linuxea: nginx php7.3.8 编译常见错误笔记 php7.3.8 编译常见错误依赖包yum install gcc autoconf gcc-c++ -y yum install libxml2 libxml2-devel openssl openssl-devel bzip2 bzip2-devel libcurl libcurl-devel libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel gmp gmp-devel readline readline-devel libxslt libxslt-devel -y yum install systemd-devel -y yum install openjpeg-devel -y yum install -y curl-devel yum install libzip libzip-devel -ychecking for libzip… configure: error: system libzip must be upgraded to version >= 0.11# checking for libzip… configure: error: system libzip must be upgraded to version >= 0.11 yum remove -y libzip wget https://nih.at/libzip/libzip-1.2.0.tar.gz tar -zxvf libzip-1.2.0.tar.gz cd libzip-1.2.0 ./configure make && make installconfigure: error: off_t undefined; check your library configurationecho '/usr/local/lib64 /usr/local/lib /usr/lib /usr/lib64'>>/etc/ld.so.conf ldconfig -vusr/local/include/zip.h:59:21: fatal error: zipconf.h: No such file or directorycp /usr/local/lib/libzip/include/zipconf.h /usr/local/include/zipconf.h编译脚本参考:curl -Lk https://raw.githubusercontent.com/marksugar/Maops/master/php/php7/phpInstall.sh |bash -s www 7.3.8nginx:curl -Lk https://raw.githubusercontent.com/marksugar/Maops/master/nginx/nginxInstall.sh|bash -s www 1.16.0

linuxea:nginx流量监控模块nginx-module-vts使用 nginx-module-vts他可以记录单个页面的流量，http status的流量，后端代理的流量已经动态dns的流量，还有来自地区/国家的流量，其中可以进行限制流量，并且他还有一个页面，可以根据server_name进行统计域名的流量已经状态码，只需要简单的配置和编译就可以实现，如果希望使用docker，那就太好了，因为我已经为你准备好了示例 docker安装nginx1.14.0-vts模块的下载这里还加了luajit-2.0[root@linuxea-VM-Node203 ~]# git clone git://github.com/vozlt/nginx-module-vts.git "/usr/local/nginx-module-vts" [root@linuxea-VM-Node203 ~]# git clone git://github.com/vozlt/nginx-module-sts.git "/usr/local/nginx-module-sts" [root@linuxea-VM-Node203 ~]# git clone git://github.com/vozlt/nginx-module-stream-sts.git "/usr/local/nginx-module-stream-sts" ### git clone lua_module [root@linuxea-VM-Node203 ~]# curl -Lk https://github.com/simplresty/ngx_devel_kit/archive/v0.3.1rc1.tar.gz |tar xz -C /usr/local [root@linuxea-VM-Node203 ~]# curl -Lk https://github.com/openresty/lua-nginx-module/archive/v0.10.13.tar.gz |tar xz -C /usr/local [root@linuxea-VM-Node203 ~]# curl -Lk https://luajit.org/download/LuaJIT-2.0.5.tar.gz |tar xz -C /usr/local [root@linuxea-VM-Node203 ~]# cd /usr/local/LuaJIT-2.0.5 && make && make install [root@linuxea-VM-Node203 ~]# export LUAJIT_LIB=/usr/local/lib [root@linuxea-VM-Node203 ~]# export LUAJIT_INC=/usr/local/include/luajit-2.0编译安装我们下载最新的nginx,创建用户，编译并添加模块[root@linuxea-VM-Node203 ~]# useradd www -s /sbin/nologin -M [root@linuxea-VM-Node203 ~]# curl -Lk https://nginx.org/download/nginx-1.14.0.tar.gz |tar xz -C /usr/local [root@linuxea-VM-Node203 ~]# cd /usr/local/nginx-1.14.0 && ./configure \ --prefix=/usr/local/nginx \ --conf-path=/etc/nginx/nginx.conf \ --user=www \ --group=www \ --error-log-path=/var/log/nginx/error.log \ --http-log-path=/var/log/nginx/access.log \ --pid-path=/var/run/nginx/nginx.pid \ --lock-path=/var/lock/nginx.lock \ --with-http_ssl_module \ --with-http_stub_status_module \ --with-http_gzip_static_module \ --with-http_flv_module \ --with-http_mp4_module \ --with-http_geoip_module \ --http-client-body-temp-path=/var/tmp/nginx/client \ --http-proxy-temp-path=/var/tmp/nginx/proxy \ --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi \ --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi \ --add-module=/usr/local/lua-nginx-module-0.10.13 \ --add-module=/usr/local/ngx_devel_kit-0.3.1rc1 \ --add-module=/usr/local/nginx-module-vts \ --with-stream \ --add-module=/usr/local/nginx-module-sts \ --add-module=/usr/local/nginx-module-stream-sts && make -j2 && make install [root@linuxea-VM-Node203 /usr/local/nginx-1.14.]