在线班课程-第11周 LNMP服务架构搭建、nginx负载均衡、keepalived高可用

在线班课程-第10周
6.9 Nginx Location
location（位置）指令的作用是可以根据用户请求的URI来执行不同的应用，其实就是根据用户的请求的网站的网址URL匹配，匹配成功即进行相关的操作。
location = / { ##www.etiantian.org www.etiantian.org/ www.etiantian.org/index.html
[ configuration A ]
}
location / { ##默认情况，无路可走 jd.com/hello/oldboy.html
[ configuration B ]
}
location /documents/ { ##uri里面有/documents oldboyedu.com/documents/dsfsadfasdf.jpg
[ configuration C ]
}
location ^~ /images/ {
[ configuration D ]
}
location ~ .(gif|jpg|jpeg)$ { ##~ 不区分大小写的正则匹配，以.gif或.jpg或.jpeg结尾
[ configuration E ]
}

[root@www extra]# cat www.conf
server {
listen 80;
server_name www.etiantian.org etiantian.org;
root html/www;
location / {
return 401;
}
location = / {
return 402;
}

    location /documents/ {
        return 403;
    }
    location ^~ /images/ {
        return 404;

}

    location ~* \.(gif|jpg|jpeg)$ {
        return 500;
    }
    access_log logs/access_www.log main ;
}

/application/nginx/sbin/nginx -t #检查语法

nginx: the configuration file /application/nginx-1.12.2/conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx-1.12.2/conf/nginx.conf test is successful

/application/nginx/sbin/nginx #记得启动nginx进程

/application/nginx/sbin/nginx -s reload #重新加载nginx配置

[root@web01 extra]# curl -sw "%{http_code}\n" -o /dev/null 10.0.0.8
402

[root@web01 extra]# curl -sw "%{http_code}\n" -o /dev/null http://10.0.0.8/
402
[root@web01 extra]# curl -sw "%{http_code}\n" -o /dev/null http://10.0.0.8
402
[root@web01 extra]#

[root@web01 extra]# curl -sw "%{http_code}\n" -o /dev/null http://10.0.0.8/oldboy
401
[root@web01 extra]# curl -sw "%{http_code}\n" -o /dev/null http://10.0.0.8/index.html
401

[root@web01 extra]# curl -sw "%{http_code}\n" -o /dev/null http://10.0.0.8/documents/
403

[root@web01 extra]# curl -sw "%{http_code}\n" -o /dev/null http://10.0.0.8/documents/1.jpg
500

[root@web01 extra]# curl -sw "%{http_code}\n" -o /dev/null http://10.0.0.8/images/1.jpg
404

不用URI及特殊字符组合匹配顺序 匹配说明
第一名：“location = / {” 精确匹配/
第二名：“location ^~ /images/ {” 匹配常规字符串，不做正则匹配检查, 优先匹配路径
第三名：“location ~* .(gif|jpg|jpeg)$ {” 正则匹配
第四名：“location /documents/ {” 匹配常规字符串，如果有正则则优先匹配正则。
第五名：“location / {” 所有location都不能匹配后的默认匹配。

Nginx Rewrite
和Apace等web服务软件一样，Nginx Rewrite的主要功能也是实现URL地址重写

etiantian.org ====>www.etiantian.org
etiantian.org 变换为 www.etiantian.org

vim www.conf

server {
    listen       80;
    server_name  etiantian.org;
    rewrite ^/(.*) http://www.etiantian.org/$1 permanent;
}

etiantian.org/index.html ==== www.etiantian.org/index.html

cat www.conf

server {
    listen 80;
    server_name etiantian.org;
    rewrite ^/(.*) http://www.etiantian.org/$1 permanent;
}
server {
    listen       80;
    server_name  www.etiantian.org ;

access_log logs/access_www.log main;
location / {
root html/www;
index index.html index.htm;
}
}
[root@web01 extra]# curl -L etiantian.org/index.html
web01 www.etiantian.org

