0518课的预习任务 + 课堂笔记-张森纳

Windows Windows 2个月前 (08-15) 3次浏览 未收录 0个评论 扫描二维码

12.17 Nginx负载均衡

借助 upstream 模块来实现负载均衡

upstream来指定多个web server

    如何查到网站解析的ip?

    ——使用dig命令 需要安装bind-utils

    [root@arslinux-01?~]#?yum?install?-y?bind-utils
    [root@arslinux-01?~]#?dig?qq.com

    0518课的预习任务 + 课堂笔记-张森纳

    上图红框中是网站的3台服务器ip

    可以用红框中的 ip 来做负载均衡

      配置负载均衡

      –创建 load.conf 配置文件

      [root@arslinux-01?~]#?vim?/usr/local/nginx/conf/vhost/load.conf
      upstream?qq_com
      {
      ????ip_hash;
      ????server?59.37.96.63:80;
      ????server?58.60.9.21:80;
      }
      server
      {
      ????listen?80;
      ????server_name?www.qq.com;
      location?/
      ????{
      ????????proxy_pass??????http://qq_com;
      ????????proxy_set_header?Host???$host;
      ????????proxy_set_header?X-Real-IP??????$remote_addr;
      ????????proxy_set_header?X-Forwarded-For?$proxy_add_x_forwarded_for;
      ????}
      }

      0518课的预习任务 + 课堂笔记-张森纳

      — 红框中的名称需要一致

      — ip_hash 网站有两台服务器提供服务,想让访问者始终访问一台服务器,用 ip_hash

        访问测试

        [root@arslinux-01?~]#?curl?-x127.0.0.1:80?www.qq.com
        This?is?default?site!
        [root@arslinux-01?~]#?/usr/local/nginx/sbin/nginx?-t
        [root@arslinux-01?~]#?/usr/local/nginx/sbin/nginx?-s?reload
        [root@arslinux-01?~]#?curl?-x127.0.0.1:80?www.qq.com

        0518课的预习任务 + 课堂笔记-张森纳

        在重新加载配置之前, curl 访问 http://www.qq.com 时,访问到了默认虚拟服务器上,而在加载了配置之后,访问到了 http://www.qq.com 的源代码

        Nginx 不支持代理 https

        Nginx 不支持访问 web 服务器的 433 端口

        12.18 ssl原理

        SSL 工作流程

        0518课的预习任务 + 课堂笔记-张森纳

        ·浏览器发送一个https的请求给服务器;

        ·服务器要有一套数字证书,可以自己制作,也可以向组织申请,区别就是自己颁发的证书需要客户端验证通过,才可以继续访问,而使用受信任的公司申请的证书则不会弹出>提示页面,这套证书其实就是一对公钥和私钥;

        ·服务器会把公钥传输给客户端;

        ·客户端(浏览器)收到公钥后,会验证其是否合法有效,无效会有警告提醒,有效则会生成一串随机数,并用收到的公钥加密;

        ·客户端把加密后的随机字符串传输给服务器;

        ·服务器收到加密随机字符串后,先用私钥解密(公钥加密,私钥解密),获取到这一串随机数后,再用这串随机字符串加密传输的数据(该加密为对称加密,所谓对称加密,就是将数据和私钥也就是这个随机字符串>通过某种算法混合在一起,这样除非知道私钥,否则无法获取数据内容);

        服务器把加密后的数据传输给客户端;

        ·客户端收到数据后,再用自己的私钥也就是那个随机字符串解密

        12.19 生成ssl密钥对

          安装openssl

          [root@arslinux-01?~]#?rpm?-qf?`which?openssl`
          openssl-1.0.2k-16.el7_6.1.x86_64
          [root@arslinux-01?~]#?yum?install?-y?opnessl

          1、公钥和私钥都放到 /usr/local/nginx/conf 下

          [root@arslinux-01?~]#?cd?/usr/local/nginx/conf/

          2、生成私钥(生成 rsa 形式的私钥,长度 2048,名称为 tmp.key)

          [root@arslinux-01?conf]#?openssl?genrsa?-des3?-out?tmp.key?2048
          Generating?RSA?private?key,?2048?bit?long?modulus
          ...........+++
          .............................................................+++
          e?is?65537?(0x10001)
          Enter?pass?phrase?for?tmp.key:
          Verifying?-?Enter?pass?phrase?for?tmp.key:
          [root@arslinux-01?conf]#

          3、转换 key,取消密码,删除 tmp.key

          [root@arslinux-01?conf]#?openssl?rsa?-in?tmp.key?-out?arslinux.key
          Enter?pass?phrase?for?tmp.key:
          writing?RSA?key
          [root@arslinux-01?conf]#?rm?-rf?tmp.key

