1. LAMP LNMP安装优化
2. mysql多实例安装、
3. memcache安装使用
4. keepalived高可用
5. nagios搭建
企业真实场景面试题
1.请描述http协议原理
2.描述http://www.baidu.com请求及看到页面的过程?
用户访问网站流程
讯享网
①用户访问网站流程框架
②DNS解析原理
③tcp/ip三次握手
④http协议原理(www服务的请求过程)请求细节,报文细节
⑤大规模网站集群架构细节
⑥http协议原理
⑦tcp/ip四次挥手
dns:
递归:重复调用模块自身实现循环
迭代:是函数内某段代码实现循环
http协议:
超文本协议,
www服务
默认端口80
URL---网页地址
URI---网址 、邮箱地址
URL是URI的子集
静态网页
HTML格式的网页(可以包含图片、视频、JS、css)通常被称为“静态网页”
特点:开发者写什么,显示就是什么,一旦编写完成,就不会改变。
特征:①每个页面都有一个URL地址,一般以html形式为后缀,不含问好“?”“&”等特殊符号。
②没有数据库,网站制作和维护困难。
③解析快,性能效率高
动态网页资源
网页扩展名:asp aspx php jsp do cgi 等。
网页一般以数据技术为基础,大大降低了网站维护工作量
伪静态网页
作用:①让搜索引擎收录网站内容
②提升用户访问体验
③访问性能没有提升,并且转换伪静态会消耗资源,因此性能反而下降
网站流量度量术语*
1.IP
-----独立IP数是衡量一个网站标准
2.pv
----页面浏览,,是网站访问页面数量的一个指标
pv具体度量方法是从客户浏览器发出一个web服务器的请求,web服务器接到这个请求后,将请求对应的一个网页发送给浏览器,就产生一个pv。
3.uv
同一台客户端(pc或移动端)访问网站被计算为一个访客,一个只算一次。
Nginx
web服务软件
反向代理负载均衡
特点:
①可针对静态资源高速高并发访问缓存
②可使用反向代理加速,并且可进行数据缓存
③具有简单负载均衡、节点健康检查和容错功能
④支持远程FastCGI服务的缓存加速
⑤支持FastCGI、Uwsgi 、SCGI、Memcached加速和缓存
⑥支持SSL TLS SNI
⑦具有模块化的架构:过滤器包括gzip压缩、ranges支持、chunked响应、XSLT SSI及图像缩放功能
⑧支持异步网络IO事件模型
搭建Nginx
mkdir /application -p
mkdir -p /home/hao/tools
yum -y install openssl openssl-devel pcre-devel
useradd nginx -s /sbin/nologin -M
cd /home/hao/tools
http://nginx.org/en/download.html #下载安装包
tar -xf nginx-1.6.3.tar.gz
cd nginx-1.6.3
./configure --user=nginx --group=nginx --prefix=/application/nginx --with-http_stub_status_module --with-http_ssl_module
make && make install
/application/nginx/sbin/nginx -t #检查语法,
nginx: the configuration file /application/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx/conf/nginx.conf test is successful
/application/nginx/sbin/nginx #启动Nginx
测试:
ss -lntup|grep 80
lsof -i:80
wget 127.0.0.1
curl -I 127.0.0.1讯享网
nginx启动脚本
讯享网[root@www ~]# cat /etc/init.d/nginxd #!/bin/bash # chkconfig: 2345 40 85 # descirption: Start/Stop Nginx server Path=/application/nginx/sbin pid=/application/nginx/logs/nginx.pid RETVAL=0 . /etc/init.d/functions start(){ if [ ! -f $pid ];then $Path/nginx RETVAL=$? if [ $RETVAL -eq 0 ];then action "nginx is started" /bin/true return $RETVAL else action "nginx is started" /bin/flase return $RETVAL fi else echo "nginx is running" return 0 fi } stop(){ if [ -f $pid ];then $Path/nginx -s stop RETVAL=$? if [ $RETVAL -eq 0 ];then action "nginx is stopped" /bin/true else action "nginx is stopped" /bin/false return $RETVAL fi else echo "nginx is no running" return $RETVAL fi } case "$1" in start) start RETVAL=$? ;; stop) stop RETVAL=$? ;; restart) stop sleep 1 start RETVAL=$? ;; *) echo $"Usage: $0 {start|stop|restart}" exit 1 esac exit $RETVAL
基于域名访问配置:
egrep -v "#|^$" /application/nginx/conf/nginx.conf.default >/application/nginx/conf/nginx.conf
for i in www bbs blog;do mkdir -p /applocation/nginx/html/$i;echo "http://$i.xiaoxue.com" >/applocation/nginx/html/$i/index.html;cat /applocation/nginx/html/$i/index.html;done
[root@web02 nginx]# cat conf/nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name www.xiaoxue.com;
location / {
root html/www;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name bbs.xiaoxue.com;
location / {
root html/bbs;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name blog.xiaoxue.com;
location / {
root html/blog;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
/application/nginx/sbin/nginx -t #检查语法,
nginx: the configuration file /application/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx/conf/nginx.conf test is successful
/application/nginx/sbin/nginx -s reload #平滑重启重启Nginx后检测策略:
讯享网[root@web02 nginx]# cat conf/check_url.sh #!/bin/bash #author:lihao 2018/12/8 : #+++++function split++++++++ . /etc/init.d/functions function checkURL() { checkUrl=$1 echo 'check url start....' judge=($(curl -I -s --connect-timeout 2 ${checkUrl} |head -1|tr "\r" "\n")) if [[ "${judge[1]}" == '200' && "${judge[2]}" == 'OK' ]] then action "$checkUrl" /bin/true else action "$checkUrl" /bin/false echo -n "retrying again....";sleep 3; judgeagain=($(curl -I -s --connect-timeout 2 ${checkUrl} |head -1|tr "\r" "\n")) if [[ "${judgeagain[1]}" == '200' && "${judgeagain[2]}" == 'OK' ]] then action "$judgeagain,retried again" /bin/true else action "$judgeagain,retried again" /bin/false fi fi sleep 1; } #usage method checkURL http://www.xiaoxue.com
include模块
[root@web02 conf]# cat -n nginx.conf
1 worker_processes 1;
2 events {
3 worker_connections 1024;
4 }
5 http {
6 include mime.types;
7 default_type application/octet-stream;
8 sendfile on;
9 keepalive_timeout 65;
10 server {
11 listen 80;
12 server_name www.xiaoxue.com;
13 location / {
14 root html/www;
15 index index.html index.htm;
16 }
17 error_page 500 502 503 504 /50x.html;
18 location = /50x.html {
19 root html;
20 }
21 }
22
23 server {
24 listen 80;
25 server_name bbs.xiaoxue.com;
26 location / {
27 root html/bbs;
28 index index.html index.htm;
29 }
30 error_page 500 502 503 504 /50x.html;
31 location = /50x.html {
32 root html;
33 }
34 }
35 server {
36 listen 80;
37 server_name blog.xiaoxue.com;
38 location / {
39 root html/blog;
40 index index.html index.htm;
41 }
42 error_page 500 502 503 504 /50x.html;
43 location = /50x.html {
44 root html;
45 }
46 }
47 } 讯享网[root@web02 conf]# sed -n '10,21p' nginx.conf >extra/www.conf [root@web02 conf]# sed -n '23,34p' nginx.conf >extra/bbs.conf [root@web02 conf]# sed -n '35,46p' nginx.conf >extra/blog.conf [root@web02 conf]# sed -i '10,46d' nginx.conf [root@web02 conf]# cat -n nginx.conf 1 worker_processes 1; 2 events { 3 worker_connections 1024; 4 } 5 http { 6 include mime.types; 7 default_type application/octet-stream; 8 sendfile on; 9 keepalive_timeout 65; 10 } [root@web02 conf]# sed -e '10i include extra/www.conf;\ninclude extra/bbs.conf;\ninclude extra/blog.conf;' nginx.conf worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; include extra/www.conf; include extra/bbs.conf; include extra/blog.conf; } [root@web02 conf]# sed -i '10i include extra/www.conf;\ninclude extra/bbs.conf;\ninclude extra/blog.conf;' nginx.conf [root@web02 conf]# cat -n nginx.conf 1 worker_processes 1; 2 events { 3 worker_connections 1024; 4 } 5 http { 6 include mime.types; 7 default_type application/octet-stream; 8 sendfile on; 9 keepalive_timeout 65; 10 include extra/www.conf; 11 include extra/bbs.conf; 12 include extra/blog.conf; 13 }
[root@web02 conf]# /application/nginx/sbin/nginx -t
nginx: the configuration file /application/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx/conf/nginx.conf test is successful
[root@web02 conf]# /application/nginx/sbin/nginx -s reload
[root@web02 conf]# curl -I www.xiaoxue.com
HTTP/1.1 200 OK
Server: nginx/1.6.3
Date: Sat, 08 Dec 2018 08:54:16 GMT
Content-Type: text/html
Content-Length: 23
Last-Modified: Sat, 08 Dec 2018 06:36:37 GMT
Connection: keep-alive
ETag: "5c0b6675-17"
Accept-Ranges: bytes
[root@web02 conf]# curl -I bbs.xiaoxue.com
HTTP/1.1 200 OK
Server: nginx/1.6.3
Date: Sat, 08 Dec 2018 08:54:26 GMT
Content-Type: text/html
Content-Length: 23
Last-Modified: Sat, 08 Dec 2018 06:55:13 GMT
Connection: keep-alive
ETag: "5c0b6ad1-17"
Accept-Ranges: bytes
[root@web02 conf]# curl -I blog.xiaoxue.com
HTTP/1.1 200 OK
Server: nginx/1.6.3
Date: Sat, 08 Dec 2018 08:54:34 GMT
Content-Type: text/html
Content-Length: 24
st-Modified: Sat, 08 Dec 2018 06:55:41 GMT
Connection: keep-alive
ETag: "5c0b6aed-18"
Accept-Ranges: bytes
讯享网 创建多别名
[root@web02 conf]# curl blog.xiaoxue.com
http://blog.xiaoxue.com
[root@web02 conf]# vim extra/www.conf
1 server {
2 listen 80;
3 server_name www.xiaoxue.com xiaoxue.com;
4 location / {
5 root html/www;
6 index index.html index.htm;
7 }
8 error_page 500 502 503 504 /50x.html;
9 location = /50x.html {
10 root html;
1 }
12 }
"extra/www.conf" 12L, 310C 已写入
[root@web02 conf]# /application/nginx/sbin/nginx -t
nginx: the configuration file /application/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx/conf/nginx.conf test is successful
[root@web02 conf]# /application/nginx/sbin/nginx -s reload
[root@web02 conf]# curl xiaoxue.com
curl: (7) couldn't connect to host
[root@web02 conf]# vim /etc/hosts
1 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdom
ain4
2 ::1 localhost localhost.localdomain localhost6 localhost6.localdom
ain6
3 172.16.10.22 mba
4 172.16.10.10 backup
5 172.16.10.30 www.xiaoxue.com bbs.xiaoxue.com blog.xiaoxue.com xiaoxue.com
6 172.16.10.40 nfs
7
8
9
10
"/etc/hosts" 12L, 346C 已写入
[root@web02 conf]# ping xiaoxue.com
PING www.xiaoxue.com (172.16.10.30) 56(84) bytes of data.