[root@web01 extra]# curl -Lv etiantian.org/index.html #显示访问过程

• About to connect() to etiantian.org port 80 (#0)
• Trying 10.0.0.8... connected
• Connected to etiantian.org (10.0.0.8) port 80 (#0)

  GET /index.html HTTP/1.1
  User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
  Host: etiantian.org
  Accept: /

  < HTTP/1.1 301 Moved Permanently
  < Server: nginx/1.12.2
  < Date: Tue, 27 Feb 2018 12:31:27 GMT
  < Content-Type: text/html
  < Content-Length: 185
  < Connection: keep-alive
  < Location: http://www.etiantian.org//index.html
  <

• Ignoring the response-body
• Connection #0 to host etiantian.org left intact
• Issue another request to this URL: 'http://www.etiantian.org//index.html'
• About to connect() to www.etiantian.org port 80 (#1)
• Trying 10.0.0.8... connected
• Connected to www.etiantian.org (10.0.0.8) port 80 (#1)

  GET //index.html HTTP/1.1
  User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
  Host: www.etiantian.org
  Accept: /

  < HTTP/1.1 200 OK
  < Server: nginx/1.12.2
  < Date: Tue, 27 Feb 2018 12:31:27 GMT
  < Content-Type: text/html
  < Content-Length: 24
  < Last-Modified: Mon, 12 Feb 2018 18:11:30 GMT
  < Connection: keep-alive
  < ETag: "5a81d8d2-18"
  < Accept-Ranges: bytes
  <
  web01 www.etiantian.org

• Connection #1 to host www.etiantian.org left intact
• Closing connection #0
• Closing connection #

Http状态码301和302概念简单区别及企业应用案例
http://oldboy.blog.51cto.com/2561410/1774260
内容：Http状态码301和302的区别及企业应用案例

1、什么是301重定向?
　　301重定向/跳转一般，表示本网页永久性转移到另一个地址。
301是永久性转移(Permanently Moved),SEO常用的招式，会把旧页面的PR等信息转移到新页面；

2、什么是302重定向?
　　302重定向表示临时性转移(Temporarily Moved )，当一个网页URL需要短期变化时使用。

3、301重定向与302重定向的区别
301重定向是永久的重定向，搜索引擎在抓取新内容的同时也将旧的网址替换为重定向之后的网址。
302重定向是临时的重定向，搜索引擎会抓取新的内容而保留旧的网址。因为服务器返回302代码，搜索引擎认为新的网址只是暂时的。

4、常见网站的应用案例
12345678910111213141516 [root@oldboy ~]# curl -s -o /dev/null -I -w "%{http_code}\n" http://www.etiantian.org200[root@oldboy ~]# curl -s -o /dev/null -I -w "%{http_code}\n" http://etiantian.org    200[root@oldboy ~]# curl -s -o /dev/null -I -w "%{http_code}\n" http://baidu.com200[root@oldboy ~]# curl -s -o /dev/null -I -w "%{http_code}\n" http://taobao.com302[root@oldboy ~]# curl -s -o /dev/null -I -w "%{http_code}\n" http://qq.com    302[root@oldboy ~]# curl -s -o /dev/null -I -w "%{http_code}\n" http://jd.com302[root@oldboy ~]# curl -s -o /dev/null -I -w "%{http_code}\n" http://51cto.com301[root@oldboy ~]# curl -s -o /dev/null -I -w "%{http_code}\n" http://sina.com.cn301
更多http状态码知识 请浏览http://oldboy.blog.51cto.com/2561410/716294

[root@web01 extra]# curl -I jd.com baidu.com taobao.com
HTTP/1.1 302 Moved Temporarily
Server: JengineD/1.7.2.1
Date: Tue, 27 Feb 2018 12:37:26 GMT
Content-Type: text/html
Content-Length: 165
Location: http://www.jd.com
Connection: keep-alive

