企業真實場景面試題
1.請描述http協議原理
2.描述http://www.baidu.com請求及看到頁面的過程?
用戶訪問網站流程
①用戶訪問網站流程框架
②DNS解析原理
③tcp/ip三次握手
④http協議原理(www服務的請求過程)請求細節,報文細節
⑤大規模網站集羣架構細節
⑥http協議原理
⑦tcp/ip四次揮手
dns:
遞歸:重複調用模塊自身實現循環
迭代:是函數內某段代碼實現循環
http協議:
超文本協議,
www服務
默認端口80
URL---網頁地址
URI---網址 、郵箱地址
URL是URI的子集
靜態網頁
HTML格式的網頁(可以包含圖片、視頻、JS、css)通常被稱爲“靜態網頁”
特點:開發者寫什麼,顯示就是什麼,一旦編寫完成,就不會改變。
特徵:①每個頁面都有一個URL地址,一般以html形式爲後綴,不含問好“?”“&”等特殊符號。
②沒有數據庫,網站製作和維護困難。
③解析快,性能效率高
靜態網頁的架構思想
在高併發、高訪問量的場景下做架構優化,涉及的關鍵環節就是把動態網頁轉成靜態網頁,而不是直接請求數據庫和動態服務器,並且可以把靜態內容推送到前端緩存cdn中提供服務,這樣就可以提升用戶體驗,節約服務器和維護成本。
動態網頁資源
網頁擴展名:asp aspx php jsp do cgi 等。
網頁一般以數據技術爲基礎,大大降低了網站維護工作量
僞靜態網頁
作用:①讓搜索引擎收錄網站內容
②提升用戶訪問體驗
③訪問性能沒有提升,並且轉換僞靜態會消耗資源,因此性能反而下降
網站流量度量術語*****
1.IP
-----獨立IP數是衡量一個網站標準
2.pv
----頁面瀏覽,,是網站訪問頁面數量的一個指標
pv具體度量方法是從客戶瀏覽器發出一個web服務器的請求,web服務器接到這個請求後,將請求對應的一個網頁發送給瀏覽器,就產生一個pv。
3.uv
同一臺客戶端(pc或移動端)訪問網站被計算爲一個訪客,一個只算一次。
企業面試題:
1.描述從瀏覽器打開http://www.baidu.com地址回車發送請求到看到頁面的過程?
Nginx
web服務軟件
反向代理負載均衡
特點:
①可針對靜態資源高速高併發訪問緩存
②可使用反向代理加速,並且可進行數據緩存
③具有簡單負載均衡、節點健康檢查和容錯功能
④支持遠程FastCGI服務的緩存加速
⑤支持FastCGI、Uwsgi 、SCGI、Memcached加速和緩存
⑥支持SSL TLS SNI
⑦具有模塊化的架構:過濾器包括gzip壓縮、ranges支持、chunked響應、XSLT SSI及圖像縮放功能
⑧支持異步網絡IO事件模型
搭建Nginx
mkdir /application -p
mkdir -p /home/hao/tools
yum -y install openssl openssl-devel pcre-devel
useradd nginx -s /sbin/nologin -M
cd /home/hao/tools
http://nginx.org/en/download.html #下載安裝包
tar -xf nginx-1.6.3.tar.gz
cd nginx-1.6.3
./configure --user=nginx --group=nginx --prefix=/application/nginx --with-http_stub_status_module --with-http_ssl_module
make && make install
/application/nginx/sbin/nginx -t #檢查語法,
nginx: the configuration file /application/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx/conf/nginx.conf test is successful
/application/nginx/sbin/nginx #啓動Nginx
測試:
ss -lntup|grep 80
lsof -i:80
wget 127.0.0.1
curl -I 127.0.0.1nginx啓動腳本
[root@www ~]# cat /etc/init.d/nginxd
#!/bin/bash
# chkconfig: 2345 40 85
# descirption: Start/Stop Nginx server
Path=/application/nginx/sbin
pid=/application/nginx/logs/nginx.pid
RETVAL=0
. /etc/init.d/functions
start(){
if [ ! -f $pid ];then
$Path/nginx
RETVAL=$?
if [ $RETVAL -eq 0 ];then
action "nginx is started" /bin/true
return $RETVAL
else
action "nginx is started" /bin/flase
return $RETVAL
fi
else
echo "nginx is running"
return 0
fi
}
stop(){
if [ -f $pid ];then
$Path/nginx -s stop
RETVAL=$?
if [ $RETVAL -eq 0 ];then
action "nginx is stopped" /bin/true
else
action "nginx is stopped" /bin/false
return $RETVAL
fi
else
echo "nginx is no running"
return $RETVAL
fi
}
case "$1" in
start)
start
RETVAL=$?
;;
stop)
stop
RETVAL=$?
;;
restart)
stop
sleep 1
start
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|restart}"
exit 1
esac
exit $RETVAL
基於域名訪問配置:
egrep -v "#|^$" /application/nginx/conf/nginx.conf.default >/application/nginx/conf/nginx.conf
for i in www bbs blog;do mkdir -p /applocation/nginx/html/$i;echo "http://$i.xiaoxue.com" >/applocation/nginx/html/$i/index.html;cat /applocation/nginx/html/$i/index.html;done
[root@web02 nginx]# cat conf/nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name www.xiaoxue.com;
location / {
root html/www;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name bbs.xiaoxue.com;
location / {
root html/bbs;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name blog.xiaoxue.com;
location / {
root html/blog;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
/application/nginx/sbin/nginx -t #檢查語法,
nginx: the configuration file /application/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx/conf/nginx.conf test is successful
/application/nginx/sbin/nginx -s reload #平滑重啓重啓Nginx後檢測策略:
[root@web02 nginx]# cat conf/check_url.sh
#!/bin/bash
#author:lihao 2018/12/8 QQ:592654815
#+++++function split++++++++
. /etc/init.d/functions
function checkURL()
{
checkUrl=$1
echo 'check url start....'
judge=($(curl -I -s --connect-timeout 2 ${checkUrl} |head -1|tr "\r" "\n"))
if [[ "${judge[1]}" == '200' && "${judge[2]}" == 'OK' ]]
then
action "$checkUrl" /bin/true
else
action "$checkUrl" /bin/false
echo -n "retrying again....";sleep 3;
judgeagain=($(curl -I -s --connect-timeout 2 ${checkUrl} |head -1|tr "\r" "\n"))
if [[ "${judgeagain[1]}" == '200' && "${judgeagain[2]}" == 'OK' ]]
then
action "$judgeagain,retried again" /bin/true
else
action "$judgeagain,retried again" /bin/false
fi
fi
sleep 1;
}
#usage method
checkURL http://www.xiaoxue.cominclude模塊
[root@web02 conf]# cat -n nginx.conf
1 worker_processes 1;
2 events {
3 worker_connections 1024;
4 }
5 http {
6 include mime.types;
7 default_type application/octet-stream;
8 sendfile on;
9 keepalive_timeout 65;
10 server {
11 listen 80;
12 server_name www.xiaoxue.com;
13 location / {
14 root html/www;
15 index index.html index.htm;
16 }
17 error_page 500 502 503 504 /50x.html;
18 location = /50x.html {
19 root html;
20 }
21 }
22
23 server {
24 listen 80;
25 server_name bbs.xiaoxue.com;
26 location / {
27 root html/bbs;
28 index index.html index.htm;
29 }
30 error_page 500 502 503 504 /50x.html;
31 location = /50x.html {
32 root html;
33 }
34 }
35 server {
36 listen 80;
37 server_name blog.xiaoxue.com;
38 location / {
39 root html/blog;
40 index index.html index.htm;
41 }
42 error_page 500 502 503 504 /50x.html;
43 location = /50x.html {
44 root html;
45 }
46 }
47 } ```[root@web02 conf]# sed -n '10,21p' nginx.conf >extra/www.conf
[root@web02 conf]# sed -n '23,34p' nginx.conf >extra/bbs.conf
[root@web02 conf]# sed -n '35,46p' nginx.conf >extra/blog.conf
[root@web02 conf]# sed -i '10,46d' nginx.conf
[root@web02 conf]# cat -n nginx.conf
1 worker_processes 1;
2 events {
3 worker_connections 1024;
4 }
5 http {
6 include mime.types;
7 default_type application/octet-stream;
8 sendfile on;
9 keepalive_timeout 65;
10 }
[root@web02 conf]# sed -e '10i include extra/www.conf;\ninclude extra/bbs.conf;\ninclude extra/blog.conf;' nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include extra/www.conf;
include extra/bbs.conf;
include extra/blog.conf;
}
[root@web02 conf]# sed -i '10i include extra/www.conf;\ninclude extra/bbs.conf;\ninclude extra/blog.conf;' nginx.conf
[root@web02 conf]# cat -n nginx.conf
1 worker_processes 1;
2 events {
3 worker_connections 1024;
4 }
5 http {
6 include mime.types;
7 default_type application/octet-stream;
8 sendfile on;
9 keepalive_timeout 65;
10 include extra/www.conf;
11 include extra/bbs.conf;
12 include extra/blog.conf;
13 }
[root@web02 conf]# /application/nginx/sbin/nginx -t
nginx: the configuration file /application/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx/conf/nginx.conf test is successful
[root@web02 conf]# /application/nginx/sbin/nginx -s reload
[root@web02 conf]# curl -I www.xiaoxue.com
HTTP/1.1 200 OK
Server: nginx/1.6.3
Date: Sat, 08 Dec 2018 08:54:16 GMT
Content-Type: text/html
Content-Length: 23
Last-Modified: Sat, 08 Dec 2018 06:36:37 GMT
Connection: keep-alive
ETag: "5c0b6675-17"
Accept-Ranges: bytes
[root@web02 conf]# curl -I bbs.xiaoxue.com
HTTP/1.1 200 OK
Server: nginx/1.6.3
Date: Sat, 08 Dec 2018 08:54:26 GMT
Content-Type: text/html
Content-Length: 23
Last-Modified: Sat, 08 Dec 2018 06:55:13 GMT
Connection: keep-alive
ETag: "5c0b6ad1-17"
Accept-Ranges: bytes
[root@web02 conf]# curl -I blog.xiaoxue.com
HTTP/1.1 200 OK
Server: nginx/1.6.3
Date: Sat, 08 Dec 2018 08:54:34 GMT
Content-Type: text/html
Content-Length: 24
st-Modified: Sat, 08 Dec 2018 06:55:41 GMT
Connection: keep-alive
ETag: "5c0b6aed-18"
Accept-Ranges: bytes
### 創建多別名[root@web02 conf]# curl blog.xiaoxue.com
http://blog.xiaoxue.com
[root@web02 conf]# vim extra/www.conf
1 server {
2 listen 80;
3 server_name www.xiaoxue.com xiaoxue.com;
4 location / {
5 root html/www;
6 index index.html index.htm;
7 }
8 error_page 500 502 503 504 /50x.html;
9 location = /50x.html {
10 root html;
1 }
12 }
"extra/www.conf" 12L, 310C 已寫入
[root@web02 conf]# /application/nginx/sbin/nginx -t
nginx: the configuration file /application/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx/conf/nginx.conf test is successful
[root@web02 conf]# /application/nginx/sbin/nginx -s reload
[root@web02 conf]# curl xiaoxue.com
curl: (7) couldn't connect to host
[root@web02 conf]# vim /etc/hosts
1 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdom
ain4
2 ::1 localhost localhost.localdomain localhost6 localhost6.localdom
ain6
3 172.16.10.22 mba
4 172.16.10.10 backup
5 172.16.10.30 www.xiaoxue.com bbs.xiaoxue.com blog.xiaoxue.com xiaoxue.com
6 172.16.10.40 nfs
7
8
9
10
"/etc/hosts" 12L, 346C 已寫入
[root@web02 conf]# ping xiaoxue.com
PING www.xiaoxue.com (172.16.10.30) 56(84) bytes of data.