# ln -s /usr/local/lib/libluajit-5.1.so.2 /lib/ nginx-module-vts配置文件我分别编辑了两个conf文件include进去加载主配置文件在http部分 : nginx-module-vts_zone.confgeoip_country /etc/nginx/GeoIP.dat; # 使用GeoIP计算各个国家/地区的流量 vhost_traffic_status_zone; # 必须的指令 vhost_traffic_status_filter_by_host on; # 以server_name的形式展示 #vhost_traffic_status_bypass_stats on; # 不会统计流量页面的数据流量 vhost_traffic_status_filter_by_set_key $geoip_country_code country::*; # # 使用GeoIP计算各个国家/地区的流量 map $http_user_agent $filter_user_agent { # 计算单个用户代理的流量 default 'unknown'; ~iPhone ios; ~Android android; ~(MSIE|Mozilla) windows; } vhost_traffic_status_filter_by_set_key $filter_user_agent agent::*; # 计算单个用户代理的流量加载vhost的server部分: nginx-module-vts_zone.confvhost_traffic_status_set_by_filter $variable group/zone/name; # 获取存储在共享内存中的指定状态值。 vhost_traffic_status_filter_by_set_key $geoip_country_code country::$server_name; # 以server_name的形式展示 vhost_traffic_status_bypass_stats on; # 不会统计流量页面的数据流量 vhost_traffic_status_filter_by_set_key $status $server_name; # 计算详细的http状态代码的流量 vhost_traffic_status_filter_by_set_key $filter_user_agent agent::$server_name; # 计算单个用户代理的流量或者可以这样http段直接加 vhost_traffic_status_zone; vhost_traffic_status_filter_by_host on; server段直接加server { listen 8295; server_name localhost; # disaned status vhost_traffic_status off; # vhost_traffic_status off; location /status { vhost_traffic_status_display; vhost_traffic_status_display_format html; } }打开浏览器web-name:8295/status这个模块本身是可以直接用来prometheus使用的，只要访问/status/format/prometheus即可，本地来搞一下看看效果，过滤一段试试[root@linuxea-VM-Node203 /etc/nginx]# curl 10.10.240.203:8295/status/format/prometheus|grep nginx_vts_server_requests_total % Total % Received % Xferd Average Speed Time Time Time Current7631 100 7631 0 0 10.3M 0 --:--:-- --:--:-- --:--:-- 7452kHELP nginx_vts_server_requests_total The requests counterTYPE nginx_vts_server_requests_total counternginx_vts_server_requests_total{host="10.10.240.203",code="1xx"} 0nginx_vts_server_requests_total{host="10.10.240.203",code="2xx"} 1663nginx_vts_server_requests_total{host="10.10.240.203",code="3xx"} 0nginx_vts_server_requests_total{host="10.10.240.203",code="4xx"} 0nginx_vts_server_requests_total{host="10.10.240.203",code="5xx"} 0nginx_vts_server_requests_total{host="10.10.240.203",code="total"} 1663nginx_vts_server_requests_total{host="linuxea.ds.com",code="1xx"} 0nginx_vts_server_requests_total{host="linuxea.ds.com",code="2xx"} 0nginx_vts_server_requests_total{host="linuxea.ds.com",code="3xx"} 294nginx_vts_server_requests_total{host="linuxea.ds.com",code="4xx"} 0nginx_vts_server_requests_total{host="linuxea.ds.com",code="5xx"} 0nginx_vts_server_requests_total{host="linuxea.ds.com",code="total"} 294nginx_vts_server_requests_total{host="*",code="1xx"} 0nginx_vts_server_requests_total{host="*",code="2xx"} 1663nginx_vts_server_requests_total{host="*",code="3xx"} 294nginx_vts_server_requests_total{host="*",code="4xx"} 0nginx_vts_server_requests_total{host="*",code="5xx"} 0nginx_vts_server_requests_total{host="*",code="total"} 1957[root@linuxea-VM-Node203 /etc/nginx]#当然这样一来安全就有些问题了 #### 配置nginx认证 在公网上跑的时候出来iptables的防火墙对固定ip放行端口的同时，一定要在骚一些弄个用户验证 生成一个htpasswd的用户和密码，用户名:linuxea 密码：www.linuxea.com[root@linuxea-VM-Node63 /etc/nginx/vhost]# htpasswd -c /usr/local/ngxpasswd linuxeaNew password: Re-type new password: Adding password for user linuxea添加到nginx的状态页面中来 主要添加如下:auth_basic "Please enter your id and password!"; auth_basic_user_file /etc/nginx/ngxpasswd;如下：server { listen 8295; server_name localhost; auth_basic "Please enter your id and password!"; auth_basic_user_file /etc/nginx/ngxpasswd;#disaned status vhost_traffic_status off; vhost_traffic_status off; location /status { vhost_traffic_status_display; vhost_traffic_status_display_format html;}}接着打开就需要认证了 ![20180801-2.png][2] 到此nginx认证完成 #### 配置prometheus抓取端metrics_path字段的位置需要写明/status/format/prometheusbasic_auth 用户和密码，在上面进行配置nginx的认证的那些 - job_name: "nginx" metrics_path: /status/format/prometheus basic_auth: username: linuxea password: 'www.linuxea.com' static_configs: - targets: - '10.10.240.203:8295' labels: group: 'nginx'添加到proentheus上可以抓取，如果有问题，你应该检查targets是否up安装nginx-vts-exporter事实上在我对比后，nginx-vts-exporter更适用prometheus抓取，里面有一些是nginx-module-vts没有的，so，我们进行安装nginx-vts-exporter[root@linuxea-VM-Node203 /etc/nginx/vhost]# docker pull sophos/nginx-vts-exporter:latest [root@linuxea-VM-Node203 ～]# docker run -ti --rm --env NGINX_STATUS="https://linuxea:www.linuxea.com@localhost:8295/status/format/json" sophos/nginx-vts-exporter这时候会启动9913端口，通过浏览器可以访问(你可能需要做好防火墙规则)，因为之前加了验证，这里需要添加用户和密码https://linuxea:www.linuxea.com@localhost:8295/status/format/json通过9913端口可以查看所有的指标。我这里用linuxea做测试[root@linuxea-VM-Node203 /etc/nginx/vhost]# curl https://10.10.240.203:9913/metrics|grep "linuxea" % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 7028 100 7028 0 0 2013k 0 --:--:-- --:--:-- --:--:-- 2287k nginx_server_bytes{direction="in",host="linuxea.ds.com"} 1.700065e+06 nginx_server_bytes{direction="out",host="linuxea.ds.com"} 1.240604e+06 nginx_server_cache{host="linuxea.ds.com",status="bypass"} 0 nginx_server_cache{host="linuxea.ds.com",status="expired"} 0 nginx_server_cache{host="linuxea.ds.com",status="hit"} 0 nginx_server_cache{host="linuxea.ds.com",status="miss"} 0 nginx_server_cache{host="linuxea.ds.com",status="revalidated"} 0 nginx_server_cache{host="linuxea.ds.com",status="scarce"} 0 nginx_server_cache{host="linuxea.ds.com",status="stale"} 0 nginx_server_cache{host="linuxea.ds.com",status="updating"} 0 nginx_server_requestMsec{host="linuxea.ds.com"} 0 nginx_server_requests{code="1xx",host="linuxea.ds.com"} 0 nginx_server_requests{code="2xx",host="linuxea.ds.com"} 40 nginx_server_requests{code="3xx",host="linuxea.ds.com"} 3792 nginx_server_requests{code="4xx",host="linuxea.ds.com"} 1 nginx_server_requests{code="5xx",host="linuxea.ds.com"} 0 nginx_server_requests{code="total",host="linuxea.ds.com"} 3833直接使用prometheus如：查看nginx_server_requests指标，host为linuxea.ds.com，30s的数据，只显示code和host字段sum (irate(nginx_server_requests{host!="*",host="linuxea.ds.com",code!="total"}[30s])) by (code,host)并且可以和grafana配合使用，我这里将官网的模板也inport进去了，你可以去我gitlhub下载nginx-vts-stats_rev2 (1).json，也可以去grafana下载当你Import dashboard 后你会看到这样的一个画面额外的nginx-module-sts配置nginx http段添加stream_server_traffic_status_zone;在http内include vhost/stream.conf;在http外include stream_server.conf;创建server段文件[root@linuxea-VM-Node203 /etc/nginx]# cat vhost/stream.conf server { listen 82; server_name linuxea.ds.com; location /status { stream_server_traffic_status_display; stream_server_traffic_status_display_format html; } }创建stream_server.conf 文件[root@linuxea-VM-Node203 /etc/nginx]# cat stream_server.conf stream { geoip_country /etc/nginx/GeoIP.dat; server_traffic_status_zone; server_traffic_status_filter_by_set_key $geoip_country_code country::*; server { server_traffic_status_filter_by_set_key $geoip_country_code country::$server_addr:$server_port; }部分参数对location指令的正则表达式匹配的单个storage的流量。http { vhost_traffic_status_zone; ... server { ... location ~ ^/storage/(.+)/.*$ { set $volume $1; vhost_traffic_status_filter_by_set_key $volume storage::$server_name; } location /status { vhost_traffic_status_display; vhost_traffic_status_display_format html; } } }计算单个用户代理的流量计算个人的流量 http_user_agenthttp { vhost_traffic_status_zone; map $http_user_agent $filter_user_agent { default 'unknown'; ~iPhone ios; ~Android android; ~(MSIE|Mozilla) windows; } vhost_traffic_status_filter_by_set_key $filter_user_agent agent::*; ... server { ... vhost_traffic_status_filter_by_set_key $filter_user_agent agent::$server_name; location /status { vhost_traffic_status_display; vhost_traffic_status_display_format html; } } }http status code状态码的流量http { vhost_traffic_status_zone; server { ... vhost_traffic_status_filter_by_set_key $status $server_name; location /status { vhost_traffic_status_display; vhost_traffic_status_display_format html; } } }计算动态dns的流量如果域具有多个DNS A记录，则可以使用过滤器功能或proxy_pass中的变量计算域的各个IP的流量。