HTTP/1.1 200 OK
Date: Tue, 27 Feb 2018 12:37:27 GMT
Server: Apache
Last-Modified: Tue, 12 Jan 2010 13:48:00 GMT
ETag: "51-47cf7e6ee8400"
Accept-Ranges: bytes
Content-Length: 81
Cache-Control: max-age=86400
Expires: Wed, 28 Feb 2018 12:37:27 GMT
Connection: Keep-Alive
Content-Type: text/html

HTTP/1.1 302 Found
Server: Tengine
Date: Tue, 27 Feb 2018 12:37:27 GMT
Content-Type: text/html
Content-Length: 258
Connection: keep-alive
Location: http://www.taobao.com/

[root@web01 extra]# curl status.etiantian.org
Active connections: 1
server accepts handled requests
84 84 135
Reading: 0 Writing: 1 Waiting: 0

##status.conf
server {
listen 80;
server_name status.etiantian.org;
location / {
stub_status on;
access_log off;
auth_basic "closed site";
auth_basic_user_file /application/nginx/conf/htpasswd;
}
}

[root@www extra]# yum install httpd-tools -y
[root@www extra]# which htpasswd
/usr/bin/htpasswd
htpasswd -bc /application/nginx/conf/htpasswd oldboy 123456
chmod 400 /application/nginx/conf/htpasswd
chown www /application/nginx/conf/htpasswd

[root@web01 extra]# rpm -qa httpd-tools
httpd-tools-2.2.15-60.el6.centos.6.x86_64
[root@web01 extra]# rpm -ql httpd-tools
/usr/bin/ab
/usr/bin/htdbm
/usr/bin/htdigest
/usr/bin/htpasswd
/usr/bin/logresolve
/usr/share/doc/httpd-tools-2.2.15
/usr/share/doc/httpd-tools-2.2.15/LICENSE
/usr/share/man/man1/ab.1.gz
/usr/share/man/man1/htdbm.1.gz
/usr/share/man/man1/htdigest.1.gz
/usr/share/man/man1/htpasswd.1.gz
/usr/share/man/man1/logresolve.1.gz

q Apache select和Nginx epoll模型区别形象比喻（面试常考）；
q 虚拟主机概念及类型分类详解；
q Nginx错误及访问日志及访问日志切割；
q Nginx location介绍及配置实践；
q Nginx Rewrite介绍及配置实践；
q Nginx Web访问认证介绍及配置实践。

https://downloads.mysql.com/archives/community/

#老男孩教育-火爆MySQL二进制部署现场
#二进制安装MySQL-5.6.39

###1.添加用户
useradd -s /sbin/nologin -M mysql

####2.解压 mysql 二进制包
cd /home/oldboy/tools
tar xf mysql-5.6.39-*-x86_64.tar.gz

####3.把MySQL 移动到 /application/
mkdir -p /application/
mv /home/oldboy/tools/mysql-5.6.39-*-x86_64 /application/mysql-5.6.39

####4.创建软连接
ln -s /application/mysql-5.6.39/ /application/mysql

####5.让MySQL用户管理 /application/mysql
chown -R mysql.mysql /application/mysql/data

####6.安装这个软件 初始化数据库
#1.软件安装在哪里
#2.数据存放在哪里
#3.MySQL使用的用户谁？

/application/mysql/scripts/mysql_install_db --basedir=/application/mysql --datadir=/application/mysql/data --user=mysql

#####To start mysqld at boot time you have to copy
#####support-files/mysql.server to the right place for your system
#####mysql启动脚本 默认放在support-files/mysql.server
#####
#####记得给MySQL设置个密码
#####PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
#####To do so, start the server, then issue the following commands:
#####

/application/mysql/bin/mysqladmin -u root password 'new-password'

/application/mysql/bin/mysqladmin -u root -h web01 password 'new-password'

####7.复制启动脚本 授权
cp /application/mysql/support-files/mysql.server /etc/init.d/mysqld
chmod +x /etc/init.d/mysqld