          4、生成请求文件,需要拿这个文件和私钥一起生产公钥文件

          [root@arslinux-01?conf]#?openssl?req?-new?-key?aminglinux.key?-out?aminglinux.csr
          You?are?about?to?be?asked?to?enter?information?that?will?be?incorporated
          into?your?certificate?request.
          What?you?are?about?to?enter?is?what?is?called?a?Distinguished?Name?or?a?DN.
          There?are?quite?a?few?fields?but?you?can?leave?some?blank
          For?some?fields?there?will?be?a?default?value,
          If?you?enter?'.',?the?field?will?be?left?blank.
          -----
          Country?Name?(2?letter?code)?[XX]:cn
          State?or?Province?Name?(full?name)?[]:jiangsu
          Locality?Name?(eg,?city)?[Default?City]:nanjing
          Organization?Name?(eg,?company)?[Default?Company?Ltd]:arslinux
          Organizational?Unit?Name?(eg,?section)?[]:
          Common?Name?(eg,?your?name?or?your?server's?hostname)?[]:arslinux
          Email?Address?[]:111111111@qq.com
          Please?enter?the?following?'extra'?attributes
          to?be?sent?with?your?certificate?request
          A?challenge?password?[]:11111111
          An?optional?company?name?[]:arslinux

          5、生成公钥

          [root@arslinux-01?conf]#?openssl?x509?-req?-days?365?-in?arslinux.csr?-signkey?arslinux.key?-out?arslinux.crt
          Signature?ok
          subject=/C=cn/ST=jiangsu/L=nanjing/O=arslinux/CN=arslinux/emailAddress=1111111@qq.com
          Getting?Private?key

          6、查看公钥私钥(crt是公钥,key是私钥)

          [root@arslinux-01?conf]#?ls?aminglinux.
          arslinux.crt??arslinux.csr??arslinux.key

          12.20 Nginx配置ssl

            创建 ssl.conf

            [root@arslinux-01?~]#?cd?/usr/local/nginx/conf/vhost/
            [root@arslinux-01?vhost]#?vim?ssl.conf
            server
            {
            ????listen?443;
            ????server_name?arslinux.com;
            ????index?index.html?index.php;
            ????root?/data/wwwroot/arslinux.com;
            ????ssl?on;
            ????ssl_certificate?aminglinux.crt;
            ????ssl_certificate_key?aminglinux.key;
            ????ssl_protocols?TLSv1?TLSv1.1?TLSv1.2;

            }

            0518课的预习任务 + 课堂笔记-张森纳

            [root@arslinux-01?vhost]#?mkdir?/data/wwwroot/arslinux.com
            [root@arslinux-01?vhost]#?/usr/local/nginx/sbin/nginx?-t
            nginx:?[emerg]?unknown?directive?"ssl"?in?/usr/local/nginx/conf/vhost/ssl.conf:7
            nginx:?configuration?file?/usr/local/nginx/conf/nginx.conf?test?failed

              若报错unknown directive “ssl”

              nginx可能不支持ssl,需要重新编译nginx,加上–with-http_ssl_module

              [root@arslinux-01?vhost]#?/usr/local/nginx/sbin/nginx?-V
              nginx?version:?nginx/1.14.2
              built?by?gcc?4.8.5?20150623?(Red?Hat?4.8.5-36)?(GCC)
              configure?arguments:?--prefix=/usr/local/nginx

                查看需要添加哪个参数,是 –with-http_ssl_module

                [root@arslinux-01?nginx-1.14.2]#?./configure?--help?|?grep?-i?ssl
                --with-http_ssl_module?????????????enable?ngx_http_ssl_module
                --with-mail_ssl_module?????????????enable?ngx_mail_ssl_module
                --with-stream_ssl_module???????????enable?ngx_stream_ssl_module
                --with-stream_ssl_preread_module???enable?ngx_stream_ssl_preread_module
                --with-openssl=DIR?????????????????set?path?to?OpenSSL?library?sources
                --with-openssl-opt=OPTIONS?????????set?additional?build?options?for?OpenSSL

                  重新编译 nginx,并安装

                  [root@arslinux-01?nginx-1.14.2]#?./configure?--prefix=/usr/local/nginx?--with-http_ssl_module
                  [root@arslinux-01?nginx-1.14.2]#?make?&&?make?install
                  [root@arslinux-01?nginx-1.14.2]#?echo?$?
                  0
                  [root@arslinux-01?nginx-1.14.2]#?/usr/local/nginx/sbin/nginx?-V
                  nginx?version:?nginx/1.14.2
                  built?by?gcc?4.8.5?20150623?(Red?Hat?4.8.5-36)?(GCC)
                  built?with?OpenSSL?1.0.2k-fips??26?Jan?2017
                  TLS?SNI?support?enabled
                  configure?arguments:?--prefix=/usr/local/nginx?--with-http_ssl_module

