nginx动静分离

环境：

//lb防火墙
[root@LB ~]# systemctl stop firewalld
[root@LB ~]# systemctl disable firewalld
[root@LB ~]# vim /etc/selinux/config 
[root@LB ~]# setenforce 0
setenforce: SELinux is disabled

//R1
[root@r1 ~]# systemctl stop firewalld
[root@r1 ~]# systemctl disable firewalld
[root@r1 ~]# vim /etc/selinux/config 

//R2
[root@R2 ~]# systemctl stop firewalld
[root@R2 ~]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@R2 ~]# vim /etc/selinux/config 

一台部署nginx，一台部署apache，对比好出效果

//R1
[root@r1 ~]# yum install -y httpd
已加载插件：fastestmirror
......

[root@r1 ~]# systemctl enable --now httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.

[root@R2 ~]# yum install -y nginx
......

[root@R2 ~]# systemctl enable --now nginx
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.

//安装nginx，备份nginx的配置文件
[root@LB ~]# cd /usr/local/nginx/conf/
[root@LB conf]# ls 
fastcgi.conf            nginx.conf
fastcgi.conf.default    nginx.conf.default
fastcgi_params          scgi_params
fastcgi_params.default  scgi_params.default
koi-utf                 ssl
koi-win                 uwsgi_params
mime.types              uwsgi_params.default
mime.types.default      win-utf
[root@LB conf]# cp nginx.conf /opt/
[root@LB conf]# ls /opt/
nginx.conf

//修改配置文件
[root@LB conf]# vim nginx.conf
 38     upstream webservers {        //定义负载均衡的主机
 39         server 192.168.75.144;
 40         server 192.168.75.143;
 41     }

 51         location / {
 52             proxy_pass http://webservers;        //访问网站指向两个主机
 53         }

//重新加载配置文件
[root@LB conf]# nginx -s reload
[root@LB conf]# ss -antl
State   Recv-Q  Send-Q   Local Address:Port   Peer Address:Port 
LISTEN  0       128            0.0.0.0:80          0.0.0.0:*    
LISTEN  0       128            0.0.0.0:22          0.0.0.0:*    
LISTEN  0       128            0.0.0.0:443         0.0.0.0:*    
LISTEN  0       128               [::]:22             [::]:*  

//测试，访问192.168.75.142
[root@LB ~]# curl http://192.168.75.142/


                
                

    
    
    


  
    
          Testing 123..
                
This page is used to test the proper operation of the Apache HTTP server after it has been installed. If you can read this page it means that this site is working properly. This server is powered by CentOS.
                
  
  
    
       
                        
                        Just visiting?
                                        
The website you just visited is either experiencing problems or is undergoing routine maintenance.
                                        
If you would like to let the administrators of this website know that you've seen this page instead of the page you expected, you should send them e-mail. In general, mail sent to the name "webmaster" and directed to the website's domain should reach the appropriate person.
                                        
For example, if you experienced problems while visiting www.example.com, you should send e-mail to "webmaster@example.com".
                                
                                
                                        Are you the Administrator?
                                        
You should add your website content to the directory /var/www/html/.
                                        
To prevent this page from ever being used, follow the instructions in the file /etc/httpd/conf.d/welcome.conf.

                                        Promoting Apache and CentOS
                                        
You are free to use the images below on Apache and CentOS Linux powered HTTP servers.  Thanks for using Apache and CentOS!
                                        
 
                                
                        
            
                
        
          
      
        
                    
            important note:
            
The CentOS Project has nothing to do with this website or its content,
            it just provides the software that makes the website run.
            
            
If you have issues with the content of this site, contact the owner of the domain, not the CentOS project. 
            Unless you intended to visit CentOS.org, the CentOS Project does not have anything to do with this website,
            the content or the lack of it.
            
For example, if this website is www.example.com, you would find the owner of the example.com domain at the following WHOIS server:
            
http://www.internic.net/whois.html
          
          
            The CentOS Project
            
The CentOS Linux distribution is a stable, predictable, manageable and reproduceable platform derived from 
               the sources of Red Hat Enterprise Linux (RHEL).

            
            
Additionally to being a popular choice for web hosting, CentOS also provides a rich platform for open source communities to build upon. For more information
               please visit the CentOS website.
          