http { vhost_traffic_status_zone; upstream backend { elb.example.org:80; } ... server { ... location /backend { vhost_traffic_status_filter_by_set_key $upstream_addr upstream::backend; proxy_pass backend; } } }计算域的各个IP的流量elb.example.org。如果elb.example.org有多个DNS A记录，将显示所有IP filterZones。在上述设置中，当NGINX启动或重新加载配置时，它会查询DNS服务器以解析域，并将DNS A记录缓存在内存中。因此，即使DNS管理员对DNS A记录进行了分区，DNS A记录也不会在内存中更改，除非NGINX重新启动或重新加载。http { vhost_traffic_status_zone; resolver 10.10.10.53 valid=10s ... server { ... location /backend { set $backend_server elb.example.org; proxy_pass https://$backend_server; } } }计算域的各个IP的流量elb.example.org。如果elb.example.org更改了DNS A记录，将同时显示旧IP和新IP ::nogroups。与第一个上游组设置不同，即使DNS管理员对DNS A记录进行了分析，第二个设置也能正常工作。永久保留统计数据http { vhost_traffic_status_zone; vhost_traffic_status_dump /var/log/nginx/vts.db; ... server { ... } }vhost_traffic_status_filter_by_host on; 会更加不同的server_name进行统计参考 : https://github.com/vozlt/nginx-module-vts

Nginx平滑处理echo模块收集POST日志 Nginx可以轻松处理大量的HTTP流量。每次NGINX处理连接时，将生成一个日志条目，以存储此连接（例如远程IP地址，响应大小和状态代码等）的某些信息。可在此处找到包含更多详细信息的完整记录信息集。在某些情况下，您可能更愿意存储请求的主体，特别是POST请求。幸运的是，NGINX生态系统是丰富的，并且包括很多 方便的模块。一个这样的模块是 回声模块，它提供的东西等是有用的功能：echo，time，和sleep 命令。在我们的用例中，要记录请求体，我们需要的是使用echo_read_request_body命令和$request_body变量（包含Echo模块的请求体）。然而，这个模块不是默认分配给NGINX，为了能够使用它，我们必须通过构建包含Echo模块的源代码的源代码构建NGINX。 以下步骤详细介绍了如何构建NGINX以便包含Echo模块（这里是完整的构建bash文件）使用以下命令下载NGINX和Echo的源代码：[root@linuxea ]# curl -Lk https://github.com/openresty/echo-nginx-module/archive/v0.58.tar.gz -o /usr/local/ [root@linuxea ]# tar xf v0.58.tar.gz -C /tmp/echo-nginx-module源nginx安装目录位于/usr/local/webserver/nginx，我们直接下载同样版本的nginx，进行编译./configure --user=www \ --group=www \ --prefix=/usr/local/webserver/nginx \ --with-http_stub_status_module \ --with-http_ssl_module \ --with-http_gunzip_module \ --with-http_mp4_module \ --with-http_flv_module \ --with-pcre \ --with-http_gzip_static_module \ --with-http_realip_module \ --with-ld-opt=-ljemalloc \ --add-module=/tmp/echo-nginx-module编译完成后，仅仅只进行make即可在/usr/local/webserver/nginx/sbin/下，删除或者重新命名nginxmv nginx old_nginxmv或者rm后nginx还是在运行着[root@linuxea sbin]# ps aux|grep nginx root 1796 0.0 0.9 124408 36180 ? Ss Mar06 0:02 nginx: master process /usr/local/webserver/nginx/sbin/nginx -c /usr/local/webserver/nginx/conf/nginx.conf www 15851 0.3 2.0 169464 78680 ? S 05:05 0:00 nginx: worker process www 15852 0.6 1.9 169464 78072 ? S 05:05 0:00 nginx: worker process www 15853 0.5 1.9 169464 77168 ? S 05:05 0:00 nginx: worker process www 15854 0.3 2.0 169464 78680 ? S 05:05 0:00 nginx: worker process www 15855 0.3 2.0 169464 78600 ? S 05:05 0:00 nginx: worker process www 15856 1.7 1.9 171512 77972 ? S 05:05 0:00 nginx: worker process [root@linuxea sbin]# cp /usr/local/nginx-1.8.0/objs/nginx /usr/local/webserver/nginx/sbin/ [root@linuxea sbin]# /etc/init.d/nginx reloadnginx主配置文件添加：log_format upstream2 '$proxy_add_x_forwarded_for $remote_user [$time_local] "$request" $http_host' '$body_bytes_sent $request_body "$http_referer" "$http_user_agent" $ssl_protocol $ssl_cipher' '$request_time [$status] [$upstream_status] [$upstream_response_time] "$upstream_addr"'; 在server段添加： echo_read_request_body; access_log /data/logs/wwwlogs/access.log upstream2;查看日志： 脚本；if ! rpm -ql GeoIP-devel >/dev/null 2>&1;then yum install GeoIP-devel -y;fi mkdir -p /tmp/nginx_build/{echo-nginx-module,ngx_http_geoip2_module} curl -Lks https://nginx.org/download/nginx-1.10.3.tar.gz|tar -xz -C /tmp/nginx_build/ --strip-components=1 curl -Lks $(curl -Lks 'https://github.com/openresty/echo-nginx-module/releases'| awk -F'"' '/tar.gz"/{print "https://github.com"$2;exit}')| tar -xz -C /tmp/nginx_build/echo-nginx-module/ --strip-components=1 cd /tmp/nginx_build/ngx_http_geoip2_module git clone https://github.com/voxxit/dockerfiles.git mv dockerfiles/nginx-geoip2/ngx_http_geoip2_module-1.0/* . && cd ../ ./configure --user=www --group=www --prefix=/usr/local/webserver/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gunzip_module --with-http_mp4_module --with-http_flv_module --with-http_realip_module --with-pcre --with-http_gzip_static_module --with-ld-opt=-ljemalloc --add-module=./echo-nginx-module --with-http_geoip_module make -j$(getconf _NPROCESSORS_ONLN) && make install && cd && \rm -rf /tmp/nginx_build echo 'export PATH=/usr/local/webserver/nginx/sbin:$PATH' > /etc/profile.d/nginx.sh . /etc/profile.d/nginx.sh && nginx -V本文参考：https://developers.redhat.com/blog/2016/05/23/configuring-nginx-to-log-post-data-on-linux-rhel/

Centos7+LNMP+Discuz_X3.2_SC_UTF8详细部署 OS status:nginx-1.10.2 php-5.6.29 Discuz_X3.2 mariadb-10.1.19安装nginx创建运行nginx用户[root@linuxea-com ~]# groupadd -r -g 499 nginx [root@linuxea-com ~]# useradd -u 499 -s /sbin/nologin -c 'web server' -g nginx nginx -M下载nginx[root@linuxea-com ~]# cd /usr/local [root@linuxea-com /usr/local]# curl -s https://nginx.org/download/nginx-1.10.2.tar.gz -o/usr/local/nginx-1.10.2.tar.gz解压[root@linuxea-com /usr/local]# cd /usr/local && tar xf nginx-1.10.2.tar.gz && rm -rf nginx-1.10.2.tar.gz安装依赖包[root@linuxea-com /usr/local]# yum install openssl-devel pcre pcre-devel gcc make -y开始编译[root@linuxea-com /usr/local]# cd nginx-1.10.2 && ./configure --prefix=/usr/local/nginx --conf-path=/etc/nginx/nginx.conf --user=nginx --group=nginx --error-log-path=/data/logs/nginx/error.log --http-log-path=/data/logs/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/lock/nginx.lock --with-http_ssl_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_flv_module --with-http_mp4_module --with-http_realip_module --http-client-body-temp-path=/var/tmp/nginx/client --http-proxy-temp-path=/var/tmp/nginx/proxy --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi && make && make install创建所需的目录[root@linuxea-com /usr/local]# mkdir -p /var/tmp/nginx/{client,fastcgi,proxy,uwsgi} /data/logs/nginx /data/wwwroot 下载配置文件[root@linuxea-com /usr/local]# rm -rf /etc/nginx/nginx.conf [root@linuxea-com /usr/local]# curl -Lks4 https://raw.githubusercontent.com/LinuxEA-Mark/nmp/master/nginx.conf -o /etc/nginx/nginx.cnf下载启动脚本[root@linuxea-com /usr/local]# curl -Lks4 https://raw.githubusercontent.com/LinuxEA-Mark/nmp/master/nginx -o /etc/init.d/nginx && chmod +x /etc/init.d/nginx安装php-fpmphp install下载php[root@linuxea-com /usr/local]# curl -s https://tw1.php.net/distributions/php-5.6.29.tar.gz -o /usr/local/php-5.6.29.tar.gz && cd /usr/local解压[root@linuxea-com /usr/local]# tar xf php-5.6.29.tar.gz && rm -rf php-5.5.26.tar.gz [root@linuxea-com /usr/local]# cd php-5.6.29创建php用户[root@linuxea-com /usr/local]# groupadd -g 498 -r php-fpm && useradd -u 498 -g php-fpm -r php-fpm -s /sbin/nologin 安装依赖包[root@linuxea-com /usr/local]# yum install epel-release -y && yum install -y gcc automake autoconf libtool make libxml2-devel openssl openssl-devel bzip2 bzip2-devel libpng libpng-devel freetype freetype-devel libcurl-devel libcurl libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libmcrypt-devel libmcrypt libtool-ltdl-devel libxslt-devel mhash mhash-devel axel编译安装：[root@linuxea-com /usr/local]# cd php-5.6.29 && ./configure --prefix=/usr/local/php --disable-pdo --disable-debug --disable-rpath --enable-inline-optimization --enable-sockets --enable-sysvsem--enable-sysvshm --enable-pcntl --enable-mbregex --enable-xml --enable-zip --enable-fpm --enable-mbstring --with-pcre-regex --with-mysql --with-mysqli --with-gd --with-jpeg-dir --with-bz2 --with-zlib --with-mhash --with-curl --with-mcrypt --with-jpeg-dir --with-png-dir && make && make