64 bytes from www.xiaoxue.com (172.16.10.30): icmp_seq=1 ttl=64 time=0.067 ms
64 bytes from www.xiaoxue.com (172.16.10.30): icmp_seq=2 ttl=64 time=0.044 ms
^C
--- www.xiaoxue.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1928ms
rtt min/avg/max/mdev = 0.044/0.055/0.067/0.013 ms
[root@web02 conf]# curl xiaoxue.com
http://www.xiaoxue.com
nginx状态信息功能[root@bogon nginx]# cat conf/extra/status.conf
status
server {
listen 80;
server_name status.xiaoxue.com;
location / {
stub_status on;
access_log off;
allow 172.16.10.0/24; #允许那个网段访问
deny all; #拒绝所有
}
}
sed -i '13i include extra/status.conf;' conf/nginx.conf 插入
检查语法重启Nginx
日志
错误日志:/application/nginx/logs/error.log
[root@bogon logs]# cat ../conf/nginx.conf
worker_processes 1;
error_log logs/error.log;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'; #日志格式
sendfile on;
keepalive_timeout 65;
include extra/www.conf;
include extra/bbs.conf;
include extra/blog.conf;
include extra/status.conf;
}
access.log 测试
www.conf配置:
erver {
listen 80;
server_name www.xiaoxue.com xiaoxue.com;
location / {
root html/www;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
access_log logs/access_www.log main;
}
讯享网 日志切割脚本: 实现切割Nginx日志的思想为将正在写入的Nginx日志(access_www.log)改名为带日期的格式文件,然后平滑重启,生成新的日志文件(access_www.log), 再通过定时任务每天00点执行一次
[root@bogon scripts]# cat cut_nginx_log.sh
#!/bin/bash
Dateformat=date +%Y%m%d
Basedir="/application/nginx"
Nginxlogdir="$Basedir/logs"
Logname="accesswww"
[ -d $Nginxlogdir ] && cd $Nginxlogdir||exit 1
[ -f ${Logname}.log ] || exit 1
/bin/mv ${Logname}.log ${Dateformat}${Logname}.log ||exit 1
$Basedir/sbin/nginx -s reload
cat >>/vat/spool/cron/root <<EOF
#cut nginx access.log by hao
00 00 * /bin/sh /server/scripts/cut_nginx_log.sh >/dev/null 2>&1
EOF讯享网Nginx location [root@bogon extra]# cat www.conf server { listen 80; server_name www.xiaoxue.com xiaoxue.com; root html/www; location / { return 401; }
location = / {
return 402;
}
location /documents/ {
return 403;
}
location ^~ /images/ {
return 404;
}
location ~* \.(gif|jpg|jpeg)$ {
return 500;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
access_log logs/access_www.log main;}
[root@bogon extra]# /application/nginx/sbin/nginx -t
nginx: the configuration file /application/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx/conf/nginx.conf test is successful
[root@bogon extra]# /application/nginx/sbin/nginx
[root@bogon extra]# lsof -i:80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 1261 root 7u IPv4 9695 0t0 TCP :http (LISTEN)
nginx 1262 nginx 7u IPv4 9695 0t0 TCP :http (LISTEN)
[root@bogon extra]# curl -s -o /dev/null -I -w "%{http_code}\n" http://www.xiaoxue.com
402
[root@bogon extra]# curl -s -o /dev/null -I -w "%{http_code}\n" http://www.xiaoxue.com/
402
[root@bogon extra]# curl -s -o /dev/null -I -w "%{http_code}\n" http://www.xiaoxue.com/index.html
401
[root@bogon extra]# curl -s -o /dev/null -I -w "%{http_code}\n" http://www.xiaoxue.com/documents/document.html
403
[root@bogon extra]# curl -s -o /dev/null -I -w "%{http_code}\n" http://www.xiaoxue.com/images/1.gif
404
[root@bogon extra]# curl -s -o /dev/null -I -w "%{http_code}\n" http://www.xiaoxue.com/images/1.jpg
404
[root@bogon extra]# curl -s -o /dev/null -I -w "%{http_code}\n" http://www.xiaoxue.com/documents/1.jpg
500
[root@bogon extra]# curl -s -o /dev/null -I -w "%{http_code}\n" http://www.xiaoxue.com/hao
401
Nginx rewrite
讯享网[root@bogon extra]# cat www.conf
server {
listen 80;
server_name xiaoxue.com;
rewrite ^/(.*) http://www.xiaoxue.com/$1 permanent;
}
server {
listen 80;
server_name www.xiaoxue.com xiaoxue.com;
location / {
root html/www;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
access_log logs/access_www.log main;
}
不同域名URL跳转
[root@bogon extra]# cat blog.conf
server {
listen 80;
server_name blog.xiaoxue.com;
location / {
root html/blog;
index index.html index.htm;
}
if ($http_host ~* "^(.*)\.xiaoxue\.com$") {
set $domain $1;
rewrite ^/(.*) http://www.xiaoxue.com/$domain/lihao.html break;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
创建访问账号密码
讯享网[root@www extra]# cat www.conf
server {
listen 80;
server_name xiaoxue.com;
rewrite ^/(.*) http://www.xiaoxue.com/$1 permanent;
}
server {
listen 80;
server_name www.xiaoxue.com xiaoxue.com;
location / {
root html/www;
index index.html index.htm;
auth_basic "xiaoxue training";
auth_basic_user_file /application/nginx/conf/htpasswd;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
access_log logs/access_www.log main;
}
[root@www ~]# htpasswd -bc /application/nginx/conf/htpasswd xiaoxue 123
Adding password for user xiaoxue
[root@www ~]# chmod 400 /application/nginx/conf/htpasswd
[root@www ~]# chown nginx /application/nginx/conf/htpasswd
[root@www ~]# ll /application/nginx/conf/htpasswd
-r-------- 1 nginx root 22 12月 13 20:13 /application/nginx/conf/htpasswd
[root@www ~]# cat /application/nginx/conf/htpasswd
xiaoxue:a4P8TcgI1Jzyo #密码加密的
安装LAMP脚本
https://www.zybuluo.com/q/note/
select user,host from mysql.user;
drop user "root"@"::1";
drop user ""@"localhost";
drop user ""@"www";
drop user "root"@"localhost";
drop user ""@"MySQL";
delete from mysql.user where user=' ' and host='MySQL';
drop database test;
初始数据库简单优化
PHP搭建
FastCGI:是一个可伸缩地、高速地在HTTP服务器和动态脚本语言通信的接口(Linux下fastcgi即为socket)。优点:把动态语言和HTTP服务器分离开来。
重要特点:
①HTTP服务器和动态脚本语言间通信的接口或工具。
②可把动态语言解析和http服务器分离开。
③Nginx、Apache、Lighttpd,以及多数动态语言都支持FastCGI.