        
                  
    
  

[root@LB ~]# 
[root@LB ~]# curl http://192.168.75.142/



    
        
        
        
            
            body {
                background-color: #fff;
                color: #000;
                font-size: 0.9em;
                font-family: sans-serif,helvetica;
                margin: 0;
                padding: 0;
            }
            :link {
                color: #c00;
            }
            :visited {
                color: #c00;
            }
            a:hover {
                color: #f50;
            }
            h1 {
                text-align: center;
                margin: 0;
                padding: 0.6em 2em 0.4em;
                background-color: #900;
                color: #fff;
                font-weight: normal;
                font-size: 1.75em;
                border-bottom: 2px solid #000;
            }
            h1 strong {
                font-weight: bold;
                font-size: 1.5em;
            }
            h2 {
                text-align: center;
                background-color: #900;
                font-size: 1.1em;
                font-weight: bold;
                color: #fff;
                margin: 0;
                padding: 0.5em;
                border-bottom: 2px solid #000;
            }
            hr {
                display: none;
            }
            .content {
                padding: 1em 5em;
            }
            .alert {
                border: 2px solid #000;
            }

            img {
                border: 2px solid #fff;
                padding: 2px;
                margin: 2px;
            }
            a:hover img {
                border: 2px solid #294172;
            }
            .logos {
                margin: 1em;
                text-align: center;
            }
            
        
    

    
        Welcome to nginx on Red Hat Enterprise Linux!

        
            
This page is used to test the proper operation of the
            nginx HTTP server after it has been
            installed. If you can read this page, it means that the
            web server installed at this site is working
            properly.

            
                Website Administrator
                
                    
This is the default index.html page that
                    is distributed with nginx on
                    Red Hat Enterprise Linux.  It is located in
                    /usr/share/nginx/html.

                    
You should now put your content in a location of
                    your choice and edit the root configuration
                    directive in the nginx
                    configuration file
                    /etc/nginx/nginx.conf.

                    
For information on Red Hat Enterprise Linux, please visit the Red Hat, Inc. website. The documentation for Red Hat Enterprise Linux is available on the Red Hat, Inc. website.

                
            

            
                
                
            
        
    

[root@LB ~]# 

[root@LB conf]# vim nginx.conf

 38     upstream static {
 39         server 192.168.75.144;
 40     }
 41 
 42     upstream dynamic {
 43         server 192.168.75.143;
 44     }
 45     server {
 46         listen       80;
 47         server_name  localhost;
 48         
 49         #charset koi8-r;
 50 
 51         #access_log  logs/host.access.log  main;
 52 
 53         location / {
 54             proxy_pass http://static;
 55         }

 70         location ~ .php$ {
 71             proxy_pass   http://dynamic;
 72         }


//重新加载配置文件
[root@LB conf]# nginx -s reload
[root@LB conf]# 

nginx

//创建nginx系统用户
[root@localhost ~]# useradd -r -M -s /sbin/nologin nginx
 
//下载包组
[root@localhost ~]# yum -y groups mark install 'Development Tools'
已加载插件：fastestmirror
Loading mirror speeds from cached hostfile
 * epel: mirrors.bfsu.edu.cn
Marked install: Development Tools
 
//安装依赖包
[root@localhost ~]# yum install -y gcc gcc-c++ pcre-devel gd-devel openssl openssl-devel 
 
//创建nginx存放日志的目录
[root@localhost ~]# mkdir -p /var/log/nginx
[root@localhost ~]# chown -R nginx.nginx /var/log/nginx
 
//从网上拉去压缩包
[root@localhost ~]# cd /usr/src/
[root@localhost src]# wget http://nginx.org/download/nginx-1.20.1.tar.gz
--2021-10-25 14:21:05--  http://nginx.org/download/nginx-1.20.1.tar.gz
正在解析主机 nginx.org (nginx.org)... 52.58.199.22, 3.125.197.172, 2a05:d014:edb:5704::6, ...
正在连接 nginx.org (nginx.org)|52.58.199.22|:80... 已连接。
已发出 HTTP 请求，正在等待回应... 200 OK
长度：716067 (699K) [application/octet-stream]
正在保存至: “nginx-1.2.0.tar.gz”
 
