1、Nginx负载均衡
Nginx代理一个服务器就叫代理服务,如果一个Nginx代理多个服务器就叫做负载均衡
代理服务器后面可以有多个web服务器,多个web服务器去提供服务的时候,就可以实现一个负载均衡的功能
配置负载均衡,负载均衡的配置借助了upstream 模块
安装dig命令查看解析IP
[root@localhost ~]# yum install -y bind-utils
[root@localhost ~]# dig qq.com
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> qq.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49396
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 0
;; QUESTION SECTION:
;qq.com. IN A
;; ANSWER SECTION:
qq.com. 226 IN A 58.60.9.21
qq.com. 226 IN A 180.163.26.39
qq.com. 226 IN A 59.37.96.63
;; AUTHORITY SECTION:
qq.com. 19278 IN NS ns4.qq.com.
qq.com. 19278 IN NS ns1.qq.com.
qq.com. 19278 IN NS ns2.qq.com.
qq.com. 19278 IN NS ns3.qq.com.
- 写一个配置文件vim /usr/local/nginx/conf/vhost/load.conf
upstream qq.com
{
ip_hash; //让用户保持在一台后端服务器上连接
server 58.60.9.21:80; // 用dig工具查到qq网站有两台服务器
server 59.37.96.63:80; // 用dig工具查到qq网站有两台服务器
}
server
{
listen 80; //监听端口
server_name www.qq.com; // 域名
location /
{
proxy_pass http://qq.com; //这里指定upstream的名字
proxy_set_header Host $Host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
- upstream来指定多个web server
- 当有多个服务器同时对一个域名提供服务的时候,长时间访问一个域名,在一定的时效内,会出现需要重新登录或者是说跳转到另外一个地址的服务器上;ip_hash,就是使通过这个代理访问的同一个域名的多个IP的服务器是,始终保持在一个IP上对这个域名进行访问
- 检查配置文件语法,并重新加载,测试
[root@localhost ~]# curl -x127.0.0.1:80 www.qq.com
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
- nginx不支持去代理https,也就是在配置文件中的server 后不能写443,是不支持的,只能代理http、tcp
- 若想要实现代理https,nginx监听443端口,但web服务必须是80端口
2、SSL原理
- http和https的区别
https通信是加密的,如果不加密,中间传输数据包的有时候会被截到,就会导致信息泄露,https就是对这个通信的数据包进行加密
- 原理和流程
- 浏览器发送一个https的请求给服务器;
- 服务器要有一套数字证书,可以自己制作,也可以向组织申请,区别就是自己颁发的证书需要客户端验证通过,才可以继续访问,而使用受信任的公司申请的证书则不会弹出>提示页面,这套证书其实就是一对公钥(加密)和私钥(解密);
- 服务器会把公钥传输给客户端;
- 客户端(浏览器)收到公钥后,(这个过程是浏览器判断的)会验证其是否合法有效,无效会有警告提醒,有效则会生成一串随机数,并用收到的公钥加密;
- 客户端把加密后的随机字符串传输给服务器;
- 服务器收到加密随机字符串后,先用私钥解密(公钥加密,私钥解密),获取到这一串随机数后,再用这串随机字符串加密传输的数据(该加密为对称加密,所谓对称加密,就是将数据和私钥也就是这个随机字符串>通过某种算法混合在一起,这样除非知道私钥,否则无法获取数据内容);
- 服务器把加密后的数据传输给客户端;
- 客户端收到数据后,再用自己的私钥也就是那个随机字符串解密
3、生成SSL密钥对
- openssl工具来颁发数字证书生成私钥和公钥:需要安装openssl包
- 密钥对放在conf目录下:到conf目录下去使用openssl工具
[root@localhost ~]# cd /usr/local/nginx/conf/
[root@localhost conf]# rpm -qf `which openssl`
openssl-1.0.2k-12.el7.x86_64
[root@localhost conf]# openssl genrsa -des3 -out tmp.key 2048
Generating RSA private key, 2048 bit long modulus
....................+++
.........+++
e is 65537 (0x10001)
Enter pass phrase for tmp.key:
Verifying - Enter pass phrase for tmp.key:
openssl genrsa -des3 -out tmp.key 2048 //genrsa ,表示生成rsa的私钥;2048 ,2048长度;名字为 tmp.key
- 转换key,取消密码,删除tmp.key
[root@localhost conf]# openssl rsa -in tmp.key -out aming.key
Enter pass phrase for tmp.key:
writing RSA key
[root@localhost conf]# rm -f tmp.key //把含密码的私钥删掉
-in 表示指定哪一个秘钥要被转换
-out 表示指定输出的
生成证书请求文件,需要拿这个请求文件和私钥一起生产公钥文件
[root@localhost conf]# openssl req -new -key aming.key -out aming.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:china
string is too long, it needs to be less than 2 bytes long
Country Name (2 letter code) [XX]:11
State or Province Name (full name) []:guangdong
Locality Name (eg, city) [Default City]:gon^H^H^H
Organization Name (eg, company) [Default Company Ltd]:aming