64 bytes from www.xiaoxue.com (172.16.10.30): icmp_seq=1 ttl=64 time=0.067 ms
64 bytes from www.xiaoxue.com (172.16.10.30): icmp_seq=2 ttl=64 time=0.044 ms
^C
--- www.xiaoxue.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1928ms
rtt min/avg/max/mdev = 0.044/0.055/0.067/0.013 ms
[root@web02 conf]# curl xiaoxue.com
http://www.xiaoxue.com
### nginx狀態信息功能[root@bogon nginx]# cat conf/extra/status.conf
##status
server {
listen 80;
server_name status.xiaoxue.com;
location / {
stub_status on;
access_log off;
allow 172.16.10.0/24; #允許那個網段訪問
deny all; #拒絕所有
}
}
sed -i '13i include extra/status.conf;' conf/nginx.conf ###插入
檢查語法重啓Nginx
日誌
錯誤日誌:/application/nginx/logs/error.log
[root@bogon logs]# cat ../conf/nginx.conf
worker_processes 1;
error_log logs/error.log;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'; #日誌格式
sendfile on;
keepalive_timeout 65;
include extra/www.conf;
include extra/bbs.conf;
include extra/blog.conf;
include extra/status.conf;
}
access.log 測試
www.conf配置:
erver {
listen 80;
server_name www.xiaoxue.com xiaoxue.com;
location / {
root html/www;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
access_log logs/access_www.log main;
}
### 日誌切割腳本:
實現切割Nginx日誌的思想爲將正在寫入的Nginx日誌(access_www.log)改名爲帶日期的格式文件,然後平滑重啓,生成新的日誌文件(access_www.log),
再通過定時任務每天00點執行一次[root@bogon scripts]# cat cut_nginx_log.sh
#!/bin/bash
Dateformat=date +%Y%m%d
Basedir="/application/nginx"
Nginxlogdir="$Basedir/logs"
Logname="accesswww"
[ -d $Nginxlogdir ] && cd $Nginxlogdir||exit 1
[ -f ${Logname}.log ] || exit 1
/bin/mv ${Logname}.log ${Dateformat}${Logname}.log ||exit 1
$Basedir/sbin/nginx -s reload
cat >>/vat/spool/cron/root <<EOF
#cut nginx access.log by hao
00 00 * /bin/sh /server/scripts/cut_nginx_log.sh >/dev/null 2>&1
EOFNginx location [root@bogon extra]# cat www.conf server { listen 80; server_name www.xiaoxue.com xiaoxue.com; root html/www; location / { return 401; }
location = / {
return 402;
}
location /documents/ {
return 403;
}
location ^~ /images/ {
return 404;
}
location ~* \.(gif|jpg|jpeg)$ {
return 500;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
access_log logs/access_www.log main;}
[root@bogon extra]# /application/nginx/sbin/nginx -t
nginx: the configuration file /application/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx/conf/nginx.conf test is successful
[root@bogon extra]# /application/nginx/sbin/nginx
[root@bogon extra]# lsof -i:80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 1261 root 7u IPv4 9695 0t0 TCP :http (LISTEN)
nginx 1262 nginx 7u IPv4 9695 0t0 TCP :http (LISTEN)
[root@bogon extra]# curl -s -o /dev/null -I -w "%{http_code}\n" http://www.xiaoxue.com
402
[root@bogon extra]# curl -s -o /dev/null -I -w "%{http_code}\n" http://www.xiaoxue.com/
402
[root@bogon extra]# curl -s -o /dev/null -I -w "%{http_code}\n" http://www.xiaoxue.com/index.html
401
[root@bogon extra]# curl -s -o /dev/null -I -w "%{http_code}\n" http://www.xiaoxue.com/documents/document.html
403
[root@bogon extra]# curl -s -o /dev/null -I -w "%{http_code}\n" http://www.xiaoxue.com/images/1.gif
404
[root@bogon extra]# curl -s -o /dev/null -I -w "%{http_code}\n" http://www.xiaoxue.com/images/1.jpg
404
[root@bogon extra]# curl -s -o /dev/null -I -w "%{http_code}\n" http://www.xiaoxue.com/documents/1.jpg
500
[root@bogon extra]# curl -s -o /dev/null -I -w "%{http_code}\n" http://www.xiaoxue.com/hao
401
Nginx rewrite
[root@bogon extra]# cat www.conf
###
server {
listen 80;
server_name xiaoxue.com;
rewrite ^/(.*) http://www.xiaoxue.com/$1 permanent;
}
server {
listen 80;
server_name www.xiaoxue.com xiaoxue.com;
location / {
root html/www;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
access_log logs/access_www.log main;
}
不同域名URL跳轉
[root@bogon extra]# cat blog.conf
server {
listen 80;
server_name blog.xiaoxue.com;
location / {
root html/blog;
index index.html index.htm;
}
if ($http_host ~* "^(.*)\.xiaoxue\.com$") {
set $domain $1;
rewrite ^/(.*) http://www.xiaoxue.com/$domain/lihao.html break;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
創建訪問賬號密碼
[root@www extra]# cat www.conf
###
server {
listen 80;
server_name xiaoxue.com;
rewrite ^/(.*) http://www.xiaoxue.com/$1 permanent;
}
server {
listen 80;
server_name www.xiaoxue.com xiaoxue.com;
location / {
root html/www;
index index.html index.htm;
auth_basic "xiaoxue training";
auth_basic_user_file /application/nginx/conf/htpasswd;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
access_log logs/access_www.log main;
}
[root@www ~]# htpasswd -bc /application/nginx/conf/htpasswd xiaoxue 123
Adding password for user xiaoxue
[root@www ~]# chmod 400 /application/nginx/conf/htpasswd
[root@www ~]# chown nginx /application/nginx/conf/htpasswd
[root@www ~]# ll /application/nginx/conf/htpasswd
-r-------- 1 nginx root 22 12月 13 20:13 /application/nginx/conf/htpasswd
[root@www ~]# cat /application/nginx/conf/htpasswd
xiaoxue:a4P8TcgI1Jzyo #密碼加密的安裝LAMP腳本
https://www.zybuluo.com/q8517220/note/1366655
select user,host from mysql.user;
drop user "root"@"::1";
drop user ""@"localhost";
drop user ""@"www";
drop user "root"@"localhost";
drop user ""@"MySQL";
delete from mysql.user where user=' ' and host='MySQL';
drop database test;
初始數據庫簡單優化
PHP搭建
FastCGI:是一個可伸縮地、高速地在HTTP服務器和動態腳本語言通信的接口(Linux下fastcgi即爲socket)。優點:把動態語言和HTTP服務器分離開來。
重要特點:
①HTTP服務器和動態腳本語言間通信的接口或工具。
②可把動態語言解析和http服務器分離開。
③Nginx、Apache、Lighttpd,以及多數動態語言都支持FastCGI.