                    重新加载配置,并重启服务器,查看是否监听 443 端口

                    [root@arslinux-01?nginx-1.14.2]#?/usr/local/nginx/sbin/nginx?-t
                    nginx:?the?configuration?file?/usr/local/nginx/conf/nginx.conf?syntax?is?ok
                    nginx:?configuration?file?/usr/local/nginx/conf/nginx.conf?test?is?successful
                    [root@arslinux-01?nginx-1.14.2]#?/etc/init.d/nginx?restart
                    Restarting?nginx?(via?systemctl):??????????????????????????[??确定??]
                    [root@arslinux-01?nginx-1.14.2]#?netstat?-lntp
                    Active?Internet?connections?(only?servers)
                    Proto?Recv-Q?Send-Q?Local?Address???????????Foreign?Address?????????State???????PID/Program?name
                    tcp????????0??????0?0.0.0.0:80??????????????0.0.0.0:*???????????????LISTEN??????10699/nginx:?master
                    tcp????????0??????0?0.0.0.0:22??????????????0.0.0.0:*???????????????LISTEN??????7459/sshd
                    tcp????????0??????0?127.0.0.1:25????????????0.0.0.0:*???????????????LISTEN??????7798/master
                    tcp????????0??????0?0.0.0.0:443?????????????0.0.0.0:*???????????????LISTEN??????10699/nginx:?master
                    tcp6???????0??????0?:::3306?????????????????:::*????????????????????LISTEN??????7716/mysqld
                    tcp6???????0??????0?:::22???????????????????:::*????????????????????LISTEN??????7459/sshd
                    tcp6???????0??????0?::1:25??????????????????:::*????????????????????LISTEN??????7798/master

                    已经监听 443 端口

                      创建测试文件

                      [root@arslinux-01?nginx-1.14.2]#?cd?/data/wwwroot/arslinux.com/
                      [root@arslinux-01?arslinux.com]#?vim?index.html
                      This?is?ssl.

                        添加 hosts

                        [root@arslinux-01?arslinux.com]#?vim?/etc/hosts
                        127.0.0.1???arslinux.com

                          访问测试

                          [root@arslinux-01?conf]#?curl?https://arslinux.com
                          curl:?(60)?Peer's?certificate?issuer?has?been?marked?as?not?trusted?by?the?user.
                          More?details?here:?http://curl.haxx.se/docs/sslcerts.html
                          curl?performs?SSL?certificate?verification?by?default,?using?a?"bundle"
                          of?Certificate?Authority?(CA)?public?keys?(CA?certs).?If?the?default
                          bundle?file?isn't?adequate,?you?can?specify?an?alternate?file
                          using?the?--cacert?option.
                          If?this?HTTPS?server?uses?a?certificate?signed?by?a?CA?represented?in
                          the?bundle,?the?certificate?verification?probably?failed?due?to?a
                          problem?with?the?certificate?(it?might?be?expired,?or?the?name?might
                          not?match?the?domain?name?in?the?URL).
                          If?you'd?like?to?turn?off?curl's?verification?of?the?certificate,?use
                          the?-k?(or?--insecure)?option.

                          证书不可信任,其实是自己颁发的,实际上已经配置成功了

                            编辑 windows 的 hosts,用浏览器去访问测试

                            0518课的预习任务 + 课堂笔记-张森纳

                            0518课的预习任务 + 课堂笔记-张森纳

                            高级——> 继续前往

                            0518课的预习任务 + 课堂笔记-张森纳

                            买证书,上沃通?

                            12.21 php-fpm的pool

                            php-fpm支持定义多个pool,每个pool可以监听不同的socket或者不同的tcp/ip;

                            如果nginx有多个不同的站点,那么每个站点都可以使用一个pool;

                            如果所有网站都使用了同一个pool,当其中给一个php资源不够了,或者其他原因导致502了,网站出问题了,那么所有站点都不能正常使用了;

                            因此我们有必要把不同的站点隔离开,使用不同pool。

                              设置多个pool,在 [www] 后增加 [arslinux]

                              [root@arslinux-01?conf]#?vim?/usr/local/php-fpm/etc/php-fpm.conf
                              [arslinux]
                              listen?=?/tmp/arslinux.sock
                              listen.mode?=?666
                              user?=?php-fpm
                              group?=?php-fpm
                              pm?=?dynamic
                              pm.max_children?=?50
                              pm.start_servers?=?20
                              pm.min_spare_servers?=?5
                              pm.max_spare_servers?=?35
                              pm.max_requests?=?500
                              rlimit_files?=?1024