####8.修改启动脚本 和 mysql命令 中的路径
sed -i 's#/usr/local/mysql#/application/mysql#g' /application/mysql/bin/mysqld_safe /etc/init.d/mysqld

####9.复制 默认的配置文件
\cp /application/mysql/support-files/my-default.cnf /etc/my.cnf
/etc/init.d/mysqld start

###故障
##1./tmp权限
##2.主机名解析 hosts解析 #ping 主机名
##3.一步一步执行

##
##/application/mysql/bin/mysql
##Welcome to the MySQL monitor. Commands end with ; or \g.
##Your MySQL connection id is 1
##Server version: 5.5.49 MySQL Community Server (GPL)
##
##Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
##
##Oracle is a registered trademark of Oracle Corporation and/or its
##affiliates. Other names may be trademarks of their respective
##owners.
##
##Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
##
##mysql>

####10.PATH路径
echo 'export PATH=/application/mysql/bin:$PATH' >>/etc/profile
source /etc/profile
which mysql

####11.加入开机自启动
chkconfig --add mysqld
chkconfig mysqld on

####12.给MySQL root用户设置密码
/application/mysql/bin/mysqladmin -u root password 'oldboy123'

####13.重新登录MySQL数据库
mysql -uroot -poldboy123

####14.数据库基础框架
#1.数据库 test mysql
#2.表格

#mysql SQL语句
#查看系统中所有数据库
#show databases;
#查看系统中所有的用户
#使用某一个数据库

mysql> #查看当前都有啥
mysql> show databases; ****
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| test |
+--------------------+
4 rows in set (0.07 sec)

####初级 查看系列-开始
##使用某一个数据库
###相当于进入 mysql 数据库中 cd mysql ; cd test
#use mysql

##我想查看当前在哪？ pwd 当前正在使用哪个数据库
select database();
+------------+
| database() |
+------------+
| mysql |
+------------+
1 row in set (0.00 sec)

##我是谁？ 查看当前用户
select user();
+----------------+
| user() |
+----------------+
| root@localhost |
+----------------+
1 row in set (0.00 sec)

###当前系统都有什么用户？ 他们可以在哪里登录？ *****
select user,host from mysql.user;
+------+-----------+
| user | host |
+------+-----------+
| root | 127.0.0.1 |
| root | ::1 |
| | localhost |
| root | localhost |
| | web01 |
| root | web01 |
+------+-----------+
6 rows in set (0.02 sec)
####初级 查看系列-结束
###show databases;
###select user,host from mysql.user;

####初级 添加删除系列
#创建数据库
create database wordpress;
#删除数据库
drop database wordpress;

#添加用户
grant all on wordpress.* to 'wordpress'@'172.16.1.0/255.255.255.0' identified by '123456';

grant all on wordpress.* to 'wordpress'@'172.16.1.0/255.255.255.0' identified by '123456';
授权所有的权限, wordpress数据库所有的权限 给 wordpress用户 可以在172.16.1.0/255.255.255.0 网段登录数据库 这个用户的密码123456；

#更新系统的权限表
flush privileges;

###进行测试
mysql -uwordpress -p123456

mysql -uwordpress -p -h 172.16.1.8

#删除用户
drop user wordpress@'172.16.1.8';

###1.查看都有什么数据库
###2.查看都有什么用户
###3.添加用户

#help sql语句。

#跳过授权表（不用密码登录）
#/etc/init.d/mysqld restart --skip-grant-table

#mysql 命令行
#-u 指定用户
#-p 指定密码（不要有空格）
#-h 连接到某一台服务器

#更改密码 mysqladmin -uroot -poldboy123 password '新的密码'
#

db01上部署一个mysql5.6.39

#部署php
#解压PHP软件，进行编译安装，将程序安装到/application目录中，并且创建软链接
yum install zlib-devel libxml2-devel libjpeg-devel libjpeg-turbo-devel curl-devel -y
yum install freetype-devel libpng-devel gd-devel libcurl-devel libxslt-devel libxslt-devel -y
rpm -qa zlib-devel libxml2-devel libjpeg-devel libjpeg-turbo-devel curl-devel freetype-devel libpng-devel gd-devel libcurl-devel libxslt-devel libxslt-devel