④FastCGI接口方式採用C/S結構
⑤PHP動態語言服務器端可以啓動多個FastCGI的守護進程(例如php-fpm mangement)
⑥http服務器通過(例如Nginx fastcgi_pass)FastCGI客戶端和動態語言FastCGI服務器端通信(例如php-fpm)
安裝lib軟件包
[root@www ~]# rpm -qa freetype-devel linpng-devel gd-devel libcurl-devel libxslt-devel
[root@www ~]# rpm -qa zlib-devel libxm12-devel libjpeg-devel libjpeg-turbo-devel libiconv-devel
安裝libiconv庫
wget http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.14.tar.gz
tar -xf libiconv-1.14.tar.gz
cd libiconv-1.14
./configure --prefix=/usr/local/libiconv
make && make install
安裝libmcryt庫
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
yum -y install libmcrypt-devel
安裝mhash #加密擴展庫
yum -y install mhash
yum -y install mcrypt
安裝PHP
http://cn.php.net/downloads.php
[root@www tools]# rz
rz waiting to receive.
zmodem trl+C ȡ
100% 16750 KB 16750 KB/s 00:00:01 0 Errors
[root@www tools]# tar -xf php-5.5.20.tar.gz
[root@www tools]# cd php-5.5.20
[root@www php-5.5.20]#ln -s /application/mysql/lib/libmysqlclient.so.18 /usr/lib64/
[root@www php-5.5.20]#touch ext/phar/phar.phar
[root@www php-5.5.20]# ./configure --prefix=/application/php5.5.20 --with-mysql=/application/mysql --with-xmlrpc --with-openssl --with-zlib --with-freetype-dir --with-gd --with-jpeg-dir --with-png-dir --with-iconv=/usr/local/libiconv --enable-short-tags --enable-sockets --enable-zend-multibyte --enable-soap --enable-mbstring --enable-static --enable-gd-native-ttf --with-curl --with-xsl --enable-ftp --with-libxml-dir --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx
[root@www php-5.5.20]#make && make install
[root@www php-5.5.20]# ln -s /application/php5.5.20/ /application/php
[root@www php-5.5.20]# ls -l /application/php
lrwxrwxrwx 1 root root 23 12月 15 16:35 /application/php -> /application/php5.5.20/
[root@www php-5.5.20]# ls php.ini*
php.ini-development php.ini-production
[root@www php-5.5.20]# cp php.ini-production /application/php/lib/php.ini
[root@www php-5.5.20]# ll /application/php/lib/php.ini
-rw-r--r-- 1 root root 69266 12月 15 17:24 /application/php/lib/php.ini
[root@www php-5.5.20]# cd /application/php/etc/
[root@www etc]# ls
pear.conf php-fpm.conf.default
[root@www etc]# cp php-fpm.conf.default php-fpm.conf
[root@www etc]# /application/php/sbin/php-fpm
[root@www etc]# ps -ef|grep php-fpm
root 47187 1 0 17:25 ? 00:00:00 php-fpm: master process (/application/php5.5.20/etc/php-fpm.conf)
nobody 47188 47187 0 17:25 ? 00:00:00 php-fpm: pool www
nobody 47189 47187 0 17:25 ? 00:00:00 php-fpm: pool www
root 47193 1486 0 17:25 pts/0 00:00:00 grep php-fpm
[root@www etc]# lsof -i:9000
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
php-fpm 47187 root 7u IPv4 212016 0t0 TCP localhost:cslistener (LISTEN)
php-fpm 47188 nobody 0u IPv4 212016 0t0 TCP localhost:cslistener (LISTEN)
php-fpm 47189 nobody 0u IPv4 212016 0t0 TCP localhost:cslistener (LISTEN)
[root@www conf]# cp nginx.conf nginx.conf.02
[root@www conf]# cat nginx.conf
worker_processes 1;
error_log logs/error.log;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
sendfile on;
keepalive_timeout 65;
include extra/www.conf;
include extra/bbs.conf;
include extra/blog.conf;
include extra/status.conf;
}
[root@www conf]# vim extra/blog.conf
server {
listen 80;
server_name blog.xiaoxue.com;
location / {
root html/blog;
index index.html index.htm;
}
location ~ .*\.(php|php5)?$ {
root html/blog;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
if ($http_host ~* "^(.*)\.xiaoxue\.com$") {
set $domain $1;
rewrite ^/(.*) http://www.xiaoxue.com/$domain/lihao.html break;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
"extra/blog.conf" 23L, 574C 已寫入
[root@www conf]# /application/nginx/sbin/nginx -t
nginx: [warn] conflicting server name "xiaoxue.com" on 0.0.0.0:80, ignored
nginx: the configuration file /application/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx/conf/nginx.conf test is successful
[root@www conf]# /application/nginx/sbin/nginx -s reload
nginx: [warn] conflicting server name "xiaoxue.com" on 0.0.0.0:80, ignored
[root@www conf]# cd /application/nginx/html/blog/
[root@www blog]# ls
index.html
[root@www blog]# echo "<?php phpinfo(); ?>" >test_info.php
[root@www blog]# cat test_info.php
<?php phpinfo(); ?>
http://blog.xiaoxue.com/test_info.php #瀏覽器訪問測試創建一個WordPress
mysql> create database wordpress;
Query OK, 1 row affected (0.00 sec)
mysql> show databases like 'wordpress';
+----------------------+
| Database (wordpress) |
+----------------------+
| wordpress |
+----------------------+
1 row in set (0.00 sec)
mysql>grant all on wordpress. to wordpress@'localhost' identified by '123456';
mysql> show grants for wordpress@'localhost';
+------------------------------------------------------------------------------------------------------------------+
| Grants for wordpress@localhost |
+------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON . TO 'wordpress'@'localhost' IDENTIFIED BY PASSWORD '6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' |
| GRANT ALL PRIVILEGES ON wordpress.* TO 'wordpress'@'localhost' |
+------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
mysql> select user,host from mysql.user
-> ;
+-----------+-----------+
| user | host |
+-----------+-----------+
| root | 127.0.0.1 |
| root | localhost |
| wordpress | localhost |
+-----------+-----------+
3 rows in set (0.01 sec)
mysql> quit
Bye
下載WordPress地址:www.wordpress.org
[root@www blog]# pwd
/application/nginx/html/blog
[root@www blog]#tar xf wordpress-4. #解壓
[root@www blog]#mv wordpress/* .
[root@www blog]#chown -R nginx.nginx ../blog/
打開瀏覽器輸入blog.xiaoxue.com ,回車(提前做好host或DNS解析)
[root@www blog]# cat /application/nginx/conf/extra/blog.conf
server {
listen 80;
server_name blog.xiaoxue.com;
location / {
root html/blog;
index index.php index.html index.htm;
location / {
if (-f $request_filename/index.html){
rewrite (.) $1/index.html break;
}
if (-f $request_filename/index.php){
rewrite (.) $1/index.php;
}
if (!-f $request_filename){
rewrite (.) /index.php;
}
}
}
location ~ ..(php|php5)?$ {
root html/blog;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}# if ($http_host ~* "^(.*)\.xiaoxue\.com$") {
# set $domain $1;
# rewrite ^/(.*) http://www.xiaoxue.com/$domain/lihao.html break;
# }
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
[root@www blog]# /application/nginx/sbin/nginx -t
nginx: [warn] conflicting server name "xiaoxue.com" on 0.0.0.0:80, ignored
nginx: the configuration file /application/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx/conf/nginx.conf test is successful
[root@www blog]# /application/nginx/sbin/nginx -s reload
nginx: [warn] conflicting server name "xiaoxue.com" on 0.0.0.0:80, ignoredPHP緩存優化
在LNMP啓動獨立的FCGI即php-fpm進程
流程:
[root@www ~]# echo 'export LC_ALL=C'>>/etc/profile #配置變量
[root@www ~]# tail -1 /etc/profile
export LC_ALL=C
[root@www ~]# source /etc/profile
下載xcache軟件
http://xcache.lighttpd.net/wiki/Release-3.2.0 #下載xcache軟件
tar -xf xcache-3.2.0.tar.bz2
cd xcache-3.2.0
/application/php/bin/phpize
./configure --enable-xcache --with-php-config=/application/php/bin/php-config
make && make install && echo $?
[root@www xcache-3.2.0]# ls -l /application/php5.5.20/lib/php/extensions/no-debug-non-zts-20121212/
total 2208
-rwxr-xr-x 1 root root 1022028 Dec 15 17:20 opcache.a
-rwxr-xr-x 1 root root 538243 Dec 15 17:20 opcache.so
-rwxr-xr-x 1 root root 694804 Dec 16 15:33 xcache.so
ZendOpcache下載地址
http://pecl.php.net/package/ZendOpcache ###ZendOpcache下載地址
wget -q http://pecl.php.net/get/zendopcache-7.0.5.tgz
[root@www tools]# tar -xf zendopcache-7.0.5.tgz
[root@www tools]# cd zendopcache-7.0.5
[root@www zendopcache-7.0.5]# /application/php/bin/phpize
Configuring for:
PHP Api Version: 20121113
Zend Module Api No: 20121212
Zend Extension Api No: 220121212
[root@www zendopcache-7.0.5]# ./configure --enable-opcache --with-php-config=/application/php/bin/php-config
Memcached 安裝
http://pecl.php.net/package/memcache ###下載地址
[root@www tools]# wget -q http://pecl.php.net/get/memcache-2.2.7.tgz
[root@www tools]# tar -xf memcache-2.2.7.tgz
[root@www tools]# cd memcache-2.2.7
[root@www memcache-2.2.7]# /application/php/bin/phpize
Configuring for:
PHP Api Version: 20121113
Zend Module Api No: 20121212
Zend Extension Api No: 220121212
[root@www memcache-2.2.7]# ./configure --enable-mencache --with-php-config=/application/php/bin/php-config
make && make install && echo $?
