CentOS 7, lamp (php-fpm);(Blog 15)

要求:
(1) 三者分离于三台主机;
(2) 一个虚拟主机用于提供phpMyAdmin;另一个虚拟主机用于提供wordpress;
(3) xcache

HTTP反代动态资源至fpm

程序包:httpd php-fpm php-mysql mariadb-server

172.16.0.67 httpd
172.16.0.68 fpm, php-mysql
172.16.0.69 mariadb-server

172.16.0.67 httpd
# yum install httpd
# systemctl start httpd.service
# ss -tnl
测试访问: http://172.16.0.67/
iptables -F
setenforce 0

提供虚拟主机:
# vim /etc/httpd/conf.d/ilinux.conf
<VirtualHost *:80>
ServerName www.ilinux.io
DocumentRoot “/data/web/ilinux”
<Directory “/data/web/linux”>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
CustomLog logs/ilinux_access_log combined
ErrorLog logs/ilinux_error_log
</VirtualHost>

# cp /etc/httpd/conf.d/ilinux.conf /etc/httpd/conf.d/iunix.conf
# sed -i ‘s,linux,unix,g’ iunix.conf

提供测试页面测试:
# mkdir -pv /data/web/i{linux,unix}
# echo “<h1>hi! unix.</h1>” > /data/web/iunix/index.html
# echo “<h1>hi! linux.</h1>” > /data/web/ilinux/index.html
# httpd -t
# systemctl restart httpd.service
访问:www.ilinux.io www.iunix.io

172.16.0.68 php-fpm, php-mysql
配置yum源:
[base]
name=base repo
#baseurl=file:///media/cdrom
baseurl=http://mirrors.aliyun.com/centos/7/os/x86_64/
gpgcheck=0
enabled=1

[epel]
name=epel repo
baseurl=http://mirrors.aliyun.com/epel/7/x86_64/
gpgcheck=0
enabled=1

~]# yum install php-fpm php-mysql php-mbstring php-mcrypt php-zlib
php-mbstring: 多字节字符支持
php-mcrypt: 整合Libmcrpt至php加密传输
php-zlib: 压缩传输

程序环境:
# rpm -ql php-fpm
/etc/logrotate.d/php-fpm
/etc/php-fpm.conf
/etc/php-fpm.d/www.conf
/etc/sysconfig/php-fpm

配置格式:
listen = 127.0.0.1:9000 跨主机需要修改,
ip 监听在指定地址上,与非本机通信,要监听在能通信的地址上;
port: 监听在所有地址上;
listen.allowd_clients = 127.0.0.1 授权哪些来连接
pm.status_path = /pmstatus 内建的状态页
ping.path = /ping 内建的
ping.response = pong 健康状态
php_value[session.save_path] = /var/lib/php/session
保存会话持久位置;
目录的属主的属组为apache用户

修改配置:
listen = 172.16.0.68:9000 <–只能是ip地址,不能是网络地址
listen.allowed_clients = 172.16.0.67 <–只能是ip地址,不能是网络地址
pm = dynamic <–动态是prefork模型
ping.path = /ping [启用 ]
ping.response = pong [启用 ]
pm.status_path = /pmstatus [启用 ]
php_value[session.save_path] = /var/lib/php/session [创建修改属主或属组]

创建所需目录:
# mkdir -pv /var/lib/php/session
# chown apache:apache /var/lib/php/session

启动:
# systemctl start php-fpm.service
# ss -tnl

172.16.0.67主机中,在虚拟机中添加反代至fcgi服务器的选项:
# vim /etc/httpd/conf.d/ilinux.conf
DirectoryIndex index.php
<VirtualHost *:80>
ServerName www.ilinux.io
DocumentRoot “/data/web/ilinux”
ProxyRequests Off
ProxyPassMatch ^/(.*\.php)$ fcgi://172.16.0.68:9000/data/web/ilinux/$1

<Directory “/data/web/ilinux”>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
CustomLog logs/ilinux_access_log combined
ErrorLog logs/ilinux_error_log
</VirtualHost>
# cp /etc/httpd/conf.d/ilinux.conf /etc/httpd/conf.d/iunix.conf
# sed -i ‘s,linux,unix,g’ iunix.conf
# httpd -t
# systemctl restart httpd.service
注意:先测试能否访问index.html:
www.ilinux.io/index.html
www.iunix.io/index.html

