配置一个nginx+php-fpm的web服务器-低调大师

配置一个nginx+php-fpm的web服务器

2018-06-27 582

一、基本信息

系统（L）：CentOS 6.9 #下载地址：http://mirrors.sohu.com
Web服务器(N)：NGINX 1.14.0 #下载地址：http://nginx.org/en/download.html
数据库服务器(M)：MySQL 5.6.40 #下载地址：https://dev.mysql.com/downloads/mysql
PHP-FPM服务器(P)：php-5.6.8 #下载地址：http://mirrors.sohu.com/php/
OPENSSL：openssl-1.1.0h #下载地址：https://www.openssl.org/source/

指定服务安装的通用位置

mkdir /usr/local/services
SERVICE_PATH=/usr/local/services

创建服务运行的账户

useradd -r -M -s /sbin/nologin www

安装所需依赖包

yum -y install pcre pcre-devel \
gperftools gcc zlib-devel \
libxml2 libxml2-devel \
bzip2 bzip2-devel \
curl curl-devel \
libjpeg-devel libjpeg  \
libpng-devel libpng \
freetype freetype-devel \
libmcrypt libmcrypt-devel \
openssl-devel

二、软件安装配置

1、NGINX+OPENSSL安装

下载解压NGINX+OPENSSL

NGINX_URL="http://nginx.org/download/nginx-1.14.0.tar.gz"
OPENSSL_URL="https://www.openssl.org/source/openssl-1.1.0h.tar.gz"

wget -P ${SERVICE_PATH} ${NGINX_URL} && tar -zxvf  ${SERVICE_PATH}/nginx*.tar.gz -C ${SERVICE_PATH}
wget -P ${SERVICE_PATH} ${OPENSSL_URL} && tar -zxvf ${SERVICE_PATH}/openssl*.gz -C ${SERVICE_PATH}

编译安装NGINX

cd ${SERVICE_PATH}/nginx-*;./configure \
--prefix=${SERVICE_PATH}/nginx \
--user=www --group=www \
--with-http_stub_status_module \
--with-http_ssl_module \
--with-http_flv_module \
--with-pcre \
--with-http_gzip_static_module \
--with-openssl=${SERVICE_PATH}/openssl-* \
--with-http_realip_module \
--with-google_perftools_module \
--without-select_module \
--without-mail_pop3_module \
--without-mail_imap_module \
--without-mail_smtp_module \
--without-poll_module \
--without-http_autoindex_module \
--without-http_geo_module \
--without-http_uwsgi_module \
--without-http_scgi_module \
--without-http_memcached_module \
--with-cc-opt='-O2' && cd ${SERVICE_PATH}/nginx-*;make && make install

写入主配置文件nginx.conf（配置已优化）

cat << EOF >${SERVICE_PATH}/nginx/conf/nginx.conf
user  www;
worker_processes  WORKERNUMBER;
worker_cpu_affinity auto;
worker_rlimit_nofile 655350;

error_log  /var/log/nginx_error.log;
pid  /tmp/nginx.pid;

google_perftools_profiles /tmp/tcmalloc;

events {
    use epoll;
    worker_connections  655350;
    multi_accept on;
}

http {
        charset  utf-8;
        include       mime.types;
        default_type  text/html;

       log_format  main  '"\$remote_addr" - [\$time_local] "\$request" '
                                      '\$status $body_bytes_sent "\$http_referer" '
                                      '"\$http_user_agent" '
                                      '"\$sent_http_server_name \$upstream_response_time" '
                                      '\$request_time '
                                      '\$args';