④FastCGI接口方式采用C/S结构
⑤PHP动态语言服务器端可以启动多个FastCGI的守护进程(例如php-fpm mangement)
⑥http服务器通过(例如Nginx fastcgi_pass)FastCGI客户端和动态语言FastCGI服务器端通信(例如php-fpm)
安装lib软件包
[root@www ~]# rpm -qa freetype-devel linpng-devel gd-devel libcurl-devel libxslt-devel [root@www ~]# rpm -qa zlib-devel libxm12-devel libjpeg-devel libjpeg-turbo-devel libiconv-devel 安装libiconv庫 wget http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.14.tar.gz tar -xf libiconv-1.14.tar.gz cd libiconv-1.14 ./configure --prefix=/usr/local/libiconv make && make install 安装libmcryt庫 wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo yum -y install libmcrypt-devel 安装mhash #加密扩展库 yum -y install mhash yum -y install mcrypt 安装PHP http://cn.php.net/downloads.php [root@www tools]# rz rz waiting to receive. zmodem trl+C ȡ 100% 16750 KB 16750 KB/s 00:00:01 0 Errors[root@www tools]# tar -xf php-5.5.20.tar.gz
[root@www tools]# cd php-5.5.20
[root@www php-5.5.20]#ln -s /application/mysql/lib/libmysqlclient.so.18 /usr/lib64/
[root@www php-5.5.20]#touch ext/phar/phar.phar
[root@www php-5.5.20]# ./configure --prefix=/application/php5.5.20 --with-mysql=/application/mysql --with-xmlrpc --with-openssl --with-zlib --with-freetype-dir --with-gd --with-jpeg-dir --with-png-dir --with-iconv=/usr/local/libiconv --enable-short-tags --enable-sockets --enable-zend-multibyte --enable-soap --enable-mbstring --enable-static --enable-gd-native-ttf --with-curl --with-xsl --enable-ftp --with-libxml-dir --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx
[root@www php-5.5.20]#make && make install
[root@www php-5.5.20]# ln -s /application/php5.5.20/ /application/php
[root@www php-5.5.20]# ls -l /application/php
lrwxrwxrwx 1 root root 23 12月 15 16:35 /application/php -> /application/php5.5.20/
[root@www php-5.5.20]# ls php.ini*
php.ini-development php.ini-production
[root@www php-5.5.20]# cp php.ini-production /application/php/lib/php.ini
[root@www php-5.5.20]# ll /application/php/lib/php.ini
-rw-r--r-- 1 root root 69266 12月 15 17:24 /application/php/lib/php.ini
[root@www php-5.5.20]# cd /application/php/etc/
[root@www etc]# ls
pear.conf php-fpm.conf.default
[root@www etc]# cp php-fpm.conf.default php-fpm.conf
[root@www etc]# /application/php/sbin/php-fpm
[root@www etc]# ps -ef|grep php-fpm
root 47187 1 0 17:25 ? 00:00:00 php-fpm: master process (/application/php5.5.20/etc/php-fpm.conf)
nobody 47188 47187 0 17:25 ? 00:00:00 php-fpm: pool www
nobody 47189 47187 0 17:25 ? 00:00:00 php-fpm: pool www
root 47193 1486 0 17:25 pts/0 00:00:00 grep php-fpm
[root@www etc]# lsof -i:9000
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
php-fpm 47187 root 7u IPv4 0t0 TCP localhost:cslistener (LISTEN)
php-fpm 47188 nobody 0u IPv4 0t0 TCP localhost:cslistener (LISTEN)
php-fpm 47189 nobody 0u IPv4 0t0 TCP localhost:cslistener (LISTEN)
[root@www conf]# cp nginx.conf nginx.conf.02
[root@www conf]# cat nginx.conf
worker_processes 1;
error_log logs/error.log;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
sendfile on;
keepalive_timeout 65;
include extra/www.conf;
include extra/bbs.conf;
include extra/blog.conf;
include extra/status.conf;
}
[root@www conf]# vim extra/blog.conf
server {
listen 80;
server_name blog.xiaoxue.com;
location / {
root html/blog;
index index.html index.htm;
}
location ~ .*.(php|php5)?$ {
root html/blog;
讯享网 fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
if ($http_host ~* "^(.*)\.xiaoxue\.com$") {
set $domain $1;
rewrite ^/(.*) http://www.xiaoxue.com/$domain/lihao.html break;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
"extra/blog.conf" 23L, 574C 已写入
[root@www conf]# /application/nginx/sbin/nginx -t
nginx: [warn] conflicting server name "xiaoxue.com" on 0.0.0.0:80, ignored
nginx: the configuration file /application/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx/conf/nginx.conf test is successful
[root@www conf]# /application/nginx/sbin/nginx -s reload
nginx: [warn] conflicting server name "xiaoxue.com" on 0.0.0.0:80, ignored
[root@www conf]# cd /application/nginx/html/blog/
[root@www blog]# ls
index.html
[root@www blog]# echo "<?php phpinfo(); ?>" >test_info.php
[root@www blog]# cat test_info.php
<?php phpinfo(); ?>
http://blog.xiaoxue.com/test_info.php #浏览器访问测试
创建一个WordPress
mysql> create database wordpress;
Query OK, 1 row affected (0.00 sec)
mysql> show databases like 'wordpress';
+----------------------+
| Database (wordpress) |
+----------------------+
| wordpress |
+----------------------+
1 row in set (0.00 sec)
mysql>grant all on wordpress.* to wordpress@'localhost' identified by '123456';
mysql> show grants for wordpress@'localhost';
+------------------------------------------------------------------------------------------------------------------+
| Grants for wordpress@localhost |
+------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'wordpress'@'localhost' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' |
| GRANT ALL PRIVILEGES ON `wordpress`.* TO 'wordpress'@'localhost' |
+------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
mysql> select user,host from mysql.user
-> ;
+-----------+-----------+
| user | host |
+-----------+-----------+
| root | 127.0.0.1 |
| root | localhost |
| wordpress | localhost |
+-----------+-----------+
3 rows in set (0.01 sec)
mysql> quit
Bye
下载WordPress地址:www.wordpress.org
[root@www blog]# pwd
/application/nginx/html/blog
[root@www blog]#tar xf wordpress-4. #解压
[root@www blog]#mv wordpress/* .
[root@www blog]#chown -R nginx.nginx ../blog/
打开浏览器输入blog.xiaoxue.com ,回车(提前做好host或DNS解析)
[root@www blog]# cat /application/nginx/conf/extra/blog.conf
server {
listen 80;
server_name blog.xiaoxue.com;
location / {
root html/blog;
index index.php index.html index.htm;
location / {
if (-f $request_filename/index.html){
rewrite (.*) $1/index.html break;
}
if (-f $request_filename/index.php){
rewrite (.*) $1/index.php;
}
if (!-f $request_filename){
rewrite (.*) /index.php;
}
}
}
location ~ .*\.(php|php5)?$ {
root html/blog;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}if ($http_host ~ "^(.).xiaoxue.com$") {
set $domain $1;
rewrite ^/(.*) http://www.xiaoxue.com/$domain/lihao.html break;
}
讯享网 error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
[root@www blog]# /application/nginx/sbin/nginx -t
nginx: [warn] conflicting server name "xiaoxue.com" on 0.0.0.0:80, ignored
nginx: the configuration file /application/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx/conf/nginx.conf test is successful
[root@www blog]# /application/nginx/sbin/nginx -s reload
nginx: [warn] conflicting server name "xiaoxue.com" on 0.0.0.0:80, ignored
PHP缓存优化 在LNMP启动独立的FCGI即php-fpm进程 流程: [root@www ~]# echo 'export LC_ALL=C'>>/etc/profile #配置变量
[root@www ~]# tail -1 /etc/profile
export LC_ALL=C
[root@www ~]# source /etc/profile
下载xcache软件
http://xcache.lighttpd.net/wiki/Release-3.2.0 #下载xcache软件
tar -xf xcache-3.2.0.tar.bz2
cd xcache-3.2.0
/application/php/bin/phpize
./configure --enable-xcache --with-php-config=/application/php/bin/php-config
make && make install && echo $?
[root@www xcache-3.2.0]# ls -l /application/php5.5.20/lib/php/extensions/no-debug-non-zts-/
total 2208
-rwxr-xr-x 1 root root Dec 15 17:20 opcache.a
-rwxr-xr-x 1 root root Dec 15 17:20 opcache.so
-rwxr-xr-x 1 root root Dec 16 15:33 xcache.so
ZendOpcache下载地址
http://pecl.php.net/package/ZendOpcache ZendOpcache下载地址
wget -q http://pecl.php.net/get/zendopcache-7.0.5.tgz
[root@www tools]# tar -xf zendopcache-7.0.5.tgz
[root@www tools]# cd zendopcache-7.0.5
[root@www zendopcache-7.0.5]# /application/php/bin/phpize
Configuring for:
PHP Api Version:
Zend Module Api No:
Zend Extension Api No:
[root@www zendopcache-7.0.5]# ./configure --enable-opcache --with-php-config=/application/php/bin/php-config
Memcached 安装
http://pecl.php.net/package/memcache 下载地址
[root@www tools]# wget -q http://pecl.php.net/get/memcache-2.2.7.tgz
[root@www tools]# tar -xf memcache-2.2.7.tgz
[root@www tools]# cd memcache-2.2.7
[root@www memcache-2.2.7]# /application/php/bin/phpize
Configuring for:
PHP Api Version:
Zend Module Api No:
Zend Extension Api No:
[root@www memcache-2.2.7]# ./configure --enable-mencache --with-php-config=/application/php/bin/php-config
make && make install && echo $?
