Nginx企业级使用1(运维笔记)
重装和升级
信号参数
Kill 选项参数 pid
##关闭nginx
##快速关闭
kill -INT pid
##优雅关闭
kill -QUIT pid
##############实操##############
[root@server01 ~]# ps -ef|grep nginx
root 1668 1 0 11:09 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
www 1820 1668 0 11:49 ? 00:00:00 nginx: worker process
root 1896 1839 0 12:14 pts/0 00:00:00 grep --color nginx
[root@server01 ~]# kill -TERM 1668 #快速关闭 作用于master
[root@server01 ~]# ps -ef|grep nginx
root 1898 1839 0 12:15 pts/0 00:00:00 grep --color nginx
[root@server01 ~]# service nginx start
正在启动 nginx: [确定]
[root@server01 ~]# ps -ef|grep nginx
root 1951 1 0 12:15 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
www 1953 1951 0 12:15 ? 00:00:00 nginx: worker process
root 1955 1839 0 12:15 pts/0 00:00:00 grep --color nginx
[root@server01 ~]# kill -INT 1953 #快速退出
[root@server01 ~]# ps -ef|grep nginx
root 1951 1 0 12:15 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
www 1956 1951 0 12:16 ? 00:00:00 nginx: worker process
root 1958 1839 0 12:16 pts/0 00:00:00 grep --color nginx
[root@server01 ~]# kill -QUIT 1951 #优雅关闭
[root@server01 ~]# ps -ef|grep nginx
root 1960 1839 0 12:17 pts/0 00:00:00 grep --color nginx
重新安装
-
停止服务,删除编译安装软件包和源码包
-
重新解压编译安装即可
-
如有需要,备份配置文件和网站目录里的资源文件
平滑升级
-
升级软件版本,需要启动新版本,无法启动(端口占用)
-
旧版本不先停,新的又可以运行
-
新旧版本同时提供服务,旧的请求完成后,停掉旧进程
-
-USR2平滑启动一个进程(平滑升级)-WINCH优雅关闭子进程 -QUIT优雅关闭主进程
上传新版本
[root@server01 ~]# ps -ef|grep nginx #旧版本启动
root 2027 1 0 12:31 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
www 2029 2027 0 12:31 ? 00:00:00 nginx: worker process
root 2034 1839 0 12:31 pts/0 00:00:00 grep --color nginx
[root@server01 ~]# cd soft
[root@server01 soft]# ls
mysql-5.6.33 nginx-1.14.2 php-7.2.12
mysql-5.6.33.tar.gz nginx-1.14.2.tar.gz php-7.2.12.tar.gz
mysql_install.sh nginx_install.sh php_install.sh
[root@server01 soft]# ls #上传新版本nginx1.16.0
mysql-5.6.33 nginx-1.14.2 nginx_install.sh php_install.sh
mysql-5.6.33.tar.gz nginx-1.14.2.tar.gz php-7.2.12
mysql_install.sh nginx-1.16.0.tar.gz php-7.2.12.tar.gz
#解压 配置 编译 安装
tar xvf nginx-1.16.0.tar.gz
cd nginx-1.16.0
./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module
make install
#(执行完之后也可以直接执行make upgrade 不需要一步一步执行下方命令)
#上述操作完成 ,旧版本备份为nginx.old
[root@server01 nginx-1.16.0]# cd /usr/local/nginx/
[root@server01 nginx]# ls
client_body_temp fastcgi_temp logs sbin uwsgi_temp
conf html proxy_temp scgi_temp
[root@server01 nginx]# cd sbin/
[root@server01 sbin]# ls
nginx nginx.old
[root@server01 sbin]# ./nginx -v
nginx version: nginx/1.16.0
[root@server01 sbin]# ./nginx.old -v
nginx version: nginx/1.14.2
#新旧版本同时进行
[root@server01 sbin]# ps -ef |grep nginx
root 2027 1 0 12:31 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
www 2029 2027 0 12:31 ? 00:00:00 nginx: worker process
root 4666 1839 0 12:40 pts/0 00:00:00 grep --color nginx
[root@server01 sbin]# kill -USR2 2027
[root@server01 sbin]# ps -ef |grep nginx
root 2027 1 0 12:31 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
www 2029 2027 0 12:31 ? 00:00:00 nginx: worker process
