -y wget
[root@localhost src]# wget http://mirrors.sohu.com/mysql/MySQL-5.6/mysql-5.6.35-linux-glibc2.5-x86_64.tar.gz
[root@localhost src]# ls
mysql-5.6.35-linux-glibc2.5-x86_64.tar.gz
[root@localhost src]# tar zxvf mysql-5.6.35-linux-glibc2.5-x86_64.tar.gz
[root@localhost src]# mv mysql-5.6.35-linux-glibc2.5-x86_64 /usr/local/mysql
[root@localhost src]# cd /usr/local/mysql
[root@localhost mysql]# useradd mysql
[root@localhost mysql]# mkdir /data/
[root@localhost mysql]# yum -y install perl-devel
[root@localhost mysql]# yum install -y perl-Data-Dumper
[root@localhost mysql]# yum install libaio* -y
[root@localhost mysql]# ./scripts/mysql_install_db --user=mysql --datadir=/data/mysql
[root@localhost mysql]# echo $?
0
[root@localhost mysql]# cp support-files/my-default.cnf /etc/my.cnf
[root@localhost mysql]# vi /etc/my.cnf
修改
2 datadir=/data/mysql
3 socket=/tmp/mysql.sock
注释
12 #log-error=/var/log/mariadb/mariadb.log
13 #pid-file=/var/run/mariadb/mariadb.pid
18 #!includedir /etc/my.cnf.d
[root@localhost mysql]# cp support-files/mysql.server /etc/init.d/mysqld
[root@localhost mysql]# vi /etc/init.d/mysqld
修改
46 basedir=/usr/local/mysql
47 datadir=/data/mysql
[root@localhost mysql]# chmod 755 /etc/init.d/mysqld
[root@localhost mysql]# chkconfig --add mysqld
[root@localhost mysql]# chkconfig mysqld on
[root@localhost mysql]# grep mysqld | chkconfig --list
mysqld 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@localhost mysql]# ls -l /etc/init.d/mysqld
-rwxr-xr-x. 1 root root 10902 Jan 11 16:32 /etc/init.d/mysqld
[root@localhost mysql]# /etc/init.d/mysqld start
Starting MySQL.Logging to '/data/mysql/localhost.localdomain.err'.
... SUCCESS!
[root@localhost mysql]# ps aux | grep mysql
root 20125 0.0 0.0 113268 1612 pts/0 S 16:55 0:00 /bin/sh /usr/local/mysql/bin/mysqld_safe --datadir=/data/mysq --pid-file=/data/mysql/localhost.localdomain.pid
mysql 20260 1.4 24.0 973556 449632 pts/0 Sl 16:55 0:03 /usr/local/mysql/bin/mysqld --basedir=/usr/local/mysql --datadir=/data/mysql --plugin-dir=/usr/local/mysql/lib/plugin --user=mysql --log-error=/data/mysql/localhost.localdomain.err --pid-file=/data/mysql/localhost.localdomain.pid --socket=/tmp/mysql.sock
root 20298 0.0 0.0 112656 976 pts/0 S+ 16:59 0:00 grep --color=auto mysql
PHP
[root@localhost ~]# cd /usr/local/src/
[root@localhost src]# wget http://cn2.php.net/distributions/php-5.6.30.tar.gz
[root@localhost src]# tar zxf php-5.6.30.tar.gz
[root@localhost php-5.6.30]# ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-pdo-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --with-pear --with-curl --with-openssl
[root@localhost php-5.6.30]# yum install -y libxml2-devel
[root@localhost php-5.6.30]# yum install -y openssl-devel
[root@localhost php-5.6.30]# yum install -y curl-devel
[root@localhost php-5.6.30]# yum install -y libjpeg-devel
[root@localhost php-5.6.30]# yum install -y libpng-devel
[root@localhost php-5.6.30]# yum install -y freetype-devel
[root@localhost php-5.6.30]# yum install -y epel-release
[root@localhost php-5.6.30]# yum install -y libmcrypt-devel
[root@localhost php-5.6.30]# yum -y install mysql-devel
[root@localhost php-5.6.30]# ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-pdo-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --with-pear --with-curl --with-openssl
[root@localhost php-5.6.30]# make && make install
[root@localhost php-5.6.30]# ls /usr/local/php-fpm/
bin etc include lib php sbin var
[root@localhost php-5.6.30]# cp php.ini-production /usr/local/php-fpm/etc/php.ini
[root@localhost php-5.6.30]# cd /usr/local/php-fpm/etc/
[root@localhost etc]# ls
pear.conf php-fpm.conf.default php.ini
[root@localhost etc]# vi php-fpm.conf
添加
1 [global]
2 pid = /usr/local/php-fpm/var/run/php-fpm.pid
3 error_log = /usr/local/php-fpm/var/log/php-fpm.log
4 [www]
5 listen = /tmp/php-fcgi.sock
6 listen.mode = 666
7 user = php-fpm
8 group = php-fpm
9 pm = dynamic
10 pm.max_children = 50
11 pm.start_servers = 20
12 pm.min_spare_servers = 5
13 pm.max_spare_servers = 35
14 pm.max_requests = 500
15 rlimit_files = 1024
[root@localhost php-5.6.30]# /usr/local/php-fpm/sbin/php-fpm -t
[21-Jan-2018 13:40:19] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful
[root@localhost etc]# cd /usr/local/src/php-5.6.30
[root@localhost php-5.6.30]# cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
[root@localhost php-5.6.30]# chmod 755 /etc/init.d/php-fpm
[root@localhost php-5.6.30]# chkconfig --add php-fpm
[root@localhost php-5.6.30]# chkconfig php-fpm on
[root@localhost php-5.6.30]# useradd -s /sbin/nologin php-fpm
[root@localhost php-5.6.30]# service php-fpm start
Starting php-fpm done
[root@localhost php-5.6.30]# ps aux | grep php-fpm
root 3561 0.2 0.2 124184 4912 ? Ss 13:42 0:00 php-fpm: master process (/usr/local/php-fpm/etc/php-fpm.conf)
php-fpm 3562 0.0 0.2 124184 4708 ? S 13:42 0:00 php-fpm: pool www
php-fpm 3563 0.0 0.2 124184 4708 ? S 13:42 0:00 php-fpm: pool www
php-fpm 3564 0.0 0.2 124184 4708 ? S 13:42 0:00 php-fpm: pool www
php-fpm 3565 0.0 0.2 124184 4708 ? S 13:42 0:00 php-fpm: pool www
php-fpm 3566 0.0 0.2 124184 4712 ? S 13:42 0:00 php-fpm: pool www
php-fpm 3567 0.0 0.2 124184 4712 ? S 13:42 0:00 php-fpm: pool www
php-fpm 3568 0.0 0.2 124184 4712 ? S 13:42 0:00 php-fpm: pool www
php-fpm 3569 0.0 0.2 124184 4712 ? S 13:42 0:00 php-fpm: pool www
php-fpm 3570 0.0 0.2 124184 4712 ? S 13:42 0:00 php-fpm: pool www
php-fpm 3571 0.0 0.2 124184 4712 ? S 13:42 0:00 php-fpm: pool www
php-fpm 3572 0.0 0.2 124184 4712 ? S 13:42 0:00 php-fpm: pool www
php-fpm 3573 0.0 0.2 124184 4712 ? S 13:42 0:00 php-fpm: pool www
php-fpm 3574 0.0 0.2 124184 4716 ? S 13:42 0:00 php-fpm: pool www
php-fpm 3575 0.0 0.2 124184 4716 ? S 13:42 0:00 php-fpm: pool www
php-fpm 3576 0.0 0.2 124184 4716 ? S 13:42 0:00 php-fpm: pool www
php-fpm 3577 0.0 0.2 124184 4716 ? S 13:42 0:00 php-fpm: pool www
php-fpm 3578 0.0 0.2 124184 4716 ? S 13:42 0:00 php-fpm: pool www
php-fpm 3579 0.0 0.2 124184 4716 ? S 13:42 0:00 php-fpm: pool www
php-fpm 3580 0.0 0.2 124184 4716 ? S 13:42 0:00 php-fpm: pool www
php-fpm 3581 0.0 0.2 124184 4716 ? S 13:42 0:00 php-fpm: pool www
root 3583 0.0 0.0 112664 976 pts/1 S+ 13:43 0:00 grep --color=auto php-fpm
Nginx
[root@localhost ~]# cd /usr/local/src/
[root@localhost src]# wget http://nginx.org/download/nginx-1.8.0.tar.gz
--2018-01-21 13:49:32-- http://nginx.org/download/nginx-1.8.0.tar.gz
Resolving nginx.org (nginx.org)... 206.251.255.63, 95.211.80.227, 2606:7100:1:69::3f, ...
Connecting to nginx.org (nginx.org)|206.251.255.63|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 832104 (813K) [application/octet-stream]
Saving to: ‘nginx-1.8.0.tar.gz’
100%[================================================================================>] 832,104 189KB/s in 4.4s
2018-01-21 13:49:37 (184 KB/s) - ‘nginx-1.8.0.tar.gz’ saved [832104/832104]
[root@localhost src]# tar zxf nginx-1.8.0.tar.gz
[root@localhost src]# cd nginx-1.8.0
[root@localhost nginx-1.8.0]# ./configure --prefix=/usr/local/nginx
[root@localhost nginx-1.8.0]# echo $?
