一、总体简介
Lnmp架构(Linux+nginx+mysql+php)是目前网站的主流架构,这个架构包含了一个网站的最基本要求:运行环境+web容器+动态页面处理+存储。当然同样主流的架构还有lamp,但是个人认为nginx的性能在现在的趋势下更胜一筹。
二、Nginx优势
Nginx是一款高性能的web服务器、反向代理服务器、负载均衡服务器,它的高性能主要体现在它引入了基于事件驱动的I/O模型,支持高并发,并且占用内存资源少。作为web服务器,nginx比apache使用更少的资源,支持更多的并发连接,nginx处理静态文件、索引文件,自动索引的效率非常高。作为反向代理服务器,nginx可以实现无缓存的反向代理,提高网站运行速度。作为负载均衡服务器,nginx既可以在内部支持Rails和PHP,也可以支持HTTP代理服务器,对外进行服务。同时支持简单的容错和利用算法进行负载均衡。
三、安装配置
1. 安装配置nginx
在官网下载nginx的源码包:http://nginx.org/en/download.html
这里我选择的是nginx-1.12.0.tar.gz
1) 解压源码包
[[email protected] ~]# tar zxf nginx-1.12.0.tar.gz
2) 安装源码包
[[email protected] nginx-1.12.0]# cd auto/cc [[email protected] cc]# vim gcc # debug #CFLAGS="$CFLAGS -g" ###注释掉这一行,编译后没有debug信息,nginx文件就会缩减很多 [[email protected] nginx-1.12.0]# cd src/core #define NGINX_VER "nginx" ###一般处于安全考虑会更改或隐藏nginx版本号 [[email protected] nginx-1.12.0]# yum install pcre-devel -y ###安装依赖性 [[email protected] nginx-1.12.0]# ./configure --prefix=/usr/local/lnmp/nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_stub_status_module ###可以根据自己的需要添加参数,我添加的参数依次是:设定安装目录、允许多线程、l允许系统启用异步io、允许ngx_http_stub_status_module模块(这个模块可以取得一些nginx的运行状态,如果是工业状况,可以直接取消)、允许ngx_http_ssl_module模块 [[email protected] nginx-1.12.0]# make&&make install [[email protected] nginx-1.12.0]# cd /usr/local/lnmp/nginx/ [[email protected] nginx]# ln -s /usr/local/lnmp/nginx/sbin/nginx /usr/local/sbin/ ###做软链接,方便启动
3) 配置nginx
nginx的配置目录为/usr/local/lnmp/nginx/conf/nginx.conf
[[email protected] nginx]# cd conf [[email protected] conf]# useradd -u 800 nginx ###创建nginx用户 [[email protected] conf]# vim nginx.conf user nginx nginx; ###更改nginx用户 worker_processes 2;###更改进程数,最好是和cpu数一致 worker_cpu_affinity 01 10;###将进程绑定cpu,两个cpu就是 01 10 四个cpu就是0001 0010 0100 1000 #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 4096; ###更改最大连接数,不能超过内核最大文件个数sysctl -a | grep file可以查看 } [[email protected] conf]# vim /etc/security/limits.conf ###更改nginx用户的内核限制 最大用户进程数和文件打开个数,如果上面设置的最大连接比这里的数字大也没用最大只能到这里设置的4096, ulimit -a可以查看内核限制 nginx - nproc 4096 nginx - nofile 4096 [[email protected] conf]# su nginx [[email protected] conf]$ ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 14868 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 4096 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 10240 cpu time (seconds, -t) unlimited max user processes (-u) 4096 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited [[email protected] conf]# nginx -t [[email protected] conf]# nginx ###添加虚拟server [[email protected] conf]# vim nginx.conf server { listen 80; server_name www.westos.com; location / { root /web1; ###发布目录 index index.html; } } server { listen 80; server_name www.linux.com; location / { root /web2; index index.html; } } [[email protected] conf]# mkdir /web1 [[email protected] conf]# mkdir /web2 [[email protected] conf]# echo ‘westos‘ > /web1/index.html [[email protected] conf]# echo ‘linux‘ > /web2/index.html [[email protected] conf]# nginx -t [[email protected] conf]# nginx -s reload ###测试以下 [[email protected] conf]# curl -I www.westos.com ###用url访问 HTTP/1.1 200 OK Server: nginx Date: Sun, 14 May 2017 06:00:25 GMT Content-Type: text/html Content-Length: 7 Last-Modified: Sun, 14 May 2017 05:40:05 GMT Connection: keep-alive ETag: "5917edb5-7" Accept-Ranges: bytes ###添加https [[email protected] conf]# vim nginx.conf # HTTPS server server { listen 443 ssl; server_name localhost; ssl_certificate cert.pem; ssl_certificate_key cert.pem; ###我这里为了测试方便把key和证书设置一样的了 ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { root html; index index.html index.htm; } } [[email protected] conf]# cd /etc/pki/tls/certs/ [[email protected] certs]# ls ca-bundle.crt make-dummy-cert renew-dummy-cert ca-bundle.trust.crt Makefile [[email protected] certs]# make cert.pem ###生成一个临时的证书 umask 77 ; PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; /usr/bin/openssl req -utf8 -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; cat $PEM1 > cert.pem ; echo "" >> cert.pem ; cat $PEM2 >> cert.pem ; rm -f $PEM1 $PEM2 Generating a 2048 bit RSA private key ...............................................................................................................