一缰冤、nginx狀態(tài)模塊及權(quán)限控制補(bǔ)充

1.2 nginx狀態(tài)模塊

通過(guò)監(jiān)控軟件查看nginx的狀態(tài)

[root@web01 ~]# curl status.oldboy.com
Active connections: 1 
server accepts handled requests
 23 23 23 
Reading: 0 Writing: 1 Waiting: 0 

\\------------------分別代表的含義-----------------------------------
Active connections: 1     當(dāng)前的連接數(shù)量（已經(jīng)建立的連接）

server accepts             服務(wù)器接收到的請(qǐng)求數(shù)量
server handled             服務(wù)器處理的請(qǐng)求數(shù)量
server requests            用戶一共向服務(wù)器發(fā)出多少請(qǐng)求 

Reading: 0                 當(dāng)前nginx正在讀取的用戶請(qǐng)求頭的數(shù)量 
Writing: 1                 當(dāng)前nginx正在響應(yīng)用戶請(qǐng)求的數(shù)量
Waiting: 0                 當(dāng)前等待被nginx處理的請(qǐng)求數(shù)量 

1.2 權(quán)限控制

實(shí)例1.2.1 基于用戶登錄配置（簡(jiǎn)單驗(yàn)證）
1>在status.conf 中配置配置用戶及密碼

[root@web01 /etc/nginx/conf.d]# cat status.conf 
server{ 
    listen   80; 
    server_name   status.oldboy.com;
    stub_status  on;
    access_log  off;
    auth_basic "Auth access Blog Input your Passwd!";   \\指定用戶密碼提示
    auth_basic_user_file /etc/nginx/htpasswd;     \\指定用戶密碼文件

}

2>添加密碼文件

[root@web01 /etc/nginx/conf.d]# htpasswd -bc /etc/nginx/htpasswd  oldboy   oldboy
Adding password for user oldboy

3>設(shè)置密碼文件的權(quán)限為600，所有者及屬組為nginx

\\修改密碼文件的權(quán)限為600
[root@web01 /etc/nginx/conf.d]# chmod 600 /etc/nginx/htpasswd

\\修改密碼文件的所有者及所有屬組為nginx
[root@web01 /etc/nginx/conf.d]# chown nginx.nginx /etc/nginx/htpasswd

4>nginx檢查語(yǔ)法

[root@web01 /etc/nginx/conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

5>啟動(dòng)nginx服務(wù)

[root@web01 /etc/nginx/conf.d]# systemctl reload nginx

6>瀏覽器輸入域名檢查腰湾，如圖：

image

1.3 #取出本地的狀態(tài)碼

[root@web01 /etc/nginx/conf.d]# curl  10.0.0.7
HTTP/1.1 200 OK
Server: nginx/1.16.0
Date: Thu, 06 Jun 2019 01:58:40 GMT
Content-Type: text/html
Content-Length: 15
Last-Modified: Wed, 05 Jun 2019 09:52:47 GMT
Connection: keep-alive
ETag: "5cf790ef-f"
Accept-Ranges: bytes

[root@web01 ~]# curl 10.0.0.7|awk 'NR==1{print $2}'
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    16  100    16    0     0  22471      0 --:--:-- --:--:-- --:--:-- 16000

[root@web01 ~]# curl -sI 10.0.0.7|awk 'NR==1{print $2}'
200

curl 常見(jiàn)的參數(shù)：
??-s：不顯示網(wǎng)頁(yè)的內(nèi)容
??-w：什么輸出完成后
??-o：把網(wǎng)站頁(yè)面的內(nèi)容寫(xiě)入到哪里或黑洞`

二抵卫、 nginx的location規(guī)則

2.1 location的作用

根據(jù)用戶請(qǐng)求的URL來(lái)執(zhí)行不同的應(yīng)用掠手，即URI的內(nèi)容。

2.2 location語(yǔ)法

location[=|~|~*|^~]url{
           ……
        }

2.3 location語(yǔ)法說(shuō)明

| location | [=|_|*|^~] | url | {……} |
| --- | --- | --- | --- |
| 指令 | 匹配標(biāo)識(shí) | 匹配的網(wǎng)站網(wǎng)址 | 匹配URL后要執(zhí)行的配置段 |

