1.Nginx 负载均衡
负载均衡在服务端开发中算是一个比较重要的特性。因为Nginx除了作为常规的Web服务器外,还会被大规模的用于反向代理前端,因为Nginx的异步框架可以处理很大的并发请求,把这些并发请求hold住之后就可以分发给后台服务端(backend servers,也叫做服务池, 后面简称backend)来做复杂的计算、处理和响应,这种模式的好处是相当多的:隐藏业务主机更安全,节约了公网IP地址,并且在业务量增加的时候可以方便地扩容后台服务器。
先创建简单的负载平衡模块,配置文件load.conf;
[root@ying01 ~]# cd /usr/local/nginx/conf/vhost
[root@ying01 vhost]# vim load.conf
upstream qq_com //qq_com为模块名
{
ip_hash; //负载均衡的算法
server 61.135.157.156:80; //默认端口为80,因此此处80可以省略
server 125.39.240.113:80;
}
server
{
listen 80;
server_name www.qq.com;
location /
{
proxy_pass http://qq_com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
有个命名可以查看 dig 域名; 没有安装可以用yum安装此包:yum install -y bind-utils
[root@ying01 vhost]# dig qq.com
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> qq.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56416
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;qq.com. IN A
;; ANSWER SECTION:
qq.com. 334 IN A 111.161.64.40
qq.com. 334 IN A 111.161.64.48
;; Query time: 70 msec
;; SERVER: 119.29.29.29#53(119.29.29.29)
;; WHEN: 日 7月 08 22:52:14 CST 2018
;; MSG SIZE rcvd: 67
现在用curl -x测试www.qq.com,此时任意域名都会转到默认虚拟主机上;
[root@ying01 vhost]# curl -x127.0.0.1:80 www.qq.com
this is the default site.
[root@ying01 vhost]# curl -x127.0.0.1:80 www.q.com
this is the default site.
检查load.conf配置文件语法,并加载
[root@ying01 vhost]# /usr/local/nginx/sbin/nginx -t
[root@ying01 vhost]# /usr/local/nginx/sbin/nginx -s reload
我们再curl -x测试www.qq.com,此时可以通过自己的机器能访问腾讯网站。说明代理成功。
[root@ying01 vhost]# curl -x127.0.0.1:80 www.qq.com -I
HTTP/1.1 200 OK
Server: nginx/1.4.7
Date: Sun, 08 Jul 2018 15:30:43 GMT
Content-Type: text/html; charset=GB2312
Connection: keep-alive
Vary: Accept-Encoding
Vary: Accept-Encoding
Expires: Sun, 08 Jul 2018 15:31:43 GMT
Cache-Control: max-age=60
Vary: Accept-Encoding
Vary: Accept-Encoding
X-Cache: HIT from tianjin.qq.com
负载均衡扩展:
Nginx负载均衡(工作在七层“应用层”)功能主要是通过upstream模块实现,Nginx负载均衡默认对后端服务器有健康检测的能力,仅限于端口检测,在后端服务器比较少的情况下负载均衡能力表现突出。
Nginx的几种负载均衡算法:
1、轮询(默认):每个请求按时间顺序逐一分配到不同的后端服务器,如果后端某台服务器宕机,则自动剔除故障机器,使用户访问不受影响。
2、weight:指定轮询权重,weight值越大,分配到的几率就越高,主要用于后端每台服务器性能不均衡的情况。
3、ip_hash:每个请求按访问IP的哈希结果分配,这样每个访客固定访问一个后端服务器,可以有效的解决动态网页存在的session共享问题。
4、fair(第三方):更智能的一个负载均衡算法,此算法可以根据页面大小和加载时间长短智能地进行负载均衡,也就是根据后端服务器的响应时间来分配请求,响应时间短的优先分配。如果想要使用此调度算法,需要Nginx的upstream_fair模块。
5、url_hash(第三方):按访问URL的哈希结果来分配请求,使每个URL定向到同一台后端服务器,可以进一步提高后端缓存服务器的效率。如果想要使用此调度算法,需要Nginx的hash软件包。
在upstream模块中,可以通过server命令指定后端服务器的IP地址和端口,同时还可以设置每台后端服务器在负载均衡调度中的状态,常用的状态有以下几种:
1、down:表示当前server暂时不参与负载均衡。
2、backup:预留的备份机,当其他所有非backup机器出现故障或者繁忙的时候,才会请求backup机器,这台机器的访问压力最轻。
3、max_fails:允许请求的失败次数,默认为1,配合fail_timeout一起使用
4、fail_timeout:经历max_fails次失败后,暂停服务的时间,默认为10s(某个server连接失败了max_fails次,则nginx会认为该server不工作了。同时,在接下来的 fail_timeout时间内,nginx不再将请求分发给失效的server。)
一个负载均衡器的名称为whsirserver,这个名称可以自己定义,在后面proxy_pass直接调用即可。