+++ ............................+++ writing new private key to ‘/tmp/openssl.f7Dpjt‘ ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.‘, the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:Shaanxi Locality Name (eg, city) [Default City]:xi‘an Organization Name (eg, company) [Default Company Ltd]:westos Organizational Unit Name (eg, section) []:linux Common Name (eg, your name or your server‘s hostname) []:server1 Email Address []:[email protected] [[email protected] certs]# mv cert.pem /usr/local/lnmp/nginx/conf/ ###将证书放在nginx的配置目录下 [[email protected] certs]# nginx -t ###检测是否正常 [[email protected] certs]# nginx -s reload ###重新加载nginx ###重定向 [[email protected] conf]# vim nginx.conf server { listen 80; server_name www.princekin.com; ###将所有访问以www.princekin.com开头的都重写到https://www.prince.com rewrite ^(.*) https://www.prince.com; } [[email protected] conf]# nginx -t [[email protected] conf]# nginx -s reload ###负载均衡和反向代理 [[email protected] conf]# vim nginx.conf ###引入upstream模块作负载均衡 http { upstream westos { server 172.25.45.2:80; server 172.25.45.3:80; server 172.25.45.1:8080 backup; ###当2和3都挂了就访问1,1做备份 } ###引入proxy_pass 作反向代理 server { listen 80; server_name www.westos.com; rewrite ^(.*) http://www.linux.com; } server { listen 80; server_name www.linux.com; location / { proxy_pass http://westos; } } ###开启http8080端口 http作为nginx的维护界面 [[email protected] conf]# yum install httpd -y [[email protected] conf]# vim /etc/httpd/conf/httpd.conf ServerName 172.25.45.1 Listen 8080 [[email protected] conf]# vim /var/www/html/index.html 随便写 [[email protected] conf]# /etc/init.d/httpd start 再开两台虚拟机作server2和server3 配置好服务nginx或者httpd都行 ###测试结果 [[email protected] conf]# for i in {1..10}; do curl www.linux.com;done <h1>server3<h1> <h1>server2<h1> <h1>server3<h1> <h1>server2<h1> <h1>server3<h1> <h1>server2<h1> <h1>server3<h1> <h1>server2<h1> <h1>server3<h1> <h1>server2<h1>
2. 安装配置mysql
在官网下载:https://www.mysql.com/downloads/
mysql-boost-5.7.17.tar.gz(也可以下不带boost的,包会小一点,但是编译的时候需要单独下载boost包)
编译源码包时有依赖性需要安装:
gcc gcc-c++ ncurses-devel bison openssl-devel zlib-devel cmake(系统自带的版本过低,须从官网下在最新版本)
[[email protected] mysql-5.7.17]# yum install -y gcc gcc-c++ make ncurses-devel bison openssl-devel zlib-devel cmake [[email protected] mysql-5.7.17]# tar zxvf mysql-boost-5.7.12.tar.gz [[email protected] mysql-5.7.17]# cd mysql-5.7.17 [[email protected]]# cmake -DCMAKE_INSTALL_PREFIX=/usr/local/mysql #安装目录 -DMYSQL_DATADIR=/usr/local/mysql/data #数据库存放目录 -DMYSQL_UNIX_ADDR=/usr/local/mysql/data/mysql.sock \ #Unix socket 文件路径 -DWITH_MYISAM_STORAGE_ENGINE=1 #安装 myisam 存储引擎 -DWITH_INNOBASE_STORAGE_ENGINE=1 #安装 innodb 存储引擎 -DWITH_ARCHIVE_STORAGE_ENGINE=1 #安装 archive 存储引擎 -DWITH_BLACKHOLE_STORAGE_ENGINE=1 #安装 blackhole 存储引擎 -DWITH_PARTITION_STORAGE_ENGINE=1 #安装数据库分区 -DENABLED_LOCAL_INFILE=1 #允许从本地导入数据 -DWITH_READLINE=1 #快捷键功能 -DWITH_SSL=yes #支持 SSL -DDEFAULT_CHARSET=utf8 #使用 utf8 字符 -DDEFAULT_COLLATION=utf8_general_ci #校验字符 -DEXTRA_CHARSETS=all #安装所有扩展字符集 -DMYSQL_TCP_PORT=3306 #MySQL 监听端口 默认的可以不写 -DWITH-BOOST=boost/boost_1_59_0/ [[email protected] mysql-5.7.17]# make && make install ###重新编译时,需要清除旧的对象文件和缓存信息 make clean rm -f CmakeCache.txt [[email protected] mysql-5.7.17]# cd /usr/local/lnmp/mysql [[email protected] mysql]# cd support-files [[email protected] support-files]# cp my-default.cnf /etc/my.cnf [[email protected] support-files]# cp mysql.server /etc/init.d/mysqld [[email protected] mysql]# useradd -u 27 -s /sbin/nologin mysql [[email protected] mysql]# groupmod -g 27 mysql [[email protected] mysql]# chown mysql.mysql -R . [[email protected] bin]# vim ~/.bash_profile