[root@www tools]# ls -l /application/php5.5.20/lib/php/extensions/no-debug-non-zts-/
total 2468
-rwxr-xr-x 1 root root Dec 16 16:16 memcache.so
-rwxr-xr-x 1 root root Dec 15 17:20 opcache.a
-rwxr-xr-x 1 root root Dec 16 16:07 opcache.so
-rwxr-xr-x 1 root root Dec 16 15:33 xcache.so
安装PDO_MYSQL扩展插件
[root@www tools]# wget -q http://pecl.php.net/get/PDO_MYSQL-1.0.2.tgz
[root@www tools]# tar -xf PDO_MYSQL-1.0.2.tgz
[root@www tools]# cd PDO_MYSQL-1.0.2
[root@www PDO_MYSQL-1.0.2]# /application/php/bin/phpize
Configuring for:
PHP Api Version:
Zend Module Api No:
Zend Extension Api No:
[root@www PDO_MYSQL-1.0.2]# ./configure --with-php-config=/application/php/bin/php-config --with-pdo-mysql=/application/mysql
make
make install
[root@www PDO_MYSQL-1.0.2]# ls -l /application/php5.5.20/lib/php/extensions/no-debug-non-zts-/
total 2624
-rwxr-xr-x 1 root root Dec 16 16:16 memcache.so
-rwxr-xr-x 1 root root Dec 15 17:20 opcache.a
-rwxr-xr-x 1 root root Dec 16 16:07 opcache.so
-rwxr-xr-x 1 root root Dec 16 16:44 pdo_mysql.so
-rwxr-xr-x 1 root root Dec 16 15:33 xcache.so
make 报错
In file included from /home/hao/tools/PDO_MYSQL-1.0.2/pdo_mysql.c:31:
/home/hao/tools/PDO_MYSQL-1.0.2/php_pdo_mysql_int.h:25:19: error: mysql.h: No such file or directory
In file included from /home/hao/tools/PDO_MYSQL-1.0.2/pdo_mysql.c:31:
/home/hao/tools/PDO_MYSQL-1.0.2/php_pdo_mysql_int.h:36: error: expected specifier-qualifier-list before 'MYSQL'
/home/hao/tools/PDO_MYSQL-1.0.2/php_pdo_mysql_int.h:48: error: expected specifier-qualifier-list before 'MYSQL_FIELD'
/home/hao/tools/PDO_MYSQL-1.0.2/php_pdo_mysql_int.h:53: error: expected specifier-qualifier-list before 'MYSQL_RES'
make: [pdo_mysql.lo] Error 1
解决方法:
[root@www PDO_MYSQL-1.0.2]# ln -s /application/mysql-5.5.32/include/ /usr/local/include/
下载imagemagick :
https://www.imagemagick.org/download/releases/?C=M;O=A
tar 解压
make
make install
下载imagick
http://pecl.php.net/package/imagick
PHP5.5版本要3.12版本额
上传,解压(套路同上)
[root@www imagick-3.1.2]# /application/php/bin/phpize
[root@www imagick-3.1.2]# ./configure --with-php-config=/application/php/bin/php-config
make
make install
[root@www imagick-3.1.2]# ll /application/php/lib/php/extensions/no-debug-non-zts-/
total 3696
-rwxr-xr-x 1 root root Dec 16 17:39 imagick.so
-rwxr-xr-x 1 root root Dec 16 16:16 memcache.so
-rwxr-xr-x 1 root root Dec 15 17:20 opcache.a
-rwxr-xr-x 1 root root Dec 16 16:07 opcache.so
-rwxr-xr-x 1 root root Dec 16 16:44 pdo_mysql.so
-rwxr-xr-x 1 root root Dec 16 15:33 xcache.so
- with-config-file-path = / application / php5.5.20 / etc''
需要将lib/php.ini复制一份到 / application / php5.5.20/etc/php.ini
cat >>/application/php/lib/php.ini<<EOF
extension = memcache.so
extension = pdo_mysql.so
extension = imagick.so
EOF
检查是否存在:
[root@bogon ~]# tail -5 /application/php/lib/php.ini
; tab-width: 4
; End:
extension = memcache.so
extension = pdo_mysql.so
extension = imagick.so
[root@bogon ~]# sed -i 's#; extension_dir = "./"#extension_dir = "/application/php5.5.20/lib/php/extensions/no-debug-non-zts-/"#g' /application/php/lib/php.ini
[root@bogon ~]# grep extension_dir /application/php/lib/php.ini
extension_dir = "/application/php5.5.20/lib/php/extensions/no-debug-non-zts-/
; extension_dir = "ext"
; Be sure to appropriately set the extension_dir directive.
;sqlite3.extension_dir =
xcache加速
修改:
[xcache-common]vim /home/hao/tools/xcache-3.2.0/xcache.ini
xcache.size = 256M
xcache.count = 2
xcache.ttl = 86400
xcache.gc_interval = 3600
xcache.var_size = 64M
cat /home/hao/tools/xcache-3.2.0/xcache.ini >>/application/php/lib/php.ini
extension = xcache.so
[xcache.admin]
xcache.admin.enable_auth = On
xcache.admin.user = "mOo"
xcache.admin.pass = "md5 encrypted password"
[xcache]
xcache.shm_scheme = "mmap"
xcache.size = 256M
xcache.count = 2
xcache.slots = 8K
xcache.ttl = 86400
xcache.gc_interval = 3600
xcache.var_size = 64M
xcache.var_count = 1
xcache.var_slots = 8K
xcache.var_ttl = 0
xcache.var_maxttl = 0
[root@bogon lib]# echo -n ""|md5sum
e10adc3949ba59abbe56e057f20f883e -
修改php.ini文件
1953 xcache.admin.user = "lihao"
1954 xcache.admin.pass = "e10adc3949ba59abbe56e057f20f883e"
ngnix 优化
隐藏版本号:
在Nginx.cof文件中的http标签段内加入“server_tokens off;”
[root@www conf]# /application/nginx/sbin/nginx -t
nginx: [warn] conflicting server name "xiaoxue.com" on 0.0.0.0:80, ignored
nginx: the configuration file /application/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx/conf/nginx.conf test is successful
[root@www conf]# /application/nginx/sbin/nginx -s reload
nginx: [warn] conflicting server name "xiaoxue.com" on 0.0.0.0:80, ignored
[root@www conf]# curl -I www.xiaoxue.com
HTTP/1.1 401 Unauthorized
Server: nginx
Date: Sat, 22 Dec 2018 08:09:58 GMT
Content-Type: text/html
Content-Length: 188
Connection: keep-alive
WWW-Authenticate: Basic realm="xiaoxue training
修改第二个文件nginx-1.6.3/src/http/ngx_http_header_filter_module.c
grep -n 'Server: nginx' ngx_http_header_filter_module.c
49行 Server: nginx改成Server: OWS
[root@www http]# sed -i 's#Server: nginx#Server: OWS#g' ngx_http_header_filter_module.c
[root@www http]# pwd
/home/hao/tools/nginx-1.6.3/src/http
修改第三个文件:
/nginx-1.6.3/src/http/ngx_http_special_response.c
static u_char ngx_http_error_full_tail[] =
22 "<hr><center>" NGINX_VER " (http:oldboy.blog.51cto.com) </center>" CRLF
23 "</body>" CRLF
24 "</html>" CRLF
25 ;
28 static u_char ngx_http_error_tail[] =
29 "<hr><center>OWS</center>" CRLF
修改完成后重新编译Nginx
搭建服务器时,worker进程数=CPU的核数,高并发时,可以worker进程提高CPU核数*2
[root@bogon ~]# grep processor /proc/cpuinfo |wc -l
1 #表示1颗CPU1核
[root@bogon ~]# grep 'physical id' /proc/cpuinfo |sort|uniq -c|wc -l
0 #对physical id去重计数
[root@bogon ~]# grep worker_processes /application/nginx/conf/nginx.conf
worker_processes 4; #可修改
[root@bogon ~]# ps -ef |grep nginx |grep -v grep
root 1407 1 0 21:46 ? 00:00:00 nginx: master process /application/nginx/sbin/nginx
nginx 1409 1407 0 21:46 ? 00:00:00 nginx: worker process
nginx 1410 1407 0 21:46 ? 00:00:00 nginx: worker process
nginx 1411 1407 0 21:46 ? 00:00:00 nginx: worker process
nginx 1412 1407 0 21:46 ? 00:00:00 nginx: worker process
Nginx事件处理模型优化
Nginx使用epoll的I/O多路复用模型
events{
use epoll;
worker_connections 20000; #调整单个进程允许的客户端最大连接数
client_header_buffer_size 4k;
open_file_cache max=2000 inactive=60s;
open_file_cache_valid 60s;
open_file_cache_min_uses 1;
worker_rlimit_nofile 65535; #最大打开文件数
}
server模块:
fastcgi_cache ngx_fcgi_cache;
fastcgi_cache_valid 200 302 1h;
fastcgi_cache_valid 301 1d;
fastcgi_cache_valid any 1m;
fastcgi_cache_min_users 1;
fastcgi_cache_use_stale error timeout invalid_header http_500;
fastcgi_cache_key http://$host$request_uri;
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
server_tokens off;
sendfile on;
tcp_nodelay on;
client_header_timenout 15;
client_body_timenout 15;
send_timeout 15;
client_max_body_size 8m;
tcp_nopush on;
keepalive_timeout 65;
fastcgi_connect_timeout 240;
fastcgi_send_timeout 240;
fastcgi_read_timeout 240;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