100%[=================>] 716,067      174KB/s 用时 4.0s   
 
2021-10-25 14:21:11 (174 KB/s) - 已保存 “nginx-1.20.1.tar.gz” [716067/716067])
 
[root@localhost src]# ls
debug  kernels  nginx-1.20.1.tar.gz
[root@localhost src]# 
 
//解压至/usr/local
[root@localhost src]# tar xf nginx-1.20.1.tar.gz -C /usr/local/
[root@localhost src]# cd /usr/local/
[root@localhost local]# ls
bin  games    lib    libexec      sbin   src
etc  include  lib64  nginx-1.20.1  share
[root@localhost local]# mv nginx-1.20.1/ nginx
 
//编译安装
[root@localhost nginx]# ./configure 
> --prefix=/usr/local/nginx 
> --user=nginx 
> --group=nginx 
> --with-debug 
> --with-http_ssl_module 
> --with-http_realip_module 
> --with-http_image_filter_module 
> --with-http_gzip_static_module 
> --with-http_stub_status_module 
> --http-log-path=/var/log/nginx/access.log 
> --error-log-path=/var/log/nginx/error.log
checking for OS
 + Linux 3.10.0-862.el7.x86_64 x86_64
checking for C compiler ... found
checking for gcc builtin atomic operations ... found
checking for C99 variadic macros ... found
 
......
 
Configuration summary
  + using system PCRE library
  + using system OpenSSL library
  + md5: using OpenSSL library
  + sha1: using OpenSSL library
  + using system zlib library
 
  nginx path prefix: "/usr/local/nginx"
  nginx binary file: "/usr/local/nginx/sbin/nginx"
  nginx configuration prefix: "/usr/local/nginx/conf"
  nginx configuration file: "/usr/local/nginx/conf/nginx.conf"
  nginx pid file: "/usr/local/nginx/logs/nginx.pid"
  nginx error log file: "/var/log/nginx/error.log"
  nginx http access log file: "/var/log/nginx/access.log"
  nginx http client request body temporary files: "client_body_temp"
  nginx http proxy temporary files: "proxy_temp"
  nginx http fastcgi temporary files: "fastcgi_temp"
  nginx http uwsgi temporary files: "uwsgi_temp"
  nginx http scgi temporary files: "scgi_temp"
 
[root@localhost nginx]# make && make install
 
//配置环境变量
[root@localhost ~]# echo 'export PATH=/usr/local/nginx/sbin:$PATH' > /etc/profile.d/nginx.sh
[root@localhost ~]# . /etc/profile.d/nginx.sh
 
//测试
[root@localhost ~]# nginx 
[root@localhost ~]# ss -antl
State       Recv-Q Send-Q Local Address:Port               Peer Address:Port              
LISTEN      0      128     *:80                  *:*                  
LISTEN      0      128     *:22                  *:*                  
LISTEN      0      100    127.0.0.1:25                  *:*                  
LISTEN      0      128    :::22                 :::*                  
LISTEN      0      100       ::1:25                 :::*   

mysql

//Mysql
//安装依赖包
[root@R2 ~]# yum -y install ncurses-devel openssl-devel openssl cmake mariadb-devel

//创建用户和组
[root@R2 ]# useradd -r -M -s /sbin/nologin mysql

//下载二进制格式的mysql软件包
[root@R2 local]# cd /usr/src/
[root@R2 local]# ls
debug  kernels  nginx-1.20.1  nginx-1.20.1.tar.gz
[root@R2 local]# ls
debug  kernels  mysql-5.7.35-linux-glibc2.12-x86_64.tar.gz  nginx-1.20.1  nginx-1.20.1.tar.gz
[root@R2 local]# tar xf mysql-5.7.35-linux-glibc2.12-x86_64.tar.gz -C /usr/local/
[root@R2 local]# ls /usr/local/
bin  games    lib    libexec                              nginx  share
etc  include  lib64  mysql-5.7.35-linux-glibc2.12-x86_64  sbin   src
[root@R2 local]# cd /usr/local/
[root@R2 local]# mv mysql-5.7.35-linux-glibc2.12-x86_64 mysql
[root@R2 local]# ls
bin  etc  games  include  lib  lib64  libexec  mysql  nginx  sbin  share  src
[root@R2 local]# 