                                重新加载后查看进程

                                [root@arslinux-01?conf]#?/usr/local/php-fpm/sbin/php-fpm?-t
                                [19-May-2019?21:46:15]?NOTICE:?configuration?file?/usr/local/php-fpm/etc/php-fpm.conf?test?is?successful
                                [root@arslinux-01?conf]#?/etc/init.d/php-fpm?reload
                                Reload?service?php-fpm??done
                                [root@arslinux-01?conf]#?ps?aux|grep?php-fpm
                                root??????11034??0.6??0.5?229580??4984??????????Ss???21:46???0:00?php-fpm:?master?process?(/usr/local/php-fpm/etcphp-fpm.conf)
                                php-fpm???11035??0.0??0.4?229520??4728??????????S????21:46???0:00?php-fpm:?pool?www
                                php-fpm???11036??0.0??0.4?229520??4728??????????S????21:46???0:00?php-fpm:?pool?www
                                php-fpm???11037??0.0??0.4?229520??4728??????????S????21:46???0:00?php-fpm:?pool?www
                                php-fpm???11038??0.0??0.4?229520??4728??????????S????21:46???0:00?php-fpm:?pool?www
                                php-fpm???11039??0.0??0.4?229520??4732??????????S????21:46???0:00?php-fpm:?pool?www
                                php-fpm???11040??0.0??0.4?229520??4732??????????S????21:46???0:00?php-fpm:?pool?www
                                php-fpm???11041??0.0??0.4?229520??4732??????????S????21:46???0:00?php-fpm:?pool?www
                                php-fpm???11042??0.0??0.4?229520??4736??????????S????21:46???0:00?php-fpm:?pool?www
                                php-fpm???11043??0.0??0.4?229520??4736??????????S????21:46???0:00?php-fpm:?pool?www
                                php-fpm???11044??0.0??0.4?229520??4736??????????S????21:46???0:00?php-fpm:?pool?www
                                php-fpm???11045??0.0??0.4?229520??4736??????????S????21:46???0:00?php-fpm:?pool?www
                                php-fpm???11046??0.0??0.4?229520??4736??????????S????21:46???0:00?php-fpm:?pool?www
                                php-fpm???11047??0.0??0.4?229520??4736??????????S????21:46???0:00?php-fpm:?pool?www
                                php-fpm???11048??0.0??0.4?229520??4736??????????S????21:46???0:00?php-fpm:?pool?www
                                php-fpm???11049??0.0??0.4?229520??4736??????????S????21:46???0:00?php-fpm:?pool?www
                                php-fpm???11050??0.0??0.4?229520??4736??????????S????21:46???0:00?php-fpm:?pool?www
                                php-fpm???11051??0.0??0.4?229520??4736??????????S????21:46???0:00?php-fpm:?pool?www
                                php-fpm???11052??0.0??0.4?229520??4736??????????S????21:46???0:00?php-fpm:?pool?www
                                php-fpm???11053??0.0??0.4?229520??4736??????????S????21:46???0:00?php-fpm:?pool?www
                                php-fpm???11054??0.0??0.4?229520??4736??????????S????21:46???0:00?php-fpm:?pool?www
                                php-fpm???11055??0.0??0.4?229520??4732??????????S????21:46???0:00?php-fpm:?pool?arslinux
                                php-fpm???11056??0.0??0.4?229520??4732??????????S????21:46???0:00?php-fpm:?pool?arslinux
                                php-fpm???11057??0.0??0.4?229520??4732??????????S????21:46???0:00?php-fpm:?pool?arslinux
                                php-fpm???11058??0.0??0.4?229520??4736??????????S????21:46???0:00?php-fpm:?pool?arslinux
                                php-fpm???11059??0.0??0.4?229520??4740??????????S????21:46???0:00?php-fpm:?pool?arslinux
                                php-fpm???11060??0.0??0.4?229520??4740??????????S????21:46???0:00?php-fpm:?pool?arslinux
                                php-fpm???11061??0.0??0.4?229520??4740??????????S????21:46???0:00?php-fpm:?pool?arslinux
                                php-fpm???11062??0.0??0.4?229520??4740??????????S????21:46???0:00?php-fpm:?pool?arslinux
                                php-fpm???11063??0.0??0.4?229520??4740??????????S????21:46???0:00?php-fpm:?pool?arslinux
                                php-fpm???11064??0.0??0.4?229520??4740??????????S????21:46???0:00?php-fpm:?pool?arslinux
                                php-fpm???11065??0.0??0.4?229520??4740??????????S????21:46???0:00?php-fpm:?pool?arslinux
                                php-fpm???11066??0.0??0.4?229520??4740??????????S????21:46???0:00?php-fpm:?pool?arslinux
                                php-fpm???11067??0.0??0.4?229520??4740??????????S????21:46???0:00?php-fpm:?pool?arslinux
                                php-fpm???11068??0.0??0.4?229520??4740??????????S????21:46???0:00?php-fpm:?pool?arslinux
                                php-fpm???11069??0.0??0.4?229520??4740??????????S????21:46???0:00?php-fpm:?pool?arslinux
                                php-fpm???11070??0.0??0.4?229520??4740??????????S????21:46???0:00?php-fpm:?pool?arslinux
                                php-fpm???11071??0.0??0.4?229520??4740??????????S????21:46???0:00?php-fpm:?pool?arslinux
                                php-fpm???11072??0.0??0.4?229520??4740??????????S????21:46???0:00?php-fpm:?pool?arslinux
                                php-fpm???11073??0.0??0.4?229520??4740??????????S????21:46???0:00?php-fpm:?pool?arslinux
                                php-fpm???11074??0.0??0.4?229520??4744??????????S????21:46???0:00?php-fpm:?pool?arslinux
                                root??????11078??0.0??0.0?112724???984?pts/0????R+???21:46???0:00?grep?--color=auto?php-fpm

