LNMP(三)
第二十二次課 LNMP(三)
目錄
1、Nginx負載均衡
2、ssl原理
3、生成ssl密鑰對
4、Nginx配置ssl
5、php-fpm的pool
6、php-fpm慢執行日誌
7、open_basedir
8、php-fpm進程管理
9、擴展php
1、Nginx負載均衡
nginx的負載均衡實現過程以下html
1.在vhost下添加配置文件proxy.confnginx
[root@bogon ~]# vim /usr/local/nginx/conf/vhost/proxy.conf
//添加以下內容
//upstream指定後端服務器列表
upstream qq_com
{
ip_hash;
//注意,沒法實現ssl鏈接的負載均衡,即443端口的負載均衡。
//服務器的ip是真實的www.qq.com的服務器ip,可經過dig命令得到。
//dig命令的安裝:yum -y install bind-utils
server 111.161.64.40:80;
server 111.161.64.48:80;
}
server
{
listen 80;
server_name www.qq.com;
location /
{
proxy_pass http://qq_com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
//未重啓配置的狀況情測試訪問www.qq.com,訪問的是默認主頁bbb.com
[root@bogon ~]# curl -x127.0.0.1:80 www.qq.com
I am bbb.com
//從新加載配置文件
[root@bogon ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@bogon ~]# /usr/local/nginx/sbin/nginx -s reload
//再次測試訪問www.qq.com,返回的是真實的www.qq.com的首頁代碼。說明代理設置成功。
[root@bogon ~]# curl -x127.0.0.1:80 www.qq.com
<!DOCTYPE html>
<html lang="zh-CN">
<head>
<meta content="text/html; charset=gb2312" http-equiv="Content-Type">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="baidu-site-verification" content="cNitg6enc2">
<title>͚Ѷ˗ҳ</title>
...中間略...
s.parentNode.insertBefore(mta, s);
})();
</script>
</body>
</html><!--[if !IE]>|xGv00|f7b3dea4efd93bda0aee0db548e81e53<![endif]-->[root@bogon ~]#
2、ssl原理
ssl的原理以下圖所示web
過程以下:算法
1.客戶端向服務器發起https請求vim
2.服務器自己須要有一套數字證書(可向互聯上受信任的證書頒發機構申請,收費。也能夠本身生成證書,可是不會被瀏覽器信任,因此須要客戶端驗證經過,才能夠繼續訪問。)後端
3.服務器收到https請求後會將公鑰傳給客戶端。瀏覽器
4.客戶端瀏覽器收到公鑰後會進行合法性驗證。若是證書無效會顯示警告信息。若是是有效的證書,則會產生一串隨機字符串,並用收到的公鑰加密。安全
5.客戶端將加密碼的隨機字符串傳回服務器。服務器端用私鑰解密,得到這串隨機字符串,服務器端再用這串隨機字符串加密傳輸的數據。(這時候的加密方式稱爲對稱加密,服務器加密數據和客戶戶解密數據用的同一把鑰匙,即這串隨機字符串。)服務器
6.服務器端將加密後的數據發送給客戶端,客戶端收到數據後用同一把鑰匙(即隨機字符串解密)將數據解密。
3、生成ssl密鑰對
由於向互聯上受信任的證書頒發機構申請證書是收費的,咱們是僅僅是測試環境,能夠手動生成本身的證書。
過程以下
1.證書的生成須要安裝openssl包,若是沒有,能夠用yum安裝
[root@localhost ~]# yum -y install openssl
2.生成密碼對
[root@localhost ~]# cd /usr/local/nginx/conf/ //生成私鑰tmp.key [root@localhost conf]# openssl genrsa -des3 -out tmp.key Generating RSA private key, 2048 bit long modulus ........................+++ ...+++ e is 65537 (0x10001) //必定要輸入密碼,不然過不去 Enter pass phrase for tmp.key: Verifying - Enter pass phrase for tmp.key: //轉換key,取消密碼 [root@localhost conf]# openssl rsa -in tmp.key -out user01.key Enter pass phrase for tmp.key: writing RSA key [root@localhost conf]# rm -f tmp.key //生成證書請求文件,須要用這個文件和私鑰一塊兒生成公鑰 [root@localhost conf]# openssl req -new -key user01.key -out user01.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:86 State or Province Name (full name) []:guangdong Locality Name (eg, city) [Default City]:jieyang Organization Name (eg, company) [Default Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:authtest.com Email Address []:kennminn@129.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: //生成名爲user01.crt的公鑰 [root@localhost conf]# openssl x509 -req -days 365 -in user01.csr -signkey user01.key -out user01.crt Signature ok subject=/C=86/ST=guangdong/L=jieyang/O=Default Company Ltd/CN=authtest.com/emailAddress=kennminn@129.com Getting Private key
