一、环境准备
1.系统:环境
CentOS release6.5 (Final)
nginx:1.11.7
pcre:8.35
2.IP及防火墙设置
vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=00:0C:29:D4:D2:2D
TYPE=Ethernet
UUID=0d96a035-40d6-4c2d-99f5-9a239efef3e5
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=
GATEWAY=
NETMASK=
service iptables stop
vi /etc/selinux/config
SELINUX=disabled
setenforce 0
3.依赖包的安装(自行搭建yum环境)
yum -y install automake autoconf libtool make gcc*
4.安装pcre
yum install pcre* -y
5.安装ssl
yum install openssl* -y
二、安装nginx
1.上传程序包nginx-1.11.7.tar.gz到/usr/local/src/
2.解压
cd /usr/local/src/
tar xf nginx-1.11.7.tar.gz
3.编译安装
cd nginx-1.11.7/
./configure --prefix=/mnt/nginx --with-http_ssl_module --with-http_stub_status_module --with-pcre
make & make install
4.创建用户
groupadd www
useradd -g www www
5.修改配置文件
vi /mnt/nginx/conf/nginx.conf
user www www;
worker_processes2; #设置值和CPU核心数一致
error_log/usr/local/webserver/nginx/logs/nginx_error.log crit; #日志位置和日志级别
pid/usr/local/webserver/nginx/nginx.pid;
6.修改主机名
hostname www.testnginx.com
vi /etc/sysconfig/network
HOSTNAME=www.testnginx.com
vi /etc/hosts
ip www.testnginx.com
7.创建nginx启动脚本
vi /etc/init.d/nginx
#!/bin/sh
#
# nginx - this script starts and stops thenginx daemon
#
# chkconfig: - 85 15
# description: NGINX is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /etc/nginx/nginx.conf
# config: /etc/sysconfig/nginx
# pidfile: /var/run/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no"] && exit 0
nginx="/mnt/nginx/sbin/nginx"
prog=$(basename $nginx)
NGINX_CONF_FILE="/mnt/nginx/conf/nginx.conf"
[ -f /etc/sysconfig/nginx ] && ./etc/sysconfig/nginx
lockfile=/var/lock/subsys/nginx
make_dirs() {
#make required directories
user=`$nginx -V 2>&1 | grep "configure arguments:" |sed 's/[^*]*--user=\([^ ]*\).*/\1/g' -`
if[ -z "`grep $user /etc/passwd`" ]; then
useradd -M -s /bin/nologin $user
fi
options=`$nginx-V 2>&1 | grep 'configure arguments:'`
for opt in $options; do
if [ `echo $opt | grep '.*-temp-path'` ]; then
value=`echo $opt | cut -d "=" -f 2`
if [ ! -d "$value" ]; then
# echo "creating" $value
mkdir -p $value && chown-R $user $value
fi
fi
done
}
start() {
[-x $nginx ] || exit 5
[-f $NGINX_CONF_FILE ] || exit 6
#make_dirs
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[$retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[$retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
sleep 1
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0{start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
chmod +x /etc/init.d/nginx
8.设置nginx开机自启动
chkconfig --add /etc/init.d/nginx
chkconfig nginx on
9.启动、关闭、重置nginx
1)启动
service nginx start
2)关闭
service nginx stop
3)重置
service nginx reload
三、安装PHP
1.用rz上传php-5.6.33.tar.gz到服务器的/usr/local/src
2.安装依赖包
yum install gcc make gd-devel libjpeg-devel libpng-devel libxml2-devel bzip2-devel libcurl-devel bzip2 freetype-devel-y
3.解压
tar xvf php-5.6.33.tar.gz
4.编译安装
./configure --prefix=/mnt/php \
--with-config-file-path=/mnt/php/etc \
--with-bz2 \
--with-curl \
--enable-ftp \
--enable-sockets \
--disable-ipv6 \
