Category Archives: Nginx

nginx的点点滴滴

SSI说明

  By | | , ,
SSI说明已关闭评论

一、SSI
Server Side Include,是一种基于服务端的网页制作技术,大多数(尤其是基于Unix平台)的web服务器如Netscape Enterprise Server等均支持SSI命令。
它的工作原因是:在页面内容发送到客户端之前,使用SSI指令将文本、图片或代码信息包含到网页中。对于在多个文件中重复出现内容,使用SSI是一种简便的方法,将内容存入一个包含文件中即可,不必将其输入所有文件。通过一个非常简单的语句即可调用包含文件,此语句指示Web服务器将内容插入适当网页。而且,使用包含文件时,对内容的所有更改只需在一个地方就能完成。

二、Nginx配置
ssi: 默认值off,启用ssi时将其设为on
ssi_silent_errors: 默认值off,开启后在处理SSI文件出错时不输出错误提示”[an error occurred while processing the directive]”。
ssi_types: 默认是text/html,所以如果需支持html,则不需要设置这句,如果需要支持shtml则需要设置:ssi_types text/shtml
三个参数可以放在http, server或location作用域下

三、Apache配置
AddType text/html .shtml .html
AddOutputFilter INCLUDES .shtml .html
Options Indexes FollowSymLinks INCLUDES IncludesNOEXEC

四、file和virtual
file可以包含一些指令,virtual不可以

五、语法
<!–#include virtual=”test.html” –>

&lt;!--#include file="test.html"--&gt;

参考:http://man.chinaunix.net/newsoft/ApacheManual/howto/ssi.html

http://nginx.org/en/docs/http/ngx_http_ssi_module.html

负载均衡知识汇总

  By | | ,
负载均衡知识汇总已关闭评论

一、DNS轮询
1.实现
DNS配置多个IP域名解析(A记录)

2.优点
部署简单

3.缺点
非高可用(健康监测需人工干预)
会话状态需要共享(session共享)
扩容非实时(DNS解析缓存和TTL)
暴漏较多的外网IP

备注:DNS轮询是从域名层面做负载均衡

Continue reading

Nginx配置proxy_cookie_domain

  By | |
Nginx配置proxy_cookie_domain已关闭评论 

页面地址是a.com,但是要用b.com的cookie需要
proxy_set_header Cookie $http_cookie;
location / {
proxy_cookie_domain b.com a.com;  #注意别写错位置了 proxy_cookie_path / /;
proxy_pass http://b.com;
 }   
参考:http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cookie_domain

nginx配置Symfony

  By | | ,
nginx配置Symfony已关闭评论 
server {
    listen       80;
    server_name  blog.phpfs.com;
    root   /data/web;
    rewrite ^/app\.php/?(.*)$ /$1 permanent;
    location / {
        index app.php;
        try_files $uri @rewriteapp;
    }
    location @rewriteapp {
        rewrite ^(.*)$ /app.php/$1 last;
    }
    index  index.html index.htm index.php app.php;
    location ~ \.php {
        fastcgi_pass unix:/dev/shm/php5-fpm.sock;
        fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
    location ~ /\.ht {
        deny  all;
    }
}

 

nginx搭建wordpress

  By | |
nginx搭建wordpress已关闭评论 
server {
    listen 80;
    root /data/blog.phpfs.com;
    server_name blog.phpfs.com;
    index index.html index.htm index.php;
    access_log /data/logs/nginx/blog.phpfs.com-access.log;
    error_log /data/logs/nginx/blog.phpfs.com-error.log;

    location / {
        try_files $uri $uri/ /index.php?q=$uri&$args;
    }
    location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico)$ {
        #access_log off;
        expires 7d;
    }
    location ~ \.php {
        fastcgi_pass unix:/dev/shm/php5-fpm.sock;
        fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }
}

