nginx动静分离

搭建Nginx动静分离

Nginx动静分离介绍

• Nginx的静态处理能力很强，但是动态处理能力不足，因此，在企业中常用动静分离技术

• 针对PHP的动静分离

  • 静态页面交给Nginx处理
  • 动态页面交给PHP-FPM模块或Apache处理
• 在Nginx的配置中，是通过location配置段配合正则匹配实现静态与动态页面的不同处理方式

  反向代理原理

• Nginx不仅能作为Web服务器，还具有反向代理、负载均衡和缓存的功能
• Nginx通过proxy模块实现将客户端的请求代理至上游服务器，此时nginx与. 上游服务器的连接是通过http协议进行的
• Nginx在实现反向代理功能时的最重要指令为proxy_ _pass, 它能够并能够根据URI、客户端参数或其它的处理逻辑将用户请求调度至上游服务器

配置动静分离

• 架设并调试后端LAMP环境
• 安装配置Nginx处理静态页面请求，在server {};段中加入

[root@nginx php5]#vim /usr/local/httpd/conf/nginx.conf location ~ .*\.(gifiglipeglbmp|swf)$ {   root html;   index index.html index.htm;};

• 配置Nginx处理动态页面请求，在server{};中加入
• 在Apache.工作目录新建test.php
• 重启Nginx并测试

[root@nginx php5]#vim /usr/local/httpd/conf/nginx.conf   server {   .....   location ~ \.php$ {        proxy_ pass http://192.168.9.237:8080;     //LAMP的IP地址   ......

配置实例

• 开启两台Linux虚拟机，一台配置Nginx，一台配置LANM架构，客户端访问nginx网页时Nginx服务处理静态访问信息，LAMP处理动态访问信息，

• 首先在一台Linux系统中搭建lamp架构，这里使用yum安装lamp架构

yum install httpd httpd-devel -y已加载插件：fastestmirror, langpacksLoading mirror speeds from cached hostfile...//省略部分内容...已安装:  httpd.x86_64 0:2.4.6-90.el7.centos      httpd-devel.x86_64 0:2.4.6-90.el7.centos ...//省略部分内容...完毕！[root@localhost ~]# firewall-cmd --permanent --zone=public  --add-service=httpsuccess              //配置防火墙允许http服务在公共区域通过[root@localhost ~]# firewall-cmd --permanent --zone=public  --add-service=httpssuccess             //配置防火墙允许https服务在公共区域通过[root@localhost ~]# firewall-cmd --reload    //重新加载防火墙success[root@localhost ~]# systemctl start httpd.service     //启动http服务

• 在客户机访问httpd服务，看服务是否成功开启

• 安装mariadb（mariadb是MySQL的分支软件，功能与MySQL相同）

[root@localhost ~]# yum install mariadb mariadb-server mariadb-libs mariadb-devel -y已加载插件：fastestmirror, langpacksLoading mirror speeds from cached hostfile * base: ftp.sjtu.edu.cn...//省略部分内容...已安装:  mariadb.x86_64 1:5.5.64-1.el7                   mariadb-devel.x86_64 1:5.5.64-1.el7             mariadb-server.x86_64 1:5.5.64-1.el7           完毕！[root@localhost ~]# systemctl start  mariadb     //启动mariadb服务[root@localhost ~]# netstat -ntap | grep 3306tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      2519/mysqld    [root@localhost ~]# mysql_secure_installation           //设置数据库NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!In order to log into MariaDB to secure it, we'll need the currentpassword for the root user.  If you've just installed MariaDB, andyou haven't set the root password yet, the password will be blank,so you should just press enter here.Enter current password for root (enter for none):        //询问是否给root用户设置密码，直接回车OK, successfully used password, moving on...Setting the root password ensures that nobody can log into the MariaDBroot user without the proper authorisation.Set root password? [Y/n] y             //是否设置密码，输入y确认New password:                         //输入密码Re-enter new password:                //再次输入密码Password updated successfully!Reloading privilege tables.. ... Success!By default, a MariaDB installation has an anonymous user, allowing anyoneto log into MariaDB without having to have a user account created forthem.  This is intended only for testing, and to make the installationgo a bit smoother.  You should remove them before moving into aproduction environment.Remove anonymous users? [Y/n] n     //询问是否删除匿名用户，输入n，不删除 ... skipping.Normally, root should only be allowed to connect from 'localhost'.  Thisensures that someone cannot guess at the root password from the network.Disallow root login remotely? [Y/n] n    //询问是否拒绝root用户远程登录，输入n，不拒绝... skipping.By default, MariaDB comes with a database named 'test' that anyone canaccess.  This is also intended only for testing, and should be removedbefore moving into a production environment.Remove test database and access to it? [Y/n] n  //询问是否删除测试数据库，输入n，不删除 ... skipping.Reloading the privilege tables will ensure that all changes made so farwill take effect immediately.Reload privilege tables now? [Y/n] y     //询问是否重新加载数据库，输入y，重新加载 ... Success!Cleaning up...All done!  If you've completed all of the above steps, your MariaDBinstallation should now be secure.Thanks for using MariaDB!                  //完成设置

