1.关于lnamp架构介绍
linux+nginx+apache+mysql+php
2.给大家分享一个这种架构的一键安装脚本ezhttp
下载地址:https://www.oschina.net/p/ezhttp
备用下载地址:https://github.com/centos-bz/ezhttp
3.多站点配置:
nginx配置:
error_log logs/error.log error ;
pid logs/nginx.pid;
user www;
worker_processes auto;
worker_rlimit_nofile 51200;
events {
use epoll;
worker_connections 51200;
}
http {
client_body_buffer_size 32k;
client_header_buffer_size 2k;
client_max_body_size 2m;
default_type application/octet-stream;
log_not_found off;
server_tokens off;
include mime.types;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml application/rss+xml application/xhtml+xml application/atom_xml;
gzip_vary on;
#error_page 500 502 503 504 /50x.html;
log_format access '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';
server {
listen 80 default_server;
server_name localhost;
index index.php index.html index.htm;
root /home/wwwroot/;
location ~ .*\.(php|php5)?$ {
proxy_pass http://127.0.0.1:88;
include proxy.conf;
}
}
include vhost/*.conf;
}
nginx多站点配置:
|------nginc.conf
|-----------|vhost
|-----------|vhost-------|abc.com.config
|-----------|vhost-------|bcd.com.config
|-----------|vhost-------|efg.com.config
abc.com.config
server {
server_name abc.com;
listen 80;
listen 443 ssl;
ssl_certificate /usr/local/nginx/certificate/abc.com/1657267_abc.com.pem ; #crt文件位置
ssl_certificate_key /usr/local/nginx/certificate/abc.com/1657267_abc.com.key ;#key文件位置
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
index index.php index.html index.htm;
root /home/wwwroot/abc/;
location / {
try_files /index.html @apache;
}
location @apache {
internal;
proxy_pass http://127.0.0.1:88;
include proxy.conf;
}
location ~ .*\.(php|php5)?$ {
proxy_pass http://127.0.0.1:88;
include proxy.conf;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
expires 30d;
}
location ~ .*\.(js|css)?$ {
expires 12h;
}
access_log /home/wwwlog/abc.com/access_nginx.log access;
error_log /home/wwwlog/abc.com/error_nginx.log error;
}
bcd.com.config(参考abc.com.config)
efg.com.config(参考abc.com.config)
apache配置:
ServerRoot "/usr/local/apache"
Listen 127.0.0.1:88
LoadModule deflate_module modules/mod_deflate.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule php5_module modules/libphp5.so
<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
User www
Group www
</IfModule>
</IfModule>
ServerAdmin [email protected]
ServerName localhost:80
DocumentRoot "/usr/local/apache/htdocs"
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<Directory "/usr/local/apache/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" common
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"
</IfModule>
<IfModule cgid_module>
</IfModule>
<Directory "/usr/local/apache/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
DefaultType text/plain
<IfModule mime_module>
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
Addtype application/x-httpd-php .php
</IfModule>
Include conf/extra/httpd-vhosts.conf
Include conf/extra/httpd-ssl.conf
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
apache多站点配置:
|------nginc.conf
|-----------|vhost
|-----------|vhost-------|abc.com.config
|-----------|vhost-------|bcd.com.config
|-----------|vhost-------|efg.com.config
abc.com.config
<VirtualHost 127.0.0.1:88>
ServerName abc.com
ServerAlias abc.com
DocumentRoot /home/wwwroot/abc/
DirectoryIndex index.php index.html index.htm
<Directory /home/wwwroot/abc/>
Options +Includes -Indexes
AllowOverride All
Order Deny,Allow
Allow from All
php_admin_value open_basedir /home/wwwroot/abc/:/tmp:/proc
</Directory>
ErrorLog /home/wwwlog/abc.com/error_apache.log
TransferLog /home/wwwlog/abc.com/access_apache.log
</VirtualHost>
4.lnamp架构证书安装
看似完美的一机负载均衡,那么问题来了,lnamp架构如何安装证书呢?
只给nginx安装证书?或者只给apache安装证书?或者两者都安装?
大家知道https协议的默认访问端口是 443 ,如果给apache和nginx都安装证书,那么会存在端口占用问题,导致服务器不能启动
我的做法是只在nginx监听443端口,nginx配置证书。见abc.com.config文件的证书配置
listen 443 ssl;
ssl_certificate /usr/local/nginx/certificate/abc.com/1657267_abc.com.pem ; #crt文件位置
ssl_certificate_key /usr/local/nginx/certificate/abc.com/1657267_abc.com.key ;#key文件位置
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
index index.php index.html index.htm;
本人也在质疑这种配置方式,但是线上项目能正常运行成功,欢迎大家尝试我的配置方法,如果不能安装成功,请在博客下方留言,我再研究改进