                                最右侧已经多了 pool arslinux

                                此时有两个pool能够使用,那么将另外一个站点定义在 arslinux 这个pool下

                                [root@arslinux-01?conf]#?vim?vhost/aaa.com.conf
                                location?~?\.php$
                                {
                                ????include?fastcgi_params;
                                ????fastcgi_pass?unix:/tmp/arslinux.sock;
                                ????fastcgi_index?index.php;
                                ????fastcgi_param?SCRIPT_FILENAME?/data/wwwroot/default.com$fastcgi_script_name;
                                }

                                0518课的预习任务 + 课堂笔记-张森纳

                                为了让不同的 poo l能够显示的更加清楚,可以把不同 pool 的参数信息分开到不同的 conf 中

                                  添加一行 include = etc/php-fpm.d/*.conf

                                  [root@arslinux-01?conf]#?vim?/usr/local/php-fpm/etc/php-fpm.conf
                                  [global]
                                  pid?=?/usr/local/php-fpm/var/run/php-fpm.pid
                                  error_log?=?/usr/local/php-fpm/var/log/php-fpm.log
                                  include?=?etc/php-fpm.d/*.conf

                                    将 [www] 和 [arslinux],分别编辑进 /usr/local/php-fpm/etc/php-fpm.d/ 下的 conf 文件中

                                    [root@arslinux-01?php-fpm.d]#?vim?www.conf
                                    [www]
                                    listen?=?/tmp/php-fcgi.sock
                                    #listen?=?127.0.0.1:9000
                                    listen.mode?=?666
                                    user?=?php-fpm
                                    group?=?php-fpm
                                    pm?=?dynamic
                                    pm.max_children?=?50
                                    pm.start_servers?=?20
                                    pm.min_spare_servers?=?5
                                    pm.max_spare_servers?=?35
                                    pm.max_requests?=?500
                                    rlimit_files?=?1024
                                    [root@arslinux-01?php-fpm.d]#?vim?arslinux.conf
                                    [arslinux]
                                    listen?=?/tmp/arslinux.sock
                                    #listen?=?127.0.0.1:9000
                                    listen.mode?=?666
                                    user?=?php-fpm
                                    group?=?php-fpm
                                    pm?=?dynamic
                                    pm.max_children?=?50
                                    pm.start_servers?=?20
                                    pm.min_spare_servers?=?5
                                    pm.max_spare_servers?=?35
                                    pm.max_requests?=?500
                                    rlimit_files?=?1024

