系统运维——Web 服务器配置详解

avatar
作者
猴君
阅读量:0

1.Web 服务基础介绍

首先我们在浏览器输入一个域名进行DNS解析,一单按下回车之后,这时候客户端就会发起一个httpd request请求,这个request请求就会经过互联网然后经过域名到公网IP上,这个域名是对应的公网IP会进行DNS解析,这个DNS解析会涉及到一个递归和迭代,这个递归和迭代的过程是面试的时候百分之80的时候会问到,我们在浏览器输完一个域名之后都发生了什么。最终我们为什么能够看见这个网站里面的内容,这个是面试会问的。一旦请求到了web服务器之后就到了里面的web server这个web server有可能是nginx有可能是apache,这个web server本身能够处理一些静态请求。静态请求通常是一些index.html的文件。就是index.html文件里面写什么就会显示什么,如果这时候web server有一些内容处理不了,这些内容是有php和java写的,web server就会往后端的application(应用服务器)上转,这些application(应用服务器)就会按照微服的一些功能将他划分开,这个就看用户是需要查看图片还是需要上传资料,如果是需要上传资源就存放到后端的数据库服务中,如果是要查看图片我们就直接响应给用户,如果是要生成订单我们还要将这些订单信息写到数据库中,数据库写完之后后端服务器再把这个请求返回给web server(nginx或者apache ),这时候web server会把请求在返回给用户,这样的话用户就拿到了类似于网站的源代码一样,这个源代码我们在浏览器中可以通过右键去看见,这个源代码就是我们在当前网页中看到的源代码一样,浏览器拿到这个源代码之后会进行渲染成我们用户能看见的界面,这是一个对浏览器访问的时候简单的流程。

1.1互联网发展历段回顾

  • 1993年3月2日,中国科学院高能物理研究所租用AT&T公司的国际卫星信道建立的接入美国SLAC国家实验室的64K专线正式开通,成为我国连入Internet的第一根专线。
  • 1995年马云开始创业并推出了一个web网站——中国黄页。
  • 1999年创建阿里巴巴。官方网址:www.alibabagroup.com
  • 2003年5月10日创立淘宝网。
  • 2004年12月,马云创立第三方网上支付平台支付宝(蚂蚁金服旗下,共有蚂蚁金服支付宝、余额宝、招财宝、蚂蚁聚宝、网商银行、蚂蚁花呗、芝麻信用等子业务板块)。
  • 2009年开始举办双十一购物狂欢节,以下是历年交易成交额:

2009年双十一:5000万元
2010年双十一:9.36亿元
2011年双十一:33.6亿元
2012年双十一:191亿元
2013年双十一:350亿元
2014年双十一:571亿元
2015年双十一:912.17亿元
2016年双十一:1207亿元
2017年双十一:1682.69亿元
2018年双十一:2135亿元
2019年双十一:2684亿元
2020年双十一:4982亿元
2021年双十一:5403亿元
2022年双十一:5571亿元

  • 2012年1月11日淘宝商城正式更名为“天猫”。
  • 2014年9月19日里巴巴集团于纽约证券交易所正式挂牌上市 。

1.2 Web 服务介绍

1.2.1 Apache 经典的 Web 服务端

 Apache起初由美国的伊利诺伊大学香槟分校的国家超级计算机应用中心开发。
目前经历了两大版本分别是1.X和2.X。
其可以通过编译安装实现特定的功能。

1.2.1.1 Apache prefork 模型

  • 预派生模式,有一个主控制进程,然后生成多个子进程,使用select模型,最大并发1024
  • 每个子进程有一个独立的线程响应用户请求。
  • 相对比较占用内存,但是比较稳定,可以设置最大和最小进程数。
  • 是最古老的一种模式,也是最稳定的模式,适用于访问量不是很大的场景。
  • 优点:稳定。
  • 缺点:每个用户请求需要对应开启一个进程,占用资源较多,并发性差,不适用于高并发场景。
1.2.1.2 Apache worker 模型
  • 一种多进程和多线程混合的模型
  • 有一个控制进程,启动多个子进程
  • 每个子进程里面包含固定的线程
  • 使用线程程来处理请求
  • 当线程不够使用的时候会再启动一个新的子进程,然后在进程里面再启动线程处理请求,
  • 由于其使用了线程处理请求,因此可以承受更高的并发
  • 优点:相比prefork 占用的内存较少,可以同时处理更多的请求
  • 缺点:使用keepalive的长连接方式,某个线程会一直被占据,即使没有传输数据,也需要一直等待到超时才会被释放。如果过多的线程,被这样占据,也会导致在高并发场景下的无服务线程可用(该问题在prefork模式下,同样会发生)
1.2.1.3 Apache event模型
  • Apache中最新的模式,2012年发布的apache 2.4.X系列正式支持event 模型,属于事件驱动模型(epoll)
  • 每个进程响应多个请求,在现在版本里的已经是稳定可用的模式
  • 它和worker模式很像,最大的区别在于,它解决了keepalive场景下长期被占用的线程的资源浪费问题(某些线程因为被keepalive,空挂在哪里等待,中间几乎没有请求过来,甚至等到超时)
  • event MPM中,会有一个专门的线程来管理这些keepalive类型的线程
  • 当有真实请求过来的时候,将请求传递给服务线程,执行完毕后,又允许它释放。这样增强了高并发场景下的请求处理能力
  • 优点:单线程响应多请求,占据更少的内存,高并发下表现更优秀,会有一个专门的线程来管理keepalive类型的线程,当有真实请求过来的时候,将请求传递给服务线程,执行完毕后,又允许它释放
  • 缺点:没有线程安全控制

1.2.2 Nginx-高性能的 Web 服务端

Nginx是由1994年毕业于俄罗斯国立莫斯科鲍曼科技大学的同学为俄罗斯rambler.ru公司开发的,开发。工作最早从2002年开始,第一次公开发布时间是2004年10月4日,版本号是0.1.0。 2019年3月11日F5 与 NGINX达成协议,F5 将收购 NGINX 的所有已发行股票,总价值约为 6.7 亿美元。
6.7亿美金约合44.97亿人民币,nginx核心模块代码长度198430(包括空格、注释),所以一行代码约为2.2万人民币。
官网地址 :www.nginx.org
 Nginx历经十几年的迭代更新(https://nginx.org/en/CHANGES), 目前功能已经非常完善且运行稳定,另外Nginx的版本分为开发版、稳定版和过期版,nginx以功能丰富著称,它即可以作为http服务器,也可以作为反向代理服务器或者邮件服务器能够快速的响应静态网页的请求,支持FastCGI/SSL/Virtual Host/URL Rwrite /Gzip / HTTP Basic Auth/http或者TCP的负载均衡(1.9版本以上且开启stream模块)等功能,并且支持第三方的功能扩展。
天猫 淘宝 京东 小米 163 新浪等一线互联网公司都在用Nginx或者进行二次开发
基于Nginx的工作场景:

1.2.3用户访问体验和性能

1.2.3.1用户访问体验统计

互联网存在用户速度体验的1-3-10原则,即1秒最优,1-3秒较优,3~10秒比较慢,10秒以上用户无法接受。用户放弃一个产品的代价很低,只是换一个URL而已。

全球最大搜索引擎 Google:慢500ms = 20% 将放弃访问。
全球最大的电商零售网站亚马逊:慢100ms = 1% 将放弃交易
有很多研究都表明,性能对用户的行为有很大的影响:
79%的用户表示不太可能再次打开一个缓慢的网站
47%的用户期望网页能在2秒钟以内加载
40%的用户表示如果加载时间超过三秒钟,就会放弃这个网站
页面加载时间延迟一秒可能导致转换损失7%,页面浏览量减少11%
 8秒定律:用户访问一个网站时,如果等待网页打开的时间超过8秒,会有超过30%的用户放弃等待

影响用户体验的因素:

1.客户端
客户端硬件配置
客户端网络速率
客户端与服务端距离
2.服务器
服务端网络速率
服务端硬件配置
服务端架构设计
服务端应用程序工作模式
服务端并发数量服务端响应文件大小及数量 buffer cache
服务端I/O压力1.2.4 服务端 I/O 流程

1.2.4 服务烤 I/O 流程

I/O在计算机中指Input/Output, IOPS (Input/Output Per Second)即每秒的输入输出量(或读写次数),是衡量磁盘性能的主要指标之一。IOPS是指单位时间内系统能处理的I/O请求数量,一般以每秒处理的I/O请求数量为单位,I/O请求通常为读或写数据操作请求。
一次完整的I/O是用户空间的进程数据与内核空间的内核数据的报文的完整交换,但是由于内核空间与用户空间是严格隔离的,所以其数据交换过程中不能由用户空间的进程直接调用内核空间的内存数据,而是需要经历一次从内核空间中的内存数据copy到用户空间的进程内存当中,所以简单说I/O就是把数据从内核空间中的内存数据复制到用户空间中进程的内存当中。


服务器的I/O:

磁盘I/O
网络I/O : 一切皆文件,本质为对socket文件的读写

1.2.4.1 磁盘 I/O

磁盘I/O是进程向内核发起系统调用,请求磁盘上的某个资源比如是html 文件或者图片,然后内核通过相应的驱动程序将目标文件加载到内核的内存空间,加载完成之后把数据从内核内存再复制给进程内存,如果是比较大的数据也需要等待时间。


机械磁盘的寻道时间、旋转延迟和数据传输时间:

  • 寻道时间:

是指磁头移动到正确的磁道上所花费的时间,寻道时间越短则I/O处理就越快,目前磁盘的寻道时间一般在3-15毫秒左右。

  • 旋转延迟:

是指将磁盘片旋转到数据所在的扇区到磁头下面所花费的时间,旋转延迟取决于磁盘的转速,通常使用磁盘旋转一周所需要时间的1/2之一表示,比如7200转的磁盘平均训传延迟大约为
60*1000/7200/2=4.17毫秒,公式的意思为 (每分钟60秒*1000毫秒每秒/7200转每分/2),如果是
15000转的则为60*1000/15000/2=2毫秒。

  • 数据传输时间:

指的是读取到数据后传输数据的时间,主要取决于传输速率,这个值等于数据大小除以传输速
率,目前的磁盘接口每秒的传输速度可以达到600MB,因此可以忽略不计。

  • 常见的机械磁盘平均寻道时间值:

7200转/分的磁盘平均物理寻道时间:9毫秒
10000转/分的磁盘平均物理寻道时间:6毫秒
15000转/分的磁盘平均物理寻道时间:4毫秒

  • 常见磁盘的平均延迟时间:

7200转的机械盘平均延迟:60*1000/7200/2 = 4.17ms
10000转的机械盘平均延迟:60*1000/10000/2 = 3ms
15000转的机械盘平均延迟:60*1000/15000/2 = 2ms

  • 每秒最大IOPS的计算方法:

7200转的磁盘IOPS计算方式:1000毫秒/(9毫秒的寻道时间+4.17毫秒的平均旋转延迟时
间)=1000/13.13=75.9 IOPS
10000转的磁盘的IOPS计算方式:1000毫秒/(6毫秒的寻道时间+3毫秒的平均旋转延迟时
间)=1000/9=111IOPS
15000转的磁盘的IOPS计算方式:15000毫秒/(4毫秒的寻道时间+2毫秒的平均旋转延迟时
间)=1000/6=166.6 IOPS 

1.2.4.2 网络 I/O

网络通信就是网络协议栈到用户空间进程的IO就是网络IO。

  • 网络I/O 处理过程

获取请求数据,客户端与服务器建立连接发出请求,服务器接受请求(1-3)
构建响应,当服务器接收完请求,并在用户空间处理客户端的请求,直到构建响应完成(4)
返回数据,服务器将已构建好的响应再通过内核空间的网络 I/O 发还给客户端(5-7)

  • 不论磁盘和网络I/O

每次I/O,都要经由两个阶段:
第一步:将数据从文件先加载至内核内存空间(缓冲区),等待数据准备完成,时间较长
第二步:将数据从内核缓冲区复制到用户空间的进程的内存中,时间较短

1.3 I/O 模型

1.3.1 I/O 模型相关概念

同步/异步:关注的是消息通信机制,即调用者在等待一件事情的处理结果时,被调用者是否提供完成状态的通知。

  • 同步:

synchronous,被调用者并不提供事件的处理结果相关的通知消息,需要调用者主动询问事
情是否处理完成

  • 异步:

asynchronous,被调用者通过状态、通知或回调机制主动通知调用者被调用者的运行状态 

阻塞/非阻塞:关注调用者在等待结果返回之前所处的状态

  • 阻塞:

blocking,指IO操作需要彻底完成后才返回到用户空间,调用结果返回之前,调用者被挂
起,干不了别的事情。

  • 非阻塞:

nonblocking,指IO操作被调用后立即返回给用户一个状态值,而无需等到IO操作彻底完
成,在最终的调用结果返回之前,调用者不会被挂起,可以去做别的事情。

1.3.2 网络 I/O 模型

阻塞型、非阻塞型、复用型、信号驱动型、异步。 

1.3.2.1 阻塞型 I/O 模型(blocking lO)
  • 特点

阻塞IO模型是最简单的I/O模型,用户线程在内核进行IO操作时被阻塞
用户线程通过系统调用read发起I/O读操作,由用户空间转到内核空间。内核等到数据包到达后,然
后将接收的数据拷贝到用户空间,完成read操作
用户需要等待read将数据读取到buffer后,才继续处理接收的数据。整个I/O请求的过程中,用户线
程是被阻塞的,这导致用户在发起IO请求时,不能做任何事情,对CPU的资源利用率不够

  • 优点:

程序简单,在阻塞等待数据期间进程/线程挂起,基本不会占用 CPU 资源

  • 缺点:

每个连接需要独立的进程/线程单独处理,当并发请求量大时为了维护程序,内存、线程切换开销
较apache 的preforck使用的是这种模式。

  • 同步阻塞:

程序向内核发送I/O请求后一直等待内核响应,如果内核处理请求的IO操作不能立即返回,则进程将一直等待并不再接受新的请求,并由进程轮询查看I/O是否完成,完成后进程将I/O结果返回给
Client,在IO没有返回期间进程不能接受其他客户的请求,而且是有进程自己去查看I/O是否完成,这种方式简单,但是比较慢,用的比较少。 

1.3.2.2 非阻塞型 I/O 模型 (nonblocking IO) 

用户线程发起IO请求时立即返回。但并未读取到任何数据,用户线程需要不断地发起IO请求,直到数据到达后,才真正读取到数据,继续执行。即 “轮询”机制存在两个问题:如果有大量文件描述符都要等,那么就得一个一个的read。这会带来大量的Context Switch(read是系统调用,每调用一次就得在用户态和核心态切换一次)。轮询的时间不好把握。这里是要猜多久之后数据才能到。等待时间设的太长,程序响应延迟就过大;设的太短,就会造成过于频繁的重试,干耗CPU而已,是比较浪费CPU的方式,一般很少直接使用这种模型,而是在其他IO模型中使用非阻塞IO这一特性。


非阻塞:程序向内核发送请I/O求后一直等待内核响应,如果内核处理请求的IO操作不能立即返回IO结果,进程将不再等待,而且继续处理其他请求,但是仍然需要进程隔一段时间就要查看内核I/O是否完成。


查看上图可知,在设置连接为非阻塞时,当应用进程系统调用 recvfrom 没有数据返回时,内核会立即返回一个 EWOULDBLOCK 错误,而不会一直阻塞到数据准备好。如上图在第四次调用时有一个数据报准备好了,所以这时数据会被复制到 应用进程缓冲区 ,于是 recvfrom 成功返回数据

当一个应用进程这样循环调用 recvfrom 时,称之为轮询 polling 。这么做往往会耗费大量CPU时间,实际使用很少 。

1.3.2.3 多路复用 I/O 型(I/O multiplexing) 

上面的模型中,每一个文件描述符对应的IO是由一个线程监控和处理多路复用IO指一个线程可以同时(实际是交替实现,即并发完成)监控和处理多个文件描述符对应各自的IO,即复用同一个线程。
一个线程之所以能实现同时处理多个IO,是因为这个线程调用了内核中的SELECT,POLL或EPOLL等系统调用,从而实现多路复用IO 。

I/O multiplexing 主要包括:select,poll,epoll三种系统调用,select/poll/epoll的好处就在于单个
process就可以同时处理多个网络连接的IO。它的基本原理就是select/poll/epoll这个function会不断的轮询所负责的所有socket,当某个socket有数据到达了,就通知用户进程。


当用户进程调用了select,那么整个进程会被block,而同时,kernel会“监视”所有select负责的socket,当任何一个socket中的数据准备好了,select就会返回。这个时候用户进程再调用read操作,将数据从kernel拷贝到用户进程。


Apache prefork是此模式的select,worker是poll模式。


IO多路复用(IO Multiplexing) :是一种机制,程序注册一组socket文件描述符给操作系统,表示“我要监视这些fd是否有IO事件发生,有了就告诉程序处理”IO多路复用一般和NIO一起使用的。NIO和IO多路复用是相对独立的。NIO仅仅是指IO API总是能立刻返回,不会被Blocking;而IO多路复用仅仅是操作系统提供的一种便利的通知机制。操作系统并不会强制这俩必须得一起用,可以只用IO多路复用 + BIO,这时还是当前线程被卡住。IO多路复用和NIO是要配合一起使用才有实际意义