#fastcgi_temp_path /data/ngx_fcgi_tmp;
fastcgi_cache_path /data/ngx_fcgi_cache levels=2:2 keys_zone=ngx_fcgi_cache:512m inactive=1d max_size=40g;
}
讯享网nginx gzip功能: ①提升网站用户体验 ②节约网站带宽成本 ③被压缩的纯文本必须大于1KB,图片、视频(流媒体)等文件尽量不要压缩 Apache服务的mod_defalte Nginx服务的ngx_http_gzip_module gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.1; gzip_comp_level 2; gzip_types text/xml text/css application/javascript; gzip_vary on;
[root@bogon scripts]# cat cut_nginx_log.sh #!/bin/bash Dateformat=`date +%Y%m%d` Basedir="/application/nginx" Nginxlogdir="$Basedir/logs" Logname="access_www" [ -d $Nginxlogdir ] && cd $Nginxlogdir||exit 1 [ -f ${Logname}.log ] || exit 1 /bin/mv ${Logname}.log ${Dateformat}_${Logname}.log ||exit 1 $Basedir/sbin/nginx -s reload然后加入定时任务,每天0点执行。
cat >>/var/spool/cron/root<<EOF
#cut nginx access.log by hao
00 00 * /bin/sh /server/scripts/cut_nginx_log.sh >/dev/null 2>&1
EOF
不记录不需要的访问日志:
讯享网location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 10y;
root html/www;
access_log off;
}
设置logs权限
chown -R root.root /application/nginx/logs/
chmod -R 700 /application/nginx/logs/
利用Nginx配置禁止访问上传资源目录下的PHP SHEEL PERL PYTHON程序文件,这样用户即使上传了*文件也无法执行,从而加强了网站的安全
location ~ ^/images/.*\.(php|php5|sh|pl|py)$
{
deny all;
}
限制网站来源IP访问
例:禁止某目录让外界访问,但允许某IP访问该目录,且支持PHP解析
location ~ ^/hao/ {
allow 202.111.12.211;
deny all;
}
方法2:
location / {
root html/www;
index index.html index.htm;
allow 172.16.10.30;
deny all;
auth_basic "xiaoxue training";
auth_basic_user_file /application/nginx/conf/htpasswd;
}
发现某域名恶意解析到公司的服务器IP,添加一下代码,若多个server则要多处添加
(header信息的host主机名字段非www.xiaoxue.com,就301跳转到www.xiaoxue.com)
server {
listen 80;
server_name xiaoxue.com;
讯享网 if ($host !~ ^www/.xiaoxue/.com$){ rewrite ^/(.*) http://www.xiaoxue.com/$1 permanent; } }
网站资源被盗链:
1.对IDC及cdn带宽做监控报警
2.每天上班重要任务,就是经常查看网站流量图,关注流量变化,关注异常流量。
3.对访问日志做分析,迅速丁文异常流量,并且和公司市场推广等保持较好的沟通,以便调度带宽和服务器资源,确保网站正常的访问体验。
利用referer针对扩展名rewrite,实现防盗链的Nginx配置nginx.conf
location ~* \.(gif|jpg|jpeg|png|bmp|swf|mp3|zip|rar|wmv)$ { valid_referers none blocked *.xiaoxue.com xiaoxue.com; if ($invalid_referer) { rewrite ^/ http://www.xiaoxue.com/img/nolink.jpg; } } nginx 站点目录文件和目录权限优化
防爬虫:
Block download agents
阻止下载协议代理
if ($http_user_agent ~ LWP::Simple|BBBike|wget) {
return 403;
}
测试禁止不同的浏览器软件访问
if ($http_user_agent ~ "Firefox|MSIE") {
rewrite ^(.*) http://blog.xiaoxue.com/$1 permanent;
}
Nginx反向代理和负载均衡
为啥要集群?
1.高性能
2.价格有效性
3.可伸缩性
4.高可用性
5.透明性
6.可管理性
7.可编程
作用:
172.16.10.10---负载均衡器1
40---负载均衡器2
20--web01
30---web02
搭建Nginx
web1,2配置nginx.conf文件
讯享网[root@www conf]# cat nginx.conf
worker_processes 1;
error_log logs/error.log;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name bbs.xiaoxue.org;
location / {
root html/bbs;
index index.html index.htm;
}
access_log logs/access_bbs.log main;
}
server {
listen 80;
server_name www.xiaoxue.org;
location / {
root html/www;
index index.html index.htm;
}
access_log logs/access_www.log main;
}
}
[root@www conf]# mkdir /application/nginx/html/{www,bbs}
[root@www conf]#for dir in www bbs;do echo "`ifconfig eth1|grep -o "172.16.10.[2030]."` $dir" >/application/nginx/html/$dir/index.html;done
[root@www conf]# for dir in www bbs;do cat /application/nginx/html/$dir/index.html;done
172.16.10.30 www #20的 IP这里就是20了
172.16.10.30 bbs
负载均衡器nginx.conf配置
[root@nfs conf]# cat nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream www_server_pools {
server 172.16.10.20:80 weight=1;
server 172.16.10.30:80 weight=1;
} server { listen 80; server_name www.xiaoxue.org; location / { proxy_pass http://www_server_pools;proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
}
[root@nfs conf]# /application/nginx/sbin/nginx -t
nginx: the configuration file /application/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx/conf/nginx.conf test is successful
[root@nfs conf]# /application/nginx/sbin/nginx -s reload
[root@nfs conf]# echo "172.16.10.40 www.xiaoxue.org" >>/etc/hosts
[root@nfs conf]# tail -1 /etc/hosts
172.16.10.40 www.xiaoxue.org
[root@nfs conf]# curl www.xiaoxue.org
172.16.10.20 bbs
[root@nfs conf]# curl www.xiaoxue.org
172.16.10.30 bbs
[root@nfs conf]# curl www.xiaoxue.org
172.16.10.20 bbs
[root@nfs conf]# curl www.xiaoxue.org
172.16.10.30 bbs
upstream调度算法:
rr--轮询(静态调度算法)
wrr--权重轮询(静态调度算法)--weight
ip_hash--(静态调度算法)
fair--动态调度算法-----响应时间短优先分配
lease-conn---那个分发少就分配给谁
url-hash--根据请求URL分配
一致性hash--一般用于代理后端业务(squid,memcache),根据URI分配
根据URL的目录中来实现代理转发,实现动静分离
讯享网 [root@www nginx]# cat conf/nginx.conf worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; upstream static_pools { server 172.16.10.20:80 weight=1; } upstream upload_pools { server 172.16.10.30:80 weight=1; } upstream default_pools { server 172.16.10.50:80 weight=1; } server { listen 80; server_name www.xiaoxue.org; location /static/ { proxy_pass http://static_pools; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; } location /upload { proxy_pass http://upload_pools; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; } location / { proxy_pass http://default_pools; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; } } }
web01配置测试
[root@www ~]# cd /application/nginx/html/www/
[root@www www]# mkdir static
[root@www www]# echo static_pools >static/index.html
[root@www www]# curl www.xiaoxue.org/static/index.html
static_pools
web02 配置
root@www ~]# cd /application/nginx/html/www/
[root@www www]# mkdir upload
[root@www www]# echo upload_pools >upload/index.html
[root@www www]# curl www.xiaoxue.org/upload/index.html
upload_pools
web03 配置
[root@www ~]# cd /application/nginx/html/www/
[root@www www]# echo default_pools >index.html
[root@localhost www]# curl www.xiaoxue.org
default_pools
根据客户端设备(user-agent)来转发
[root@www conf]# cat nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream static_pools {
server 172.16.10.20:80 weight=1;
} upstream upload_pools { server 172.16.10.30:80 weight=1; } upstream default_pools { server 172.16.10.50:80 weight=1; } server { listen 80; server_name www.xiaoxue.org; location / { if ($http_user_agent ~* "Edge"){
proxy_pass http://static_pools;
}
讯享网 if ($http_user_agent ~* "Chrome") { proxy_pass http://upload_pools; } proxy_pass http://default_pools; } include proxy.conf; }
}
根据文件扩展名实现代理转发
应用场景:如图片、视频访问静态地址池,PHP,JSP访问动态地址池
Nginx upstream_check_module模板 wget https://codeload.github.com/yaoweibin/nginx_upstream_check_module/zip/master unzip master #unzip没有需要安装 patch -p1 < ../nginx_upstream_check_module-master/check_1.5.12+.patch #patch 没有需要安装 ./configure --user=nginx --group=nginx --prefix=/application/nginx --with-http_stub_status_module --with-http_ssl_module --add-module=../nginx_upstream_check_module-master/ make mv /application/nginx/sbin/nginx{,.bak} [root@www nginx-1.6.3]# cp ./objs/nginx /application/nginx/sbin/ /application/nginx/sbin/nginx -t #检查启动程序 #cat nginx.conf worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; upstream static_pools { server 172.16.10.20:80 weight=1; check interval=3000 rise=2 fall=5 timeout=1000 type=http; } upstream upload_pools { server 172.16.10.30:80 weight=1; } upstream default_pools { server 172.16.10.50:80 weight=1; } server { listen 80; server_name www.xiaoxue.org; location / { if ($http_user_agent ~* "Edge") { proxy_pass http://static_pools; } if ($http_user_agent ~* "Chrome") { proxy_pass http://upload_pools; } proxy_pass http://default_pools; } include proxy.conf; location /status { check_status; } #location /upload { # proxy_pass http://upload_pools; # proxy_set_header Host $host; # proxy_set_header X-Forwarded-For $remote_addr; # } # location / { # proxy_pass http://default_pools; # proxy_set_header Host $host; # proxy_set_header X-Forwarded-For $remote_addr; # } } } keepalived高可用
