lamp
来源:互联网 发布:js字符串是一个数组 编辑:程序博客网 时间:2024/05/16 02:52
WEB服务器apache
http://www.taobao.com/index.html
1、http请求的内容
(1)请求行
get:请求方法,其它常见方法:post,put,delete
index.html:请求的文件
http/1.1版:请求的协议
(2)请求头
host:请求的主机
accept:是否接受请求
accept-language:请求内容的语言表示,zh_CN
accept-charset:请求内容的字符编码
accept-encoding:是否启用压缩
referer:http://www.tmall.com/apple/s01.php
User-agent:浏览器的类型和版本
Connection:keepalive
date:访问的日期和时间
(3)请求的实际文件内容
welcome to access my website!!
2、http响应的内容
(1)根据客户端请求的信息进行响应
(2)状态码
100-199:服务器成功接收客户端的请求,有时需要客户机继续发送请求信息完成整个请求的过程
200-299:表示成功处理客户端请求
300-399:找其它服务器,302:找其它的服务器,需要在响应头中有location信息;304,307:找缓存
400-499:403:页面存在,但没有权限访问;404:页面不存在
500:服务器内部错误
一、安装LAMP环境
1、安装apache(源码安装的是2.4的版本 #./httpd -v 显示版本)
要求将httpd安装到/usr/local/httpd目录下
(1)安装apr
# ./configure --prefix=/usr/local/apr --enable-profile --enable-threads
# make && make install
(2)安装apr-iconv
# ./configure --prefix=/usr/local/apr-iconv --with-apr=/usr/local/apr/
# make && make install
(3)安装apr-util
# ./configure --prefix=/usr/local/apr-util --with-iconv=/usr/local/apr-iconv --with-apr=/usr/local/apr
# make && make install
(4)安装pcre
# ./configure --prefix=/usr/local/pcre --enable-utf8 --enable-jit
# make && make install
yum install -y yum install -y openssl-devel apr-util-devel pcre-devel
(5)安装httpd
# ./configure --prefix=/usr/local/httpd --enable-cache --enable-cache-disk --enable-cache-socache --enable-so --enable-echo --enable-data --enable-include --enable-sed --enable-proxy --enable-proxy-connect --enable-proxy-http --enable-proxy-fcgi --enable-proxy-scgi --enable-proxy-ajp --enable-proxy-balancer --enable-session --enable-session-cookie --enable-ssl --enable-info --enable-rewrite --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util/ --with-pcre=/usr/local/pcre --with-mpm=prefork
练习:配置基本的web站点
(1)设置web站点的主目录为/sxjy/web
DocumentRoot "/sxjy/web"
(2)设置web站点的主页文件名为index.html,index.htm,index.php三个
DocumentRoot index.html index.htm index.php
(3)设置服务器使用prefork模式工作时启动10个空闲进程,最小保持10个空闲进程,最大空闲进程数为50个,并发最大用户为1000
<IfModule mpm_prefork_module>
StartServers 10
MinSpareServers 10
MaxSpareServers 50
ServerLimit 1000
MaxRequestWorkers 1000
MaxConnectionsPerChild 0
</IfModule>
(4)启用服务器信息和状态查看页面
<Location /server-status>
SetHandler server-status
Require host .sxjy.com
Require ip 172.16.0.0/16
</Location>
(5)网络链接超时时间为10秒
TimeOut 10
(6)保活连接超时时间为3秒
KeepAlive On
KeepAliveTimeout 3
(7)设置错误日志的级别为info
LogLevel info
(8)设置访问日志记录客户端地址、请求协议、浏览器类型和版本、请求方法、状态、请求时间、响应请求的子进程ID、{referer}等信息
LogFormat "%t %h %H %P %m %l %u %U \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
CustomLog "logs/access_log" combined
2、apache的Alias,ScriptAlias,options FollowSymLinks,options Indexs配置
作用:访问不在web目录下的文件和列出目录下的内容
Alias /meizu "/usr/local/httpd/meizu"
ScriptAlias /cgi-bin/ "/usr/local/httpd/cgi-bin/"
<Directory "/usr/local/httpd/meizu">
Require all granted
Require ip 172.16.0.0/16
</Directory>
<Directory />
options Indexes FollowSymLinks
</Directory>