[root@www tools]# ls -l /application/php5.5.20/lib/php/extensions/no-debug-non-zts-20121212/
total 2468
-rwxr-xr-x 1 root root 258080 Dec 16 16:16 memcache.so
-rwxr-xr-x 1 root root 1022028 Dec 15 17:20 opcache.a
-rwxr-xr-x 1 root root 543241 Dec 16 16:07 opcache.so
-rwxr-xr-x 1 root root 694804 Dec 16 15:33 xcache.so
安裝PDO_MYSQL擴展插件
[root@www tools]# wget -q http://pecl.php.net/get/PDO_MYSQL-1.0.2.tgz
[root@www tools]# tar -xf PDO_MYSQL-1.0.2.tgz
[root@www tools]# cd PDO_MYSQL-1.0.2
[root@www PDO_MYSQL-1.0.2]# /application/php/bin/phpize
Configuring for:
PHP Api Version: 20121113
Zend Module Api No: 20121212
Zend Extension Api No: 220121212
[root@www PDO_MYSQL-1.0.2]# ./configure --with-php-config=/application/php/bin/php-config --with-pdo-mysql=/application/mysql
make
make install
[root@www PDO_MYSQL-1.0.2]# ls -l /application/php5.5.20/lib/php/extensions/no-debug-non-zts-20121212/
total 2624
-rwxr-xr-x 1 root root 258080 Dec 16 16:16 memcache.so
-rwxr-xr-x 1 root root 1022028 Dec 15 17:20 opcache.a
-rwxr-xr-x 1 root root 543241 Dec 16 16:07 opcache.so
-rwxr-xr-x 1 root root 156964 Dec 16 16:44 pdo_mysql.so
-rwxr-xr-x 1 root root 694804 Dec 16 15:33 xcache.so
make 報錯
In file included from /home/hao/tools/PDO_MYSQL-1.0.2/pdo_mysql.c:31:
/home/hao/tools/PDO_MYSQL-1.0.2/php_pdo_mysql_int.h:25:19: error: mysql.h: No such file or directory
In file included from /home/hao/tools/PDO_MYSQL-1.0.2/pdo_mysql.c:31:
/home/hao/tools/PDO_MYSQL-1.0.2/php_pdo_mysql_int.h:36: error: expected specifier-qualifier-list before 'MYSQL'
/home/hao/tools/PDO_MYSQL-1.0.2/php_pdo_mysql_int.h:48: error: expected specifier-qualifier-list before 'MYSQL_FIELD'
/home/hao/tools/PDO_MYSQL-1.0.2/php_pdo_mysql_int.h:53: error: expected specifier-qualifier-list before 'MYSQL_RES'
make: ** [pdo_mysql.lo] Error 1
解決方法:
[root@www PDO_MYSQL-1.0.2]# ln -s /application/mysql-5.5.32/include/ /usr/local/include/
下載imagemagick :
https://www.imagemagick.org/download/releases/?C=M;O=A
tar 解壓
make
make install
下載imagick
http://pecl.php.net/package/imagick
PHP5.5版本要3.12版本額
上傳,解壓(套路同上)
[root@www imagick-3.1.2]# /application/php/bin/phpize
[root@www imagick-3.1.2]# ./configure --with-php-config=/application/php/bin/php-config
make
make install
[root@www imagick-3.1.2]# ll /application/php/lib/php/extensions/no-debug-non-zts-20121212/
total 3696
-rwxr-xr-x 1 root root 1096728 Dec 16 17:39 imagick.so
-rwxr-xr-x 1 root root 258080 Dec 16 16:16 memcache.so
-rwxr-xr-x 1 root root 1022028 Dec 15 17:20 opcache.a
-rwxr-xr-x 1 root root 543241 Dec 16 16:07 opcache.so
-rwxr-xr-x 1 root root 156964 Dec 16 16:44 pdo_mysql.so
-rwxr-xr-x 1 root root 694804 Dec 16 15:33 xcache.so
- with-config-file-path = / application / php5.5.20 / etc''
需要將lib/php.ini複製一份到 / application / php5.5.20/etc/php.ini
cat >>/application/php/lib/php.ini<<EOF
extension = memcache.so
extension = pdo_mysql.so
extension = imagick.so
EOF
檢查是否存在:
[root@bogon ~]# tail -5 /application/php/lib/php.ini
; tab-width: 4
; End:
extension = memcache.so
extension = pdo_mysql.so
extension = imagick.so
[root@bogon ~]# sed -i 's#; extension_dir = "./"#extension_dir = "/application/php5.5.20/lib/php/extensions/no-debug-non-zts-20121212/"#g' /application/php/lib/php.ini
[root@bogon ~]# grep extension_dir /application/php/lib/php.ini
extension_dir = "/application/php5.5.20/lib/php/extensions/no-debug-non-zts-20121212/
; extension_dir = "ext"
; Be sure to appropriately set the extension_dir directive.
;sqlite3.extension_dir =
pkill php-fpm
/application/php/sbin/php-fpm
xcache加速
修改:
[xcache-common]vim /home/hao/tools/xcache-3.2.0/xcache.ini
xcache.size = 256M
xcache.count = 2
xcache.ttl = 86400
xcache.gc_interval = 3600
xcache.var_size = 64M
cat /home/hao/tools/xcache-3.2.0/xcache.ini >>/application/php/lib/php.ini
extension = xcache.so
[xcache.admin]
xcache.admin.enable_auth = On
xcache.admin.user = "mOo"
xcache.admin.pass = "md5 encrypted password"
[xcache]
xcache.shm_scheme = "mmap"
xcache.size = 256M
xcache.count = 2
xcache.slots = 8K
xcache.ttl = 86400
xcache.gc_interval = 3600
xcache.var_size = 64M
xcache.var_count = 1
xcache.var_slots = 8K
xcache.var_ttl = 0
xcache.var_maxttl = 0
[root@bogon lib]# echo -n "123456"|md5sum
e10adc3949ba59abbe56e057f20f883e -
修改php.ini文件
1953 xcache.admin.user = "lihao"
1954 xcache.admin.pass = "e10adc3949ba59abbe56e057f20f883e"
ngnix 優化
隱藏版本號:
在Nginx.cof文件中的http標籤段內加入“server_tokens off;”
[root@www conf]# /application/nginx/sbin/nginx -t
nginx: [warn] conflicting server name "xiaoxue.com" on 0.0.0.0:80, ignored
nginx: the configuration file /application/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx/conf/nginx.conf test is successful
[root@www conf]# /application/nginx/sbin/nginx -s reload
nginx: [warn] conflicting server name "xiaoxue.com" on 0.0.0.0:80, ignored
[root@www conf]# curl -I www.xiaoxue.com
HTTP/1.1 401 Unauthorized
Server: nginx
Date: Sat, 22 Dec 2018 08:09:58 GMT
Content-Type: text/html
Content-Length: 188
Connection: keep-alive
WWW-Authenticate: Basic realm="xiaoxue training
隱藏web軟件名:
修改第一個文件nginx-1.6.3/src/core/nginx.h
修改第二個文件nginx-1.6.3/src/http/ngx_http_header_filter_module.c
grep -n 'Server: nginx' ngx_http_header_filter_module.c
49行 Server: nginx改成Server: OWS
[root@www http]# sed -i 's#Server: nginx#Server: OWS#g' ngx_http_header_filter_module.c
[root@www http]# pwd
/home/hao/tools/nginx-1.6.3/src/http
修改第三個文件:
/nginx-1.6.3/src/http/ngx_http_special_response.c
static u_char ngx_http_error_full_tail[] =
22 "<hr><center>" NGINX_VER " (http:oldboy.blog.51cto.com) </center>" CRLF
23 "</body>" CRLF
24 "</html>" CRLF
25 ;
28 static u_char ngx_http_error_tail[] =
29 "<hr><center>OWS</center>" CRLF
修改完成後重新編譯Nginx
搭建服務器時,worker進程數=CPU的核數,高併發時,可以worker進程提高CPU核數*2
[root@bogon ~]# grep processor /proc/cpuinfo |wc -l
1 #表示1顆CPU1核
[root@bogon ~]# grep 'physical id' /proc/cpuinfo |sort|uniq -c|wc -l
0 #對physical id去重計數
[root@bogon ~]# grep worker_processes /application/nginx/conf/nginx.conf
worker_processes 4; #可修改
[root@bogon ~]# ps -ef |grep nginx |grep -v grep
root 1407 1 0 21:46 ? 00:00:00 nginx: master process /application/nginx/sbin/nginx
nginx 1409 1407 0 21:46 ? 00:00:00 nginx: worker process
nginx 1410 1407 0 21:46 ? 00:00:00 nginx: worker process
nginx 1411 1407 0 21:46 ? 00:00:00 nginx: worker process
nginx 1412 1407 0 21:46 ? 00:00:00 nginx: worker process
Nginx事件處理模型優化
Nginx使用epoll的I/O多路複用模型
events{
use epoll;
worker_connections 20000; #調整單個進程允許的客戶端最大連接數
client_header_buffer_size 4k;
open_file_cache max=2000 inactive=60s;
open_file_cache_valid 60s;
open_file_cache_min_uses 1;
worker_rlimit_nofile 65535; #最大打開文件數
}
server模塊:
fastcgi_cache ngx_fcgi_cache;
fastcgi_cache_valid 200 302 1h;
fastcgi_cache_valid 301 1d;
fastcgi_cache_valid any 1m;
fastcgi_cache_min_users 1;
fastcgi_cache_use_stale error timeout invalid_header http_500;
fastcgi_cache_key http://$host$request_uri;
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
server_tokens off;
sendfile on;
tcp_nodelay on;
client_header_timenout 15;
client_body_timenout 15;
send_timeout 15;
client_max_body_size 8m;
tcp_nopush on;
keepalive_timeout 65;
fastcgi_connect_timeout 240;
fastcgi_send_timeout 240;
fastcgi_read_timeout 240;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
#fastcgi_temp_path /data/ngx_fcgi_tmp;
fastcgi_cache_path /data/ngx_fcgi_cache levels=2:2 keys_zone=ngx_fcgi_cache:512m inactive=1d max_size=40g;
}
nginx gzip功能:
①提升網站用戶體驗
②節約網站帶寬成本
③被壓縮的純文本必須大於1KB,圖片、視頻(流媒體)等文件儘量不要壓縮
Apache服務的mod_defalte
Nginx服務的ngx_http_gzip_module
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/xml text/css application/javascript;
gzip_vary on;
Nginx日誌優化與安全
Nginx access日誌輪詢
[root@bogon scripts]# cat cut_nginx_log.sh
#!/bin/bash
Dateformat=date +%Y%m%d
Basedir="/application/nginx"
Nginxlogdir="$Basedir/logs"
Logname="accesswww"
[ -d $Nginxlogdir ] && cd $Nginxlogdir||exit 1
[ -f ${Logname}.log ] || exit 1
/bin/mv ${Logname}.log ${Dateformat}${Logname}.log ||exit 1
$Basedir/sbin/nginx -s reload
然後加入定時任務,每天0點執行。
cat >>/var/spool/cron/root<<EOF
#cut nginx access.log by hao
00 00 * /bin/sh /server/scripts/cut_nginx_log.sh >/dev/null 2>&1
EOF
不記錄不需要的訪問日誌:
location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 10y;
root html/www;
access_log off;
}
設置logs權限
chown -R root.root /application/nginx/logs/
chmod -R 700 /application/nginx/logs/
利用Nginx配置禁止訪問上傳資源目錄下的PHP SHEEL PERL PYTHON程序文件,這樣用戶即使上傳了**文件也無法執行,從而加強了網站的安全
location ~ ^/images/..(php|php5|sh|pl|py)$
{
deny all;
}
限制網站來源IP訪問
例:禁止某目錄讓外界訪問,但允許某IP訪問該目錄,且支持PHP解析
location ~ ^/hao/ {
allow 202.111.12.211;
deny all;
}
企業問題案例:Nginx做反向代理的時候可以限制客戶端IP嗎?