172.16.0.68的主机中/data/web/ilinux/添加php测试页:
# mkdir -pv /data/web/i{linux,unix}
# vim /data/web/ilinux/index.php
<html>
<title>Test Page</title>
<body>
<h1>Welcome to MageEdu</h1>
<h2>PHP Info Page</h2>
<?php
phpinfo();
?>
</body>
</html>
# cp /data/web/ilinux/index.php /data/web/iunix/index.php

网页测试: www.ilinux.io/index.php
www.iunix.io/index.php

172.16.0.69 mariadb-server
~]# vim /etc/my.cnf.d/server.cnf
[mysqld]
skip_name_resolve=on
innodb_file_per_table=on
log_bin=mysql-bin

~]# systemctl start mariadb.service
~]# ss -tnl
~]# mysql_secure_installation
~]# mysql -uroot -h127.0.0.1 -pmagedu
Welcome to the MariaDB monitor. Commands end with ; or \g.

MariaDB [(none)]>

添加用户提供wordpress数据库:
> CREATE DATABASE wordpress;
> GRANT ALL ON wordpress.* TO ‘wpuser’@’172.16.%.%’ IDENTIFIED BY ‘wppass’;
> FLUSH PRIVILEGES;

172.16.0.67主机上测试连接:
# mysql -uwpuser -h172.16.0.69 -pwppass
ERROR 2003 (HY000): Can’t connect to MySQL server on ‘172.16.0.69’ (113)
~]# iptables -F (172.16.0.69)
# mysql -uwpuser -h172.16.0.69 -pwppass
MariaDB [(none)]>

用php连接mysql
172.16.0.68
~]# vim /data/web/ilinux/php-mysql.php
<?php
$conn = mysql_connect(‘172.16.0.69′,’wpuser’,’wppass’);
if ($conn)
echo “OK”;
else
echo “False”;
?>
~]# cp /data/web/ilinux/php-mysql.php /data/web/iunix/php-mysql.php
网页访问: www.ilinux.io/php-mysql.php www.iunix.io/php-mysql.php

(2) 一个虚拟主机用于提供phpMyAdmin;另一个虚拟主机用于提供wordpress;
(3) xcache

注意: wordpress-4.9.1-zh_CN.tar.gz phpMyAdmin-4.0.10.20-all-languages.zip 已经下载至httpd和php-fpm的两个DocumentRoot目录中;

进入httpd主机的ilinux DocumentRoot目录;
172.16.0.68:
# tar xf wordpress-4.9.1-zh_CN.tar.gz
# ln -sv wordpress wp
# cp wp/wp-config-sample.php wp/wp-config.php
# vim wp/wp-config.php
define(‘DB_NAME’, ‘wordpress’);
define(‘DB_USER’, ‘wpuser’);
define(‘DB_PASSWORD’, ‘wppass’);
define(‘DB_HOST’, ‘172.16.0.69’);
因为动态内容在php-fpm,所以在那个主机有相同的目录
172.16.0.68:
# tar xf wordpress-4.9.1-zh_CN.tar.gz
# ln -sv wordpress wp
# cp wp/wp-config-sample.php wp/wp-config.php
# vim wp/wp-config.php
define(‘DB_NAME’, ‘wordpress’);
define(‘DB_USER’, ‘wpuser’);
define(‘DB_PASSWORD’, ‘wppass’);
define(‘DB_HOST’, ‘172.16.0.69’);
网络访问: http://www.ilinux.io/wp

上传权限取决于apache用户于wp-content目录; 一般是静态资源所以只对172.16.0.68进行赋权;
172.16.0.68: # setfacl -R -m u:apache:rwx wp-content

提供phpMyadmin
# unzip phpMyAdmin-4.0.10.20-all-languages.zip
# ln -sv phpMyAdmin-4.0.10.20-all-languages pma
# cp pma/config.sample.inc.php pma/config.inc.php
$cfg[‘Servers’][$i][‘host’] = ‘172.16.0.69’;

因为动态内容在php-fpm,所以在那个主机有相同的目录
# unzip phpMyAdmin-4.0.10.20-all-languages.zip
# ln -sv phpMyAdmin-4.0.10.20-all-languages pma
# cp pma/config.sample.inc.php pma/config.inc.php
$cfg[‘Servers’][$i][‘host’] = ‘172.16.0.69’;

网页访问时,roo没有远程访问的权限;需要授权:
或者用wpuser, wppass登陆也行

(3) 提供xcache
先用ab压测;
172.16.0.69
# yum -y install httpd (提供ab命令)
# ab -n 10000 -c 10 http://172.16.0.67/pma/index.php