3、apache的段配置
<Directory "/web">*</Directory> \\设置指定目录的访问规则
<Files ".ht*">*</Files> \\设置特定文件的访问规则
<Location /server-status>*</Location> \\设置URL包含特殊信息的访问规则
<IfModule dir_module>*</IfModule> \\判定模块是否加载,如果加载则使用指定的配置项
4、访问控制、认证和授权
访问控制
Require all granted \\允许所有的访问
Require all denied \\拒绝所有的访问
例:(1)对于/meizu目录下的内容,除了172.16.0.7外所有人都可以访问
<RequireAll>
Require all granted
Require not ip 172.16.0.7
</RequireAll>
(2)对于/meizu目录下的内容,除了172.16.0.254外所有人都不可以访问
Require all denied
Require ip 172.16.0.254
认证和授权
例:(1)对于/meizu目录下的内容,只允许admin用户访问
<Directory "/usr/local/httpd/meizu">
AuthType Basic
AuthName "Restricted Files"
AuthBasicProvider file
AuthUserFile "/usr/local/httpd/passwd/password"
Require valid-user
</Directory>
# ./htpasswd -c /usr/local/httpd/passwd/password admin \\创建用户认证的密码文件,第一次使用加-c选项
练习:(1)在web网站的根目录下创建一个myweb目录,将web根目录外的一个文件通过符号链接到myweb目录下并能够访问
# mkdir /usr/local/httpd/myweb
# ln -s /usr/local/httpd/myweb/test.html /usr/local/httpd/htdocs/test.html
# vim httpd.conf
<Directory />
Options FollowSymLinks
</Directory>
(2)当myweb目录下不存在index.html主页文件时,不允许列出目录下的内容
<Directory /myweb>
Options -Indexs
</Directory>
(3)在web服务器根目录下的test.html文件,要求此文件只能被一个特定的ip地址访问,地址自己定义
<Location "/test.html">
Require all denied
Require ip 172.16.0.250
</Location>
(4)在web根目录之外创建一个sxjy目录并随便放入几个html文件,当客户端访问的URL中包含/sxjy地址时则访问实际的sxjy目录下的内容
Alias /sxjy/ /usr/local/httpd/sxjy/
<Directory /usr/local/httpd/sxjy>
Require all granted
</Directory>
(5)对于sxjy目录的内容,只允许经过认证的user01,user02两个用户访问
<Directory /sxjy>
AuthType Basic
AuthName "Restricted Files"
AuthBasicProvider file
AuthUserFile "/usr/local/httpd/passwd/password"
Require user user01 user02
</Directory>
# htpasswd -c /usr/local/httpd/passwd/password user01
# htpasswd /usr/local/httpd/passwd/password user02
# vim httpd.conf
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
假设web的根目录为:/usr/local/httpd/htdocs
常用认证命令
AuthType Basic
AuthName "Restricted Files"
AuthBasicProvider file
AuthUserFile "/usr/local/httpd/passwd/password"
Require user user01 user02 //只对user01,user02认证,但这两个用户需在/usr/local/httpd/passwd/password里面。
Require Valid-User
AuthGroupFile "/usr/local/httpd/passwd/groups"
Require group sxjy
satisfy all | any \\访问控制、认证和授权的满足条件控制
5、虚拟主机
(1)虚拟主机的类型
基于域名的虚拟主机
基于端口的虚拟主机
基于ip的虚拟主机
(2)基于域名的虚拟主机 vi /usr/local/httpd/conf/extra/httpd-vhosts.conf (注意主配置文件里的 #虚拟主机设置要开启;只要定义了虚拟主机,所有主机都要设成虚拟主机)
配置域名服务器,将相关的域名解析为同一个ip (如果没配域名服务器,可在/etc/hosts文件里临时测试)
<Directory /web>
Require all granted
</Directory>
<VirtualHost *:80> //可以在下面写上一些控制指令,主配置文件里的都可写进来
ServerAdmin admin@xxx.com
DocumentRoot "/web/xxx" //必要
ServerName www.xxx.com //必要
ServerAlias www.xxx.com
ErrorLog "logs/www.xxx.com-error.log"
CustomLog "logs/www.xxx.com-access.log" common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin admin@yyy.com
DocumentRoot "/web/yyy"
ServerName www.yyy.com
ErrorLog "logs/www.yyy.com-error.log"
CustomLog "logs/www.yyy.com-access.log" common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin admin@zzz.com