0
[root@localhost nginx-1.8.0]# make && make install
[root@localhost nginx-1.8.0]# ls /usr/local/nginx/
conf html logs sbin
[root@localhost nginx-1.8.0]# vi /etc/init.d/nginx
添加
1 #!/bin/bash
2 # chkconfig: - 30 21
3 # description: http service.
4 # Source Function Library
5 . /etc/init.d/functions
6 # Nginx Settings
7 NGINX_SBIN="/usr/local/nginx/sbin/nginx"
8 NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
9 NGINX_PID="/usr/local/nginx/logs/nginx.pid"
10 RETVAL=0
11 prog="Nginx"
12 start()
13 {
14 echo -n $"Starting $prog: "
15 mkdir -p /dev/shm/nginx_temp
16 daemon $NGINX_SBIN -c $NGINX_CONF
17 RETVAL=$?
18 echo
19 return $RETVAL
20 }
21 stop()
22 {
23 echo -n $"Stopping $prog: "
24 killproc -p $NGINX_PID $NGINX_SBIN -TERM
25 rm -rf /dev/shm/nginx_temp
26 RETVAL=$?
27 echo
28 return $RETVAL
29 }
30 reload()
31 {
32 echo -n $"Reloading $prog: "
33 killproc -p $NGINX_PID $NGINX_SBIN -HUP
34 RETVAL=$?
35 echo
36 return $RETVAL
37 }
38 restart()
39 {
40 stop
41 start
42 }
43 configtest()
44 {
45 $NGINX_SBIN -c $NGINX_CONF -t
46 return 0
47 }
48 case "$1" in
49 start)
50 start
51 ;;
52 stop)
53 stop
54 ;;
55 reload)
56 reload
57 ;;
58 restart)
59 restart
60 ;;
61 configtest)
62 configtest
63 ;;
64 *)
65 echo $"Usage: $0 {start|stop|reload|restart|configtest}"
66 RETVAL=1
67 esac
68 exit $RETVAL
[root@localhost nginx-1.8.0]# chmod 755 /etc/init.d/nginx
[root@localhost nginx-1.8.0]# chkconfig --add nginx
[root@localhost nginx-1.8.0]# chkconfig nginx on
[root@localhost nginx-1.8.0]# cd /usr/local/nginx/conf/
[root@localhost conf]# mv nginx.conf nginx.conf.1
[root@localhost conf]# vi nginx.conf
添加
1 user nobody nobody;
2 worker_processes 2;
3 error_log /usr/local/nginx/logs/nginx_error.log crit;
4 pid /usr/local/nginx/logs/nginx.pid;
5 worker_rlimit_nofile 51200;
6 events
7 {
8 use epoll;
9 worker_connections 6000;
10 }
11 http
12 {
13 include mime.types;
14 default_type application/octet-stream;
15 server_names_hash_bucket_size 3526;
16 server_names_hash_max_size 4096;
17 log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
18 ' $host "$request_uri" $status'
19 ' "$http_referer" "$http_user_agent"';
20 sendfile on;
21 tcp_nopush on;
22 keepalive_timeout 30;
23 client_header_timeout 3m;
24 client_body_timeout 3m;
25 send_timeout 3m;
26 connection_pool_size 256;
27 client_header_buffer_size 1k;
28 large_client_header_buffers 8 4k;
29 request_pool_size 4k;
30 output_buffers 4 32k;
31 postpone_output 1460;
32 client_max_body_size 10m;
33 client_body_buffer_size 256k;
34 client_body_temp_path /usr/local/nginx/client_body_temp;
35 proxy_temp_path /usr/local/nginx/proxy_temp;
36 fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
37 fastcgi_intercept_errors on;
38 tcp_nodelay on;
39 gzip on;
40 gzip_min_length 1k;
41 gzip_buffers 4 8k;
42 gzip_comp_level 5;
43 gzip_http_version 1.1;
44 gzip_types text/plain application/x-javascript text/css text/htm
45 application/xml;
46 server
47 {
48 listen 80;
49 server_name localhost;
50 index index.html index.htm index.php;
51 root /usr/local/nginx/html;
52 location ~ \.php$
53 {
54 include fastcgi_params;
55 fastcgi_pass unix:/tmp/php-fcgi.sock;
56 fastcgi_index index.php;
57 fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
58 }
59 }
60 }
[root@localhost conf]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost conf]# /etc/init.d/nginx start
Starting nginx (via systemctl): [ OK ]
[root@localhost conf]# ps aux | grep nginx
root 6017 0.0 0.0 25336 780 ? Ss 14:07 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody 6018 0.0 0.1 27780 3364 ? S 14:07 0:00 nginx: worker process
nobody 6019 0.0 0.1 27780 3364 ? S 14:07 0:00 nginx: worker process
root 6022 0.0 0.0 112660 976 pts/1 S+ 14:07 0:00 grep --color=auto nginx
[root@localhost conf]# curl localhost
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@localhost conf]# vi /usr/local/nginx/html/1.php
添加
1 <?php
2 echo "This is nginx test page.";
[root@localhost conf]# curl localhost/1.php
This is nginx test page.
Nginx默认虚拟主机
[root@localhost ~]# cd /usr/local/nginx/conf/
[root@localhost conf]# vi nginx.conf
删除
46 server
47 {
48 listen 80;
49 server_name localhost;
50 index index.html index.htm index.php;
51 root /usr/local/nginx/html;
52 location ~ \.php$
53 {
54 include fastcgi_params;
55 fastcgi_pass unix:/tmp/php-fcgi.sock;
56 fastcgi_index index.php;
57 fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
58 }
59 }
添加
46 include vhost/*.conf;
[root@localhost conf]# mkdir vhost
[root@localhost conf]# cd vhost
[root@localhost vhost]# vi aaa.com.conf
添加
1 server
2 {
3 listen 80 default_server;
4 server_name aaa.com;
5 index index.html index.htm index.php;
6 root /data/wwwroot/default;
7 }
[root@localhost vhost]# mkdir /data/wwwroot/default
[root@localhost vhost]# cd /data/wwwroot/default
[root@localhost default]# vi index.html
1 hello
[root@localhost default]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost default]# /usr/local/nginx/sbin/nginx -s reload
[root@localhost default]# curl localhost
hello
[root@localhost default]# curl -x127.0.0.1:80 bbb.com
hello
Nginx用户认证
[root@localhost ~]# cd /usr/local/nginx/conf/vhost/
[root@localhost vhost]# vi test.com.conf
添加
1 server
2 {
3 listen 80;
4 server_name test.com;
5 index index.html index.htm index.php;
6 root /data/wwwroot/test.com;
7
8 location /
9 {
10 auth_basic "Auth";
11 auth_basic_user_file /usr/local/nginx/conf/htpasswd;
12 }
13 }
[root@localhost vhost]# vi test.com.conf
server
{
listen 80;
server_name test.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
location /
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
}
[root@localhost vhost]# yum install -y httpd
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.cqu.edu.cn
* epel: kartolo.sby.datautama.net.id
* extras: mirrors.163.com
* updates: mirrors.163.com
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.4.6-67.el7.centos.6 will be installed
--> Processing Dependency: httpd-tools = 2.4.6-67.el7.centos.6 for package: httpd-2.4.6-67.el7.centos.6.x86_64
--> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-67.el7.centos.6.x86_64
--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-67.el7.centos.6.x86_64
--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-67.el7.centos.6.x86_64
--> Running transaction check
---> Package apr.x86_64 0:1.4.8-3.el7_4.1 will be installed
---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed
---> Package httpd-tools.x86_64 0:2.4.6-67.el7.centos.6 will be installed
---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
==========================================================================================================================
Package Arch Version Repository Size
==========================================================================================================================
Installing:
httpd x86_64 2.4.6-67.el7.centos.6 updates 2.7 M
Installing for dependencies:
apr x86_64 1.4.8-3.el7_4.1 updates 103 k
apr-util x86_64 1.5.2-6.el7 base 92 k
httpd-tools x86_64 2.4.6-67.el7.centos.6 updates 88 k
mailcap noarch 2.1.41-2.el7 base 31 k
Transaction Summary
==========================================================================================================================
Install 1 Package (+4 Dependent packages)
Total download size: 3.0 M
Installed size: 10 M
Downloading packages:
(1/5): apr-1.4.8-3.el7_4.1.x86_64.rpm | 103 kB 00:00:00
(2/5): mailcap-2.1.41-2.el7.noarch.rpm | 31 kB 00:00:00
(3/5): apr-util-1.5.2-6.el7.x86_64.rpm | 92 kB 00:00:01
(4/5): httpd-tools-2.4.6-67.el7.centos.6.x86_64.rpm | 88 kB 00:00:04
(5/5): httpd-2.4.6-67.el7.centos.6.x86_64.rpm | 2.7 MB 00:00:07
--------------------------------------------------------------------------------------------------------------------------
Total 427 kB/s | 3.0 MB 00:00:07
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : apr-1.4.8-3.el7_4.1.x86_64 1/5
Installing : apr-util-1.5.2-6.el7.x86_64 2/5
Installing : httpd-tools-2.4.6-67.el7.centos.6.x86_64 3/5
Installing : mailcap-2.1.41-2.el7.noarch 4/5
Installing : httpd-2.4.6-67.el7.centos.6.x86_64 5/5
Verifying : mailcap-2.1.41-2.el7.noarch 1/5
Verifying : httpd-2.4.6-67.el7.centos.6.x86_64 2/5
Verifying : apr-util-1.5.2-6.el7.x86_64 3/5
Verifying : apr-1.4.8-3.el7_4.1.x86_64 4/5
Verifying : httpd-tools-2.4.6-67.el7.centos.6.x86_64 5/5
Installed:
httpd.x86_64 0:2.4.6-67.el7.centos.6
Dependency Installed:
apr.x86_64 0:1.4.8-3.el7_4.1 apr-util.x86_64 0:1.5.2-6.el7 httpd-tools.x86_64 0:2.4.6-67.el7.centos.6
mailcap.noarch 0:2.1.41-2.el7
Complete!