 
参考:
https://www.nginx.com/resources/wiki/start/topics/recipes/wordpress/

代理Node服务器

  By | | , , ,
代理Node服务器已关闭评论 
apache版本

        DocumentRoot /data/html/abc
        ServerName blog.phpfs.com

        ProxyPass http://127.0.01:3000/#注意Node监听的端口
        ProxyPassReverse http://127.0.0.1:3000/


nginx版本
server {  
    listen  80;  
    server_name blog.phpfs.com;  
    location / {  
        proxy_pass http://127.0.0.1:3000;  
    }  
}

 

Nginx搭建负载均衡

  By | | ,
Nginx搭建负载均衡已关闭评论 
Nginx负载均衡的分发方式有4种: 1.轮询,默认采取此方式,Nginx会按照请求时间的先后顺序进行轮询分发,若某台Web Server宕机,Nginx自动将其摘掉。 2.weight,权重,即轮询的几率,默认为1,值越大,被分发的可能性越大,用于后端服务器性能不均的情况。 3.ip_hash,每个请求按访问ip的hash结果分配(注意一定要Nginx当做前端而且后端IP固定,不然没法确保一个ip请求落到同样的web机器) PS:一般解决Session都是用的memcache共享 4.自定义规则
upstream test.phpfs.com {
	#ip_hash;
	server 10.200.11.213:8081 down;  
	server 10.200.11.213:8082 weight=5;  
	server 10.200.11.215:8082 weight=5;
	server 10.200.11.215:8081;	 
	server 10.200.11.215:80 backup;  
}
说明:test.phpfs.com只是为了起一个名字 down 表示当前的Web Server暂时不参与负载 weight 默认为1.weight越大,负载的权重就越大。 backup:其它所有的非backup Server down或者忙的时候,请求backup机器。所以这台机器压力会最轻。 场景 机器A:10.200.11.215 机器B:10.200.11.213 A开启80,8081,8082提供web服务,模拟三台Web服务器 B开启80作为分发机,8081,8082作为另外两台Web服务器 这样的相当于后端有5台机器提供web服务! A机器80站点根目录/home/80(备用机,暂时不提供服务) A机器8081站点根目录/home/8081(权重是1) A机器8082站点根目录/home/8082(权重是5) B机器8081站点根目录/home/8081(不提供服务) B机器8082站点根目录/home/8082(权重是5) PHP-FPM监听/var/run/php5-fpm.sock 配置10.200.11.213机器 /etc/nginx/conf.d/ 80.conf	存放存放负载配置 配置如下:
#upstream
upstream test {
	#ip_hash;
    	server 10.200.11.213:8081 down;
    	server 10.200.11.213:8082 weight=5;
    	server 10.200.11.215:8082 weight=5;
	server 10.200.11.215:8081;
    	server 10.200.11.215:80 backup;
}

server {
	listen 80;
	location / {
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_buffering off;#disabled cache
	proxy_pass http://test;
	}
}
8081.conf 存放8081端口网站
server {
	listen 8081;
	root /home/8081;
	index index.php index.html index.htm;
	server_name test.phpfs.com;
	location / {
		try_files $uri $uri/ =404;
	}
	location ~ \.php$ {
		fastcgi_pass unix:/var/run/php5-fpm.sock;
		fastcgi_index index.php;
		include fastcgi_params;
	}

}
8082.conf 存放8082端口网站
server {
	listen 8082;
	root /home/8082;
	index index.php index.html index.htm;
	server_name test.phpfs.com;
	location / {
		try_files $uri $uri/ =404;
	}
	location ~ \.php$ {
		fastcgi_pass unix:/var/run/php5-fpm.sock;
		fastcgi_index index.php;
		include fastcgi_params;
	}

}
配置10.200.11.215机器 /etc/nginx/conf.d/	80.conf	存放80端口网站
server {
	listen 80;
	root /home/80;
	index index.php index.html index.htm;
	server_name test.phpfs.com;
	location / {
		try_files $uri $uri/ =404;
	}
	location ~ \.php$ {
		fastcgi_pass unix:/var/run/php5-fpm.sock;
		fastcgi_index index.php;
		include fastcgi_params;
	}

}
8081.conf 存放8081端口网站
server {
	listen 8081;
	root /home/8081;
	index index.php index.html index.htm;
	server_name test.phpfs.com;
	location / {
		try_files $uri $uri/ =404;
	}
	location ~ \.php$ {
		fastcgi_pass unix:/var/run/php5-fpm.sock;
		fastcgi_index index.php;
		include fastcgi_params;
	}