DocumentRoot "/web/zzz"
ServerName www.zzz.com
ErrorLog "logs/www.zzz.com-error.log"
CustomLog "logs/www.zzz.com-access.log" common
</VirtualHost>
练习:(1)在/website目录下创建sxjy,sxky,sxbbs三个目录,分别作为www.sxjy.com,www.sxkj.com,www.sxbbs.com三个站点的web根目录
(2)设置域名服务器解析www.sxjy.com,www.sxkj.com,www.sxbbs.com解析同一个ip地址
(3)要求三个站点的日志都存放到/var/log/httpd目录下,并使用同一个文件,即访问日志都放到access.log,错误日志都放到error.log下,错误日志的
级别设置为notice,访问日志记录时间,客户端地址,请求的URL路径,请求方法,响应请求的子进程ID,请求的文件,浏览器类型等信息
(4)配置这两个日志至少要达到10M以后才进行轮转,且最多保存5个轮转文件
(5)设置/website/sxjy/private目录只允许172.16.0.0/16网段的地址访问
(6)设置/website/sxkj/finance只允许经过认证和授权的用户访问,具体用户名自己设置
6、LAMP架构搭建
(1)安装apache
(2)安装mysql
# yum install bison ncurses ncurses-devel ncurses-libs
# cmake -DCMAKE_INSTALL_PREFIX=/usr/local/mysql -DMYSQL_DATADIR=/usr/local/mysql/data -DSYSCONFDIR=/usr/local/mysql -DTMPDIR=/tmp -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_ARCHIVE_STORAGE_ENGINE=1 -DWITH_BLACKHOLE_STORAGE_ENGINE=1 -DWITH_PERFSCHEMA_STORAGE_ENGINE=1 -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DENABLED_LOCAL_INFILE=1 -DMYSQL_UNIX_ADDR=/tmp/mysql.sock -DWITH_EXTRA_CHARSETS=all
# make
# make install
# cd /usr/local/mysql/support-files
# cp my-default.cnf /usr/local/mysql/my.cnf
# cp mysql.server /etc/init.d/mysqld
# vim /etc/init.d/mysqld
basedir=/usr/local/mysql
datadir=/usr/local/mysql/data
conf=/usr/local/mysql/my.cnf
# vim /usr/local/mysql/my.cnf
[mysql]
socket = /tmp/mysql.sock
[mysqld]
basedir = /usr/local/mysql
datadir = /usr/local/mysql/data
port = 3306
server_id = 1
socket = /tmp/mysql.sock
log_bin = server_log
skip_name_resolve = on
user=mysql
explicit_defaults_for_timestamp = on
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES
# cd /usr/local/mysql
# ./scripts/mysql_install_db --user=mysql --datadir=/usr/local/mysql/data
# service mysqld start
(3)安装php环境
安装freetype
# ./configure --prefix=/usr/local/freetype
# make && make install
安装jpeg
# ./configure --prefix=/usr/local/jpeg
# make && make install
安装libpng
# ./configure --prefix=/usr/local/libpng
# make && make install
安装libzip
# ./configure --prefix=/usr/local/libzip
# make && make install
安装libiconv
# ./configure --prefix=/usr/local/libiconv
# make && make install
安装xpm
# yum install imake libXt*
# xmkmf -a
# make && make install
# make install.man
安装libmcrypt
# ./configure --prefix=/usr/local/libmcrypt --enable-static
# make && make install
安装mhash
# ./configure
# make && make install
安装mcrypt
# vim /etc/ld.so.conf
/usr/local/libmcrypt/lib
/usr/local/lib
# ldconfig
# ./configure --prefix=/usr/local/mcrypt --with-libmcrypt-prefix=/usr/local/libmcrypt --with-libiconv-prefix=/usr/local/libiconv
安装gd库
# ./configure --prefix=/usr/local/gd --with-png=/usr/local/libpng --with-freetype=/usr/local/freetype --with-jpeg=/usr/local/jpeg --with-xpm=/usr --with-libiconv-prefix=/usr/local/libiconv
# make && make install
安装php
