Shulou(Shulou.com)06/03 Report--

1. General introduction

Lnmp architecture (Linux+nginx+mysql+php) is the mainstream architecture of a website at present, which contains the most basic requirements of a website: running environment + web container + dynamic page processing + storage. Of course, the same mainstream architecture is lamp, but I think the performance of nginx is better under the current trend.

II. Advantages of Nginx

Nginx is a high-performance web server, reverse proxy server and load balancing server. Its high performance is mainly reflected in the introduction of the event-driven Icano model, which supports high concurrency and occupies less memory resources. As a web server, nginx uses fewer resources and supports more concurrent connections than apache. Nginx handles static files and index files, and automatic indexing is very efficient. As a reverse proxy server, nginx can implement a cacheless reverse proxy to improve the running speed of the website. As a load balancer server, nginx can not only support Rails and PHP internally, but also support HTTP proxy server for external service. At the same time, it supports simple fault tolerance and load balancing using algorithms.

III. Installation and configuration

1. Install and configure nginx

Download the source code package of nginx on the official website: http://nginx.org/en/download.html

I chose nginx-1.12.0.tar.gz here.

1) decompress the source package

[root@server1 ~] # tar zxf nginx-1.12.0.tar.gz

2) install the source package

[root@server1 nginx-1.12.0] # cd auto/cc [root@server1 cc] # vim gcc# debug#CFLAGS= "$CFLAGS-g" # comment out this line and there is no debug information after compilation Nginx files will be reduced a lot [root@server1 nginx-1.12.0] # cd src/core#define NGINX_VER "nginx" # # generally for security reasons will change or hide the nginx version number [root@server1 nginx-1.12.0] # yum install pcre-devel-y # installation dependency [root@server1 nginx-1.12.0] # / configure-- prefix= / usr/local/lnmp/nginx-- with-threads-- with-file-aio-- with-http_ssl_module-- with-http_stub_status_module### can add parameters according to your needs The parameters I added in turn are: set the installation directory, allow multithreading, l allow the system to enable asynchronous io, allow ngx_http_stub_status_module module (this module can get some nginx running status, if it is industrial condition Can be cancelled directly) and allow the ngx_http_ssl_module module [root@server1 nginx-1.12.0] # make&&make install [root@server1 nginx-1.12.0] # cd / usr/local/lnmp/nginx/ [root@server1 nginx] # ln-s / usr/local/lnmp/nginx/sbin/nginx / usr/local/sbin/### to do soft links to facilitate startup