Organizational Unit Name (eg, section) []:aming
Common Name (eg, your name or your server's hostname) []:aming
Email Address []:admin@163.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:aming
An optional company name []:aming
这里的信息可以不用填写,直接回车也行;因为这是自己给自己颁发的证书,可以随意填写,若是购买那些正式的证书,那证书的信息就需要填写相对应的信息
- 生成公钥
[root@localhost conf]# openssl x509 -req -days 365 -in aming.csr -signkey aming.key -out aming.crt
Signature ok
subject=/C=11/ST=guangdong/L=gon\x08\x08\x08/O=aming/OU=aming/CN=aming/[email protected]
Getting Private key
- -days 365 证书的日期是一年
- aming.crt是公钥,aming.key是私钥
[root@localhost conf]# ls aming.*
aming.crt aming.csr aming.key
4、 Nginx配置ssl
- 在有了公钥和私钥之后,配置nginx
- 生成新的配置文件 vim /usr/local/nginx/conf/vhost/ssl.conf
[root@localhost conf]# vim /usr/local/nginx/conf/vhost/ssl.conf
server
{
listen 443; //监听端口为443
server_name aming.com; //主机名
index index.html index.php;
root /data/wwwroot/aming.com; //root 目录
ssl on; //开启ssl
ssl_certificate aming.crt; //指定公钥
ssl_certificate_key aming.key; //指定私钥
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; //ssl 的协议
}
注:ssl 的协议,一般情况下,三种协议都配置上
- 创建/data/wwwroot/aming.com目录,检查配置文件语法
[root@localhost conf]# mkdir /data/wwwroot/aming.com
[root@localhost conf]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
- 进入目录/usr/local/src/nginx-1.12.1/,重新编译Nginx,加上ssl配置参数
[root@localhost conf]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.12.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC)
configure arguments: --prefix=/usr/local/nginx //缺少SSL
[root@localhost conf]# cd /usr/local/src/nginx-1.12.1/ //进入目录
[root@localhost nginx-1.12.1]# ./configure --prefix=/usr/local/nginx --with-http_ssl_module //编译SSL配置参数
[root@localhost nginx-1.12.1]# make
[root@localhost nginx-1.12.1]# make install
[root@localhost nginx-1.12.1]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.12.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx/ --with-http_ssl_module //已经增加SSL参数
- 检查配置文件语法错误,重启nginx
[root@localhost nginx-1.12.1]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx//conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx//conf/nginx.conf test is successful
[root@localhost nginx-1.12.1]# /etc/init.d/nginx restart
Restarting nginx (via systemctl): [ 确定 ]
- 查看监听端口,会看到多出一个443端口
[root@localhost vhost]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1051/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1032/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1248/master
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1051/nginx: master
- 切换目录路径,并创建一个测试文件
[root@localhost vhost]# vim /data/wwwroot/aming.com/index.html
This is a ssl
- 测试,若是直接访问会报400
[root@localhost vhost]# curl -x127.0.0.1:443 https://aming.com/
curl: (56) Received HTTP code 400 from proxy after CONNECT
- 在虚拟机中 /etc/写hosts,测试,不指定-x访问
[root@localhost vhost]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 aming.com //增加aming.com
[root@localhost vhost]# curl https://aming.com/
curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
- 就是说你这个证书被标记为不可信任了,因为这个证书是自己颁发的,实际上是已经配置成功了
- 在windows中的host文件添加,并保存测试访问
浏览器访问https://aming.com,会看到加载超时