IO多路复用是指内核一旦发现进程指定的一个或者多个IO条件准备读取,就通知该进程多个连接共用一个等待机制,本模型会阻塞进程,但是进程是阻塞在select或者poll这两个系统调用上,而不是阻塞在真正的IO操作上用户首先将需要进行IO操作添加到select中,同时等待select系统调用返回。当数据到达时,IO被激活,select函数返回。用户线程正式发起read请求,读取数据并继续执行从流程上来看,使用select函数进行IO请求和同步阻塞模型没有太大的区别,甚至还多了添加监视IO,以及调用select函数的额外操作,效率更差。并且阻塞了两次,但是第一次阻塞在select上时,select可以监控多个IO上是否已有IO操作准备就绪,即可达到在同一个线程内同时处理多个IO请求的目的。而不像阻塞IO那种,一次只能监控一个IO虽然上述方式允许单线程内处理多个IO请求,但是每个IO请求的过程还是阻塞的(在select函数上阻塞),平均时间甚至比同步阻塞IO模型还要长。如果用户线程只是注册自己需要的IO请求,然后去做自己的事情,等到数据到来时再进行处理,则可以提高CPU的利用率IO多路复用是最常使用的IO模型,但是其异步程度还不够“彻底”,因它使用了会阻塞线程的select系统调用。因此IO多路复用只能称为异步阻塞IO模型,而非真正的异步IO。

优缺点
优点:可以基于一个阻塞对象,同时在多个描述符上等待就绪,而不是使用多个线程(每个文件描述符一个线程),这样可以大大节省系统资源
缺点:当连接数较少时效率相比多线程+阻塞 I/O 模型效率较低,可能延迟更大,因为单个连接处理需要 2 次系统调用,占用时间会有增加


IO多路复用适用如下场合:
当客户端处理多个描述符时(一般是交互式输入和网络套接口),必须使用I/O复用
当一个客户端同时处理多个套接字时,此情况可能的但很少出现
当一个服务器既要处理监听套接字,又要处理已连接套接字,一般也要用到I/O复用
当一个服务器即要处理TCP,又要处理UDP,一般要使用I/O复用
当一个服务器要处理多个服务或多个协议,一般要使用I/O复用

1.3.2.4 信号驱动式 I/O 模型 (signal-driven IO)

信号驱动I/O的意思就是进程现在不用傻等着,也不用去轮询。而是让内核在数据就绪时,发送信号通知进程。


调用的步骤是,通过系统调用 sigaction ,并注册一个信号处理的回调函数,该调用会立即返回,然后主程序可以继续向下执行,当有I/O操作准备就绪,即内核数据就绪时,内核会为该进程产生一个 SIGIO信号,并回调注册的信号回调函数,这样就可以在信号回调函数中系统调用 recvfrom 获取数据,将用户进程所需要的数据从内核空间拷贝到用户空间。

此模型的优势在于等待数据报到达期间进程不被阻塞。用户主程序可以继续执行,只要等待来自信号处理函数的通知。
在信号驱动式 I/O 模型中,应用程序使用套接口进行信号驱动 I/O,并安装一个信号处理函数,进程继续运行并不阻塞
在信号驱动式 I/O 模型中,应用程序使用套接口进行信号驱动 I/O,并安装一个信号处理函数,进程继续运行并不阻塞
当数据准备好时,进程会收到一个 SIGIO 信号,可以在信号处理函数中调用 I/O 操作函数处理数据。

优点:线程并没有在等待数据时被阻塞,内核直接返回调用接收信号,不影响进程继续处理其他请求因此可以提高资源的利用率

缺点:信号 I/O 在大量 IO 操作时可能会因为信号队列溢出导致没法通知
异步阻塞:程序进程向内核发送IO调用后,不用等待内核响应,可以继续接受其他请求,内核收到进程请求后进行的IO如果不能立即返回,就由内核等待结果,直到IO完成后内核再通知进程。 

1.3.2.5 异步 I/O 模型 (asynchronous IO) 

异步I/O 与 信号驱动I/O最大区别在于,信号驱动是内核通知用户进程何时开始一个I/O操作,而异步I/O是由内核通知用户进程I/O操作何时完成,两者有本质区别,相当于不用去饭店场吃饭,直接点个外卖,把等待上菜的时间也给省了相对于同步I/O,异步I/O不是顺序执行。用户进程进行aio_read系统调用之后,无论内核数据是否准备好,都会直接返回给用户进程,然后用户态进程可以去做别的事情。等到socket数据准备好了,内核直接复制数据给进程,然后从内核向进程发送通知。IO两个阶段,进程都是非阻塞的。
信号驱动IO当内核通知触发信号处理程序时,信号处理程序还需要阻塞在从内核空间缓冲区拷贝数据到用户空间缓冲区这个阶段,而异步IO直接是在第二个阶段完成后,内核直接通知用户线程可以进行后续操作了
优点:异步 I/O 能够充分利用 DMA 特性,让 I/O 操作与计算重叠
缺点:要实现真正的异步 I/O,操作系统需要做大量的工作。目前 Windows 下通过 IOCP 实现了真正的异步 I/O,在 Linux 系统下,Linux 2.6才引入,目前 AIO 并不完善,因此在 Linux 下实现高并发网络编程时以 IO 复用模型模式+多线程任务的架构基本可以满足需求
Linux提供了AIO库函数实现异步,但是用的很少。目前有很多开源的异步IO库,例如libevent、libev、libuv。
异步非阻塞:程序进程向内核发送IO调用后,不用等待内核响应,可以继续接受其他请求,内核调用的IO如果不能立即返回,内核会继续处理其他事物,直到IO完成后将结果通知给内核,内核在将IO完成的结果返回给进程,期间进程可以接受新的请求,内核也可以处理新的事物,因此相互不影响,可以实现较大的同时并实现较高的IO复用,因此异步非阻塞使用最多的一种通信方式。
 

1.3.3 五种 IO 对比 

这五种 I/O 模型中,越往后,阻塞越少,理论上效率也是最优前四种属于同步 I/O,因为其中真正的 I/O 操作(recvfrom)将阻塞进程/线程,只有异步 I/O 模型才与 POSIX 定义的异步 I/O 相匹配。 

1.3.4 I/O 的具体实现方式 

1.3.4.1 I/O常见实现 

Nginx支持在多种不同的操作系统实现不同的事件驱动模型,但是其在不同的操作系统甚至是不同的系统版本上面的实现方式不尽相同,主要有以下实现方式:
1、select:
select库是在linux和windows平台都基本支持的 事件驱动模型库,并且在接口的定义也基本相同,只是部分参数的含义略有差异,最大并发限制1024,是最早期的事件驱动模型。
2、poll:
在Linux 的基本驱动模型,windows不支持此驱动模型,是select的升级版,取消了最大的并发限制,在编译nginx的时候可以使用--with-poll_module和--without-poll_module这两个指定是否编译select库。
3、epoll:
epoll是库是Nginx服务器支持的最高性能的事件驱动库之一,是公认的非常优秀的事件驱动模型,它和select和poll有很大的区别,epoll是poll的升级版,但是与poll有很大的区别.epoll的处理方式是创建一个待处理的事件列表,然后把这个列表发给内核,返回的时候在去轮询检查这个表,以判断事件是否发生,epoll支持一个进程打开的最大事件描述符的上限是系统可以打开的文件的最大数,同时epoll库的I/O效率不随描述符数目增加而线性下降,因为它只会对内核上报的“活跃”的描述符进行操作。
4、kqueue:
用于支持BSD系列平台的高校事件驱动模型,主要用在FreeBSD 4.1及以上版本、OpenBSD 2.0级以上版本NetBSD级以上版本及Mac OS X 平台上,该模型也是poll库的变种,因此和epoll没有本质上的区别,都是通过避免轮询操作提供效率。
5、Iocp:
Windows系统上的实现方式,对应第5种(异步I/O)模型。
6、rtsig:
不是一个常用事件驱动,最大队列1024,不是很常用
7、/dev/poll:
用于支持unix衍生平台的高效事件驱动模型,主要在Solaris 平台、HP/UX,该模型是sun公司在开发Solaris系列平台的时候提出的用于完成事件驱动机制的方案,它使用了虚拟的/dev/poll设备,开发人员将要见识的文件描述符加入这个设备,然后通过ioctl()调用来获取事件通知,因此运行在以上系列平台的时候请使用/dev/poll事件驱动机制。
8、eventport:
该方案也是sun公司在开发Solaris的时候提出的事件驱动库,只是Solaris 10以上的版本,该驱动库看防止内核崩溃等情况的发生。

1.3.4.2 常用I/O模型比较 
Select:
POSIX所规定,目前几乎在所有的平台上支持,其良好跨平台支持也是它的一个优点,本质上是通过设置或者检查存放fd标志位的数据结构来进行下一步处理
缺点
单个进程能够监视的文件描述符的数量存在最大限制,在Linux上一般为1024,可以通过修改宏定
FD_SETSIZE,再重新编译内核实现,但是这样也会造成效率的降低单个进程可监视的fd数量被限制,默认是1024,修改此值需要重新编译内核对socket是线性扫描,即采用轮询的方法,效率较低select 采取了内存拷贝方法来实现内核将 FD 消息通知给用户空间,这样一个用来存放大量fd的数据结构,这样会使得用户空间和内核空间在传递该结构时复制开销大
poll:
本质上和select没有区别,它将用户传入的数组拷贝到内核空间,然后查询每个fd对应的设备状态其没有最大连接数的限制,原因是它是基于链表来存储的大量的fd的数组被整体复制于用户态和内核地址空间之间,而不管这样的复制是不是有意义poll特点是“水平触发”,如果报告了fd后,没有被处理,那么下次poll时会再次报告该fd select是边缘触发即只通知一次
epoll:
在Linux 2.6内核中提出的select和poll的增强版本支持水平触发LT和边缘触发ET,最大的特点在于边缘触发,它只告诉进程哪些fd刚刚变为就需态,并且只会通知一次使用“事件”的就绪通知方式,通过epoll_ctl注册fd,一旦该fd就绪,内核就会采用类似callback的回调机制来激活该fd,epoll_wait便可以收到通知
优点:
没有最大并发连接的限制:能打开的FD的上限远大于1024(1G的内存能监听约10万个端口),具体查看 /proc/sys/fs/file-max,此值和系统内存大小相关
效率提升:非轮询的方式,不会随着FD数目的增加而效率下降;只有活跃可用的FD才会调用callback函数,即epoll最大的优点就在于它只管理“活跃”的连接,而跟连接总数无关
内存拷贝,利用mmap(Memory Mapping)加速与内核空间的消息传递;即epoll使用mmap减少复制开销
总结:
 1、epoll只是一组API,比起select这种扫描全部的文件描述符,epoll只读取就绪的文件描述符,再加入基于事件的就绪通知机制,所以性能比较好
2、基于epoll的事件多路复用减少了进程间切换的次数,使得操作系统少做了相对于用户任务来说的无用功。
3、epoll比select等多路复用方式来说,减少了遍历循环及内存拷贝的工作量,因为活跃连接只占总并发连接的很小一部分。
  

Web

环境安装

nginx-node1

新建虚拟机

配置好软件仓库

[C:\~]$ ssh root@172.25.254.136 ​ ​ Connecting to 172.25.254.136:22... Connection established. To escape to local shell, press 'Ctrl+Alt+]'. ​ WARNING! The remote SSH server rejected X11 forwarding request. Activate the web console with: systemctl enable --now cockpit.socket ​ Register this system with Red Hat Insights: insights-client --register Create an account or view all your systems at https://red.ht/insights-dashboard Last login: Thu Aug 15 10:21:19 2024

改主机名静态IP

[root@nginx-node1 ~]# ls anaconda-ks.cfg [root@nginx-node1 ~]# rz -E ​ [root@nginx-node1 ~]# ls anaconda-ks.cfg  vmset.sh [root@nginx-node1 ~]# cat vmset.sh  #!/bin/bash rm -fr /etc/NetworkManager/system-connections/$1.nmconnection cat > /etc/NetworkManager/system-connections/$1.nmconnection <<EOF [connection] id=$1 type=ethernet interface-name=$1 ​ [ipv4] address1=$2/24,172.25.254.2 method=manual dns=114.114.114.114; EOF ​ chmod 600 /etc/NetworkManager/system-connections/$1.nmconnection nmcli connection reload nmcli connection up $1 ​ hostnamectl hostname $3 ​ cat > /etc/hosts <<EOF 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6 $2  $3 EOF [root@nginx-node1 ~]# bash vmset.sh eth0 172.25.254.101 nginx-node1.timinglee.org
[C:\~]$ ssh root@172.25.254.101 ​ ​ Connecting to 172.25.254.101:22... Connection established. To escape to local shell, press 'Ctrl+Alt+]'. ​ WARNING! The remote SSH server rejected X11 forwarding request. Activate the web console with: systemctl enable --now cockpit.socket ​ Register this system with Red Hat Insights: insights-client --register Create an account or view all your systems at https://red.ht/insights-dashboard Last login: Thu Aug 15 11:07:54 2024 from 172.25.254.1 [root@nginx-node1 ~]# hostnamectl   Static hostname: nginx-node1.timinglee.org        Icon name: computer-vm          Chassis: vm 🖴       Machine ID: 32aab8714cd64d25a0a606d5724dcb37          Boot ID: dcbee483f06a4cbab417fe35b21aa061   Virtualization: vmware Operating System: Red Hat Enterprise Linux 9.4 (Plow)           CPE OS Name: cpe:/o:redhat:enterprise_linux:9::baseos           Kernel: Linux 5.14.0-427.13.1.el9_4.x86_64     Architecture: x86-64  Hardware Vendor: VMware, Inc.   Hardware Model: VMware20,1 Firmware Version: VMW201.00V.21805430.B64.2305221830
[root@nginx-node1 ~]# ifconfig  eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500         inet 172.25.254.101  netmask 255.255.255.0  broadcast 172.25.254.255         inet6 fe80::8665:7b73:34ec:b372  prefixlen 64  scopeid 0x20<link>         ether 00:0c:29:5b:6a:75  txqueuelen 1000  (Ethernet)         RX packets 1010  bytes 93678 (91.4 KiB)         RX errors 0  dropped 0  overruns 0  frame 0         TX packets 781  bytes 77421 (75.6 KiB)         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0 ​ lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536         inet 127.0.0.1  netmask 255.0.0.0         inet6 ::1  prefixlen 128  scopeid 0x10<host>         loop  txqueuelen 1000  (Local Loopback)         RX packets 0  bytes 0 (0.0 B)         RX errors 0  dropped 0  overruns 0  frame 0         TX packets 0  bytes 0 (0.0 B)         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0 ​

web11

新建虚拟机登录。

配置软件仓库

[root@localhost ~]# cat /etc/yum.repos.d/rpm.repo [baseos] ​ name=baseos ​ baseurl=/mnt/BaseOS ​ gpgcheck=0 ​ ​ ​ [baseos2] ​ name=baseos2 ​ baseurl=/mnt/AppStream ​ gpgcheck=0 [root@localhost ~]# 

设置主机名和静态IP。

[root@localhost ~]# ls anaconda-ks.cfg  vmset.sh [root@localhost ~]# cat vmset.sh  #!/bin/bash rm -fr /etc/NetworkManager/system-connections/$1.nmconnection cat > /etc/NetworkManager/system-connections/$1.nmconnection <<EOF [connection] id=$1 type=ethernet interface-name=$1 ​ [ipv4] address1=$2/24,172.25.254.2 method=manual dns=114.114.114.114; EOF ​ chmod 600 /etc/NetworkManager/system-connections/$1.nmconnection nmcli connection reload nmcli connection up $1 ​ hostnamectl hostname $3 ​ cat > /etc/hosts <<EOF 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6 $2  $3 EOF
[root@localhost ~]# ifconfig  eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500         inet 172.25.254.137  netmask 255.255.255.0  broadcast 172.25.254.255         inet6 fe80::babd:9f7a:af5e:7723  prefixlen 64  scopeid 0x20<link>         ether 00:0c:29:8e:8c:2c  txqueuelen 1000  (Ethernet)         RX packets 302  bytes 32410 (31.6 KiB)         RX errors 0  dropped 0  overruns 0  frame 0         TX packets 259  bytes 29487 (28.7 KiB)         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0 ​ lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536         inet 127.0.0.1  netmask 255.0.0.0         inet6 ::1  prefixlen 128  scopeid 0x10<host>         loop  txqueuelen 1000  (Local Loopback)         RX packets 0  bytes 0 (0.0 B)         RX errors 0  dropped 0  overruns 0  frame 0         TX packets 0  bytes 0 (0.0 B)         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0 ​ [root@localhost ~]# bash vmset.sh eth0 172.25.254.11 web11.timinglee.org ​

登录新IP

[C:\~]$ ssh root@172.25.254.11 ​ ​ Connecting to 172.25.254.11:22... Connection established. To escape to local shell, press 'Ctrl+Alt+]'. ​ WARNING! The remote SSH server rejected X11 forwarding request. Activate the web console with: systemctl enable --now cockpit.socket ​ Register this system with Red Hat Insights: insights-client --register Create an account or view all your systems at https://red.ht/insights-dashboard Last login: Sun Aug 18 19:17:53 2024 from 172.25.254.1 [root@web11 ~]# 

挂载

[root@web11 ~]# mount /dev/sr0 /mnt/ mount: /mnt: WARNING: source write-protected, mounted read-only.