        sendfile        on;
        tcp_nopush     on;
        tcp_nodelay on;
        keepalive_timeout  120;
        client_body_buffer_size 512k;
        client_header_buffer_size 64k;
        large_client_header_buffers 4 32k;
        client_max_body_size 300M;
        client_header_timeout 15s;
        client_body_timeout 50s;
        open_file_cache max=102400 inactive=20s;
        open_file_cache_valid 30s;
        open_file_cache_min_uses 1;
        server_names_hash_max_size 2048;
        server_names_hash_bucket_size 256;
        server_tokens off;
        gzip  on;
        gzip_proxied any;
        gzip_min_length  1024;
        gzip_buffers     4 8k;
        gzip_comp_level 9;
        gzip_disable "MSIE [1-6]\.";
        gzip_types application/json test/html text/plain text/css application/font-woff  application/pdf application/octet-stream application/x-javascript application/javascript application/xml text/javascript;
        fastcgi_cache_path /dev/shm/ levels=1:2 keys_zone=fastcgicache:512m inactive=10m max_size=3g;
        fastcgi_cache_lock on;
        fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
        fastcgi_send_timeout 300;
        fastcgi_connect_timeout 300;
        fastcgi_read_timeout 300;
        fastcgi_buffer_size 256k;
        fastcgi_buffers 4 128k;
        fastcgi_busy_buffers_size 256k;
        fastcgi_temp_file_write_size 256k;


        include vhost/*.conf;
}
EOF

NGINX worker进程数配置，指定为逻辑CPU数量的2倍

THREAD=`expr $(grep process /proc/cpuinfo |wc -l) \* 2`
sed -i s"/WORKERNUMBER/$THREAD/" ${SERVICE_PATH}/nginx/conf/nginx.conf

2、PHP-FPM安装

下载并解压PHP-FPM软件

FPM_URL="http://mirrors.sohu.com/php/php-5.6.8.tar.gz"
wget -P ${SERVICE_PATH} ${FPM_URL} && tar -zxvf ${SERVICE_PATH}/php*.tar.gz -C ${SERVICE_PATH}

编译安装PHP-FPM

cd ${SERVICE_PATH}/php-*;./configure \
--prefix=${SERVICE_PATH}/php  \
--with-gd  \
--with-mcrypt  \
--with-mysql=mysqlnd  \
--with-mysqli=mysqlnd  \
--with-pdo-mysql=mysqlnd  \
--enable-maintainer-zts  \
--enable-ftp  \
--enable-zip  \
--with-bz2  \
-with-iconv-dir  \
--with-freetype-dir  \
--with-jpeg-dir  \
--with-png-dir  \
--with-config-file-path=${SERVICE_PATH}/php  \
--enable-mbstring  \
--enable-fpm \
--with-fpm-user=www \
--with-fpm-group=www \
--disable-debug  \
--enable-opcache  \
--enable-soap  \
--with-zlib  \
--with-libxml-dir=/usr  \
--enable-xml  \
--disable-rpath  \
--enable-bcmath  \
--enable-shmop  \
--enable-sysvsem  \
--enable-inline-optimization  \
--with-curl  \
--enable-mbregex  \
--enable-gd-native-ttf  \
--with-openssl \
--with-mhash  \
--enable-pcntl  \
--enable-sockets  \
--with-xmlrpc  \
--with-pear  \
--with-gettext  \
--disable-fileinfo  && cd ${SERVICE_PATH}/php-*;make && make install