[root@localhost ~]# htpasswd -c /usr/local/nginx/conf/htpasswd user
New password:
Re-type new password:
Adding password for user user
[root@localhost ~]# cat /data/.htpasswd
user:$apr1$JuGrJ68i$aVSWzI7xqIaBOSjbj083f.
[root@localhost ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload
[root@localhost ~]# mkdir /data/wwwroot/test.com
[root@localhost ~]# echo "test.com" > /data/wwwroot/test.com/index.html
[root@localhost ~]# curl -uuser:123 -x127.0.0.1:80 test.com
test.com
nginx域名重定向
[root@localhost ~]# vi /usr/local/nginx/conf/vhost/test.com.conf
修改
4 server_name test.com;
为
4 server_name test.com test2.com test3.com;
删除
8 location /
9 {
10 auth_basic "Auth";
11 auth_basic_user_file /usr/local/nginx/conf/htpasswd;
12 }
13 }
添加
8 if ( $host != 'test.com' ) {
9 rewrite ^/(.*)$ http://test.com/$1 permanent;
10 }
为
1 server
2 {
3 listen 80;
4 server_name test.com test2.com test3.com;
5 index index.html index.htm index.php;
6 root /data/wwwroot/test.com;
7
8 if ( $host != 'test.com' ) {
9 rewrite ^/(.*)$ http://test.com/$1 permanent;
10 }
11
12 }
[root@localhost ~]# vi /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen 80;
server_name test.com test2.com test3.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
if ( $host != 'test.com' ) {
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
}
[root@localhost ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload
[root@localhost ~]# curl -x127.0.0.1:80 test2.com/index.html -I
HTTP/1.1 301 Moved Permanently
Server: nginx/1.8.0
Date: Fri, 02 Mar 2018 08:10:08 GMT
Content-Type: text/html
Content-Length: 184
Connection: keep-alive
Location: http://test.com/index.html
[root@localhost ~]# curl -x127.0.0.1:80 test4.com/index.html -I
HTTP/1.1 200 OK
Server: nginx/1.8.0
Date: Fri, 02 Mar 2018 08:11:27 GMT
Content-Type: text/html
Content-Length: 6
Last-Modified: Sat, 03 Feb 2018 02:28:08 GMT
Connection: keep-alive
ETag: "5a751e38-6"
Accept-Ranges: bytes
[root@localhost ~]# curl -x127.0.0.1:80 test4.com/index.html/a -I
HTTP/1.1 404 Not Found
Server: nginx/1.8.0
Date: Fri, 02 Mar 2018 08:11:31 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
nginx访问日志
[root@localhost ~]# vi /usr/local/nginx/conf/nginx.conf
修改
17 log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
为
17 log_format user '$remote_addr $http_x_forwarded_for [$time_local]'
[root@localhost ~]# vi /usr/local/nginx/conf/nginx.conf
user nobody nobody;
worker_processes 2;
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 6000;
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 3526;
server_names_hash_max_size 4096;
log_format user '$remote_addr $http_x_forwarded_for [$time_local]'
' $host "$request_uri" $status'
' "$http_referer" "$http_user_agent"';
sendfile on;
tcp_nopush on;
keepalive_timeout 30;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 8 4k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
client_max_body_size 10m;
client_body_buffer_size 256k;
client_body_temp_path /usr/local/nginx/client_body_temp;
proxy_temp_path /usr/local/nginx/proxy_temp;
fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
fastcgi_intercept_errors on;
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css text/htm
application/xml;
include vhost/*.conf;
}
[root@localhost ~]# vi /usr/local/nginx/conf/vhost/test.com.conf
添加
12 access_log /tmp/test.com.log user;
为
1 server
2 {
3 listen 80;
4 server_name test.com test2.com test3.com;
5 index index.html index.htm index.php;
6 root /data/wwwroot/test.com;
7
8 if ( $host != 'test.com' ) {
9 rewrite ^/(.*)$ http://test.com/$1 permanent;
10 }
11
12 access_log /tmp/test.com.log user;
13 }
[root@localhost ~]# vi /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen 80;
server_name test.com test2.com test3.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
if ( $host != 'test.com' ) {
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
access_log /tmp/test.com.log user;
}
[root@localhost ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload
[root@localhost ~]# curl -x 127.0.0.1:80 test4.com/index.html/a -I
HTTP/1.1 404 Not Found
Server: nginx/1.8.0
Date: Fri, 02 Mar 2018 08:45:05 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
[root@localhost ~]# curl -x 127.0.0.1:80 test4.com/index.html -I
HTTP/1.1 200 OK
Server: nginx/1.8.0
Date: Fri, 02 Mar 2018 08:45:10 GMT
Content-Type: text/html
Content-Length: 6
Last-Modified: Sat, 03 Feb 2018 02:28:08 GMT
Connection: keep-alive
ETag: "5a751e38-6"
Accept-Ranges: bytes
[root@localhost ~]# curl -x 127.0.0.1:80 test2.com/index.html -I
HTTP/1.1 301 Moved Permanently
Server: nginx/1.8.0
Date: Fri, 02 Mar 2018 08:45:17 GMT
Content-Type: text/html
Content-Length: 184
Connection: keep-alive
Location: http://test.com/index.html
[root@localhost ~]# cat /tmp/test.com.log
127.0.0.1 - [02/Mar/2018:03:45:17 -0500] test2.com "/index.html" 301 "-" "curl/7.29.0"
nginx日志切割
[root@localhost ~]# vi /usr/local/sbin/nginx_logrotate.sh
添加
1 #!/bin/bash
2 d=`date -d "-1 day" +%Y%m%d`
3 logdir="/tmp/"
4 nginx_pid="/usr/local/nginx/logs/nginx.pid"
5 cd $logdir
6 for log in `ls *.log`
7 do
8 mv $log $log-$d
9 done
10 /bin/kill -HUP `cat $nginx_pid`
[root@localhost ~]# vi /usr/local/sbin/nginx_logrotate.sh
#!/bin/bash
d=`date -d "-1 day" +%Y%m%d`
logdir="/tmp/"
nginx_pid="/usr/local/nginx/logs/nginx.pid"
cd $logdir
for log in `ls *.log`
do
mv $log $log-$d
done
/bin/kill -HUP `cat $nginx_pid`
[root@localhost ~]# sh -x /usr/local/sbin/nginx_logrotate.sh
++ date -d '-1 day' +%Y%m%d
+ d=20180301
+ logdir=/tmp/
+ nginx_pid=/usr/local/nginx/logs/nginx.pid
+ cd /tmp/
++ ls test.com.log
+ for log in '`ls *.log`'
+ mv test.com.log test.com.log-20180301
++ cat /usr/local/nginx/logs/nginx.pid
+ /bin/kill -HUP 2022
[root@localhost ~]# ls /tmp/
mysql.sock php-fcgi.sock test.com.log test.com.log-20180301
静态文件不记录日志和过期时间
添加
12 location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
13 {
14 expires 7d;
15 access_log off;
16 }
17 location ~ .*\.(js|css)$
18 {
19 expires 12h;
20 access_log off;
21 }
为
1 server
2 {
3 listen 80;
4 server_name test.com test2.com test3.com;
5 index index.html index.htm index.php;
6 root /data/wwwroot/test.com;
7
8 if ( $host != 'test.com' ) {
9 rewrite ^/(.*)$ http://test.com/$1 permanent;
10 }
11
12 location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
13 {
14 expires 7d;
15 access_log off;
16 }
17 location ~ .*\.(js|css)$
18 {
19 expires 12h;
20 access_log off;
21 }
22
23 access_log /tmp/test.com.log user;
24 }
server
{
listen 80;
server_name test.com test2.com test3.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
if ( $host != 'test.com' ) {
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
location ! .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 7d;
access_log off;
}
loction ~ .*\.(js|css)$
{
expires 12h;
access_log off;
}
access_log /tmp/test.com.log user;
[root@localhost ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload
[root@localhost ~]# echo "1.gif" > /data/wwwroot/test.com/1.gif
[root@localhost ~]# echo "2.js" > /data/wwwroot/test.com/2.js
[root@localhost ~]# curl -x127.0.0.1:80 test.com/1.gif
1.gif
[root@localhost ~]# curl -x127.0.0.1:80 test.com/2.js
2.js
[root@localhost ~]# curl -x127.0.0.1:80 test.com/index.html
test.com
[root@localhost ~]# cat /tmp/test.com.log
127.0.0.1 - [02/Mar/2018:04:24:28 -0500] test.com "/index.html" 200 "-" "curl/7.29.0"
[root@localhost ~]# curl -x127.0.0.1:80 test.com/2.js1
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.8.0</center>
</body>
</html>
[root@localhost ~]# cat /tmp/test.com.log