3) configure nginx

The configuration directory of nginx is / usr/local/lnmp/nginx/conf/nginx.conf

[root@server1 nginx] # cd conf [root@server1 conf] # useradd-u 800 nginx # create nginx user [root@server1 conf] # vim nginx.confuser nginx nginx; # change nginx user worker_processes 2 cross processes # change the number of processes, preferably worker_cpu_affinity 01 10 as the number of cpu # bind a process to cpu. Two cpu is 01 10. Four cpu is 0001 0010 0100 1000 # error_log logs/error.log;#error_log logs/error.log notice;#error_log logs/error.log info; # pid logs/nginx.pid; events {worker_connections 4096. # change the maximum number of connections, cannot exceed the maximum number of kernel files sysctl-a | grep file can see} [root@server1 conf] # vim / etc/security/limits.conf # change the nginx user's kernel limit, the maximum number of user processes and the number of files opened. If the maximum number of connections set above is larger than the number here, it is useless that the maximum can only reach 4096 of the number set here. Ulimit-a can view kernel restrictions nginx-nproc 4096nginx-nofile 4096 [root@server1 conf] # su nginx [nginx@server1 conf] $ulimit-acore file size (blocks,-c) 0data seg size (kbytes,-d) unlimitedscheduling priority (- e) 0file size (blocks -f) unlimitedpending signals (- I) 14868max locked memory (kbytes,-l) 64max memory size (kbytes,-m) unlimitedopen files (- n) 4096pipe size (512bytes,-p) 8POSIX message queues (bytes,-Q) 819200real-time priority (- r) 0stack size (kbytes -s) 10240cpu time (seconds,-t) unlimitedmax user processes (- u) 4096virtual memory (kbytes,-v) unlimitedfile locks (- x) unlimited [root@server1 conf] # nginx-t [root@server1 conf] # nginx # add virtual server [root@server1 conf] # vim nginx.conf server {listen 80 Server_name www.westos.com; location / {root / web1; # release directory index index.html;}} server {listen 80; server_name www.linux.com; location / {root / web2; index index.html }} [root@server1 conf] # mkdir / web1 [root@server1 conf] # mkdir / web2 [root@server1 conf] # echo 'westos' > / web1/index.html [root@server1 conf] # echo' linux' > / web2/index.html [root@server1 conf] # nginx-t [root@server1 conf] # nginx-s reload### Test the following [root@server1 conf] # curl-I www.westos.com # # Url visits HTTP/1.1 200OKServer: nginxDate: Sun 14 May 2017 06:00:25 GMTContent-Type: text/htmlContent-Length: 7Last-Modified: Sun, 14 May 2017 05:40:05 GMTConnection: keep-aliveETag: "5917edb5-7" Accept-Ranges: bytes # add https [root@server1 conf] # vim nginx.conf # HTTPS server server {listen 443 ssl Server_name localhost; ssl_certificate cert.pem; ssl_certificate_key cert.pem; # # for testing convenience, I set the key and certificate settings as ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers High Vista null LDA Md 5; ssl_prefer_server_ciphers on; location / {root html; index index.html index.htm }} [root@server1 conf] # cd / etc/pki/tls/certs/ [root@server1 certs] # lsca-bundle.crt make-dummy-cert renew-dummy-certca-bundle.trust.crt Makefile [root@server1 certs] # make cert.pem # generate a temporary certificate umask 77;\ PEM1= `/ bin/mktemp / tmp/ openssl.XXXXXX`;\ PEM2=` / bin/mktemp / tmp/ openssl.XXXXXX` \ / usr/bin/openssl req-utf8-newkey rsa:2048-keyout $PEM1-nodes-x509-days 365-out $PEM2-set_serial 0;\ cat $PEM1 > cert.pem;\ echo "> cert.pem;\ cat $PEM2 > > cert.pem \ rm-f $PEM1 $PEM2Generating a 2048 bit RSA private key. .. + +.. + writing new private key to'/ tmp/openssl.f7Dpjt'-You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name ora DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value If you enter'.', the field will be left blank.-Country Name (2 letter code) [XX]: CNState or Province Name (full name) []: ShaanxiLocality Name (eg, city) [Default City]: xi'anOrganization Name (eg, company) [Default Company Ltd]: westosOrganizational Unit Name (eg, section) []: linuxCommon Name (eg) Your name or your server's hostname) []: server1Email Address []: root@localhost [root@server1 certs] # mv cert.pem / usr/local/lnmp/nginx/conf/ # put the certificate under the configuration directory of nginx [root@server1 certs] # nginx-t # detect whether it is normal [root@server1 certs] # nginx-s reload # reload nginx # redirect [root@server1 conf] # vim nginx.conf server {listen 80 Server_name www.princekin.com; # # rewrite all accesses that begin with www.princekin.com to https://www.prince.com rewrite ^ (. *) https://www.prince.com; } [root@server1 conf] # nginx-t [root@server1 conf] # nginx-s reload # load balancer and reverse proxy [root@server1 conf] # vim nginx.conf### introduces upstream module as load balancer http {upstream westos {server 172.25.45.2 server 80; server 172.25.45.3 server 80; server 172.25.45.1 server 8080 # when 2 and 3 are down, visit 1mai 1 for backup} # introduce proxy_pass as a reverse proxy server {listen 80; server_name www.westos.com; rewrite ^ (. *) http://www.linux.com;} server {listen 80; server_name www.linux.com Location / {proxy_pass http://westos; Open http8080 port http as nginx maintenance interface [root@server1 conf] # yum install httpd-y [root@server1 conf] # vim / etc/httpd/conf/httpd.conf ServerName 172.25.45.1Listen 8080 [root@server1 conf] # vim / var/www/html/index.html write [root@server1 conf] # / etc/init.d/httpd start and open two virtual machines for server2 and server3 Either nginx or httpd can be configured # Test results [root@server1 conf] # for i in {1... 10} Do curl www.linux.com;doneserver3server2server3server2server3server2server3server2server3server2

two。 Install and configure mysql

Download from the official website: https://www.mysql.com/downloads/

Mysql-boost-5.7.17.tar.gz (can also be downloaded without boost, the package will be smaller, but you need to download the boost package separately when compiling)