解答:可以,
方法2:
location / {
root html/www;
index index.html index.htm;
allow 172.16.10.30;
deny all;
auth_basic "xiaoxue training";
auth_basic_user_file /application/nginx/conf/htpasswd;
}
發現某域名惡意解析到公司的服務器IP,添加一下代碼,若多個server則要多處添加
(header信息的host主機名字段非www.xiaoxue.com,就301跳轉到www.xiaoxue.com)
server {
listen 80;
server_name xiaoxue.com;
if ($host !~ ^www/.xiaoxue/.com$){
rewrite ^/(.*) http://www.xiaoxue.com/$1 permanent;
}
}網站資源被盜鏈:
1.對IDC及cdn帶寬做監控報警
2.每天上班重要任務,就是經常查看網站流量圖,關注流量變化,關注異常流量。
3.對訪問日誌做分析,迅速丁文異常流量,並且和公司市場推廣等保持較好的溝通,以便調度帶寬和服務器資源,確保網站正常的訪問體驗。
利用referer針對擴展名rewrite,實現防盜鏈的Nginx配置nginx.conf
location ~ .(gif|jpg|jpeg|png|bmp|swf|mp3|zip|rar|wmv)$
{
valid_referers none blocked .xiaoxue.com xiaoxue.com;
if ($invalid_referer) {
rewrite ^/ http://www.xiaoxue.com/img/nolink.jpg;
}
}
nginx 站點目錄文件和目錄權限優化
防爬蟲:
Block download agents
阻止下載協議代理
if ($http_user_agent ~ LWP::Simple|BBBike|wget) {
return 403;
}
測試禁止不同的瀏覽器軟件訪問
if ($http_user_agent ~ "Firefox|MSIE") {
rewrite ^(.*) http://blog.xiaoxue.com/$1 permanent;
}
Nginx反向代理和負載均衡
爲啥要集羣?
1.高性能
2.價格有效性
3.可伸縮性
4.高可用性
5.透明性
6.可管理性
7.可編程
作用:
172.16.10.10---負載均衡器1
40---負載均衡器2
20--web01
30---web02
搭建Nginx
web1,2配置nginx.conf文件
[root@www conf]# cat nginx.conf
worker_processes 1;
error_log logs/error.log;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name bbs.xiaoxue.org;
location / {
root html/bbs;
index index.html index.htm;
}
access_log logs/access_bbs.log main;
}
server {
listen 80;
server_name www.xiaoxue.org;
location / {
root html/www;
index index.html index.htm;
}
access_log logs/access_www.log main;
}
}
[root@www conf]# mkdir /application/nginx/html/{www,bbs}
[root@www conf]#for dir in www bbs;do echo "`ifconfig eth1|grep -o "172.16.10.[2030]."` $dir" >/application/nginx/html/$dir/index.html;done
[root@www conf]# for dir in www bbs;do cat /application/nginx/html/$dir/index.html;done
172.16.10.30 www #20的 IP這裏就是20了
172.16.10.30 bbs負載均衡器nginx.conf配置
[root@nfs conf]# cat nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream www_server_pools {
server 172.16.10.20:80 weight=1;
server 172.16.10.30:80 weight=1;
}
server {
listen 80;
server_name www.xiaoxue.org;
location / {
proxy_pass http://www_server_pools;proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
}
[root@nfs conf]# /application/nginx/sbin/nginx -t
nginx: the configuration file /application/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx/conf/nginx.conf test is successful
[root@nfs conf]# /application/nginx/sbin/nginx -s reload
[root@nfs conf]# echo "172.16.10.40 www.xiaoxue.org" >>/etc/hosts
[root@nfs conf]# tail -1 /etc/hosts
172.16.10.40 www.xiaoxue.org
[root@nfs conf]# curl www.xiaoxue.org
172.16.10.20 bbs
[root@nfs conf]# curl www.xiaoxue.org
172.16.10.30 bbs
[root@nfs conf]# curl www.xiaoxue.org
172.16.10.20 bbs
[root@nfs conf]# curl www.xiaoxue.org
172.16.10.30 bbs
upstream調度算法:
rr--輪詢(靜態調度算法)
wrr--權重輪詢(靜態調度算法)--weight
ip_hash--(靜態調度算法)
fair--動態調度算法-----響應時間短優先分配
lease-conn---那個分發少就分配給誰
url-hash--根據請求URL分配
一致性hash--一般用於代理後端業務(squid,memcache),根據URI分配
根據URL的目錄中來實現代理轉發,實現動靜分離
[root@www nginx]# cat conf/nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream static_pools {
server 172.16.10.20:80 weight=1;
}
upstream upload_pools {
server 172.16.10.30:80 weight=1;
}
upstream default_pools {
server 172.16.10.50:80 weight=1;
}
server {
listen 80;
server_name www.xiaoxue.org;
location /static/ {
proxy_pass http://static_pools;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /upload {
proxy_pass http://upload_pools;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location / {
proxy_pass http://default_pools;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
}
web01配置測試
[root@www ~]# cd /application/nginx/html/www/
[root@www www]# mkdir static
[root@www www]# echo static_pools >static/index.html
[root@www www]# curl www.xiaoxue.org/static/index.html
static_pools
web02 配置
root@www ~]# cd /application/nginx/html/www/
[root@www www]# mkdir upload
[root@www www]# echo upload_pools >upload/index.html
[root@www www]# curl www.xiaoxue.org/upload/index.html
upload_pools
web03 配置
[root@www ~]# cd /application/nginx/html/www/
[root@www www]# echo default_pools >index.html
[root@localhost www]# curl www.xiaoxue.org
default_pools
根據客戶端設備(user-agent)來轉發
[root@www conf]# cat nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream static_pools {
server 172.16.10.20:80 weight=1;
}
upstream upload_pools {
server 172.16.10.30:80 weight=1;
}
upstream default_pools {
server 172.16.10.50:80 weight=1;
}
server {
listen 80;
server_name www.xiaoxue.org;
location / {
if ($http_user_agent ~* "Edge"){
proxy_pass http://static_pools;
}
if ($http_user_agent ~* "Chrome")
{
proxy_pass http://upload_pools;
}
proxy_pass http://default_pools;
}
include proxy.conf;
}}
根據文件擴展名實現代理轉發
應用場景:如圖片、視頻訪問靜態地址池,PHP,JSP訪問動態地址池
Nginx upstream_check_module模板
wget https://codeload.github.com/yaoweibin/nginx_upstream_check_module/zip/master
unzip master #unzip沒有需要安裝
patch -p1 < ../nginx_upstream_check_module-master/check_1.5.12+.patch
#patch 沒有需要安裝
./configure --user=nginx --group=nginx --prefix=/application/nginx --with-http_stub_status_module --with-http_ssl_module --add-module=../nginx_upstream_check_module-master/
make
mv /application/nginx/sbin/nginx{,.bak}
[root@www nginx-1.6.3]# cp ./objs/nginx /application/nginx/sbin/
/application/nginx/sbin/nginx -t #檢查啓動程序
#cat nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream static_pools {
server 172.16.10.20:80 weight=1;
check interval=3000 rise=2 fall=5 timeout=1000 type=http;
}
upstream upload_pools {
server 172.16.10.30:80 weight=1;
}
upstream default_pools {
server 172.16.10.50:80 weight=1;
}
server {
listen 80;
server_name www.xiaoxue.org;
location / {
if ($http_user_agent ~* "Edge")
{
proxy_pass http://static_pools;
}
if ($http_user_agent ~* "Chrome")
{
proxy_pass http://upload_pools;
}
proxy_pass http://default_pools;
}
include proxy.conf;
location /status {
check_status;
}#location /upload {
proxy_pass http://upload_pools;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location / {