这时查看虚拟机防火墙iptables -nvL,若是防火墙存在,可以直接ipbables -F清空所有规则,若不想清空所有规则可以增加443端口的规则 iptables -I INPUT -p tcp --dport 443 -j ACCEPT
这时再来访问aming.com,会提示是否信任证书,选择 是 ,会访问成功
这个就是自己颁发证书,浏览器不被信任的时候,会显示红色 不安全 ,而不是绿色
以后若想正常的访问https,可以去沃通买证书
5、php-fpm的pool
- 一个Nginx服务器可能运行多个站点,那么php-fpm使用同一个pool资源,当一个站点资源耗尽之后,就有可能会影响所有站点都不能访问。每个站点使用独立的pool,就能够避免这种情况发生; 使用ps aux |grep php-fpm最右侧看到的那一列就是pool,也就是它的池子
[root@localhost vhost]# ps aux |grep php-fpm
root 1257 0.0 0.4 227248 4956 ? Ss 20:51 0:00 php-fpm: master process (/usr/local/php-fpm/etc/php-fpm.conf)
php-fpm 1261 0.0 0.4 227248 4712 ? S 20:51 0:00 php-fpm: pool www
php-fpm 1262 0.0 0.4 227248 4712 ? S 20:51 0:00 php-fpm: pool www
php-fpm 1263 0.0 0.4 227248 4712 ? S 20:51 0:00 php-fpm: pool www
php-fpm 1264 0.0 0.4 227248 4712 ? S 20:51 0:00 php-fpm: pool www
php-fpm 1265 0.0 0.4 227248 4716 ? S 20:51 0:00 php-fpm: pool www
- 编辑php-fpm.conf配置文件:在[global]中增加一个pool
[root@localhost vhost]# cd /usr/local/php-fpm/etc/
[root@localhost etc]# vim php-fpm.conf
[aming.com]
listen = /tmp/aming.sock
#listen = 127.0.0.1:9000
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
- 检查是否存在语法错误,若没有语法错误,做一个php-fpm重启:/etc/init.d/php-fpm restart 或使用 /etc/init.d/php-fpm reload
[root@localhost etc]# /usr/local/php-fpm/sbin/php-fpm -t
[08-Jul-2018 22:20:24] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful
[root@localhost etc]# /etc/init.d/php-fpm reload
Reload service php-fpm done
- ps aux|grep fpm查看,会看到最右侧多了一个aming.com,这个就是两个不同的池子
[root@localhost etc]# ps aux|grep fpm
php-fpm 1684 0.0 0.4 227248 4716 ? S 22:20 0:00 php-fpm: pool www
php-fpm 1685 0.0 0.4 227248 4716 ? S 22:20 0:00 php-fpm: pool www
php-fpm 1686 0.0 0.4 227248 4716 ? S 22:20 0:00 php-fpm: pool www
php-fpm 1687 0.0 0.4 227248 4716 ? S 22:20 0:00 php-fpm: pool www
php-fpm 1688 0.0 0.4 227248 4712 ? S 22:20 0:00 php-fpm: pool aming.com
php-fpm 1689 0.0 0.4 227248 4712 ? S 22:20 0:00 php-fpm: pool aming.com
php-fpm 1690 0.0 0.4 227248 4712 ? S 22:20 0:00 php-fpm: pool aming.com
- 在nginx中使用新的pool
- 主配置文件php-fpm中的 [global] 加入include = etc/php-fpm.d/*.conf ,并将池子拆分出来,将其中的池子pool删除
[root@localhost etc]# !vim
vim php-fpm.conf //进入配置文件改成如下
[global]
pid = /usr/local/php-fpm/var/run/php-fpm.pid
error_log = /usr/local/php-fpm/var/log/php-fpm.log
include = etc/php-fpm.d/*.conf //再把后面pool删除
- 因为include = etc/php-fpm.d/,所以需要创建/php-fpm.d/的目录
[root@localhost etc]# mkdir php-fpm.d
[root@localhost etc]#ls
pear.conf php-fpm.conf php-fpm.conf.default php-fpm.d php.ini
- 切换路径,并创建www.conf,然后将之前php-fpm.conf中的www部分写入到其中;aming.conf也分别创建
[root@localhost etc]#cd php-fpm.d/
[root@localhost php-fpm.d]# vim www.conf
[www]
listen = /tmp/php-fcgi.sock
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
[root@localhost php-fpm.d]# vim aming.conf
[aming.com]
listen = /tmp/aming.sock
#listen = 127.0.0.1:9000
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
- 检查语法是否有错误,重启后查看;
[root@localhost php-fpm.d]# /usr/local/php-fpm/sbin/php-fpm -t
[08-Jul-2018 22:47:03] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful
[root@localhost php-fpm.d]# /etc/init.d/php-fpm restart
Gracefully shutting down php-fpm . done
Starting php-fpm done