• 安装PHP

[root@localhost ~]# yum -y install php             //安装php服务已加载插件：fastestmirror, langpacksLoading mirror speeds from cached hostfile * base: ftp.sjtu.edu.cn...//省略部分内容...已安装:  php.x86_64 0:5.4.16-46.1.el7_7   ...//省略部分内容...完毕！[root@localhost ~]# yum install php-mysql -y        //安装php与mysql连接包已加载插件：fastestmirror, langpacksLoading mirror speeds from cached hostfile * base: ftp.sjtu.edu.cn * extras: ftp.sjtu.edu.cn...//省略部分内容...已安装:  php-mysql.x86_64 0:5.4.16-46.1.el7_7                                                           作为依赖被安装:  php-pdo.x86_64 0:5.4.16-46.1.el7_7                                                             完毕！[root@localhost ~]# yum install -y php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-soap curl curl-devel php-bcmath      //安装php环境包已加载插件：fastestmirror, langpacksLoading mirror speeds from cached hostfile * base: ftp.sjtu.edu.cn...//省略部分内容...已安装:  libcurl-devel.x86_64 0:7.29.0-54.el7             php-bcmath.x86_64 0:5.4.16-46.1.el7_7           php-gd.x86_64 0:5.4.16-46.1.el7_7                php-ldap.x86_64 0:5.4.16-46.1.el7_7             php-mbstring.x86_64 0:5.4.16-46.1.el7_7          php-odbc.x86_64 0:5.4.16-46.1.el7_7             php-pear.noarch 1:1.9.4-21.el7                   php-snmp.x86_64 0:5.4.16-46.1.el7_7             php-soap.x86_64 0:5.4.16-46.1.el7_7              php-xml.x86_64 0:5.4.16-46.1.el7_7              php-xmlrpc.x86_64 0:5.4.16-46.1.el7_7           ...//省略部分内容...完毕！[root@localhost ~]# cd /var/www/html     //进入网页站点[root@localhost html]# vim index.php     //编辑php网页内容 :wq[root@localhost html]# systemctl restart httpd.service    //重启http服务

• 在客户机中测试LAMP机构是否安装成功

安装Nginx

• 在另一台Linux系统中安装Nginx服务

[root@localhost ~]# hostnamectl set-hostname nginx    //为了区分先更改Linux主机名称[root@localhost ~]# su[root@nginx ~]#                      //更改成功[root@nginx nginx-1.12.2]# yum install gcc gcc-c++ make pcre-devel zlib-devel -y  //安装环境包已加载插件：fastestmirror, langpacksLoading mirror speeds from cached hostfile * base: ftp.sjtu.edu.cn...//省略部分内容...已安装:  gcc.x86_64 0:4.8.5-39.el7        gcc-c++.x86_64 0:4.8.5-39.el7 pcre-devel.x86_64 0:8.32-17.el7  zlib-devel.x86_64 0:1.2.7-18.el7...//省略部分内容...完毕！[root@nginx ~]# useradd -M -s /sbin/nologin nginx        //创建程序用户[root@nginx ~]# mount.cifs //192.168.100.10/lnmp /mnt/   //挂载宿主机源码包目录到mnt目录下Password for root@//192.168.100.10/lnmp:  [root@nginx ~]# cd /mnt/                        //进入mnt目录[root@nginx mnt]# tar zvxf nginx-1.12.2.tar.gz -C /opt/     //解压源码包...//省略部分内容...nginx-1.12.2/auto/cc/msvcnginx-1.12.2/auto/cc/namenginx-1.12.2/auto/cc/owcnginx-1.12.2/auto/cc/sunc[root@nginx mnt]# cd /opt/nginx-1.12.2/         //进入解压的nginx文件目录[root@nginx nginx-1.12.2]# ./configure \         //配置nginx> --prefix=/usr/local/nginx \> --user=nginx \> --group=nginx \> --with-http_stub_status_module...//省略部分内容...  nginx http fastcgi temporary files: "fastcgi_temp"  nginx http uwsgi temporary files: "uwsgi_temp"  nginx http scgi temporary files: "scgi_temp[root@nginx nginx-1.12.2]# make && make install    //制作安装nginx...//省略部分内容...test -d '/usr/local/nginx/html' \    || cp -R html '/usr/local/nginx'test -d '/usr/local/nginx/logs' \    || mkdir -p '/usr/local/nginx/logs'make[1]: 离开目录"/opt/nginx-1.12.2"[root@nginx nginx-1.12.2]# ln -s /usr/local/nginx/sbin/* /usr/local/sbin/  //创建软连接文件到系统命令目录[root@nginx nginx-1.12.2]# cd /lib/systemd/system     //进入system管理目录[root@nginx system]# vim nginx.service      //编辑nginx启动脚本文件[Unit]Description=nginxAfter=network.target[Service]Type=forkingPIDFile=/usr/local/nginx/logs/nginx.pidExecStart=/usr/local/nginx/sbin/nginxExecReload=/usr/bin/kill -s HUP $MAINPIDExecStop=/usr/bin/kill -s QUIT $MAINPIDPrivateTmp=true[Install]WantedBy=multi-user.target:wq[root@nginx system]# chmod 754 nginx.service          //添加执行权限[root@nginx system]# systemctl start nginx.service     //启动服务[root@nginx system]# systemctl stop firewalld.service   //关闭防火墙[root@nginx system]# setenforce 0                       //关闭增强性安全功能

• 在客户机测试Nginx服务

配置动静分离

• 在nginx服务配置文件中开启功能，将动态访问转交给LAMP主机处理,以实现动静分离

[root@nginx system]# vim /usr/local/nginx/conf/nginx.conf...//省略部分内容...  error_page   500 502 503 504  /50x.html;        location = /50x.html {            root   html;        }        # proxy the PHP scripts to Apache listening on 127.0.0.1:80        #        location ~ \.php$ {  //开启此模块，并将IP地址更改为LAMP的主机，也就是将动态请求交给LAMP的主机处理            proxy_pass   http://192.168.144.137;           }        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000        #        #location ~ \.php$ {        #    root           html;...//省略部分内容...:wq[root@nginx system]# systemctl stop nginx.service          //关闭服务 [root@nginx system]# systemctl start nginx.service         //重新启动服务

• 在客户测试动静分离是否成功