web22

[root@localhost ~]# cat /etc/yum.repos.d/rpm.repo  [baseos]  name=baseos  baseurl=/mnt/BaseOS  gpgcheck=0    [baseos2]  name=baseos2  baseurl=/mnt/AppStream  gpgcheck=0 
[root@localhost ~]# rz -E  [root@localhost ~]# ls anaconda-ks.cfg  vmset.sh [root@localhost ~]# cat vmset.sh  #!/bin/bash rm -fr /etc/NetworkManager/system-connections/$1.nmconnection cat > /etc/NetworkManager/system-connections/$1.nmconnection <<EOF [connection] id=$1 type=ethernet interface-name=$1  [ipv4] address1=$2/24,172.25.254.2 method=manual dns=114.114.114.114; EOF  chmod 600 /etc/NetworkManager/system-connections/$1.nmconnection nmcli connection reload nmcli connection up $1  hostnamectl hostname $3  cat > /etc/hosts <<EOF 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6 $2	$3 EOF [root@localhost ~]# 
[root@localhost ~]# bash vmset.sh eth0 172.25.254.22 web22.timinglee.org
[C:\~]$ ssh root@172.25.254.22   Connecting to 172.25.254.22:22... Connection established. To escape to local shell, press 'Ctrl+Alt+]'.  WARNING! The remote SSH server rejected X11 forwarding request. Activate the web console with: systemctl enable --now cockpit.socket  Register this system with Red Hat Insights: insights-client --register Create an account or view all your systems at https://red.ht/insights-dashboard Last login: Mon Aug 19 09:45:05 2024 from 172.25.254.1 [root@web22 ~]# 

Nginx的源码编译

xftp

[root@nginx-node1 ~]# ls anaconda-ks.cfg  nginx-1.24.0.tar.gz  vmset.sh
[root@nginx-node1 ~]# tar zxf nginx-1.24.0.tar.gz  [root@nginx-node1 ~]# ls anaconda-ks.cfg  nginx-1.24.0  nginx-1.24.0.tar.gz  vmset.sh
[root@nginx-node1 ~]# cd nginx-1.24.0/ [root@nginx-node1 nginx-1.24.0]# ls auto     CHANGES.ru  configure  html     man     src CHANGES  conf        contrib    LICENSE  README

[root@nginx-node1 nginx-1.24.0]# mount /dev/sr0 /mnt/ mount: /mnt: WARNING: source write-protected, mounted read-only. [root@nginx-node1 nginx-1.24.0]# dnf install gcc -y [root@nginx-node1 nginx-1.24.0]# dnf install pcre-devel.x86_64 openssl-devel.x86_64 zlib-devel -y

帮助手册

[root@nginx-node1 nginx-1.24.0]# ./configure --help 

检测

[root@nginx-node1 nginx-1.24.0]# ./configure --prefix=/usr/local/nginx \ > --user=nginx \ > --group=nginx \ > --with-http_ssl_module \ > --with-http_v2_module \ > --with-http_realip_module \ > --with-http_gzip_static_module \ > --with-http_stub_status_module \ > --with-pcre \ > --with-stream \ > --with-stream_ssl_module 
[root@nginx-node1 nginx-1.24.0]# ls auto     CHANGES.ru  configure  html     Makefile  objs    src CHANGES  conf        contrib    LICENSE  man       README

如果想要重新检测

[root@nginx-node1 nginx-1.24.0]# make clean  rm -rf Makefile objs [root@nginx-node1 nginx-1.24.0]# ls auto     CHANGES.ru  configure  html     man     src CHANGES  conf        contrib    LICENSE  README
[root@nginx-node1 nginx-1.24.0]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_gzip_static_module --with-http_stub_status_module --with-pcre --with-stream --with-stream_ssl_module 
[root@nginx-node1 nginx-1.24.0]# ls auto     CHANGES.ru  configure  html     Makefile  objs    src CHANGES  conf        contrib    LICENSE  man       README

查看 objs 文件。

[root@nginx-node1 nginx-1.24.0]# cd objs/ [root@nginx-node1 objs]# ls autoconf.err  Makefile  ngx_auto_config.h  ngx_auto_headers.h  ngx_modules.c  src [root@nginx-node1 objs]# cd ..

用双核进行编译

[root@nginx-node1 nginx-1.24.0]# make -j2

查看插件是否存在

[root@nginx-node1 nginx-1.24.0]# ls auto     CHANGES.ru  configure  html     Makefile  objs    src CHANGES  conf        contrib    LICENSE  man       README [root@nginx-node1 nginx-1.24.0]# cd objs/ [root@nginx-node1 objs]# ls autoconf.err  nginx    ngx_auto_config.h   ngx_modules.c  src Makefile      nginx.8  ngx_auto_headers.h  ngx_modules.o [root@nginx-node1 objs]# cd src/ [root@nginx-node1 src]# ls core  event  http  mail  misc  os  stream [root@nginx-node1 src]# cd .. [root@nginx-node1 objs]# cd .. [root@nginx-node1 nginx-1.24.0]# ls auto     CHANGES.ru  configure  html     Makefile  objs    src CHANGES  conf        contrib    LICENSE  man       README
[root@nginx-node1 nginx-1.24.0]# make install 
[root@nginx-node1 nginx-1.24.0]# cd /usr/local/nginx/ [root@nginx-node1 nginx]# ls conf  html  logs  sbin [root@nginx-node1 nginx]# cd sbin/ [root@nginx-node1 sbin]# ls nginx
[root@nginx-node1 sbin]# useradd -s /sbin/nologin -M nginx [root@nginx-node1 sbin]# id nginx  uid=1001(nginx) gid=1001(nginx) groups=1001(nginx) [root@nginx-node1 sbin]# ll total 5516 -rwxr-xr-x. 1 root root 5646216 Aug 15 12:17 nginx [root@nginx-node1 sbin]# ./nginx  [root@nginx-node1 sbin]# ps aux | grep nginx  root       38679  0.0  0.0   9864  2052 ?        Ss   12:52   0:00 nginx: master process ./nginx nginx      38680  0.0  0.1  14196  4996 ?        S    12:52   0:00 nginx: worker process root       38684  0.0  0.0   6408  2176 pts/1    S+   12:53   0:00 grep --color=auto nginx [root@nginx-node1 sbin]# netstat -antlupe | grep nginx  tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      0          73096      38679/nginx: master 
[C:\~]$ curl 172.25.254.101   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current                                  Dload  Upload   Total   Spent    Left  Speed   0     0    0     0    0     0      0      0 --:--:--  0:00:21 --:--:--     0 curl: (28) Failed to connect to 172.25.254.101 port 80 after 21054 ms: Couldn't connect to server

查看大小

[root@nginx-node1 sbin]# du -sh nginx  5.4M	nginx 

nginx 的关闭和重启

[root@nginx-node1 nginx-1.24.0]# vim auto/cc/gcc 

[root@nginx-node1 sbin]# cd [root@nginx-node1 ~]# /usr/local/nginx/sbin/nginx -s stop [root@nginx-node1 ~]# netstat -antlupe | grep nginx-1.24.0 [root@nginx-node1 ~]# cd /usr/local/nginx/sbin/ [root@nginx-node1 sbin]# ./nginx -s reload

编译好如何卸载

[root@nginx-node1 ~]# cd nginx-1.24.0/ [root@nginx-node1 nginx-1.24.0]# ls auto     CHANGES.ru  configure  html     Makefile  objs    src CHANGES  conf        contrib    LICENSE  man       README [root@nginx-node1 nginx-1.24.0]# rm -rf /usr/local/nginx/ -bash: PβtzU: No such file or directory [root@nginx-node1 nginx-1.24.0]# make clean  rm -rf Makefile objs [root@nginx-node1 nginx-1.24.0]# ls auto     CHANGES.ru  configure  html     man     src CHANGES  conf        contrib    LICENSE  README

重新下载

[root@nginx-node1 nginx-1.24.0]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_gzip_static_module --with-http_stub_status_module --with-pcre --with-stream --with-stream_ssl_module 

再次编译

[root@nginx-node1 nginx-1.24.0]# make && make install 

把 nginx 软件的命令执行路径添加到环境变量中。

[root@nginx-node1 nginx-1.24.0]# cd [root@nginx-node1 ~]# vim ~/.bash_profile   export PATH=$PATH:/usr/local/nginx/sbin

[root@nginx-node1 ~]# source ~/.bash_profile
[root@nginx-node1 ~]# du -sh /usr/local/nginx/sbin/nginx 1.2M	/usr/local/nginx/sbin/nginx

启动nginx

[root@nginx-node1 conf]# nginx

[root@nginx-node1 ~]# cd /usr/local/nginx/ [root@nginx-node1 nginx]# ls client_body_temp  fastcgi_temp  logs        sbin       uwsgi_temp conf              html          proxy_temp  scgi_temp [root@nginx-node1 nginx]# cd conf/ [root@nginx-node1 conf]# ls fastcgi.conf            koi-win             scgi_params fastcgi.conf.default    mime.types          scgi_params.default fastcgi_params          mime.types.default  uwsgi_params fastcgi_params.default  nginx.conf          uwsgi_params.default koi-utf                 nginx.conf.default  win-utf
[root@nginx-node1 conf]# dnf list nginx Updating Subscription Management repositories. Unable to read consumer identity  This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register.  Last metadata expiration check: 1:41:07 ago on Thu 15 Aug 2024 11:52:21 AM CST. Available Packages nginx.x86_64                       1:1.20.1-14.el9_2.1                       baseos2
[root@nginx-node1 conf]# systemctl stop firewalld [root@nginx-node1 conf]# setenforce 0
[root@nginx-node1 conf]# route -n Kernel IP routing table Destination     Gateway         Genmask         Flags Metric Ref    Use Iface 0.0.0.0         172.25.254.2    0.0.0.0         UG    100    0        0 eth0 172.25.254.0    0.0.0.0         255.255.255.0   U     100    0        0 eth0
[root@nginx-node1 conf]# nmcli connection modify eth0 ipv4.dns 172.25.254.2 ipv4.method manual connection.autoconnect yes [root@nginx-node1 conf]# nmcli connection up eth0  Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)
[root@nginx-node1 conf]# systemctl start firewalld [root@nginx-node1 conf]# firewall-cmd --zone=public --add-port=80/tcp success [root@nginx-node1 conf]# firewall-cmd --reload success [root@nginx-node1 conf]# systemctl stop firewalld
[root@nginx-node1 conf]# netstat -antlupe | grep 80 tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      0          84524      42489/nginx: master  tcp        0     52 172.25.254.101:22       172.25.254.1:53750      ESTABLISHED 0          81005      41800/sshd: root [p 
[root@nginx-node1 conf]# curl -I 172.25.254.101 HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Thu, 15 Aug 2024 05:56:21 GMT Content-Type: text/html Content-Length: 615 Last-Modified: Thu, 15 Aug 2024 04:17:36 GMT Connection: keep-alive ETag: "66bd8160-267" Accept-Ranges: bytes

编辑隐藏版本号

[root@nginx-node1 ~]# ls anaconda-ks.cfg                nginx-1.24.0         nginx-1.26.2.tar.gz echo-nginx-module-0.63         nginx-1.24.0.tar.gz  vmset.sh echo-nginx-module-0.63.tar.gz  nginx-1.26.2 [root@nginx-node1 ~]# cd nginx-1.24.0/ [root@nginx-node1 nginx-1.24.0]# ls auto     CHANGES.ru  configure  html     Makefile  objs    src CHANGES  conf        contrib    LICENSE  man       README [root@nginx-node1 nginx-1.24.0]# cd src/ [root@nginx-node1 src]# ls core  event  http  mail  misc  os  stream [root@nginx-node1 src]# cd core/ [root@nginx-node1 core]# ls nginx.c           ngx_cycle.h            ngx_output_chain.c    ngx_rwlock.c nginx.h           ngx_file.c             ngx_palloc.c          ngx_rwlock.h ngx_array.c       ngx_file.h             ngx_palloc.h          ngx_sha1.c ngx_array.h       ngx_hash.c             ngx_parse.c           ngx_sha1.h ngx_buf.c         ngx_hash.h             ngx_parse.h           ngx_shmtx.c ngx_buf.h         ngx_inet.c             ngx_parse_time.c      ngx_shmtx.h ngx_conf_file.c   ngx_inet.h             ngx_parse_time.h      ngx_slab.c ngx_conf_file.h   ngx_list.c             ngx_proxy_protocol.c  ngx_slab.h ngx_config.h      ngx_list.h             ngx_proxy_protocol.h  ngx_spinlock.c ngx_connection.c  ngx_log.c              ngx_queue.c           ngx_string.c ngx_connection.h  ngx_log.h              ngx_queue.h           ngx_string.h ngx_core.h        ngx_md5.c              ngx_radix_tree.c      ngx_syslog.c ngx_cpuinfo.c     ngx_md5.h              ngx_radix_tree.h      ngx_syslog.h ngx_crc32.c       ngx_module.c           ngx_rbtree.c          ngx_thread_pool.c ngx_crc32.h       ngx_module.h           ngx_rbtree.h          ngx_thread_pool.h ngx_crc.h         ngx_murmurhash.c       ngx_regex.c           ngx_times.c ngx_crypt.c       ngx_murmurhash.h       ngx_regex.h           ngx_times.h ngx_crypt.h       ngx_open_file_cache.c  ngx_resolver.c ngx_cycle.c       ngx_open_file_cache.h  ngx_resolver.h [root@nginx-node1 core]# vim nginx.h 

失败了名字没有改变不知道为啥

[root@nginx-node1 core]# curl -I 172.25.254.101 HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Thu, 15 Aug 2024 11:38:24 GMT Content-Type: text/html Content-Length: 615 Last-Modified: Thu, 15 Aug 2024 08:06:56 GMT Connection: keep-alive ETag: "66bdb720-267" Accept-Ranges: bytes

Nginx 的平滑升级

windows浏览器进入官网复制最新版软件链接

开源版本的Nginx官网: http://nginx.org

https://nginx.org/download/nginx-1.26.2.tar.gz
[root@nginx-node1 ~]# wget https://nginx.org/download/nginx-1.26.2.tar.gz
[root@nginx-node1 ~]# ls anaconda-ks.cfg  nginx-1.24.0  nginx-1.24.0.tar.gz  nginx-1.26.2.tar.gz  vmset.sh
[root@nginx-node1 ~]# rz -E  [root@nginx-node1 ~]# ls anaconda-ks.cfg                nginx-1.24.0         nginx-1.26.2.tar.gz echo-nginx-module-0.63.tar.gz  nginx-1.24.0.tar.gz  vmset.sh

解压

[root@nginx-node1 ~]# tar zxf echo-nginx-module-0.63.tar.gz  [root@nginx-node1 ~]# ls anaconda-ks.cfg                nginx-1.24.0         vmset.sh echo-nginx-module-0.63         nginx-1.24.0.tar.gz echo-nginx-module-0.63.tar.gz  nginx-1.26.2.tar.gz [root@nginx-node1 ~]# tar zxf nginx-1.26.2.tar.gz  [root@nginx-node1 ~]# ls anaconda-ks.cfg                nginx-1.24.0         nginx-1.26.2.tar.gz echo-nginx-module-0.63         nginx-1.24.0.tar.gz  vmset.sh echo-nginx-module-0.63.tar.gz  nginx-1.26.2
[root@nginx-node1 ~]# cd nginx-1.26.2/ [root@nginx-node1 nginx-1.26.2]# ls auto     CHANGES.ru  configure  html     man     src CHANGES  conf        contrib    LICENSE  README

检测环境

[root@nginx-node1 nginx-1.26.2]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_gzip_static_module --with-http_stub_status_module --with-pcre --with-stream --with-stream_ssl_module --add-module=/root/echo-nginx-module-0.63

编译,不能 make install ,否则会覆盖掉1.24.2的 nginx 规则。

[root@nginx-node1 nginx-1.26.2]# make
[root@nginx-node1 nginx-1.26.2]# ls auto     CHANGES.ru  configure  html     Makefile  objs    src CHANGES  conf        contrib    LICENSE  man       README [root@nginx-node1 nginx-1.26.2]# cd objs/ [root@nginx-node1 objs]# ls addon         Makefile  nginx.8            ngx_auto_headers.h  ngx_modules.o autoconf.err  nginx     ngx_auto_config.h  ngx_modules.c       src
[root@nginx-node1 objs]# cd /usr/local/nginx/sbin/ [root@nginx-node1 sbin]# ls nginx  nginx.old

备份

[root@nginx-node1 sbin]# cp nginx nginx.old [root@nginx-node1 sbin]# ls nginx  nginx.old [root@nginx-node1 sbin]# rm -rf nginx.old [root@nginx-node1 sbin]# ls nginx [root@nginx-node1 sbin]# cp nginx nginx.old [root@nginx-node1 sbin]# ls nginx  nginx.old

覆盖

[root@nginx-node1 sbin]# \cp -f /root/nginx-1.26.2/objs/nginx /usr/local/nginx/sbin/
[root@nginx-node1 sbin]# ll total 7208 -rwxr-xr-x. 1 root root 6144176 Aug 15 20:20 nginx -rwxr-xr-x. 1 root root 1229024 Aug 15 20:19 nginx.old
[root@nginx-node1 sbin]# du -sh nginx 5.9M	nginx

80端口被使用,新的nginx起不来。

[root@nginx-node1 sbin]# nginx nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use) nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)