2.4 匹配標(biāo)識(shí)分別代表的含義

2.5 location的優(yōu)先級(jí)

注：驗(yàn)證這個(gè)之前將 /etc/nginx/conf.d目錄下的conf文件只保留01-www.conf伐脖，其他全部壓縮了热幔，不然會(huì)影響后面的驗(yàn)證

[root@web01 /etc/nginx/conf.d]# cat 01-www.conf
server {
    listen       80;
    server_name  www.oldboy.com;
    root   html/www;
    location / {
       return 200  "location / \n";
    }
    location = / {
        return 200 "location = \n";
    }
    location /documents/ {
        return 200 "location /documents/ \n";
    }
    location ^~ /images/ {
        return 200 "location ^~ /images/ \n";
    }
    location ~* \.(gif|jpg|jpeg)$ {
        return 200 "location ~* \.(gif|jpg|jpeg) \n";
    }
    access_log off;
}

以上是01-www.conf配置文件中的內(nèi)容，然后進(jìn)行以下測(cè)試

[root@web01 /etc/nginx/conf.d]# curl 10.0.0.7
location = 

[root@web01 /etc/nginx/conf.d]# curl 10.0.0.7/
location = 

[root@web01 /etc/nginx/conf.d]# curl 10.0.0.7/oldboy.html
location / 

[root@web01 /etc/nginx/conf.d]# curl 10.0.0.7/documents/alex.txt
location /documents/ 

[root@web01 /etc/nginx/conf.d]# curl 10.0.0.7/lidao/documents/alex.txt
location / 

[root@web01 /etc/nginx/conf.d]# curl 10.0.0.7/oldboy.jpg
location ~* \.(gif|jpg|jpeg) 

#驗(yàn)證/documents與~* 的優(yōu)先級(jí)
[root@web01 /etc/nginx/conf.d]# curl 10.0.0.7/documents/oldboy.jpg
location ~* \.(gif|jpg|jpeg) 

#驗(yàn)證 ~* 與 ^~ 優(yōu)先級(jí)
[root@web01 /etc/nginx/conf.d]# curl 10.0.0.7/images/oldboy.jpg
location ^~ /images/ 

image

2.6 location規(guī)則應(yīng)用：

1>限制敏感目錄

location /admin{
    deny all;
}

2>區(qū)分不同的文件類型

location ~* \.(gif|jpg|jpeg)$ {
    在用戶瀏覽器緩存10年
}

三讼庇、LNMP搭建博客網(wǎng)站

3.1 搭建網(wǎng)站必備環(huán)境

PHP網(wǎng)站用LNMP/LEMP
Java網(wǎng)站用LNMT
靜態(tài)/動(dòng)態(tài)

LNMP分別是L=Linux断凶、N=Nginx、M=MySQL巫俺、P=PHP
LNMT分別是L=Linux认烁、N=Nginx、M=MySQL介汹、T=Tomcat

3.2 LNMP架構(gòu)環(huán)境部署

image

3.2.1配置nginx的yum源

[root@web ~]# vim /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1

3.2.2安裝nginx

yum install -y nginx

3.2.3 啟動(dòng)nginx却嗡，并加入開(kāi)機(jī)自啟動(dòng)

啟動(dòng)服務(wù)：systemctl start nginx
設(shè)置開(kāi)機(jī)自啟：systemctl enable nginx

3.2.4 使用第三方擴(kuò)展源安裝php7.1

rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

由于網(wǎng)絡(luò)的原因，也可以將這兩個(gè)包先下載到本地嘹承，在導(dǎo)入到系虛擬機(jī)中安裝

rpm -ivh epel-release-latest-7.noarch.rpm
rpm -ivh webtatic-release.rpm

yum -y install php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71w-mcrypt php71w-mbstring php71w-pdo php71w-xml php71w-fpm php71w-mysqlnd php71w-opcache php71w-pecl-memcached php71w-pecl-redis php71w-pecl-mongodb