proxy_pass http://default_pools;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}}
keepalived高可用
VRRP---虛擬路由冗餘協議,爲了解決靜態路由的單點故障問題,通過競選機制來將路由的任務交給某臺vrrp路由器
主節點配置:
yum -y install keepalived
[root@www ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {br/>[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id lb01
}
vrrp_instance VI_1 {
state MASTER
interface eth1
virtual_router_id 10
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.10.100/24 dev eth1 label eth1:1
}
}
[root@www~]#ip add|grep 172.16.10.100
inet 172.16.10.100/24 scope global eth1:1
備節點配置:
[root@www ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {br/>[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface eth1
virtual_router_id 10
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.10.100/24 dev eth1 label eth1:1
}
}
[root@nfs ~]# ip add |grep 172.16.10.100
##是沒有內容的,如果有,那就恭喜你出現腦裂了。
可能情況:①是否防火牆阻擋,網絡是否同
②keepalived.conf配置錯誤,例如:virtual_router_id 這個和主要一樣額
檢測:
[root@www ~]# /etc/init.d/keepalived stop
Stopping keepalived: [ OK ]
[root@www ~]# ip add|grep 172.16.10.100
[root@www ~]# /etc/init.d/keepalived start
Starting keepalived: [ OK ]
[root@www ~]# ip add|grep 172.16.10.100
inet 172.16.10.100/24 scope global eth1:1
腦裂---兩臺主機搶佔資源,造成數據不統一
腦裂解決方案:
①如果開啓防火牆,一定要心跳消息通過,一般通過允許IP段的形式解決。
②可以拉一條以太網網線或者串口線作爲主備節點心跳線路的冗餘。
③開發監控程序通過監控軟件檢測腦裂。
雙實例雙主模式:
172.16.10.101爲主,172.16.10.100爲備
[root@nfs ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface eth1
virtual_router_id 10
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.10.100/24 dev eth1 label eth1:1
}
}
vrrp_instance VI_2 {
state MASTER
interface eth1
virtual_router_id 40
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.10.101/24 dev eth1 label eth1:1
}
}
172.16.10.100爲主,172.16.10.101爲備
[root@www ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id lb01
}
vrrp_instance VI_1 {
state MASTER
interface eth1
virtual_router_id 10
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.10.100/24 dev eth1 label eth1:1
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth1
virtual_router_id 40
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.10.101/24 dev eth1 label eth1:1
}
}
Nginx+keepalived
兩臺Nginx負載均衡器統一配置
[root@www ~]# vim /application/nginx/conf/nginx.conf
只是換個server ip換成VIP地址
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
# upstream static_pools {
# server 172.16.10.20:80 weight=1;
# check interval=3000 rise=2 fall=5 timeout=1000 type=http;
# }
# upstream upload_pools {
# server 172.16.10.30:80 weight=1;
# }
upstream default_pools {
server 172.16.10.50:80 weight=1;
server 172.16.10.20:80 weight=1;
server 172.16.10.30:80 weight=1;
}
server {
listen 172.16.10.100:80;
server_name www.xiaoxue.org;
location / {
proxy_pass http://default_pools;
}
include proxy.conf;
location /status {
check_status;
}
#location /upload {
# proxy_pass http://upload_pools;
# proxy_set_header Host $host;
# proxy_set_header X-Forwarded-For $remote_addr;
# }
# location / {
# proxy_pass http://default_pools;
# proxy_set_header Host $host;
# proxy_set_header X-Forwarded-For $remote_addr;
# }
}
}
keepalived配置同上keepalived高可用[root@nfs ~]# /application/nginx/sbin/nginx
nginx: [emerg] bind() to 172.16.10.100:80 failed (99: Cannot assign requested address) #報錯
[root@nfs ~]#echo 'net.ipv4.ip_nonlocal_bind = 1' >> /etc/sysctl.conf
[root@nfs ~]# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key
error: "net.bridge.bridge-nf-call-iptables" is an unknown key
error: "net.bridge.bridge-nf-call-arptables" is an unknown key
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.ip_nonlocal_bind = 1
解決高可用服務只針對物理服務器的問題
[root@bogon ~]# cat /home/hao/scripts/check.nginx.shbr/>#!/bin/bash
#++++++++++++++++++++++++++
#author=lihao
#QQ=592654815
#[email protected]
#++++++++++++++++++++++++++
CONMAND=ss -lntup|grep 80|wc -l
while true
do
if [ $CONMAND -eq 0 ];then
/etc/init.d/keepalived stop
fi
sleep 5
done
Nginx和keepalived都運行的時候再運行腳本
[root@bogon ~]# chmod +x /home/hao/scripts/check.nginx.sh
[root@bogon ~]# sh /home/hao/scripts/check.nginx.sh &
[1] 1101
[root@bogon ~]# ps -ef|grep check|grep -v grep
ot 1101 1056 0 21:19 pts/0 00:00:00 sh /home/hao/scripts/check.nginx.sh
解決多組keepalived組在同一局域網衝突問題
vim/etc/keepalived/keepalived.conf
global_defs {
router_id LVS_19
vrrp_mcast_group4 224.0.0.19
}
配置指定文件接收keepalived日誌
[root@bogon ~]# sed -i 's#KEEPALIVED_OPTIONS="-D"#KEEPALIVED_OPTIONS="-D -d -S 0"#g' /etc/sysconfig/keepalived
vim /etc/rsyslog.conf #編輯這個文件
42行 .info;mail.none;authpriv.none;cron.none;local0.none /var/log
/messages
最後一行添加:
#keepalived
local0. /var/log/keepalived.log
[root@bogon ~]# /etc/init.d/rsyslog restart
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
[root@bogon ~]# /etc/init.d/keepalived restart
Stopping keepalived: [ OK ]
Starting keepalived: [ OK ]
[root@bogon ~]# tail /var/log/keepalived.log
Feb 5 22:23:35 bogon Keepalived_vrrp[1780]: Netlink reflector reports IP fe80::20c:29ff:fecf:7b7 added
Feb 5 22:23:35 bogon Keepalived_vrrp[1780]: Netlink reflector reports IP fe80::20c:29ff:fecf:7c1 added
Feb 5 22:23:35 bogon Keepalived_vrrp[1780]: Registering Kernel netlink reflector
Feb 5 22:23:35 bogon Keepalived_vrrp[1780]: Registering Kernel netlink command channel
Feb 5 22:23:35 bogon Keepalived_vrrp[1780]: Registering gratuitous ARP shared channel
Feb 5 22:23:35 bogon Keepalived_healthcheckers[1779]: Netlink reflector reports IP 172.16.10.40 added
Feb 5 22:23:35 bogon Keepalived_healthcheckers[1779]: Netlink reflector reports IP fe80::20c:29ff:fecf:7b7 added
Feb 5 22:23:35 bogon Keepalived_healthcheckers[1779]: Netlink reflector reports IP fe80::20c:29ff:fecf:7c1 added
Feb 5 22:23:35 bogon Keepalived_healthcheckers[1779]: Registering Kernel netlink reflector
Feb 5 22:23:35 bogon Keepalived_healthcheckers[1779]: Registering Kernel netlink command channel
檢測腦裂腳本:備節點運行
[root@bogon scripts]# cat check_split_brain.sh
#!/bin/bash
lb01_vip=172.16.10.100
lb01_ip=172.16.10.10
while true
do
ping -c 2 -w 3 $lb01_ip &>/dev/null
if [ $? -eq 0 -a ip add|grep "$lb01_vip"|wc -l -eq 1 ]
then
echo "ha is split brain.warning."
else
echo "ha is ok."