root 4667 2027 0 12:41 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
www 4668 4667 0 12:41 ? 00:00:00 nginx: worker process
root 4670 1839 0 12:41 pts/0 00:00:00 grep --color nginx
[root@server01 sbin]# kill -WINCH 2029 #杀死旧子进程
[root@server01 sbin]# ps -ef |grep nginx
root 2027 1 0 12:31 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
root 4667 2027 0 12:41 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
www 4668 4667 0 12:41 ? 00:00:00 nginx: worker process
www 4671 2027 0 12:42 ? 00:00:00 nginx: worker process
root 4673 1839 0 12:42 pts/0 00:00:00 grep --color nginx
[root@server01 sbin]# kill -QUIT 2027 #一键杀死旧进程
[root@server01 sbin]# ps -ef |grep nginx
root 4667 1 0 12:41 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
www 4668 4667 0 12:41 ? 00:00:00 nginx: worker process
root 4675 1839 0 12:43 pts/0 00:00:00 grep --color nginx
配置文件
[root@server01 ~]# cd /usr/local/nginx/
[root@server01 nginx]# ls
client_body_temp conf fastcgi_temp html logs proxy_temp sbin scgi_temp uwsgi_temp
[root@server01 nginx]# cd conf
[root@server01 conf]# cat nginx.conf #查看配置文件
#user nobody; #nginx启动用户
worker_processes 1; #子进程数量 一般为cpu核数或者倍数
#错误日志定义
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
#每个子进程的连接数 nginx当前并发量 worker_processes * worker_connections
worker_connections 1024;
}
#http协议段
http {
#引入 文件扩展名和与文件类型映射表
include mime.types;
#默认文件类型
default_type application/octet-stream;
#访问日志access.log的格式
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
#linux内核 提供文件读写的机制
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
#长连接超时时间 单位为s
keepalive_timeout 65;
#gzip on;
server {
#监听端口
listen 80;
#域名 可以有多个 用空格分隔
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
root html;
location / {
#默认访问的网站路径
# root html;
#默认访问页面 从前往后的顺序查找
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
# root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
递进关系 http > server > location
自定义一个错误页面
[root@server01 ~]# cd /usr/local/nginx/
[root@server01 nginx]# ls
client_body_temp conf fastcgi_temp html logs proxy_temp sbin scgi_temp uwsgi_temp
[root@server01 nginx]# cd html
[root@server01 html]# ls
50x.html index.html index.php
[root@server01 html]# vim 404.html
[root@server01 html]# cat 404.html
oh! 404
#编辑配置文件
[root@server01 html]# cd ..
[root@server01 nginx]# cd conf/
[root@server01 conf]# vim nginx.conf
#在server里添加或者去掉注释
error_page 404 /404.html;
访问不存在的页面就会出现此页面
企业常见配置
基于域名的虚拟主机配置
[root@server01 conf]# ls
fastcgi.conf koi-utf nginx.conf uwsgi_params
fastcgi.conf.default koi-win nginx.conf.default uwsgi_params.default
fastcgi_params mime.types scgi_params win-utf
fastcgi_params.default mime.types.default scgi_params.default
[root@server01 conf]# vim nginx.conf
#文件添加
server{
listen 80;#监听端口
server_name shop.lnmp.com;#域名
root html/tp5shop; #寻找路径
index index.html;
}
#重启服务
[root@server01 conf]# service nginx reload
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
重新载入 nginx: [确定]
[root@server01 conf]# cd ..