proxy_next_upstream参数用来定义故障转移策略,当后端服务器节点返回500、502和执行超时等错误时,自动将请求转发到upstream负载均衡器中的另一台服务器,实现故障转移。
3. ssl原理
浏览器发送一个https的请求给服务器;
服务器要有一套数字证书,可以自己制作,也可以向组织申请,区别就是自己颁发的证书需要客户端验证通过,才可以继续访问,而使用受信任的公司申请的证书则不会弹出提示页面,这套证书其实就是一对公钥和私钥;
服务器会把公钥传输给客户端;
客户端(浏览器)收到公钥后,会验证其是否合法有效,无效会有警告提醒,有效则会生成一串随机数,并用收到的公钥加密;
客户端把加密后的随机字符串传输给服务器;
服务器收到加密随机字符串后,先用私钥解密(公钥加密,私钥解密),获取到这一串随机数后,再用这串随机字符串加密传输的数据(该加密为对称加密,所谓对称加密,就是将数据和私钥也就是这个随机字符串通过某种算法混合在一起,这样除非知道私钥,否则无法获取数据内容);
服务器把加密后的数据传输给客户端; 客户端收到数据后,再用自己的私钥也就是那个随机字符串解密;
扩展:https://blog.csdn.net/hherima/article/details/52469267
4. 生成ssl密钥对
生成key即“私钥”:openssl genrsa
[root@ying01 ~]# cd /usr/local/nginx/conf/
[root@ying01 conf]# rpm -qf `which openssl` //查看openssl是哪个安装包,没有此命令,则安装
openssl-1.0.2k-12.el7.x86_64
[root@ying01 conf]# openssl genrsa -des3 -out tmp.key 2048 //生成私钥tmp.key,长度为2048
Generating RSA private key, 2048 bit long modulus
............+++
...........................................+++
e is 65537 (0x10001)
Enter pass phrase for tmp.key: //需要设置私钥的密码
Verifying - Enter pass phrase for tmp.key:
[root@ying01 conf]# openssl rsa -in tmp.key -out yinglinux.key //把tmp.key改为yinglinux.key
Enter pass phrase for tmp.key:
writing RSA key
[root@ying01 conf]# rm -f tmp.key //因为两个一样,则删除tmp.key
自己设置一个证书;
[root@ying01 conf]# openssl req -new -key yinglinux.key -out yinglinux.csr //生成证书的请求文件
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:ZH //定义国家名,以下可以自己填写
State or Province Name (full name) []:shenzhen
Locality Name (eg, city) [Default City]:shenzhen
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:ying
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:www123
An optional company name []:www123
[root@ying01 conf]# openssl x509 -req -days 365 -in yinglinux.csr -signkey yinglinux.key -out yinglinux.crt
Signature ok //用私钥和刚才生成的文件,一起生成公钥
subject=/C=ZH/ST=shenzhen/L=shenzhen/O=Default Company Ltd/CN=ying/[email protected]
Getting Private key
查看生成的yinglinux的证书文件,其实购买SSL证书主要得到下面两个文件,有了这两个文件就可以配置nginx;
[root@ying01 conf]# ls |grep yinglinux
yinglinux.crt //公钥
yinglinux.csr
yinglinux.key //私钥
5. Nginx配置ssl
[root@ying01 conf]# cd vhost/
[root@ying01 vhost]# vim /usr/local/nginx/conf/vhost/ssl.conf
server
{
listen 443;
server_name ying.com;
index index.html index.php;
root /data/wwwroot/ying.com;
ssl on;
ssl_certificate yinglinux.crt;
ssl_certificate_key yinglinux.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
}
编辑完ssl配置文件,此时检查语法,发现当前Nginx并不支持SSL,因为当时辑Nginx编译时并没有配置支持SSL的参数;
[root@ying01 vhost]# mkdir /data/wwwroot/ying.com
[root@ying01 vhost]# /usr/local/nginx/sbin/nginx -t
nginx: [emerg] unknown directive "ssl" in /usr/local/nginx/conf/vhost/ssl.conf:7
nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
[root@ying01 vhost]# /usr/local/nginx/sbin/nginx -V //查看nginx版本号
nginx version: nginx/1.4.7