127.0.0.1 - [02/Mar/2018:04:24:28 -0500] test.com "/index.html" 200 "-" "curl/7.29.0"
127.0.0.1 - [02/Mar/2018:04:25:44 -0500] test.com "/2.js1" 404 "-" "curl/7.29.0"
nginx防盗链
[root@localhost ~]# vi /usr/local/nginx/conf/vhost/test.com.conf
删除
12 location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
13 {
14 expires 7d;
15 access_log off;
16 }
添加
12 location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
13 {
14 expires 7d;
15 valid_referers none blocked server_names *.test.com;
16 if ($invalid_referer) {
17 return 403;
18 }
19 access_log off;
20 }
为
1 server
2 {
3 listen 80;
4 server_name test.com test2.com test3.com;
5 index index.html index.htm index.php;
6 root /data/wwwroot/test.com;
7
8 if ( $host != 'test.com' ) {
9 rewrite ^/(.*)$ http://test.com/$1 permanent;
10 }
11
12 location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
13 {
14 expires 7d;
15 valid_referers none blocked server_names *.test.com;
16 if ($invalid_referer) {
17 return 403;
18 }
19 access_log off;
20 }
21
22 location ~ .*\.(js|css)$
23 {
24 expires 12h;
25 access_log off;
26 }
27
28 access_log /tmp/test.com.log user;
29 }
server
{
listen 80;
server_name test.com test2.com test3.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
if ( $host != 'test.com' ) {
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
{
expires 7d;
valid_referers none blocked server_names *.test.com;
if ($invalid_referer) {
return 403;
}
access_log off;
}
location ~ .*\.(js|css)$
{
expires 12h;
access_log off;
}
access_log /tmp/test.com.log user;
}
[root@localhost ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload
[root@localhost ~]# curl -x127.0.0.1:80 test.com/1.gif -I
HTTP/1.1 200 OK
Server: nginx/1.8.0
Date: Fri, 02 Mar 2018 10:27:32 GMT
Content-Type: image/gif
Content-Length: 6
Last-Modified: Fri, 02 Mar 2018 09:23:19 GMT
Connection: keep-alive
ETag: "5a991807-6"
Expires: Fri, 09 Mar 2018 10:27:32 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
[root@localhost ~]# curl -e "http://www.baidu.com/1.txt" -x127.0.0.1:80 test.com/1.gif -I
HTTP/1.1 403 Forbidden
Server: nginx/1.8.0
Date: Fri, 02 Mar 2018 10:28:24 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
[root@localhost ~]# curl -e "http://www.test.com/1.txt" -x127.0.0.1:80 test.com/1.gif -I
HTTP/1.1 200 OK
Server: nginx/1.8.0
Date: Fri, 02 Mar 2018 10:28:32 GMT
Content-Type: image/gif
Content-Length: 6
Last-Modified: Fri, 02 Mar 2018 09:23:19 GMT
Connection: keep-alive
ETag: "5a991807-6"
Expires: Fri, 09 Mar 2018 10:28:32 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
[root@localhost ~]# cat /tmp/test.com.log
127.0.0.1 - [02/Mar/2018:04:24:28 -0500] test.com "/index.html" 200 "-" "curl/7.29.0"
127.0.0.1 - [02/Mar/2018:04:25:44 -0500] test.com "/2.js1" 404 "-" "curl/7.29.0"
nginx访问控制
[root@localhost ~]# ifconfig
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.81.130 netmask 255.255.255.0 broadcast 192.168.81.255
inet6 fe80::20c:29ff:fea5:5a89 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:a5:5a:89 txqueuelen 1000 (Ethernet)
RX packets 51596 bytes 23569926 (22.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 27389 bytes 3158828 (3.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens37: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.81.133 netmask 255.255.255.0 broadcast 192.168.81.255
inet6 fe80::20c:29ff:fea5:5a93 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:a5:5a:93 txqueuelen 1000 (Ethernet)
RX packets 8 bytes 1046 (1.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 21 bytes 4049 (3.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 462 bytes 43248 (42.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 462 bytes 43248 (42.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost ~]# vi /usr/local/nginx/conf/vhost/test.com.conf
添加
28 location /admin/
29 {
30 allow 127.0.0.1;
31 allow 192.168.81.133;
32 deny all;
33 }
为
1 server
2 {
3 listen 80;
4 server_name test.com test2.com test3.com;
5 index index.html index.htm index.php;
6 root /data/wwwroot/test.com;
7
8 if ( $host != 'test.com' ) {
9 rewrite ^/(.*)$ http://test.com/$1 permanent;
10 }
11
12 location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
13 {
14 expires 7d;
15 valid_referers none blocked server_names *.test.com;
16 if ($invalid_referer) {
17 return 403;
18 }
19 access_log off;
20 }
21
22 location ~ .*\.(js|css)$
23 {
24 expires 12h;
25 access_log off;
26 }
27
28 location /admin/
29 {
30 allow 127.0.0.1;
31 allow 192.168.81.133;
32 deny all;
33 }
34
35 access_log /tmp/test.com.log user;
36 }
[root@localhost ~]# vi /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen 80;
server_name test.com test2.com test3.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
if ( $host != 'test.com' ) {
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
{
expires 7d;
valid_referers none blocked server_names *.test.com;
if ($invalid_referer) {
return 403;
}
access_log off;
}
location ~ .*\.(js|css)$
{
expires 12h;
access_log off;
}
location /admin/
{
allow 127.0.0.1;
allow 192.168.81.133;
deny all;
}
access_log /tmp/test.com.log user;
}
[root@localhost ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload
[root@localhost ~]# mkdir /data/wwwroot/test.com/admin/
[root@localhost ~]# echo "hello admin dir" > /data/wwwroot/test.com/admin/index.html
[root@localhost ~]# curl -x 127.0.0.1:80 test.com/admin/ -I
HTTP/1.1 200 OK
Server: nginx/1.8.0
Date: Fri, 02 Mar 2018 15:08:59 GMT
Content-Type: text/html
Content-Length: 16
Last-Modified: Fri, 02 Mar 2018 15:07:29 GMT
Connection: keep-alive
ETag: "5a9968b1-10"
Accept-Ranges: bytes
[root@localhost ~]# curl -x 192.168.81.133:80 test.com/admin/ -I
HTTP/1.1 403 Forbidden
Server: nginx/1.8.0
Date: Fri, 02 Mar 2018 15:16:35 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
[root@localhost ~]# cat /tmp/test.com.log
127.0.0.1 - [02/Mar/2018:04:24:28 -0500] test.com "/index.html" 200 "-" "curl/7.29.0"
127.0.0.1 - [02/Mar/2018:04:25:44 -0500] test.com "/2.js1" 404 "-" "curl/7.29.0"
127.0.0.1 - [02/Mar/2018:10:08:37 -0500] test.com "/admin/" 200 "http://www.baidu.com/1.txt" "curl/7.29.0"
127.0.0.1 - [02/Mar/2018:10:08:59 -0500] test.com "/admin/" 200 "-" "curl/7.29.0"
192.168.81.133 - [02/Mar/2018:10:16:35 -0500] test.com "/admin/" 403 "-" "curl/7.29.0"
禁止PHP解析
[root@localhost ~]# vi /usr/local/nginx/conf/vhost/test.com.conf
添加
35 location ~ .*(abc|image)/.*\.php$
36 {
37 deny all;
38 }
为
1 server
2 {
3 listen 80;
4 server_name test.com test2.com test3.com;
5 index index.html index.htm index.php;
6 root /data/wwwroot/test.com;
7
8 if ( $host != 'test.com' ) {
9 rewrite ^/(.*)$ http://test.com/$1 permanent;
10 }
11
12 location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
13 {
14 expires 7d;
15 valid_referers none blocked server_names *.test.com;
16 if ($invalid_referer) {
17 return 403;
18 }
19 access_log off;
20 }
21
22 location ~ .*\.(js|css)$
23 {
24 expires 12h;
25 access_log off;
26 }
27
28 location /admin/
29 {
30 allow 127.0.0.1;
31 allow 192.168.81.133;
32 deny all;
33 }
34
35 location ~ .*(upload|image)/.*\.php$
36 {
37 deny all;
38 }
39
40 access_log /tmp/test.com.log user;
41 }
[root@localhost ~]# vi /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen 80;
server_name test.com test2.com test3.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
if ( $host != 'test.com' ) {
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
{
expires 7d;
valid_referers none blocked server_names *.test.com;
if ($invalid_referer) {
return 403;
}
access_log off;
}