                                      重新加载配置文件,重启 php-fpm

                                      [root@arslinux-01?php-fpm.d]#?/usr/local/php-fpm/sbin/php-fpm?-t
                                      [19-May-2019?22:02:12]?NOTICE:?configuration?file?/usr/local/php-fpm/etc/php-fpm.conf?test?is?successful
                                      [root@arslinux-01?php-fpm.d]#?/etc/init.d/php-fpm?restart
                                      Gracefully?shutting?down?php-fpm?.?done
                                      Starting?php-fpm??done
                                      [root@arslinux-01?php-fpm.d]#?ps?aux?|grep?php-fpm
                                      root??????11297??0.1??0.5?229608??4996??????????Ss???22:02???0:00?php-fpm:?master?process?(/usr/local/php-fpm/etcphp-fpm.conf)
                                      php-fpm???11298??0.0??0.4?229548??4740??????????S????22:02???0:00?php-fpm:?pool?arslinux
                                      php-fpm???11299??0.0??0.4?229548??4740??????????S????22:02???0:00?php-fpm:?pool?arslinux
                                      php-fpm???11300??0.0??0.4?229548??4740??????????S????22:02???0:00?php-fpm:?pool?arslinux
                                      php-fpm???11301??0.0??0.4?229548??4740??????????S????22:02???0:00?php-fpm:?pool?arslinux
                                      php-fpm???11302??0.0??0.4?229548??4744??????????S????22:02???0:00?php-fpm:?pool?arslinux
                                      php-fpm???11303??0.0??0.4?229548??4744??????????S????22:02???0:00?php-fpm:?pool?arslinux
                                      php-fpm???11304??0.0??0.4?229548??4744??????????S????22:02???0:00?php-fpm:?pool?arslinux
                                      php-fpm???11305??0.0??0.4?229548??4744??????????S????22:02???0:00?php-fpm:?pool?arslinux
                                      php-fpm???11306??0.0??0.4?229548??4744??????????S????22:02???0:00?php-fpm:?pool?arslinux
                                      php-fpm???11307??0.0??0.4?229548??4744??????????S????22:02???0:00?php-fpm:?pool?arslinux
                                      php-fpm???11308??0.0??0.4?229548??4744??????????S????22:02???0:00?php-fpm:?pool?arslinux
                                      php-fpm???11309??0.0??0.4?229548??4744??????????S????22:02???0:00?php-fpm:?pool?arslinux
                                      php-fpm???11310??0.0??0.4?229548??4744??????????S????22:02???0:00?php-fpm:?pool?arslinux
                                      php-fpm???11311??0.0??0.4?229548??4744??????????S????22:02???0:00?php-fpm:?pool?arslinux
                                      php-fpm???11312??0.0??0.4?229548??4744??????????S????22:02???0:00?php-fpm:?pool?arslinux
                                      php-fpm???11313??0.0??0.4?229548??4748??????????S????22:02???0:00?php-fpm:?pool?arslinux
                                      php-fpm???11314??0.0??0.4?229548??4748??????????S????22:02???0:00?php-fpm:?pool?arslinux
                                      php-fpm???11315??0.0??0.4?229548??4748??????????S????22:02???0:00?php-fpm:?pool?arslinux
                                      php-fpm???11316??0.0??0.4?229548??4748??????????S????22:02???0:00?php-fpm:?pool?arslinux
                                      php-fpm???11317??0.0??0.4?229548??4748??????????S????22:02???0:00?php-fpm:?pool?arslinux
                                      php-fpm???11318??0.0??0.4?229548??4744??????????S????22:02???0:00?php-fpm:?pool?www
                                      php-fpm???11319??0.0??0.4?229548??4744??????????S????22:02???0:00?php-fpm:?pool?www
                                      php-fpm???11320??0.0??0.4?229548??4744??????????S????22:02???0:00?php-fpm:?pool?www
                                      php-fpm???11321??0.0??0.4?229548??4744??????????S????22:02???0:00?php-fpm:?pool?www
                                      php-fpm???11322??0.0??0.4?229548??4748??????????S????22:02???0:00?php-fpm:?pool?www
                                      php-fpm???11323??0.0??0.4?229548??4748??????????S????22:02???0:00?php-fpm:?pool?www
                                      php-fpm???11324??0.0??0.4?229548??4748??????????S????22:02???0:00?php-fpm:?pool?www
                                      php-fpm???11325??0.0??0.4?229548??4748??????????S????22:02???0:00?php-fpm:?pool?www
                                      php-fpm???11326??0.0??0.4?229548??4748??????????S????22:02???0:00?php-fpm:?pool?www
                                      php-fpm???11327??0.0??0.4?229548??4748??????????S????22:02???0:00?php-fpm:?pool?www
                                      php-fpm???11328??0.0??0.4?229548??4748??????????S????22:02???0:00?php-fpm:?pool?www
                                      php-fpm???11329??0.0??0.4?229548??4752??????????S????22:02???0:00?php-fpm:?pool?www
                                      php-fpm???11330??0.0??0.4?229548??4752??????????S????22:02???0:00?php-fpm:?pool?www
                                      php-fpm???11331??0.0??0.4?229548??4752??????????S????22:02???0:00?php-fpm:?pool?www
                                      php-fpm???11332??0.0??0.4?229548??4752??????????S????22:02???0:00?php-fpm:?pool?www
                                      php-fpm???11333??0.0??0.4?229548??4752??????????S????22:02???0:00?php-fpm:?pool?www
                                      php-fpm???11334??0.0??0.4?229548??4752??????????S????22:02???0:00?php-fpm:?pool?www
                                      php-fpm???11335??0.0??0.4?229548??4752??????????S????22:02???0:00?php-fpm:?pool?www
                                      php-fpm???11336??0.0??0.4?229548??4752??????????S????22:02???0:00?php-fpm:?pool?www
                                      php-fpm???11337??0.0??0.4?229548??4752??????????S????22:02???0:00?php-fpm:?pool?www
                                      root??????11341??0.0??0.0?112724???988?pts/0????R+???22:02???0:00?grep?--color=auto?php-fpm

                                      多个 pool 设置成功!