}
8082.conf 存放8082端口网站
server {
	listen 8082;
	root /home/8082;
	index index.php index.html index.htm;
	server_name test.phpfs.com;
	location / {
		try_files $uri $uri/ =404;
	}
	location ~ \.php$ {
		fastcgi_pass unix:/var/run/php5-fpm.sock;
		fastcgi_index index.php;
		include fastcgi_params;
	}

}
测试域名:test.phpfs.com 绑定host:10.200.11.213	test.phpfs.com

Nginx搭建Https服务器

  By | | , ,
Nginx搭建Https服务器已关闭评论

mkdir -p /etc/nginx/ssl
生成私钥
openssl genrsa -des3 -out server.key 1024
提示输入密码和确认密码
生成证书
openssl req -new -key server.key -out server.csr
提示输入密码,国家,省份,城市,组织等信息
生成无密码私钥
openssl rsa -in server.key -out public.key
颁发证书
openssl x509 -req -days 365 -in server.csr -signkey public.key -out server.crt
配置nginx站点

server {
    listen 443;
    ssl on;
    ssl_certificate  /etc/nginx/ssl/server.crt;
    ssl_certificate_key  /etc/nginx/ssl/public.key;
    server_name test.phpfs.com;
    root /data/html/test.phpfs.com/;
    location / {
       autoindex on;
    }
}

配置apache站点
提示:Invalid command ‘SSLEngine’, perhaps misspelled or defined by a module not included in the server configuration
Action ‘configtest’ failed.
需要启用sudo a2enmod ssl


	ServerName test.phpfs.com
	DocumentRoot /var/www/html/test
	SSLEngine on
    SSLCertificateFile /etc/nginx/ssl/server.crt
    SSLCertificateKeyFile /etc/nginx/ssl/public.key

nginx-https-1

nginx配置https

  By | |
nginx配置https已关闭评论

1、生成RSA密钥的方法

openssl genrsa -des3 -out privkey.pem 2048
这个命令会生成一个2048位的密钥,同时有一个des3方法加密的密码,如果你不想要每次都输入密码,可以改成:
openssl genrsa -out privkey.pem 2048
建议用2048位密钥,少于此可能会不安全或很快将不安全。

2、生成一个证书请求
openssl req -new -key privkey.pem -out cert.csr
这个命令将会生成一个证书请求,当然,用到了前面生成的密钥privkey.pem文件
这里将生成一个新的文件cert.csr,即一个证书请求文件,你可以拿着这个文件去数字证书颁发机构(即CA)申请一个数字证书。CA会给你一个新的文件cacert.pem,那才是你的数字证书。

如果是自己做测试,那么证书的申请机构和颁发机构都是自己。就可以用下面这个命令来生成证书:
openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
这个命令将用上面生成的密钥privkey.pem生成一个数字证书cacert.pem

3.配置nginx

server
{
listen 443;
ssl on;
ssl_certificate /etc/nginx/ssl/cacert.pem;
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
server_name blog.phpfs.com;
index index.html index.htm index.php;
root /home/joyous;
}

Nginx+Apache

  By | | ,
Nginx+Apache已关闭评论

1、配置EPEL YUM源
rpm -ivh http://mirrors.yun-idc.com/epel/6/x86_64/epel-release-6-8.noarch.rpm

2、检查是否安装成功
ll /etc/yum.repos.d/
3、安装nginx并配置

yum -y install nginx

检查:whereis nginx

说明:配置文件在/etc/nginx目录下,主配置文件是/etc/nginx/nginx.conf
(配置前先备份)
cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak

vi /etc/nginx/nginx.conf
修改如下内容(参考nginx配置文件详解)
worker_processes 4;
tcp_nopush on;
server_tokens off;

cp /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/test.conf
说明:/etc/nginx/conf.d/中conf文件结尾的都会自动加载的

vi /etc/nginx/conf.d/test.conf

#具体说明参考(nginx虚拟主机配置)
server {
listen 80;
server_name 192.168.1.187;
root /var/www/html;
location ~ .*\.(php)$ {
proxy_pass http://127.0.0.1:8080;
}
location ~ /\.ht {
deny all;
}
}
}