fi
sleep 5
done
Memcached
可支持分佈式集羣
工作原理:
memcached是一套類似C/S模式架構的軟件,在服務器端啓動Memcached服務守護進程,可以監聽本地的IP地址、端口號、併發訪問連接數,以及分配了多少內存來處理客戶端的請求。
Socket事件處理機制---採用是異步epoll/kqueue非阻塞I/O網絡模型,實現方式基於異步的libevent事件單進程、單線程模式。使用libevent作爲事件通知機制,應用程序端通過指定服務器的IP地址及端口,就可以連接Memcached服務進行通信。
memcached服務安裝:
yum -y install libevent libevent-devel nc
rpm -qa libevent libevent-devel nc
yum -y install memcached
rpm -qa memcached
memcached-1.4.4-5.el6.x86_64
[root@bogon ~]# memcached -m 16m -p 11211 -d -u root -c 8192 #啓動命令
[root@bogon ~]# lsof -i:11211
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
memcached 1239 root 26u IPv4 10174 0t0 TCP :memcache (LISTEN)
memcached 1239 root 27u IPv6 10175 0t0 TCP :memcache (LISTEN)
memcached 1239 root 28u IPv4 10178 0t0 UDP :memcache
memcached 1239 root 29u IPv6 10179 0t0 UDP :memcache
[root@bogon ~]# ps -ef|grep memcached|grep -v grep
root 1239 1 0 07:23 ? 00:00:00 memcached -m 16m -p 11211 -d -u root -c 8192
[root@bogon ~]# memcached -m 16m -p 11212 -d -u root -c 8192 #啓動2個,支持多實例
[root@bogon ~]# ps -ef|grep memcached|grep -v grep
root 1239 1 0 07:23 ? 00:00:00 memcached -m 16m -p 11211 -d -u root -c 8192
root 1264 1 0 07:24 ? 00:00:00 memcached -m 16m -p 11212 -d -u root -c 8192
#加入開機啓動
[root@bogon ~]# echo "/usr/bin/memcached -m 16m -p 11212 -d -u root -c 8192" >>/etc/rc.local
[root@bogon ~]# echo "/usr/bin/memcached -m 16m -p 11211 -d -u root -c 8192" >>/etc/rc.local
[root@bogon ~]# tail -2 /etc/rc.local
tail: 無法使用 inotify 機制,迴歸爲 polling 機制
/usr/bin/memcached -m 16m -p 11212 -d -u root -c 8192
/usr/bin/memcached -m 16m -p 11211 -d -u root -c 8192
向memcached中寫入數據
[root@bogon ~]# printf "set key1 0 0 6\r\noldboy\r\n"|nc 127.0.0.1 11211
STORED
向memcached中讀取數據
root@bogon ~]# printf "get key1\r\n"|nc 127.0.0.1 11211
VALUE key1 0 6
oldboy #讀取到的key1數據
END
memcached中刪除數據
[root@bogon ~]# printf "delete key1\r\n"|nc 127.0.0.1 11211
DELETED
[root@bogon ~]# printf "get key1\r\n"|nc 127.0.0.1 11211
END
另一種方法
[root@bogon ~]# telnet 127.0.0.1 11211
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
set user01 0 0 7
oldgirl
STORED
get user01
VALUE user01 0 7
oldgirl
END
delete user01
DELETED
get user01
END
quit
Connection closed by foreign host.
關閉memcached: killall 或pkill memcached
多實例的話會被全部幹掉,so指定pid,kill pid
[root@bogon ~]# memcached -m 16m -p 11211 -d -u root -c 8192 -P /var/run/11211.pid
[root@bogon ~]# memcached -m 16m -p 11212 -d -u root -c 8192 -P /var/run/11212.pid
[root@bogon ~]# ps -ef |grep memcached|grep -v grep root 1363 1 0 07:54 ? 00:00:00 memcached -m 16m -p 11211 -d -u root -c 8192 -P /var/run/11211.pid
root 1385 1 0 07:55 ? 00:00:00 memcached -m 16m -p 11212 -d -u root -c 8192 -P /var/run/11212.pid
memcached客戶端
Memcached 安裝
[root@web02 lib]# tail -2 /application/php/lib/php.ini
extension_dir = "/application/php5.5.20/lib/php/extensions/no-debug-non-zts-20121212/"
extension=memcache.so
[root@web03 lib]# pkill php-fpm
[root@web03 lib]# ps -ef |grep php-fpm|grep -v grep
[root@web03 lib]# /application/php/sbin/php-fpm
[root@web03 lib]# ps -ef |grep php-fpm|grep -v grep
root 1685 1 0 09:35 ? 00:00:00 php-fpm: master process (/application/php5.5.20/etc/php-fpm.conf)
nobody 1686 1685 0 09:35 ? 00:00:00 php-fpm: pool www
nobody 1687 1685 0 09:35 ? 00:00:00 php-fpm: pool www
[root@web02 www]# cat op_mem.php
<?php
$memcache = new Memcache;
$memcache->connect('172.16.10.10',11211) or die ("Could not connect Mc server");
$memcache->set('key','oldboy book');
$get = $memcache->get('key');
echo $get;
?>
[root@web02 www]# /application/php/bin/php op_mem.php
oldboy book #表示連接成功
服務端監控腳本:
[root@web02 scripts]# cat mem_mc.sh
#!/bin/bash
export MemcachedIp=$1
export MemcachedPort=$2
export NcCmd="nc $MemcachedIp $MemcachedPort"
export MD5=68b329da9893e34099c7d8ad5cb9c940
USAGE() {
echo "$0 MemcachedIp $MemcachedPort"
exit 3
}
[ $# -ne 2 ] && USAGE
printf "set $MD5 0 0 3\r\nhao\r\n"|$NcCmd >/dev/null 2>&1
if [ $? -eq 0 ];then
if [ `printf "get $MD5\r\n|$NcCmd|grep hao|wc -l"` -eq 1 ];then
echo "Memcached status is ok"
printf "delete $MD5\r\n"|$NcCmd >/dev/null 2>&1
exit 0
else
echo "Memcached status is error."
exit 2
fi
else
echo "Could not connect Mc server"
exit 2
fi [root@www html]# sh /home/hao/scripts/mem_mc.sh 127.0.0.1 11211
Memcached status is ok
[root@www html]# pkill memcached
[root@www html]# sh /home/hao/scripts/mem_mc.sh 127.0.0.1 11211
Could not connect Mc server
[root@www html]# printf "stats\r\n"|nc 127.0.0.1 11211 #查看信息
STAT pid 1207
STAT uptime 341
STAT time 1549504583
STAT version 1.4.4
STAT pointer_size 64
STAT rusage_user 0.000000
STAT rusage_system 0.027995
STAT curr_connections 10
STAT total_connections 15
STAT connection_structures 11
STAT cmd_get 2
STAT cmd_set 1
STAT cmd_flush 0
STAT get_hits 1
STAT get_misses 1
STAT delete_misses 0
STAT delete_hits 1
STAT incr_misses 0
STAT incr_hits 0
STAT decr_misses 0
STAT decr_hits 0
STAT cas_misses 0
STAT cas_hits 0
STAT cas_badval 0
STAT auth_cmds 0
STAT auth_errors 0
STAT bytes_read 59
STAT bytes_written 49
STAT limit_maxbytes 16777216
STAT accepting_conns 1
STAT listen_disabled_num 0
STAT threads 4
STAT conn_yields 0
STAT bytes 0
STAT curr_items 0
STAT total_items 1
STAT evictions 0
END
部署memadmin-1.0.12.tar.gz php工具
tar xf memadmin-1.0.12.tar.gz
mv memadmin /application/nginx/html/
網頁瀏覽:http://172.16.10.10/memadmin
集羣中session共享存儲
nagios監控
服務端安裝
echo 'export LC_ALL=C' >>/etc/profile
tail -1 /etc/profile
source /etc/profile
echo $LC_ALL
關閉iptables 和SElinux
做時間同步:
echo "/5 * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1" >>/var/spool/cron/root
需要的軟件包:
yum -y install gcc glibc glibc-common
yum -y install gd gd-devel
yum -y install httpd php php-gd mysql
#添加nagios,Apache用戶,加入nagcmd用戶組
/usr/sbin/useradd nagios
/usr/sbin/groupadd nagcmd
/usr/sbin/usermod -a -G nagcmd nagios
/usr/sbin/usermod -a -G nagcmd apache
cd /home/hao/tools/
wget https://sourceforge.net/projects/nagios/files/nagios-3.x/nagios-3.5.1/
tar xf nagios-3.5.1
cd nagios
./configure --with-command-group=nagcmd
make all
make install
make install-init
make install-config
make install-commandmode
make install-webconf
htpasswd -bc /usr/local/nagios/etc/htpasswd.users lihao 123456 #設置登錄nagios的賬號密碼
/etc/init.d/httpd reload
重啓httpd服務
瀏覽http://172.16.10.60/nagios
#安裝基礎依賴包,插件
http://nagios-plugins.org/download/ #下載地址
yum -y install perl-devel openssl-devel
[root@localhost tools]# wget http://nagios-plugins.org/download/nagios-plugins-1.4.16.tar.gz
--2019-02-07 11:09:03-- http://nagios-plugins.org/download/nagios-plugins-1.4.16.tar.gz
Resolving nagios-plugins.org... 72.14.186.43
Connecting to nagios-plugins.org|72.14.186.43|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2087089 (2.0M) [application/x-gzip]
Saving to: `nagios-plugins-1.4.16.tar.gz'
100%[======================================>] 2,087,089 777K/s in 2.6s
2019-02-07 11:09:06 (777 KB/s) - `nagios-plugins-1.4.16.tar.gz' saved [2087089/2087089]
[root@localhost tools]# ls
nagios nagios-plugins-1.4.16.tar.gz
[root@localhost tools]# tar xf nagios-plugins-1.4.16.tar.gz
[root@localhost tools]# cd nagios-plugins-1.4.16
[root@localhost nagios-plugins-1.4.16]# ./configure --with-nagios-user=nagios --with-nagios-group=nagios --enable-perl-modules --with-mysql
make && make install
[root@localhost nagios-plugins-1.4.16]# ll /usr/local/nagios/libexec/|wc -l
58
安裝nrpe軟件
wget
https://sourceforge.net/projects/nagios/files/nrpe-2.x/nrpe-2.12/nrpe-2.12.tar.gz
tar -xf nrpe-2.12.tar.gz
cd nrpe-2.12
./configure
make all
make install-plugin
make install-daemon
make install-daemon-config
ls /usr/local/nagios/libexec/check_nrpe
驗證nagios配置文件語法:
[root@localhost ~]# /etc/init.d/nagios checkconfig
Running configuration check... OK.