install 创建日志路径[root@linuxea-com /usr/local]# mkdir /data/logs/php-fpm复制php.ini文件[root@linuxea-com /usr/local]# cp /usr/local/php-5.6.29/php.ini-production /usr/local/php/lib/php.ini修改php.ini时区[root@linuxea-com /usr/local]# sed -i 's/;date.timezone =/date.timezone = Asia\/Shanghai/' /usr/local/php/lib/php.ini下载php启动文件[root@linuxea-com /usr/local]# curl -Lks4 https://raw.githubusercontent.com/LinuxEA-Mark/nmp/master/php-fpm -o /etc/init.d/php-fpm && chmod +x /etc/init.d/php-fpm下载php-fpm.conf配置文件[root@linuxea-com /usr/local]# curl -Lks4 https://raw.githubusercontent.com/LinuxEA-Mark/nmp/master/php-fpm.conf -o /usr/local/php/etc/php-fpm.conf安装mariadb安装mariadb下载mariadb[root@linuxea-com /usr/local]# cd /usr/local && axel -n 30 https://sgp1.mirrors.digitalocean.com/mariadb//mariadb-10.1.19/bintar-linux-x86_64/mariadb-10.1.19-linux-x86_64.tar.gz解压[root@linuxea-com /usr/local]# tar xf mariadb-10.1.19-linux-x86_64.tar.gz && ln -s mariadb-10.1.19-linux-x86_64 mysql创建用户[root@linuxea-com /usr/local]# groupadd -g 497 -r mysql && useradd -u 497 -g mysql -r mysql -s /sbin/nologin && mkdir /data/mysql开始二进制安装[root@linuxea-com /usr/local]# cd mysql && scripts/mysql_install_db --user=mysql --datadir=/data/mysql 修改权限[root@linuxea-com /usr/local]# chown -r mysql.mysql /data/mysql复制启动脚本[root@linuxea-com /usr/local]# cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld && chown +x /etc/init.d/mysqld #cp /usr/local/mysql/support-files/my-large.cnf /etc/my.cnf 下载mysql配置文件[root@linuxea-com /usr/local]# curl -Lks4 https://raw.githubusercontent.com/LinuxEA-Mark/nmp/master/my.cnf -o /etc/my.cnf创建mysql软连接[root@linuxea-com /usr/local]# ln -s /usr/local/mysql/bin/mysql /usr/bin/ 启动mysql ,nginx ,php-fpm [root@linuxea-com /usr/local]# systemctl start mysqld && systemct start nginx && systemcrt start php-fpm授权数据库数据库授权[root@linuxea-com /usr/local]# mysql -e "DELETE FROM mysql.user WHERE User='';" [root@linuxea-com /usr/local]# mysql -e "DELETE FROM mysql.db WHERE Db LIKE 'test%';" [root@linuxea-com /usr/local]# mysql -e "DROP DATABASE test;" 创建库bbs，密码8K79Xucb5uXC，root密码：abc8K7123 [root@linuxea-com /usr/local]# mysql -e "CREATE DATABASE bbs charset='utf8';" [root@linuxea-com /usr/local]# mysql -e "GRANT ALL PRIVILEGES ON bbs.* To 'bbs'@'%' IDENTIFIED BY '8K79Xucb5uXC';" [root@linuxea-com /usr/local]# mysql -e "UPDATE mysql.user SET password = password('abc8K7123') WHERE user = 'root';" [root@linuxea-com /usr/local]# mysql -e "flush privileges;" [root@linuxea-com /usr/local]# myqsl -uroot -pabc8K7123 -e "flush privileges;"部署discuz下载Discuz[root@linuxea-com /usr/local]# cd /data/wwwroot [root@linuxea-com /data/wwwroot]# wget https://download.comsenz.com/DiscuzX/3.2/Discuz_X3.2_SC_UTF8.zip && unzip Discuz_X3.2_SC_UTF8.zip 删除一些无用的文件[root@linuxea-com /data/wwwroot]# rm -rf readme utility/ Discuz_X3.2_SC_UTF8.zip 将网页文件复制到当前目录并修改权限[root@linuxea-com /data/wwwroot]# mv upload/* ./ && chown -R nginx.nginx /data/wwwroot/ 打开web输入ip，同意即可下一步，通常这一步也不会报错下一步，全新安装输入之前创建的库和账号密码和论坛邮箱密码安装完成登录源图片的路径存放在网站根目录data/attachment/forum/下[root@DS-VM-Node49 /data/wwwroot]# ll data/attachment/forum/201612/16/114158ponqltotvq9ouuwl.jpg -rw-r--r-- 1 nginx nginx 68028 12月 16 11:41 data/attachment/forum/201612/16/114158ponqltotvq9ouuwl.jpg [root@DS-VM-Node49 /data/wwwroot]# 删掉安装目录 rm -rf install/开启伪静态开启伪静态：如图所示点击查看当前的 Rewrite 规则URL，在弹出的新页面中，复制nginx配置的server段中，如下图所示在重新加载配置/etc/init.d/nginx reload.如下图所示：

