LNMP架构四

Posted jack的网络日志

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了LNMP架构四相关的知识,希望对你有一定的参考价值。

php-fpm的pool(连接池)

我们查看php的进程时,会发现,在最后一个pool的选项,而这个就是我们在php-fpm配置文件里写的一个连接池。

[root@bogon linux.com]# vim /usr/local/php-fpm/etc/php-fpm.conf
[root@bogon linux.com]# 
[root@bogon linux.com]# ps aux|grep php
root       3068  0.0  0.0 227144   228 ?        Ss   2月11   0:10 php-fpm: master process (/usr/local/php-fpm/etc/php-fpm.conf)
php-fpm    3114  0.0  0.0 229228   124 ?        S    2月11   0:00 php-fpm: pool www

1.编辑php-fpm配置文件添加新pool命名为linux.com

[linux.com]
listen = /tmp/linux.sock
#listen = 127.0.0.1:9000
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024

2.检查php配置文件,重新加载配置文件,查看php进程发现有连个pool了

为什么要建立多个池子呢?拿www和linux.com两个池子来说,www池子最多可以同时开50个进程,当www进程满了就会报502错误,这个时候linux.com不受影响。

[root@bogon linux.com]# /usr/local/php-fpm/sbin/php-fpm -t
[13-Feb-2018 10:28:14] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful

[root@bogon linux.com]# /etc/init.d/php-fpm reload
Reload service php-fpm  done
[root@bogon linux.com]# ps -aux|grep php-fpm
php-fpm   18117  0.0  0.5 229228  5076 ?        S    10:29   0:00 php-fpm: pool www
php-fpm   18118  0.0  0.5 229228  5076 ?        S    10:29   0:00 php-fpm: pool www
php-fpm   18119  0.0  0.5 229228  5076 ?        S    10:29   0:00 php-fpm: pool www
php-fpm   18120  0.0  0.5 229228  5072 ?        S    10:29   0:00 php-fpm: pool linux.com
php-fpm   18121  0.0  0.5 229228  5076 ?        S    10:29   0:00 php-fpm: pool linux.com
php-fpm   18122  0.0  0.5 229228  5076 ?        S    10:29   0:00 php-fpm: pool linux.com

3.新建pool,编辑aaa.com.conf配置文件添加支持php配置

[root@bogon vhost]# ls
aaa.com.conf  load.conf  proxy.conf  ssl.conf  test.com.conf
[root@bogon vhost]# vim aaa.com.conf 
[root@bogon vhost]# 

  

server
{
    listen 80 default_server;
    server_name aaa.com;
    index index.html index.htm index.php;
    root /data/wwwroot/default;

    location ~ \\.php$
    {
      include fastcgi_params;
      fastcgi_pass unix:/tmp/linux.sock;
      fastcgi_index index.php;
      fastcgi_param SCRIPT_FILENAME /data/wwwroot/default$fastcgi_script_name;
    }

}

4.查看nginx配置文件可以看到有个include选项,php-fpm也是支持的

[root@bogon conf]# vim nginx.conf
[root@bogon conf]# 
    gzip_types text/plain application/x-javascript text/css text/htm
    application/xml;
    include vhost/*.conf;
}

5.编辑php-fpm.conf,在global标签下添加include选项

[root@bogon conf]# vim /usr/local/php-fpm/etc/php-fpm.conf
[global]
pid = /usr/local/php-fpm/var/run/php-fpm.pid
error_log = /usr/local/php-fpm/var/log/php-fpm.log
include = etc/php-fpm.d/*.conf

6.将www配置和linux.com配置拆分开,在etc目录下创建php-fpm.d目录并创建两个配置文件www.conf和linux.conf,在配置文件中分别将拆分出来的配置写到里面

[root@bogon conf]# cd /
[root@bogon /]# cd usr/local/php-fpm/etc/
[root@bogon etc]# ls
pear.conf  php-fpm.conf  php-fpm.conf.default  php.ini
[root@bogon etc]# mkdir php-fpm.d
[root@bogon etc]# cd php-fpm.d/
[root@bogon php-fpm.d]# vi www.conf
[root@bogon php-fpm.d]# 
[www]
listen = /tmp/php-fcgi.sock
#listen = 127.0.0.1:9000
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
[root@bogon php-fpm.d]# vi linux.conf
[linux.com] listen = /tmp/linux.sock #listen = 127.0.0.1:9000 listen.mode = 666 user = php-fpm group = php-fpm pm = dynamic pm.max_children = 50 pm.start_servers = 20 pm.min_spare_servers = 5 pm.max_spare_servers = 35 pm.max_requests = 500 rlimit_files = 1024