# yum install libxml2-devel
# ./configure --prefix=/usr/local/php --with-apxs2=/usr/local/httpd/bin/apxs --with-config-file-path=/usr/local/php --with-gd=/usr/local/gd --with-jpeg-dir=/usr/local/jpeg --with-png-dir=/usr/local/libpng --with-zlib-dir=/usr/local/libzip --with-xpm-dir=/usr --with-freetype-dir=/usr/local/freetype --enable-gd-native-ttf --enable-gd-jis-conv --with-mhash=/usr/local --enable-mbstring --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-pcre-dir --enable-zip --with-iconv-dir=/usr/local/libiconv
# make
# make install
7、nginx和php架构
1、软件安装
(1)安装pcre正则扩展
# ./configure --prefix=/usr/local/pcre --enable-utf8 --enable-jit
# make && make install
(2)安装nginx
# ./configure --prefix=/usr/local/nginx --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/run/nginx/nginx.lock --user=daemon --group=daemon --with-pcre=/usr/src/pcre-8.21
# make
# make install
2、配置nginx
# vim nginx.conf
user daemon;
worker_processes 2;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx/nginx.pid;
lock_file /var/run/nginx/nginx.lock;
worker_rlimit_nofile 10240;
events {
worker_connections 10240;
multi_accept on;
use epoll;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format mylog '[$time_local] $remote_addr - "$request" $status "$http_referer" ';
access_log /var/log/nginx/access.log main;
access_log /var/log/nginx/mylog.log mylog;
sendfile on;
keepalive_timeout 60;
gzip on;
server {
listen 80;
server_name www.sxjy.com;
charset gb2312;
location / {
root html;
index index.html index.htm;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
# /usr/local/nginx/sbin/nginx \\启动nginx
# /usr/local/nginx/sbin/nginx -s stop \\停止nginx
# /usr/local/nginx/sbin/nginx -s reload \\重载配置文件
3、nginx支持php
# /usr/local/nginx/sbin/nginx
(1)安装php
# ./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=daemon --with-fpm-group=daemon --with-config-file-path=/usr/local/php --with-pcre-dir=/usr/local/pcre
# make
# make install
# cp php.ini-production /usr/local/php/php.ini
(2)配置nginx
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html $fastcgi_script_name;
include fastcgi_params;
}
(3)配置和启动php-fpm
# cd /usr/local/php/etc
# mv php-fpm.conf.default php-fpm.conf
# vim php-fpm.conf
# cd /usr/local/php/sbin
# ./php-fpm
4、使用nginx做负载均衡和反向代理
在http段定义后端地址池
# vim nginx.conf
upstream php-pool {
server 10.0.5.151:80 weight=1 max_fails=2 fail_timeout=30s;
server 10.0.5.152:80 weight=2 max_fails=2 fail_timeout=30s;
server 10.0.5.153:80 weight=2 max_fails=2 fail_timeout=30 backup;
}
location ~ \.php$ {
root html;
fastcgi_index index.php;
proxy_pass http://php-pool;
}
http://www.taobao.com/index.html
1、http请求的内容
(1)请求行
get:请求方法,其它常见方法:post,put,delete
index.html:请求的文件
http/1.1版:请求的协议
(2)请求头
host:请求的主机
accept:是否接受请求
accept-language:请求内容的语言表示,zh_CN
accept-charset:请求内容的字符编码
accept-encoding:是否启用压缩
referer:http://www.tmall.com/apple/s01.php
User-agent:浏览器的类型和版本
Connection:keepalive
date:访问的日期和时间
(3)请求的实际文件内容
welcome to access my website!!
