Objective:
With the development of the business, the original single-server architecture has not been able to support the existing business traffic, the study decided to split the existing services, and the application to do scale-out. The aim is to alleviate the stress caused by the concentration of services.
Architecture:
The front end uses Nginx as the Web service, the backend uses PHP-FPM as the application service, the database is MySQL
Application services can use multiple servers for clustering
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/8A/4F/wKiom1gtF9iwg0-zAABRTE-qvX0217.png "title=" 085121815.png "alt=" Wkiom1gtf9iwg0-zaabrte-qvx0217.png "/>
Preparatory work:
System for CentOS 6.8 x64 minimal
1 IP Partitioning
Web Services: 172.16.10.0/24
Application services: 172.16.20.0/24
Database services: 172.16.30.0/24
2 Updating the system
Yum Update-y
3 Installing Development tools
If you use the source code to compile the installation, you need to use the development tools during the compilation process. You can install the development tools directly, or you can install the appropriate development tools during compilation based on error prompts.
The Add development tool Build command is given here, but does not necessarily mean adding
Yum Groupinstall "Development tools"
4 Installing VIM Ntpdate
Vim is used to modify the configuration file, Ntpdate is used to synchronize the system time to ensure that the system time is the correct time
Yum Install vim ntpdate-yntpdate us.pool.ntp.org
5 Add Crond task, update system time every morning
Crontab-e
0 0 * * */usr/sbin/ntpdate us.pool.ntp.org
Service Crond Restart
The absolute path to the Ntpdate command is written here because Crontab finds the command by default in the/bin/directory
Installation:
There are two ways to install, one is to use the official library, one is to use the source code to compile
Simply say the difference between the source code compilation and the binary package
Binary package: An official or third-party binary package compiled with default parameters
Source code compilation: According to the requirements of the installation of relevant modules can be selected, as well as the addition of third-party modules, can also be adjusted for each parameter
Binary package installation is easier, source code compilation often encountered a missing dependency problem
The two installation methods are described separately
install using the official library :
Nginx stable version is now updated to 1.10.2
Nginx official http://nginx.org/
The official given binary package installation Guide http://nginx.org/en/linux_packages.html#stable
1 adding repo
Tee/etc/yum.repos.d/nginx.repo <<-' EOF ' [Nginx]name=nginx repobaseurl=http://nginx.org/packages/centos/6/$ Basearch/gpgcheck=1enabled=1eof
2 Adding a signature
Curl-o http://nginx.org/keys/nginx_signing.keyrpm--import Nginx_signing.key
3 Installing Nginx
Yum Updateyum Install Nginx
4 start Nginx and add services
Service Nginx startchkconfig--add nginx && chkconfig--level 2345 nginx on
Source Code Compilation Installation:
1 Download official source code and signature files
Curl-o Http://nginx.org/download/nginx-1.10.2.tar.gzcurl-O HTTP://NGINX.ORG/DOWNLOAD/NGINX-1.10.2.TAR.GZ.ASC
2 Verifying signatures
GPG--verify NGINX-1.10.2.TAR.GZ.ASC
You will see the following prompt and give the public key ID
Gpg:signature made Tue Oct 23:04:49 CST using RSA key ID a1c052f8gpg:can ' t check signature:no public key
Import Public Key ID
GPG--keyserver keys.gnupg.net--recv-key a1c052f8
Verify again
GPG--verify NGINX-1.10.2.TAR.GZ.ASC
Seeing a red font indicates successful validation
Gpg:signature made Tue Oct 23:04:49 CST using RSA key ID A1c052f8
Gpg:good signature from "Maxim dounin <[email protected]>"
Gpg:WARNING:This key isn't certified with a trusted signature!
Gpg:there is no indication, the signature belongs to the owner.