[root@nginx-node1 sbin]# lsof -i :80 COMMAND   PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME nginx   53793  root    6u  IPv4 112323      0t0  TCP *:http (LISTEN) nginx   53794 nginx    6u  IPv4 112323      0t0  TCP *:http (LISTEN) [root@nginx-node1 sbin]# kill -9 53793 [root@nginx-node1 sbin]# kill -9 53794 [root@nginx-node1 sbin]# lsof -i :80 [root@nginx-node1 sbin]# nginx
[root@nginx-node1 sbin]# ps aux | grep nginx root       57263  0.0  0.0   9896  2064 ?        Ss   20:36   0:00 nginx: master process nginx nginx      57264  0.0  0.1  14240  5008 ?        S    20:36   0:00 nginx: worker process root       57269  0.0  0.0   6408  2176 pts/0    S+   20:36   0:00 grep --color=auto nginx
[root@nginx-node1 sbin]# pidof nginx 57264 57263 [root@nginx-node1 sbin]# kill -USR2 57263

新的进程只是启动没有监听端口。

[root@nginx-node1 sbin]# ps aux | grep nginx root       57263  0.0  0.0   9896  2576 ?        Ss   20:36   0:00 nginx: master process nginx nginx      57264  0.0  0.1  14240  5008 ?        S    20:36   0:00 nginx: worker process root       57275  0.0  0.1   9764  6656 ?        S    20:38   0:00 nginx: master process nginx nginx      57276  0.0  0.1  14228  5132 ?        S    20:38   0:00 nginx: worker process root       57280  0.0  0.0   6408  2176 pts/0    S+   20:39   0:00 grep --color=auto nginx

新开会话建立死循环测试更换进程时服务没有中断。

[root@nginx-node1 ~]# while true > do > curl 172.25.254.101;sleep 1 > done

回收旧的worker 进程,使用新的。

[root@nginx-node1 sbin]# kill -WINCH 57263 [root@nginx-node1 sbin]# ps aux | grep nginx root       57263  0.0  0.0   9896  2576 ?        Ss   20:36   0:00 nginx: master process nginx root       57275  0.0  0.1   9764  6656 ?        S    20:38   0:00 nginx: master process nginx nginx      57276  0.0  0.1  14228  5388 ?        S    20:38   0:00 nginx: worker process root       57429  0.0  0.0   6408  2176 pts/0    S+   20:48   0:00 grep --color=auto nginx

查看当前版本号,平滑升级成功。

[root@nginx-node1 sbin]# curl -I 172.25.254.101 HTTP/1.1 200 OK Server: nginx/1.26.2 Date: Thu, 15 Aug 2024 12:50:11 GMT Content-Type: text/html Content-Length: 615 Last-Modified: Thu, 15 Aug 2024 08:06:56 GMT Connection: keep-alive ETag: "66bdb720-267" Accept-Ranges: bytes

版本回滚

把旧版本激活,新版本回收。

[root@nginx-node1 sbin]# kill -HUP 57263
[root@nginx-node1 sbin]# ps aux | grep nginx root       57263  0.0  0.0   9896  2576 ?        Ss   20:36   0:00 nginx: master process nginx root       57275  0.0  0.1   9764  6656 ?        S    20:38   0:00 nginx: master process nginx nginx      57276  0.0  0.1  14228  5388 ?        S    20:38   0:00 nginx: worker process nginx      58282  0.0  0.1  14240  5264 ?        S    20:55   0:00 nginx: worker process root       58304  0.0  0.0   6408  2176 pts/0    S+   20:55   0:00 grep --color=auto nginx
[root@nginx-node1 sbin]# kill -WINCH 57275 [root@nginx-node1 sbin]# ps aux | grep nginx root       57263  0.0  0.0   9896  2576 ?        Ss   20:36   0:00 nginx: master process nginx root       57275  0.0  0.1   9764  6656 ?        S    20:38   0:00 nginx: master process nginx nginx      58282  0.0  0.1  14240  5264 ?        S    20:55   0:00 nginx: worker process root       58538  0.0  0.0   6408  2176 pts/0    S+   20:57   0:00 grep --color=auto nginx

此时版本号应该为1.24.2。没有变回来但是进程号是版本1.24.2。不知道为什么。

[root@nginx-node1 sbin]# curl -I 172.25.254.101 HTTP/1.1 200 OK Server: nginx/1.26.2 Date: Thu, 15 Aug 2024 13:01:15 GMT Content-Type: text/html Content-Length: 615 Last-Modified: Thu, 15 Aug 2024 08:06:56 GMT Connection: keep-alive ETag: "66bdb720-267" Accept-Ranges: bytes
[root@nginx-node1 sbin]# ls nginx  nginx.old [root@nginx-node1 sbin]# cp nginx nginx.new [root@nginx-node1 sbin]# ls nginx  nginx.new  nginx.old [root@nginx-node1 sbin]# \cp -f nginx.old nginx [root@nginx-node1 sbin]# ls nginx  nginx.new  nginx.old
[root@nginx-node1 sbin]# ps aux | grep nginx root       57263  0.0  0.0   9896  2576 ?        Ss   20:36   0:00 nginx: master process nginx root       57275  0.0  0.1   9764  6656 ?        S    20:38   0:00 nginx: master process nginx nginx      58282  0.0  0.1  14240  5264 ?        S    20:55   0:00 nginx: worker process root       59980  0.0  0.0   6408  2176 pts/0    S+   21:09   0:00 grep --color=auto nginx [root@nginx-node1 sbin]# kill -9 57275 [root@nginx-node1 sbin]# ps aux | grep nginx root       57263  0.0  0.0   9896  2576 ?        Ss   20:36   0:00 nginx: master process nginx nginx      58282  0.0  0.1  14240  5264 ?        S    20:55   0:00 nginx: worker process root       60091  0.0  0.0   6408  2176 pts/0    S+   21:09   0:00 grep --color=auto nginx

参数

[root@nginx-node1 ~]# nginx -V nginx version: nginx/1.24.0 built by gcc 11.4.1 20231218 (Red Hat 11.4.1-3) (GCC)  built with OpenSSL 3.0.7 1 Nov 2022 TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_gzip_static_module --with-http_stub_status_module --with-pcre --with-stream --with-stream_ssl_module [root@nginx-node1 ~]# cd /usr/local/nginx/sbin/ [root@nginx-node1 sbin]# ls nginx  nginx.new  nginx.old [root@nginx-node1 sbin]# nginx -s stop [root@nginx-node1 sbin]# rm -rf nginx [root@nginx-node1 sbin]# ls nginx.new  nginx.old [root@nginx-node1 sbin]# mv nginx.new nginx [root@nginx-node1 sbin]# ls nginx  nginx.old [root@nginx-node1 sbin]# nginx [root@nginx-node1 sbin]# nginx -V nginx version: nginx/1.26.2 built by gcc 11.4.1 20231218 (Red Hat 11.4.1-3) (GCC)  built with OpenSSL 3.0.7 1 Nov 2022 TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_gzip_static_module --with-http_stub_status_module --with-pcre --with-stream --with-stream_ssl_module --add-module=/root/echo-nginx-module-0.63
[root@nginx-node1 sbin]# nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

再不关闭进程的情况下重新加载配置使其生效。

[root@nginx-node1 sbin]# nginx -s reload
[root@nginx-node1 sbin]# ps aux | grep nginx root       60341  0.0  0.0  10028  3600 ?        Ss   01:24   0:00 nginx: master process nginx nginx      60348  0.0  0.1  14368  5136 ?        S    01:38   0:00 nginx: worker process root       60355  0.0  0.0   6408  2176 pts/1    S+   01:41   0:00 grep --color=auto nginx  [root@nginx-node1 sbin]# stop -s nginx -bash: stop: command not found  [root@nginx-node1 sbin]# netstat -antlupe | grep 80 tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      0          139770     60341/nginx: master  tcp        0      0 172.25.254.101:22       172.25.254.1:53750      ESTABLISHED 0          81005      41800/sshd: root [p  tcp        0     52 172.25.254.101:22       172.25.254.1:63252      ESTABLISHED 0          138027     60272/sshd: root [p  [root@nginx-node1 sbin]# lsof -i :80 COMMAND   PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME nginx   60341  root    6u  IPv4 139770      0t0  TCP *:http (LISTEN) nginx   60361 nginx    6u  IPv4 139770      0t0  TCP *:http (LISTEN) [root@nginx-node1 sbin]# kill 60341 [root@nginx-node1 sbin]# kill 60361 -bash: kill: (60361) - No such process [root@nginx-node1 sbin]# lsof -i :80  [root@nginx-node1 sbin]# nginx [root@nginx-node1 sbin]# nginx -s stop  [root@nginx-node1 sbin]# nginx -g "worker_processes 6;" nginx: [emerg] "worker_processes" directive is duplicate in /usr/local/nginx/conf/nginx.conf:3  [root@nginx-node1 sbin]# vim /usr/local/nginx/conf/nginx.conf

[root@nginx-node1 sbin]# nginx -g "worker_processes 6;"  [root@nginx-node1 sbin]# ps aux | grep nginx root       60420  0.0  0.0   9896  2064 ?        Ss   01:51   0:00 nginx: master process nginx -g worker_processes 6; nginx      60421  0.0  0.1  14240  5136 ?        S    01:51   0:00 nginx: worker process nginx      60422  0.0  0.1  14240  5136 ?        S    01:51   0:00 nginx: worker process nginx      60423  0.0  0.1  14240  5136 ?        S    01:51   0:00 nginx: worker process nginx      60424  0.0  0.1  14240  5136 ?        S    01:51   0:00 nginx: worker process nginx      60425  0.0  0.1  14240  5136 ?        S    01:51   0:00 nginx: worker process nginx      60426  0.0  0.1  14240  5136 ?        S    01:51   0:00 nginx: worker process root       60432  0.0  0.0   6408  2176 pts/1    S+   01:53   0:00 grep --color=auto nginx  [root@nginx-node1 sbin]# nginx -s stop

nginx服务的启动脚本编写

[root@nginx-node1 ~]# nginx [root@nginx-node1 nginx]# cd /usr/local/nginx/logs/ [root@nginx-node1 logs]# ls access.log  error.log  nginx.pid

[root@nginx-node1 sbin]# vim /lib/systemd/system/nginx.service  [Unit] Description=The NGINX HTTP and reverse proxy server After=syslog.target network-online.target remote-fs.target nss-lookup.target Wants=network-online.target  [Service] Type=forking PIDFile=/usr/local/nginx/logs/nginx.pid ExecStartPre=/usr/local/nginx/sbin/nginx -t ExecStart=/usr/local/nginx/sbin/nginx ExecReload=/usr/local/nginx/sbin/nginx -s reload ExecStop=/bin/kill -S QUIT $MAINPID PrivateTmp=true  [Install] WantedBy=multi-user.target
[root@nginx-node1 sbin]# systemctl daemon-reload  [root@nginx-node1 sbin]# nginx -s stop [root@nginx-node1 sbin]# ps aux | grep nginx root       60585  0.0  0.0   6408  2176 pts/1    S+   02:08   0:00 grep --color=auto nginx [root@nginx-node1 sbin]# systemctl enable --now nginx.service  Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service. [root@nginx-node1 sbin]# ps aux | grep nginx root       60628  0.0  0.0   9892  2068 ?        Ss   02:08   0:00 nginx: master process /usr/local/nginx/sbin/nginx nginx      60629  0.0  0.1  14240  5140 ?        S    02:08   0:00 nginx: worker process root       60631  0.0  0.0   6408  2176 pts/1    S+   02:08   0:00 grep --color=auto nginx 

nginx全局配置参数优化调整

查看用户

[root@nginx-node1 ~]# cd /usr/local/nginx/conf/ [root@nginx-node1 conf]# ls fastcgi.conf            koi-win             scgi_params fastcgi.conf.default    mime.types          scgi_params.default fastcgi_params          mime.types.default  uwsgi_params fastcgi_params.default  nginx.conf          uwsgi_params.default koi-utf                 nginx.conf.default  win-utf [root@nginx-node1 conf]# vim nginx.conf

[root@nginx-node1 conf]# nginx -s reload [root@nginx-node1 conf]# ps aux | grep nginx root       60628  0.0  0.0  10024  3604 ?        Ss   02:08   0:00 nginx: master process /usr/local/nginx/sbin/nginx nginx      60667  0.0  0.1  14364  5264 ?        S    02:18   0:00 nginx: worker process nginx      60668  0.0  0.1  14364  5136 ?        S    02:18   0:00 nginx: worker process root       60670  0.0  0.0   6408  2176 pts/1    S+   02:18   0:00 grep --color=auto nginx

把两个工作进程各自绑定一个核心。

[root@nginx-node1 conf]# vim nginx.conf

[root@nginx-node1 conf]# nginx -s reload [root@nginx-node1 conf]# ps aux | grep nginx root       60628  0.0  0.0   9908  3604 ?        Ss   02:08   0:00 nginx: master process /usr/local/nginx/sbin/nginx nginx      60678  0.0  0.1  14240  4888 ?        S    02:22   0:00 nginx: worker process nginx      60679  0.0  0.1  14240  4888 ?        S    02:22   0:00 nginx: worker process root       60681  0.0  0.0   6408  2176 pts/1    S+   02:23   0:00 grep --color=auto nginx 

最大链接数

[root@nginx-node1 conf]# ulimit -a real-time non-blocking time  (microseconds, -R) unlimited core file size              (blocks, -c) 0 data seg size               (kbytes, -d) unlimited scheduling priority                 (-e) 0 file size                   (blocks, -f) unlimited pending signals                     (-i) 14339 max locked memory           (kbytes, -l) 8192 max memory size             (kbytes, -m) unlimited open files                          (-n) 1024 pipe size                (512 bytes, -p) 8 POSIX message queues         (bytes, -q) 819200 real-time priority                  (-r) 0 stack size                  (kbytes, -s) 8192 cpu time                   (seconds, -t) unlimited max user processes                  (-u) 14339 virtual memory              (kbytes, -v) unlimited file locks                          (-x) unlimited
[root@nginx-node1 conf]# vim /etc/security/limits.conf

[root@nginx-node1 conf]# sudo -u nginx ulimit -a real-time non-blocking time  (microseconds, -R) unlimited core file size              (blocks, -c) 0 data seg size               (kbytes, -d) unlimited scheduling priority                 (-e) 0 file size                   (blocks, -f) unlimited pending signals                     (-i) 14339 max locked memory           (kbytes, -l) 8192 max memory size             (kbytes, -m) unlimited open files                          (-n) 100000 pipe size                (512 bytes, -p) 8 POSIX message queues         (bytes, -q) 819200 real-time priority                  (-r) 0 stack size                  (kbytes, -s) 8192 cpu time                   (seconds, -t) unlimited max user processes                  (-u) 14339 virtual memory              (kbytes, -v) unlimited file locks                          (-x) unlimited 

压力测试

[root@nginx-node1 conf]# vim nginx.conf

[root@nginx-node1 conf]# vim /etc/security/limits.conf

[root@nginx-node1 conf]# sudo -u nginx ulimit -a real-time non-blocking time  (microseconds, -R) unlimited core file size              (blocks, -c) 0 data seg size               (kbytes, -d) unlimited scheduling priority                 (-e) 0 file size                   (blocks, -f) unlimited pending signals                     (-i) 14339 max locked memory           (kbytes, -l) 8192 max memory size             (kbytes, -m) unlimited open files                          (-n) 1024 pipe size                (512 bytes, -p) 8 POSIX message queues         (bytes, -q) 819200 real-time priority                  (-r) 0 stack size                  (kbytes, -s) 8192 cpu time                   (seconds, -t) unlimited max user processes                  (-u) 14339 virtual memory              (kbytes, -v) unlimited file locks                          (-x) unlimited

压测工具

[root@nginx-node1 logs]# dnf install httpd-tools -y
[root@nginx-node1 logs]# ab -n 100 -c 50 http://172.25.254.101/index.html This is ApacheBench, Version 2.3 <$Revision: 1903618 $> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Licensed to The Apache Software Foundation, http://www.apache.org/  Benchmarking 172.25.254.101 (be patient).....done   Server Software:        nginx/1.26.2 Server Hostname:        172.25.254.101 Server Port:            80  Document Path:          /index.html Document Length:        615 bytes  Concurrency Level:      50 Time taken for tests:   0.004 seconds Complete requests:      100 Failed requests:        0 Total transferred:      84800 bytes HTML transferred:       61500 bytes Requests per second:    25673.94 [#/sec] (mean) Time per request:       1.948 [ms] (mean) Time per request:       0.039 [ms] (mean, across all concurrent requests) Transfer rate:          21261.23 [Kbytes/sec] received  Connection Times (ms)               min  mean[+/-sd] median   max Connect:        0    1   0.3      1       1 Processing:     0    1   0.3      1       1 Waiting:        0    1   0.2      1       1 Total:          1    1   0.1      1       1  Percentage of the requests served within a certain time (ms)   50%      1   66%      1   75%      1   80%      1   90%      1   95%      1   98%      1   99%      1  100%      1 (longest request) 

