我們以模拟實際需求的形式來複習。
需求如下:
1. 準備兩台centos 6,其中一台機器跑mysql,另外一台機器跑apache和nginx + php
2. 同時安裝apache和nginx,其中nginx啟動80端口,用來跑靜态對象(圖檔、js、css),apache監聽88端口,負責跑動态頁(php相關的),并且需要由nginx代理對外通路
3. mysql伺服器需要開啟慢查詢日志
4. 搭建discuz、wordpress以及phpmyadmin,域名分别為bbs.abc.com, blog.abc.com, pma.abc.com
5. 配置discuz的僞靜态(nginx)
6. apache不需要記錄日志,nginx記錄日志,但不記錄圖檔等靜态頁的日志,并且配置日志切割
7. 配置圖檔防盜鍊(nginx)
8. 配置圖檔緩存7天,js,css緩存1天(nginx)
9. discuz和wordpress通路背景限制一下ip白名單,比如隻允許192.168.1.100通路(nginx)
10. phpmyadmin整個站點需要配置使用者認證(nginx)
11. 寫一個mysql備份的腳本,每天5點執行,需要遠端拷貝到web機器上
12. 把除了百度、google外的其他常見搜尋引擎蜘蛛封掉,比如(bingbot/2.0、sogou web spider/4.0、360spider、yisouspider、yandexbot/3.0)(nginx)大家好,裡面的圖檔僅供參考,隻是一種思路,不要照搬!!對代理名詞的了解:舉個例子吧!你是供應商,你手下有一個業務代理,它幫你銷售東西出去,如果你想不賣這個東西給某個公司或者地方,是不是給代理說說就好了。那我這裡apache是供應商,nginx是代理商,是以nginx響應用戶端,他知道客戶的請求
實驗環境:
1、vmware workstation 10
2、裝置a:mysql,ip位址:192.168.137.102,hostname:mysql
3、裝置b:lamp環境+nginx代理,ip位址:192.168.137.107,hostname:lanp
4、linux發行版:centos 6.7 x86_64;
5、nginx:http://nginx.org/download/nginx-1.6.2.tar.gz
6、apache:httpd-2.2.16.tar.gz
7、php:php-5.3.28.tar.gz
8、mysql:mysql-5.5.42-linux2.6-x86_64.tar.gz
9、discuz:discuz_x3.2_sc_utf8.zip
10、wordpress:wordpress-4.2.2-zh_cn.tar.gz
11、phpmyadmin:phpmyadmin-4.0.8-all-languages.zip
實驗步驟:
裝置a:mysql
cd /usr/local/src/
tar zxvf mysql-5.5.42-linux2.6-x86_64.tar.gz
mv mysql-5.5.42-linux2.6-x86_64 /usr/local/mysql
cd /usr/local/mysql
mkdir -p /data/mysql
useradd -s /sbin/nologin -m mysql
chown -r mysql:mysql /data/mysql
cp support-files/my-large.cnf /etc/my.cnf
cp support-files/mysql.server /etc/init.d/mysqld
chmod 755 /etc/init.d/mysqld
vi /etc/init.d/mysql,basedir=/usr/local/mysql,datadir=/data/mysql
./scripts/mysql_install_db --user=mysql --datadir=/data/mysql
vim /etc/profile.d/mysql.sh加入export path=$path:/usr/local/mysql/bin
chkconfig --add mysqld
chkconfig mysqld on
service mysqld start
登入mysql授權:grant all on *.* to 'aming'@'192.168.137.107' identified by 'aminglinux.com';
裝置b:lamp
1. 安裝apache
tar zvxf httpd-2.2.16.tar.gz
cd httpd-2.2.16
./configure --prefix=/usr/local/apache2 --enable-mods-shared=most --enable-so
make&make install
apache加入chkconfig
cp /usr/local/apache2/bin/apachectl /etc/init.d/httpd
vim /etc/init.d/httpd
在第一行#!/bin/sh下增加兩行文字
# chkconfig: 35 70 30
# description: apache
chkconfig --level 35 httpd on
2. 安裝php
tar zxvf php-5.3.28.tar.gz
cd php-5.3.28
./configure --prefix=/usr/local/php --with-apxs2=/usr/local/apache2/bin/apxs --with-config-file-path=/usr/local/php/etc --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-bz2 --with-openssl --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-mbstring --enable-sockets --enable-exif --disable-ipv6 --with-mysql=mysqlnd --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd
cp /usr/local/src/php-5.3.28/php.ini-production /usr/local/php/etc/php.ini
3、 配置apache結合php
vim /usr/local/apache2/conf/httpd.conf
找到:
addtype application/x-gzip .gz .tgz
在該行下面添加:
addtype application/x-httpd-php .php
<ifmodule dir_module>
directoryindex index.html
</ifmodule>
将該行改為:
directoryindex index.html index.htm index.php
#servername www.example.com:80
修改為:
servername localhost:80
vim /usr/local/apache2/conf/httpd.conf找到:
<directory />
options followsymlinks
allowoverride none
order deny,allow
deny from all
</directory>
改為:
allow from all
測試lamp環境:在浏覽器通路192.168.137.107,如果顯示it works!表示lamp環境搭建成功
mkdir data
cd data
在data目錄分别建立bbs、blog、pma目錄
4.解壓discuz并把upload下的内容移到bbs下
cd /usr/local/src
unzip discuz_x3.2_sc_utf8.zip
mv upload/* /data/bbs
5.解壓wordpress并把wordpress下的内容移到blog下
[root@lanp src]# tar zxvf wordpress-4.2.2-zh_cn.tar.gz
[root@lanp src]# mv wordpress/* /data/blog
6.解壓phpmyadmin并把phpmyadmin-4.0.8-all-languages下的内容移到pma下
[root@lanp src]# unzip phpmyadmin-4.0.8-all-languages.zip
[root@lanp src]# mv phpmyadmin-4.0.8-all-languages/* /data/pma
7.把apache端口改成88:進入apache主配置檔案,把lisen 80改成88
8.[root@lanp ~]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf(添加三個虛拟主機,并把80端口改成88)
<virtualhost *:88>
documentroot "/data/bbs"
servername bbs.abc.com
#serveralias www.dummy-host.example.com
errorlog "logs/bbs.abc.com-error_log"
customlog "logs/bbs.abc.com-access_log" common
</virtualhost>
documentroot "/data/blog"
servername blog.abc.com
errorlog "logs/blog.abc.com-error_log"
customlog "logs/blog.abc.com-access_log" common
documentroot "/data/pma"
servername pma.abc.com
errorlog "logs/pma.abc.com-error_log"
customlog "logs/pma.abc.com-access_log" common
檢查配置檔案是否有文法錯誤:
[root@lanp ~]# /usr/local/apache2/bin/apachectl -t
syntax ok
檢查88端口是否監聽
[root@lanp ~]# /usr/local/apache2/bin/apachectl restart
[root@lanp ~]# netstat -lnp
9.在真機win上的host檔案裡綁定ip和虛拟主機域名(host檔案路徑:c/windows/system32/drivers/etc/hosts
192.168.137.107 bbs.abc.com blog.abc.com pma.abc.com
10.安裝discuz
在浏覽器通路bbs.abc.com/install/,會出現discuz圖形安裝界面,點我同意,出現很多目錄不可寫,為啥不可寫呢?因為ps aux |grep httpd,httpd是以daemon使用者運作。是以需要把discuz中不可寫的目錄的屬主和屬組改成daemon,chown -r daemon:daemon config/ data uc_client/data uc_server/data
回到浏覽器重新整理,下一步,再全新安裝discuz
在mysql中建立discuz庫并授權一個使用者
mysql> create database discuz;
mysql> grant all on *.* to 'aming'@'192.168.137.107' identified by 'aminglinux.com';
mysql> flush privileges;
回到discuz浏覽器,資料庫名為discuz,資料庫使用者名為aming,資料庫密碼aminglinux.com
到此discuz論壇安裝完畢
11.安裝wordpress
在mysql中建立blog庫
mysql> create database blog;
在浏覽器中通路blog.abc.com:88進行安裝
根據錯誤提示,在blog目錄下建立wp-config.php然後把浏覽器中方框内資訊拷貝至wp-config.php目錄
12.安裝phpmyadmin
cp libraries/config.default.php config.inc.php
更改
$cfg['servers'][$i]['user'] = 'root';
$cfg['servers'][$i]['password'] = 'yourrootpassword';