location ~ .*\.(js|css)$
{
expires 12h;
access_log off;
}
location /admin/
{
allow 127.0.0.1;
allow 192.168.81.133;
deny all;
}
location ~ .*(upload|image)/.*\.php$
{
deny all;
}
access_log /tmp/test.com.log user;
}
[root@localhost ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload
[root@localhost ~]# mkdir /data/wwwroot/test.com/upload
[root@localhost ~]# echo "1111" > /data/wwwroot/test.com/upload/1.php
[root@localhost ~]# curl -x 127.0.0.1:80 test.com/upload/1.php
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.8.0</center>
</body>
</html>
[root@localhost ~]# echo "1111" > /data/wwwroot/test.com/upload/1.index
[root@localhost ~]# curl -x 127.0.0.1:80 test.com/upload/1.index
1111
防止爬虫,隐藏网站
[root@localhost ~]# vi /usr/local/nginx/conf/vhost/test.com.conf
添加
40 if ($http_user_agent ~ 'Spider/3.0|YoudaoBot|Tomato')
41 {
42 return 0;
43 }
为
1 server
2 {
3 listen 80;
4 server_name test.com test2.com test3.com;
5 index index.html index.htm index.php;
6 root /data/wwwroot/test.com;
7
8 if ( $host != 'test.com' ) {
9 rewrite ^/(.*)$ http://test.com/$1 permanent;
10 }
11
12 location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
13 {
14 expires 7d;
15 valid_referers none blocked server_names *.test.com;
16 if ($invalid_referer) {
17 return 403;
18 }
19 access_log off;
20 }
21
22 location ~ .*\.(js|css)$
23 {
24 expires 12h;
25 access_log off;
26 }
27
28 location /admin/
29 {
30 allow 127.0.0.1;
31 allow 192.168.81.133;
32 deny all;
33 }
34
35 location ~ .*(upload|image)/.*\.php$
36 {
37 deny all;
38 }
39
40 if ($http_user_agent ~ 'Spider/3.0|YoudaoBot|Tomato')
41 {
42 return 0;
43 }
44
45 access_log /tmp/test.com.log user;
46 }
[root@localhost ~]# vi /usr/local/nginx/conf/vhost/test.com.conf
{
listen 80;
server_name test.com test2.com test3.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
if ( $host != 'test.com' ) {
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
{
expires 7d;
valid_referers none blocked server_names *.test.com;
if ($invalid_referer) {
return 403;
}
access_log off;
}
location ~ .*\.(js|css)$
{
expires 12h;
access_log off;
}
location /admin/
{
allow 127.0.0.1;
allow 192.168.81.133;
deny all;
}
location ~ .*(upload|image)/.*\.php$
{
deny all;
}
if ($http_user_agent ~ 'Spider/3.0|YoudaoBot|Tomato')
{
return 0;
}
access_log /tmp/test.com.log user;
}
[root@localhost ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload
[root@localhost ~]# curl -x 127.0.0.1:80 test.com/upload/1.index -I
HTTP/1.1 200 OK
Server: nginx/1.8.0
Date: Fri, 02 Mar 2018 16:34:34 GMT
Content-Type: application/octet-stream
Content-Length: 5
Last-Modified: Fri, 02 Mar 2018 15:47:47 GMT
Connection: keep-alive
ETag: "5a997223-5"
Accept-Ranges: bytes
[root@localhost ~]# curl -A "Tomato" -x 127.0.0.1:80 test.com/upload/1.index -I
HTTP/1.1 403 Forbidden
Server: nginx/1.8.0
Date: Fri, 02 Mar 2018 16:35:09 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
nginx解析php相关配置
[root@localhost ~]# vi /usr/local/nginx/conf/vhost/test.com.conf
添加
45 location ~ \.php$
46 {
47 include fastcgi_params;
48 fastcgi_pass unix:/tmp/php-fcgi.sock;
49 fastcgi_index index.php;
50 fastcgi_param SCRIPT_FILENAME /data/wwwroot/test.com$fastcgi_script_name;
51 }
为
1 server
2 {
3 listen 80;
4 server_name test.com test2.com test3.com;
5 index index.html index.htm index.php;
6 root /data/wwwroot/test.com;
7
8 if ( $host != 'test.com' ) {
9 rewrite ^/(.*)$ http://test.com/$1 permanent;
10 }
11
12 location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
13 {
14 expires 7d;
15 valid_referers none blocked server_names *.test.com;
16 if ($invalid_referer) {
17 return 403;
18 }
19 access_log off;
20 }
21
22 location ~ .*\.(js|css)$
23 {
24 expires 12h;
25 access_log off;
26 }
27
28 location /admin/
29 {
30 allow 127.0.0.1;
31 allow 192.168.81.133;
32 deny all;
33 }
34
35 location ~ .*(upload|image)/.*\.php$
36 {
37 deny all;
38 }
39
40 if ($http_user_agent ~* 'Spider/3.0|YoudaoBot|Tomato')
41 {
42 return 403;
43 }
44
45 location ~ \.php$
46 {
47 include fastcgi_params;
48 fastcgi_pass unix:/tmp/php-fcgi.sock;
49 fastcgi_index index.php;
50 fastcgi_param SCRIPT_FILENAME /data/wwwroot/test.com$fastcgi_script_name;
51 }
52
53 access_log /tmp/test.com.log user;
54 }
[root@localhost ~]# vi /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen 80;
server_name test.com test2.com test3.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
if ( $host != 'test.com' ) {
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
{
expires 7d;
valid_referers none blocked server_names *.test.com;
if ($invalid_referer) {
return 403;
}
access_log off;
}
location ~ .*\.(js|css)$
{
expires 12h;
access_log off;
}
location /admin/
{
allow 127.0.0.1;
allow 192.168.81.133;
deny all;
}
location ~ .*(upload|image)/.*\.php$
{
deny all;
}
if ($http_user_agent ~* 'Spider/3.0|YoudaoBot|Tomato')
{
return 403;
}
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/test.com$fastcgi_script_name;
}
access_log /tmp/test.com.log user;
}
[root@localhost ~]# vi /data/wwwroot/test.com/test.php
1 <?php
2 phpinfo();
[root@localhost ~]# curl -x 127.0.0.1:80 test.com/test.php
<?php
phpinfo();
[root@localhost ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload
[root@localhost ~]# curl -x 127.0.0.1:80 test.com/test.php
php解析页面
nginx解析php的配置
nginx解析php出现502 Bad的问题
nginx代理
[root@localhost ~]# vi /usr/local/nginx/conf/vhost/proxy.conf
1 server
2 {
3 listen 80;
4 server_name ask.apelearn.com;
5
6 location /
7 {
8 proxy_pass http://121.201.9.155/;
9 proxy_set_header Host $host;
10 proxy_set_header X-Real-IP $remote_addr;
11 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
12 }
13 }
[root@localhost ~]# vi /usr/local/nginx/conf/vhost/proxy.conf
server
{
listen 80;
server_name ask.apelearn.com;
location /
{
proxy_pass http://121.201.9.155/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
[root@localhost ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload
[root@localhost ~]# curl ask.apelearn.com/robots.txt
#
# robots.txt for MiWen
#
User-agent: *
Disallow: /?/admin/
Disallow: /?/people/
Disallow: /?/question/
Disallow: /account/
Disallow: /app/
Disallow: /cache/
Disallow: /install/
Disallow: /models/
Disallow: /crond/run/
Disallow: /search/
Disallow: /static/
Disallow: /setting/
Disallow: /system/
Disallow: /tmp/
Disallow: /themes/
Disallow: /uploads/
Disallow: /url-*
Disallow: /views/
Disallow: /*/ajax/
nginx负载均衡
[root@localhost ~]# yum install -y bind-utils
Loaded plugins: fastestmirror
base | 3.6 kB 00:00:00
epel/x86_64/metalink | 7.8 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
updates/7/x86_64/primary_db | 6.0 MB 00:00:11
Loading mirror speeds from cached hostfile
* base: mirrors.163.com
* epel: kartolo.sby.datautama.net.id
* extras: mirrors.cqu.edu.cn
* updates: mirrors.nju.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package bind-utils.x86_64 32:9.9.4-51.el7_4.2 will be installed
--> Processing Dependency: bind-libs = 32:9.9.4-51.el7_4.2 for package: 32:bind-utils-9.9.4-51.el7_4.2.x86_64
--> Processing Dependency: liblwres.so.90()(64bit) for package: 32:bind-utils-9.9.4-51.el7_4.2.x86_64
--> Processing Dependency: libisccfg.so.90()(64bit) for package: 32:bind-utils-9.9.4-51.el7_4.2.x86_64
--> Processing Dependency: libisccc.so.90()(64bit) for package: 32:bind-utils-9.9.4-51.el7_4.2.x86_64
--> Processing Dependency: libisc.so.95()(64bit) for package: 32:bind-utils-9.9.4-51.el7_4.2.x86_64
--> Processing Dependency: libdns.so.100()(64bit) for package: 32:bind-utils-9.9.4-51.el7_4.2.x86_64