4、Nginx配置ssl
這裏以authtest.com爲例使用本身頒發的證書來配置ssl安全訪問
1.首先檢查一下nginx是否已經編譯了ssl的支持
[root@localhost conf]# /usr/local/nginx/sbin/nginx -V nginx version: nginx/1.14.0 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017 TLS SNI support enabled //若是沒有--with-http_ssl_module,須要從新編譯nginx configure arguments: --user=nginx --group=nginx --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
2.增長配置文件ssl.conf
[root@localhost conf]# vim /usr/local/nginx/conf/vhost/ssl.conf
//內容以下
erver
{
listen 443;
server_name authtest.com;
index index.html index.php;
root /usr/local/nginx/html/authtest.com;
ssl on;
ssl_certificate user01.crt;
ssl_certificate_key user01.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
}
[root@localhost conf]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost conf]# /usr/local/nginx/sbin/nginx -s reload
//防火牆放行443端口的訪問
[root@localhost conf]# firewall-cmd --zone=public --add-port=443/tcp
success
[root@localhost conf]# firewall-cmd --zone=public --add-port=443/tcp --permanent
success
//本地測試
//本地添加host解析
[root@localhost conf]# echo "127.0.0.1 authtest.com" >> /etc/hosts
[root@localhost conf]# cat !$
cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
127.0.0.1 authtest.com
//驗證,訪問成功,提示未受信任的證書,由於是本身頒發的證書,是不被瀏覽器代理信任的。
[root@localhost conf]# curl https://authtest.com
curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
遠程瀏覽器測試
5、php-fpm的pool
能夠經過配置php-fpm的池來隔離不一樣的虛擬主機。
這裏將bbb.com和authtest.com分別放入不一樣的php-fpm池
過程以下
1.修改php-fpm.conf
[root@localhost conf]# vim /usr/local/php-fpm/etc/php-fpm.conf pid = /usr/local/php-fpm/var/run/php-fpm.pid error_log = /usr/local/php-fpm/var/log/php-fpm.log [www] listen = /tmp/php-fcgi.sock #listen = 127.0.0.1:9000 listen.mode = 666 user = php-fpm group = php-fpm pm = dynamic pm.max_children = 50 pm.start_servers = 20 pm.min_spare_servers = 5 pm.max_spare_servers = 35 pm.max_requests = 500 rlimit_files = 1024 //新增authtest池 [authtest] listen = /tmp/authtest.sock listen.mode = 666 user = php-fpm group = php-fpm pm = dynamic pm.max_children = 50 pm.start_servers = 20 pm.min_spare_servers = 5 pm.max_spare_servers = 35 pm.max_requests = 500 rlimit_files = 1024 [root@localhost conf]# /usr/local/php-fpm/sbin/php-fpm -t [06-Jul-2018 02:45:52] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful [root@localhost conf]# /etc/init.d/php-fpm restart [root@localhost ~]# ps aux | grep php-fpm root 1905 0.0 0.4 227308 4964 ? Ss 02:46 0:00 php-fpm: master process (/usr/local/php-fpm/etc/php-fpm.conf) php-fpm 1906 0.0 0.4 227248 4732 ? S 02:46 0:00 php-fpm: pool www php-fpm 1907 0.0 0.4 227248 4732 ? S 02:46 0:00 php-fpm: pool www php-fpm 1908 0.0 0.4 227248 4732 ? S 02:46 0:00 php-fpm: pool www php-fpm 1909 0.0 0.4 227248 4732 ? S 02:46 0:00 php-fpm: pool www php-fpm 