//修改目录/usr/local/mysql的属主属组
[root@R2 local]# chown -R mysql.mysql mysql

//添加环境变量
[root@R2 ~]# echo 'export PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
[root@R2 ~]# source /etc/profile.d/mysql.sh 
[root@R2 ~]# ls /usr/local/mysql/
bin   include  LICENSE  README  support-files
docs  lib      man      share
[root@R2 ~]# ln -s /usr/local/mysql/include /usr/include/mysql
[root@R2 ~]# 
[root@R2 ~]# vim /etc/man_db.conf 
[root@R2 ~]# cat /etc/man_db.conf 
MANDATORY_MANPATH                       /usr/man
MANDATORY_MANPATH                       /usr/share/man
MANDATORY_MANPATH                       /usr/local/share/man
MANDATORY_MANPATH                       /usr/local/apache/man
MANDATORY_MANPATH                       /usr/local/mysql/man //添加这一行内容

[root@R2 ~]# vim /etc/ld.so.conf.d/mysql.conf
[root@R2 ~]# cat /etc/ld.so.conf.d/mysql.conf 
/usr/local/msyql/lib
[root@R2 ~]# ldconfig
[root@R2 ~]# 

//建立数据存放目录
[root@R2 ~]# mkdir /opt/data
[root@R2 ~]# chown -R mysql.mysql /opt/data
[root@R2 ~]# bash

//初始化数据库
[root@R2 ~]# chown -R mysql.mysql /opt/data
[root@R2 ~]# mysqld --initialize-insecure --user mysql --datadir /opt/data


//生成配置文件
[root@R2 ~]# cat > /etc/my.cnf < [mysqld]
> basedir = /usr/local/mysql
> datadir = /opt/data
> socket = /tmp/mysql.sock
> port = 3306
> pid-file = /opt/data/mysql.pid
> user = mysql
> skip-name-resolve
> EOF
[root@R2 ~]# cat /etc/my.cnf
[mysqld]
basedir = /usr/local/mysql
datadir = /opt/data
socket = /tmp/mysql.sock
port = 3306
pid-file = /opt/data/mysql.pid
user = mysql
skip-name-resolve
[root@R2 ~]# 

[root@R2 ~]# cp /usr/lib/systemd/system/httpd.service /usr/lib/systemd/system/mysqld.service
[root@R2 ~]# vim /usr/lib/systemd/system/mysqld.service 
[root@R2 ~]# cat /usr/lib/systemd/system/mysqld.service 
[Unit]
Description=Mysql server daemon
After=network.target 

[Service]
Type=forking
ExecStart=/usr/local/mysql/support-files/mysql.server start
ExecStop=/usr/local/mysql/support-files/mysql.server stop
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target
 

[root@R2 ~]# vim /usr/local/mysql/support-files/mysql.server
basedir=/usr/local/mysql
datadir=/opt/data  //修改这两行内容

//开机自启
[root@R2 ~]# systemctl daemon-reload
[root@R2 ~]# systemctl enable --now mysqld
Created symlink /etc/systemd/system/multi-user.target.wants/mysqld.service → /usr/lib/systemd/system/mysqld.service.
[root@R2 ~]# ss -antl
State   Recv-Q  Send-Q   Local Address:Port                Peer Address:Port              
LISTEN  0       128            0.0.0.0:80                       0.0.0.0:*                 
LISTEN  0       128            0.0.0.0:22                       0.0.0.0:*                 
LISTEN  0       80                   *:3306                           *:*                 
LISTEN  0       128               [::]:22                          [::]:*

//修改密码
[root@R2 ~]#  yum -y install ncurses-compat-libs

[root@R2 ~]# mysql
Welcome to the MySQL monitor.  Commands end with ; or g.
Your MySQL connection id is 2
Server version: 5.7.35 MySQL Community Server (GPL)

Copyright (c) 2000, 2021, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

mysql> set password = password('yang123');
Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> quit
Bye
[root@R2 ~]# mysql -uroot -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or g.
Your MySQL connection id is 4
Server version: 5.7.35 MySQL Community Server (GPL)