--with-gd \
--with-jpeg-dir=/mnt/phpinstall \
--with-png-dir=/mnt/phpinstall \
--with-freetype-dir=/mnt/phpinstall \
--enable-gd-native-ttf \
--with-iconv-dir=/mnt/phpinstall \
--enable-mbstring \
--enable-calendar \
--with-gettext \
--with-libxml-dir=/mnt/phpinstall \
--with-zlib \
--with-pdo-mysql=mysqlnd \
--with-mysqli=mysqlnd \
--with-mysql=mysqlnd \
--enable-dom \
--enable-xml \
--enable-fpm \
--with-libdir=lib64 \
--enable-bcmath
make && make install
5.生成php配置文件
cp php.ini-production /mnt/php/etc/php.ini
cp /mnt/php/etc/php-fpm.conf.default /mnt/php/etc/php-fpm.conf
6.创建php启动脚本
cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
chmod +x /etc/init.d/php-fpm
7.启动php
1)启动
[root@www php-5.6.33]# service php-fpm start
2)验证
netstat -anlpt|grep 9000
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 16849/php-fpm
3)停止
service php-fpm stop
8.设置php开机自启动
chkconfig --add /etc/init.d/php-fpm
chkconfig php-fpm on
四.tomcat安装
请参照tomcat安装及使用_V1.0
五、配置虚拟主机
1.虚拟主机(php)
1)创建虚拟主机目录
mkdir /mnt/nginx/conf.d/
@localhostnginx-1.11.7]#
2)更改配置文件
vi /mnt/nginx/conf/nginx.conf
http {
include /mnt/nginx/conf.d/*.conf; #新增,与server同级
}
###3)添加虚拟主机配置文件
cd /mnt/nginx/conf.d/
vi www.testnginx.com.conf
server {
listen 80;
server_name www.testnginx.com ip;
index index.php index.html index.html;
root /mnt/www;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ .*\.(php)?$
{
expires -1s;
try_files $uri =404;
fastcgi_split_path_info^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param PATH_INFO$fastcgi_path_info;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME$document_root$fastcgi_script_name;
fastcgi_pass 127.0.0.1:9000;
}
}
###4)创建nginx家目录
mkdir /mnt/www
vi /mnt/www/index.php
<
echo"php";
?>
5)验证
server nginx reload
浏览器输入http://www.testnginx.com/index.php
六.反向代理https(tomcat)
1.安装python2.7
1)上传程序包到/user/local/src
http://www.python.org/ftp/python/2.7.8/Python-2.7.8.tar.xz
2)解压
cd /usr/local/src/
tar xf Python-2.7.8.tgz
3)编译安装
cd Python-2.7.8
./configure --prefix=/mnt/python278
make altinstall
4)建立软连接
mv /usr/bin/python /usr/bin/python266
ln -s/mnt/python278/bin/python2.7 /usr/bin/python
5)检查python版本
python
Python 2.7.8 (default, Mar 12 2018,18:48:21)
[GCC 4.4.7 20120313 (Red Hat 4.4.7-18)] onlinux2
Type "help", "copyri
ght", "credits" or"license" for more information.
exit()
6)解决yum无法使用
vi /usr/bin/yum
#!/usr/bin/python266
2.安装git
yum -y install git epel-release
3.利用git从github上拿到最新的代码
mkdir /mnt/letsencrypt
git clone https://github.com/letsencrypt/letsencrypt /mnt/letsencrypt
4.将域名添加到本地解析中
vi /etc/hosts
ip www.testtomcat.com
5.申请ssl证书
申请前要保证443和80端口未被占用,同时保证域名可以解析到主机
cd /mnt/letsencrypt/
./letsencrypt-auto certonly --standalone -d www.testtomcat.com
执行时的错误:
module named virtualenv
解决办法:
cp -rf /usr/lib/python2.6/site-packages/virtualenv* /mnt/python278/lib/python2.7/
6.Let's Encrypt证书的应用
在完成Let's Encrypt证书的生成之后,我们会在"/mnt/letsencrypt/live/[域名]/"域名目录下有4个文件就是生成的密钥证书文件。
Cert.pem - Apache服务器端证书
chain.pem - Apache根证书和中继证书
fullchain.pem - Nginx所需要ssl_certificate文件
privkey.pem - 安全证书KEY文件