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC)
configure arguments: --prefix=/usr/local/nginx
[root@ying01 vhost]# cd /usr/local/src/nginx-1.4.7/
[root@ying01 nginx-1.4.7]# ./configure --help |grep -i ssl //查找ssl
--with-http_ssl_module enable ngx_http_ssl_module
--with-mail_ssl_module enable ngx_mail_ssl_module
--with-openssl=DIR set path to OpenSSL library sources
--with-openssl-opt=OPTIONS set additional build options for OpenSSL
[root@ying01 nginx-1.4.7]#
配置ssl模块,然后编译、安装
[root@ying01 nginx-1.4.7]# ./configure --prefix=/usr/local/nginx --with-http_ssl_module
[root@ying01 nginx-1.4.7]# make
[root@ying01 nginx-1.4.7]# make install
检查语法、重启服务,查看监听端口,此时会出现443端口;
[root@ying01 nginx-1.4.7]# /usr/local/nginx/sbin/nginx -tnginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@ying01 nginx-1.4.7]# /etc/init.d/nginx start
Starting nginx (via systemctl): [ 确定 ]
[root@ying01 nginx-1.4.7]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 656/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 802/master
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 3927/nginx: master
tcp6 0 0 :::22 :::* LISTEN 656/sshd
tcp6 0 0 ::1:25 :::* LISTEN 802/master
测试
[root@ying01 vhost]# cd /data/wwwroot/ying.com/
[root@ying01 ying.com]# vim index.html //创建一个测试网页
[root@ying01 ying.com]# curl -x127.0.0.1:443 https://ying.com/ //要是这样,是访问不到的;
curl: (56) Proxy CONNECT aborted
[root@ying01 ying.com]# vim /etc/hosts //配置hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.112.136 www.qq.com www.baidu.com www.126.com
113.108.182.52 www.hao123.com www.baidu.com
127.0.0.1 ying.com//添加此行
此时可以直接:curl https://ying.com/ ;但是证书是我自己颁发的,有点不合法;
[root@ying01 ying.com]# curl https://ying.com/
curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
此时在windows下浏览器测试;
假如在浏览器:https://ying.com 此时无反应,则需要清除规则;或者增加一个443的端口
[root@ying01 ying.com]# iptables -F
再看一个著名的,自己给自己颁发的网站
6.php-fpm 的pool
Nginx可以配置多个虚拟主机,php-fpm配置文件php-fpm.conf可以设置多个pool,每个pool可以监听一个端口,在其中一个pool资源耗尽,会导致其他站点无法访问资源,报502错误。有必要把站点进行分离,分别使用单独的pool。
在php-fpm配置文件中添加一个ying.com的池子;
[root@ying01]# cd /usr/local/php-fpm/etc/
[root@ying01 etc]# vim php-fpm.conf
[global]
pid = /usr/local/php-fpm/var/run/php-fpm.pid
error_log = /usr/local/php-fpm/var/log/php-fpm.log
[www]
listen = /tmp/php-fcgi.sock
#listen =127.0.0.1:9000
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
[ying.com] //增加一个池子
listen = /tmp/ying.sock
#listen =127.0.0.1:9000
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
检查语法,并重启php-fpm
[root@ying01 etc]# /usr/local/php-fpm/sbin/php-fpm -t
[09-Jul-2018 11:15:08] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful
[root@ying01 etc]# /etc/init.d/php-fpm reload
Reload service php-fpm done
查看进程,此时 有两个池子,其中一个就是ying.com
[root@ying01 etc]# ps aux |grep php-fpm
root 4529 0.1 0.2 227304 4968 ? Ss 11:15 0:00 php-fpm: master process (/usr/local/php-fpm/etc/php-fpm.conf)