1910 0.0 0.4 227248 4736 ? S 02:46 0:00 php-fpm: pool www php-fpm 1911 0.0 0.4 227248 4736 ? S 02:46 0:00 php-fpm: pool www php-fpm 1912 0.0 0.4 227248 4736 ? S 02:46 0:00 php-fpm: pool www php-fpm 1913 0.0 0.4 227248 4736 ? S 02:46 0:00 php-fpm: pool www php-fpm 1914 0.0 0.4 227248 4740 ? S 02:46 0:00 php-fpm: pool www php-fpm 1915 0.0 0.4 227248 4740 ? S 02:46 0:00 php-fpm: pool www php-fpm 1916 0.0 0.4 227248 4740 ? S 02:46 0:00 php-fpm: pool www php-fpm 1917 0.0 0.4 227248 4740 ? S 02:46 0:00 php-fpm: pool www php-fpm 1918 0.0 0.4 227248 4740 ? S 02:46 0:00 php-fpm: pool www php-fpm 1919 0.0 0.4 227248 4740 ? S 02:46 0:00 php-fpm: pool www php-fpm 1920 0.0 0.4 227248 4740 ? S 02:46 0:00 php-fpm: pool www php-fpm 1921 0.0 0.4 227248 4740 ? S 02:46 0:00 php-fpm: pool www php-fpm 1922 0.0 0.4 227248 4740 ? S 02:46 0:00 php-fpm: pool www php-fpm 1923 0.0 0.4 227248 4740 ? S 02:46 0:00 php-fpm: pool www php-fpm 1924 0.0 0.4 227248 4740 ? S 02:46 0:00 php-fpm: pool www php-fpm 1925 0.0 0.4 227248 4740 ? S 02:46 0:00 php-fpm: pool www php-fpm 1926 0.0 0.4 227248 4736 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1927 0.0 0.4 227248 4736 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1928 0.0 0.4 227248 4736 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1929 0.0 0.4 227248 4736 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1930 0.0 0.4 227248 4744 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1931 0.0 0.4 227248 4744 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1932 0.0 0.4 227248 4744 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1933 0.0 0.4 227248 4744 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1934 0.0 0.4 227248 4744 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1935 0.0 0.4 227248 4744 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1936 0.0 0.4 227248 4744 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1937 0.0 0.4 227248 4744 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1938 0.0 0.4 227248 4744 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1939 0.0 0.4 227248 4744 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1940 0.0 0.4 227248 4744 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1941 0.0 0.4 227248 4744 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1942 0.0 0.4 227248 4744 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1943 0.0 0.4 227248 4744 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1944 0.0 0.4 227248 4744 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1945 0.0 0.4 227248 4744 ? S 02:46 0:00 php-fpm: pool authtest root 2012 0.0 0.0 112664 980 pts/1 S+ 02:49 0:00 grep --color=auto php-fpm
2.修改authtest.com.conf配置文件,引用authtest池
location ~ \.php$
{
include fastcgi_params;
//將socket修改成authtest池
fastcgi_pass unix:/tmp/authtest.sock;
# fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html/authtest.com$fastcgi_script_name;
}