--> Processing Dependency: libbind9.so.90()(64bit) for package: 32:bind-utils-9.9.4-51.el7_4.2.x86_64
--> Processing Dependency: libGeoIP.so.1()(64bit) for package: 32:bind-utils-9.9.4-51.el7_4.2.x86_64
--> Running transaction check
---> Package GeoIP.x86_64 0:1.5.0-11.el7 will be installed
---> Package bind-libs.x86_64 32:9.9.4-51.el7_4.2 will be installed
--> Processing Dependency: bind-license = 32:9.9.4-51.el7_4.2 for package: 32:bind-libs-9.9.4-51.el7_4.2.x86_64
--> Running transaction check
---> Package bind-license.noarch 32:9.9.4-14.el7 will be updated
--> Processing Dependency: bind-license = 32:9.9.4-14.el7 for package: 32:bind-libs-lite-9.9.4-14.el7.x86_64
---> Package bind-license.noarch 32:9.9.4-51.el7_4.2 will be an update
--> Running transaction check
---> Package bind-libs-lite.x86_64 32:9.9.4-14.el7 will be updated
---> Package bind-libs-lite.x86_64 32:9.9.4-51.el7_4.2 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
==========================================================================================================================
Package Arch Version Repository Size
==========================================================================================================================
Installing:
bind-utils x86_64 32:9.9.4-51.el7_4.2 updates 203 k
Installing for dependencies:
GeoIP x86_64 1.5.0-11.el7 base 1.1 M
bind-libs x86_64 32:9.9.4-51.el7_4.2 updates 1.0 M
Updating for dependencies:
bind-libs-lite x86_64 32:9.9.4-51.el7_4.2 updates 733 k
bind-license noarch 32:9.9.4-51.el7_4.2 updates 84 k
Transaction Summary
==========================================================================================================================
Install 1 Package (+2 Dependent packages)
Upgrade ( 2 Dependent packages)
Total download size: 3.1 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/5): bind-libs-lite-9.9.4-51.el7_4.2.x86_64.rpm | 733 kB 00:00:01
(2/5): bind-license-9.9.4-51.el7_4.2.noarch.rpm | 84 kB 00:00:01
(3/5): GeoIP-1.5.0-11.el7.x86_64.rpm | 1.1 MB 00:00:01
(4/5): bind-utils-9.9.4-51.el7_4.2.x86_64.rpm | 203 kB 00:00:04
(5/5): bind-libs-9.9.4-51.el7_4.2.x86_64.rpm | 1.0 MB 00:00:09
--------------------------------------------------------------------------------------------------------------------------
Total 342 kB/s | 3.1 MB 00:00:09
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : GeoIP-1.5.0-11.el7.x86_64 1/7
Updating : 32:bind-license-9.9.4-51.el7_4.2.noarch 2/7
Installing : 32:bind-libs-9.9.4-51.el7_4.2.x86_64 3/7
Installing : 32:bind-utils-9.9.4-51.el7_4.2.x86_64 4/7
Updating : 32:bind-libs-lite-9.9.4-51.el7_4.2.x86_64 5/7
Cleanup : 32:bind-libs-lite-9.9.4-14.el7.x86_64 6/7
Cleanup : 32:bind-license-9.9.4-14.el7.noarch 7/7
Verifying : 32:bind-license-9.9.4-51.el7_4.2.noarch 1/7
Verifying : GeoIP-1.5.0-11.el7.x86_64 2/7
Verifying : 32:bind-libs-lite-9.9.4-51.el7_4.2.x86_64 3/7
Verifying : 32:bind-utils-9.9.4-51.el7_4.2.x86_64 4/7
Verifying : 32:bind-libs-9.9.4-51.el7_4.2.x86_64 5/7
Verifying : 32:bind-libs-lite-9.9.4-14.el7.x86_64 6/7
Verifying : 32:bind-license-9.9.4-14.el7.noarch 7/7
Installed:
bind-utils.x86_64 32:9.9.4-51.el7_4.2
Dependency Installed:
GeoIP.x86_64 0:1.5.0-11.el7 bind-libs.x86_64 32:9.9.4-51.el7_4.2
Dependency Updated:
bind-libs-lite.x86_64 32:9.9.4-51.el7_4.2 bind-license.noarch 32:9.9.4-51.el7_4.2
Complete!
[root@localhost ~]# dig qq.com
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> qq.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4432
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;qq.com. IN A
;; ANSWER SECTION:
qq.com. 561 IN A 125.39.240.113
qq.com. 561 IN A 61.135.157.156
;; Query time: 46 msec
;; SERVER: 119.29.29.29#53(119.29.29.29)
;; WHEN: Fri Mar 02 20:44:04 EST 2018
;; MSG SIZE rcvd: 67
[root@localhost ~]# vi /usr/local/nginx/conf/vhost/load.conf
添加
1 upstream qq_com
2 {
3 ip_hash;
4 server 61.135.157.156:80;
5 server 125.39.240.113:80;
6 }
7
8 server
9 {
10 listen 80;
11 server_name www.qq.com;
12
13 location /
14 {
15 proxy_pass http://qq_com;
16 proxy_set_header Host $host;
17 proxy_set_header X-Real-IP $remote_addr;
18 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
19 }
20 }
[root@localhost ~]# vi /usr/local/nginx/conf/vhost/load.conf
upstream qq_com
{
ip_hash;
server 61.135.157.156:80;
server 125.39.240.113:80;
}
server
{
listen 80;
server_name www.qq.com;
location /
{
proxy_pass http://qq_com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
[root@localhost ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload
[root@localhost ~]# curl -x 127.0.0.1:80 www.qq.com
访问到qq.com主页
生成ssl密钥对
[root@localhost ~]# cd /usr/local/nginx/conf/
[root@localhost conf]# openssl genrsa -des3 -out tmp.key 2048
Generating RSA private key, 2048 bit long modulus
............+++
.................................................+++
e is 65537 (0x10001)
Enter pass phrase for tmp.key:1234
Verifying - Enter pass phrase for tmp.key:1234
转换key,取消密码
[root@localhost conf]# openssl rsa -in tmp.key -out user.key
Enter pass phrase for tmp.key:
writing RSA key
[root@localhost conf]# rm -f tmp.key
生成证书请求文件
[root@localhost conf]# openssl req -new -key user.key -out user.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:11
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:user
Organizational Unit Name (eg, section) []:user
Common Name (eg, your name or your server's hostname) []:users
Email Address []:users@user.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:1234
An optional company name []:user
使用请求文件和私钥一起生成公钥文件
[root@localhost conf]# openssl x509 -req -days 365 -in user.csr -signkey user.key -out user.crt
Signature ok
subject=/C=11/ST=Beijing/L=Beijing/O=user/OU=user/CN=users/emailAddress=users@user.com
Getting Private key
nginx配置ssl
[root@localhost ~]# vi /usr/local/nginx/conf/vhost/ssl.conf
1 server
2 {
3 listen 443;
4 server_name user.com;
5 index index.html index.php;
6 root /data/wwwroot/user.com;
7 ssl on;
8 ssl_certificate user.crt;
9 ssl_certificate_key user.key;
10 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
11 }
[root@localhost ~]# vi /usr/local/nginx/conf/vhost/ssl.conf
server
{
listen 443;
server_name user.com;
index index.html index.php;
root /data/wwwroot/user.com;
ssl on;
ssl_certificate user.crt;
ssl_certificate_key user.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
}
[root@localhost ~]# mkdir /data/wwwroot/user.com
[root@localhost ~]# /usr/local/nginx/sbin/nginx -t
nginx: [emerg] unknown directive "ssl" in /usr/local/nginx/conf/vhost/ssl.conf:7
nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
[root@localhost ~]# cd /usr/local/src/nginx-1.8.0
[root@localhost nginx-1.8.0]# ./configure --prefix=/usr/local/nginx/ --with-http_ssl_module
[root@localhost nginx-1.8.0]# make && make install
[root@localhost nginx-1.8.0]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.8.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx/ --with-http_ssl_module
[root@localhost nginx-1.8.0]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx//conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx//conf/nginx.conf test is successful
[root@localhost nginx-1.8.0]# /etc/init.d/nginx restart
Restarting nginx (via systemctl): [ OK ]
[root@localhost nginx-1.8.0]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2498/master
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 10915/nginx: master
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 10915/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1287/sshd
tcp6 0 0 ::1:25 :::* LISTEN 2498/master
tcp6 0 0 :::3306 :::* LISTEN 2487/mysqld