[root@localhost ~]# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
Total Warnings: 0
Total Errors: 0 #表示正常
Things look okay - No serious problems were detected during the pre-flight check
nagios客戶端安裝
安裝依賴包: yum -y install gcc glibc glibc-common
yum -y install perl-devel perl-CPAN openssl-devel
[root@web03 nagios]# ls
nagios-plugins-1.4.16.tar.gz nrpe-2.12.tar.gz
添加用戶
[root@web03 lib]# mkdir -p /home/hao/tools/nagios
[root@web03 lib]# cd /home/hao/tools/nagios
[root@web03 nagios]# useradd nagios -M -s /sbin/nologin
[root@web03 nagios]# id nagios
uid=894(nagios) gid=894(nagios) groups=894(nagios)
tar xf nagios-plugins-1.4.16.tar.gz
cd nagios-plugins-1.4.16
./configure --with-nagios-user=nagios --with-nagios-group=nagios --enable-perl-modules --with-mysql
make && make install
[root@web03 nagios-plugins-1.4.16]# ll /usr/local/nagios/libexec/|wc -l
60
安裝nrpe
ar xf nrpe-2.12.tar.gz
cd nrpe-2.12
./configure
make all
make install-plugin
make install-daemon
make install-daemon-config
yum -y install dos2unix*
[root@web03 ~]# sed -i 's#allowed_hosts=127.0.0.1#allowed_hosts=127.0.0.1,172.16.10.60#g' /usr/local/nagios/etc/nrpe.cfg
[root@web03 ~]# sed -n '79p' /usr/local/nagios/etc/nrpe.cfg allowed_hosts=127.0.0.1,172.16.10.60
[root@web03 ~]# /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d
[root@web03 ~]# netstat -lntup|grep nrpe
tcp 0 0 0.0.0.0:5666 0.0.0.0:* LISTEN 16964/nrpe
#加入開機啓動
root@web03 ~]# echo "/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d" >> /etc/rc.local
服務端配置
增加三行,註釋一行
vim /usr/local/nagios/etc/nagios.cfg +34
34 cfg_file=/usr/local/nagios/etc/objects/hosts.cfg
35 cfg_file=/usr/local/nagios/etc/objects/services.cfg
36 cfg_dir=/usr/local/nagios/etc/objects/services
37 # Definitions for monitoring the local (Linux) host
38 #cfg_file=/usr/local/nagios/etc/objects/localhost.cfg
[root@localhost etc]# cd objects/
[root@localhost objects]# head -51 localhost.cfg >hosts.cfg
[root@localhost objects]# chown nagios.nagios /usr/local/nagios/etc/objects/hosts.cfg
[root@localhost objects]# touch services.cfg
[root@localhost objects]# chown nagios.nagios /usr/local/nagios/etc/objects/services.cfg
[root@localhost objects]# mkdir services
[root@localhost objects]# chown -R nagios.nagios services
[root@localhost objects]# ls -lrt
total 56
-rw-rw-r-- 1 nagios nagios 10812 Feb 6 17:12 templates.cfg
-rw-rw-r-- 1 nagios nagios 7716 Feb 6 17:12 commands.cfg
-rw-rw-r-- 1 nagios nagios 3208 Feb 6 17:12 timeperiods.cfg
-rw-rw-r-- 1 nagios nagios 5403 Feb 6 17:12 localhost.cfg
-rw-rw-r-- 1 nagios nagios 4019 Feb 6 17:12 windows.cfg
-rw-rw-r-- 1 nagios nagios 3124 Feb 6 17:12 printer.cfg
-rw-rw-r-- 1 nagios nagios 3293 Feb 6 17:12 switch.cfg
-rw-rw-r-- 1 nagios nagios 2169 Feb 6 17:28 contacts.cfg
-rw-r--r-- 1 nagios nagios 1870 Feb 7 13:56 hosts.cfg
-rw-r--r-- 1 nagios nagios 0 Feb 7 13:57 services.cfg
drwxr-xr-x 2 nagios nagios 4096 Feb 7 13:59 services
監控定義
[root@localhost objects]# cat hosts.cfg
define host{
use linux-server
host_name 50-web03
alias 50-web03
address 172.16.10.50
check_command check-host-alive
max_check_attempts 3
normal_check_interval 2
retry_check_interval 2
# check_period 24X7
notification_interval 300
# notification_period 24X7
notification_options d,u,r
contact_groups admins
}
[root@localhost objects]# cat services.cfg
##########
define service {
use generic-service
host_name 50-web03
service_description Disk Partiton
check_command check_nrpe!check_disk
}
define service {
use generic-service
host_name 50-web03
service_description Swap Useage
check_command check_nrpe!check_swap
}
define service {
use generic-service
host_name 50-web03
service_description MEM Useage
check_command check_nrpe!check_mem
}
define service {
use generic-service
host_name 50-web03
service_description Current Load
check_command check_nrpe!check_load
}
define service {
use generic-service
host_name 50-web03
service_description Disk Iostat
check_command check_nrpe!check_iostat!5!11
}
define service {
use generic-service
host_name 50-web03
service_description PING
check_command check_ping!100.0,20%!500.0,60%
}PNP
yum -y install cairo pango zlib zlib-devel freetype freetype-devel gd gd-devel
yum -y install libart_lgpl libart_lgpl-devel
yum -y install rrdtool rrdtool-devel
yum install perl-Time-HiRes per-devel
wget https://sourceforge.net/projects/pnp4nagios/files/PNP/pnp-0.4.14/pnp-0.4.14.tar.gz
tar xf pnp-0.4.14.tar.gz
cd pnp-0.4.14
./configure --with-rrdtool --with-perfdata-dir=/usr/local/nagios/share/perfdata/
make all
make install
瀏覽172.16.10.60/nagios/pnp
修改配置nagios.cfg
vim /usr/local/nagios/etc/nagios.cfg
833 process_performance_data=1 #0改1
845 host_perfdata_command=process-host-perfdata #註釋去掉
846 service_perfdata_command=process-service-perfdata #註釋去掉
修改commands.cfg
[root@localhost pnp-0.4.14]# vim /usr/local/nagios/etc/objects/commands.cfg +227
229 command_name process-host-perfdata
230 command_line /usr/local/nagios/libexec/process_perfdata.pl
231 }
234 # 'process-service-perfdata' command definition
235 define command{
236 command_name process-service-perfdata
237 command_line /usr/local/nagios/libexec/process_perfdata.pl
238 }
239
240 #check_nrpe command definition
<r/local/nagios/etc/objects/commands.cfg" 244L, 7503C written
[root@localhost pnp-0.4.14]# /etc/init.d/nagios reload
Running configuration check...done.
Reloading nagios configuration...done
#添加兩行
[root@localhost objects]# sed -n '154,177p' templates.cfg
name generic-service ; The 'name' of this service template
active_checks_enabled 1 ; Active service checks are enabled
passive_checks_enabled 1 ; Passive service checks are enabled/accepted
process_perf_data 1
parallelize_check 1 ; Active service checks should be parallelized (disabling this can lead to major performance problems)
obsess_over_service 1 ; We should obsess over this service (if necessary)
check_freshness 0 ; Default is to NOT check service 'freshness'
notifications_enabled 1 ; Service notifications are enabled
event_handler_enabled 1 ; Service event handler is enabled
flap_detection_enabled 1 ; Flap detection is enabled
failure_prediction_enabled 1 ; Failure prediction is enabled
process_perf_data 1 ; Process performance data
retain_status_information 1 ; Retain status information across program restarts
retain_nonstatus_information 1 ; Retain non-status information across program restarts
is_volatile 0 ; The service is not volatile
check_period 24x7 ; The service can be checked at any time of the day
max_check_attempts 3 ; Re-check the service up to 3 times in order to determine its final (hard) state
normal_check_interval 10 ; Check the service every 10 minutes under normal conditions
retry_check_interval 2 ; Re-check the service every two minutes until a hard state can be determined
contact_groups admins ; Notifications get sent out to everyone in the 'admins' group
notification_options w,u,c,r ; Send notifications about warning, unknown, critical, and recovery events
notification_interval 60 ; Re-notify about service problems every hour
notification_period 24x7 ; Notifications can be sent out at any time
register 0 ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL SERVICE, JUST A TEMPLATE!
action_url /nagios/pnp/index.php?host=$HOSTNAME$&srv=$SERVICEDESC$
[root@localhost objects]# /etc/init.d/nagios reload
Running configuration check...done.
Reloading nagios configuration...done
實現報警:
[root@localhost objects]# sed -n '28,37p' templates.cfg |sed -r 's#(.);.$#\1#g'
define contact{
name generic-contact
service_notification_period 24x7
host_notification_period 24x7
service_notification_options w,u,c,r,f,s
host_notification_options d,u,r,f,s
service_notification_commands notify-service-by-email
host_notification_commands notify-host-by-email
register 0
}
配置報警郵箱
sed -n '35p' /usr/local/nagios/etc/objects/contacts.cfg
email [email protected] ; <<* CHANGE THIS TO YOUR EMAIL ADDRESS **
[root@localhost nagios]# lsof -i:25
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
master 1140 root 12u IPv4 8976 0t0 TCP localhost:smtp (LISTEN)
master 1140 root 13u IPv6 8977 0t0 TCP localhost:smtp (LISTEN)
郵箱添加:
[root@localhost nagios]# tail /etc/mail.rc
ignore mime-version content-transfer-encoding
# Only include selected header fields when forwarding messages.
fwdretain subject date from to
# For Linux and BSD, this should be set.
set bsdcompat
set [email protected] smtp="smtp.163.com"
set [email protected] smtp-auth-password=lihao520
set smtp-auth=login