[root@server01 nginx]# cd html/
[root@server01 html]# ls
404.html 50x.html index.html index.php
[root@server01 html]# mkdir tp5shop #创建配置目录
[root@server01 html]# cd tp5shop/
[root@server01 tp5shop]# vim index.html#新建index.html
[root@server01 tp5shop]# cat index.html
shop.lnmp.com
#使用windows访问 解析域名
PS C:\WINDOWS\system32\drivers\etc> tree /f
卷 系统 的文件夹 PATH 列表
卷序列号为 09C1-B27D
C:.
hosts
hosts.ics
lmhosts.sam
networks
protocol
services
没有子文件夹
#编辑hosts文件添加
#你自己的ip地址 域名
192.168.126.139 shop.lnmp.com
#查看连通性
PS C:\Users\Rkun18> ping shop.lnmp.com
正在 Ping shop.lnmp.com [192.168.126.139] 具有 32 字节的数据:
来自 192.168.126.139 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.126.139 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.126.139 的回复: 字节=32 时间=1ms TTL=64
来自 192.168.126.139 的回复: 字节=32 时间<1ms TTL=64
192.168.126.139 的 Ping 统计信息:
数据包: 已发送 = 4,已接收 = 4,丢失 = 0 (0% 丢失),
往返行程的估计时间(以毫秒为单位):
最短 = 0ms,最长 = 1ms,平均 = 0ms
#新建php文件
[root@server01 tp5shop]# pwd
/usr/local/nginx/html/tp5shop
[root@server01 tp5shop]# vim index.php
[root@server01 tp5shop]# cat index.php
<?php
echo 'shop site by php';
#不能解析php文件在nginx.conf里新建的server里编辑内容
server{
listen 80;
server_name shop.lnmp.com;
root html/tp5shop;
index index.html;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
#访问
http://shop.lnmp.com/index.php
#成功访问
基于端口的配置
[root@server01 ~]# vim /usr/local/nginx/conf/nginx.conf
#修改端口
server{
listen 5210;
server_name shop.lnmp.com;
root html/tp5shop;
index index.html;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
#重载
[root@server01 ~]# service nginx reload
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
重新载入 nginx:
#查看端口
[root@server01 ~]# netstat -nltp|grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1676/nginx
tcp 0 0 0.0.0.0:5210 0.0.0.0:* LISTEN 1676/nginx
#无法访问
http://shop.lnmp.com/index.php
#加端口5210
http://shop.lnmp.com:5210/index.php
成功访问!
基于IP访问
#临时绑定IP
ifconfig eth0:1 192.168.126.140
#查看IP是否绑定成功
ip a
#######################实操#################
[root@server01 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:19:47:98 brd ff:ff:ff:ff:ff:ff
inet 192.168.126.139/24 brd 192.168.126.255 scope global eth0
inet6 fe80::20c:29ff:fe19:4798/64 scope link
valid_lft forever preferred_lft forever
[root@server01 ~]# ifconfig eth0:1 192.168.126.140
[root@server01 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:19:47:98 brd ff:ff:ff:ff:ff:ff
inet 192.168.126.139/24 brd 192.168.126.255 scope global eth0
inet 192.168.126.140/24 brd 192.168.126.255 scope global secondary eth0:1
inet6 fe80::20c:29ff:fe19:4798/64 scope link
valid_lft forever preferred_lft forever
#在nginx配置文件里新建一个server
[root@server01 ~]# vim /usr/local/nginx/conf/nginx.conf
server {
listen 80;
server_name 192.168.126.140;
root html/ip;
}
#建立测试目录
cd /usr/local/nginx/html
mkdir ip
echo "ip site" >> index.html
#通过浏览器访问
http://192.168.126.140/
上线商城项目
#上传项目源代码 (随意位置)这里我使用MobaXterm 上传文件很方便
cd /usr/local/nginx/html
[root@server01 ~]# cd /usr/local/nginx/html
[root@server01 html]# ls
404.html index.html ip tp5shop.zip
50x.html index.php tp5shop tpshop.sql
[root@server01 html]# mv tp5shop tp5shop_bak #把之前的目录删除或者做一个备份
[root@server01 html]# ls
404.html index.html ip tp5shop.zip
50x.html index.php tp5shop_bak tpshop.sql
#把项目压缩包解压
unzip tp5shop.zip
#解压后
[root@server01 html]# ls
404.html index.html ip tp5shop_bak tpshop.sql