tcp6 0 0 :::22 :::* LISTEN 1287/sshd
[root@localhost nginx-1.8.0]# cd /data/wwwroot/user.com/
[root@localhost user.com]# echo "This is Test" > index.html
[root@localhost user.com]# vi /etc/hosts
添加
3 127.0.0.1 user.com
为
1 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
2 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
3 127.0.0.1 user.com
[root@localhost user.com]# curl https://user.com
curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
Windows打开C:\Windows\System32\drivers\etc\hosts添加192.168.81.130 user.com 然后浏览器访问https://user.com
若不能访问,则查看防火墙
[root@localhost user.com]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
63229 35M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
92 5520 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
2041 260K INPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0
2041 260K INPUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
2041 260K INPUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
2 96 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
2031 260K REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_direct all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_IN_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_IN_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_OUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_OUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 1564 packets, 222K bytes)
pkts bytes target prot opt in out source destination
42335 6313K OUTPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD_IN_ZONES (1 references)
pkts bytes target prot opt in out source destination
0 0 FWDI_public all -- ens37 * 0.0.0.0/0 0.0.0.0/0 [goto]
0 0 FWDI_public all -- eno16777736 * 0.0.0.0/0 0.0.0.0/0 [goto]
0 0 FWDI_public all -- + * 0.0.0.0/0 0.0.0.0/0 [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain FORWARD_OUT_ZONES (1 references)
pkts bytes target prot opt in out source destination
0 0 FWDO_public all -- * ens37 0.0.0.0/0 0.0.0.0/0 [goto]
0 0 FWDO_public all -- * eno16777736 0.0.0.0/0 0.0.0.0/0 [goto]
0 0 FWDO_public all -- * + 0.0.0.0/0 0.0.0.0/0 [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain FORWARD_direct (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public (3 references)
pkts bytes target prot opt in out source destination
0 0 FWDI_public_log all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDI_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDI_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FWDI_public_allow (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public (3 references)
pkts bytes target prot opt in out source destination
0 0 FWDO_public_log all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDO_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDO_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FWDO_public_allow (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain INPUT_ZONES (1 references)
pkts bytes target prot opt in out source destination
15 2843 IN_public all -- ens37 * 0.0.0.0/0 0.0.0.0/0 [goto]
149 16919 IN_public all -- eno16777736 * 0.0.0.0/0 0.0.0.0/0 [goto]
3 821 IN_public all -- + * 0.0.0.0/0 0.0.0.0/0 [goto]
Chain INPUT_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain INPUT_direct (1 references)
pkts bytes target prot opt in out source destination
Chain IN_public (3 references)
pkts bytes target prot opt in out source destination
2041 260K IN_public_log all -- * * 0.0.0.0/0 0.0.0.0/0
2041 260K IN_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0
2041 260K IN_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0
Chain IN_public_allow (1 references)
pkts bytes target prot opt in out source destination
8 416 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW
Chain IN_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain IN_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain OUTPUT_direct (1 references)
pkts bytes target prot opt in out source destination
[root@localhost user.com]# iptables -F
浏览器显示This is Test则表示成功
php-fpm的pool
[root@localhost ~]# cat /usr/local/php-fpm/etc/php-fpm.conf
添加
18 [user.com]
19 listen = /tmp/user.sock
20 #listen = 127.0.0.1:9000
21 listen.mode = 666
22 user = php-fpm
23 group = php-fpm
24 pm = dynamic
25 pm.max_children = 50
26 pm.start_servers = 20
27 pm.min_spare_servers = 5
28 pm.max_spare_servers = 35
29 pm.max_requests = 500
30 rlimit_files = 1024
为
1 [global]
2 pid = /usr/local/php-fpm/var/run/php-fpm.pid
3 error_log = /usr/local/php-fpm/var/log/php-fpm.log
4 [www]
5 listen = /tmp/php-fcgi.sock
6 #listen = 127.0.0.1:9000
7 listen.mode = 666
8 user = php-fpm
9 group = php-fpm
10 pm = dynamic
11 pm.max_children = 50
12 pm.start_servers = 20
13 pm.min_spare_servers = 5
14 pm.max_spare_servers = 35
15 pm.max_requests = 500
16 rlimit_files = 1024
17
18 [user.com]
19 listen = /tmp/user.sock
20 #listen = 127.0.0.1:9000
21 listen.mode = 666
22 user = php-fpm
23 group = php-fpm
24 pm = dynamic
25 pm.max_children = 50
26 pm.start_servers = 20
27 pm.min_spare_servers = 5
28 pm.max_spare_servers = 35
29 pm.max_requests = 500
30 rlimit_files = 1024
[root@localhost ~]# cat /usr/local/php-fpm/etc/php-fpm.conf
[global]
pid = /usr/local/php-fpm/var/run/php-fpm.pid
error_log = /usr/local/php-fpm/var/log/php-fpm.log
[www]
listen = /tmp/php-fcgi.sock
#listen = 127.0.0.1:9000
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
[user.com]
listen = /tmp/user.sock
#listen = 127.0.0.1:9000
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
:set nonu
[root@localhost ~]# /usr/local/php-fpm/sbin/php-fpm -t
[03-Mar-2018 06:24:21] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful
[root@localhost ~]# /etc/init.d/php-fpm reload
Reload service php-fpm done
[root@localhost ~]# ps aux | grep php-fpm
root 12056 0.0 0.2 227836 4944 ? Ss 06:24 0:00 php-fpm: master process (/usr/local/php-fpm/etc/php-fpm.conf)
php-fpm 12057 0.0 0.2 227776 4704 ? S 06:24 0:00 php-fpm: pool www
php-fpm 12058 0.0 0.2 227776 4708 ? S 06:24 0:00 php-fpm: pool www
php-fpm 12059 0.0 0.2 227776 4708 ? S 06:24 0:00 php-fpm: pool www
php-fpm 12060 0.0 0.2 227776 4708 ? S 06:24 0:00 php-fpm: pool www
php-fpm 12061 0.0 0.2 227776 4712 ? S 06:24 0:00 php-fpm: pool www
php-fpm 12062 0.0 0.2 227776 4712 ? S 06:24 0:00 php-fpm: pool www
php-fpm 12063 0.0 0.2 227776 4712 ? S 06:24 0:00 php-fpm: pool www
php-fpm 12064 0.0 0.2 227776 4712 ? S 06:24 0:00 php-fpm: pool www
php-fpm 12065 0.0 0.2 227776 4712 ? S 06:24 0:00 php-fpm: pool www
php-fpm 12066 0.0 0.2 227776 4712 ? S 06:24 0:00 php-fpm: pool www
php-fpm 12067 0.0 0.2 227776 4712 ? S 06:24 0:00 php-fpm: pool www
php-fpm 12068 0.0 0.2 227776 4712 ? S 06:24 0:00 php-fpm: pool www
php-fpm 12069 0.0 0.2 227776 4712 ? S 06:24 0:00 php-fpm: pool www
php-fpm 12070 0.0 0.2 227776 4712 ? S 06:24 0:00 php-fpm: pool www
php-fpm 12071 0.0 0.2 227776 4712 ? S 06:24 0:00 php-fpm: pool www
php-fpm 12072 0.0 0.2 227776 4712 ? S 06:24 0:00 php-fpm: pool www
php-fpm 12073 0.0 0.2 227776 4712 ? S 06:24 0:00 php-fpm: pool www
php-fpm 12074 0.0 0.2 227776 4716 ? S 06:24 0:00 php-fpm: pool www
php-fpm 12075 0.0 0.2 227776 4716 ? S 06:24 0:00 php-fpm: pool www
php-fpm 12076 0.0 0.2 227776 4716 ? S 06:24 0:00 php-fpm: pool www
php-fpm 12077 0.0 0.2 227776 4712 ? S 06:24 0:00 php-fpm: pool user.com
php-fpm 12078 0.0 0.2 227776 4712 ? S 06:24 0:00 php-fpm: pool user.com
php-fpm 12079 0.0 0.2 227776 4712 ? S 06:24 0:00 php-fpm: pool user.com
php-fpm 12080 0.0 0.2 227776 4712 ? S 06:24 0:00 php-fpm: pool user.com
