IO:模型
nginx:
web服务器
反向代理:代理web,mail
tengine:淘宝的nginx
varnish,squid:缓存服务器
nginx:缓存在磁盘上和memcached
httpd:缓存在磁盘和内存上。
nginx热部署:平滑升级
安装nginx:
yum groupinstall "Development Tools" "Server Platform Development"
yum install pcre-devel openssl-devel
groupadd -r -g 108 nginx
user -r -g 108 -u 108 nginx
tar -zxvf nginx-1.41.tar.gz
cd nginx-1.41
./configure --prefix=/usr --sbin-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/log/nginx.lock --user=nginx --group=nginx --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gizp_static_module --http-client-temp-path=/var/tmp/nginx/client --http-proxy-temp-path=/var/tmp/nginx/proxy/ --http-fastcgi-temp-path=/var/tmp/nginx/fcgi/ --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi --http-scgi-temp-path=/var/tmp/nginx/scgi --http-scgi-temp-path=/var/tmp/nginx/scgi --with-pcre=/usr --with-file-aio
make && make install
采用源码rpm包安装:
rpm -ivh nginx-1.4.1-1.el5.ngx.src.rpm
cd /usr/src/redhat/SPECS/
vim nginx.spec
rpmbuild -ba nginx.spec
nginx:
server{}:虚拟主机
location{}:
location /URI/ {
root "/web/htdocs";
}httpd:
URI路径:
http://www.magedu.com/
nagle算法:主要解决网络拥塞
每一个server{}:定义一个虚拟主机
location{}:
location /uri/ {
root “/web/htdocs”;
}
httpd:
基于本地文件系统的路径:
定义uri路径:
uri路径:http://www.baidu.com/(从这里开始后面就称uri路径)
location [ =| ~| ~*| ^~ ] uri{...}
location uri{}:对当前路径及子路径下的所有对象都生效
location = uri {}:精确匹配指定的路径,不包括子路径,因此,只对当前资源生效
location ~ uri {}:
location ~ uri {}:
模式匹配uri,此处的uri可使用正则表达式,~区分字符大小写,~不区分字符大小写:
location ^~ uri {}:不使用正则表达式
location / {
root /web/htdocs;
}
location /bbs/ {
root /web;
}
访问控制:
基于IP模式的访问控制
location / {
root /web/htdocs;
deny 192.168.1.25;
}
location / {
root /web/htdocs;
allow 192.168.1.25;
deny all;
}
基于用户模式的访问控制
location / {
root /web/htdocs;
auth_basic "Restricted Area...";
auth_basic_user_file /etc/nginx/.users;
autoindex on;
}
httppasswd -cm /etc/nginx/.users tom
location /status {
stub_status on;
}
http://192.168.1.28/status
其status各项表示的意思:已经接受的连接的个数,已经处理的连接的个数,已经连接的请求的个数
reading:nginx正在读取其首部请求的个数;
writing:nginx正在读取其主体的请求的个数,或正处理着其请求响应的内容的请求的个数或者正在向其客户端发送响应的个数;
waiting:长连接模式的保持的连接个数
建立证书颁发签署机构:
1.制作私钥
vim /etc/pki/openssl.cnf
[CA_default]
dir = /etc/pki/CA
cd /etc/pki/CA
mkdir certs crl newcerts private
(umask 077;openssl genrsa 2048 > private/cakey.pem)
2.生成自签名证书:
openssl req -new -x509 -key private/cakey.pem -out cacert.pem
touch serial
echo 01 > serial
touch index.txt
用户向证书颁发机构申请签署证书:
cd /etc/nginx
mkdir ssl
cd ssl
1.制作私钥
(umask 077;openssl genrsa 1024 > nginx.key)
2.生成向证书颁发机构的证书签署请求
openssl -req -new -key nginx.key -out nginx.csr
3.证书机构签署证书签署请求
openssl ca -in nginx.csr -out nginx.crt -days 3650
server {
listen 443;
server_name localhost;
ssl on;
ssl_cerificate /etc/nginx/ssl/nginx.crt;
ssl_session_key /etc/nginx/ssl/nginx.key;
ssl_protocols SSLv2 SSLv3 TLSv1;
location / {
root /web/htdocs;
index index.html index.htm;}
}
虚拟主机:
server {
listen 80;
server_name sina.uplook.com;
location / {
root /sina;
index index.html;
}
LEMP:
php-fpm:
127.0.0.1:9000
nginx+PHP+MySQL
vim /etc/php.ini
vim /etc/php-fpm.conf
vim /etc/init.d.php-fpm
tar -zxvf mysql-5.6.10-linux-glibc2.5-i686.tar.gz -C /usr/local
mkdir /mydata/data
useradd -r mysql
chown -R mysql.msyql /mydata/data
cd /usr/local
ln -sv mysql-5.6.10 mysql
chown -R root.mysql ./*
scripts/mysql_install_db --user=mysql --datadir=/mydata/data/
vim /etc/my.cnf
datadir = /mydata/data
innodb_file_per_table = on
log-bin = master-bin
socket = /tmp/mysql.sock
cp support-files/mysql.server /etc/init.d/mysqld
service mysqld start
vim /etc/ld.so.conf.d/mysql.conf
/usr/local/mysql/lib
ldconf -v
ln -sv /usr/local/mysql/include /usr/include/mysql
tar -jxvf php-5.4.13.tar.bz2
cd php-5.4.13
./configure --prefix=/usr/local/php --with-mysql=/usr/local/mysql --with-openssl --enable-fpm --enable-sockets --enable-sysvshm --with-mysqli=/usr/local/mysql/_config --enable-mbstring --with-freetype-dir --with-png-dir --with-zlib-dir --with-libxml-dir=/usr --enable-xml --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --with-bz2 --with-curl
make && make install
cp php.ini-production /etc/php.ini
cd /usr/local/php/etc/
cp php-fpm.conf.default php-fpm.conf
cd /root/php-5.4.13/
cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
service php-fpm start
整合nginx和php
vim /etc/nginx/nginx.conf
location ~ .php$ {
root /web/htdocs;
index index.php index.html
fastcgi_pass 127.0.0.1:9000;(用来定义代理的)
fastcgi_index index.php;
fastcgi_param script_filename ..;
include fastcgi_params;
}
vim /etc/nginx/fastcgi_params
fastcgi_param ...
fastcgi_param ...
fastcgi_param ...
fastcgi_param ...
fastcgi_param ...
fastcgi_param ...
fastcgi_param ...
vim /web/htdocs/index.php
phpinfo();
?>
IO模型:
阻塞:等待
非阻塞:一直轮询
同步:把数据获取到以后在离开
异步:获取数据的时候,可以不用等到获取后在离开
同步阻塞:
异步阻塞:IO复用
同步非阻塞:event-driven
异步非阻塞:AIOnginx:
mmap
event-driven
一个进程响应多个请求;单线程进程
memcached:万金油,存储可序列化数据string,object,key:value
hash bucket,O(1)
redis:databases,nosql
lvs
nginx
haproxy
LEMP:
enginx
web:nginx,lnmp,memcached,haproxy,tomcat,varnish
location ~* .php$ {
fastcgi_pass 127.0.0.1:9000;
}
fastcgi
nginx配置文件
main,
worker_process
error_log
user
group
events {
}
事件驱动
httpd {
}
关于http相关的配置
server {
}
虚拟主机
location uri {
directive
}
uri访问属性
上下文
server {
listen 80;
server_name www.maoshou.com
location / {
后端服务器;
}
}
反向代理:
proxy_pass
location [op] URI {
http://172.16.100.11/;
}
~
~*
^~
location @name
location /forum/ {
proxy_pass http://172.16.100.11:8080/bbs/;
}
http://www.magedu.com/forum/
--->http://172.16.100.11:8080/bbs/
location ~* ^/forum {
proxy_pass http://172.16.100.11:8080;
}
http://www.magedu.com/forum/ --->
http://172.16.100.11:8080/forum
vim /etc/nginx.conf
location /forum/ {
proxy_pass http://172.16.100.6/bbs/;
}
在172.16.100.6上mkdir /var/www/html/bbs
vim /etc/nginx.conf
location ~* /forum {
proxy_pass http://172.16.100.6;
proxy_set_header X-Real-IP $remote_addr;
}
在 172.16.100.6上mkdir /var/www/html/forum
vim /etc/http.conf
LogFormat "%{X-Real-IP}i" ...