50x.html index.php tp5shop tp5shop.zip
[root@server01 html]# cd tp5shop
[root@server01 tp5shop]# ls
application composer.json extend public runtime thinkphp
build.php composer.lock LICENSE.txt README.md think vendor
#设置基本信息
vim /usr/local/nginx/conf/nginx.conf
#在配置文件中配置server虚拟主机段
server {
listen 80;
server_name shop.lnmp.com;
#tp5shop商城项目基于thinkphp5框架开发,需要绑定默认网站目录为public
root html/tp5shop/public;
index index.html;
location ~ \.php$ {
# root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
#每次配置完记得重启配置
service nginx reload
访问:http://shop.lnmp.com/
403 Forbidden
错误原因
-
默认访问index.html 刚才配置public目录下没有该文件
-
没有index.html就会列出目录结构 ,但没有权限列出
#设置基本信息
vim /usr/local/nginx/conf/nginx.conf
#在配置文件中配置server虚拟主机段
server {
listen 80;
server_name shop.lnmp.com;
#tp5shop商城项目基于thinkphp5框架开发,需要绑定默认网站目录为public
root html/tp5shop/public;
#默认index.php添加
index index.php index.html;
location ~ \.php$ {
# root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
#重载配置
连接数据库导入数据
[root@server01 ~]# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.6.33 Source distribution
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
#当前数据库
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)
#创建数据库
mysql > create database tp5shop;
#使用数据库
mysql > use tp5shop;
#通过sql文件导入恢复数据
mysql > source /usr/local/nginx/html/tpshop.sql
######################################################
#修改项目的连接数据库配置文件
vim /usr/local/nginx/html/tp5shop/application/database.php
return [
// 数据库类型
'type' => 'mysql',
// 服务器地址
'hostname' => '127.0.0.1',
// 数据库名
'database' => 'tp5shop',
// 用户名
'username' => 'root',
// 密码
'password' => '你自己设置的密码',
// 端口
'hostport' => '3306',
访问shop.lnmp.com
遇到问题:项目需要在runtime文件夹中写入缓存信息(需要写权限)
-
nginx 读取静态文件 用户www
-
php-fpm 读取、写入、解析php文件 用户www
-
把runtime目录的所属关系赋予www
cd /usr/local/nginx/html/tp5shop
chown -R www:www runtime/
####################################################################
[root@server01 ~]# cd /usr/local/nginx/html/tp5shop
[root@server01 tp5shop]# ls
application composer.json extend public runtime thinkphp
build.php composer.lock LICENSE.txt README.md think vendor
[root@server01 tp5shop]# ll
总用量 68
drwxr-xr-x 5 root root 4096 4月 20 18:43 application
-rw-r--r-- 1 root root 1124 4月 2 2018 build.php
-rw-r--r-- 1 root root 1051 4月 2 2018 composer.json
-rw-r--r-- 1 root root 18657 4月 2 2018 composer.lock
drwxr-xr-x 2 root root 4096 5月 7 2018 extend
-rw-r--r-- 1 root root 1854 4月 2 2018 LICENSE.txt
drwxr-xr-x 7 root root 4096 5月 7 2018 public
-rw-r--r-- 1 root root 5904 4月 2 2018 README.md
drwxr-xr-x 5 root root 4096 5月 7 2018 runtime
-rw-r--r-- 1 root root 770 4月 2 2018 think
drwxr-xr-x 5 root root 4096 5月 7 2018 thinkphp
drwxr-xr-x 7 root root 4096 5月 7 2018 vendor
[root@server01 tp5shop]# chown -R www:www runtime/
[root@server01 tp5shop]# ll
总用量 68
drwxr-xr-x 5 root root 4096 4月 20 18:43 application
-rw-r--r-- 1 root root 1124 4月 2 2018 build.php
-rw-r--r-- 1 root root 1051 4月 2 2018 composer.json
-rw-r--r-- 1 root root 18657 4月 2 2018 composer.lock
drwxr-xr-x 2 root root 4096 5月 7 2018 extend
-rw-r--r-- 1 root root 1854 4月 2 2018 LICENSE.txt
drwxr-xr-x 7 root root 4096 5月 7 2018 public
-rw-r--r-- 1 root root 5904 4月 2 2018 README.md
drwxr-xr-x 5 www www 4096 5月 7 2018 runtime
-rw-r--r-- 1 root root 770 4月 2 2018 think
访问shop.lnmp.com
基本部署完成