若FPM程序有插件需求，如mongo或redis连接插件，则可通过pecl安装php相关插件

${SERVICE_PATH}/php/bin/pecl install mongo || exit

${SERVICE_PATH}/php/bin/pecl install redis || exit

php.ini配置文件写入（配置已优化）

cat << EOF >${SERVICE_PATH}/php/php.ini 
[PHP]
engine = On
short_open_tag = Off
asp_tags = Off
precision = 14
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
unserialize_callback_func =
serialize_precision = 17
disable_functions = shell_exec,phpinfo,exec
disable_classes =
zend.enable_gc = On
expose_php = Off
max_execution_time = 60
max_input_time = 60
memory_limit = 128M
error_reporting = E_WARING & ERROR
display_errors = Off
display_startup_errors = Off
log_errors = On
log_errors_max_len = 2048
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
track_errors = Off
html_errors = Off
error_log = /var/log/php_errors.log
variables_order = "GPCS"
request_order = "GP"
register_argc_argv = Off
auto_globals_jit = On
post_max_size = 8M
auto_prepend_file =
auto_append_file =
default_mimetype = "text/html"
default_charset = "UTF-8"
doc_root =
user_dir =
enable_dl = Off
cgi.fix_pathinfo=0
file_uploads = On
upload_max_filesize = 2M
max_file_uploads = 20
allow_url_fopen = Off
allow_url_include = Off
default_socket_timeout = 60
[CLI Server]
cli_server.color = On
[Date]
[filter]
[iconv]
[intl]
[sqlite]
[sqlite3]
[Pcre]
[Pdo]
[Pdo_mysql]
pdo_mysql.cache_size = 2000
pdo_mysql.default_socket=
[Phar]
[mail function]
SMTP = localhost
smtp_port = 25
mail.add_x_header = On
[SQL]
sql.safe_mode = Off
[ODBC]
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1
[Interbase]
ibase.allow_persistent = 1
ibase.max_persistent = -1
ibase.max_links = -1
ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
ibase.dateformat = "%Y-%m-%d"
ibase.timeformat = "%H:%M:%S"
[MySQL]
mysql.allow_local_infile = On
mysql.allow_persistent = On
mysql.cache_size = 2000
mysql.max_persistent = -1
mysql.max_links = -1
mysql.default_port =
mysql.default_socket =
mysql.default_host =
mysql.default_user =
mysql.default_password =
mysql.connect_timeout = 60
mysql.trace_mode = Off
[MySQLi]
mysqli.max_persistent = -1
mysqli.allow_persistent = On
mysqli.max_links = -1
mysqli.cache_size = 2000
mysqli.default_port = 3306
mysqli.default_socket =
mysqli.default_host =
mysqli.default_user =
mysqli.default_pw =
mysqli.reconnect = Off
[mysqlnd]
mysqlnd.collect_statistics = On
mysqlnd.collect_memory_statistics = Off
[OCI8]
[PostgreSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
pgsql.ignore_notice = 0
pgsql.log_notice = 0
[Sybase-CT]
sybct.allow_persistent = On
sybct.max_persistent = -1
sybct.max_links = -1
sybct.min_server_severity = 10
sybct.min_client_severity = 10
[bcmath]
bcmath.scale = 0
[browscap]
[Session]
session.save_handler = files
session.save_path = "/tmp"
session.use_strict_mode = 0
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.referer_check =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 5
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
[MSSQL]
mssql.allow_persistent = On
mssql.max_persistent = -1
mssql.max_links = -1
mssql.min_error_severity = 10
mssql.min_message_severity = 10
mssql.compatibility_mode = Off
mssql.secure_connection = Off
[Assertion]
[COM]
[mbstring]
[gd]
gd.jpeg_ignore_warning = 0
[exif]
[Tidy]
tidy.clean_output = Off
[soap]
soap.wsdl_cache_enabled=1
soap.wsdl_cache_dir="/tmp"
soap.wsdl_cache_ttl=86400
soap.wsdl_cache_limit = 5
[sysvshm]
[ldap]
ldap.max_links = -1
[mcrypt]
[dba]
[opcache]
opcache.enable=1
opcache.enable_cli=0
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=4000
opcache.validate_timestamps=1
opcache.revalidate_freq=30
opcache.fast_shutdown=1
opcache.enable_file_override=1
[curl]
[openssl]
extension_dir='${SERVICE_PATH}/php/lib/php/extensions/'
;extension=mongo.so
;extension=redis.so
EOF

php-fpm.conf配置文件写入（配置已优化）

cat << EOF >${SERVICE_PATH}/php/etc/php-fpm.conf
[global]
error_log = /var/log/php-fpm-error.log
log_level = warning
process_control_timeout = 10
rlimit_files = 655350
events.mechanism = epoll
[www]
user = www
group = www
listen = /dev/shm/php-fpm.sock
listen.backlog = 2048
listen.owner = www
listen.group = www
listen.mode = 0660
pm = dynamic
pm.max_children = 200
pm.start_servers = 105
pm.min_spare_servers = 10
pm.max_spare_servers = 200
pm.process_idle_timeout = 10s;
pm.max_requests = 1000
pm.status_path = /fpmstatus
ping.path = /ping
ping.response = pong
slowlog = /var/log/php-slow-$pool.log
request_slowlog_timeout = 10
request_terminate_timeout = 0
rlimit_files = 655350
security.limit_extensions = .php
EOF