如果我们使用的Nginx环境,那就需要用到fullchain.pem和privkey.pem两个证书文件,在部署Nginx的时候需要用到。
ssl_certificate /mnt/letsencrypt/live/www.testtomcat.com/fullchain.pem;
ssl_certificate_key /mnt/letsencrypt/live/www.testtomcat.com/privkey.pem;
比如我们在Nginx环境中,只要将对应的ssl_certificate和ssl_certificate_key路径设置成我们生成的2个文件就可以,最好不要移动和复制文件,因为续期的时候直接续期生成的目录文件就可以,不需要再手工复制。
7.解决Let's Encrypt免费SSL证书有效期问题
我们从生成的文件中可以看到,Let'sEncrypt证书是有效期90天的,需要我们自己手工更新续期才可以。
./letsencrypt-auto certonly --renew-by-default -d www.testtomcat.com
./ letsencrypt-auto renew
这样我们在90天内再去执行一次就可以解决续期问题,这样又可以继续使用90天。如果我们怕忘记的话也可以制作成定时执行任务,比如每个月执行一次。
8.更改配置文件
cd /mnt/nginx/conf.d/
vi www.testtomcat.com
server {
listen 443;
server_name www.testtomcat.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/www.testtomcat.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.testtomcat.com/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://ip:port;
proxy_ssl_server_name on;
proxy_redirect http:// $scheme://;
proxy_set_header HOST $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For$proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}
9.验证
七、nginx重定向
server {
listen 8010;
server_name www.test.com;
location / {
include fastcgi_params;
if ($host ~* www.test.com){
rewrite ^/(.*)$ https://www.test.com$request_uri permanent;
}
}
}
八、fastcgi.conf配置文件参数详解
1)fastcgi_script_name
fastcgi_param SCRIPT_FILENAME fastcgi_script_name;
脚本文件请求的路径,也就是说当访问127.0.0.1/index.php的时候,需要读取网站根目录下面的index.php文件,如果没有配置这一配置项时,nginx不回去网站根目录下访问.php文件,所以返回空白
2)query_string
fastcgi_param QUERY_STRING $query_string;
请求的参数;如?app=123
3)request_method
fastcgi_param REQUEST_METHOD $request_method;
请求的动作(GET,POST)
4)content_type
fastcgi_param CONTENT_TYPE $content_type;
请求头中的Content-Type字段
5)content_length
fastcgi_param CONTENT_LENGTH $content_length;
#请求头中的Content-length字段。
6)fastcgi_script_name
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
脚本名称
7)request_uri
fastcgi_param REQUEST_URI $request_uri;
这个变量等于从客户端发送来的原生请求URI,包括参数。它不可以进行修改
8)document_uri
fastcgi_param DOCUMENT_URI $document_uri;
与$uri相同。这个变量指当前的请求URI,不包括任何参数。这个变量反映任何内部重定向或index模块所做的修改。注意,这和request_uri不同,因$request_uri是浏览器发起的不做任何修改的原生URI。不包括协议及主机名。
9)document_root
fastcgi_param DOCUMENT_ROOT $document_root;
网站的根目录。在server配置中root指令中指定的值
10)server_protocol
fastcgi_param SERVER_PROTOCOL $server_protocol;
请求使用的协议,通常是HTTP/1.0或HTTP/1.1。
11)CGI/1.1& nginx_version
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
cgi 版本
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
nginx 版本号,可修改、隐藏
12)remote_addr
astcgi_param REMOTE_ADDR $remote_addr;
客户端IP
13)remote_port
fastcgi_param REMOTE_PORT $remote_port;
客户端端口
14)server_addr
fastcgi_param SERVER_ADDR $server_addr;
服务器IP地址
15)server_port
fastcgi_param SERVER_PORT $server_port;
服务器端口
16)server_name
fastcgi_param SERVER_NAME $server_name;
服务器名,域名在server配置中指定的server_name
17)path_info
fastcgi_param PATH_INFO $path_info;
可自定义变量
18)配置
不再建议大家使用以下方式:
fastcgi_param SCRIPT_FILENAME $document_root $fastcgi_script_name;
include fastcgi_params;
而使用最新的方式:
include fastcgi.conf;