3.修改aaa.com.conf配置文件,給bbb.com引用www池
location ~ \.php$
{
include fastcgi_params;
//改成www池的socket
fastcgi_pass unix:php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html/bbb.com$fastcgi_script_name;
}
4.重載配置驗證
[root@localhost ~]# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload [root@localhost ~]# ps aux | grep php-fpm [root@localhost ~]# ps aux | grep php-fpm | grep -v 'grep' root 1905 0.0 0.4 227308 4964 ? Ss 02:46 0:00 php-fpm: master process (/usr/local/php-fpm/etc/php-fpm.conf) php-fpm 1906 0.0 0.4 227248 4732 ? S 02:46 0:00 php-fpm: pool www php-fpm 1907 0.0 0.4 227248 4732 ? S 02:46 0:00 php-fpm: pool www php-fpm 1908 0.0 0.4 227248 4732 ? S 02:46 0:00 php-fpm: pool www php-fpm 1909 0.0 0.4 227248 4732 ? S 02:46 0:00 php-fpm: pool www php-fpm 1910 0.0 0.4 227248 4736 ? S 02:46 0:00 php-fpm: pool www php-fpm 1911 0.0 0.4 227248 4736 ? S 02:46 0:00 php-fpm: pool www php-fpm 1912 0.0 0.4 227248 4736 ? S 02:46 0:00 php-fpm: pool www php-fpm 1913 0.0 0.4 227248 4736 ? S 02:46 0:00 php-fpm: pool www php-fpm 1914 0.0 0.4 227248 4740 ? S 02:46 0:00 php-fpm: pool www php-fpm 1915 0.0 0.4 227248 4740 ? S 02:46 0:00 php-fpm: pool www php-fpm 1916 0.0 0.4 227248 4740 ? S 02:46 0:00 php-fpm: pool www php-fpm 1917 0.0 0.4 227248 4740 ? S 02:46 0:00 php-fpm: pool www php-fpm 1918 0.0 0.4 227248 4740 ? S 02:46 0:00 php-fpm: pool www php-fpm 1919 0.0 0.4 227248 4740 ? S 02:46 0:00 php-fpm: pool www php-fpm 1920 0.0 0.4 227248 4740 ? S 02:46 0:00 php-fpm: pool www php-fpm 1921 0.0 0.4 227248 4740 ? S 02:46 0:00 php-fpm: pool www php-fpm 1922 0.0 0.4 227248 4740 ? S 02:46 0:00 php-fpm: pool www php-fpm 1923 0.0 0.4 227248 4740 ? S 02:46 0:00 php-fpm: pool www php-fpm 1924 0.0 0.4 227248 4740 ? S 02:46 0:00 php-fpm: pool www php-fpm 1925 0.0 0.4 227248 4740 ? S 02:46 0:00 php-fpm: pool www php-fpm 1926 0.0 0.4 227248 4736 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1927 0.0 0.4 227248 4736 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1928 0.0 0.4 227248 4736 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1929 0.0 0.4 227248 4736 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1930 0.0 0.4 227248 4744 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1931 0.0 0.4 227248 4744 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1932 0.0 0.4 227248 4744 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1933 0.0 0.4 227248 4744 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1934 0.0 0.4 227248 4744 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1935 0.0 0.4 227248 4744 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1936 0.0 0.4 227248 4744 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1937 0.0 0.4 227248 4744 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1938 0.0 0.4 227248 4744 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1939 0.0 0.4 227248 4744 