7.删除php-fpm.conf配置文件中的www和linux.com配置

8.检查配置,重启php-fpm everyone ok

[root@bogon php-fpm.d]# /usr/local/php-fpm/sbin/php-fpm -t
[13-Feb-2018 11:39:14] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful

[root@bogon php-fpm.d]# /etc/init.d/php-fpm restart
Gracefully shutting down php-fpm . done
Starting php-fpm  done
[root@bogon php-fpm.d]# 

9.检查服务是否启动,发现一切ok

[root@bogon php-fpm.d]# ps -aux|grep php-fpm           
root      23264  1.8  0.4 227232  4984 ?        Ss   11:39   0:01 php-fpm: master process (/usr/local/php-fpm/etc/php-fpm.conf)
php-fpm   23284  0.1  0.5 229256  5080 ?        S    11:40   0:00 php-fpm: pool linux.com
php-fpm   23285  0.0  0.5 229256  5080 ?        S    11:40   0:00 php-fpm: pool linux.com
php-fpm   23286  0.0  0.5 229256  5076 ?        S    11:40   0:00 php-fpm: pool www
php-fpm   23287  0.0  0.5 229256  5076 ?        S    11:40   0:00 php-fpm: pool www

php-fpm慢执行日志

如果要做一个php网站,会推荐你用lnmp架构,原因就是可以分析php-fpm慢执行日志。因为在做运维工程师的生涯中,老板或者客户会经常反馈用户网站访问慢,慢执行日志则会记录为什么网站访问会慢。对运维工作是一个很大的帮助

1.针对www做实验,编辑www的配置文件,添加配置

[root@bogon php-fpm.d]# vim www.conf 
[root@bogon php-fpm.d]# 
request_slowlog_timeout = 1                             (连接超过1秒则记录日志)
slowlog = /usr/local/php-fpm/var/log/www-slow.log               (日志存放地址)

2.检查配置文件语法错误重启服务。

[root@bogon php-fpm.d]# /usr/local/php-fpm/sbin/php-fpm -t
[13-Feb-2018 13:34:07] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful

[root@bogon php-fpm.d]# /etc/init.d/php-fpm reload       
Reload service php-fpm  done
[root@bogon php-fpm.d]# 

3.查看是否生成了www-slow.log

[root@bogon php-fpm.d]# ls /usr/local/php-fpm/var/log/
php-fpm.log   www-slow.log  
[root@bogon php-fpm.d]# 

4.查看www.conf 中的php-fcgi.sock被谁用着,可见是被test.com.conf

[root@bogon /]# ls /usr/local/php-fpm/etc/php-fpm.conf        
/usr/local/php-fpm/etc/php-fpm.conf
[root@bogon /]# ls /usr/local/nginx/conf/vhost/test.com.conf    
/usr/local/nginx/conf/vhost/test.com.conf
[root@bogon /]#

 

文件  /usr/local/nginx/conf/vhost/test.com.conf 
location ~ \\.php$ { include fastcgi_params; fastcgi_pass unix:/tmp/php-fcgi.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /data/wwwroot/test.com$fastcgi_script_name; }

 

文件 /usr/local/php-fpm/etc/php-fpm.d/www.conf  
[www] listen = /tmp/php-fcgi.sock #listen = 127.0.0.1:9000 listen.mode = 666 user = php-fpm group = php-fpm pm = dynamic pm.max_children = 50 pm.start_servers = 20 pm.min_spare_servers = 5 pm.max_spare_servers = 35 pm.max_requests = 500 rlimit_files = 1024 request_slowlog_timeout = 1 slowlog = /usr/local/php-fpm/var/log/www-slow.log

5.创建sleep.php文件写入sleep,休眠两秒钟

[root@bogon local]# vim /data/wwwroot/test.com/sleep.php
[root@bogon local]# 
<?php
echo "test slow log";
sleep(2);
echo "done";

6.测试成功

[root@bogon local]# curl -x127.0.0.1:80 test.com/sleep.php 
test slow logdone[root@bogon local]# 

7.在页面查看php报错信息可以开启php配置文件中的display_errors = On

[root@bogon local]# vim /usr/local/php-fpm/etc/php.ini 
[root@bogon local]# 

8.查看慢日志

[root@bogon local]# cat /usr/local/php-fpm/var/log/www-slow.log 

[13-Feb-2018 14:14:50]  [pool www] pid 31212
script_filename = /data/wwwroot/test.com/sleep.php
[0x00007f0a9bf742f8] sleep() /data/wwwroot/test.com/sleep.php:3
[root@bogon local]# 

open_basedir(将 PHP 所能打开的文件限制在指定的目录树,包括文件本身。

1.编辑test的配置文件添加配置内容,故意将tese.com写成111.test.com为了测试报错的情况

[root@bogon local]# vim /usr/local/php-fpm/etc/php-fpm.d/www.conf 
[root@bogon local]# 