PATH=$PATH:$HOME/bin:/usr/local/lnmp/mysql/bin ###添加环境变量 [[email protected] bin]# source ~/.bash_profile [[email protected] mysql]# mysqld --initialize --user=mysql ###初始化 2017-05-14T05:22:13.918714Z 1 [Note] A temporary password is generated for [email protected]: XUpjk0SNh4+C ###会提供root初始化密码 [[email protected] mysql]# /etc/init.d/mysqld start ###启动服务 [[email protected] mysql]# mysql -p Enter password: ###复制上面提供的密码,进入mysql mysql> show databases; ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement. ###报错是因为要先改密码 mysql> alter user [email protected] identified by ‘Lee+88888‘; Query OK, 0 rows affected (0.00 sec) ###更改密码必须有大写字母,特殊字符,数字超过8位 mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | | sys | +--------------------+ 4 rows in set (0.00 sec) ###做安全初始化 [[email protected] mysql]# mysql_secure_installation -p Enter password: Securing the MySQL server deployment. VALIDATE PASSWORD PLUGIN can be used to test passwords and improve security. It checks the strength of password and allows the users to set only those passwords which are secure enough. Would you like to setup VALIDATE PASSWORD plugin? Press y|Y for Yes, any other key for No: Using existing password for root. Change the password for root ? ((Press y|Y for Yes, any other key for No) : ... skipping. By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? (Press y|Y for Yes, any other key for No) : y Success. Normally, root should only be allowed to connect from ‘localhost‘. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y Success. By default, MySQL comes with a database named ‘test‘ that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y - Dropping test database... Success. - Removing privileges on test database... Success. Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y Success. All done!
3.安装配置php
php 官网下载:http://php.net/downloads.php
[[email protected] ~]# tar jxf php-5.6.20.tar.bz2
需要下载的依赖包:
libmcrypt-2.5.8-9.el6.x86_64.rpm libmcrypt-devel-2.5.8-9.el6.x86_64.rpm re2c-0.13.5-1.el6.x86_64.rpm gd-devel-2.0.35-11.el6.x86_64.rpm
[[email protected] ~]# yum install libmcrypt-2.5.8-9.el6.x86_64.rpm libmcrypt-devel-2.5.8-9.el6.x86_64.rpm re2c-0.13.5-1.el6.x86_64.rpm gd-devel-2.0.35-11.el6.x86_64.rpm [[email protected] php-5.6.20]# yum install net-snmp-devel gmp-devel curl-devel libxml2-devel -y [[email protected] php-5.6.20]# ./configure --prefix=/usr/local/lnmp/php --with-config-file-path=/usr/local/lnmp/php/etc --with-mysql --with-mysqli --with-pdo-mysql --enable-mysqlnd --with-openssl --with-snmp --with-gd --with-zlib --with-curl --with-libxml-dir --with-png-dir --with-jpeg-dir --with-freetype-dir --with-pear --with-gettext --with-gmp --enable-inline-optimization --enable-soap --enable-ftp --enable-sockets --enable-mbstring --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-mcrypt --with-mhash [[email protected] php-5.6.20]# make && make install [[email protected] php-5.6.20]# cd /usr/local/lnmp/php [[email protected] php]# cd etc/ [[email protected] etc]# cp php-fpm.conf.default php-fpm.conf [[email protected] php-5.6.20]# cp php.ini-production /usr/local/lnmp/php/etc/php.ini [[email protected] php-5.6.20]# cd /usr/local/lnmp/php/etc/ [[email protected] etc]# vim php.ini date.timezone = Asia/Shanghai ###更改时区 pdo_mysql.default_socket=/usr/local/lnmp/mysql/data/mysql.sock mysqli.default_socket = /usr/local/lnmp/mysql/data/mysql.sock mysql.default_socket = /usr/local/lnmp/mysql/data/mysql.sock ###添加mysql.sock [[email protected] etc]# vim php-fpm.conf [global] ; Pid file ; Note: the default prefix is /usr/local/lnmp/php/var ; Default Value: none pid = run/php-fpm.pid ###去掉注释 [[email protected] etc]# cd ~/php-5.6.20/sapi/fpm/ [[email protected] fpm]# cp init.d.php-fpm /etc/init.d/php-fpm ###添加php-fpm启动项到/etc/init.d [[email protected] fpm]# chmod +x /etc/init.d/php-fpm ###给执行权限 [[email protected] fpm]# /etc/init.d/php-fpm start