修改nginx配置（只保留/etc/nginx/conf.d/02-blog.conf窗价，其他都用gzip壓縮了）※※

[root@web01 /etc/nginx/conf.d]# vim 02-blog.conf 
server   {
    listen       80;
    server_name  blog.oldboy.com;
    access_log  /var/log/nginx/access_blog.log  main;
    root   /usr/share/nginx/html/blog;
    location / {
    index  index.php index.html index.htm;
    }
   location ~* \.(php|php5)$ {
       fastcgi_pass   127.0.0.1:9000;
       fastcgi_index  index.php;
       fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
       include        fastcgi_params;
  }
}

\\----------------上面的含義----------------------------
fastcgi_pass      \\把動(dòng)態(tài)請(qǐng)求交給php-fpm
fastcgi_index    \\默認(rèn)訪問(wèn)的首頁(yè)文件
fastcgi_param     \\設(shè)置nginx把請(qǐng)求轉(zhuǎn)發(fā)給php的時(shí)候的參數(shù)
$document_root    \\網(wǎng)站的站點(diǎn)目錄
$fastcgi_script_name    \\請(qǐng)求URI

image

3.2.5 安裝mariadb數(shù)據(jù)庫(kù)(MySQL)

yum install -y mariadb-server

3.2.6 啟動(dòng)mariadb數(shù)據(jù)庫(kù)，并設(shè)置開(kāi)機(jī)自啟

啟動(dòng)服務(wù)：systemctl start mariadb.service
設(shè)置開(kāi)機(jī)自啟：systemctl enable mariadb.service

3.2.7 檢查MySQL端口

[root@web01 /etc/nginx/conf.d]#  ss -lntup |grep mysql
tcp    LISTEN     0      50        *:3306                  *:*                   users:(("mysqld",pid=74317,fd=13))
[root@web01 /etc/nginx/conf.d]# 

3.3 MySQL數(shù)據(jù)庫(kù)的基礎(chǔ)操作

3.3.1 進(jìn)入數(shù)據(jù)庫(kù)

1>MySQL命令（mysql客戶端）
2>進(jìn)入本地指定數(shù)據(jù)庫(kù)：mysql -u wordpress -p123456或mysql -uwordpress -p回車輸入密碼
3>遠(yuǎn)程進(jìn)入指定數(shù)據(jù)庫(kù)：mysql -uwordpress -p123456 -h 172.16.1.7

3.3.2 查看操作
1>查看系統(tǒng)中所有數(shù)據(jù)庫(kù)

MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| test               |
+--------------------+
4 rows in set (0.00 sec)

MariaDB [(none)]> 

2>查看系統(tǒng)中所有的用戶（顯示指定某些表字段）

MariaDB [(none)]> select user,host from mysql.user;
+------+-----------+
| user | host      |
+------+-----------+
| root | 127.0.0.1 |
| root | ::1       |
|      | localhost |
| root | localhost |
|      | web01     |
| root | web01     |
+------+-----------+
6 rows in set (0.00 sec)

3>查詢橫向顯示所有表字段

select * from mysql.user

4>查詢縱向顯示所有表字段

select * from mysql.user\G

5>顯示當(dāng)前所用的用戶

select user();

6>使用數(shù)據(jù)庫(kù)（進(jìn)入指定數(shù)據(jù)庫(kù)）

use mysql;

7>顯示當(dāng)前使用的數(shù)據(jù)庫(kù)

select database();

8>只顯示1條數(shù)據(jù)

MariaDB [(none)]> select * from mysql.user limit 1 ;
MariaDB [(none)]> select * from mysql.user limit 1 \G

3.3.3 創(chuàng)建操作
1>創(chuàng)建數(shù)據(jù)庫(kù)