proxy_set_header X-real-IP $remote_addr
get,post,head,put,trace,options,connection,delete
nginx:
round-robin
ip_hash
least_conn
vim /etc/nginx.conf
upstream websrvs {
ip_hash(请注释掉backup这行);
server 172.16.100.6 weight=1 max_fails=2 fail_timeout=2;
server 172.16.100.7 weight=1 max_fails=2 fail_timeout=2;
#server 127.0.0.1:8080 backup;
}
proxy_cache_path /nginx/cache/first levels=1:2:1 keys_zone=first:20m max_size=1g;
location / {
proxy_pass http://websrvs/;
proxy_set_header X-Real-IP $remote_addr;
proxy_cache first;
proxy_cache_valid 200 10m;
}
server {
listen 8080;
server_name 127.0.0.1;
location / {
root /web/error;
index index.html index.htm
}
}
mkdir /web/error
vim html
mkdir /nginx/cache/first
nginx:
cache:共享内存:存储健和缓存对象元数据
磁盘空间:存储数据
proxy_cache_path:不能定义在server{}上下文
缓存对象命名
缓存目录:子目录级别
proxy_cache_path /nginx/cache/first levels=1:2:1 keys_zone=first:20m max_size=1g;
表示有三个子级目录,1:表示第一子级目录有一个字符 2:表示第二子级目录有2个字符 1:表示第三子级目录有1个字符
cache_manager:LRU
另外常用的三种缓存:
open_log_cache:日志缓存
open_file_cache:
fastcgi_cache:
nginx的limit限制也基于共享内存实现
nginx:gzip
upstream phpsrvs {
server ....
server ....
}
upstream imgsrvs {
server ....
server ....
}
ustream staticfilesrvs {
server ....
server ....
}
location / {
root /web/htdocs;
index index.php index.html
}
location ~* .php$ {
fastcgi_pass http://phpsrvs;
}
location ~* .(jpg|jpeg|gif|png)$ {
proxy_pass http://imgsrvs;
}
rewirte:URL重写模块
if (condition) {
}
测试:
双目测试:
~,!~
,!
~,!~
if ($request_method="POST") {
}
if ($request_uri ~* "/forum") {
}
单目测试:referer:
location / {
root /web;
rewrite "/images/" http://172.16.100.19/images/
}
支持正则表达式:
locstion / {
root html;
index index.html;
rewrite "^/bbs/(.*)$" http://www.magedu.com/forum/$1 last;
}
http://www.magedu.com/bbs/index.html --> http://www.magedu.com/forum/index.html
locstion / {
root html;
index index.html;
rewrite "^/bbs/(.)/images/(.).jpg$" http://www.magedu.com/bbs/$2/images/$1.jpg last;
}
http://www.magedu.com/bbs/a/images/b.jpg --> http://www.magedu.com/bbs/b/images/a.jpg --> http://www.magedu.com/bbs/a/images/b.jpg
last:本次重写完成之后,重启下一轮检查;
break:本次重写完成之后,直接执行后续操作;
locstion / {
root html;
index index.html;
rewrite "^/bbs/(.*)$" /forum/$1;
}
zeromq:连接池
mmap:内存映射
Facebook:日志收集器
nginx:
IO模型:
阻塞:
非阻塞:一遍一遍的轮询
同步:对方完完整整收到数据后,才响应说收到了
异步:数据发送出去就不管了,不管对方收到没有
同步阻塞
异步阻塞:IO复用
异步阻塞:event-driven
异步非阻塞:aio
nginx:
mmap
event-driven
一个进程响应多个请求:单线程进程