Nginx1.10.1lua环境编译安装 installdownload nginx & pcre & LuaJIT[root@LinuxEA local]# curl -sO https://nginx.org/download/nginx-1.10.1.tar.gz [root@LinuxEA local]# curl -sO https://nchc.dl.sourceforge.net/project/pcre/pcre/8.39/pcre-8.39.tar.gz [root@LinuxEA local]# curl -sO https://luajit.org/download/LuaJIT-2.0.4.tar.gz 解压[root@LinuxEA local]# tar xf nginx-1.10.1.tar.gz [root@LinuxEA local]# ln -s nginx-1.10.1 nginx [root@LinuxEA local]# tar xf pcre-8.39.tar.gz [root@LinuxEA local]# tar xf LuaJIT-2.0.4.tar.gz 编译LuaJIT[root@LinuxEA local]# yum install gcc -y [root@LinuxEA local]# cd LuaJIT-2.0.4 [root@LinuxEA LuaJIT-2.0.4]# make && make install 编译PCRE[root@LinuxEA local]# yum install gcc-c++ -y [root@LinuxEA local]# cd pcre-8.39 &&　./configure [root@LinuxEA local]# make && make install 设置环境变量[root@LinuxEA local]# export LUAJIT_LIB=/usr/local/lib [root@LinuxEA LuaJIT-2.0.4]# export LUAJIT_INC=/usr/local/include/luajit-2.0/ 创建用户[root@LinuxEA nginx]# useradd -s /sbin/nologin -M nginx [root@LinuxEA LuaJIT-2.0.4]# cd ../nginx ### get ngx_devel_kit & lua-nginx-module 在编译之前，我们到此处下载相应的模块https://github.com/simpl/ngx_devel_kit#warning-using-ndk_all[root@LinuxEA local]# yum install git [root@LinuxEA local]# git clone https://github.com/simpl/ngx_devel_kit.git 在下载一个lua-nginx-module [root@LinuxEA local]# git clone https://github.com/openresty/lua-nginx-module.git 开始编译nginx--add指定目录即可在编译之前，我们把依赖包安装[root@LinuxEA nginx]# yum install -y openssl openssl-devel [root@LinuxEA nginx]# ./configure --prefix=/usr/local/nginx \ --user=nginx \ --group=nginx \ --with-http_ssl_module \ --with-http_stub_status_module \ --with-file-aio \ --add-module=../ngx_devel_kit/ \ --add-module=../lua-nginx-module/ \ --with-http_gzip_static_module \ --with-http_flv_module \ --with-pcre=/usr/local/pcre-8.39 \ --with-http_mp4_module \ --http-client-body-temp-path=/var/tmp/nginx/client \ --http-proxy-temp-path=/var/tmp/nginx/proxy \ --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi \ --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi \ --pid-path=/var/run/nginx/nginx.pid \ --lock-path=/var/lock/nginx.lock [root@LinuxEA nginx]# make -j2 && make install [root@LinuxEA nginx-1.10.1]# ln -s /usr/local/lib/libluajit-5.1.so.2 /lib64/ [root@LinuxEA nginx-1.10.1]# mkdir -p /var/tmp/nginx/{client,fastcgi,proxy,uwsgi} 我们在server中添加一个nginx lua[root@LinuxEA conf]# vi nginx.conf location /linuxea { default_type 'text/plain'; content_by_lua 'ngx.say("hello,lua")'; } [root@LinuxEA conf]# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful 关闭防火墙并启动[root@LinuxEA conf]# setenforce 0 [root@LinuxEA conf]# echo -e 'net.ipv6.conf.all.disable_ipv6 = 1\nnet.ipv6.conf.default.disable_ipv6 = 1' >> /etc/sysctl.conf && sysctl -p net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 [root@LinuxEA conf]# systemctl mask firewalld [root@LinuxEA conf]# systemctl stop firewalld [root@LinuxEA conf]# /usr/local/nginx/sbin/nginx

keepalived脑裂切换思路 keepalived切换脚本实现ps -ef查看nginx进程少于2个则判定nginx宕机，而后关闭keepalived[root@nginx-proxy ~]# cat keepalived.sh #!/bin/bash while true do if [ `ps -ef|grep nginx|grep -v grep|wc -l` -lt 2 ] then /etc/init.d/keepalived stop fi sleep 5 done [root@nginx-proxy ~]# 两台机器通过同一个机房使用keepalived时候，竟可能使用串口线之类的直连1，使用单独的网卡直连2，使用电源管理器3，脚本（只要发生切换则报警，人为介入）例子：假设备用节点收到vip地址且主节点还活着则人为是脑裂状态可以如下的判定，在备节点上运行脚本ping主节点，如果主节点能ping同，且vip飘逸到备几点则判定为脑裂另外，我们可以使用arping来ping,如下[root@DS-VM-linuxea /etc/graylog/collector-sidecar/generated]# arping -c 1 10.10.194.100 ARPING 10.10.194.100 from 10.10.231.61 eth0 Unicast reply from 10.10.194.100 [88:88:2F:9A:97:84] 1.768ms Unicast reply from 10.10.194.100 [88:88:2F:60:CD:40] 1.858ms Sent 1 probes (1 broadcast(s)) Received 2 response(s) [root@DS-VM-linuxea /etc/graylog/collector-sidecar/generated]# 但我们在旁路机器上arping vip地址如果出现脑裂这会有两个mac地址！更多可参考这几篇文章：heartbeat心跳问题解决二fence思路 https://www.linuxea.com/939.htmlheartbeat列脑的发生和防止思路 https://www.linuxea.com/941.html[root@nginx-proxy scripts]# cat lienao.sh #!