2、http响应的内容
(1)根据客户端请求的信息进行响应
(2)状态码
100-199:服务器成功接收客户端的请求,有时需要客户机继续发送请求信息完成整个请求的过程
200-299:表示成功处理客户端请求
300-399:找其它服务器,302:找其它的服务器,需要在响应头中有location信息;304,307:找缓存
400-499:403:页面存在,但没有权限访问;404:页面不存在
500:服务器内部错误
一、安装LAMP环境
1、安装apache(源码安装的是2.4的版本 #./httpd -v 显示版本)
要求将httpd安装到/usr/local/httpd目录下
(1)安装apr
# ./configure --prefix=/usr/local/apr --enable-profile --enable-threads
# make && make install
(2)安装apr-iconv
# ./configure --prefix=/usr/local/apr-iconv --with-apr=/usr/local/apr/
# make && make install
(3)安装apr-util
# ./configure --prefix=/usr/local/apr-util --with-iconv=/usr/local/apr-iconv --with-apr=/usr/local/apr
# make && make install
(4)安装pcre
# ./configure --prefix=/usr/local/pcre --enable-utf8 --enable-jit
# make && make install
yum install -y yum install -y openssl-devel apr-util-devel pcre-devel
(5)安装httpd
# ./configure --prefix=/usr/local/httpd --enable-cache --enable-cache-disk --enable-cache-socache --enable-so --enable-echo --enable-data --enable-include --enable-sed --enable-proxy --enable-proxy-connect --enable-proxy-http --enable-proxy-fcgi --enable-proxy-scgi --enable-proxy-ajp --enable-proxy-balancer --enable-session --enable-session-cookie --enable-ssl --enable-info --enable-rewrite --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util/ --with-pcre=/usr/local/pcre --with-mpm=prefork
练习:配置基本的web站点
(1)设置web站点的主目录为/sxjy/web
DocumentRoot "/sxjy/web"
(2)设置web站点的主页文件名为index.html,index.htm,index.php三个
DocumentRoot index.html index.htm index.php
(3)设置服务器使用prefork模式工作时启动10个空闲进程,最小保持10个空闲进程,最大空闲进程数为50个,并发最大用户为1000
<IfModule mpm_prefork_module>
StartServers 10
MinSpareServers 10
MaxSpareServers 50
ServerLimit 1000
MaxRequestWorkers 1000
MaxConnectionsPerChild 0
</IfModule>
(4)启用服务器信息和状态查看页面
<Location /server-status>
SetHandler server-status
Require host .sxjy.com
Require ip 172.16.0.0/16
</Location>
(5)网络链接超时时间为10秒
TimeOut 10
(6)保活连接超时时间为3秒
KeepAlive On
KeepAliveTimeout 3
(7)设置错误日志的级别为info
LogLevel info
(8)设置访问日志记录客户端地址、请求协议、浏览器类型和版本、请求方法、状态、请求时间、响应请求的子进程ID、{referer}等信息
LogFormat "%t %h %H %P %m %l %u %U \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
CustomLog "logs/access_log" combined
2、apache的Alias,ScriptAlias,options FollowSymLinks,options Indexs配置
作用:访问不在web目录下的文件和列出目录下的内容
Alias /meizu "/usr/local/httpd/meizu"
ScriptAlias /cgi-bin/ "/usr/local/httpd/cgi-bin/"
<Directory "/usr/local/httpd/meizu">
Require all granted
Require ip 172.16.0.0/16
</Directory>
<Directory />
options Indexes FollowSymLinks
</Directory>
3、apache的段配置
<Directory "/web">*</Directory> \\设置指定目录的访问规则
<Files ".ht*">*</Files> \\设置特定文件的访问规则
<Location /server-status>*</Location> \\设置URL包含特殊信息的访问规则
<IfModule dir_module>*</IfModule> \\判定模块是否加载,如果加载则使用指定的配置项
4、访问控制、认证和授权
访问控制