$cfg['servers'][$i]['host'] = 'yourdbip';
$cfg['servers'][$i]['auth_type'] = 'config';##認證模式
在浏覽器中通路pma.abc.com:88進行安裝
13.安裝nginx
[root@lanp src]# wget http://nginx.org/download/nginx-1.6.2.tar.gz
[root@lanp src]# tar zxvf nginx-1.6.2.tar.gz
[root@lanp nginx-1.6.2]# ./configure --prefix=/usr/local/nginx --with-pcre
make &make install
nginx啟動腳本和配置檔案
vim /etc/init.d/nginx //加入如下内容
#!/bin/bash
# chkconfig: - 30 21
# description: http service.
# source function library
. /etc/init.d/functions
# nginx settings
nginx_sbin="/usr/local/nginx/sbin/nginx"
nginx_conf="/usr/local/nginx/conf/nginx.conf"
nginx_pid="/usr/local/nginx/logs/nginx.pid"
retval=0
prog="nginx"
start() {
echo -n $"starting $prog: "
mkdir -p /dev/shm/nginx_temp
daemon $nginx_sbin -c $nginx_conf
retval=$?
echo
return $retval
}
stop() {
echo -n $"stopping $prog: "
killproc -p $nginx_pid $nginx_sbin -term
rm -rf /dev/shm/nginx_temp
reload(){
echo -n $"reloading $prog: "
killproc -p $nginx_pid $nginx_sbin -hup
restart(){
stop
start
configtest(){
$nginx_sbin -c $nginx_conf -t
return 0
case "$1" in
start)
;;
stop)
reload)
reload
restart)
restart
configtest)
configtest
*)
echo $"usage: $0 {start|stop|reload|restart|configtest}"
retval=1
esac
exit $retval
chmod 755 /etc/init.d/nginx
chkconfig --add nginx
chkconfig nginx on
service nginx start
service nginx configtest(檢測配置檔案,configtest相當于-t)
vim /usr/local/nginx/conf/nginx.conf 清空原來的配置,加入如下内容
user nobody nobody;
worker_processes 2;
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 6000;
http
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 3526;
server_names_hash_max_size 4096;
log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
'$host "$request_uri" $status'
'"$http_referer" "$http_user_agent"';
sendfile on;
tcp_nopush on;
keepalive_timeout 30;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 8 4k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
client_max_body_size 10m;
client_body_buffer_size 256k;
client_body_temp_path /usr/local/nginx/client_body_temp;
proxy_temp_path /usr/local/nginx/proxy_temp;
fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
fastcgi_intercept_errors on;
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css text/htm application/xml;
include vhosts/*.conf;
cd /usr/local/nginx/conf/
mkdir vhosts
touch discuz.conf
touch pma.conf
touch blog.conf
14.discuz.conf
server
listen 80;
server_name bbs.abc.com;
index index.html index.htm index.php;
root /data/bbs;
#根據user_agent控制
if ($http_user_agent ~ 'bingbot/2.0|mj12bot/v1.4.2|spider/3.0|youdaobot|tomato|gecko/20100315'){
return 403;
}
location ~ admin.php {
allow 192.168.31.141;
deny all;
proxy_pass http://127.0.0.1:88;
proxy_set_header host $host;
location ~ \.php$ {