Primary key fingerprint:b0f4 2533 73f8 f6f5 10d4 2178 520A 9993 a1c0 52f8
3 Installing the Compilation tool
Yum install-y gcc gcc-c++ openssl-devel gd-devel
4 Downloads Pcre
wget Ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.39.tar.gz/usr/local/src/cd/usr/local/srctar ZXF pcre-8.39.tar.gz
5 Decompression
Tar zxf nginx-1.10.2.tar.gz
6 Configuration Compilation
CD nginx-1.10.2
./configure--prefix=/usr--sbin-path=/usr/sbin/nginx--conf-path=/etc/nginx/nginx.conf--error-log-path=/var/log/ Nginx/error.log--http-log-path=/var/log/nginx/access.log--pid-path=/var/run/nginx/nginx.pid--lock-path=/var/ Lock/nginx.lock--user=nginx--group=nginx--with-http_ssl_module--with-http_flv_module--with-http_stub_status_ Module--with-http_gzip_static_module--http-client-body-temp-path=/var/tmp/nginx/client/--http-proxy-temp-path= /var/tmp/nginx/proxy/--http-fastcgi-temp-path=/var/tmp/nginx/fcgi/--http-uwsgi-temp-path=/var/tmp/nginx/scgi/- -with-pcre=/usr/local/src/pcre-8.39--with-http_image_filter_module--with-file-aio--with-http_realip_module
7 compiling
Makemake Install
8 Configuring Startup Scripts
The official wiki gives a startup script that can be used directly, such as modifying the default path at compile time, and modifying the script accordingly
Https://www.nginx.com/resources/wiki/start/topics/examples/initscripts/?highlight=script%20nginx
Vim/etc/init.d/nginx
#!/bin/sh## nginx - this script starts and stops the nginx daemon## chkconfig: - 85 15# description: nginx is An http (s) server, http (s) reverse # proxy and IMAP/POP3 proxy server# Processname: nginx# config: /etc/nginx/nginx.conf# config: /etc/sysconfig/nginx# pidfile: /var/run/ Nginx.pid# source function library. /etc/rc.d/init.d/functions# source networking configuration. /etc/sysconfig/network# check that networking is up. [ "$NETWORKING" = "no" ] && exit 0nginx= "/usr/sbin/nginx" prog=$ ( basename $nginx) nginx_conf_file= "/etc/nginx/nginx.conf" [ -f /etc/sysconfig/nginx ] && . /etc/ Sysconfig/nginxlockfile=/var/lock/subsys/nginxmake_dirs () { # make required directories user= ' $nginx -V 2>&1 | grep ' configure arguments: " | sed s/[^*]*--user=\ ([^ ]*\). */\1/g ' -' if [ -z "' grep $user /etc/passwd '" ]; then useradd -M -s /bin/nologin $user fi options= ' $ nginx -v 2>&1 | grep ' configure arguments: ' for opt in $options; do if [ ' echo $opt | grep '. *-temp-path ' ]; then value= ' echo $opt | cut -d "=" -f 2 ' if [ ! -d "$value" ]; then # echo "Creating" $value mkdir -p $value && chown -r $user $value fi fi done}start () { [ -x $nginx ] | | exit 5 [ -f $NGINX _conf_file ] | | exit 6 make_dirs echo -n $ "Starting $ prog: " daemon $nginx -c $NGINX _conf_file Retval=$? echo [ $retval -eq 0 ] && touch $lockfile return $retval}stop () { echo -n $ "stopping $prog: " killproc $prog -QUIT retval=$? echo [ $retval -eq 0 ] && rm -f $lockfile return $retval}restart () { configtest | | return $? stop sleep 1 Start}reload () { configtest | | return $? echo -n $ "reloading $prog: " killproc $nginx -hup retval=$? echo}force_reload () { reStart}configtest () { $nginx -t -c $NGINX _conf_file}rh_status () { status $prog}rh_status_q () { rh_status >/dev/null 2>&1}case "$" in start) rh_status_q && exit 0 $1 ;; stop) rh_status_q | | exit 0 $1 ;; restart|configtest) $1 ;; reload) rh_status_q | | exit 7 $1 ;; force-reload) force_reload ;; status) rh_status ;; condrestart|try-restart) rh_status_q | | exit 0 ;; *) echo $ "Usage: $0 { Start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest} " exit 2esac
Modify Nginx Execute Permissions
chmod U+x/etc/init.d/nginx
Add Nginx Service
Chkconfig--add nginx && chkconfig--level 2345 nginx on
9 Firewall configuration
The Web service uses 80 ports by default, and after the Nginx service is configured, the firewall needs to be configured to open the 80 port service
Iptables-i input-p TCP--dport 80-j ACCEPT
Insert a rule in the input chain that accepts the TCP protocol port 80, where the default insertion is the first of the input chain
The Nginx service IP address can be accessed through the client browser to see if the configuration is successful, and if successful, you will see the Nginx default Welcome page
You can also view the header information via the Curl command, note the HTTP status code, and replace the NGINXIP with the actual IP address
Curl--head NGINXIP
Curl--head 172.16.10.10http/1.1 Okserver:nginx/1.10.2date:fri, 03:24:06 gmtcontent-type:text/htmlconte Nt-length:612last-modified:thu, 07:28:02 gmtconnection:keep-aliveetag: "582d5c02-264" accept-ranges:bytes
Note:
The./configure--help can be used to view the parameter description Help, configure the need to compile and close the unwanted modules
--with is needed,--without is not needed.
The new version adds support for dynamic modules, such as the compilation of dynamic load modules and the need to load modules in the configuration file when used
Load_module modules/ngx_mail_module.so;
--with-http_xslt_module=dynamic enable dynamic ngx_http_xslt_ module --with-http_image_filter_module=dynamic enable dynamic ngx_http_image_ Filter_module --with-http_geoip_module=dynamic enable dynamic ngx_http_ Geoip_module --with-http_perl_module=dynamic enable dynamic ngx_ http_perl_module --with-mail=dynamic enable dynamic POP3/IMAP4/SMTP proxy module --with-stream=dynamic enable dynamic tcp/udp proxy module --add-dynamic-module=path enable dynamic external module
--add-dynamic-module can add third-party modules, such as specifying a third-party module path to use
This article is from the "Morrowind" blog, make sure to keep this source http://morrowind.blog.51cto.com/1181631/1874186
LNMP (nginx php-fpm mysql) environment deployment--nginx