php-fpm 4530 0.0 0.2 227244 4716 ? S 11:15 0:00 php-fpm: pool www
php-fpm 4531 0.0 0.2 227244 4716 ? S 11:15 0:00 php-fpm: pool www
php-fpm 4532 0.0 0.2 227244 4716 ? S 11:15 0:00 php-fpm: pool www
php-fpm 4533 0.0 0.2 227244 4716 ? S 11:15 0:00 php-fpm: pool www
php-fpm 4534 0.0 0.2 227244 4720 ? S 11:15 0:00 php-fpm: pool www
php-fpm 4565 0.0 0.2 227244 4728 ? S 11:15 0:00 php-fpm: pool ying.com
php-fpm 4566 0.0 0.2 227244 4728 ? S 11:15 0:00 php-fpm: pool ying.com
php-fpm 4567 0.0 0.2 227244 4728 ? S 11:15 0:00 php-fpm: pool ying.com
php-fpm 4568 0.0 0.2 227244 4728 ? S 11:15 0:00 php-fpm: pool ying.com
php-fpm 4569 0.0 0.2 227244 4732 ? S 11:15 0:00 php-fpm: pool ying.com
root 4573 0.0 0.0 112720 984 pts/0 S+ 11:15 0:00 grep --color=auto php-fpm
虚拟主机里面设置
[root@ying01 vhost]# vim aaa.com.conf
server
{
listen 80 default_server;
server_name aaa.com;
index index.html index.htm index.php;
root /data/wwwroot/default;
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/ying.sock; //定义池子
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/default$fastcgi_script_name;
}
}
[root@ying01 vhost]# cd /usr/local/php-fpm/etc/
[root@ying01 etc]# ls
pear.conf php-fpm.conf php-fpm.conf.default php.ini
[root@ying01 etc]# vim php-fpm.conf //编辑php-fpm主配置文件
[global]
pid = /usr/local/php-fpm/var/run/php-fpm.pid
error_log = /usr/local/php-fpm/var/log/php-fpm.log
include = etc/php-fpm.d/*.conf //增加此行,删除后面的池子,相当于一个模块名
创建 www.conf 配置文件,就相当于之前的www池子
[root@ying01 etc]# mkdir php-fpm.d //根据php-fpm配置文件创建相应目录
[root@ying01 etc]# cd php-fpm.d/
[root@ying01 php-fpm.d]# vim www.conf
[www]
listen = /tmp/php-fcgi.sock
#listen =127.0.0.1:9000
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
创建 ying.com.conf 配置文件,就相当于之前的一个池子
[root@ying01 php-fpm.d]# vim ying.com.conf
[ying.com]
listen = /tmp/ying.sock
#listen =127.0.0.1:9000
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
查看php-fpm.conf内容,只有三行,其余的两个池子,被分成两个文件;
[root@ying01 php-fpm.d]# cat ../php-fpm.conf
[global]
pid = /usr/local/php-fpm/var/run/php-fpm.pid
error_log = /usr/local/php-fpm/var/log/php-fpm.log
include = etc/php-fpm.d/*.conf
[root@ying01 php-fpm.d]# ls
www.conf ying.com.conf
检查语法,并重启服务
[root@ying01 php-fpm.d]# /usr/local/php-fpm/sbin/php-fpm -t
[09-Jul-2018 12:05:08] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful
[root@ying01 php-fpm.d]# /etc/init.d/php-fpm reload
Reload service php-fpm done
在查看进程,同样有两个池子;
[root@ying01 php-fpm.d]# ps aux |grep php-fpm
root 5048 0.4 0.2 227332 4984 ? Ss 12:05 0:00 php-fpm: master process (/usr/local/php-fpm/etc/php-fpm.conf)
php-fpm 5049 0.0 0.2 227272 4724 ? S 12:05 0:00 php-fpm: pool www
php-fpm 5050 0.0 0.2 227272 4724 ? S 12:05 0:00 php-fpm: pool www
php-fpm 5051 0.0 0.2 227272 4724 ? S 12:05 0:00 php-fpm: pool www