Require all granted \\允许所有的访问
Require all denied \\拒绝所有的访问
例:(1)对于/meizu目录下的内容,除了172.16.0.7外所有人都可以访问
<RequireAll>
Require all granted
Require not ip 172.16.0.7
</RequireAll>
(2)对于/meizu目录下的内容,除了172.16.0.254外所有人都不可以访问
Require all denied
Require ip 172.16.0.254
认证和授权
例:(1)对于/meizu目录下的内容,只允许admin用户访问
<Directory "/usr/local/httpd/meizu">
AuthType Basic
AuthName "Restricted Files"
AuthBasicProvider file
AuthUserFile "/usr/local/httpd/passwd/password"
Require valid-user
</Directory>
# ./htpasswd -c /usr/local/httpd/passwd/password admin \\创建用户认证的密码文件,第一次使用加-c选项
练习:(1)在web网站的根目录下创建一个myweb目录,将web根目录外的一个文件通过符号链接到myweb目录下并能够访问
# mkdir /usr/local/httpd/myweb
# ln -s /usr/local/httpd/myweb/test.html /usr/local/httpd/htdocs/test.html
# vim httpd.conf
<Directory />
Options FollowSymLinks
</Directory>
(2)当myweb目录下不存在index.html主页文件时,不允许列出目录下的内容
<Directory /myweb>
Options -Indexs
</Directory>
(3)在web服务器根目录下的test.html文件,要求此文件只能被一个特定的ip地址访问,地址自己定义
<Location "/test.html">
Require all denied
Require ip 172.16.0.250
</Location>
(4)在web根目录之外创建一个sxjy目录并随便放入几个html文件,当客户端访问的URL中包含/sxjy地址时则访问实际的sxjy目录下的内容
Alias /sxjy/ /usr/local/httpd/sxjy/
<Directory /usr/local/httpd/sxjy>
Require all granted
</Directory>
(5)对于sxjy目录的内容,只允许经过认证的user01,user02两个用户访问
<Directory /sxjy>
AuthType Basic
AuthName "Restricted Files"
AuthBasicProvider file
AuthUserFile "/usr/local/httpd/passwd/password"
Require user user01 user02
</Directory>
# htpasswd -c /usr/local/httpd/passwd/password user01
# htpasswd /usr/local/httpd/passwd/password user02
# vim httpd.conf
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
假设web的根目录为:/usr/local/httpd/htdocs
常用认证命令
AuthType Basic
AuthName "Restricted Files"
AuthBasicProvider file
AuthUserFile "/usr/local/httpd/passwd/password"
Require user user01 user02 //只对user01,user02认证,但这两个用户需在/usr/local/httpd/passwd/password里面。
Require Valid-User
AuthGroupFile "/usr/local/httpd/passwd/groups"
Require group sxjy
satisfy all | any \\访问控制、认证和授权的满足条件控制
5、虚拟主机
(1)虚拟主机的类型
基于域名的虚拟主机
基于端口的虚拟主机
基于ip的虚拟主机
(2)基于域名的虚拟主机 vi /usr/local/httpd/conf/extra/httpd-vhosts.conf (注意主配置文件里的 #虚拟主机设置要开启;只要定义了虚拟主机,所有主机都要设成虚拟主机)
配置域名服务器,将相关的域名解析为同一个ip (如果没配域名服务器,可在/etc/hosts文件里临时测试)
<Directory /web>
Require all granted
</Directory>
<VirtualHost *:80> //可以在下面写上一些控制指令,主配置文件里的都可写进来
ServerAdmin admin@xxx.com
DocumentRoot "/web/xxx" //必要
ServerName www.xxx.com //必要
ServerAlias www.xxx.com
ErrorLog "logs/www.xxx.com-error.log"
CustomLog "logs/www.xxx.com-access.log" common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin admin@yyy.com
DocumentRoot "/web/yyy"
ServerName www.yyy.com
ErrorLog "logs/www.yyy.com-error.log"
CustomLog "logs/www.yyy.com-access.log" common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin admin@zzz.com