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1940 0.0 0.4 227248 4744 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1941 0.0 0.4 227248 4744 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1942 0.0 0.4 227248 4744 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1943 0.0 0.4 227248 4744 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1944 0.0 0.4 227248 4744 ? S 02:46 0:00 php-fpm: pool authtest php-fpm 1945 0.0 0.4 227248 4744 ? S 02:46 0:00 php-fpm: pool authtest
php-fom池的寫法也能夠採用如nginx配置文件的寫法,全局配置與單獨的虛擬主機分隔。
//編輯/usr/local/php-fpm/etc/php-fpm.conf vim /usr/local/php-fpm/etc/php-fpm.conf //將池的配置信息從php-fpm.conf中刪除 [global] pid = /usr/local/php-fpm/var/run/php-fpm.pid error_log = /usr/local/php-fpm/var/log/php-fpm.log //增長一句 include=etc/php-fpm.d/*.conf //新建php-fpm.d/www.conf [root@localhost ~]# mkdir /usr/local/php-fpm/etc/php-fpm.d [root@localhost ~]# vim /usr/local/php-fpm/etc/php-fpm.d/www.conf //添加以下內容 [www] listen = /tmp/php-fcgi.sock #listen = 127.0.0.1:9000 listen.mode = 666 user = php-fpm group = php-fpm pm = dynamic pm.max_children = 50 pm.start_servers = 20 pm.min_spare_servers = 5 pm.max_spare_servers = 35 pm.max_requests = 500 rlimit_files = 1024 //新建php-fpm.d/authtest.conf [root@localhost ~]# vim /usr/local/php-fpm/etc/php-fpm.d/authtest.conf //添加以下內容 [authtest] listen = /tmp/authtest.sock listen.mode = 666 user = php-fpm group = php-fpm pm = dynamic pm.max_children = 50 pm.start_servers = 20 pm.min_spare_servers = 5 pm.max_spare_servers = 35 pm.max_requests = 500 rlimit_files = 1024 [root@localhost php-fpm]# /usr/local/php-fpm/sbin/php-fpm -t [06-Jul-2018 03:24:28] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful [root@localhost php-fpm]# /etc/init.d/php-fpm restart Gracefully shutting down php-fpm . done Starting php-fpm done [root@localhost php-fpm]# ps aux | grep php-fpm | grep -v 'grep' root 2736 0.2 0.4 227336 4976 ? Ss 03:25 0:00 php-fpm: master process (/usr/local/php-fpm/etc/php-fpm.conf) php-fpm 2737 0.0 0.4 227276 4736 ? S 03:25 0:00 php-fpm: pool authtest php-fpm 2738 0.0 0.4 227276 4736 ? S 03:25 0:00 php-fpm: pool authtest php-fpm 2739 0.0 0.4 227276 4736 ? S 03:25 0:00 php-fpm: pool authtest php-fpm 2740 0.0 0.4 227276 4736 ? S 03:25 0:00 php-fpm: pool authtest php-fpm 2741 0.0 0.4 227276 4740 ? S 03:25 0:00 php-fpm: pool authtest php-fpm 2742 0.0 0.4 227276 4740 ? S 03:25 0:00 php-fpm: pool authtest php-fpm 2743 0.0 0.4 227276 4740 ? S 03:25 0:00 php-fpm: pool authtest php-fpm 2744 0.0 0.4 227276 4740 ? S 03:25 0:00 php-fpm: pool authtest php-fpm 2745 0.0 0.4 227276 4744 ? S 03:25 0:00 php-fpm: pool authtest php-fpm 2746 0.0 0.4 227276 4744 ? S 03:25 0:00 php-fpm: pool authtest php-fpm 2747 0.0 0.4 227276 4744 ? S 03:25 0:00 php-fpm: pool authtest php-fpm 2748 0.0 0.4 227276 4744 ? S 03:25 0:00 php-fpm: pool authtest php-fpm 2749 0.0 0.4 227276 4744 ? S 03:25 0:00 php-fpm: pool authtest php-fpm 