proxy_pass http://127.0.0.1:88;
proxy_set_header host $host;
proxy_set_header x-real-ip $remote_addr;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
location ~ .*\.(js|css)?$
{
expires 24h;
access_log off;
location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ {
expires 7d;
valid_referers none blocked server_names *.abc.com *.a.com *.b.com *.baidu.com\
*.google.com *.google.cn *.soso.com ;
if ($invalid_referer) {
return 403;
#rewrite ^/
;
}
access_log off;
rewrite ^([^\.]*)/topic-(.+)\.html$ $1/portal.php?mod=topic&topic=$2 last;
rewrite ^([^\.]*)/forum-(\w+)-([0-9]+)\.html$ $1/forum.php?mod=forumdisplay&fid=$2&page=$3 last;
rewrite ^([^\.]*)/thread-([0-9]+)-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=viewthread&tid=$2&extra=page%3d$4&page=$3 last;
rewrite ^([^\.]*)/group-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=group&fid=$2&page=$3 last;
rewrite ^([^\.]*)/space-(username|uid)-(.+)\.html$ $1/home.php?mod=space&$2=$3 last;
rewrite ^([^\.]*)/(fid|tid)-([0-9]+)\.html$ $1/index.php?action=$2&value=$3 last;
access_log /home/logs/discuz.log combined_realip;
檢測nginx配置檔案:/usr/local/nginx/sbin/nginx -t
重新開機nginx:service nginx restart
在浏覽器通路bbs.abc.com,是可以正常進入discuz頁面的。
15.blog.conf配置(參考 http://www.upupw.net/nginxhelp/n33.html)
server_name blog.abc.com;
root /data/blog;
location /wp-admin/ {
allow 127.0.0.1;
location ~ \.php$ {
}
location / {
proxy_pass http://127.0.0.1:88/;
檢測nginx配置檔案是否有文法錯誤:/usr/local/nginx/sbin/nginx -t
在浏覽器通路:blog.abc.com,是可以通路的
16.配置pma.conf
server_name pma.abc.com;
root /data/pma;
location / {
auth_basic "auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
浏覽器通路:pma.abc.com是可以通路到的
17、配置nginx的日志切割
[root@lanp vhosts]# vim /usr/local/sbin/logrotate.sh
d=`date -d "-1 day" +%y%m$d`
/bin/mv /home/logs/discuz.log /home/logs/discuz_$d.log
/etc/init.d/nginx reload >/dev/null 2>/dev/null
cd /home/logs
gzip discuz_$d.log
18、mysql備份腳本無需密碼通過ssh執行rsync來同步檔案的方法可以參考http://www.jb51.net/article/60192.htm
vim mysqlbak.sh
source /etc/profile
d=`date +%f`
/usr/local/mysql/bin/mysqldump -uroot -p838024 wordpress >/data/mysqlbak/$d.wordpresssql
/usr/local/mysql/bin/mysqldump -uroot -p838024 discuz >/data/mysqlbak/$d.discuzsql
/usr/local/mysql/bin/mysqldump -uroot -p838024 phpmyadmin >/data/mysqlbak/$d.phpmyadminsql
rsync -avlupz -e "ssh -p 22" /data/mysqlbak/ 192.168.137.107:/tmp/
再把腳本放進crontab計劃任務
chmod a+x mysqlbak.sh
crontab -e
*/3 * * * * /root/shell/mysqlbak.sh
關于rsync指令:
本地和遠端需要安裝rsync和openssh-clients
yum install rsync和yum install openssh-clients
-e參數作用:
879.png (18.62 kb, 下載下傳次數: 0)
<a href="http://www.apelearn.com/bbs/forum.php?mod=attachment&aid=nde4nnw2owzjnjcwnxwxndy0njg2njawfdg3mdl8otk1na%3d%3d&nothumb=yes" target="_blank">下載下傳附件</a>
2015-12-24 16:46 上傳