Dependencies need to be installed when compiling source code packages:

Gcc gcc-c++ ncurses-devel bison openssl-devel zlib-devel cmake (the version that comes with the system is too low, it must be in the latest version from the official website)

[root@server1mysql-5.7.17] # yum install-y gcc gcc-c++ make ncurses-devel bison openssl-devel zlib-devel cmake [root@server1mysql-5.7.17] # tar zxvf mysql-boost-5.7.12.tar.gz [root@server1mysql-5.7.17] # cd mysql-5.7.17 [root@server1mysql-5.7.17] # cmake-DCMAKE_INSTALL_PREFIX=/usr/local/mysql\ # installation directory-DMYSQL_DATADIR=/usr/ Local/mysql/data\ # Database storage directory-DMYSQL_UNIX_ADDR=/usr/local/mysql/data/mysql.sock\ # Unix socket file path-DWITH_MYISAM_STORAGE_ENGINE=1\ # install myisam storage engine-DWITH_INNOBASE_STORAGE_ENGINE=1\ # install innodb storage engine-DWITH_ARCHIVE_STORAGE_ENGINE=1\ # install archive storage engine-DWITH_BLACKHOLE_STORAGE_ENGINE=1\ # install blackhole storage engine-DWITH_PARTITION_STORAGE_ENGINE=1\ # Security Install database partition-DENABLED_LOCAL_INFILE=1\ # allow data to be imported locally-DWITH_READLINE=1\ # shortcut key function-DWITH_SSL=yes\ # support SSL-DDEFAULT_CHARSET=utf8\ # use utf8 characters-DDEFAULT_COLLATION=utf8_general_ci\ # check characters-DEXTRA_CHARSETS=all\ # install all extended character sets-DMYSQL_TCP_PORT=3306\ # MySQL listening port default can not be written-DWITH-BOOST=boost/boost_1_59_0/ [root @ server1 mysql-5.7.17] # make & & make install # when recompiled Old object files and cache information need to be cleared make cleanrm-f CmakeCache.txt [root@server1 mysql-5.7.17] # cd / usr/local/lnmp/mysql [root@server1 mysql] # cd support-files [root@server1 support-files] # cp my-default.cnf / etc/my.cnf [root@server1 support-files] # cp mysql.server / etc/init.d/mysqld [root@server1 mysql] # useradd-u 27-s / sbin/nologin mysql [root@server1 mysql ] # groupmod-g 27 mysql [root@server1 mysql] # chown mysql.mysql-R. [root@server1 bin] # vim ~ / .bash_profile PATH=$PATH:$HOME/bin:/usr/local/lnmp/mysql/bin # # add the environment variable [root@server1 bin] # source ~ / .bash_profile [root@server1 mysql] # mysqld-- initialize-- user=mysql # initialize 2017-05-14T05:22:13.918714Z 1 [Note] A temporary password is generated for root@localhost: XUpjk0SNh5+C # provide the root initialization password [root@server1 mysql] # / etc/init.d/mysqld start # start the service [root@server1 mysql] # mysql-pEnter password: # copy the password provided above Enter mysqlmysql > show databases ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement. # the reason for reporting an error is to change the password mysql > alter user root@localhost identified by 'Lee+88888'; Query OK, 0 rows affected (0.00 sec) # to change the password, you must have uppercase letters, special characters, and numbers exceeding 8 digits mysql > show databases +-+ | Database | +-+ | information_schema | | mysql | | performance_schema | | sys | +-+ 4 rows in set (0.00 sec) # do security initialization [root@server1 mysql ] # mysql_secure_installation-pEnter password: Securing the MySQL server deployment. VALIDATE PASSWORD PLUGIN can be used to test passwordsand improve security. It checks the strength of passwordand allows the users to set only those passwords which aresecure enough. Would you like to setup VALIDATE PASSWORD plugin? Press y | Y for Yes, any other key for No: Using existing password for root.Change the password for root? ((Press y | Y for Yes, any other key for No):... Skipping.By default, a MySQL installation has an anonymous user,allowing anyone to log into MySQL without having to havea user account created for them. This is intended only fortesting, and to make the installation go a bit smoother.You should remove them before moving into a productionenvironment. Remove anonymous users? (Press y | Y for Yes, any other key for No): ySuccess. Normally, root should only be allowed to connect from'localhost'. This ensures that someone cannot guess atthe root password from the network. Disallow root login remotely? (Press y | Y for Yes, any other key for No): ySuccess. By default, MySQL comes with a database named 'test' thatanyone can access. This is also intended only for testing,and should be removed before moving into a productionenvironment. Remove test database and access to it? (Press y | Y for Yes, any other key for No): y-Dropping test database...Success. -Removing privileges on test database...Success. Reloading the privilege tables will ensure that all changesmade so far will take effect immediately. Reload privilege tables now? (Press y | Y for Yes, any other key for No): ySuccess. All done!

