實現需求如下:
1. 準備兩臺centos 6,其中一臺機器跑mysql,另外一臺機器跑apache和nginx + php
2. 同時安裝apache和nginx,其中nginx啓動80端口,用來跑靜態對象(圖片、js、css),apache監聽88端口,負責跑動態頁(php相關的),並且需要由nginx代理對外訪問
3. mysql服務器需要開啓慢查詢日誌
4. 搭建discuz、wordpress以及phpmyadmin,域名分別爲bbs.abc.com, blog.abc.com, pma.abc.com
5. 配置discuz的僞靜態(nginx)
6. apache不需要記錄日誌,nginx記錄日誌,但不記錄圖片等靜態頁的日誌,並且配置日誌切割
7. 配置圖片防盜鏈(nginx)
8. 配置圖片緩存7天,js,css緩存1天(nginx)
9. discuz和wordpress訪問後臺限制一下ip白名單,比如只允許192.168.1.100訪問(nginx)
10. phpmyadmin整個站點需要配置用戶認證(nginx)
11. 寫一個mysql備份的腳本,每天5點執行,需要遠程拷貝到web機器上
12. 把除了百度、google外的其他常見搜索引擎蜘蛛封掉,比如(bingbot/2.0、Sogou web spider/4.0、360Spider、YisouSpider、YandexBot/3.0)(nginx)
/usr/local/apache2/conf/extra/httpd-vhosts.conf
NameVirtualHost *:88
<VirtualHost *:88>
DocumentRoot "/www"
ServerName abc.com
ServerAlias www.abc.com
</VirtualHost>
<VirtualHost *:88>
DocumentRoot "/www/discuz"
ServerName bbs.abc.com
ServerAlias www.bbs.abc.com
</VirtualHost>
<VirtualHost *:88>
DocumentRoot "/www/wordpress"
ServerName blog.abc.com
ServerAlias www.blog.abc.com
</VirtualHost>
<VirtualHost *:88>
DocumentRoot "/www/phpadmin"
ServerName pma.abc.com
ServerAlias www.pma.abc.com
</VirtualHost>
bbs.conf
server
{
listen 80;
server_name bbs.abc.com;
index index.html index.htm index.php;
root /www/discuz;
if ($http_user_agent ~ 'bingbot/2.0|MJ12bot/v1.4.2|Spider/3.0|YoudaoBot|Tomato|Gecko/20100315'){
return 403;
}
location ~ admin.php {
allow 192.168.16.16;
deny all;
proxy_pass http://127.0.0.1:88;
proxy_set_header Host $host;
}
location ~ \.php$
{
proxy_pass http://127.0.0.1:88;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
rewrite ^([^\.]*)/topic-(.+)\.html$ $1/portal.php?mod=topic&topic=$2 last;
rewrite ^([^\.]*)/forum-(\w+)-([0-9]+)\.html$ $1/forum.php?mod=forumdisplay&fid=$2&page=$3 last;
rewrite ^([^\.]*)/thread-([0-9]+)-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=viewthread&tid=$2&extra=page%3D$4&page=$3 last;
rewrite ^([^\.]*)/group-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=group&fid=$2&page=$3 last;
rewrite ^([^\.]*)/space-(username|uid)-(.+)\.html$ $1/home.php?mod=space&$2=$3 last;
rewrite ^([^\.]*)/(fid|tid)-([0-9]+)\.html$ $1/index.php?action=$2&value=$3 last;
location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
{
expires 7d;
valid_referers none blocked server_names *.taobao.com *.baidu.com *.google.com *.google.cn *.soso.com ;
if ($invalid_referer) {
# return 403;
rewrite ^/ http://blog.abc.com/;
}
access_log off;
}
location ~ .*\.(js|css)?$
{
expires 24h;
access_log off;
}
deny 192.168.1.0/24;
allow all;
access_log /usr/local/nginx/logs/discuz.log combined_realip;
}
blog.comf
server
{
listen 80;
server_name blog.abc.com;
index index.html index.htm index.php;
root /www/wordpress;
location = / {
proxy_pass http://127.0.0.1:88/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ \.php$
{
proxy_pass http://127.0.0.1:88;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log /usr/local/nginx/logs/wordpress.log combined_realip;
}
pma.conf
server
{
listen 80;
server_name pma.abc.com;
index index.html index.htm index.php;
root /www/phpadmin;
location / {
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
}
location ~ \.php$
{
proxy_pass http://127.0.0.1:88;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log /usr/local/nginx/logs/pma.log combined_realip;
}
日誌切割.sh
#!/bin/bash
#
exec &> /dev/null
d=`date -d "-1 day" +%Y%m%d`
/bin/mv /usr/local/nginx/logs/discuz.log /usr/local/nginx/logs/$d.discuz.log
/usr/local/nginx/sbin/nginx -s reload
find /tmp/ -type f -mtime +30|xargs rm -f