[root@localhost php-fpm.d]# ps aux |grep php-fpm
root 1735 0.8 0.4 227336 4996 ? Ss 22:47 0:00 php-fpm: master process (/usr/local/php-fpm/etc/php-fpm.conf)
6、php-fpm慢执行日志
- Nginx有一个很好的特性就是慢执行日志。可以定义php执行超过指定时间,就会记录到慢执行日志中去,记录那个文件那行代码执行过程慢。
- 查询方法:
- 系统负载,可以通过各种工具查,查出是哪个进程导致
- PHP网站访问慢,通过查看慢日志
- 在pool的配置文件里配置添加
[root@localhost php-fpm.d]# vim www.conf
[root@localhost php-fpm.d]# cat www.conf
[www]
listen = /tmp/php-fcgi.sock
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
request_slowlog_timeout = 1 //超过一秒钟就要记录日
slowlog = /usr/local/php-fpm/var/log/www-slow.log //日志放到该路径下
- 查看语法错误,并重新加载
[root@localhost php-fpm.d]# /usr/local/php-fpm/sbin/php-fpm -t
[08-Jul-2018 22:53:57] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful
[root@localhost php-fpm.d]# /etc/init.d/php-fpm reload
Reload service php-fpm done
- 查看/usr/local/php-fpm/var/log/www-slow.log日志是否生成
[root@localhost php-fpm.d]# ls /usr/local/php-fpm/var/log/
php-fpm.log www-slow.log
[root@localhost php-fpm.d]# cat /usr/local/php-fpm/var/log/www-slow.log
- 查看日志会看到没有内容,因为没有超过一秒php执行的过程
- 模拟一个慢执行的php,写一个脚本,由于php-fcgi它是被在test这个站点用着,所以需要在这个/data/wwwroot/test.com目录下做一些操作
- 运行php脚本,但是未输出信息,检测会看到状态码为500,说明有错误
[root@localhost php-fpm.d]# vim /data/wwwroot/test.com/sleep.php
[root@localhost php-fpm.d]# cat /data/wwwroot/test.com/sleep.php
<?php
echo “test slow log”;
sleep(2);echo “done”;
?>
[root@localhost php-fpm.d]# curl -x127.0.0.1:80 test.com/sleep.php -I
HTTP/1.1 500 Internal Server Error
Server: nginx/1.12.1
Date: Sun, 08 Jul 2018 14:57:10 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.6.30
- 可以查看错误日志,但有更简单的方法就是打开它的配置文件
[root@localhost php-fpm.d]# vim /usr/local/php-fpm/etc/php.ini
搜索 /display ,找到display_errors
将display_errors = Off 改为display_errors = On
display_errors = On
; The display of errors which occur during PHP's startup sequence are handled
; separately from display_errors. PHP's default behavior is to suppress those
; errors from clients. Turning the display of startup errors on can be useful in
; debugging configuration problems. We strongly recommend you
; set this to 'off' for production servers.
466,19
- 打开display_errors之后,就可以在浏览器上查看到具体的错误是什么
- 重启或者重新加载php-fpm
[root@localhost php-fpm.d]# /etc/init.d/php-fpm reload
Reload service php-fpm done
- 检查错误,会看到语法错误,有可能是逗号,分号写的不对
[root@localhost php-fpm.d]# curl -x127.0.0.1:80 test.com/sleep.php
<br />
<b>Parse error</b>: syntax error, unexpected 'slow' (T_STRING), expecting ',' or ';' in <b>/data/wwwroot/test.com/sleep.php</b> on line <b>2</b><br />
- 检查sleep.php文件,发现里面使用的中文标点,更改后重启配置;再来测试,访问成功,会看到访问的时候停顿了几秒
[root@localhost php-fpm.d]# vim /data/wwwroot/test.com/sleep.php
[root@localhost php-fpm.d]# /etc/init.d/php-fpm reload
Reload service php-fpm done
[root@localhost php-fpm.d]# curl -x127.0.0.1:80 test.com/sleep.php
test slow logdone
- 查看是否生成了慢日志
[root@localhost php-fpm.d]# cat /usr/local/php-fpm/var/log/www-slow.log
[08-Jul-2018 23:14:11] [pool www] pid 1923
script_filename = /data/wwwroot/test.com/sleep.php //提示:是哪个脚本慢
[0x00007fb857b582f8] sleep() /data/wwwroot/test.com/sleep.php:3 //提示:是脚本的第三行慢
7、php-fpm定义open_basedir
- open_basedir 的作用是限制php在指定的目录里活动。