DocumentRoot "/web/zzz"
ServerName www.zzz.com
ErrorLog "logs/www.zzz.com-error.log"
CustomLog "logs/www.zzz.com-access.log" common
</VirtualHost>
练习:(1)在/website目录下创建sxjy,sxky,sxbbs三个目录,分别作为www.sxjy.com,www.sxkj.com,www.sxbbs.com三个站点的web根目录
(2)设置域名服务器解析www.sxjy.com,www.sxkj.com,www.sxbbs.com解析同一个ip地址
(3)要求三个站点的日志都存放到/var/log/httpd目录下,并使用同一个文件,即访问日志都放到access.log,错误日志都放到error.log下,错误日志的
级别设置为notice,访问日志记录时间,客户端地址,请求的URL路径,请求方法,响应请求的子进程ID,请求的文件,浏览器类型等信息
(4)配置这两个日志至少要达到10M以后才进行轮转,且最多保存5个轮转文件
(5)设置/website/sxjy/private目录只允许172.16.0.0/16网段的地址访问
(6)设置/website/sxkj/finance只允许经过认证和授权的用户访问,具体用户名自己设置
6、LAMP架构搭建
(1)安装apache
(2)安装mysql
# yum install bison ncurses ncurses-devel ncurses-libs
# cmake -DCMAKE_INSTALL_PREFIX=/usr/local/mysql -DMYSQL_DATADIR=/usr/local/mysql/data -DSYSCONFDIR=/usr/local/mysql -DTMPDIR=/tmp -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_ARCHIVE_STORAGE_ENGINE=1 -DWITH_BLACKHOLE_STORAGE_ENGINE=1 -DWITH_PERFSCHEMA_STORAGE_ENGINE=1 -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DENABLED_LOCAL_INFILE=1 -DMYSQL_UNIX_ADDR=/tmp/mysql.sock -DWITH_EXTRA_CHARSETS=all
# make
# make install
# cd /usr/local/mysql/support-files
# cp my-default.cnf /usr/local/mysql/my.cnf
# cp mysql.server /etc/init.d/mysqld
# vim /etc/init.d/mysqld
basedir=/usr/local/mysql
datadir=/usr/local/mysql/data
conf=/usr/local/mysql/my.cnf
# vim /usr/local/mysql/my.cnf
[mysql]
socket = /tmp/mysql.sock
[mysqld]
basedir = /usr/local/mysql
datadir = /usr/local/mysql/data
port = 3306
server_id = 1
socket = /tmp/mysql.sock
log_bin = server_log
skip_name_resolve = on
user=mysql
explicit_defaults_for_timestamp = on
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES
# cd /usr/local/mysql
# ./scripts/mysql_install_db --user=mysql --datadir=/usr/local/mysql/data
# service mysqld start
(3)安装php环境
安装freetype
# ./configure --prefix=/usr/local/freetype
# make && make install
安装jpeg
# ./configure --prefix=/usr/local/jpeg
# make && make install
安装libpng
# ./configure --prefix=/usr/local/libpng
# make && make install
安装libzip
# ./configure --prefix=/usr/local/libzip
# make && make install
安装libiconv
# ./configure --prefix=/usr/local/libiconv
# make && make install
安装xpm
# yum install imake libXt*
# xmkmf -a
# make && make install
# make install.man
安装libmcrypt
# ./configure --prefix=/usr/local/libmcrypt --enable-static
# make && make install
安装mhash
# ./configure
# make && make install
安装mcrypt
# vim /etc/ld.so.conf
/usr/local/libmcrypt/lib
/usr/local/lib
# ldconfig
# ./configure --prefix=/usr/local/mcrypt --with-libmcrypt-prefix=/usr/local/libmcrypt --with-libiconv-prefix=/usr/local/libiconv
安装gd库