MariaDB [(none)]> create database wordpress;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| test               |
| wordpress          |
+--------------------+
5 rows in set (0.00 sec)

2>創(chuàng)建用戶

MariaDB [(none)]> grant all      on wordpress.*       to 'wordpress'@'172.16.1.%'  identified by '123456';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all      on wordpress.*       to 'wordpress'@'localhost'  identified by '123456';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> 

3.3.4刪除操作

1>刪除數(shù)據(jù)庫(kù)

drop database wordprssd(數(shù)據(jù)庫(kù)名);

2>刪除用戶

drop user 'oldboy'@'localhost'
生效用戶：flush privileges（刪除用戶的時(shí)候使用）

3.3.5更新權(quán)限信息：修改用戶信息之后需要跟新權(quán)限信息

3.3.6備份操作

1>導(dǎo)出所有的數(shù)據(jù)庫(kù)

mysqldump -uroot -p -all-database >/root/all.sql
mysqldump -uroot -p -A >/root/all.sql

3.3.7恢復(fù)數(shù)據(jù)庫(kù)

mysql -uroot -p </root/all.sql

3.3.8打包壓縮導(dǎo)出的數(shù)據(jù)庫(kù)

tar叹卷、zip與unzip撼港、gzip與gzip -d

注：退出用Ctrl+d，不要使用Ctrl+c

3.4 配置PHP

由于nginx運(yùn)行起來(lái)是nginx用戶骤竹，且為了和PHP很好的溝通帝牡，估讓PHP運(yùn)行起來(lái)也應(yīng)該是nginx用戶，所以要進(jìn)行以下修改

[root@web01 ~]# egrep  -n '^user|^group' /etc/php-fpm.d/www.conf 
8:user = nginx
10:group = nginx

啟動(dòng)服務(wù)

systemctl restart php-fpm.service 

檢查端口

[root@web01 ~]# ss -lntup|grep 9000
tcp    LISTEN     0      128    127.0.0.1:9000                  *:*                   users:(("php-fpm",pid=15344,fd=9),("php-fpm",pid=15343,fd=9),("php-fpm",pid=15342,fd=9),("php-fpm",pid=15341,fd=9),("php-fpm",pid=15340,fd=9),("php-fpm",pid=15339,fd=7))

檢查進(jìn)程

[root@web01 ~]# ps -ef |grep php 
root     15339     1  0 12:42 ?        00:00:00 php-fpm: master process (/etc/php-fpm.conf)
nginx    15340 15339  0 12:42 ?        00:00:00 php-fpm: pool www
nginx    15341 15339  0 12:42 ?        00:00:00 php-fpm: pool www
nginx    15342 15339  0 12:42 ?        00:00:00 php-fpm: pool www
nginx    15343 15339  0 12:42 ?        00:00:00 php-fpm: pool www
nginx    15344 15339  0 12:42 ?        00:00:00 php-fpm: pool www
root     15348  3551  0 12:43 pts/0    00:00:00 grep --color=auto php

3.5 檢查與測(cè)試

3.5.1 檢查nginx與php之間連接是否OK

[root@web01 /usr/share/nginx/html/blog]# cat info.php 
<?php
phpinfo();
?>

image

3.5.2 檢查php與MySQL連接是否OK

[root@web01 /usr/share/nginx/html/blog]# cat mysqli.php 
<?php
$servername = "localhost";
$username = "wordpress";
$password = "123456";

// 創(chuàng)建連接
$conn = mysqli_connect($servername, $username, $password);

// 檢測(cè)連接
if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
}
echo "php連接MySQL數(shù)據(jù)庫(kù)成功";
?>

image

3.6 搭建wordpress博客（代碼上線）

官網(wǎng)：https://cn.wordpress.org/

1>下載wordpress博客的源碼蒙揣，上傳到虛擬機(jī)中靶溜，并解壓之后將wordpress的所有內(nèi)容移動(dòng)到blog目錄下
mv wordpress/* /usr/share/nginx/html/blog/