- 因为如果服务器管理多个网站,在php.ini里定义多个open_basedir就不合适了,所以要么在apache虚拟主机配置文件里面定义,要么在php-fpm配置文件里面定义,我们可以针对不同的池子(pool)定义对应的open_basedir
- 只需要加 下面一行配置即可
php_admin_value[open_basedir]=/data/wwwroot/test.com:/tmp/
- 在www的pool进行配置;在最后一行加入配置
[root@localhost php-fpm.d]# vim /usr/local/php-fpm/etc/php-fpm.d/www.conf
[root@localhost php-fpm.d]# cat /usr/local/php-fpm/etc/php-fpm.d/www.conf
[www]
listen = /tmp/php-fcgi.sock
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
request_slowlog_timeout = 1
slowlog = /usr/local/php-fpm/var/log/www-slow.log
- 重启php-fpm,访问测试
[root@localhost php-fpm.d]# /etc/init.d/php-fpm restart
Gracefully shutting down php-fpm . done
Starting php-fpm done
[root@localhost php-fpm.d]# ls /data/wwwroot/test.com
1.gif 1.txt 2.js admin index.html sleep.php upload
[root@localhost php-fpm.d]# curl -x127.0.0.1:80 test.com/sleep.php -I
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Sun, 08 Jul 2018 15:31:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.6.30
- 定义错误日志
[root@localhost php-fpm.d]# vim /usr/local/php-fpm/etc/php.ini
搜索 /display_errors
将display_errors = Off
搜索 /error_log,添加error_log
error_log = /usr/local/php-fpm/var/log/php_errors.log //这一段定义错误日志路径
搜索error_reporting
注释掉自带的error_reporting
;error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
error_reporting = E_ALL //定义错误日志的级别所有
display_errors = Off 正常情况下,在线上这个是off的,别人不能通过浏览器看到你的错误信息,而是把你的错误信息记录到服务器的某一个文件里 查看设置的错误日志文件,并是否生成;创建错误日志文件并设置777权限
[root@localhost php-fpm.d]# ls /usr/local/php-fpm/var/log/
php-fpm.log www-slow.log
[root@localhost php-fpm.d]# touch /usr/local/php-fpm/var/log/php_errors.log
[root@localhost php-fpm.d]# chmod 777 /usr/local/php-fpm/var/log/php_errors.log
[root@localhost php-fpm.d]# ls /usr/local/php-fpm/var/log/php_errors.log
/usr/local/php-fpm/var/log/php_errors.log
8、php-fpm进程管理
- php-fpm的pool配置文件中的关于进程的配置行的说明
vim www.conf
[www]
listen = /tmp/php-fcgi.sock
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic //定义进程启动方式(dynamic表示动态,static表示静态)
//只有pm设置为dynamic,下面的配置才生效
pm.max_children = 50 //最多启动的子进程数量
pm.start_servers = 20 //开始启动的子进程数量
pm.min_spare_servers = 5 //空闲时最少有几个子进程,到5个就会自动增加
pm.max_spare_servers = 35 //空闲时最多有几个子进程,到35个就会自定清理
pm.max_requests = 500 //一个子进程最多可接受多少个请求,到达500就会自动退出子进程
rlimit_files = 1024 //每个子进程打开的文件句柄个数
- pm = dynamic //表示进程以什么形式启动,dynamic就是动态,动态就是一开始为一个数值,根据需求再自动生成,服务器比较闲的时候还会去销毁,销毁到一定程度还有自动生成
- pm.max_children = 50 //最大子进程数,ps aux可以查看
- pm.start_servers = 20 //启动服务时会启动的进程数
- pm.min_spare_servers = 5 //定义在空闲时段,子进程数的最少数量,如果达到这个数值时,php-fpm服务会自动派生新的子进程。
- pm.max_spare_servers = 35 //定义在空闲时段,子进程数的最大值,如果高于这个数值就开始清理空闲的子进程。
- pm.max_requests = 500 //定义一个子进程最多处理的请求数,也就是说在一个php-fpm的子进程最多可以处理这么多请求,当达到这个数值时,它会自动退出。
- rlimit_files = 1024
- request_slowlog_timeout = 1
- slowlog = /usr/local/php-fpm/var/log/www-slow.log
- php_admin_value[open_basedir]=/data/wwwroot/test.com:/tmp/
dynamic和static
- pm = dynamic //表示进程以什么形式启动,dynamic就是动态,动态就是一开始为一个数值,根据需求再自动生成,服务器比较闲的时候还会去销毁,销毁到一定程度还有自动生成;根据下面的设置去进行设定“start_servers ”、“min_spare_servers ”、“max_spare_servers ”、“max_requests ”
- pm = static 之后,一旦选择这个设置,下面的pm的各种设置只会有一个max_children生效,并启动的时候就生成50个