php-fpm 5052 0.0 0.2 227272 4724 ? S 12:05 0:00 php-fpm: pool www
php-fpm 5053 0.0 0.2 227272 4728 ? S 12:05 0:00 php-fpm: pool www
php-fpm 5054 0.0 0.2 227272 4728 ? S 12:05 0:00 php-fpm: pool www
php-fpm 5055 0.0 0.2 227272 4728 ? S 12:05 0:00 php-fpm: pool www
php-fpm 5056 0.0 0.2 227272 4728 ? S 12:05 0:00 php-fpm: pool www
php-fpm 5057 0.0 0.2 227272 4728 ? S 12:05 0:00 php-fpm: pool www
php-fpm 5058 0.0 0.2 227272 4728 ? S 12:05 0:00 php-fpm: pool www
php-fpm 5059 0.0 0.2 227272 4728 ? S 12:05 0:00 php-fpm: pool www
php-fpm 5060 0.0 0.2 227272 4728 ? S 12:05 0:00 php-fpm: pool www
php-fpm 5061 0.0 0.2 227272 4728 ? S 12:05 0:00 php-fpm: pool www
php-fpm 5062 0.0 0.2 227272 4728 ? S 12:05 0:00 php-fpm: pool www
php-fpm 5063 0.0 0.2 227272 4732 ? S 12:05 0:00 php-fpm: pool www
php-fpm 5064 0.0 0.2 227272 4732 ? S 12:05 0:00 php-fpm: pool www
php-fpm 5065 0.0 0.2 227272 4732 ? S 12:05 0:00 php-fpm: pool www
php-fpm 5066 0.0 0.2 227272 4732 ? S 12:05 0:00 php-fpm: pool www
php-fpm 5067 0.0 0.2 227272 4732 ? S 12:05 0:00 php-fpm: pool www
php-fpm 5068 0.0 0.2 227272 4732 ? S 12:05 0:00 php-fpm: pool www
php-fpm 5069 0.0 0.2 227272 4728 ? S 12:05 0:00 php-fpm: pool ying.com
php-fpm 5070 0.0 0.2 227272 4728 ? S 12:05 0:00 php-fpm: pool ying.com
php-fpm 5071 0.0 0.2 227272 4728 ? S 12:05 0:00 php-fpm: pool ying.com
php-fpm 5072 0.0 0.2 227272 4728 ? S 12:05 0:00 php-fpm: pool ying.com
php-fpm 5073 0.0 0.2 227272 4732 ? S 12:05 0:00 php-fpm: pool ying.com
php-fpm 5074 0.0 0.2 227272 4732 ? S 12:05 0:00 php-fpm: pool ying.com
php-fpm 5075 0.0 0.2 227272 4732 ? S 12:05 0:00 php-fpm: pool ying.com
php-fpm 5076 0.0 0.2 227272 4732 ? S 12:05 0:00 php-fpm: pool ying.com
php-fpm 5077 0.0 0.2 227272 4732 ? S 12:05 0:00 php-fpm: pool ying.com
php-fpm 5078 0.0 0.2 227272 4732 ? S 12:05 0:00 php-fpm: pool ying.com
php-fpm 5079 0.0 0.2 227272 4736 ? S 12:05 0:00 php-fpm: pool ying.com
php-fpm 5080 0.0 0.2 227272 4736 ? S 12:05 0:00 php-fpm: pool ying.com
php-fpm 5081 0.0 0.2 227272 4736 ? S 12:05 0:00 php-fpm: pool ying.com
php-fpm 5082 0.0 0.2 227272 4736 ? S 12:05 0:00 php-fpm: pool ying.com
php-fpm 5083 0.0 0.2 227272 4736 ? S 12:05 0:00 php-fpm: pool ying.com
php-fpm 5084 0.0 0.2 227272 4736 ? S 12:05 0:00 php-fpm: pool ying.com
php-fpm 5085 0.0 0.2 227272 4736 ? S 12:05 0:00 php-fpm: pool ying.com
php-fpm 5086 0.0 0.2 227272 4736 ? S 12:05 0:00 php-fpm: pool ying.com
php-fpm 5087 0.0 0.2 227272 4736 ? S 12:05 0:00 php-fpm: pool ying.com
php-fpm 5088 0.0 0.2 227272 4736 ? S 12:05 0:00 php-fpm: pool ying.com
root 5090 0.0 0.0 112720 984 pts/0 S+ 12:05 0:00 grep --color=auto php-fpm
7. php-fpm慢执行日志
php网站,建议使用lnmp架构的一个好处就是查看“慢日志”,为什么这么说呢?当我们的客户或者manager发现站点访问速度点慢,如果全部的负载均不是很高,一切正常还是慢,怎么办?那唯一的办法就是检查“慢日志”,慢日志会向我们详细的展示某个页面的多少行代码在执行过程中超过了我们设定的阀值!
