架构班(网络班)第一周作业:
1、编译安装LNMP,配置自定义404页面,配置访问日志为json格式。
2、配置虚拟主机,实现https访问
www.x.com(x.com为自己定义的域名)
实验环境:Centos7.5,关闭防火墙和SElinux,ip:192.168.10.14
一、编译安装LNMP
1、安装各种依赖包
[root@rs02 ~]# yum install -y bzip2-devel openssl-devel gnutls-devel gcc gcc-c++ cmake ncurses-devel bison-devel libaio-devel openldap openldap-devel
[root@rs02 ~]# yum install -y autoconf bison libxml2-devel libcurl-devel libevent libevent-devel gd-devel curl expat-devel
安装php加密支持库
[root@rs02 ~]# curl -O http://iweb.dl.sourceforge.net/project/mcrypt/Libmcrypt/2.5.8/libmcrypt-2.5.8.tar.gz
[root@rs02 ~]# tar xf libmcrypt-2.5.8.tar.gz
[root@rs02 ~]# cd libmcrypt-2.5.8 && ./configure && make && make install
2、编译安装nginx
这里使用1.14.0版本
2.1、创建nginx用户、nginx日志存放目录:/mydata/logs/nginx/
[root@rs02 ~]# useradd -r -s /sbin/nologin nginx
[root@rs02 ~]# mkdir /mydata/logs/nginx/ -pv && chown -R nginx.nginx /mydata/logs/nginx/
2.2、下载、编译、安装nginx
[root@rs02 ~]# curl -O
[root@rs02 ~]# tar xf nginx-1.14.0.tar.gz
[root@rs02 ~]# cd nginx-1.14.0
[root@rs02 nginx-1.14.0]# ./configure –prefix=/usr/local/nginx \
–user=nginx \
–group=nginx \
–http-log-path=/mydata/logs/nginx/access.log \
–error-log-path=/mydata/logs/nginx/error.log \
–with-http_ssl_module \
–with-http_realip_module \
–with-http_flv_module \
–with-http_mp4_module \
–with-http_gunzip_module \
–with-http_gzip_static_module \
–with-http_image_filter_module \
–with-http_stub_status_module && make && make install
3、编译安装maraidb
这里使用10.3.7版本源码包
3.1、下载mariadb10.3.7源码包
[root@rs02 ~]# curl -O http://ftp.hosteurope.de/mirror/archive.mariadb.org//mariadb-10.3.7/source/mariadb-10.3.7.tar.gz
3.2、创建mysql用户、数据库安装目录(/usr/local/mysql/)、数据库数据存放目录(/mydata/mariadb/)
[root@rs02 ~]# useradd -r -s /sbin/nologin mysql
[root@rs02 ~]# mkdir /mydata/mariadb/ -pv
[root@rs02 ~]# mkdir /usr/local/mysql/
[root@rs02 ~]# chown -R mysql.mysql /mydata/mariadb/
[root@rs02 ~]# chown -R mysql.mysql /usr/local/mysql/
3.3、解压、编译、安装mariadb
[root@rs02 ~]# tar xf mariadb-10.3.7.tar.gz
[root@rs02 ~]# cd mariadb-10.3.7
[root@rs02 mariadb-10.3.7]# cmake . -DCMAKE_INSTALL_PREFIX=/usr/local/mysql \
-DMYSQL_UNIX_ADDR=/tmp/mysql.sock \
-DMYSQL_DATADIR=/mydata/mariadb \
-DSYSCONFDIR=/etc \
-DMYSQL_USER=mysql \
-DMYSQL_TCP_PORT=3306 \
-DWITH_XTRADB_STORAGE_ENGINE=1 \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_PARTITION_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_MYISAM_STORAGE_ENGINE=1 \
-DWITH_READLINE=1 \
-DENABLED_LOCAL_INFILE=1 \
-DWITH_EXTRA_CHARSETS=all \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci \
-DEXTRA_CHARSETS=all \
-DWITH_BIG_TABLES=1 \
-DWITH_DEBUG=0 && make -j 2 && make -j 2 install
编译安装过程很漫长。
3.4、数据库初始化
[root@rs02 mariadb-10.3.7]# cd /usr/local/mysql/