                                      12.22 php-fpm慢执行日志

                                      分析满执行日志的目的:为了记录网站访问慢的原因,方便查找原因

                                        增加请求超时记录的配置

                                        [root@arslinux-01?php-fpm.d]#?vim?/usr/local/php-fpm/etc/php-fpm.d/www.conf
                                        [www]
                                        listen?=?/tmp/php-fcgi.sock
                                        #listen?=?127.0.0.1:9000
                                        listen.mode?=?666
                                        user?=?php-fpm
                                        group?=?php-fpm
                                        pm?=?dynamic
                                        pm.max_children?=?50
                                        pm.start_servers?=?20
                                        pm.min_spare_servers?=?5
                                        pm.max_spare_servers?=?35
                                        pm.max_requests?=?500
                                        rlimit_files?=?1024
                                        request_slowlog_timeout?=?1
                                        slowlog?=?/usr/local/php-fpm/var/log/www-slow.log

                                          重新加载配置,重新加载 php-fpm

                                          [root@arslinux-01?php-fpm.d]#?/usr/local/php-fpm/sbin/php-fpm?-t
                                          [19-May-2019?22:11:54]?NOTICE:?configuration?file?/usr/local/php-fpm/etc/php-fpm.conf?test?is?successful
                                          [root@arslinux-01?php-fpm.d]#?/etc/init.d/php-fpm?reload
                                          Reload?service?php-fpm??done
                                          [root@arslinux-01?php-fpm.d]#?ls?/usr/local/php-fpm/var/log/
                                          php-fpm.log??www-slow.log

                                          慢执行日志已经生成

                                            写一个脚本,模拟超过1秒的php执行

                                            因为php-fcgi.sock被test.com这个站点使用者,因此在test.com下创建sleep.php

                                            [root@arslinux-01?php-fpm.d]#?vim?/data/wwwroot/test.com/sleep.php
                                            <?php
                                            echo?“test?slow?log”;
                                            sleep(2);
                                            echo?“done”;?>
                                            [root@arslinux-01?php-fpm.d]#?curl?-x127.0.0.1:80?test.com/sleep.php?-I
                                            HTTP/1.1?500?Internal?Server?Error
                                            Server:?nginx/1.14.2
                                            Date:?Sun,?19?May?2019?14:18:21?GMT
                                            Content-Type:?text/html;?charset=UTF-8
                                            Connection:?keep-alive
                                            X-Powered-By:?PHP/5.6.39

                                              在配置文件中,打开display_error,访问时如果有错误会显示

                                              [root@arslinux-01?php-fpm.d]#?vim?/usr/local/php-fpm/etc/php.ini
                                              display_errors?=?On
                                              [root@arslinux-01?php-fpm.d]#?curl?-x127.0.0.1:80?test.com/sleep.php
                                              <br?/>
                                              <b>Parse?error</b>:??syntax?error,?unexpected?'slow'?(T_STRING),?expecting?','?or?';'?in?<b>/data/wwwroot/test.com/sleep.php</b>?on?line?<b>2</b><br?/>

                                                重新查看 sleep.php 是否有错误后,再次访问

                                                [root@arslinux-01?php-fpm.d]#?curl?-x127.0.0.1:80?test.com/sleep.php
                                                test?slow?logdone[root@arslinux-01?php-fpm.d]#

                                                  查看慢日志

                                                  [root@arslinux-01?php-fpm.d]#?cat?/usr/local/php-fpm/var/log/www-slow.log
                                                  [19-May-2019?22:28:05]??[pool?www]?pid?11876
                                                  script_filename?=?/data/wwwroot/test.com/sleep.php
                                                  [0x00007f913b5e32f8]?sleep()?/data/wwwroot/test.com/sleep.php:3

                                                  脚本的第3行慢

                                                  ·一般请求时间request_slowlog_timeout = 定义大于2秒,因为大部分php执行时间介于1~2秒之间,定义大于2秒可以过滤掉很多不需要的信息

                                                  12.23 open_basedir

                                                  open_basedir 的作用是限制 php 在指定的目录里活动

                                                  如果服务器跑多个网站,多个网站又是不同的 conf ,那么要分别配置 open_basedir

                                                    增加 open_basedir

                                                    [root@arslinux-01?php-fpm.d]#?vim?www.conf
                                                    [www]
                                                    listen?=?/tmp/php-fcgi.sock
                                                    listen.mode?=?666
                                                    user?=?php-fpm
                                                    group?=?php-fpm
                                                    pm?=?dynamic
                                                    pm.max_children?=?50
                                                    pm.start_servers?=?20
                                                    pm.min_spare_servers?=?5
                                                    pm.max_spare_servers?=?35
                                                    pm.max_requests?=?500
                                                    rlimit_files?=?1024
                                                    request_slowlog_timeout?=?1
                                                    slowlog?=?/usr/local/php-fpm/var/log/www-slow.log
                                                    php_admin_value[open_basedir]=/data/wwwroot/test.com:/tmp/