VRRP---虚拟路由冗余协议,为了解决静态路由的单点故障问题,通过竞选机制来将路由的任务交给某台vrrp路由器
讯享网主节点配置: yum -y install keepalived [root@www ~]# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { @.com } notification_email_from smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id lb01 } vrrp_instance VI_1 { state MASTER interface eth1 virtual_router_id 10 priority 150 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.16.10.100/24 dev eth1 label eth1:1 } } [root@www~]#ip add|grep 172.16.10.100 inet 172.16.10.100/24 scope global eth1:1 备节点配置: [root@www ~]# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { @.com } notification_email_from smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id lb02 } vrrp_instance VI_1 { state BACKUP interface eth1 virtual_router_id 10 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.16.10.100/24 dev eth1 label eth1:1 } } [root@nfs ~]# ip add |grep 172.16.10.100 是没有内容的,如果有,那就恭喜你出现脑裂了。 可能情况:①是否防火墙阻挡,网络是否同 ②keepalived.conf配置错误,例如:virtual_router_id 这个和主要一样额 检测: [root@www ~]# /etc/init.d/keepalived stop Stopping keepalived: [ OK ] [root@www ~]# ip add|grep 172.16.10.100 [root@www ~]# /etc/init.d/keepalived start Starting keepalived: [ OK ] [root@www ~]# ip add|grep 172.16.10.100 inet 172.16.10.100/24 scope global eth1:1 脑裂---两台主机抢占资源,造成数据不统一 脑裂解决方案: ①如果开启防火墙,一定要心跳消息通过,一般通过允许IP段的形式解决。 ②可以拉一条以太网网线或者串口线作为主备节点心跳线路的冗余。 ③开发监控程序通过监控软件检测脑裂。 双实例双主模式: 172.16.10.101为主,172.16.10.100为备
global_defs {
notification_email {
br/>@.com
}
notification_email_from
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface eth1
virtual_router_id 10
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.10.100/24 dev eth1 label eth1:1
}
}
vrrp_instance VI_2 {
state MASTER
interface eth1
virtual_router_id 40
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.10.101/24 dev eth1 label eth1:1
}
}
172.16.10.100为主,172.16.10.101为备
global_defs {
notification_email {
br/>@.com
}
notification_email_from
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id lb01
}
vrrp_instance VI_1 {
state MASTER
interface eth1
virtual_router_id 10
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.10.100/24 dev eth1 label eth1:1
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth1
virtual_router_id 40
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.10.101/24 dev eth1 label eth1:1
}
}
讯享网 Nginx+keepalived 两台Nginx负载均衡器统一配置 [root@www ~]# vim /application/nginx/conf/nginx.conf 只是换个server ip换成VIP地址 worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; # upstream static_pools { # server 172.16.10.20:80 weight=1; # check interval=3000 rise=2 fall=5 timeout=1000 type=http; # } # upstream upload_pools { # server 172.16.10.30:80 weight=1; # } upstream default_pools { server 172.16.10.50:80 weight=1; server 172.16.10.20:80 weight=1; server 172.16.10.30:80 weight=1; } server { listen 172.16.10.100:80; server_name www.xiaoxue.org; location / { proxy_pass http://default_pools; } include proxy.conf; location /status { check_status; } #location /upload { # proxy_pass http://upload_pools; # proxy_set_header Host $host; # proxy_set_header X-Forwarded-For $remote_addr; # } # location / { # proxy_pass http://default_pools; # proxy_set_header Host $host; # proxy_set_header X-Forwarded-For $remote_addr; # } } } keepalived配置同上keepalived高可用
[root@nfs ~]# /application/nginx/sbin/nginx
nginx: [emerg] bind() to 172.16.10.100:80 failed (99: Cannot assign requested address) #报错
[root@nfs ~]#echo 'net.ipv4.ip_nonlocal_bind = 1' >> /etc/sysctl.conf
[root@nfs ~]# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key
error: "net.bridge.bridge-nf-call-iptables" is an unknown key
error: "net.bridge.bridge-nf-call-arptables" is an unknown key
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax =
kernel.shmall =
net.ipv4.ip_nonlocal_bind = 1
解决高可用服务只针对物理服务器的问题
[root@bogon ~]# cat /home/hao/scripts/check.nginx.shbr/>#!/bin/bash
#++++++++++++++++++++++++++
#author=lihao
#=
#Email=@163.com
#++++++++++++++++++++++++++
CONMAND=ss -lntup|grep 80|wc -l
while true
do
if [ $CONMAND -eq 0 ];then
/etc/init.d/keepalived stop
fi
sleep 5
done
Nginx和keepalived都运行的时候再运行脚本
[root@bogon ~]# chmod +x /home/hao/scripts/check.nginx.sh
[root@bogon ~]# sh /home/hao/scripts/check.nginx.sh &
[1] 1101
[root@bogon ~]# ps -ef|grep check|grep -v grep
ot 1101 1056 0 21:19 pts/0 00:00:00 sh /home/hao/scripts/check.nginx.sh
解决多组keepalived组在同一局域网冲突问题
vim/etc/keepalived/keepalived.conf
global_defs {
router_id LVS_19
vrrp_mcast_group4 224.0.0.19
}
配置指定文件接收keepalived日志
[root@bogon ~]# sed -i 's#KEEPALIVED_OPTIONS="-D"#KEEPALIVED_OPTIONS="-D -d -S 0"#g' /etc/sysconfig/keepalived
vim /etc/rsyslog.conf #编辑这个文件
42行 .info;mail.none;authpriv.none;cron.none;local0.none /var/log
/messages
最后一行添加:
#keepalived
local0. /var/log/keepalived.log
[root@bogon ~]# /etc/init.d/rsyslog restart
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
[root@bogon ~]# /etc/init.d/keepalived restart
Stopping keepalived: [ OK ]
Starting keepalived: [ OK ]
[root@bogon ~]# tail /var/log/keepalived.log
Feb 5 22:23:35 bogon Keepalived_vrrp[1780]: Netlink reflector reports IP fe80::20c:29ff:fecf:7b7 added
Feb 5 22:23:35 bogon Keepalived_vrrp[1780]: Netlink reflector reports IP fe80::20c:29ff:fecf:7c1 added
Feb 5 22:23:35 bogon Keepalived_vrrp[1780]: Registering Kernel netlink reflector
Feb 5 22:23:35 bogon Keepalived_vrrp[1780]: Registering Kernel netlink command channel
Feb 5 22:23:35 bogon Keepalived_vrrp[1780]: Registering gratuitous ARP shared channel
Feb 5 22:23:35 bogon Keepalived_healthcheckers[1779]: Netlink reflector reports IP 172.16.10.40 added
Feb 5 22:23:35 bogon Keepalived_healthcheckers[1779]: Netlink reflector reports IP fe80::20c:29ff:fecf:7b7 added
Feb 5 22:23:35 bogon Keepalived_healthcheckers[1779]: Netlink reflector reports IP fe80::20c:29ff:fecf:7c1 added
Feb 5 22:23:35 bogon Keepalived_healthcheckers[1779]: Registering Kernel netlink reflector
Feb 5 22:23:35 bogon Keepalived_healthcheckers[1779]: Registering Kernel netlink command channel
检测脑裂脚本:备节点运行
[root@bogon scripts]# cat check_split_brain.sh
#!/bin/bash
lb01_vip=172.16.10.100
lb01_ip=172.16.10.10
while true
do
ping -c 2 -w 3 $lb01_ip &>/dev/null
if [ $? -eq 0 -a ip add|grep "$lb01_vip"|wc -l -eq 1 ]
then
echo "ha is split brain.warning."
else
echo "ha is ok."