[root@rs02 mysql]# ./scripts/mysql_install_db –user=mysql –basedir=/usr/local/mysql/ –datadir=/mydata/mariadb/
执行命令,看到OK,就说明初始化成功。
3.5、数据量服务文件配置
mariadb启动服务的文件是在安装目录下的support-files/mysql.server,把它复制到/etc/rc.d/init.d/目录中,并命名为mariadb,然后添加可执行权限,添加到系统服务管理即可。
[root@rs02 mysql]# cp /usr/local/mysql/support-files/mysql.server /etc/rc.d/init.d/mariadb
[root@rs02 mysql]# chmod +x /etc/rc.d/init.d/mariadb
[root@rs02 mysql]# chkconfig –add mariadb
3.6、配置环境变量
为了方便使用mysql命令,所以配置一下环境变量
[root@rs02 mysql]# echo 'export PATH=/usr/local/mysql/bin:$PATH'>/etc/profile.d/mysql.sh
[root@rs02 mysql]# chmod +x /etc/profile.d/mysql.sh
[root@rs02 mysql]# source /etc/profile.d/mysql.sh
3.7、修改mariadb的配置文件:my.cnf
在my.cnf文件中添加数据存放目录、socket存放目录
[root@rs02 mysql]# sed -i 's/datadir=.*/datadir=\/mydata\/mariadb/' /etc/my.cnf
[root@rs02 mysql]# sed -i 's/socket=.*/socket=\/tmp\/mysql.sock/' /etc/my.cnf
3.8、创建日志目录及数据库运行PID目录:/var/run/mysqld/
[root@rs02 mysql]# mkdir /var/log/mariadb/ && chown -R mysql.mysql /var/log/mariadb/
[root@rs02 mysql]# mkdir /var/run/mysqld/ && chown -R mysql.mysql /var/run/mysqld/
3.9、复制mariadb安装后的库文件到/usr/lib目录
[root@rs02 mysql]# cp -r /usr/local/mysql/lib/* /usr/lib/
4、编译安装php
这里使用7.2.7版本
4.1、下载php7.2.7包
[root@rs02 ~]# cd
[root@rs02 ~]# https://www.php.net/distributions/php-7.2.7.tar.gz
4.2、创建php-fpm用户
[root@rs02 ~]# useradd -r -s /sbin/nologin php-fpm
4.3、解压、编译、安装php
[root@rs02 ~]# tar xf php-7.2.7.tar.gz
[root@rs02 ~]# cd php-7.2.7
[root@rs02 php-7.2.7]# ./configure –prefix=/usr/local/php7 \
–with-config-file-path=/etc/php7 \
–with-config-file-scan-dir=/etc/php7.d \
–with-mysqli=mysqlnd \
–with-pdo-mysql=mysqlnd \
–with-mysql-sock=/tmp/mysql.sock \
–with-iconv-dir \
–with-freetype-dir \
–with-jpeg-dir \
–with-png-dir \
–with-zlib \
–with-bz2 \
–with-libxml-dir \
–with-curl \
–with-gd \
–with-openssl \
–with-mhash \
–with-xmlrpc \
–with-pdo-mysql \
–with-libmbfl \
–with-onig \
–with-pear \
–enable-xml \
–enable-bcmath \
–enable-shmop \
–enable-sysvsem \
–enable-inline-optimization \
–enable-mbregex \
–enable-fpm \
–enable-mbstring \
–enable-pcntl \
–enable-sockets \
–enable-zip \
–enable-soap \
–enable-opcache \
–enable-pdo \
–enable-mysqlnd-compression-support \
–enable-maintainer-zts \
–enable-session \
–with-fpm-user=php-fpm \
–with-fpm-group=php-fpm && make -j 2 && make -j 2 install
4.4、配置php.ini文件
复制php解压目录中的php.ini-production文件 到 /etc/php7/目录中
[root@rs02 php-7.2.7]# mkdir /etc/php7{,.d}
[root@rs02 php-7.2.7]# cp php.ini-production /etc/php7/php.ini
[root@rs02 php-7.2.7]# sed -i '/post_max_size/s/8/16/g;/max_execution_time/s/30/300/g;/max_input_time/s/60/300/g;s#\;date.timezone.*#date.timezone \= Asia/Shanghai#g' /etc/php7/php.ini
4.5、配置php-fpm文件