Copyright (c) 2000, 2021, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

mysql> 

php

//安装依赖包
[root@R2 src]# yum -y install libxml2 libxml2-devel openssl openssl-devel bzip2 bzip2-devel libcurl libcurl-devel libicu-devel libjpeg libjpeg-devel libpng libpng-devel openldap-devel  pcre-devel freetype freetype-devel gmp gmp-devel libmcrypt libmcrypt-devel readline readline-devel libxslt libxslt-devel mhash mhash-devel

[root@R2 php-8.0.10]# yum -y install http://mirror.centos.org/centos/8-stream/PowerTools/x86_64/os/Packages/oniguruma-devel-6.8.2-2.el8.x86_64.rpm



//下载php压缩包
[root@R2 src]# wget https://www.php.net/distributions/php-8.0.10.tar.xz
--2021-10-31 15:34:35--  https://www.php.net/distributions/php-8.0.10.tar.xz
正在解析主机 www.php.net (www.php.net)... 185.85.0.29, 2a02:cb40:200::1ad
正在连接 www.php.net (www.php.net)|185.85.0.29|:443... 已连接。
已发出 HTTP 请求，正在等待回应... 200 OK
长度：10703088 (10M) [application/octet-stream]
正在保存至: “php-8.0.10.tar.xz”

php-8.0.10.tar.x 100%[========>]  10.21M  19.3KB/s  用时 8m 55s  

2021-10-31 15:43:33 (19.6 KB/s) - 已保存 “php-8.0.10.tar.xz” [10703088/10703088])

[root@R2 src]# ls
debug    mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz
kernels  nginx-1.20.1.tar.gz
mysql    php-8.0.10.tar.xz

//解压编译安装
[root@R2 src]# tar xf php-8.0.10.tar.xz -C /usr/local/
[root@R2 src]# ls /usr/local/
bin  games    lib    libexec  nginx         php-8.0.10  share
etc  include  lib64  mysql    nginx-1.20.1  sbin        src
[root@R2 src]# cd /usr/local/
[root@R2 local]# cd php
[root@R2 php]# ./configure --prefix=/usr/local/php  --with-config-file-path=/etc --enable-fpm --disable-debug --disable-rpath --enable-shared --enable-soap --with-openssl --enable-bcmath --with-iconv --with-bz2 --enable-calendar --with-curl --enable-exif  --enable-ftp --enable-gd --with-jpeg --with-zlib-dir --with-freetype --with-gettext --enable-mbstring --enable-pdo --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-readline --enable-shmop --enable-simplexml --enable-sockets --with-zip --enable-mysqlnd-compression-support --with-pear --enable-pcntl --enable-posix
+--------------------------------------------------------------------+
| License:                                                           |
| This software is subject to the PHP License, available in this     |
| distribution in the file LICENSE. By continuing this installation  |
| process, you are bound by the terms of this license agreement.     |
| If you do not agree with the terms of this license, you must abort |
| the installation process at this point.                            |
+--------------------------------------------------------------------+

Thank you for using PHP.

[root@R2 php]# make && make install

//环境变量
[root@R2 php]# echo 'export PATH=/usr/local/php8/bin:$PATH' > /etc/profile.d/php.sh
[root@R2 php]# source /etc/profile.d/php.sh
[root@R2 php]# php -v
PHP 8.0.10 (cli) (built: Oct 31 2021 16:19:31) ( NTS )
Copyright (c) The PHP Group
Zend Engine v4.0.10, Copyright (c) Zend Technologies


//配置php-fpm
[root@R2 php]# cp php.ini-production /etc/php.ini
[root@R2 php]# cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
[root@R2 php]# chmod +x /etc/init.d/php-fpm 
[root@R2 php]# cp /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf
[root@R2 php]# cp /usr/local/php/etc/php-fpm.d/www.conf.default /usr/local/php/etc/php-fpm.d/www.conf
[root@R2 php]# service php-fpm startStarting php-fpm  done
[root@R2 php]# 

[root@LB ~]# cat /usr/local/nginx/conf/nginx.conf

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    upstream static {
        server 192.168.75.143;    //设置静态访问
    }

    upstream dynamic {
        server 192.168.75.144;    //设置动态访问
    }

    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            proxy_pass http://static;    //访问静态处理
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        location ~ .php$ {
            proxy_pass   http://dynamic;    //访问动态和处理：
        }

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ .php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  script_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}
[root@LB ~]# 

访问测试