[root@web01 ~]# ll /usr/share/nginx/html/blog
total 208
-rw-r--r--  1 root   root         16 Jun  5 10:12 index.html
-rw-r--r--  1 nobody nfsnobody   420 Dec  1  2017 index.php
-rw-r--r--  1 root   root         20 Jun  6 12:53 info.php
-rw-r--r--  1 nobody nfsnobody 19935 Jan  2 04:37 license.txt
-rw-r--r--  1 root   root        288 Jun  6 13:03 mysqli.php
-rw-r--r--  1 nobody nfsnobody  7447 Apr  9 06:59 readme.html
-rw-r--r--  1 nobody nfsnobody  6919 Jan 12 14:41 wp-activate.php
drwxr-xr-x  9 nobody nfsnobody  4096 May 22 02:24 wp-admin
-rw-r--r--  1 nobody nfsnobody   369 Dec  1  2017 wp-blog-header.php
-rw-r--r--  1 nobody nfsnobody  2283 Jan 21 09:34 wp-comments-post.php
-rw-r--r--  1 nobody nfsnobody  2898 Jan  8 12:30 wp-config-sample.php
drwxr-xr-x  4 nobody nfsnobody    52 May 22 02:24 wp-content
-rw-r--r--  1 nobody nfsnobody  3847 Jan  9 16:37 wp-cron.php
drwxr-xr-x 20 nobody nfsnobody  8192 May 22 02:24 wp-includes
-rw-r--r--  1 nobody nfsnobody  2502 Jan 16 13:29 wp-links-opml.php
-rw-r--r--  1 nobody nfsnobody  3306 Dec  1  2017 wp-load.php
-rw-r--r--  1 nobody nfsnobody 39574 Apr 16 06:39 wp-login.php
-rw-r--r--  1 nobody nfsnobody  8403 Dec  1  2017 wp-mail.php
-rw-r--r--  1 nobody nfsnobody 18962 Mar 29 03:04 wp-settings.php
-rw-r--r--  1 nobody nfsnobody 31085 Jan 17 00:51 wp-signup.php
-rw-r--r--  1 nobody nfsnobody  4764 Dec  1  2017 wp-trackback.php
-rw-r--r--  1 nobody nfsnobody  3068 Aug 17  2018 xmlrpc.php
[root@web01 ~]# mv wordpress /usr/share/nginx/html/blog/

修改blog站點(diǎn)目錄的所有者及屬組為nginx

[root@web01 /usr/share/nginx/html/blog]# chown -R nginx.nginx wordpress/
[root@web01 /usr/share/nginx/html/blog]# ls -ld wordpress/
drwxr-xr-x 5 nginx nginx 4096 May 22 02:24 wordpress/
[root@web01 /usr/share/nginx/html/blog]# 

2>在瀏覽器輸入http://10.0.0.7

image

image

image

image

image

image

image

補(bǔ)充：
查看網(wǎng)關(guān)的方法：

route -n
ip r
ip route

[root@web01 /etc/nginx/conf.d]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.0.254      0.0.0.0         UG    0      0        0 eth0
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1003   0        0 eth1
172.16.1.0      0.0.0.0         255.255.255.0   U     0      0        0 eth1
[root@web01 /etc/nginx/conf.d]# ip r 
default via 10.0.0.254 dev eth0 
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.7 
169.254.0.0/16 dev eth0 scope link metric 1002 
169.254.0.0/16 dev eth1 scope link metric 1003 
172.16.1.0/24 dev eth1 proto kernel scope link src 172.16.1.7 
[root@web01 /etc/nginx/conf.d]# ip route 
default via 10.0.0.254 dev eth0 
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.7 
169.254.0.0/16 dev eth0 scope link metric 1002 
169.254.0.0/16 dev eth1 scope link metric 1003 
172.16.1.0/24 dev eth1 proto kernel scope link src 172.16.1.7