2750 0.0 0.4 227276 4744 ? S 03:25 0:00 php-fpm: pool authtest php-fpm 2751 0.0 0.4 227276 4744 ? S 03:25 0:00 php-fpm: pool authtest php-fpm 2752 0.0 0.4 227276 4744 ? S 03:25 0:00 php-fpm: pool authtest php-fpm 2753 0.0 0.4 227276 4744 ? S 03:25 0:00 php-fpm: pool authtest php-fpm 2754 0.0 0.4 227276 4744 ? S 03:25 0:00 php-fpm: pool authtest php-fpm 2755 0.0 0.4 227276 4744 ? S 03:25 0:00 php-fpm: pool authtest php-fpm 2756 0.0 0.4 227276 4744 ? S 03:25 0:00 php-fpm: pool authtest php-fpm 2757 0.0 0.4 227276 4740 ? S 03:25 0:00 php-fpm: pool www php-fpm 2758 0.0 0.4 227276 4740 ? S 03:25 0:00 php-fpm: pool www php-fpm 2759 0.0 0.4 227276 4740 ? S 03:25 0:00 php-fpm: pool www php-fpm 2760 0.0 0.4 227276 4740 ? S 03:25 0:00 php-fpm: pool www php-fpm 2761 0.0 0.4 227276 4748 ? S 03:25 0:00 php-fpm: pool www php-fpm 2762 0.0 0.4 227276 4748 ? S 03:25 0:00 php-fpm: pool www php-fpm 2763 0.0 0.4 227276 4748 ? S 03:25 0:00 php-fpm: pool www php-fpm 2764 0.0 0.4 227276 4748 ? S 03:25 0:00 php-fpm: pool www php-fpm 2765 0.0 0.4 227276 4748 ? S 03:25 0:00 php-fpm: pool www php-fpm 2766 0.0 0.4 227276 4748 ? S 03:25 0:00 php-fpm: pool www php-fpm 2767 0.0 0.4 227276 4748 ? S 03:25 0:00 php-fpm: pool www php-fpm 2768 0.0 0.4 227276 4748 ? S 03:25 0:00 php-fpm: pool www php-fpm 2769 0.0 0.4 227276 4748 ? S 03:25 0:00 php-fpm: pool www php-fpm 2770 0.0 0.4 227276 4748 ? S 03:25 0:00 php-fpm: pool www php-fpm 2771 0.0 0.4 227276 4748 ? S 03:25 0:00 php-fpm: pool www php-fpm 2772 0.0 0.4 227276 4748 ? S 03:25 0:00 php-fpm: pool www php-fpm 2773 0.0 0.4 227276 4748 ? S 03:25 0:00 php-fpm: pool www php-fpm 2774 0.0 0.4 227276 4748 ? S 03:25 0:00 php-fpm: pool www php-fpm 2775 0.0 0.4 227276 4748 ? S 03:25 0:00 php-fpm: pool www php-fpm 2776 0.0 0.4 227276 4748 ? S 03:25 0:00 php-fpm: pool www
6、php-fpm慢執行日誌
有時候php的執行很慢,咱們想查找慢的緣由,這能夠經過配置php-fpm的慢執行日誌功能實現。
在authtest中演示
1.編譯authtest.conf
[root@localhost php-fpm]# vim /usr/local/php-fpm/etc/php-fpm.d/authtest.conf [authtest] listen = /tmp/authtest.sock listen.mode = 666 user = php-fpm group = php-fpm pm = dynamic pm.max_children = 50 pm.start_servers = 20 pm.min_spare_servers = 5 pm.max_spare_servers = 35 pm.max_requests = 500 rlimit_files = 1024 //增長下面兩行內容 //request_slowlog_timeout的值通常設爲2秒,這裏只是爲了測試 request_slowlog_timeout = 1 slowlog = /usr/local/php-fpm/var/log/www-slow.log [root@localhost php-fpm]# /usr/local/php-fpm/sbin/php-fpm -t [06-Jul-2018 03:41:52] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful [root@localhost php-fpm]# /etc/init.d/php-fpm restart Gracefully shutting down php-fpm . done Starting php-fpm done //由於listen = /tmp/authtest.sock是被authtest.com引用的, //在authtest.com虛擬主機中新建測試腳本 [root@localhost conf]# vim /usr/local/nginx/html/authtest.com/sleep.php <?php echo "test slow log"; sleep(2); echo "done"; ?> [root@localhost conf]# curl authtest.com/sleep.php test slow logdone [root@localhost conf]# tail /usr/local/php-fpm/var/log/www-slow.log [06-Jul-2018 03:47:22] [pool authtest] pid 2860 //日誌記錄了是sleep.php的第二行執行慢,這是一個sleep函數,睡眠2s script_filename = /usr/local/nginx/html/authtest.com/sleep.php [0x00007f6e4ad77278] sleep() /usr/local/nginx/html/authtest.com/sleep.php:2