将php解压目录中的sapi/fpm/init.d.php-fpm文件复制 /etc/rc.d/init.d/目录并重命名为php-fpm
[root@rs02 php-7.2.7]# cp sapi/fpm/init.d.php-fpm /etc/rc.d/init.d/php-fpm
[root@rs02 php-7.2.7]# chmod +x /etc/rc.d/init.d/php-fpm
[root@rs02 php-7.2.7]# chkconfig –add php-fpm
4.6、资源池文件配置
默认www.conf膜拜文件放在安装目录下的etc/php-fpm.d/
[root@rs02 php-7.2.7]# cd /usr/local/php7/
[root@rs02 php-7.2.7]# cp etc/php-fpm.conf.default etc/php-fpm.conf
[root@rs02 php-7.2.7]# cp etc/php-fpm.d/www.conf.default etc/php-fpm.d/www.conf
至此,PHP编译安装成功。
演示一下,添加其他模块:安装ldap模块
ldap模块放在php解压后的/ext/ldap目录中。
安装如下:
[root@rs02 php-7.2.7]# cd /root/php-7.2.7/ext/ldap
[root@rs02 ldap]# cp -af /usr/lib64/libldap* /usr/lib/
[root@rs02 ldap]# /usr/local/php7/bin/phpize
[root@rs02 ldap]# ./configure –with-php-config=/usr/local/php7/bin/php-config && make && make install
[root@rs02 ldap]# sed -i '/\;extension=bz2/aextension=ldap.so' /etc/php7/php.ini
5、nginx解析php
5.1修改nginx.conf,将虚拟主机部分单独出来。
虚拟主机配置文件统一放在conf.d目录中。注意备份原始文件。
为了好看,删除nginx.conf注释、空白行,输出重定向为nginx.conf.swp,之后再命名为nginx.conf.
[root@rs02 ldap]# cd /usr/local/nginx
[root@rs02 nginx]# cp conf/nginx.conf{,.bak}
[root@rs02 nginx]# grep -vE "#|^$" conf/nginx.conf>conf/nginx.conf.swp
[root@rs02 nginx]# rm -f conf/nginx.conf
[root@rs02 nginx]# cp conf/nginx.conf.swp conf/nginx.conf
将server配置段从nginx.conf分离出来:
[root@rs02 nginx]# sed -i '/server/,$d' conf/nginx.conf
[root@rs02 nginx]# mkdir conf.d
[root@rs02 nginx]# echo -e 'include /usr/local/nginx/conf.d/*.conf;\n}' >> conf/nginx.conf
5.2、创建虚拟主机配置文件
[root@rs02 nginx]# vim conf.d/server.conf
server {
listen 80;
server_name localhost;
location / {
root /usr/local/nginx/html;
index index.php index.html index.htm;
}
location ~ \.php$ {
root /usr/local/nginx/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
include fastcgi_params;
}
}
5.3、创建网站测试页
默认网站目录为:/usr/local/nginx/html
在此目录中创建index.php文件
[root@rs02 nginx]# vim html/index.php
<?php
$conn = new mysqli('127.0.0.1','root','');
if($conn)
echo "connect maraidb OK…";
else
echo "connect mariadb Fail…";
mysqli_close($conn);
phpinfo();
?>
二、作业部分
1、配置自定义404页面,配置访问日志为json格式。
1.1 自定义404页面配置如下:
修改前面的虚拟主机配置文件:server.conf:
[root@rs02 nginx]# vim conf.d/server.conf
server {
listen 80;
server_name localhost;
location / {
root /usr/local/nginx/html;
index index.php index.html index.htm;
}
error_page 404 403 500 502 503 504 /404.html;
location = /404.html {
root /usr/local/nginx/html;
}
location ~ \.php$ {
root /usr/local/nginx/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
include fastcgi_params;
}
}
在/usr/local/nginx/html目录中创建404.html文件:
[root@rs02 nginx]# vim html/404.html
<!DOCTYPE html>
<html>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<head>