#具体说明参考(nginx虚拟主机配置)
vi /etc/nginx/conf.d/proxy.conf

proxy_redirect off;
proxy_hide_header Vary;
proxy_set_header Accept-Encoding ”;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
client_body_temp_path /tmp;#第一次上传文件总是出错,结果发现是这里的问题!
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 32 4k;
proxy_busy_buffers_size 64k;

#具体说明参考(nginx虚拟主机配置)
gzip on;
gzip_http_version 1.1;
gzip_comp_level 3;
gzip_proxied any;
gzip_vary on;
gzip_buffers 4 16k;
gzip_min_length 1100;
gzip_types text/plain text/css application/xml application/xhtml+xml application/rss+xml application/atom_xml application/javascript application/x-javascript;

4、安装apache并配置
#如果已经安装apache请跳过安装
yum -y install httpd
(修改配置前请备份文件)
cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bak

vi /etc/httpd/conf/httpd.conf

Listen 80改成Listen 8080

DocumentRoot “/var/www/html”修改成你网站根目录(建议建立虚拟主机)

ServerSignature On改成ServerSignature Off
AllowOverride None改成 AllowOverride All
ServerTokens OS改为ServerTokens Prod
#NameVirtualHost *:80修改为NameVirtualHost *:8080(注意去掉#)
Include conf.d/*.conf#注意这里是加载conf.d目录配置文件
5、建立虚拟主机(这里为了统一管理也建立在test.conf中)

vi /etc/httpd/conf.d/test.conf

<VirtualHost *:8080>
DocumentRoot /var/www/html
ServerName 192.168.1.187
ErrorLog logs/test-error_log
CustomLog logs/test-access_log common
</VirtualHost>

6、检查配置文件
httpd -t

httpd: Could not reliably determine the server’s fully qualified domain name, using localhost.localdomain for ServerName

这样的警告解决办法是:vi /etc/httpd/conf/httpd.conf
ServerName localhost

nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

httpd -t
Syntax OK

7、这里就省去PHP和Mysql的安装了,直接进入测试
查看防火墙是否关闭 iptables -L(如果没有关闭使用service iptables stop)
启动nginx和apache
service nginx start
service httpd start

vi /var/www/html/index.php内容为

<?php
$i = 20;
echo $i;

8、框架是否能用呢?(这里测试zend Framework框架)

Fatal error: Uncaught exception ‘Zend_Db_Adapter_Exception’ with message ‘The PDO extension is required for this adapter but the extension is not loaded’ in /var/www/library/Zend/Db/Adapter/Pdo/Abstract.php:342 Stack trace: #0 /var/www/library/Zend/Db/Adapter/Abstract.php(247): Zend_Db_Adapter_Pdo_Abstract->setFetchMode(2) #1 /var/www/library/Zend/Db.php(270): Zend_Db_Adapter_Abstract->__construct(Array) #2 /var/www/library/Zend/Application/Resource/Db.php(142): Zend_Db::factory(‘PDO_MYSQL’, Array) #3 /var/www/library/Zend/Application/Resource/Db.php(154): Zend_Application_Resource_Db->getDbAdapter() #4 /var/www/library/Zend/Application/Bootstrap/BootstrapAbstract.php(683): Zend_Application_Resource_Db->init() #5 /var/www/library/Zend/Application/Bootstrap/BootstrapAbstract.php(626): Zend_Application_Bootstrap_BootstrapAbstract->_executeResource(‘db’) #6 /var/www/library/Zend/Application/Bootstrap/BootstrapAbstract.php(586): Zend_Application_Bootstrap_BootstrapAbstract->_bootstrap(NULL) #7 /var/www/library/Zend/Applicatio in /var/www/library/Zend/Db/Adapter/Pdo/Abstract.php on line 342
这样的错误提示是因为木有pdo扩展,安装即可