7、open_basedir
nginx中也能夠經過php-fpm的open_basedir功能,隔離不一樣的虛擬主機以加強安全性。
有兩種方式定義open_basedir,一種是定義在php.ini中,一種是在虛擬主機配置文件中定義。 在php.ini定義缺少靈活性,因此通常在虛擬主機的配置文件中定義。
這裏以authtest.com虛擬主機爲例配置open_basedir
//編輯authtest.conf [root@localhost php-fpm]# vim /usr/local/php-fpm/etc/php-fpm.d/authtest.conf [authtest] listen = /tmp/authtest.sock listen.mode = 666 user = php-fpm group = php-fpm pm = dynamic pm.max_children = 50 pm.start_servers = 20 pm.min_spare_servers = 5 pm.max_spare_servers = 35 pm.max_requests = 500 rlimit_files = 1024 request_slowlog_timeout = 1 slowlog = /usr/local/php-fpm/var/log/www-slow.log //增長下列語句,basedir必定要定義正確,不然會致使故障。下面會進行演示 php_admin_value[open_basedir]=/usr/local/nginx/html/authtest.com:/tmp/ [root@localhost php-fpm]# /usr/local/php-fpm/sbin/php-fpm -t [06-Jul-2018 04:25:11] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful [root@localhost php-fpm]# /etc/init.d/php-fpm restart Gracefully shutting down php-fpm . done Starting php-fpm done //此時訪問是正常的 [root@localhost php-fpm]# curl authtest.com/sleep.php test slow logdone [root@localhost php-fpm]# [root@localhost php-fpm]# /etc/init.d/php-fpm restart Gracefully shutting down php-fpm . done Starting php-fpm done [root@localhost php-fpm]# curl authtest.com/sleep.php -I HTTP/1.1 200 OK Server: nginx/1.14.0 Date: Fri, 06 Jul 2018 08:35:44 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.6.30 //若basedir配置有問題,這裏故障將authtest.com改爲bbb.com php_admin_value[open_basedir]=/usr/local/nginx/html/bbb.com:/tmp/ [root@localhost php-fpm]# curl authtest.com/sleep.php No input file specified. [root@localhost php-fpm]# curl authtest.com/sleep.php -I HTTP/1.1 404 Not Found Server: nginx/1.14.0 Date: Fri, 06 Jul 2018 08:34:07 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.6.30
爲定位出錯緣由,可經過開啓php的錯誤日誌功能
[root@localhost php-fpm]# vim /usr/local/php-fpm/etc/php.ini //生產將display_errors關閉,調試的時候能夠開啓,這樣能夠直接在瀏覽器看到錯誤 display_errors = Off //增長error_log保存位置, error_log = /usr/local/php-fpm/var/log/error.log //設定日誌的記錄級別爲全部, error_reporting = E_ALL //將/usr/local/php-fpm/var/log/error.log的權限設爲666 //測試 [root@localhost php-fpm]# curl authtest.com/sleep.php -I HTTP/1.1 404 Not Found Server: nginx/1.14.0 Date: Fri, 06 Jul 2018 09:59:45 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.6.30 //日誌,明確顯示open_basedir限制生效,authtest.com路徑不在容許的路徑中 [06-Jul-2018 09:57:25 UTC] PHP Warning: Unknown: open_basedir restriction in effect. File(/usr/local/nginx/html/authtest.com/sleep.php) is not within the allowed path(s): (/usr/local/nginx/html/bbb.com:/tmp/) in Unknown on line 0 [06-Jul-2018 09:57:25 UTC] PHP Warning: Unknown: failed to open stream: Operation not permitted in Unknown on line 0 [06-Jul-2018 09:59:45 UTC] PHP Warning: Unknown: open_basedir restriction in effect. File(/usr/local/nginx/html/authtest.com/sleep.php) is not within the allowed path(s): (/usr/local/nginx/html/bbb.com:/tmp/) in Unknown on line 0 [06-Jul-2018 09:59:45 UTC] PHP Warning: Unknown: failed to open stream: Operation not permitted in Unknown on line 0 //注意,/usr/local/php-fpm/var/log/error.log權限須要666或以上。