查看日志,并发链接是否都OK。

[root@nginx-node1 logs]# cat /usr/local/nginx/logs/access.log 
[root@nginx-node1 logs]# ab -n 1000 -c 500 http://172.25.254.101/index.html This is ApacheBench, Version 2.3 <$Revision: 1903618 $> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Licensed to The Apache Software Foundation, http://www.apache.org/  Benchmarking 172.25.254.101 (be patient) Completed 100 requests Completed 200 requests Completed 300 requests Completed 400 requests Completed 500 requests Completed 600 requests Completed 700 requests Completed 800 requests Completed 900 requests Completed 1000 requests Finished 1000 requests   Server Software:        nginx/1.26.2 Server Hostname:        172.25.254.101 Server Port:            80  Document Path:          /index.html Document Length:        615 bytes  Concurrency Level:      500 Time taken for tests:   0.053 seconds Complete requests:      1000 Failed requests:        0 Total transferred:      848000 bytes HTML transferred:       615000 bytes Requests per second:    18830.97 [#/sec] (mean) Time per request:       26.552 [ms] (mean) Time per request:       0.053 [ms] (mean, across all concurrent requests) Transfer rate:          15594.40 [Kbytes/sec] received  Connection Times (ms)               min  mean[+/-sd] median   max Connect:        0   12   2.2     11      16 Processing:     5   11   3.4     10      17 Waiting:        0    5   2.4      5      17 Total:         12   22   2.9     23      27  Percentage of the requests served within a certain time (ms)   50%     23   66%     24   75%     24   80%     25   90%     26   95%     26   98%     27   99%     27  100%     27 (longest request)
[root@nginx-node1 logs]# ab -n 10000 -c 5000 http://172.25.254.101/index.html This is ApacheBench, Version 2.3 <$Revision: 1903618 $> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Licensed to The Apache Software Foundation, http://www.apache.org/  Benchmarking 172.25.254.101 (be patient) socket: Too many open files (24)
[root@nginx-node1 conf]# cd [root@nginx-node1 ~]# vim /etc/security/limits.conf 

[root@nginx-node1 ~]# vim /usr/local/nginx/conf/nginx.conf

[root@nginx-node1 ~]# nginx -s reload
[root@nginx-node1 logs]# ab -n 10000 -c 500 http://172.25.254.101/index.html This is ApacheBench, Version 2.3 <$Revision: 1903618 $> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Licensed to The Apache Software Foundation, http://www.apache.org/  Benchmarking 172.25.254.101 (be patient) Completed 1000 requests Completed 2000 requests Completed 3000 requests Completed 4000 requests Completed 5000 requests Completed 6000 requests Completed 7000 requests Completed 8000 requests Completed 9000 requests Completed 10000 requests Finished 10000 requests   Server Software:        nginx/1.26.2 Server Hostname:        172.25.254.101 Server Port:            80  Document Path:          /index.html Document Length:        615 bytes  Concurrency Level:      500 Time taken for tests:   0.403 seconds Complete requests:      10000 Failed requests:        0 Total transferred:      8480000 bytes HTML transferred:       6150000 bytes Requests per second:    24791.75 [#/sec] (mean) Time per request:       20.168 [ms] (mean) Time per request:       0.040 [ms] (mean, across all concurrent requests) Transfer rate:          20530.67 [Kbytes/sec] received  Connection Times (ms)               min  mean[+/-sd] median   max Connect:        0    8   3.7      7      24 Processing:     2   11   5.5     11      34 Waiting:        0    8   5.0      7      29 Total:          7   19   6.2     18      44  Percentage of the requests served within a certain time (ms)   50%     18   66%     20   75%     22   80%     24   90%     28   95%     33   98%     36   99%     38  100%     44 (longest request)

新建 PC Web 站点

[root@nginx-node1 ~]# vim /usr/local/nginx/conf/nginx.conf

[root@nginx-node1 ~]# mkdir -p /usr/local/nginx/conf.d
[root@nginx-node1 ~]# vim ~/.vimrc  set ts=4 ai sw=4
[root@nginx-node1 ~]# vim /usr/local/nginx/conf.d/vhost.conf  server {     listen 80;     server_name www.timinglee.org;     root /data/web/html;     index index.html; }
[root@nginx-node1 ~]# mkdir -p /data/web/html [root@nginx-node1 ~]# echo www.timinglee.org > /data/web/html/index.html [root@nginx-node1 ~]# nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@nginx-node1 ~]# nginx -s reload

本地解析

浏览器访问。

root

[root@nginx-node1 ~]# vim /usr/local/nginx/conf.d/vhost.conf  server {     listen 80;     server_name www.timinglee.org;     root /data/web/html;     index index.html;     location /test1/ {         root /data/web;     } }

查看错误日志。

[root@nginx-node1 ~]# tail /usr/local/nginx/logs/error.log 
[root@nginx-node1 ~]# mkdir -p /data/web/test1 [root@nginx-node1 ~]# echo /data/web/test1/ > /data/web/test1/index.html [root@nginx-node1 ~]# nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@nginx-node1 ~]# nginx -s reload

[root@nginx-node1 ~]# vim /usr/local/nginx/conf.d/vhost.conf  server {     listen 80;     server_name www.timinglee.org;     root /data/web/html;     index index.html;     location /test1/ {         root /data/web;     }      location /test2 {         alias /data/web/test1/;     } }
[root@nginx-node1 ~]# nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@nginx-node1 ~]# nginx -s reload

location

[root@nginx-node1 ~]# vim /usr/local/nginx/conf.d/vhost.conf  server {     listen 80;     server_name www.timinglee.org;     root /data/web/html;     index index.html;      location /test {         root /data/web;     }          }  [root@nginx-node1 ~]# mkdir /data/web/test -p [root@nginx-node1 ~]# echo test page > /data/web/test/index.html

[root@nginx-node1 ~]# vim /usr/local/nginx/conf.d/vhost.conf  server {     listen 80;     server_name www.timinglee.org;     root /data/web/html;     index index.html;      location /test {         root /data/web1;     }      location = /test {         root /data/web2;     } }  [root@nginx-node1 ~]# nginx -s reload [root@nginx-node1 ~]# mkdir /data/web{1,2} [root@nginx-node1 ~]# mkdir /data/web{1,2}/test [root@nginx-node1 ~]# echo web1 test > /data/web1/test/index.html [root@nginx-node1 ~]# echo web2 test > /data/web2/test/index.html

[root@nginx-node1 ~]# vim /usr/local/nginx/conf.d/vhost.conf   server {     listen 80;     server_name www.timinglee.org;     root /data/web/html;     index index.html;      location = /test {         root /data/web2;     }          location /test {         root /data/web1;     } }  [root@nginx-node1 ~]# nginx -s reload

[root@nginx-node1 ~]# vim /usr/local/nginx/conf.d/vhost.conf   server {     listen 80;     server_name www.timinglee.org;     root /data/web/html;     index index.html;      location = /test {         root /data/web2;     }      location /test {         root /data/web1;     }      location ^~ /t {         root /data/web1;     } }  [root@nginx-node1 ~]# nginx -s reload [root@nginx-node1 ~]# mkdir -p /data/web1/{test1,tee} [root@nginx-node1 ~]# echo test1 > /data/web1/test1/index.html [root@nginx-node1 ~]# echo tee > /data/web1/tee/index.html [root@nginx-node1 ~]# mkdir -p /data/web1/lee [root@nginx-node1 ~]# echo lee > /data/web1/lee/index.html

以什么结尾。

[root@nginx-node1 ~]# vim /usr/local/nginx/conf.d/vhost.conf  server {     listen 80;     server_name www.timinglee.org;     root /data/web/html;     index index.html;      location = /test {         root /data/web2;     }      location /test {         root /data/web1;     }      location ^~ /t {         root /data/web1;     }      location ~ \.html$ {         root /data/web1;     } }  [root@nginx-node1 ~]# nginx -s reload

以什么结尾且不区分大小写。

[root@nginx-node1 ~]# vim /usr/local/nginx/conf.d/vhost.conf   server {     listen 80;     server_name www.timinglee.org;     root /data/web/html;     index index.html;      location = /test {         root /data/web2;     }      location /test {         root /data/web1;     }      location ^~ /t {         root /data/web1;     }      location ~* \.HTML$ {         root /data/web1;     } }  [root@nginx-node1 ~]# nginx -s reload

[root@nginx-node1 ~]# vim /usr/local/nginx/conf.d/vhost.conf  server {     listen 80;     server_name www.timinglee.org;     root /data/web/html;     index index.html;      location = /test {         root /data/web2;     }      location /test {         root /data/web1;     }      location ^~ /t {         root /data/web1;     }      location ~* .(HTML|lee)$ {         root /data/web1;     } }  [root@nginx-node1 ~]# nginx -s reload [root@nginx-node1 ~]# echo index.lee > /data/web1/lee/index.html

[root@nginx-node1 ~]# vim /usr/local/nginx/conf.d/vhost.conf   server {     listen 80;     server_name www.timinglee.org;     root /data/web/html;     index index.html;      location = /test {         root /data/web2;     }      location /test {         root /data/web1;     }      location ^~ /t {         root /data/web1;     }      location ~ .(html|lee)$ {         root /data/web1;     } }  [root@nginx-node1 ~]# nginx -s reload

[root@nginx-node1 ~]# vim /usr/local/nginx/conf.d/vhost.conf  server {     listen 80;     server_name www.timinglee.org;     root /data/web/html;     index index.html;      location = /test {         root /data/web2;     }      location /test {         root /data/web1;     }      location ^~ /t {         root /data/web1;     }      location ~ .h*l$ {         root /data/web1;     } }  [root@nginx-node1 ~]# nginx -s reload

[root@nginx-node1 ~]# vim /usr/local/nginx/conf.d/vhost.conf   server {     listen 80;     server_name www.timinglee.org;     root /data/web/html;     index index.html;      location = /test {         root /data/web2;     }      location /test {         root /data/web1;     }      location ^~ /t {         root /data/web1;     }      location ~ .h.?ml$ {         root /data/web1;     } }  [root@nginx-node1 ~]# nginx -s reload

匹配多个示例。

[root@nginx-node1 ~]# vim /usr/local/nginx/conf.d/vhost.conf  server {     listen 80;     server_name www.timinglee.org;     root /data/web/html;     index index.html;      location = /test {         root /data/web2;     }      location /test {         root /data/web1;     }      location ^~ /t {         root /data/web1;     }      location ~ .(jpg|png|bamp)$ {         root /data/web1;     } }

目录测试优先级

[root@nginx-node1 ~]# vim /usr/local/nginx/conf.d/vhost.conf  server {     listen 80;     server_name www.timinglee.org;     root /data/web/html;     index index.html;      location = /test {         root /data/web2;     }      location /test {         root /data/web1;     }      location ^~ /t {         root /data/web3;     }      location ~ .html$ {         root /data/web4;     }      location ~* .HTML$ {         root /data/web5;     } }  [root@nginx-node1 ~]# nginx -s reload [root@nginx-node1 ~]# mkdir -p /data/web{1..5} [root@nginx-node1 ~]# mkdir -p /data/web{1..5}/test [root@nginx-node1 ~]# echo web1 > /data/web1/test/index.html [root@nginx-node1 ~]# echo web2 > /data/web2/test/index.html [root@nginx-node1 ~]# echo web3 > /data/web3/test/index.html [root@nginx-node1 ~]# echo web4 > /data/web4/test/index.html [root@nginx-node1 ~]# echo web5 > /data/web5/test/index.html

server {     listen 80;     server_name www.timinglee.org;     root /data/web/html;     index index.html;      location = /test {         root /data/web2;     }      location /test {         root /data/web1;     }      location ^~ /t {         root /data/web3;     }      location ~* .HTML$ {         root /data/web5;     }      location ~ .html$ {         root /data/web4;     }      }  [root@nginx-node1 ~]# vim /usr/local/nginx/conf.d/vhost.conf  [root@nginx-node1 ~]# nginx -s reload

[root@nginx-node1 ~]# vim /usr/local/nginx/conf.d/vhost.conf  server {     listen 80;     server_name www.timinglee.org;     root /data/web/html;     index index.html;      location = /test {         root /data/web2;     }      location /test {         root /data/web1;     }      location ^~ /t {         root /data/web3;     }  #   location ~* .HTML$ { #       root /data/web5; #   } # #   location ~ .html$ { #       root /data/web4; #   }   }   [root@nginx-node1 ~]# nginx -s reload

[root@nginx-node1 ~]# vim /usr/local/nginx/conf.d/vhost.conf   server {     listen 80;     server_name www.timinglee.org;     root /data/web/html;     index index.html;      location = /test {         root /data/web2;     }          location ^~ /t {         root /data/web3;     }  #   location /test { #       root /data/web1; #   }  #   location ~* .HTML$ { #       root /data/web5; #   } # #   location ~ .html$ { #       root /data/web4; #   }  [root@nginx-node1 ~]# nginx -s reload

[root@nginx-node1 ~]# vim /usr/local/nginx/conf.d/vhost.conf  server {     listen 80;     server_name www.timinglee.org;     root /data/web/html;     index index.html;      location ^~ /t {         root /data/web3;     }      location = /test {         root /data/web2;     }  #   location /test { #       root /data/web1; #   }  #   location ~* .HTML$ { #       root /data/web5; #   } # #   location ~ .html$ { #       root /data/web4; #   }   }   [root@nginx-node1 ~]# nginx -s reload

账户认证

[root@nginx-node1 ~]# htpasswd -cm /usr/local/nginx/.htpasswd admin New password:  Re-type new password:  Adding password for user admin  [root@nginx-node1 ~]# htpasswd -m /usr/local/nginx/.htpasswd lee New password:  Re-type new password:  Adding password for user lee 
[root@nginx-node1 ~]# cat /usr/local/nginx/.htpasswd  admin:$apr1$HAN5xE4.$63HFewC2Ge0xMht1jRmUZ0 lee:$apr1$eVf4S6aE$Yotxt68ymwMgKVZj/.vI2/
[root@nginx-node1 ~]# mkdir /data/web/lee [root@nginx-node1 ~]# echo lee > /data/web/lee/index.html
[root@nginx-node1 ~]# vim /usr/local/nginx/conf.d/vhost.conf   server {     listen 80;     server_name www.timinglee.org;     root /data/web/html;     index index.html;      location /lee {         root /data/web;     } }  [root@nginx-node1 ~]# nginx -s reload

微信截图_20240816115630

[root@nginx-node1 ~]# vim /usr/local/nginx/conf.d/vhost.conf   server {     listen 80;     server_name www.timinglee.org;     root /data/web/html;     index index.html;      location /lee {         root /data/web;         auth_basic "login password !!";         auth_basic_user_file "/usr/local/nginx/.htpasswd";     } }  [root@nginx-node1 ~]# nginx -s reload

自定义错误页面

[root@nginx-node1 ~]# vim /usr/local/nginx/conf.d/vhost.conf   server {     listen 80;     server_name www.timinglee.org;     root /data/web/html;     index index.html;     error_page 404 /40x.html;      location /lee {         root /data/web;         auth_basic "login password !!";         auth_basic_user_file "/usr/local/nginx/.htpasswd";     }      location = /40x.html {         root /data/web/errorpage;     } }  [root@nginx-node1 ~]# nginx -s reload
[root@nginx-node1 ~]# mkdir -p /data/web/errorpage [root@nginx-node1 ~]# echo error page > /data/web/errorpage/40x.html

错误

root@nginx-node1 ~]# vim /usr/local/nginx/conf.d/vhost.conf   server {     listen 80;     server_name www.timinglee.org;     root /data/web/html;     index index.html;     error_page  404 /40x.html;     error_log   /var/log/timinglee.org/error.log;     access_log  /var/log/timinglee.org/access.log;         location /lee {         root /data/web;         auth_basic "login password !!";         auth_basic_user_file "/usr/local/nginx/.htpasswd";     }      location = /40x.html {         root /data/web/errorpage;     } }  [root@nginx-node1 ~]# nginx -s reload
[root@nginx-node1 ~]# curl 172.25.254.101 www.timinglee.org [root@nginx-node1 ~]# cat /var/log/timinglee.org/access.log 172.25.254.101 - - [16/Aug/2024:14:39:05 +0800] "GET / HTTP/1.1" 200 18 "-" "curl/7.76.1"

失败日志

[C:\~]$ curl www.timinglee.org/aaa   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current                                  Dload  Upload   Total   Spent    Left  Speed 100   177  100   177    0     0  28139      0 --:--:-- --:--:-- --:--:-- 59000 <html> <head><title>500 Internal Server Error</title></head> <body> <center><h1>500 Internal Server Error</h1></center> <hr><center>nginx/1.26.2</center> </body> </html>
[root@nginx-node1 ~]# cat /var/log/timinglee.org/error.log  2024/08/16 14:55:17 [error] 61924#0: *12338 rewrite or internal redirection cycle while internally redirecting to "/error/default.html", client: 172.25.254.1, server: www.timinglee.org, request: "GET /test/ HTTP/1.1", host: "www.timinglee.org" 2024/08/16 14:57:34 [error] 61924#0: *12342 rewrite or internal redirection cycle while internally redirecting to "/error/default.html", client: 172.25.254.1, server: www.timinglee.org, request: "GET /aaa HTTP/1.1", host: "www.timinglee.org"

检测

添加本地解析

[root@nginx-node1 ~]# vim /etc/hosts  127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6 172.25.254.101  nginx-node1.timinglee.org www.timinglee.org