# ./configure --prefix=/usr/local/gd --with-png=/usr/local/libpng --with-freetype=/usr/local/freetype --with-jpeg=/usr/local/jpeg --with-xpm=/usr --with-libiconv-prefix=/usr/local/libiconv
# make && make install
安装php
# yum install libxml2-devel
# ./configure --prefix=/usr/local/php --with-apxs2=/usr/local/httpd/bin/apxs --with-config-file-path=/usr/local/php --with-gd=/usr/local/gd --with-jpeg-dir=/usr/local/jpeg --with-png-dir=/usr/local/libpng --with-zlib-dir=/usr/local/libzip --with-xpm-dir=/usr --with-freetype-dir=/usr/local/freetype --enable-gd-native-ttf --enable-gd-jis-conv --with-mhash=/usr/local --enable-mbstring --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-pcre-dir --enable-zip --with-iconv-dir=/usr/local/libiconv
# make
# make install
7、nginx和php架构
1、软件安装
(1)安装pcre正则扩展
# ./configure --prefix=/usr/local/pcre --enable-utf8 --enable-jit
# make && make install
(2)安装nginx
# ./configure --prefix=/usr/local/nginx --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/run/nginx/nginx.lock --user=daemon --group=daemon --with-pcre=/usr/src/pcre-8.21
# make
# make install
2、配置nginx
# vim nginx.conf
user daemon;
worker_processes 2;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx/nginx.pid;
lock_file /var/run/nginx/nginx.lock;
worker_rlimit_nofile 10240;
events {
worker_connections 10240;
multi_accept on;
use epoll;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format mylog '[$time_local] $remote_addr - "$request" $status "$http_referer" ';
access_log /var/log/nginx/access.log main;
access_log /var/log/nginx/mylog.log mylog;
sendfile on;
keepalive_timeout 60;
gzip on;
server {
listen 80;
server_name www.sxjy.com;
charset gb2312;
location / {
root html;
index index.html index.htm;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
# /usr/local/nginx/sbin/nginx \\启动nginx
# /usr/local/nginx/sbin/nginx -s stop \\停止nginx
# /usr/local/nginx/sbin/nginx -s reload \\重载配置文件
3、nginx支持php
# /usr/local/nginx/sbin/nginx
(1)安装php
# ./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=daemon --with-fpm-group=daemon --with-config-file-path=/usr/local/php --with-pcre-dir=/usr/local/pcre
# make
# make install
# cp php.ini-production /usr/local/php/php.ini
(2)配置nginx
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html $fastcgi_script_name;
include fastcgi_params;
}
(3)配置和启动php-fpm
# cd /usr/local/php/etc
# mv php-fpm.conf.default php-fpm.conf
# vim php-fpm.conf
# cd /usr/local/php/sbin
# ./php-fpm
4、使用nginx做负载均衡和反向代理
在http段定义后端地址池
# vim nginx.conf
upstream php-pool {
server 10.0.5.151:80 weight=1 max_fails=2 fail_timeout=30s;
server 10.0.5.152:80 weight=2 max_fails=2 fail_timeout=30s;
server 10.0.5.153:80 weight=2 max_fails=2 fail_timeout=30 backup;
}
location ~ \.php$ {
root html;
fastcgi_index index.php;
proxy_pass http://php-pool;
}
0 0