fi
sleep 5
done
Memcached
可支持分布式集群
Socket事件处理机制---采用是异步epoll/kqueue非阻塞I/O网络模型,实现方式基于异步的libevent事件单进程、单线程模式。使用libevent作为事件通知机制,应用程序端通过指定服务器的IP地址及端口,就可以连接Memcached服务进行通信。
memcached服务安装:
yum -y install libevent libevent-devel nc rpm -qa libevent libevent-devel nc yum -y install memcached rpm -qa memcached memcached-1.4.4-5.el6.x86_64 [root@bogon ~]# memcached -m 16m -p 11211 -d -u root -c 8192 #启动命令 [root@bogon ~]# lsof -i:11211 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME memcached 1239 root 26u IPv4 10174 0t0 TCP *:memcache (LISTEN) memcached 1239 root 27u IPv6 10175 0t0 TCP *:memcache (LISTEN) memcached 1239 root 28u IPv4 10178 0t0 UDP *:memcache memcached 1239 root 29u IPv6 10179 0t0 UDP *:memcache [root@bogon ~]# ps -ef|grep memcached|grep -v grep root 1239 1 0 07:23 ? 00:00:00 memcached -m 16m -p 11211 -d -u root -c 8192 [root@bogon ~]# memcached -m 16m -p 11212 -d -u root -c 8192 #启动2个,支持多实例 [root@bogon ~]# ps -ef|grep memcached|grep -v grep root 1239 1 0 07:23 ? 00:00:00 memcached -m 16m -p 11211 -d -u root -c 8192 root 1264 1 0 07:24 ? 00:00:00 memcached -m 16m -p 11212 -d -u root -c 8192 #加入开机启动 [root@bogon ~]# echo "/usr/bin/memcached -m 16m -p 11212 -d -u root -c 8192" >>/etc/rc.local [root@bogon ~]# echo "/usr/bin/memcached -m 16m -p 11211 -d -u root -c 8192" >>/etc/rc.local [root@bogon ~]# tail -2 /etc/rc.local tail: 无法使用 inotify 机制,回归为 polling 机制 /usr/bin/memcached -m 16m -p 11212 -d -u root -c 8192 /usr/bin/memcached -m 16m -p 11211 -d -u root -c 8192 向memcached中写入数据 [root@bogon ~]# printf "set key1 0 0 6\r\noldboy\r\n"|nc 127.0.0.1 11211 STORED 向memcached中读取数据 root@bogon ~]# printf "get key1\r\n"|nc 127.0.0.1 11211 VALUE key1 0 6 oldboy #读取到的key1数据 END memcached中删除数据 [root@bogon ~]# printf "delete key1\r\n"|nc 127.0.0.1 11211 DELETED [root@bogon ~]# printf "get key1\r\n"|nc 127.0.0.1 11211 END 另一种方法 [root@bogon ~]# telnet 127.0.0.1 11211 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. set user01 0 0 7 oldgirl STORED get user01 VALUE user01 0 7 oldgirl END delete user01 DELETED get user01 END quit Connection closed by foreign host. 关闭memcached: killall 或pkill memcached 多实例的话会被全部干掉,so指定pid,kill pid [root@bogon ~]# memcached -m 16m -p 11211 -d -u root -c 8192 -P /var/run/11211.pid [root@bogon ~]# memcached -m 16m -p 11212 -d -u root -c 8192 -P /var/run/11212.pid [root@bogon ~]# ps -ef |grep memcached|grep -v grep root 1363 1 0 07:54 ? 00:00:00 memcached -m 16m -p 11211 -d -u root -c 8192 -P /var/run/11211.pid root 1385 1 0 07:55 ? 00:00:00 memcached -m 16m -p 11212 -d -u root -c 8192 -P /var/run/11212.pid memcached客户端 Memcached 安装 [root@web02 lib]# tail -2 /application/php/lib/php.ini extension_dir = "/application/php5.5.20/lib/php/extensions/no-debug-non-zts-/" extension=memcache.so [root@web03 lib]# pkill php-fpm [root@web03 lib]# ps -ef |grep php-fpm|grep -v grep [root@web03 lib]# /application/php/sbin/php-fpm [root@web03 lib]# ps -ef |grep php-fpm|grep -v grep root 1685 1 0 09:35 ? 00:00:00 php-fpm: master process (/application/php5.5.20/etc/php-fpm.conf) nobody 1686 1685 0 09:35 ? 00:00:00 php-fpm: pool www nobody 1687 1685 0 09:35 ? 00:00:00 php-fpm: pool www [root@web02 www]# cat op_mem.php <?php $memcache = new Memcache; $memcache->connect('172.16.10.10',11211) or die ("Could not connect Mc server"); $memcache->set('key','oldboy book'); $get = $memcache->get('key'); echo $get; ?> [root@web02 www]# /application/php/bin/php op_mem.php oldboy book #表示连接成功服务端监控脚本:
讯享网[root@web02 scripts]# cat mem_mc.sh #!/bin/bash export MemcachedIp=$1 export MemcachedPort=$2 export NcCmd="nc $MemcachedIp $MemcachedPort" export MD5=68b329da9893e34099c7d8ad5cb9c940 USAGE() { echo "$0 MemcachedIp $MemcachedPort" exit 3 } [ $# -ne 2 ] && USAGE printf "set $MD5 0 0 3\r\nhao\r\n"|$NcCmd >/dev/null 2>&1 if [ $? -eq 0 ];then if [ `printf "get $MD5\r\n|$NcCmd|grep hao|wc -l"` -eq 1 ];then echo "Memcached status is ok" printf "delete $MD5\r\n"|$NcCmd >/dev/null 2>&1 exit 0 else echo "Memcached status is error." exit 2 fi else echo "Could not connect Mc server" exit 2 fi
[root@www html]# sh /home/hao/scripts/mem_mc.sh 127.0.0.1 11211
Memcached status is ok
[root@www html]# pkill memcached
[root@www html]# sh /home/hao/scripts/mem_mc.sh 127.0.0.1 11211
Could not connect Mc server
[root@www html]# printf "stats\r\n"|nc 127.0.0.1 11211 #查看信息
STAT pid 1207
STAT uptime 341
STAT time
STAT version 1.4.4
STAT pointer_size 64
STAT rusage_user 0.000000
STAT rusage_system 0.027995
STAT curr_connections 10
STAT total_connections 15
STAT connection_structures 11
STAT cmd_get 2
STAT cmd_set 1
STAT cmd_flush 0
STAT get_hits 1
STAT get_misses 1
STAT delete_misses 0
STAT delete_hits 1
STAT incr_misses 0
STAT incr_hits 0
STAT decr_misses 0
STAT decr_hits 0
STAT cas_misses 0
STAT cas_hits 0
STAT cas_badval 0
STAT auth_cmds 0
STAT auth_errors 0
STAT bytes_read 59
STAT bytes_written 49
STAT limit_maxbytes
STAT accepting_conns 1
STAT listen_disabled_num 0
STAT threads 4
STAT conn_yields 0
STAT bytes 0
STAT curr_items 0
STAT total_items 1
STAT evictions 0
END
集群中session共享存储
nagios监控
服务端安装
echo 'export LC_ALL=C' >>/etc/profile tail -1 /etc/profile source /etc/profile echo $LC_ALL 关闭iptables 和SElinux 做时间同步: echo "*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1" >>/var/spool/cron/root 需要的软件包: yum -y install gcc glibc glibc-common yum -y install gd gd-devel yum -y install httpd php php-gd mysql #添加nagios,Apache用户,加入nagcmd用户组 /usr/sbin/useradd nagios /usr/sbin/groupadd nagcmd /usr/sbin/usermod -a -G nagcmd nagios /usr/sbin/usermod -a -G nagcmd apache cd /home/hao/tools/ wget https://sourceforge.net/projects/nagios/files/nagios-3.x/nagios-3.5.1/ tar xf nagios-3.5.1 cd nagios ./configure --with-command-group=nagcmd make all make install make install-init make install-config make install-commandmode make install-webconf htpasswd -bc /usr/local/nagios/etc/htpasswd.users lihao #设置登录nagios的账号密码 /etc/init.d/httpd reload 重启httpd服务 浏览http://172.16.10.60/nagios #安装基础依赖包,插件 http://nagios-plugins.org/download/ #下载地址 yum -y install perl-devel openssl-devel [root@localhost tools]# wget http://nagios-plugins.org/download/nagios-plugins-1.4.16.tar.gz --2019-02-07 11:09:03-- http://nagios-plugins.org/download/nagios-plugins-1.4.16.tar.gz Resolving nagios-plugins.org... 72.14.186.43 Connecting to nagios-plugins.org|72.14.186.43|:80... connected. HTTP request sent, awaiting response... 200 OK Length: (2.0M) [application/x-gzip] Saving to: `nagios-plugins-1.4.16.tar.gz' 100%[======================================>] 2,087,089 777K/s in 2.6s 2019-02-07 11:09:06 (777 KB/s) - `nagios-plugins-1.4.16.tar.gz' saved [/] [root@localhost tools]# ls nagios nagios-plugins-1.4.16.tar.gz [root@localhost tools]# tar xf nagios-plugins-1.4.16.tar.gz [root@localhost tools]# cd nagios-plugins-1.4.16 [root@localhost nagios-plugins-1.4.16]# ./configure --with-nagios-user=nagios --with-nagios-group=nagios --enable-perl-modules --with-mysql make && make install [root@localhost nagios-plugins-1.4.16]# ll /usr/local/nagios/libexec/|wc -l 58 安装nrpe软件 wget https://sourceforge.net/projects/nagios/files/nrpe-2.x/nrpe-2.12/nrpe-2.12.tar.gz tar -xf nrpe-2.12.tar.gz cd nrpe-2.12 ./configure make all make install-plugin make install-daemon make install-daemon-config ls /usr/local/nagios/libexec/check_nrpe 验证nagios配置文件语法: [root@localhost ~]# /etc/init.d/nagios checkconfig Running configuration check... OK. [root@localhost ~]# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg Total Warnings: 0 Total Errors: 0 #表示正常 Things look okay - No serious problems were detected during the pre-flight checknagios客户端安装