在www.conf配置文件中,加上最后两行内容;
[root@ying01 php-fpm.d]# vim www.conf
[www]
listen = /tmp/php-fcgi.sock
#listen =127.0.0.1:9000
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
request_slowlog_timeout = 2 //超过2秒就记录
slowlog = /usr/local/php-fpm/var/log/www_slow.log //定义日志内容的目录
重启服务后,查看指定的目录是不是生成 www_slow.log 日志
[root@ying01 php-fpm.d]# /usr/local/php-fpm/sbin/php-fpm -t
[08-Jul-2018 12:21:52] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful
[root@ying01 php-fpm.d]# /etc/init.d/php-fpm reload
Reload service php-fpm done
[root@ying01 php-fpm.d]# ls /usr/local/php-fpm/var/log
php-fpm.log www_slow.log
现在模拟超过2秒的试验
[root@ying01 php-fpm.d]# vim /data/wwwroot/test.com/sleep.php
[root@ying01 php-fpm.d]# curl -x127.0.0.1:80 test.com/sleep.php //成功
slowlog test!done[root@ying01 php-fpm.d]#
[root@ying01 php-fpm.d]# cat /usr/local/php-fpm/var/log/www_slow.log //查看慢日志
[08-Jul-2018 12:28:57] [pool www] pid 5232
script_filename = /data/wwwroot/test.com/sleep.php//这个文件慢
[0x00007f9461b2a270] sleep() /data/wwwroot/test.com/sleep.php:3 //这个文件的第三行
[root@ying01 php-fpm.d]# cat /data/wwwroot/test.com/sleep.php
<?php
echo "slowlog test!";
sleep(3); //第三行,休眠3秒
echo "done";
?>
8. open_basedir
如果一个server有很多个web服务,那么不建议直接把open_basedir直接配置在php.ini中了。Appache可以针对每个虚拟主机设置一个Open_basedir,php-fpm同样也可以针对不同的pool设置不同的Open_basedir.
再www.conf配置文件中,添加:php_admin_value[open_basedir]=/data/wwwroot/test.com:/tmp/
此处需要注意:目录下对应的是test.com;因为www池子,也就是www.conf对应的是test.com这个虚拟主机
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock; //注意:php-fcgi.sock
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/test.com$fastcgi_script_name;
}
编辑www.conf配置文件
[root@ying01 php-fpm.d]# vim www.conf
[www]
listen = /tmp/php-fcgi.sock //注意:此处与虚拟主机对应
#listen =127.0.0.1:9000
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
request_slowlog_timeout = 2
slowlog = /usr/local/php-fpm/var/log/www_slow.log
php_admin_value[open_basedir]=/data/wwwroot/test.com/:/tmp/ //添加此行,限制在test.com和、tmp目录下
重启服务后,测试成功
[root@ying01 php-fpm.d]# /etc/init.d/php-fpm restart
Gracefully shutting down php-fpm . done
Starting php-fpm done
[root@ying01 php-fpm.d]# !curl
curl -x127.0.0.1:80 test.com/sleep.php
slowlog test!done[root@ying01 php-fpm.d]#
[root@ying01 php-fpm.d]# curl -x127.0.0.1:80 test.com/sleep.php -I
HTTP/1.1 200 OK
Server: nginx/1.4.7
Date: Mon, 08 Jul 2018 05:09:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.6.32
参考笔记:https://www.jb51.net/article/110264.htm
9.php-fpm进程管理
www]
listen = /tmp/php-fcgi.sock
#listen =127.0.0.1:9000
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
request_slowlog_timeout = 2
解释:
-
pm = dynamic:动态进程管理,也可以是static
-
pm.max_children = 50 : 最大子进程数
-
pm.start_servers = 20 : 启动服务时会启动的进程数
-
pm.min_spare_servers = 5 : 定义在空闲时段,子进程数的最少值,如果达到这个值,php-fpm服务会自动派生新的子进程
-
pm.max_spare_servers = 35 : 定义在空闲时段,子进程数的最大值,如果高于这个值,php-fpm服务会清理空闲的子进程
-
pm.max_requests = 500 :定义一个字进程最多可以处理多少个进程,这里设置成500,也就是说在一个php-fpm的子进程最多可以处理500个,若达到这个数值时,它就会自动退出。
-
rlimit_files = 1024 :设置文件打开描述符的rlimit限制. 默认值: 系统定义值 系统默认可打开句柄是1024,可使用 ulimit -n查看,ulimit -n 2048修改(临时修改)。