三、基于以上配置PHP网站

mkdir /usr/local/nginx/conf/vhost

cat << EOF > /usr/local/nginx/conf/vhost/erbiao.ex.com.conf
server
        {
                listen 80 backlog=1024;
                server_name erbiao.ex.com;
                index index.php index.html ;
                root  /www/web/;
                access_log off;
                add_header Server-Name WEBerbiaoEX;

                location ~ \.php {
                   fastcgi_pass  unix:/dev/shm/php-fpm.sock;
                   fastcgi_index index.php;
                   include fastcgi.conf;
                   set \$real_script_name \$fastcgi_script_name;
                   if (\$fastcgi_script_name ~ "^(.+?\.php)(/.+)\$") {
                   set \$real_script_name \$1;
                   set \$path_info \$2;
          }
                   fastcgi_param SCRIPT_FILENAME \$document_root\$real_script_name;
                   fastcgi_param SCRIPT_NAME \$real_script_name;
                   fastcgi_param PATH_INFO \$fastcgi_path_info;


                location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
                        {
                                expires      30d;
                        }

                location ~ .*\.(js|css)?$
                        {
                                expires      12h;
                        }

        }

}
EOF

若在同一服务器运行nginx和php-fpm，并发量不超过1000，选择unix socket，如此可避免一些检查操作(路由等)，因此更快，更轻。若是高并发业务，则选择使用更可靠的tcp socket，以负载均衡、内核优化等运维手段维持效率

四、安装完成后的清理与生成目录快捷方式

rm -rf ${SERVICE_PATH}/{nginx*.tar.gz,openssl*.tar.gz,php*.tar.gz}
rm -rfv ${SERVICE_PATH}/nginx/conf/*.default
rm -rfv ${SERVICE_PATH}/php/etc/*.default

ln -sv ${SERVICE_PATH}/nginx /usr/local/
ln -sv ${SERVICE_PATH}/php /usr/local/

五、启动服务

生成php-fpm系统服务脚本，并加入开机启动项

ln -sv ${SERVICE_PATH}/php-*/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
chmod a+x /etc/init.d/php-fpm
chkconfig php-fpm --add && chkconfig php-fpm on

生成nginx系统服务脚本，并加入开机启动项

cat << EOF > /etc/init.d/nginx
#!/bin/bash
#
# nginx - this script starts and stops the nginx daemon
#
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /etc/nginx/nginx.conf
# config: /etc/sysconfig/nginx
# pidfile: /var/run/nginx.pid

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

#create temp dir in memory
mkdir -p /dev/shm/nginx/fastcgi_temp/

# Check that networking is up.
[ "\$NETWORKING" = "no" ] && exit 0

TENGINE_HOME="/usr/local/nginx/"
nginx=\$TENGINE_HOME"sbin/nginx"
prog=\$(basename \$nginx)

NGINX_CONF_FILE=\$TENGINE_HOME"conf/nginx.conf"

[ -f /etc/sysconfig/nginx ] && /etc/sysconfig/nginx

lockfile=/var/lock/subsys/nginx

start() {
    [ -x \$nginx ] || exit 5
    [ -f \$NGINX_CONF_FILE ] || exit 6
    echo -n \$"Starting \$prog: "
    daemon \$nginx -c \$NGINX_CONF_FILE
    retval=\$?
    echo
    [ \$retval -eq 0 ] && touch \$lockfile
    return \$retval
}

stop() {
    echo -n \$"Stopping \$prog: "
    killproc \$prog -QUIT
    retval=\$?
    echo
    [ \$retval -eq 0 ] && rm -f \$lockfile
    return \$retval
    killall -9 nginx
}

restart() {
    configtest || return \$?
    stop
    sleep 1
    start
}

reload() {
    configtest || return \$?
    echo -n \$"Reloading \$prog: "
    killproc \$nginx -HUP
    RETVAL=\$?
    echo
}

force_reload() {
    restart
}

configtest() {
    \$nginx -t -c \$NGINX_CONF_FILE
}

rh_status() {
    status \$prog
}

rh_status_q() {
    rh_status >/dev/null 2>&1
}

case "\$1" in
start)
    rh_status_q && exit 0
    \$1
;;
stop)
    rh_status_q || exit 0
    \$1
;;
restart|configtest)
    \$1
;;
reload)
    rh_status_q || exit 7
        \$1
;;
force-reload)
    force_reload
;;
status)
    rh_status
;;
condrestart|try-restart)
    rh_status_q || exit 0
;;
*)