[root@nginx-node1 ~]# vim /usr/local/nginx/conf.d/vhost.conf   server {     listen 80;     server_name www.timinglee.org;     root /data/web/html;     index index.html;     error_page  404 /40x.html;     error_log   /var/log/timinglee.org/error.log;     access_log  /var/log/timinglee.org/access.log;     try_files $uri $uri.html $uri/index.html /error/default.html;      location /lee {         root /data/web;         auth_basic "login password !!";         auth_basic_user_file "/usr/local/nginx/.htpasswd";     }      location = /40x.html {         root /data/web/errorpage;     } }  [root@nginx-node1 ~]# nginx -s reload
[C:\~]$ curl www.timinglee.org   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current                                  Dload  Upload   Total   Spent    Left  Speed 100    18  100    18    0     0   1651      0 --:--:-- --:--:-- --:--:--  2250 www.timinglee.org
[root@nginx-node1 ~]# rm -rf /data/web/html/index.html  [root@nginx-node1 ~]# rm -rf /data/web/html/error/
[C:\~]$ curl www.timinglee.org   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current                                  Dload  Upload   Total   Spent    Left  Speed 100   177  100   177    0     0  17450      0 --:--:-- --:--:-- --:--:-- 22125 <html> <head><title>500 Internal Server Error</title></head> <body> <center><h1>500 Internal Server Error</h1></center> <hr><center>nginx/1.26.2</center> </body> </html>
[root@nginx-node1 ~]# mkdir /data/web/html/error [root@nginx-node1 ~]# echo error default > /data/web/html/error/default.html
[C:\~]$ curl www.timinglee.org   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current                                  Dload  Upload   Total   Spent    Left  Speed 100    14  100    14    0     0   2507      0 --:--:-- --:--:-- --:--:--  4666 error default

长链接

[root@nginx-node1 ~]# vim /usr/local/nginx/conf/nginx.conf

链接65秒后断开;最大允许链接数为2,超出链接停止。

[root@nginx-node1 ~]# nginx -s reload

下载检测长链接的软件

[root@nginx-node1 ~]# dnf install telnet -y
[root@nginx-node1 ~]# echo www.timinglee.org > /data/web/html/index.html

curl 自动检测链接数量

[C:\~]$ curl -v www.timinglee.org   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current                                  Dload  Upload   Total   Spent    Left  Speed   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Host www.timinglee.org:80 was resolved. * IPv6: (none) * IPv4: 172.25.254.101 *   Trying 172.25.254.101:80... * Connected to www.timinglee.org (172.25.254.101) port 80 > GET / HTTP/1.1 > Host: www.timinglee.org > User-Agent: curl/8.8.0 > Accept: */* >  * Request completely sent off < HTTP/1.1 200 OK < Server: nginx/1.26.2 < Date: Fri, 16 Aug 2024 07:50:16 GMT < Content-Type: text/html < Content-Length: 18 < Last-Modified: Fri, 16 Aug 2024 07:47:46 GMT < Connection: keep-alive < ETag: "66bf0422-12" < Accept-Ranges: bytes <  { [18 bytes data] 100    18  100    18    0     0   3101      0 --:--:-- --:--:-- --:--:--  6000 * Connection #0 to host www.timinglee.org left intact www.timinglee.org 

telnet 手动输入检测链接数量,输入两次后自动断开。

[root@nginx-node1 ~]# telnet www.timinglee.org 80 Trying 172.25.254.101... Connected to www.timinglee.org. Escape character is '^]'. Connection closed by foreign host. [root@nginx-node1 ~]# telnet www.timinglee.org 80 Trying 172.25.254.101... Connected to www.timinglee.org. Escape character is '^]'. GET / HTTP/1.1 Host: www.timinglee.org  HTTP/1.1 200 OK Server: nginx/1.26.2 Date: Fri, 16 Aug 2024 07:31:50 GMT Content-Type: text/html Content-Length: 14 Last-Modified: Fri, 16 Aug 2024 07:02:27 GMT Connection: keep-alive ETag: "66bef983-e" Accept-Ranges: bytes  error default   GET / HTTP/1.1 Host: www.timinglee.org  HTTP/1.1 200 OK Server: nginx/1.26.2 Date: Fri, 16 Aug 2024 07:32:29 GMT Content-Type: text/html Content-Length: 14 Last-Modified: Fri, 16 Aug 2024 07:02:27 GMT Connection: close ETag: "66bef983-e" Accept-Ranges: bytes  error default Connection closed by foreign host. [root@nginx-node1 ~]#  

实际链接保持时间65秒,客户只能看到60秒。

[root@nginx-node1 ~]# vim /usr/local/nginx/conf/nginx.conf

下载服务器

创建下载目录

[root@nginx-node1 ~]# mkdir /data/web/download [root@nginx-node1 ~]# dd if=/dev/zero of=/data/web/download/leefile bs=1M count=100 100+0 records in 100+0 records out 104857600 bytes (105 MB, 100 MiB) copied, 0.0311488 s, 3.4 GB/s
[root@nginx-node1 ~]# vim /usr/local/nginx/conf.d/vhost.conf   server {     listen 80;     server_name www.timinglee.org;     root /data/web/html;     index index.html;     error_page  404 /40x.html;     error_log   /var/log/timinglee.org/error.log;     access_log  /var/log/timinglee.org/access.log;     try_files $uri $uri.html $uri/index.html /error/default.html;      location /lee {         root /data/web;         auth_basic "login password !!";         auth_basic_user_file "/usr/local/nginx/.htpasswd";     }      location =  /40x.html {         root /data/web/errorpage;     }      location /download {         root /data/web;         autoindex on;     } }

[root@nginx-node1 ~]# nginx -s reload

[C:\~]$ curl www.timinglee.org/download/   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current                                  Dload  Upload   Total   Spent    Left  Speed 100   265    0   265    0     0  24141      0 --:--:-- --:--:-- --:--:-- 33125 <html> <head><title>Index of /download/</title></head> <body> <h1>Index of /download/</h1><hr><pre><a href="../">../</a> <a href="leefile">leefile</a>                                            16-Aug-2024 07:56           104857600 </pre><hr></body> </html> 

改格林尼治时间和字节大小。

[root@nginx-node1 ~]# vim /usr/local/nginx/conf.d/vhost.conf  server {     listen 80;     server_name www.timinglee.org;     root /data/web/html;     index index.html;     error_page  404 /40x.html;     error_log   /var/log/timinglee.org/error.log;     access_log  /var/log/timinglee.org/access.log;     try_files $uri $uri.html $uri/index.html /error/default.html;      location /lee {         root /data/web;         auth_basic "login password !!";         auth_basic_user_file "/usr/local/nginx/.htpasswd";     }      location =  /40x.html {         root /data/web/errorpage;     }      location /download {         root /data/web;         autoindex on;         autoindex_localtime on;         autoindex_exact_size off;     } }

微信截图_20240816161815

[root@nginx-node1 ~]# nginx -s reload

限速

[root@nginx-node1 ~]# wget http://www.timinglee.org/download/leefile --2024-08-16 16:27:02--  http://www.timinglee.org/download/leefile Resolving www.timinglee.org (www.timinglee.org)... 172.25.254.101 Connecting to www.timinglee.org (www.timinglee.org)|172.25.254.101|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 104857600 (100M) [application/octet-stream] Saving to: ‘leefile’  leefile              100%[======================>] 100.00M   456MB/s    in 0.2s      2024-08-16 16:27:02 (456 MB/s) - ‘leefile’ saved [104857600/104857600]

[root@nginx-node1 ~]# vim /usr/local/nginx/conf.d/vhost.conf  server {     listen 80;     server_name www.timinglee.org;     root /data/web/html;     index index.html;     error_page  404 /40x.html;     error_log   /var/log/timinglee.org/error.log;     access_log  /var/log/timinglee.org/access.log;     try_files $uri $uri.html $uri/index.html /error/default.html;      location /lee {         root /data/web;         auth_basic "login password !!";         auth_basic_user_file "/usr/local/nginx/.htpasswd";     }      location =  /40x.html {         root /data/web/errorpage;     }      location /download {         root /data/web;         autoindex on;         autoindex_localtime on;         autoindex_exact_size off;         limit_rate 1024k;     } }

[root@nginx-node1 ~]# nginx -s reload
[root@nginx-node1 ~]# wget http://www.timinglee.org/download/leefile --2024-08-16 16:28:23--  http://www.timinglee.org/download/leefile Resolving www.timinglee.org (www.timinglee.org)... 172.25.254.101 Connecting to www.timinglee.org (www.timinglee.org)|172.25.254.101|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 104857600 (100M) [application/octet-stream] Saving to: ‘leefile.1’  leefile.1            100%[======================>] 100.00M  1.04MB/s    in 99s       2024-08-16 16:30:02 (1.01 MB/s) - ‘leefile.1’ saved [104857600/104857600]

错误状态页面

[root@nginx-node1 ~]# nginx -V nginx version: nginx/1.26.2 built by gcc 11.4.1 20231218 (Red Hat 11.4.1-3) (GCC)  built with OpenSSL 3.0.7 1 Nov 2022 TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_gzip_static_module --with-http_stub_status_module --with-pcre --with-stream --with-stream_ssl_module --add-module=/root/echo-nginx-module-0.63
[root@nginx-node1 ~]# cd /usr/local/nginx/conf.d/ [root@nginx-node1 conf.d]# vim status.conf  server {     listen 80;     server_name status.timinglee.org;     root /data/web/html;     index index.html;      location /status {         stub_status;     } }  [root@nginx-node1 conf.d]# nginx -s reload

[root@nginx-node1 conf.d]# vim status.conf  server {     listen 80;     server_name status.timinglee.org;     root /data/web/html;     index index.html;      location /status {         stub_status;         auth_basic "login";         auth_basic_user_file "/usr/local/nginx/.htpasswd"     } }  [root@nginx-node1 conf.d]# nginx -s reload

微信截图_20240816164540

[root@nginx-node1 conf.d]# vim status.conf  server {     listen 80;     server_name status.timinglee.org;     root /data/web/html;     index index.html;      location /status {         stub_status;         #auth_basic "login";         #auth_basic_user_file "/usr/local/nginx/.htpasswd";         allow 172.25.254.1;         deny all;     } }  [root@nginx-node1 conf.d]# nginx -s reload
[root@nginx-node1 conf.d]# vim /etc/hosts   127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6 172.25.254.101  nginx-node1.timinglee.org www.timinglee.org status.timinglee.org
[C:\~]$ curl status.timinglee.org/status/   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current                                  Dload  Upload   Total   Spent    Left  Speed 100   109  100   109    0     0  10094      0 --:--:-- --:--:-- --:--:-- 13625 Active connections: 1                        server accepts handled requests                                                       12362 12362 11167                                                                          Reading: 0 Writing: 1 Waiting: 0 

压缩功能

[root@nginx-node1 ~]# vim /usr/local/nginx/conf/nginx.conf  gzip  on;     gzip_comp_level 5;     gzip_min_length 1k;     gzip_http_version 1.1;     gzip_vary on;     gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/gif image/png;

[root@nginx-node1 ~]# nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@nginx-node1 ~]# nginx -s reload
[root@nginx-node1 ~]# echo hello timinglee > /data/web/html/small.html [root@nginx-node1 ~]# du -sh /usr/local/nginx/logs/access.log  1.3M	/usr/local/nginx/logs/access.log [root@nginx-node1 ~]# cat /usr/local/nginx/logs/access.log > /data/web/html/big.html
[C:\~]$ curl --head --compressed 172.25.254.101/small.html   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current                                  Dload  Upload   Total   Spent    Left  Speed   0    16    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0 HTTP/1.1 200 OK Server: nginx/1.26.2 Date: Fri, 16 Aug 2024 11:40:20 GMT Content-Type: text/html Content-Length: 16 Last-Modified: Fri, 16 Aug 2024 11:36:09 GMT Connection: keep-alive Keep-Alive: timeout=60 ETag: "66bf39a9-10" Accept-Ranges: bytes
[C:\~]$ curl --head --compressed 172.25.254.101/big.html   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current                                  Dload  Upload   Total   Spent    Left  Speed   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0 HTTP/1.1 200 OK Server: nginx/1.26.2 Date: Fri, 16 Aug 2024 11:41:47 GMT Content-Type: text/html Last-Modified: Fri, 16 Aug 2024 11:39:07 GMT Connection: keep-alive Keep-Alive: timeout=60 Vary: Accept-Encoding ETag: W/"66bf3a5b-13f8ca" Content-Encoding: gzip

变量

内置变量

[root@nginx-node1 ~]# cd /usr/local/nginx/conf.d/ [root@nginx-node1 conf.d]# ls status.conf  vhost.conf [root@nginx-node1 conf.d]# vim vars.conf  server {     listen 80;     server_name var.timinglee.org;     root /data/web/html;     index index.html;          location /var {     default_type text/html;     echo $remote_addr;     echo $args;     echo $is_args;     echo $document_root;     echo $document_uri;     echo $host;     echo $remote_port;     echo $remote_user;     echo $request_method;     echo $request_filename;     echo $request_uri;     echo $scheme;     echo $server_protocol;     echo $server_addr;     echo $server_name;     echo $server_port;     echo $http_user_agent;     echo $http_cookie;     echo $cookie_key2;     } }  [root@nginx-node1 conf.d]# nginx -s reload
[root@nginx-node1 conf.d]# vim /etc/hosts  127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6 172.25.254.101  nginx-node1.timinglee.org www.timinglee.org status.timinglee.org var .timinglee.org
[root@nginx-node1 conf.d]# curl -b "key1=lee,key2=lee1" -u lee:lee var.timinglee.org/var?name=lee&&id=6666 172.25.254.101 name=lee ? /data/web/html /var var.timinglee.org 34938 lee GET /data/web/html/var /var?name=lee http HTTP/1.1 172.25.254.101 var.timinglee.org 80 curl/7.76.1 key1=lee,key2=lee1 lee1 

自定义用户变量

[root@nginx-node1 conf.d]# vim vars.conf  server {     listen 80;     server_name var.timinglee.org;     root /data/web/html;     index index.html;      location /var {     default_type text/html;     set $timinglee lee;     echo $timinglee;     } }  [root@nginx-node1 conf.d]# nginx -s reload  [root@nginx-node1 conf.d]# curl -b "key1=lee,key2=lee1" -u lee:lee var.timinglee.org/var?name=lee&&id=6666 lee

if 判定

[root@nginx-node1 conf.d]# vim vars.conf  server {     listen 80;     server_name var.timinglee.org;     root /data/web/html;     index index.html;      location /test2 {     if ( !-e $request_filename ){         echo "$request_filename is not exist";         }     }    }  [root@nginx-node1 conf.d]# nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@nginx-node1 conf.d]# nginx -s reload
[root@nginx-node1 conf.d]# mkdir -p /data/web/html/test2/ [root@nginx-node1 conf.d]# echo test2 > /data/web/html/test2/index.html [root@nginx-node1 conf.d]# curl var.timinglee.org/test2/index.html test2
[root@nginx-node1 conf.d]# rm -rf /data/web/html/test2/index.html  [root@nginx-node1 conf.d]# curl var.timinglee.org/test2/index.html /data/web/html/test2/index.html is not exist

break

[root@nginx-node1 conf.d]# vim vars.conf  server {     listen 80;     server_name var.timinglee.org;     root /data/web/html;     index index.html;          location /break {         default_type text/html;         set $name lee;         echo $name;         set $id 666;         echo $id;     } }  [root@nginx-node1 conf.d]# nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@nginx-node1 conf.d]# nginx -s reload
[root@nginx-node1 conf.d]# curl var.timinglee.org/break lee 666

[root@nginx-node1 conf.d]# vim vars.conf  server {     listen 80;     server_name var.timinglee.org;     root /data/web/html;     index index.html;          location /break {         default_type text/html;         set $name lee;         echo $name;         if ( $http_user_agent = "curl/7.76.1" ){             break;         }         set $id 666;         echo $id;     } }  [root@nginx-node1 conf.d]# nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@nginx-node1 conf.d]# nginx -s reload
[root@nginx-node1 conf.d]# curl var.timinglee.org/break lee  [root@nginx-node1 conf.d]# curl -A "firefox" var.timinglee.org/break lee 666

return

[root@nginx-node1 conf.d]# vim vars.conf  server {     listen 80;     server_name var.timinglee.org;     root /data/web/html;     index index.html;              location /return {         default_type text/html;         if ( !-e $request_filename){             return 301 http://www.baidu.com;         }         echo "$request_filename is exist";     } }  [root@nginx-node1 conf.d]# nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@nginx-node1 conf.d]# nginx -s reload
[root@nginx-node1 conf.d]# curl -I var.timinglee.org/return HTTP/1.1 301 Moved Permanently Server: nginx/1.26.2 Date: Sun, 18 Aug 2024 05:14:35 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive Keep-Alive: timeout=60 Location: http://www.baidu.com  [root@nginx-node1 conf.d]# mkdir -p /data/web/html/return [root@nginx-node1 conf.d]# curl -I var.timinglee.org/return HTTP/1.1 200 OK Server: nginx/1.26.2 Date: Sun, 18 Aug 2024 05:15:15 GMT Content-Type: text/html Connection: keep-alive Keep-Alive: timeout=60 Vary: Accept-Encoding

rewrite

[root@nginx-node1 conf.d]# vim vars.conf  server {     listen 80;     server_name var.timinglee.org;     root /data/web/html;     index index.html;              location / {         root /data/web/var;         index index.html;         #rewrite / http://www.timinglee.com permanent;         #rewrite / http://www.timinglee.com redirect;     } }  [root@nginx-node1 conf.d]# nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@nginx-node1 conf.d]# nginx -s reload
[root@nginx-node1 conf.d]# mkdir /data/web/var -p [root@nginx-node1 conf.d]# echo var page > /data/web/var/index.html [root@nginx-node1 conf.d]# curl var.timinglee.org var page [root@nginx-node1 conf.d]# curl www.timinglee.org www.timinglee.org
[root@nginx-node1 conf.d]# vim vars.conf  server {     listen 80;     server_name var.timinglee.org;     root /data/web/html;     index index.html;              location / {         root /data/web/var;         index index.html;         rewrite / http://www.timinglee.com permanent;         #rewrite / http://www.timinglee.com redirect;     } }  [root@nginx-node1 conf.d]# nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@nginx-node1 conf.d]# nginx -s reload
[root@nginx-node1 conf.d]# curl var.timinglee.org <html> <head><title>301 Moved Permanently</title></head> <body> <center><h1>301 Moved Permanently</h1></center> <hr><center>nginx/1.26.2</center> </body> </html> [root@nginx-node1 conf.d]# curl -I var.timinglee.org HTTP/1.1 301 Moved Permanently Server: nginx/1.26.2 Date: Sun, 18 Aug 2024 05:24:08 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive Keep-Alive: timeout=60 Location: http://www.timinglee.com