讯享网安装依赖包: yum -y install gcc glibc glibc-common yum -y install perl-devel perl-CPAN openssl-devel [root@web03 nagios]# ls nagios-plugins-1.4.16.tar.gz nrpe-2.12.tar.gz 添加用户 [root@web03 lib]# mkdir -p /home/hao/tools/nagios [root@web03 lib]# cd /home/hao/tools/nagios [root@web03 nagios]# useradd nagios -M -s /sbin/nologin [root@web03 nagios]# id nagios uid=894(nagios) gid=894(nagios) groups=894(nagios) tar xf nagios-plugins-1.4.16.tar.gz cd nagios-plugins-1.4.16 ./configure --with-nagios-user=nagios --with-nagios-group=nagios --enable-perl-modules --with-mysql make && make install [root@web03 nagios-plugins-1.4.16]# ll /usr/local/nagios/libexec/|wc -l 60 安装nrpe ar xf nrpe-2.12.tar.gz cd nrpe-2.12 ./configure make all make install-plugin make install-daemon make install-daemon-config yum -y install dos2unix* [root@web03 ~]# sed -i 's#allowed_hosts=127.0.0.1#allowed_hosts=127.0.0.1,172.16.10.60#g' /usr/local/nagios/etc/nrpe.cfg [root@web03 ~]# sed -n '79p' /usr/local/nagios/etc/nrpe.cfg allowed_hosts=127.0.0.1,172.16.10.60 [root@web03 ~]# /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d [root@web03 ~]# netstat -lntup|grep nrpe tcp 0 0 0.0.0.0:5666 0.0.0.0:* LISTEN 16964/nrpe #加入开机启动 root@web03 ~]# echo "/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d" >> /etc/rc.local 服务端配置 增加三行,注释一行 vim /usr/local/nagios/etc/nagios.cfg +34 34 cfg_file=/usr/local/nagios/etc/objects/hosts.cfg 35 cfg_file=/usr/local/nagios/etc/objects/services.cfg 36 cfg_dir=/usr/local/nagios/etc/objects/services 37 # Definitions for monitoring the local (Linux) host 38 #cfg_file=/usr/local/nagios/etc/objects/localhost.cfg [root@localhost etc]# cd objects/ [root@localhost objects]# head -51 localhost.cfg >hosts.cfg [root@localhost objects]# chown nagios.nagios /usr/local/nagios/etc/objects/hosts.cfg [root@localhost objects]# touch services.cfg [root@localhost objects]# chown nagios.nagios /usr/local/nagios/etc/objects/services.cfg [root@localhost objects]# mkdir services [root@localhost objects]# chown -R nagios.nagios services [root@localhost objects]# ls -lrt total 56 -rw-rw-r-- 1 nagios nagios 10812 Feb 6 17:12 templates.cfg -rw-rw-r-- 1 nagios nagios 7716 Feb 6 17:12 commands.cfg -rw-rw-r-- 1 nagios nagios 3208 Feb 6 17:12 timeperiods.cfg -rw-rw-r-- 1 nagios nagios 5403 Feb 6 17:12 localhost.cfg -rw-rw-r-- 1 nagios nagios 4019 Feb 6 17:12 windows.cfg -rw-rw-r-- 1 nagios nagios 3124 Feb 6 17:12 printer.cfg -rw-rw-r-- 1 nagios nagios 3293 Feb 6 17:12 switch.cfg -rw-rw-r-- 1 nagios nagios 2169 Feb 6 17:28 contacts.cfg -rw-r--r-- 1 nagios nagios 1870 Feb 7 13:56 hosts.cfg -rw-r--r-- 1 nagios nagios 0 Feb 7 13:57 services.cfg drwxr-xr-x 2 nagios nagios 4096 Feb 7 13:59 services 监控定义
[root@localhost objects]# cat hosts.cfg
define host{
use linux-server
host_name 50-web03
alias 50-web03
address 172.16.10.50
check_command check-host-alive
max_check_attempts 3 normal_check_interval 2 retry_check_interval 2check_period 24X7
讯享网 notification_interval 300
notification_period 24X7
notification_options d,u,r contact_groups admins }[root@localhost objects]# cat services.cfg
define service {
use generic-service
host_name 50-web03
service_description Disk Partiton
check_command check_nrpe!check_disk
}
define service {
use generic-service
host_name 50-web03
service_description Swap Useage
check_command check_nrpe!check_swap
}
define service {
use generic-service
host_name 50-web03
service_description MEM Useage
check_command check_nrpe!check_mem
}
define service {
use generic-service
host_name 50-web03
service_description Current Load
check_command check_nrpe!check_load
}
define service {
use generic-service
host_name 50-web03
service_description Disk Iostat
check_command check_nrpe!check_iostat!5!11
}
define service {
use generic-service
host_name 50-web03
service_description PING
check_command check_ping!100.0,20%!500.0,60%
}
讯享网
PNP
yum -y install cairo pango zlib zlib-devel freetype freetype-devel gd gd-devel yum -y install libart_lgpl libart_lgpl-devel yum -y install rrdtool rrdtool-devel yum install perl-Time-HiRes per-devel wget https://sourceforge.net/projects/pnp4nagios/files/PNP/pnp-0.4.14/pnp-0.4.14.tar.gz tar xf pnp-0.4.14.tar.gz cd pnp-0.4.14 ./configure --with-rrdtool --with-perfdata-dir=/usr/local/nagios/share/perfdata/ make all make install 浏览172.16.10.60/nagios/pnp 修改配置nagios.cfg vim /usr/local/nagios/etc/nagios.cfg 833 process_performance_data=1 #0改1 845 host_perfdata_command=process-host-perfdata #注释去掉 846 service_perfdata_command=process-service-perfdata #注释去掉 修改commands.cfg [root@localhost pnp-0.4.14]# vim /usr/local/nagios/etc/objects/commands.cfg +227 229 command_name process-host-perfdata 230 command_line /usr/local/nagios/libexec/process_perfdata.pl 231 } 234 # 'process-service-perfdata' command definition 235 define command{ 236 command_name process-service-perfdata 237 command_line /usr/local/nagios/libexec/process_perfdata.pl 238 } 239 240 #check_nrpe command definition <r/local/nagios/etc/objects/commands.cfg" 244L, 7503C written [root@localhost pnp-0.4.14]# /etc/init.d/nagios reload Running configuration check...done. Reloading nagios configuration...done #添加两行 [root@localhost objects]# sed -n '154,177p' templates.cfg name generic-service ; The 'name' of this service template active_checks_enabled 1 ; Active service checks are enabled passive_checks_enabled 1 ; Passive service checks are enabled/accepted process_perf_data 1 parallelize_check 1 ; Active service checks should be parallelized (disabling this can lead to major performance problems) obsess_over_service 1 ; We should obsess over this service (if necessary) check_freshness 0 ; Default is to NOT check service 'freshness' notifications_enabled 1 ; Service notifications are enabled event_handler_enabled 1 ; Service event handler is enabled flap_detection_enabled 1 ; Flap detection is enabled failure_prediction_enabled 1 ; Failure prediction is enabled process_perf_data 1 ; Process performance data retain_status_information 1 ; Retain status information across program restarts retain_nonstatus_information 1 ; Retain non-status information across program restarts is_volatile 0 ; The service is not volatile check_period 24x7 ; The service can be checked at any time of the day max_check_attempts 3 ; Re-check the service up to 3 times in order to determine its final (hard) state normal_check_interval 10 ; Check the service every 10 minutes under normal conditions retry_check_interval 2 ; Re-check the service every two minutes until a hard state can be determined contact_groups admins ; Notifications get sent out to everyone in the 'admins' group notification_options w,u,c,r ; Send notifications about warning, unknown, critical, and recovery events notification_interval 60 ; Re-notify about service problems every hour notification_period 24x7 ; Notifications can be sent out at any time register 0 ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL SERVICE, JUST A TEMPLATE! action_url /nagios/pnp/index.php?host=$HOSTNAME$&srv=$SERVICEDESC$ [root@localhost objects]# /etc/init.d/nagios reload Running configuration check...done. Reloading nagios configuration...done 实现报警: [root@localhost objects]# sed -n '28,37p' templates.cfg |sed -r 's#(.*);.*$#\1#g' define contact{ name generic-contact service_notification_period 24x7 host_notification_period 24x7 service_notification_options w,u,c,r,f,s host_notification_options d,u,r,f,s service_notification_commands notify-service-by-email host_notification_commands notify-host-by-email register 0 } 配置报警邮箱 sed -n '35p' /usr/local/nagios/etc/objects/contacts.cfg email @163.com ; <<* CHANGE THIS TO YOUR EMAIL ADDRESS [root@localhost nagios]# lsof -i:25 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME master 1140 root 12u IPv4 8976 0t0 TCP localhost:smtp (LISTEN) master 1140 root 13u IPv6 8977 0t0 TCP localhost:smtp (LISTEN) 邮箱添加:讯享网[root@localhost nagios]# tail /etc/mail.rc ignore mime-version content-transfer-encoding #Only include selected header fields when forwarding messages. fwdretain subject date from to #For Linux and BSD, this should be set. set bsdcompat set from=@163.com smtp="smtp.163.com" set smtp-auth-user=@163.com smtp-auth-password=lihao520 set smtp-auth=login
Apache安装优化
https://www.cnblogs.com/ginvip/p/6400304.html
版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容,请联系我们,一经查实,本站将立刻删除。
如需转载请保留出处:https://51itzy.com/kjqy/37913.html