echo \$"Usage: \$0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
EOF

chmod a+x /etc/init.d/nginx
chkconfig nginx --add && chkconfig nginx on

启动服务

service nginx restart
service php-fpm restart

命令其他选项

nginx
├── -s选项，向主进程发送信号
|   ├── reload参数，重新加载配置文件
|   ├── stop参数，快速停止nginx
|   ├── reopen参数，重新打开日志文件
|   ├── quit参数，Nginx在退出前完成已经接受的连接请求
├── -t选项，检查配置文件是否正确
├── -c选项，用于指定特定的配置文件并启动nginx
├── -V选项（大写），显示nginx编译选项与版本信息

php-fpm
├── -t选项，检查配置文件是否正确
├── -m选项，显示所有已安装模块
├── -i选项，显示PHP详细信息
├── -v选项，显示版本信息

微信关注我们

原文链接：https://yq.aliyun.com/articles/606189

转载内容版权归作者及来源网站所有！

低调大师中文资讯倾力打造互联网数据资讯、行业资源、电子商务、移动互联网、网络营销平台。持续更新报道IT业界、互联网、市场资讯、驱动更新,是最及时权威的产业资讯及硬件资讯报道平台。

c# 全局钩子实现扫码枪获取信息。

原文: c# 全局钩子实现扫码枪获取信息。 1.扫描枪获取数据原理基本相当于键盘数据，获取扫描枪扫描出来的数据，一般分为两种实现方式。 a）文本框输入获取焦点，扫描后自动显示在文本框内。 b）使用键盘钩子，勾取扫描枪虚拟按键，根据按键频率进行手动输入和扫描枪扫描判断。 2.要实现系统钩子其实很简单，调用三个Win32的API即可。 SetWindowsHookEx用于设置钩子。（设立一道卡子，盘查需要的信息） CallNextHookEx用于传递钩子（消息是重要的，所以从哪里来，就应该回到哪里去，除非你决定要封锁消息） UnhookWindowsHookEx卸载钩子（卸载很重要，卡子设多了会造成拥堵）版本一： using System; using System.Collections.Generic; using System.Text; using System.Runtime.InteropServices; using System.Reflection; using System.Diagnostics; namespace SaomiaoTest2 { /// <s...

2018-06-28

865

方式一、使用ServletActionContext（耦合度高，不建议使用） public String login(){ ServletActionContext.getRequest().getSession().setAttribute("user","王彬"); return "success"; } Struts.xml <action name="login" class="cn.xcq.entity.Action1" method="login"> <result>/success.jsp</result> </action> Success.jsp <%@ page contentType="text/html;charset=UTF-8" language="java" isELIgnored="false" %> <html> <head> <title>Title</title> </head> <body> <h1>成功...

2018-06-28

562

资源下载

更多资源

优质分享App

近一个月的开发和优化，本站点的第一个app全新上线。该app采用极致压缩，本体才4.36MB。系统里面做了大量数据访问、缓存优化。方便用户在手机上查看文章。后续会推出HarmonyOS的适配版本。

Mario

马里奥是站在游戏界顶峰的超人气多面角色。马里奥靠吃蘑菇成长，特征是大鼻子、头戴帽子、身穿背带裤，还留着胡子。与他的双胞胎兄弟路易基一起，长年担任任天堂的招牌角色。

Spring

Spring框架（Spring Framework）是由Rod Johnson于2002年提出的开源Java企业级应用框架，旨在通过使用JavaBean替代传统EJB实现方式降低企业级编程开发的复杂性。该框架基于简单性、可测试性和松耦合性设计理念，提供核心容器、应用上下文、数据访问集成等模块，支持整合Hibernate、Struts等第三方框架，其适用范围不仅限于服务器端开发，绝大多数Java应用均可从中受益。

Rocky Linux

Rocky Linux（中文名：洛基）是由Gregory Kurtzer于2020年12月发起的企业级Linux发行版，作为CentOS稳定版停止维护后与RHEL（Red Hat Enterprise Linux）完全兼容的开源替代方案，由社区拥有并管理，支持x86_64、aarch64等架构。其通过重新编译RHEL源代码提供长期稳定性，采用模块化包装和SELinux安全架构，默认包含GNOME桌面环境及XFS文件系统，支持十年生命周期更新。