做 windows 本地解析。

在 windows 浏览器输入 var.timinglee.org 回车访问

微信截图_20240818132736

临时重定向

[root@nginx-node1 conf.d]# vim vars.conf  server {     listen 80;     server_name var.timinglee.org;     root /data/web/html;     index index.html;      location / {         root /data/web/var;         index index.html;         #rewrite / http://www.timinglee.com permanent;         rewrite / http://www.timinglee.com redirect;     } }  [root@nginx-node1 conf.d]# nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@nginx-node1 conf.d]# nginx -s reload
[root@nginx-node1 conf.d]# curl -I var.timinglee.org HTTP/1.1 302 Moved Temporarily Server: nginx/1.26.2 Date: Sun, 18 Aug 2024 05:32:40 GMT Content-Type: text/html Content-Length: 145 Connection: keep-alive Keep-Alive: timeout=60 Location: http://www.timinglee.com

break 和 last 的区别

[root@nginx-node1 conf.d]# mkdir /data/web/html/{test1,test2,break,last} -p [root@nginx-node1 conf.d]# echo test1 > /data/web/html/test1/index.html [root@nginx-node1 conf.d]# echo test2 > /data/web/html/test2/index.html [root@nginx-node1 conf.d]# echo last > /data/web/html/last/index.html [root@nginx-node1 conf.d]# echo break > /data/web/html/break/index.html
[root@nginx-node1 conf.d]# vim vars.conf  server {     listen 80;     server_name var.timinglee.org;     root /data/web/html;     index index.html;      location /break {         rewrite ^/break/(.*) /test1/$1;         rewrite ^/test1/(.*) /test2/$1;     }      location /last {         rewrite ^/last/(.*) /test1/$1;         rewrite ^/test1/(.*) /test2/$1;     }      location /test1 {         default_type text/html;         echo "timinglee hahahahaha";     }      location /test2 {         root /data/web/html;     } }   [root@nginx-node1 conf.d]# nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@nginx-node1 conf.d]# nginx -s reload

微信截图_20240818140644

区别

[root@nginx-node1 conf.d]# vim vars.conf  server {     listen 80;     server_name var.timinglee.org;     root /data/web/html;     index index.html;      location /break {         rewrite ^/break/(.*) /test1/$1 break;         rewrite ^/test1/(.*) /test2/$1;     }      location /last {         rewrite ^/last/(.*) /test1/$1 last;         rewrite ^/test1/(.*) /test2/$1;     }      location /test1 {         default_type text/html;         echo "timinglee hahahahaha";     }      location /test2 {         root /data/web/html;     } }   [root@nginx-node1 conf.d]# nginx -s reload
[C:\~]$ curl var.timinglee.org/break/index.html   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current                                  Dload  Upload   Total   Spent    Left  Speed 100     6  100     6    0     0   1056      0 --:--:-- --:--:-- --:--:--  2000 test1  [C:\~]$ curl var.timinglee.org/last/index.html   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current                                  Dload  Upload   Total   Spent    Left  Speed 100    21    0    21    0     0   3695      0 --:--:-- --:--:-- --:--:--  7000 timinglee hahahahaha
[root@nginx-node1 conf.d]# cat /data/web/test1/index.html  /data/web/test1/

全站加密

[root@nginx-node1 conf.d]# cd /usr/local/nginx/ [root@nginx-node1 nginx]# mkdir certs [root@nginx-node1 nginx]# cd
[root@nginx-node1 ~]# openssl req -newkey rsa:2048 -nodes -sha256 -keyout /usr/local/nginx/certs/timinglee.org.key -x509 -days 365 -out /usr/local/nginx/certs/timinglee.org.crt  ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:Shaanxi Locality Name (eg, city) [Default City]:Xi'an Organization Name (eg, company) [Default Company Ltd]:timinglee Organizational Unit Name (eg, section) []:webserver Common Name (eg, your name or your server's hostname) []:www.timinglee.org Email Address []:admin@timinglee.org  [root@nginx-node1 ~]# cd /usr/local/nginx/certs/ [root@nginx-node1 certs]# ls timinglee.org.crt  timinglee.org.key
[root@web11 ~]# dnf install httpd -y [root@web11 ~]# systemctl start httpd [root@web11 ~]# systemctl enable --now httpd Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@web11 ~]# cd /var/www/html/ [root@web11 html]# init 5

远程连接 nginx-node1 主机。

[root@web11 html]# ssh -l root 172.25.254.101 The authenticity of host '172.25.254.101 (172.25.254.101)' can't be established. ED25519 key fingerprint is SHA256:Wiq6KITBqBEkI5Rs1GAY5A19AOAZlEjtu5UXaX+yCOY. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '172.25.254.101' (ED25519) to the list of known hosts. root@172.25.254.101's password:  Activate the web console with: systemctl enable --now cockpit.socket  Register this system with Red Hat Insights: insights-client --register Create an account or view all your systems at https://red.ht/insights-dashboard Last login: Sun Aug 18 18:52:48 2024 from 172.25.254.1 [root@nginx-node1 ~]# vim /usr/local/nginx/conf/nginx.conf

新建子配置文件并编辑。

[root@nginx-node1 certs]# cd /usr/local/nginx/conf.d/ [root@nginx-node1 conf.d]# vim vhosts.conf   server {     listen 80;     listen 443 ssl;     server_name www.timinglee.org;     root /data/web/html;     index index.html;     ssl_certificate /usr/local/nginx/certs/timinglee.org.crt;     ssl_certificate_key /usr/local/nginx/certs/timinglee.org.key;     ssl_session_cache    shared:SSL:1m;     ssl_session_timeout  5m; }  [root@nginx-node1 conf.d]# nginx -t nginx: [warn] conflicting server name "www.timinglee.org" on 0.0.0.0:80, ignored nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@nginx-node1 conf.d]# nginx -s reload nginx: [warn] conflicting server name "www.timinglee.org" on 0.0.0.0:80, ignored

[root@nginx-node1 conf.d]# vim vhosts.conf ​ server {     listen 80;     listen 443 ssl;     server_name www.timinglee.org;     root /data/web/html;     index index.html;     ssl_certificate /usr/local/nginx/certs/timinglee.org.crt;     ssl_certificate_key /usr/local/nginx/certs/timinglee.org.key;     ssl_session_cache    shared:SSL:1m;     ssl_session_timeout  5m; ​     location / {     if ( $scheme = http ){         rewrite / https://$host redirect;         }     } } ​ [root@nginx-node1 conf.d]# nginx -t nginx: [warn] conflicting server name "www.timinglee.org" on 0.0.0.0:80, ignored nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@nginx-node1 conf.d]# nginx -s reload nginx: [warn] conflicting server name "www.timinglee.org" on 0.0.0.0:80, ignored

实现 FastCGI

环境安装

源码安装nginx
[root@nginx-node1 ~]# cd /usr/local/ [root@nginx-node1 local]# ls bin  games    lib    libexec  sbin   src etc  include  lib64  nginx    share [root@nginx-node1 local]# rm -rf /usr/local/nginx/
[root@nginx-node1 local]# cd [root@nginx-node1 ~]# ls anaconda-ks.cfg                nginx-1.24.0 echo-nginx-module-0.63         nginx-1.24.0.tar.gz echo-nginx-module-0.63.tar.gz  nginx-1.26.2 leefile                        nginx-1.26.2.tar.gz leefile.1                      vmset.sh ​ [root@nginx-node1 ~]# rz -E ​ [root@nginx-node1 ~]# ls anaconda-ks.cfg                nginx-1.24.0 echo-nginx-module-0.63         nginx-1.24.0.tar.gz echo-nginx-module-0.63.tar.gz  nginx-1.26.2 leefile                        nginx-1.26.2.tar.gz leefile.1                      srcache-nginx-module-0.33.tar.gz memc-nginx-module-0.20.tar.gz  vmset.sh ​ [root@nginx-node1 ~]# tar zxf memc-nginx-module-0.20.tar.gz  [root@nginx-node1 ~]# tar zxf srcache-nginx-module-0.33.tar.gz  [root@nginx-node1 ~]# ls anaconda-ks.cfg                nginx-1.24.0 echo-nginx-module-0.63         nginx-1.24.0.tar.gz echo-nginx-module-0.63.tar.gz  nginx-1.26.2 leefile                        nginx-1.26.2.tar.gz leefile.1                      srcache-nginx-module-0.33 memc-nginx-module-0.20         srcache-nginx-module-0.33.tar.gz memc-nginx-module-0.20.tar.gz  vmset.sh

新开会话。

[root@nginx-node1 ~]# cd nginx-1.26.2/ [root@nginx-node1 nginx-1.26.2]# ./configure --help | less 按q 退出

检测环境。

[root@nginx-node1 nginx-1.26.2]# ./configure --prefix=/usr/local/nginx \ > --add-module=/root/echo-nginx-module-0.63 \ > --add-module=/root/memc-nginx-module-0.20 \ > --add-module=/root/srcache-nginx-module-0.33 \ > --user=nginx \ > --group=nginx \ > --with-http_v2_module \ > --with-http_realip_module \ > --with-http_stub_status_module \ > --with-http_gzip_static_module \ > --with-stream \ > --with-stream_ssl_module \ > --with-stream_realip_module \ > --with-pcre 
[root@nginx-node1 nginx-1.26.2]# make && make install
源码安装php
[root@nginx-node1 nginx-1.26.2]# cd [root@nginx-node1 ~]# rz -E  [root@nginx-node1 ~]# ls anaconda-ks.cfg                nginx-1.24.0.tar.gz echo-nginx-module-0.63         nginx-1.26.2 echo-nginx-module-0.63.tar.gz  nginx-1.26.2.tar.gz leefile                        php-8.3.9.tar.gz leefile.1                      srcache-nginx-module-0.33 memc-nginx-module-0.20         srcache-nginx-module-0.33.tar.gz memc-nginx-module-0.20.tar.gz  vmset.sh nginx-1.24.0 [root@nginx-node1 ~]# tar zxf php-8.3.9.tar.gz 

下载依赖。

[root@nginx-node1 ~]# yum install -y bzip2 systemd-devel libxml2-devel sqlite-devel   libpng-devel libcurl-devel oniguruma-devel  Complete! -bash: libpng-devel: command not found
[root@nginx-node1 ~]# dnf search libpng-devel Updating Subscription Management repositories. Unable to read consumer identity  This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register.  Last metadata expiration check: 0:04:46 ago on Mon 19 Aug 2024 11:38:11 AM CST. ======================== Name Exactly Matched: libpng-devel ======================== libpng-devel.i686 : Development tools for programs to manipulate PNG image format                   : files libpng-devel.x86_64 : Development tools for programs to manipulate PNG image format                     : files                      [root@nginx-node1 ~]# yum install libpng-devel.x86_64 -y

环境监测。

[root@nginx-node1 ~]# cd php-8.3.9/ [root@nginx-node1 php-8.3.9]# ./configure \ > --prefix=/usr/local/php \ > --enable-fpm  \ > --with-fpm-user=nginx \ > --with-fpm-group=nginx \ > --with-curl \ > --with-iconv \ > --with-mhash \ > --with-zlib \ > --with-openssl \ > --enable-mysqlnd \ > --with-mysqli \ > --with-pdo-mysql \ > --disable-debug \ > --enable-sockets \ > --enable-soap \ > --enable-xml \ > --enable-ftp \ > --enable-gd \ > --enable-exif \ > --enable-mbstring \ > --enable-bcmath \ > --with-fpm-systemd

差包

Package 'libcurl', required by 'virtual:world', not found  Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix.  Alternatively, you may set the environment variables CURL_CFLAGS and CURL_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details.  [root@nginx-node1 php-8.3.9]# dnf search libcurl Updating Subscription Management repositories. Unable to read consumer identity  This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register.  Last metadata expiration check: 0:26:30 ago on Mon 19 Aug 2024 11:38:11 AM CST. ========================== Name Exactly Matched: libcurl =========================== libcurl.x86_64 : A library for getting files from web servers libcurl.i686 : A library for getting files from web servers ========================= Name & Summary Matched: libcurl ========================== libcurl-devel.i686 : Files needed for building applications with libcurl libcurl-devel.x86_64 : Files needed for building applications with libcurl libcurl-minimal.i686 : Conservatively configured build of libcurl for minimal                      : installations libcurl-minimal.x86_64 : Conservatively configured build of libcurl for minimal                        : installations ============================= Summary Matched: libcurl ============================= python3-pycurl.x86_64 : Python interface to libcurl for Python 3 [root@nginx-node1 php-8.3.9]# dnf install libcurl-devel.x86_64 -y 

继续检测。

./configure  --prefix=/usr/local/php  --enable-fpm   --with-fpm-user=nginx  --with-fpm-group=nginx  --with-curl  --with-iconv  --with-mhash  --with-zlib  --with-openssl  --enable-mysqlnd  --with-mysqli  --with-pdo-mysql  --disable-debug  --enable-sockets  --enable-soap  --enable-xml --enable-ftp  --enable-gd  --enable-exif  --enable-mbstring  --enable-bcmath  --with-fpm-systemd

差包。

configure: error: Package requirements (oniguruma) were not met:  Package 'oniguruma', required by 'virtual:world', not found  Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix.  Alternatively, you may set the environment variables ONIG_CFLAGS and ONIG_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. [root@nginx-node1 php-8.3.9]# dnf search oniguruma Updating Subscription Management repositories. Unable to read consumer identity  This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register.  Last metadata expiration check: 1:16:16 ago on Mon 19 Aug 2024 11:38:11 AM CST. ========================= Name Exactly Matched: oniguruma ========================== oniguruma.x86_64 : Regular expressions library oniguruma.i686 : Regular expressions library  [root@nginx-node1 php-8.3.9]# dnf install oniguruma.x86_64 -y Updating Subscription Management repositories. Unable to read consumer identity  This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register.  Last metadata expiration check: 1:20:02 ago on Mon 19 Aug 2024 11:38:11 AM CST. Package oniguruma-6.9.6-1.el9.5.x86_64 is already installed. Dependencies resolved. Nothing to do. Complete! [root@nginx-node1 php-8.3.9]# 

去阿里云找包下载。

[root@nginx-node1 ~]# wget https://mirrors.aliyun.com/rockylinux/9.4/devel/x86_64/kickstart/Packages/o/oniguruma-devel-6.9.6-1.el9.5.x86_64.rpm  [root@nginx-node1 ~]# ls anaconda-ks.cfg                nginx-1.26.2 echo-nginx-module-0.63         nginx-1.26.2.tar.gz echo-nginx-module-0.63.tar.gz  oniguruma-devel-6.9.6-1.el9.5.x86_64.rpm leefile                        php-8.3.9 leefile.1                      php-8.3.9.tar.gz memc-nginx-module-0.20         srcache-nginx-module-0.33 memc-nginx-module-0.20.tar.gz  srcache-nginx-module-0.33.tar.gz nginx-1.24.0                   vmset.sh nginx-1.24.0.tar.gz [root@nginx-node1 ~]# dnf list oniguruma-6.9.6-1.el9.5.i686  Updating Subscription Management repositories. Unable to read consumer identity  This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register.  Last metadata expiration check: 1:37:09 ago on Mon 19 Aug 2024 11:38:11 AM CST. Available Packages oniguruma.i686                         6.9.6-1.el9.5                          baseos [root@nginx-node1 ~]# dnf install oniguruma-devel-6.9.6-1.el9.5.x86_64.rpm -y

继续检测。

[root@nginx-node1 php-8.3.9]# ./configure  --prefix=/usr/local/php  --enable-fpm   --with-fpm-user=nginx  --with-fpm-group=nginx  --with-curl  --with-iconv  --with-mhash  --with-zlib  --with-openssl  --enable-mysqlnd  --with-mysqli  --with-pdo-mysql  --disable-debug  --enable-sockets  --enable-soap  --enable-xml --enable-ftp  --enable-gd  --enable-exif  --enable-mbstring  --enable-bcmath  --with-fpm-systemd  ....... +--------------------------------------------------------------------+ | License:                                                           | | This software is subject to the PHP License, available in this     | | distribution in the file LICENSE. By continuing this installation  | | process, you are bound by the terms of this license agreement.     | | If you do not agree with the terms of this license, you must abort | | the installation process at this point.                            | +--------------------------------------------------------------------+  Thank you for using PHP.