                                                    [www]是test.comf在使用,所以限制在 /test.com/ 和 /tmp/ 下活动

                                                      重新加载,访问测试

                                                      [root@arslinux-01?php-fpm.d]#?/usr/local/php-fpm/sbin/php-fpm?-t
                                                      [19-May-2019?22:55:21]?NOTICE:?configuration?file?/usr/local/php-fpm/etc/php-fpm.conf?test?is?successful
                                                      [root@arslinux-01?php-fpm.d]#?/etc/init.d/php-fpm?restart
                                                      Gracefully?shutting?down?php-fpm?.?done
                                                      Starting?php-fpm??done
                                                      [root@arslinux-01?php-fpm.d]#?curl?-x127.0.0.1:80?test.com/3.php?-I
                                                      HTTP/1.1?200?OK
                                                      Server:?nginx/1.14.2
                                                      Date:?Sun,?19?May?2019?14:55:56?GMT
                                                      Content-Type:?text/html;?charset=UTF-8
                                                      Connection:?keep-alive
                                                      X-Powered-By:?PHP/5.6.39

                                                      如果显示 No input file specified. 或 HTTP/1.1 404 Not Found 可能是配置文件路径问题

                                                        定义 php-fpm 错误日志

                                                        [root@arslinux-01?etc]#?vim?/usr/local/php-fpm/etc/php.ini

                                                        1、关闭显示错误:display_errors = Off

                                                        0518课的预习任务 + 课堂笔记-张森纳

                                                        生产环境中需要关闭,以防被人利用

                                                        2、指定错误日志:error_log=/usr/local/php-fpm/var/log/php_errors.log

                                                        0518课的预习任务 + 课堂笔记-张森纳

                                                        3、定义日志级别:error_reporting =E_ALL

                                                        0518课的预习任务 + 课堂笔记-张森纳

                                                        4、打开错误日志开关:log_errors = On

                                                        0518课的预习任务 + 课堂笔记-张森纳

                                                          手动生成 php_errors.log,并改 777 权限

                                                          [root@arslinux-01?etc]#?touch?/usr/local/php-fpm/var/log/php_errors.log
                                                          [root@arslinux-01?etc]#?chmod?777?../var/log/php_errors.log

                                                            将配置文件改错,从而来测试php_errors.log

                                                            [root@arslinux-01?etc]#?vim?/usr/local/php-fpm/etc/php-fpm.d/www.conf
                                                            [root@arslinux-01?etc]#?/etc/init.d/php-fpm?restart
                                                            Gracefully?shutting?down?php-fpm?.?done
                                                            Starting?php-fpm??done

                                                              访问测试

                                                              [root@arslinux-01?etc]#?curl?-x127.0.0.1:80?test.com/3.php
                                                              No?input?file?specified.
                                                              [root@arslinux-01?etc]#?cat?/usr/local/php-fpm/var/log/php_errors.log
                                                              [19-May-2019?15:15:30?UTC]?PHP?Warning:??Unknown:?open_basedir?restriction?in?effect.?File(/data/wwwroot/test.com/3.php)?is?not?within?the?allowed?path(s):?(/data/wwwroot/est.com:/tmp/)?in?Unknown?on?line?0
                                                              [19-May-2019?15:15:30?UTC]?PHP?Warning:??Unknown:?failed?to?open?stream:?Operation?not?permitted?in?Unknown?on?line?0

                                                              路径不同,所以错误

                                                                将配置改回,再测试

                                                                [root@arslinux-01?etc]#?curl?-x127.0.0.1:80?test.com/3.php?-I
                                                                HTTP/1.1?200?OK
                                                                Server:?nginx/1.14.2
                                                                Date:?Sun,?19?May?2019?15:18:44?GMT
                                                                Content-Type:?text/html;?charset=UTF-8
                                                                Connection:?keep-alive
                                                                X-Powered-By:?PHP/5.6.39

                                                                12.24 php-fpm 进程管理

                                                                  配置进程管理参数配置说明

                                                                  pm = dynamic ?//动态进程管理,也可以是static

                                                                  pm.max_children = 50 //最大子进程数,ps aux 可以查看

                                                                  pm.start_servers = 20 //启动服务时会启动的进程数

                                                                  pm.min_spare_servers = 5 //定义在空闲时段,子进程数的最少数量,如果达到这个数值时,php-fpm服务会自动派生新的子进程。

                                                                  pm.max_spare_servers = 35 //定义在空闲时段,子进程数的最大值,如果高于这个数值就开始清理空闲的子进程。

                                                                  pm.max_requests = 500 ?//定义一个子进程最多处理的请求数,也就是说在一个php-fpm的子进程最多可以处理这么多请求,当达到这个数值时,它会自动退出

                                                                  0518课的预习任务 + 课堂笔记-张森纳

                                                                  pm=dynamic 动态,一开始先启动20个,之后根据需求去生成或者销毁子进程

                                                                  如果把dynamic改为static静态,那么红框中配置将不再生效,启动直接生成50个进程

喜欢 (0)
[]
分享 (0)
关于作者:
发表我的评论
取消评论
表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址