测试3次:
Server Software: Apache/2.4.6
Server Hostname: 172.16.0.67
Server Port: 80

Document Path: /pma/index.php
Document Length: 16 bytes

Concurrency Level: 100
Time taken for tests: 37.842 seconds
Complete requests: 10000
Failed requests: 0
Write errors: 0
Non-2xx responses: 10000
Total transferred: 1 950 000 bytes
HTML transferred: 160000 bytes
Requests per second: 264.26 [#/sec] (mean) 每秒264请求
Time per request: 378.421 [ms] (mean) 平均每批请求
Time per request: 3.784 [ms] (mean, across all concurrent requests) 平均每个请求
Transfer rate: 50.32 [Kbytes/sec] received

Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 2 150.6 0 15029
Processing: 1 312 2882.0 63 33129
Waiting: 1 312 2882.0 62 33129
Total: 1 315 2886.3 63 33130

172.16.0.68:添加xcache模块
# yum install php-xcache
php-xcache x86_64 3.1.1-1.el7 epel
# systemctl restart php-fpm.service

测试3次:
Server Software: Apache/2.4.6
Server Hostname: 172.16.0.67
Server Port: 80

Document Path: /pma/index.phpa
Document Length: 212 bytes

Concurrency Level: 1000
Time taken for tests: 0.903 seconds
Complete requests: 1000
Failed requests: 0
Write errors: 0
Non-2xx responses: 1000
Total transferred: 391000 bytes
HTML transferred: 212000 bytes
Requests per second: 1108.00 [#/sec] (mean) 每秒264请求
Time per request: 902.528 [ms] (mean) 平均每批请求
Time per request: 0.903 [ms] (mean, across all concurrent requests) 平均每个请求
Transfer rate: 423.07 [Kbytes/sec] received

Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 15 19.9 0 65
Processing: 4 110 157.0 27 828
Waiting: 4 110 157.0 27 828
Total: 17 125 170.7 27 828

Percentage of the requests served within a certain time (ms)
50% 27
66% 41
75% 288
80% 300
90% 483
95% 491
98% 495
99% 497
100% 828 (longest request)

本文来自投稿,不代表Linux运维部落立场,如若转载,请注明出处:http://www.178linux.com/90440

(1)
逆神阳逆神阳
上一篇 2017-12-20
下一篇 2017-12-20

相关推荐

  • iptables 实现应用层过滤

        在linux环境中,工作于内核空间的netfilter和工作于用户空间的iptables共同组成了其功能强大且操作灵活的防火墙系统,对进出主机或内外网之间的流量基于IP地址、通信协议、端口以及连接状态等进行管控,然而,对于一些使用非固定端口或者通信协议的应用程序,默认是没有办法做限制的,比如聊天软件QQ、下载工具迅雷等,不过我们可…

    Linux干货 2015-07-10
  • 8月5日作业

    课堂练习: 1、找出ifconfig命令结果中本机的所有IPv4地址 [root@localhost ~]# ifconfig | tr -s " " |head -2 | tail -1 |cut …

    Linux干货 2016-08-15
  • iptables详解

    iptables命令: iptables [-t table] {-A|-C|-D} chain rule-specification iptables [-t table] -I chain [rulenum] rule-specification iptables [-t table] -R chain rulenum rule-specificatio…

    Linux干货 2017-11-12
  • 学习宣言

    世界上没有笨的人,只有不勤奋的人。严格按照学习计划要求自己,努力完成学业,为自己以后的职业发展铺平道路;

    Linux干货 2016-10-25
  • 萧田国给你五个2017GOPS北京站的参会理由!

    2017年7月28日,GOPS全球运维大会即将开幕,发起人萧田国将在主会场发表题为《运维如何延续自己的职业生涯》演讲,参加第七届北京站您会有哪些收益? 收益一: 【长达半天时间的培训式演讲】让您系统性掌握顶级互联网自动化运维体系 收益二: 【腾讯智能运维】传奇背后的细节,听了才知道 收益三: 与Facebook、Twitter、BATJ等运维大咖【面对面深度…

    Linux干货 2017-07-24
  • 文件管理的相关命令使用及标准I/O,管道,diff及文件工具的使用

    mkdir 创建目录-p: 存在于不报错可自动创建所需的各目录 (递归创建)mkdir -p a/d/c/b-m: mode 创建时指定权限  # mkdir -m 777 filename       rmdir删除空目录 -p 递归删除空目录 touch 当文件不存在时,则创建一个空文…

    2017-07-29