不然測試的時候報的錯是403,禁止訪問 //日誌 [06-Jul-2018 09:38:12 UTC] PHP Deprecated: Comments starting with '#' are deprecated in Unknown on line 1 in Unknown on line 0 [06-Jul-2018 09:38:26 UTC] PHP Deprecated: Comments starting with '#' are deprecated in Unknown on line 1 in Unknown on line 0
8、php-fpm進程管理
進程管理的配置(以authtest.com爲例)
[root@localhost ~]# cat /usr/local/php-fpm/etc/php-fpm.d/authtest.conf [authtest] listen = /tmp/authtest.sock listen.mode = 666 user = php-fpm group = php-fpm //動態進程管理,也能夠是static pm = dynamic //最大子進程數,ps aux能夠查看 pm.max_children = 50 //啓動服務時會啓動的進程數 pm.start_servers = 20 //空閒時段,最小進程數,若是達到這個數值,php-fpm自動派生新的子進程 pm.min_spare_servers = 5 //空閒時段,最大進程數,若是達到這個數值,php-fpm自動銷燬空閒的子進程 pm.max_spare_servers = 35 //定義一個子進程最多處理的請求數,即在一個php-fpm子進程最多能夠處理這麼多請求,當達到該數值,即退出。 pm.max_requests = 500 rlimit_files = 1024 request_slowlog_timeout = 1 slowlog = /usr/local/php-fpm/var/log/www-slow.log php_admin_value[open_basedir]=/usr/local/nginx/html/bbb.com:/tmp/ //服務開啓時啓動的進程數是20 [root@localhost ~]# ps aux | grep authtest | grep -vc 'grep' 20 [root@localhost ~]# sed -i 's#pm.start_servers = 20#pm.start_servers = 30#' /usr/local/php-fpm/etc/php-fpm.d/authtest.conf [root@localhost ~]# /etc/init.d/php-fpm restart Gracefully shutting down php-fpm . done Starting php-fpm done 修改配置後初始啓動的進程數已經變爲30 [root@localhost ~]# ps aux | grep authtest | grep -vc 'grep' 30
9、擴展
針對請求的uri來代理
http://ask.apelearn.com/question/1049
根據訪問的目錄來區分後端的web
http://ask.apelearn.com/question/920
nginx長鏈接
http://www.apelearn.com/bbs/thread-6545-1-1.html
nginx算法分析
http://blog.sina.com.cn/s/blog_72995dcc01016msi.html
nginx中的root和alias區別
http://blog.csdn.net/21aspnet/article/details/6583335
nginx的alias和root配置
http://www.ttlsa.com/nginx/nginx-root_alias-file-path-configuration/
http://www.iigrowing.cn/shi-yan-que-ren-nginx-root-alias-location-zhi-ling-shi-yong-fang-fa.html
相關文章
- 1. lnmp(三)lnmp架構總結
- 2. LNMP架構(三)
- 3. LNMP架構(三)
- 4. LNMP環境搭建(三):PHP
- 5. 三臺主機搭建lnmp
- 6. K8s---Pod搭建LNMP(三種方法)
- 7. LNMP環境添加第三方模塊
- 8. LNMP架構三(php-fpm的安裝)
- 9. LAMP+LNMP(三)Apache(httpd)安裝實踐
- 10. lnmp php7 搭建線上服務器 三
- 更多相關文章...
- • Spring實例化Bean的三種方法 - Spring教程
- • TCP三次握手建立連接的過程 - TCP/IP教程
- • RxJava操作符(三)Filtering
- • 三篇文章瞭解 TiDB 技術內幕——說存儲
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. lnmp(三)lnmp架構總結
- 2. LNMP架構(三)
- 3. LNMP架構(三)
- 4. LNMP環境搭建(三):PHP
- 5. 三臺主機搭建lnmp
- 6. K8s---Pod搭建LNMP(三種方法)
- 7. LNMP環境添加第三方模塊
- 8. LNMP架構三(php-fpm的安裝)
- 9. LAMP+LNMP(三)Apache(httpd)安裝實踐
- 10. lnmp php7 搭建線上服務器 三