aio
PHP和nginx结合要通过fastcgi
redis:能够实现持久存储
nosql:是一种技术,有很多不同的类别
location [op] uri {
proxy_pass http://172.16.100.11/;
}
~
~*
^~
location @name(可以调用另外一个location):
location / {
error 404 @fallback(即调用下面的fallback)
}
location @fallback {
proxy_pass http://1
92.168.1.20;
}
location /forum/ {
proxy_pass http://192.168.1.100:8080/bbs/;
}
此/forum/和/bbs/要事先建立,且这两个目录在两台服务器上不用相同
当在浏览器中输入http://www.psmov.com/forum/则被代理到http://192.168.1.100:8080/bbs/后端http服务器中
如果采用正则表达式(即采用模式匹配)则只能写地址,后面不能接路径,且两个目录要相同
location ~* ^/forum {
proxy_pass http://192.168.1.100:8080;
}
http://www.psmov.com/forum/则被代理到http://192.168.1.100:8080/forum/后端http服务器中
proxy_set_header x-real-IP $remote_addr(当客户端访问时都是代理服务器去获得资源然后给客户端,这样就无法得知是哪个客户端访问了,所有就采用proxy_set_header x-real-IP $remote_addr)
客户端请求内容的方法:
get、post、head、put、trace、options、connection、delete
location ~* ^/forum {
proxy_pass http://192.168.1.100:8080;
proxy_set_header x-real-ip $remote_addr;
}
nginx的三种算法:
round-robin
ip_hash:在这种算法下不能使用backup
least_com
nginx作为缓存代理服务器
cache:共享内存(存储和缓存对象元数据)
proxy_cache_path:用来定义缓存的目录,且不能定义在server字段中
proxy_cache_path /nginx/cache/first levels=1:2:1 keys_zone=first(这是要被location配置中引用的名称):20m max_size=1G
cache_manager:lru
location / {
proxy_pass http://192.168.1.100:8080/webservs/;
proxy_cache first;
proxy_cache_valie 200 10m;
}
另外常用的三种缓存
open_log_cache:日志缓存
open_file_cache:打开文件缓存
fastcgi_cache:
而nginx的limit限制也基于共享内存实现
nginx:gzip
请求不同内容的代理
upstream phpserver {
server ...
server ...
}
upstream imgsrvs {
server ...
server ...
}
location / {
root /web;
index index.php index.html;
}
location ~* .php$ {
fastcgi_pass http://phpserver;
}
location ~* “.(jpg|jpeg|gif|png)$”
proxy_pass http://imgsrvs;
}
rewrited:URL重写模块(主要是来防盗链的)
if (condition){
}
测试:
双目测试;
~,!~
,!
~,!~
if ($request_method=“POST”){
}
if ($request_uri ~* "/forum") {
}
单目测试:
referer:
location /images/ {
rewrite http://192.168.1.20/images/
}
支持正则表达式:
location / {
root html;
index index.html;
rewrite “^/bbs/(.)$” http://192.168.1.20/forum/$1 last;
}
这里面的/bbs/目录不需要存在,其中$1为(.)$,类似于后向引用
last:本次重写完成之后,重启下一轮检查;
break:本次重写完成之后,直接执行后续操作;
读写分离
webdav:基于http协议的读写分离
在后端的http服务中配置:
Dav on
/etc/init.d/httpd restart
setfacl -m u:apache:rwx /var/www/html
在前端的nginx中配置:
location / {
proxy_pass http://192.168.1.20/;
if ($request_method = "PUT")
proxy_pass http://192.168.1.21;
}
curl -T /etc/fstab http://172.16.100.106 上传文件