#安装其它相关程序---libmcrypt
#wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
yum -y install libmcrypt-devel mhash mcrypt
rpm -qa libmcrypt-devel mhash mcrypt
http://php.net/releases/

#安装PHP软件程序
tar xf php-5.5.32.tar.gz
cd php-5.5.32 #----正式编译前也可以把这个软件安装上（libxslt*）
./configure --prefix=/application/php-5.5.32 \
--with-mysql=mysqlnd \
--with-pdo-mysql=mysqlnd \
--with-freetype-dir \
--with-jpeg-dir \
--with-png-dir \
--with-zlib \
--with-libxml-dir=/usr \
--enable-xml \
--disable-rpath \
--enable-bcmath \
--enable-shmop \
--enable-sysvsem \
--enable-inline-optimization \
--with-curl \
--enable-mbregex \
--enable-fpm \
--enable-mbstring \
--with-mcrypt \
--with-gd \
--enable-gd-native-ttf \
--with-openssl \
--with-mhash \
--enable-pcntl \
--enable-sockets \
--with-xmlrpc \
--enable-soap \
--enable-short-tags \
--enable-static \
--with-xsl \
--with-fpm-user=www \
--with-fpm-group=www \
--enable-ftp \
--enable-opcache=no

##提示 如下内容 即成功
Generating files
configure: creating ./config.status
creating main/internal_functions.c
creating main/internal_functions_cli.c
+--------------------------------------------------------------------+
| License: |
| This software is subject to the PHP License, available in this |
| distribution in the file LICENSE. By continuing this installation |
| process, you are bound by the terms of this license agreement. |
| If you do not agree with the terms of this license, you must abort |
| the installation process at this point. |
+--------------------------------------------------------------------+

Thank you for using PHP.

config.status: creating php5.spec
config.status: creating main/build-defs.h
config.status: creating scripts/phpize
config.status: creating scripts/man1/phpize.1
config.status: creating scripts/php-config
config.status: creating scripts/man1/php-config.1
config.status: creating sapi/cli/php.1
config.status: creating sapi/fpm/php-fpm.conf
config.status: creating sapi/fpm/init.d.php-fpm
config.status: creating sapi/fpm/php-fpm.service
config.status: creating sapi/fpm/php-fpm.8
config.status: creating sapi/fpm/status.html
config.status: creating sapi/cgi/php-cgi.1
config.status: creating ext/phar/phar.1
config.status: creating ext/phar/phar.phar.1
config.status: creating main/php_config.h
config.status: executing default commands

ln -s /application/mysql/lib/libmysqlclient.so.18  /usr/lib64/  #可以不创建

touch ext/phar/phar.phar
make && make install
ln -s /application/php-5.5.32/ /application/php

Generating phar.php
Generating phar.phar
PEAR package PHP_Archive not installed: generated phar will require PHP's phar extension be enabled.
clicommand.inc
pharcommand.inc
invertedregexiterator.inc
directorygraphiterator.inc
directorytreeiterator.inc
phar.inc

Build complete.