php-fpm 12081 0.0 0.2 227776 4716 ? S 06:24 0:00 php-fpm: pool user.com
php-fpm 12082 0.0 0.2 227776 4716 ? S 06:24 0:00 php-fpm: pool user.com
php-fpm 12083 0.0 0.2 227776 4716 ? S 06:24 0:00 php-fpm: pool user.com
php-fpm 12084 0.0 0.2 227776 4716 ? S 06:24 0:00 php-fpm: pool user.com
php-fpm 12085 0.0 0.2 227776 4716 ? S 06:24 0:00 php-fpm: pool user.com
php-fpm 12086 0.0 0.2 227776 4716 ? S 06:24 0:00 php-fpm: pool user.com
php-fpm 12087 0.0 0.2 227776 4716 ? S 06:24 0:00 php-fpm: pool user.com
php-fpm 12088 0.0 0.2 227776 4716 ? S 06:24 0:00 php-fpm: pool user.com
php-fpm 12089 0.0 0.2 227776 4716 ? S 06:24 0:00 php-fpm: pool user.com
php-fpm 12090 0.0 0.2 227776 4720 ? S 06:24 0:00 php-fpm: pool user.com
php-fpm 12091 0.0 0.2 227776 4720 ? S 06:24 0:00 php-fpm: pool user.com
php-fpm 12092 0.0 0.2 227776 4720 ? S 06:24 0:00 php-fpm: pool user.com
php-fpm 12093 0.0 0.2 227776 4720 ? S 06:24 0:00 php-fpm: pool user.com
php-fpm 12094 0.0 0.2 227776 4720 ? S 06:24 0:00 php-fpm: pool user.com
php-fpm 12095 0.0 0.2 227776 4720 ? S 06:24 0:00 php-fpm: pool user.com
php-fpm 12096 0.0 0.2 227776 4720 ? S 06:24 0:00 php-fpm: pool user.com
root 12102 0.0 0.0 112664 980 pts/0 S+ 06:26 0:00 grep --color=auto php-fpm
[root@localhost ~]# vi /usr/local/nginx/conf/vhost/aaa.com.conf
添加
8 location ~ \.php$
9 {
10 include fastcgi_params;
11 fastcgi_pass unix:/tmp/user.sock;
12 fastcgi_index index.php;
13 fastcgi_param SCRIPT_FILENAME /data/wwwroot/defaul$fastcgi_script_name;
14 }
为
1 server
2 {
3 listen 80 default_server;
4 server_name aaa.com;
5 index index.html index.htm index.php;
6 root /data/wwwroot/default;
7
8 location ~ \.php$
9 {
10 include fastcgi_params;
11 fastcgi_pass unix:/tmp/user.sock;
12 fastcgi_index index.php;
13 fastcgi_param SCRIPT_FILENAME /data/wwwroot/default$fastcgi_script_name;
14 }
15
16 }
[root@localhost ~]# vi /usr/local/nginx/conf/vhost/aaa.com.conf
server
{
listen 80 default_server;
server_name aaa.com;
index index.html index.htm index.php;
root /data/wwwroot/default;
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/user.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/default$fastcgi_script_name;
}
}
[root@localhost ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx//conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx//conf/nginx.conf test is successful
[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload
[root@localhost ~]# cat /usr/local/php-fpm/etc/php-fpm.conf
添加
4 include = etc/php-fpm.d/*.conf
为
1 [global]
2 pid = /usr/local/php-fpm/var/run/php-fpm.pid
3 error_log = /usr/local/php-fpm/var/log/php-fpm.log
4 include = etc/php-fpm.d/*.conf
[root@localhost ~]# mkdir /usr/local/php-fpm/etc/php-fpm.d/
root@localhost ~]# mkdir /usr/local/php-fpm/etc/php-fpm.d/
[root@localhost ~]# cd /usr/local/php-fpm/etc/php-fpm.d/
[root@localhost php-fpm.d]# vi www.conf
添加
1 [www]
2 listen = /tmp/php-fcgi.sock
3 #listen = 127.0.0.1:9000
4 listen.mode = 666
5 user = php-fpm
6 group = php-fpm
7 pm = dynamic
8 pm.max_children = 50
9 pm.start_servers = 20
10 pm.min_spare_servers = 5
11 pm.max_spare_servers = 35
12 pm.max_requests = 500
13 rlimit_files = 1024
[root@localhost php-fpm.d]# vi /usr/local/php-fpm/etc/php-fpm.d/www.conf
[www]
listen = /tmp/php-fcgi.sock
#listen = 127.0.0.1:9000
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
[root@localhost php-fpm.d]# vi user.conf
添加
1 [user.com]
2 listen = /tmp/user.sock
3 #listen = 127.0.0.1:9000
4 listen.mode = 666
5 user = php-fpm
6 group = php-fpm
7 pm = dynamic
8 pm.max_children = 50
9 pm.start_servers = 20
10 pm.min_spare_servers = 5
11 pm.max_spare_servers = 35
12 pm.max_requests = 500
13 rlimit_files = 1024
[root@localhost php-fpm.d]# vi /usr/local/php-fpm/etc/php-fpm.d/user.conf
[user.com]
listen = /tmp/user.sock
#listen = 127.0.0.1:9000
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
[root@localhost php-fpm.d]# /usr/local/php-fpm/sbin/php-fpm -t
[03-Mar-2018 07:03:09] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful
[root@localhost php-fpm.d]# /etc/init.d/php-fpm reload
Reload service php-fpm done
[root@localhost php-fpm.d]# ps aux | grep php-fpm
root 12200 0.0 0.2 227864 4952 ? Ss 07:04 0:00 php-fpm: master process (/usr/local/php-fpm/etc/php-fpm.conf)
php-fpm 12201 0.0 0.2 227804 4716 ? S 07:04 0:00 php-fpm: pool user.com
php-fpm 12202 0.0 0.2 227804 4720 ? S 07:04 0:00 php-fpm: pool user.com
php-fpm 12203 0.0 0.2 227804 4720 ? S 07:04 0:00 php-fpm: pool user.com
php-fpm 12204 0.0 0.2 227804 4720 ? S 07:04 0:00 php-fpm: pool user.com
php-fpm 12205 0.0 0.2 227804 4724 ? S 07:04 0:00 php-fpm: pool user.com
php-fpm 12206 0.0 0.2 227804 4724 ? S 07:04 0:00 php-fpm: pool user.com
php-fpm 12207 0.0 0.2 227804 4724 ? S 07:04 0:00 php-fpm: pool user.com
php-fpm 12208 0.0 0.2 227804 4724 ? S 07:04 0:00 php-fpm: pool user.com
php-fpm 12209 0.0 0.2 227804 4724 ? S 07:04 0:00 php-fpm: pool user.com
php-fpm 12210 0.0 0.2 227804 4724 ? S 07:04 0:00 php-fpm: pool user.com
php-fpm 12211 0.0 0.2 227804 4724 ? S 07:04 0:00 php-fpm: pool user.com
php-fpm 12212 0.0 0.2 227804 4724 ? S 07:04 0:00 php-fpm: pool user.com
php-fpm 12213 0.0 0.2 227804 4724 ? S 07:04 0:00 php-fpm: pool user.com
php-fpm 12214 0.0 0.2 227804 4724 ? S 07:04 0:00 php-fpm: pool user.com
php-fpm 12215 0.0 0.2 227804 4724 ? S 07:04 0:00 php-fpm: pool user.com
php-fpm 12216 0.0 0.2 227804 4724 ? S 07:04 0:00 php-fpm: pool user.com
php-fpm 12217 0.0 0.2 227804 4724 ? S 07:04 0:00 php-fpm: pool user.com
php-fpm 12218 0.0 0.2 227804 4728 ? S 07:04 0:00 php-fpm: pool user.com
php-fpm 12219 0.0 0.2 227804 4728 ? S 07:04 0:00 php-fpm: pool user.com
php-fpm 12220 0.0 0.2 227804 4728 ? S 07:04 0:00 php-fpm: pool user.com
php-fpm 12221 0.0 0.2 227804 4724 ? S 07:04 0:00 php-fpm: pool www
php-fpm 12222 0.0 0.2 227804 4724 ? S 07:04 0:00 php-fpm: pool www
php-fpm 12223 0.0 0.2 227804 4724 ? S 07:04 0:00 php-fpm: pool www
php-fpm 12224 0.0 0.2 227804 4724 ? S 07:04 0:00 php-fpm: pool www
php-fpm 12225 0.0 0.2 227804 4728 ? S 07:04 0:00 php-fpm: pool www
php-fpm 12226 0.0 0.2 227804 4728 ? S 07:04 0:00 php-fpm: pool www
php-fpm 12227 0.0 0.2 227804 4728 ? S 07:04 0:00 php-fpm: pool www
php-fpm 12228 0.0 0.2 227804 4728 ? S 07:04 0:00 php-fpm: pool www
php-fpm 12229 0.0 0.2 227804 4728 ? S 07:04 0:00 php-fpm: pool www
php-fpm 12230 0.0 0.2 227804 4728 ? S 07:04 0:00 php-fpm: pool www
php-fpm 12231 0.0 0.2 227804 4728 ? S 07:04 0:00 php-fpm: pool www
php-fpm 12232 0.0 0.2 227804 4728 ? S 07:04 0:00 php-fpm: pool www
php-fpm 12233 0.0 0.2 227804 4728 ? S 07:04 0:00 php-fpm: pool www
php-fpm 12234 0.0 0.2 227804 4732 ? S 07:04 0:00 php-fpm: pool www
php-fpm 12235 0.0 0.2 227804 4732 ? S 07:04 0:00 php-fpm: pool www
php-fpm 12236 0.0 0.2 227804 4732 ? S 07:04 0:00 php-fpm: pool www
php-fpm 12237 0.0 0.2 227804 4732 ? S 07:04 0:00 php-fpm: pool www
php-fpm 12238 0.0 0.2 227804 4732 ? S 07:04 0:00 php-fpm: pool www
php-fpm 12239 0.0 0.2 227804 4732 ? S 07:04 0:00 php-fpm: pool www
php-fpm 12240 0.0 0.2 227804 4732 ? S 07:04 0:00 php-fpm: pool www
root 12242 0.0 0.0 112664 976 pts/0 S+ 07:04 0:00 grep --color=auto php-fpm
“Unix domain socket (/tmp/www.sock)或者 IPCsocket (127.0.0.1:9000)是一种终端,可以使同一台操作系统上的两个或多个进程进行数据通信。与管道相比,Unix domain sockets 既可以使用字节流数和数据队列,而管道通信则只能通过字节流。Unix domain sockets的接口和Internet socket很像,但它不使用网络底层协议来通信。Unix domain socket 的功能是POSIX操作系统里的一种组件。 Unix domain sockets 使用系统文件的地址来作为自己的身份。它可以被系统进程引用。所以两个进程可以同时打开一个Unix domain sockets来进行通信。不过这种通信方式是发生在系统内核里而不会在网络里传播。 即:nginx 和 php 利用 这个socket 进行通信
扫一扫
68万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