3. Install and configure php

Download from php official website: http://php.net/downloads.php

[root@server1 ~] # tar jxf php-5.6.20.tar.bz2

Dependency packages that need to be downloaded:

Libmcrypt-2.5.8-9.el6.x86_64.rpm libmcrypt-devel-2.5.8-9.el6.x86_64.rpm re2c-0.13.5-1.el6.x86_64.rpm gd-devel-2.0.35-11.el6.x86_64.rpm

[root@server1] # yum install libmcrypt-2.5.8-9.el6.x86_64.rpm libmcrypt-devel-2.5.8-9.el6.x86_64.rpm re2c-0.13.5-1.el6.x86_64.rpm gd-devel-2.0.35-11.el6.x86_64.rpm [root@server1 php-5.6.20] # yum install net-snmp-devel gmp-devel curl-devel libxml2-devel-y [root@server1 php-5. 6.20] # / configure-- prefix=/usr/local/lnmp/php-- with-config-file-path=/usr/local/lnmp/php/etc-- with-mysql-- with-mysqli-- with-pdo-mysql-- enable-mysqlnd-- with-openssl-- with-snmp-- with-gd-- with-zlib-- with-curl-- with-libxml-dir-- with-png-dir-- with-jpeg-dir-- with-freetype-dir-- with-pear- -with-gettext-- with-gmp-- enable-inline-optimization-- enable-soap-- enable-ftp-- enable-sockets-- enable-fpm-- with-fpm-user=nginx-- with-fpm-group=nginx-- with-mcrypt-- with-mhash [root@server1 php-5.6.20] # make & & make install [root@server1 php-5.6.20] # cd / usr/local/lnmp/php [root@server1 php] # cd etc/ [root@server1 etc ] # cp php-fpm.conf.default php-fpm.conf [root@server1 php-5.6.20] # cp php.ini-production / usr/local/lnmp/php/etc/php.ini [root@server1 php-5.6.20] # cd / usr/local/lnmp/php/etc/ [root@server1 etc] # vim php.ini date.timezone = Asia/Shanghai # change the time zone pdo_mysql.default_socket=/usr/local/lnmp/ Mysql/data/mysql.sock mysqli.default_socket = / usr/local/lnmp/mysql/data/mysql.sockmysql.default_socket = / usr/local/lnmp/mysql/data/mysql.sock### add mysql.sock [root@server1 etc] # vim php-fpm.conf [global] Pid file; Note: the default prefix is / usr/local/lnmp/php/var Default Value: nonepid = run/php-fpm.pid # remove the comment [root@server1 etc] # cd ~ / php-5.6.20/sapi/fpm/ [root@server1 fpm] # cp init.d.php-fpm / etc/init.d/php-fpm # add the php-fpm startup item to / etc/init.d [root@server1 fpm] # chmod + x / etc/init.d/php-fpm # here Line permissions [root@server1 fpm] # / etc/init.d/php-fpm start

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.