[root@web01 php-5.5.32]# make install
Installing PHP CLI binary: /application/php-5.5.32/bin/
Installing PHP CLI man page: /application/php-5.5.32/php/man/man1/
Installing PHP FPM binary: /application/php-5.5.32/sbin/
Installing PHP FPM config: /application/php-5.5.32/etc/
Installing PHP FPM man page: /application/php-5.5.32/php/man/man8/
Installing PHP FPM status page: /application/php-5.5.32/php/php/fpm/
Installing PHP CGI binary: /application/php-5.5.32/bin/
Installing PHP CGI man page: /application/php-5.5.32/php/man/man1/
Installing build environment: /application/php-5.5.32/lib/php/build/
Installing header files: /application/php-5.5.32/include/php/
Installing helper programs: /application/php-5.5.32/bin/
program: phpize
program: php-config
Installing man pages: /application/php-5.5.32/php/man/man1/
page: phpize.1
page: php-config.1
Installing PEAR environment: /application/php-5.5.32/lib/php/
[PEAR] Archive_Tar - installed: 1.4.0
[PEAR] Console_Getopt - installed: 1.4.1
[PEAR] Structures_Graph- installed: 1.1.1
[PEAR] XML_Util - installed: 1.3.0
[PEAR] PEAR - installed: 1.10.1
Wrote PEAR system config file at: /application/php-5.5.32/etc/pear.conf
You may want to add: /application/php-5.5.32/lib/php to your php.ini include_path
/home/oldboy/tools/php-5.5.32/build/shtool install -c ext/phar/phar.phar /application/php-5.5.32/bin
ln -s -f phar.phar /application/php-5.5.32/bin/phar
Installing PDO headers: /application/php-5.5.32/include/php/ext/pdo/
[root@web01 php-5.5.32]# echo $?
0

#复制php.ini配置文件

[root@web01 php-5.5.32]# cp /home/oldboy/tools/php-5.5.32/php.ini-production /application/php-5.5.32/lib/php.ini

#复制php-fpm配置文件
[root@web01 php-5.5.32]# cd /application/php-5.5.32/etc/
[root@web01 etc]# ls
pear.conf php-fpm.conf.default
[root@web01 etc]# cp php-fpm.conf.default php-fpm.conf
[root@web01 etc]# ll
total 52
-rw-r--r-- 1 root root 1332 Feb 27 22:53 pear.conf
-rw-r--r-- 1 root root 22609 Feb 27 22:56 php-fpm.conf
-rw-r--r-- 1 root root 22609 Feb 27 22:53 php-fpm.conf.default

#
[root@web01 etc]# /application/php-5.5.32/sbin/php-fpm -t
[27-Feb-2018 22:56:53] NOTICE: configuration file /application/php-5.5.32/etc/php-fpm.conf test is successful

[root@web01 etc]# /application/php-5.5.32/sbin/php-fpm
[root@web01 etc]# ss -lntup |grep 9000
tcp LISTEN 0 16384 127.0.0.1:9000 : users:(("php-fpm",129733,7),("php-fpm",129734,0),("php-fpm",129735,0))

LNMP搭建网站前的测试。
测试nginx与php配合是否成功
php与MySQL配合是否成功
部署网站

测试nginx与php配合是否成功

server {
listen 80;
server_name blog.etiantian.org;
root html/blog;
index index.php index.html index.htm;
location ~ .*.(php|php5)?$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
}

echo '' >/application/nginx/html/blog/test_info.php

php与MySQL配合是否成功

test_mysql.php

//$link_id=mysql_connect('主机名','用户','密码');
$link_id=mysql_connect('172.16.1.51','wordpress','123456') or mysql_error();
if($link_id){
echo "mysql successful by oldboy ! \n";
}else{
echo mysql_error();
}
?>

#部署博客

https://cn.wordpress.org/wordpress-4.9.4-zh_CN.tar.gz

chown -R www.www *

负载均衡与反向代理

HOSTNAME IP 说明
lb01 10.0.0.5 Nginx主负载均衡器
lb02 10.0.0.6 Nginx辅负载均衡器
web01 10.0.0.8 web01服务器
web02 10.0.0.7 web02服务器

[root@web01 ~]# /application/nginx/sbin/nginx -V
nginx version: nginx/1.12.2
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-18) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --user=www --group=www --prefix=/application/nginx-1.12.2 --with-http_stub_status_module --with-http_ssl_module

#web01 web02 nginx.conf
worker_processes 1;