<title>Error</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>错误啦!!!!!!!!!</h1>
<h1>错误啦!!!!!!!!!</h1>
<h1>错误啦!!!!!!!!!</h1>
<h1>错误啦!!!!!!!!!</h1>
启动nginx、mariadb、php服务:
[root@rs02 nginx]# /usr/local/nginx/sbin/nginx
[root@rs02 nginx]# /etc/rc.d/init.d/mariadb start
[root@rs02 nginx]# /etc/rc.d/init.d/php-fpm start
浏览器输入:http://192.168.10.14/haha
效果如下:
1.2配置访问日志为json格式
在nginx的主配置文件nginx.conf中配置日志的json格式:
[root@rs02 nginx]# vim conf/nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
log_format json '{"@timestamp":"$time_iso8601",'
'"@version":"1",'
'"client":"$remote_addr",'
'"url":"$uri",'
'"status":"$status",'
'"domain":"$host",'
'"host":"$server_addr",'
'"size":"$body_bytes_sent",'
'"responsentime":"$request_time",'
'"referer":"$http_referer",'
'"useragent":"$http_user_agent",'
'"upstreampstatus":"$upstream_status",'
'"upstreamaddr":"$upstream_addr",'
'"upstreamresponsetime":"$upstream_response_time"'
'}';
access_log logs/access_json.log json;
include /usr/local/nginx/conf.d/*.conf;
}
日志放在nginx安装目录logs中,文件名为access_json.log。
重新加载配置文件,浏览器打开:192.168.10.14,刷新几次,查看日志:
[root@rs02 nginx]# sbin/nginx -s reload
[root@rs02 ~]# tail /usr/local/nginx/logs/access_json.log
{"@timestamp":"2019-12-02T00:11:56+08:00","@version":"1","client":"192.168.10.1","url":"/404.html","status":"404","domain":"192.168.10.14","host":"192.168.10.14","size":"609","responsentime":"0.000","referer":"-","useragent":"Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko","upstreampstatus":"-","upstreamaddr":"-","upstreamresponsetime":"-"}
2、配置虚拟主机,实现https访问www.x.com(x.com为自己定义的域名)
ssl证书申请:
[root@rs02 ~]# cd /etc/pki/CA/
[root@rs02 CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
….
[root@rs02 CA]# touch serial index.txt
[root@rs02 CA]# echo 01 > serial
[root@rs02 html]# pwd
/usr/local/nginx/html
[root@rs02 html]# (umask 077;openssl genrsa -out nginx.key 1024)
[root@rs02 CA]# openssl ca -in /usr/local/nginx/html/nginx.csr -out nginx.crt -days 3655
[root@rs02 CA]# mv nginx.crt /usr/local/nginx/html/
虚拟主机配置文件修改如下:
自定义域名: www.haha.com
[root@rs02 ~]# vim /usr/local/nginx/conf.d/server.conf
server {
listen 80;
listen 443 ssl;
server_name www.haha.com;
#ssl on;
ssl_certificate /usr/local/nginx/html/nginx.crt;
ssl_certificate_key /usr/local/nginx/html/nginx.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
root /usr/local/nginx/html;
index index.php index.html index.htm;
}
error_page 404 403 500 502 503 504 /404.html;
location = /404.html {
root /usr/local/nginx/html;
}
location ~ \.php$ {
root /usr/local/nginx/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
include fastcgi_params;
}
}
重新reloadnginx,浏览器打开:https://192.168.10.14/
物理机配置hosts解析:
192.168.10.14 www.haha.com
浏览器打开:
https://www.haha.com/
OK,成功。