/bin/sh while true do ping -c 5 -w 3 10.0.0.91 &>/dev/null if [ $? -eq 0 -a `ip add|grep 10.0.0.100|wc -l` -eq 1 ] then echo "HA is Brain column!" else echo "HA is run OK!" fi sleep 5 done [root@nginx-proxy scripts]# keepalived双主[root@nginx-proxy scripts]# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { 734943463@qq.com } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL } vrrp_instance VI_1 { state MASTER interface eth1 virtual_router_id 51 priority 150 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.100/24 } } vrrp_instance VI_2 { state BACKUP interface eth1 virtual_router_id 52 priority 50 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.101/24 } } [root@nginx-proxy scripts]# [root@nginx-proxy2 scripts]# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { 734943463@qq.com } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL } vrrp_instance VI_1 { state BACKUP interface eth1 virtual_router_id 51 priority 50 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.100/24 } }vrrp_instance VI_2 { state MASTER interface eth1 virtual_router_id 52 priority 150 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.101/24 } } [root@nginx-proxy scripts]#

Nginx+keepalived实现简单切换 keepalived是集群管理中保证集群高可用的一个服务软件，其功能类似于heartbeat，用来防止单点故障。keepalived是以VRRP协议为实现基础的,他的切换速度非常迅速！虽然他比较轻量，功能稍弱，单可以通过脚本来实现安装keepalived网盘下载keepalived包https://www.keepalived.org/index.html [root@nginx-proxy ~]# ln -s /usr/src/kernels/2.6.32-504.el6.x86_64/ /usr/src/linux [root@nginx-proxy ~]# tar xf keepalived-1.2.13.tar.gz [root@nginx-proxy ~]# cd keepalived-1.2.13 [root@nginx-proxy keepalived-1.2.13]# ./configure [root@nginx-proxy keepalived-1.2.13]# make [root@nginx-proxy keepalived-1.2.13]# make install 生成启动脚本[root@nginx-proxy keepalived-1.2.13]# cp /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/ 复制配置启动脚本[root@nginx-proxy keepalived-1.2.13]# cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/ 创建配置文件路径[root@nginx-proxy keepalived-1.2.13]# mkdir /etc/keepalived 配置文件模板[root@nginx-proxy keepalived-1.2.13]# cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/ [root@nginx-proxy keepalived-1.2.13]# cp /usr/local/sbin/keepalived /usr/sbin/ [root@nginx-proxy keepalived-1.2.13]# /etc/init.d/keepalived start Starting keepalived: [ OK ] [root@nginx-proxy local]# ps -ef|grep keep|grep -v grep root 3355 1 0 05:55 ? 00:00:00 keepalived -D root 3357 3355 0 05:55 ? 00:00:00 keepalived -D root 3358 3355 0 05:55 ? 00:00:00 keepalived -D [root@nginx-proxy local]# 配置文件说明[root@nginx-proxy keepalived]# vim /etc/keepalived/keepalived.conf vrrp_instance VI_1 { state MASTER 主/备 interface eth0 监听网卡 virtual_router_id 51 实例id号 priority 100 优先级 advert_int 1 心跳间隔时间 authentication { auth_type PASS auth_pass 1111 密码 } virtual_ipaddress { VIP 192.168.200.16 192.168.200.17 192.168.200.18 } }配置文件修改[root@nginx-proxy keepalived]# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { 734943463@qq.com } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL } vrrp_instance VI_1 { state MASTER interface eth1 virtual_router_id 51 priority 150 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.100/24 } } [root@nginx-proxy keepalived]# /etc/init.d/keepalived restart Stopping keepalived: [ OK ] Starting keepalived: [ OK ] [root@nginx-proxy keepalived]# 启动后vip会在权重高的一端[root@nginx-proxy keepalived]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:5c:67:b6 brd ff:ff:ff:ff:ff:ff inet 10.0.0.90/16 brd 10.0.255.255 scope global eth1 inet 10.0.0.100/24 scope global eth1 inet6 fe80::20c:29ff:fe5c:67b6/64 scope link valid_lft forever preferred_lft forever [root@nginx-proxy keepalived]# ip addr|grep 10.0.0.100 inet 10.0.0.100/24 scope global eth1 [root@nginx-proxy keepalived]# nginx-proxy2的配置需要修改1，router_id不能一致2，state MASTER/BACKUP3, priority 权重不能一致这里需要注意的是网卡的信息，两端需要网卡号一致密码一致，其他等[root@nginx-proxy2 ~]# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { 734943463@qq.com } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL_2 } vrrp_instance VI_1 { state BACKUP interface eth1 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.100/24 } } [root@nginx-proxy2 ~]#