  

php_admin_value[open_basedir]=/data/wwwroot/111test.com:/tmp/

2.编辑php配置文件,定义php-fpm的错误日志

[root@bogon etc]# vim /usr/local/php-fpm/etc/php.ini 

 display_errors = Off (这一行的意思是将你的错误信息是否显示到浏览器上,不能让用户看到,所以一般是off)

error_log = /usr/local/php-fpm/var/log/php_errors.log (添加一行,定义记录错误日志的路径。)

error_reporting = E_ALL (定义日志级别,记录所有错误日志,默认为 ;error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT) 

3.查看error_log 配置路径 

[root@bogon etc]# grep error_log /usr/local/php-fpm/etc/php.ini 
; server-specific log, STDERR, or a location specified by the error_log
; Set maximum length of log_errors. In error_log information about the source is
;error_log = php_errors.log
;error_log = syslog
error_log = /usr/local/php-fpm/var/log/php_errors.log
; OPcache error_log file name. Empty string assumes "stderr".
;opcache.error_log=
[root@bogon etc]# 

4.创建错误日志文件,修改权限,防止不能正常写入。

[root@bogon etc]# touch /usr/local/php-fpm/var/log/php_errors.log     
[root@bogon etc]# chmod 777 /usr/local/php-fpm/var/log/php_errors.log 
[root@bogon etc]# /etc/init.d/php-fpm restart                   
Gracefully shutting down php-fpm . done
Starting php-fpm  done
[root@bogon etc]# 

5.访问报404错误

[root@bogon etc]# curl -x127.0.0.1:80 test.com/sleep.php -I
HTTP/1.1 404 Not Found
Server: nginx/1.12.2
Date: Tue, 13 Feb 2018 07:38:46 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.6.30

[root@bogon etc]# 

6.查看错误日志(意思是访问的文件不在open_basedir限制的目录)

[root@bogon etc]# tail -2 /usr/local/php-fpm/var/log/php_errors.log   
[13-Feb-2018 07:38:46 UTC] PHP Warning:  Unknown: open_basedir restriction in effect. File(/data/wwwroot/test.com/sleep.php) is not within the allowed path(s): (/data/wwwroot/111test.com:/tmp/)
in Unknown on line 0 [13-Feb-2018 07:38:46 UTC] PHP Warning: Unknown: failed to open stream: Operation not permitted in Unknown on line 0 [root@bogon etc]#

7.修改配置文件改成正确的目录名,编辑配置文件,将111test.com改为test.com

[root@bogon etc]# vim /usr/local/php-fpm/etc/php-fpm.d/www.conf 
[root@bogon etc]#

8.再次重启php-fpm,测试成功

[root@bogon etc]# /etc/init.d/php-fpm restart                        
Gracefully shutting down php-fpm . done
Starting php-fpm  done
[root@bogon etc]# curl -x127.0.0.1:80 test.com/sleep.php -I          
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Tue, 13 Feb 2018 07:49:46 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.6.30

[root@bogon etc]# 

php-fpm进程管理

1.打开一个php-fpm的配置文件。

[root@bogon etc]# vim php-fpm.d/www.conf 
[root@bogon etc]# 
[www]
listen = /tmp/php-fcgi.sock
;listen = 127.0.0.1:9000          
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic(进程以动态的形式启动,以下是他的配置,可以用静态static,那下面只有pm.max_children一行生效,一直保持50个子进程)
pm.max_children = 50(最大子进程数)
pm.start_servers = 20(一开始启动20个子进程)
pm.min_spare_servers = 5(定义空闲时段,最低不能低于5个子进程,如果达不到,会自动派生新的子进程)
pm.max_spare_servers = 35(定义空闲时段,最大值不能超过35个,如果高于35,会开始清理空闲子进程)
pm.max_requests = 500(定义一个子进程最多处理的请求数,高于这个数值,它会自动退出)
rlimit_files = 1024
request_slowlog_timeout = 1
slowlog = /usr/local/php-fpm/var/log/www-slow.log
php_admin_value[open_basedir]=/data/wwwroot/test.com:/tmp/

  

 

 

以上是关于LNMP架构四的主要内容,如果未能解决你的问题,请参考以下文章

验证码逆向专栏极验三代四代点选类验证码逆向分析

验证码逆向专栏某验四代文字点选验证码逆向分析

验证码逆向专栏某验四代消消乐验证码逆向分析

Nginx网站服务+LNMP架构及应用部署

Nginx网站服务+LNMP架构及应用部署

阿里云发布第四代神龙架构,提供业界首个大规模弹性RDMA加速能力