编译。

[root@nginx-node1 php-8.3.9]# make && make install

phpn相关配置优化

[root@nginx-node1 php-8.3.9]# cd [root@nginx-node1 ~]# cd /usr/local/php/etc/ [root@nginx-node1 etc]# ls php-fpm.conf.default  php-fpm.d [root@nginx-node1 etc]# cp -p php-fpm.conf.default php-fpm.conf
[root@nginx-node1 etc]# vim php-fpm.conf

[root@nginx-node1 etc]# ll /usr/local/php/var/run/ total 0 [root@nginx-node1 etc]# cd php-fpm.d/ [root@nginx-node1 php-fpm.d]# ls www.conf.default [root@nginx-node1 php-fpm.d]# cp www.conf.default www.conf -p
[root@nginx-node1 php-fpm.d]# vim www.conf

[root@nginx-node1 conf.d]# netstat -antlupe | grep php tcp        0      0 127.0.0.1:9000          0.0.0.0:*               LISTEN      0          387190     227378/php-fpm: mas

创建 php 配置文件。

[root@nginx-node1 php-fpm.d]# cd /root/php-8.3.9/ [root@nginx-node1 php-8.3.9]# ls appveyor             CONTRIBUTING.md     Makefile.objects     SECURITY.md benchmark            docs                modules              tests build                ext                 NEWS                 travis buildconf            EXTENSIONS          pear                 TSRM buildconf.bat        include             php.ini-development  UPGRADING CODING_STANDARDS.md  libs                php.ini-production   UPGRADING.INTERNALS config.log           libtool             README.md            win32 config.nice          LICENSE             README.REDIST.BINS   Zend config.status        main                run-tests.php configure            Makefile            sapi configure.ac         Makefile.fragments  scripts [root@nginx-node1 php-8.3.9]# cp php.ini-production /usr/local/php/etc/php.ini -p

改时区。

[root@nginx-node1 php-8.3.9]# cd /usr/local/php/etc/  [root@nginx-node1 etc]# timedatectl list-timezones | grep Asia/Shanghai Asia/Shanghai  [root@nginx-node1 etc]# vim php.ini 

启动脚本。

[root@nginx-node1 etc]# cd /root/php-8.3.9/ [root@nginx-node1 php-8.3.9]# ls appveyor             CONTRIBUTING.md     Makefile.objects     SECURITY.md benchmark            docs                modules              tests build                ext                 NEWS                 travis buildconf            EXTENSIONS          pear                 TSRM buildconf.bat        include             php.ini-development  UPGRADING CODING_STANDARDS.md  libs                php.ini-production   UPGRADING.INTERNALS config.log           libtool             README.md            win32 config.nice          LICENSE             README.REDIST.BINS   Zend config.status        main                run-tests.php configure            Makefile            sapi configure.ac         Makefile.fragments  scripts [root@nginx-node1 php-8.3.9]# cd sapi/ [root@nginx-node1 sapi]# ls apache2handler  cgi  cli  embed  fpm  fuzzer  litespeed  phpdbg [root@nginx-node1 sapi]# cd fpm/ [root@nginx-node1 fpm]# ls config.m4       init.d.php-fpm.in  php-fpm.8        php-fpm.service     tests CREDITS         LICENSE            php-fpm.8.in     php-fpm.service.in  www.conf fpm             Makefile.frag      php-fpm.conf     status.html         www.conf.in init.d.php-fpm  php-fpm            php-fpm.conf.in  status.html.in [root@nginx-node1 fpm]# cp php-fpm.service /lib/systemd/system/

加载配置后重启失败怎么解决。

[root@nginx-node1 fpm]# systemctl daemon-reload  [root@nginx-node1 fpm]# systemctl start php-fpm.service  Job for php-fpm.service failed because the control process exited with error code. See "systemctl status php-fpm.service" and "journalctl -xeu php-fpm.service" for details. [root@nginx-node1 fpm]# ll /usr/local/php/var/log/ -d drwxr-xr-x. 2 root root 6 Aug 19 13:28 /usr/local/php/var/log/ [root@nginx-node1 fpm]# vim /lib/systemd/system/php-fpm.service 

[root@nginx-node1 fpm]# systemctl daemon-reload  [root@nginx-node1 fpm]# systemctl start php-fpm.service

php 和 nginx 的整合

[root@nginx-node1 fpm]# cd [root@nginx-node1 ~]# mkdir -p /data/web/php [root@nginx-node1 ~]# php -bash: php: command not found [root@nginx-node1 ~]# cd /usr/local/php/ [root@nginx-node1 php]# ls bin  etc  include  lib  php  sbin  var [root@nginx-node1 php]# cd bin/ [root@nginx-node1 bin]# ls phar  phar.phar  php  php-cgi  php-config  phpdbg  phpize [root@nginx-node1 bin]# ./php -m [root@nginx-node1 bin]# pwd /usr/local/php/bin
[root@nginx-node1 bin]# vim ~/.bash_profile  # .bash_profile  # Get the aliases and functions if [ -f ~/.bashrc ]; then     . ~/.bashrc fi  # User specific environment and startup programs export PATH=$PATH:/usr/local/nginx/sbin:/usr/local/php/bin:/usr/local/php/sbin
[root@nginx-node1 bin]# source ~/.bash_profile  [root@nginx-node1 bin]# cd /data/web/php/ [root@nginx-node1 php]# ls [root@nginx-node1 php]# 
[root@nginx-node1 php]# vim index.php  <?php     phpinfo(); ?>
[root@nginx-node1 php]# cd /usr/local/ [root@nginx-node1 local]# ls bin  etc  games  include  lib  lib64  libexec  nginx  php  sbin  share  src [root@nginx-node1 local]# cd nginx/ [root@nginx-node1 nginx]# ls conf  html  logs  sbin [root@nginx-node1 nginx]# mkdir conf.d [root@nginx-node1 nginx]# cd conf.d/
[root@nginx-node1 conf.d]# vim /usr/local/nginx/conf/nginx.conf  include "/usr/local/nginx/conf.d/*.conf"

[root@nginx-node1 conf.d]# vim vhosts.conf  server {     listen 80;     server_name www.timinglee.org;     root /data/web/html;     index index.html;      location ~ \.php$ {         root /data/web/php;         fastcgi_pass 127.0.0.1:9000;         fastcgi_index index.php;         include fastcgi.conf;     } }
[root@nginx-node1 conf.d]# nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@nginx-node1 conf.d]# systemctl restart php-fpm.service  [root@nginx-node1 conf.d]# systemctl restart nginx.service  [root@nginx-node1 conf.d]# systemctl stop firewalld [root@nginx-node1 conf.d]# setenforce 0

浏览器访问。

php 缓存优化

复制浏览器链接做压力测试。

[root@nginx-node1 ~]# ab -n1000 -c10 http://www.timinglee.org/index.php  This is ApacheBench, Version 2.3 <$Revision: 1903618 $> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Licensed to The Apache Software Foundation, http://www.apache.org/  Benchmarking www.timinglee.org (be patient) Completed 100 requests Completed 200 requests Completed 300 requests Completed 400 requests Completed 500 requests Completed 600 requests Completed 700 requests Completed 800 requests Completed 900 requests Completed 1000 requests Finished 1000 requests   Server Software:        nginx/1.26.2 Server Hostname:        www.timinglee.org Server Port:            80  Document Path:          /index.php Document Length:        74973 bytes  Concurrency Level:      10 Time taken for tests:   0.378 seconds Complete requests:      1000 Failed requests:        110    (Connect: 0, Receive: 0, Length: 110, Exceptions: 0) Total transferred:      75134754 bytes HTML transferred:       74972754 bytes Requests per second:    2646.66 [#/sec] (mean) Time per request:       3.778 [ms] (mean) Time per request:       0.378 [ms] (mean, across all concurrent requests) Transfer rate:          194195.31 [Kbytes/sec] received  Connection Times (ms)               min  mean[+/-sd] median   max Connect:        0    0   0.0      0       0 Processing:     1    4   0.6      4       7 Waiting:        1    3   0.6      3       6 Total:          2    4   0.6      4       7  Percentage of the requests served within a certain time (ms)   50%      4   66%      4   75%      4   80%      4   90%      5   95%      5   98%      5   99%      6  100%      7 (longest request)

添加功能模块。

[root@nginx-node1 ~]# rz -E  [root@nginx-node1 ~]# ls anaconda-ks.cfg                nginx-1.24.0.tar.gz echo-nginx-module-0.63         nginx-1.26.2 echo-nginx-module-0.63.tar.gz  nginx-1.26.2.tar.gz leefile                        oniguruma-devel-6.9.6-1.el9.5.x86_64.rpm leefile.1                      php-8.3.9 memcache-8.2.tgz               php-8.3.9.tar.gz memc-nginx-module-0.20         srcache-nginx-module-0.33 memc-nginx-module-0.20.tar.gz  srcache-nginx-module-0.33.tar.gz nginx-1.24.0                   vmset.sh  [root@nginx-node1 ~]# tar zxf memcache-8.2.tgz  [root@nginx-node1 ~]# ls anaconda-ks.cfg                nginx-1.24.0.tar.gz echo-nginx-module-0.63         nginx-1.26.2 echo-nginx-module-0.63.tar.gz  nginx-1.26.2.tar.gz leefile                        oniguruma-devel-6.9.6-1.el9.5.x86_64.rpm leefile.1                      package.xml memcache-8.2                   php-8.3.9 memcache-8.2.tgz               php-8.3.9.tar.gz memc-nginx-module-0.20         srcache-nginx-module-0.33 memc-nginx-module-0.20.tar.gz  srcache-nginx-module-0.33.tar.gz nginx-1.24.0                   vmset.sh  [root@nginx-node1 ~]# cd memcache-8.2/  [root@nginx-node1 memcache-8.2]# ls config9.m4  config.w32  docker      example.php  memcache.php  src config.m4   CREDITS     Dockerfile  LICENSE      README        tests
[root@nginx-node1 memcache-8.2]# dnf install autoconf -y  [root@nginx-node1 memcache-8.2]# phpize  Configuring for: PHP Api Version:         20230831 Zend Module Api No:      20230831 Zend Extension Api No:   420230831 [root@nginx-node1 memcache-8.2]# ls autom4te.cache  config.m4     CREDITS      LICENSE        src build           configure     docker       memcache.php   tests config9.m4      configure.ac  Dockerfile   README config.h.in     config.w32    example.php  run-tests.php 
[root@nginx-node1 memcache-8.2]# ./configure && make && make install ----------------------------------------------------------------------  Build complete. Don't forget to run 'make test'.  Installing shared extensions:     /usr/local/php/lib/php/extensions/no-debug-non-zts-20230831/ [root@nginx-node1 memcache-8.2]# cd /usr/local/php/lib/php/extensions/no-debug-non-zts-20230831/ [root@nginx-node1 no-debug-non-zts-20230831]# ls memcache.so  opcache.so [root@nginx-node1 no-debug-non-zts-20230831]# systemctl restart php-fpm.service  [root@nginx-node1 no-debug-non-zts-20230831]# php -m | grep memcache

php -m 不出来是因为源码安装 php 的时候没有指定配置路径,此时可以选择把 /usr/local/php/etc/php.ini 移动到默认指定路径/lib 下或者重新源码安装 php 。

[root@nginx-node1 no-debug-non-zts-20230831]# cd /usr/local/php/ [root@nginx-node1 php]# ls bin  etc  include  lib  php  sbin  var [root@nginx-node1 php]# cd etc/ [root@nginx-node1 etc]# ls php-fpm.conf  php-fpm.conf.default  php-fpm.d  php.ini [root@nginx-node1 etc]# mv php.ini /usr/local/php/lib/  [root@nginx-node1 etc]# pwd /usr/local/php/etc [root@nginx-node1 etc]# cd /usr/local/php/lib/ [root@nginx-node1 lib]# ls php  php.ini

编辑配置文件使 memcache 模块生效。

[root@nginx-node1 lib]# vim php.ini 

[root@nginx-node1 lib]# systemctl restart php-fpm.service
[root@nginx-node1 ~]# dnf install memcached-1.6.9-7.el9.x86_64 -y  [root@nginx-node1 ~]# vim /etc/sysconfig/mamcached  PORT="11211" USER="memcached" MAXCONN="1024" CACHESIZE="64" OPTIONS="-l 127.0.0.1,::1"  [root@nginx-node1 ~]# systemctl start memcached.service  [root@nginx-node1 ~]# netstat -antlupe | grep mem tcp        0      0 127.0.0.1:11211         0.0.0.0:*               LISTEN      986        419866     238081/memcached     tcp6       0      0 ::1:11211               :::*                    LISTEN      986        419867     238081/memcached

重新解压。

[root@nginx-node1 ~]# rm -rf memcache-8.2 [root@nginx-node1 ~]# tar zxf memcache-8.2.tgz  [root@nginx-node1 ~]# ls anaconda-ks.cfg                nginx-1.24.0.tar.gz echo-nginx-module-0.63         nginx-1.26.2 echo-nginx-module-0.63.tar.gz  nginx-1.26.2.tar.gz leefile                        oniguruma-devel-6.9.6-1.el9.5.x86_64.rpm leefile.1                      package.xml memcache-8.2                   php-8.3.9 memcache-8.2.tgz               php-8.3.9.tar.gz memc-nginx-module-0.20         srcache-nginx-module-0.33 memc-nginx-module-0.20.tar.gz  srcache-nginx-module-0.33.tar.gz nginx-1.24.0                   vmset.sh [root@nginx-node1 ~]# cd memcache-8.2/ [root@nginx-node1 memcache-8.2]# ls config9.m4  config.w32  docker      example.php  memcache.php  src config.m4   CREDITS     Dockerfile  LICENSE      README        tests [root@nginx-node1 memcache-8.2]# ./configure && make && make install ----------------------------------------------------------------------  Build complete. Don't forget to run 'make test'.  Installing shared extensions:     /usr/local/php/lib/php/extensions/no-debug-non-zts-20230831/ [root@nginx-node1 memcache-8.2]# make test =====================================================================  You may have found a problem in PHP. This report can be saved and used to open an issue on the bug tracker at https://github.com/php/php-src/issues This gives us a better understanding of PHP's behavior. Do you want to save this report in a file? [Yn]: y Report saved to: /root/memcache-8.2/php_test_results_20240819_1959.txt make: *** [Makefile:136: test] Error 1 [root@nginx-node1 memcache-8.2]# cd /usr/local/php/lib/php/extensions/no-debug-non-zts-20230831/ [root@nginx-node1 no-debug-non-zts-20230831]# ls memcache.so  opcache.so [root@nginx-node1 no-debug-non-zts-20230831]# systemctl restart php-fpm.service  [root@nginx-node1 no-debug-non-zts-20230831]# php -m | grep memcache memcache

把测试文件放到默认发布目录里。

[root@nginx-node1 no-debug-non-zts-20230831]# cd [root@nginx-node1 ~]# cd memcache-8.2/ [root@nginx-node1 memcache-8.2]# ls autom4te.cache  configure.ac  Makefile.fragments build           config.w32    Makefile.objects config9.m4      CREDITS       memcache.la config.h        docker        memcache.php config.h.in     Dockerfile    modules config.log      example.php   php_test_results_20240819_1959.txt config.m4       include       README config.nice     libtool       run-tests.php config.status   LICENSE       src configure       Makefile      tests [root@nginx-node1 memcache-8.2]# cp example.php memcache.php /data/web/php/ [root@nginx-node1 memcache-8.2]# cd /data/web/php/ [root@nginx-node1 php]# ls example.php  index.php  memcache.php
[root@nginx-node1 php]# vim memcache.php

浏览器测试。

刷新这个页面,次数越多,memcache/php 命中率越高。

性能测试,比之前失败率低了很多。

[root@nginx-node1 ~]# ab -n100 -c10 http://www.timinglee.org/index.php This is ApacheBench, Version 2.3 <$Revision: 1903618 $> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Licensed to The Apache Software Foundation, http://www.apache.org/ ​ Benchmarking www.timinglee.org (be patient).....done ​ ​ Server Software:        nginx/1.26.2 Server Hostname:        www.timinglee.org Server Port:            80 ​ Document Path:          /index.php Document Length:        74888 bytes ​ Concurrency Level:      10 Time taken for tests:   0.035 seconds Complete requests:      100 Failed requests:        8    (Connect: 0, Receive: 0, Length: 8, Exceptions: 0) Total transferred:      7504990 bytes HTML transferred:       7488790 bytes Requests per second:    2884.92 [#/sec] (mean) Time per request:       3.466 [ms] (mean) Time per request:       0.347 [ms] (mean, across all concurrent requests) Transfer rate:          211438.47 [Kbytes/sec] received ​ Connection Times (ms)               min  mean[+/-sd] median   max Connect:        0    0   0.0      0       0 Processing:     1    3   0.4      3       4 Waiting:        1    3   0.4      3       4 Total:          1    3   0.4      3       4 ​ Percentage of the requests served within a certain time (ms)   50%      3   66%      3   75%      3   80%      3   90%      4   95%      4   98%      4   99%      4  100%      4 (longest request)

php 高速缓存

 

    广告一刻

    为您即时展示最新活动产品广告消息,让您随时掌握产品活动新动态!