1、简述CGI与FASTCGI区别
- CGI处理客户端请求,会生成一个子进程来专门调用外部程序来处理客户端请求,处理完成,子进程会随之关闭
- FAST处理客户端请求时。服务器端本身就存在子进程来专门持续服务客户端请求,处理完客户端请求不会退出
- CGI处理高并发时生成大量子进程,导致服务器性能下降
- FASTCGI基于CGI的基础下改进,进程复用,持续高效的服务客户端,效率高,性能好
2、 编译安装基于fastcgi模式的多虚拟主机的wordpress和discuz的LAMP架构
2.1实现CentOS 7 编译安装基于 fastcgi 模式的多虚拟主机的wordpress和discuz的LAMP架构
2.2 环境准备
两台主机:
一台主机:httpd+php(fastcgi模式) IP:10.0.0.150
一台主机:mariadb 服务器 IP:10.0.0.151
软件版本:
CentOS 7.9
mariadb-10.2.31-linux-x86_64.tar.gz 通用二进制格式
apr-1.7.0.tar.bz2
apr-util-1.6.1.tar.bz2
httpd-2.4.46.tar.gz
php-7.4.28.tar.xz
wordpress-5.9.2-zh_CN.tar.gz
Discuz_X3.4_SC_UTF8_20220131.zip
2.3实验步骤
2.3.1 二进制安装 mariadb-10.2.31(在IP:10.0.151的主机)
useradd -r -s /sbin/nologin mysql
tar -xvf mariadb-10.2.31-linux-x86_64.tar.gz -C /usr/local
cd /usr/local/
ls
bin etc games include lib lib64 libexec mariadb-10.2.31-linux-x86_64 sbin share src
ln -sv mariadb-10.2.31-linux-x86_64 mysql
‘mysql’ -> ‘mariadb-10.2.31-linux-x86_64’
ls
bin games lib libexec mysql share
etc include lib64 mariadb-10.2.31-linux-x86_64 sbin src
chown -R root.root ./*
mkdir /data/mysql -p
chown -R mysql.mysql /data/mysql
mkdir /etc/mysql
pwd
/usr/local/mysql
cp support-files/my-huge.cnf /etc/mysql/my.cnf
vim /etc/mysql/my.cnf
[mysqld]
#加下面行
datadir =/data/mysql
skip_name_resolve = ON
#准备PATH变量
[root@centos7-2 mysql] vim /etc/profile.d/lamp.sh
#!/bin/bash
PATH=/usr/local/mysql/bin/:$PATH
"/etc/profile.d/lamp.sh" [New] 12L, 486C written
. /etc/profile.d/lamp.sh
pwd
/usr/local/mysql
cd /usr/local/mysql
scripts/mysql_install_db --user=mysql --datadir=/data/mysql/
cp support-files/mysql.server /etc/init.d/mysqld
chkconfig --add mysqld
service mysqld start
Starting MariaDB.220312 04:47:08 mysqld_safe Logging to '/var/log/mariadb/mariadb.log'.
220312 04:47:09 mysqld_safe Starting mysqld daemon with databases from /data/mysql
[ OK ]
#为wordpress和discuz准备数据库和用户
mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 10.2.31-MariaDB-log MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database wordpress_blog;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> create database discuz_forum;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| discuz_forum |
| information_schema |
| mysql |
| performance_schema |
| test |
| wordpress_blog |
+--------------------+
6 rows in set (0.00 sec)
MariaDB [(none)]> grant all on wordpress_blog.* to blog@'10.0.0.*' identified by '123456';
Query OK, 0 rows affected, 1 warning (0.00 sec)
MariaDB [(none)]> grant all on discuz_forum.* to forum@'10.0.0.*' identified by '123456';
Query OK, 0 rows affected, 1 warning (0.00 sec)
2.3.2编译安装 httpd 2.4
#安装相关包
yum install gcc pcre-devel openssl-devel expat-devel -y
#编译安装httpd
tar xvf apr-1.7.0.tar.bz2
tar xvf apr-util-1.6.1.tar.bz2
tar xvf httpd-2.4.46.tar.bz2
mv apr-1.7.0 httpd-2.4.46/srclib/apr
mv apr-util-1.6.1 httpd-2.4.46/srclib/apr-util
cd httpd-2.4.46
./configure --prefix=/apps/httpd \
--enable-so \
--enable-ssl \
--enable-cgi \
--enable-rewrite \
--with-zlib \
--with-pcre \
--enable-modules=most \
--enable-mpms-shared=all \
--with-mpm=prefork \
--with-included-apr
lscpu
make -j 2
make install
#配置PATH变量
vim /etc/profile.d/lamp.sh
PATH=/usr/local/mysql/bin/:/app/httpd24/bin:$PATH
. /etc/profile.d/lamp.sh
vim /app/httpd24/conf/httpd
#修改下面两行
user apache
group apache
apachectl start
vim /usr/lib/systemd/system/httpd.service
[Unit]
Description=The Apache HTTP Server
After=network.target remote-fs.target nss-lookup.target
Documentation=man:httpd(8)
Documentation=man:apachectl(8)
[Service]
Type=forking
#EnvironmentFile=/etc/sysconfig/httpd
ExecStart=/apps/httpd/bin/apachectl start
#ExecStart=/apps/httpd/bin/httpd $OPTIONS -k start
ExecReload=/apps/httpd/bin/apachectl graceful
#ExecReload=/apps/httpd/bin/httpd $OPTIONS -k graceful
ExecStop=/apps/httpd/bin/apachectl stop
KillSignal=SIGCONT
PrivateTmp=true
[Install]
WantedBy=multi-user.target
2.3.3 编译安装 fastcgi 方式的 php 7.4
#php 7.4 相关包
yum -y install gcc libxml2-devel bzip2-devel libmcrypt-devel sqlite-devel
#php7.4 编译
tar xvf php-7.4.28.tar.xz
cd php-7.4.28/
./configure \
--prefix=/apps/php \
--enable-mysqlnd \
--with-mysqli=mysqlnd \
--with-pdo-mysql=mysqlnd \
--with-openssl \
--with-zlib \
--with-config-file-path=/etc \
--with-config-file-scan-dir=/etc/php.d \
--enable-mbstring \
--enable-xml \
--enable-sockets \
--enable-fpm \
--enable-maintainer-zts \
--disable-fileinfo
#配置PATH变量
vim /etc/profile.d/lamp.sh
PATH=/apps/php/bin:/apps/httpd/bin:$PATH
. /etc/profile.d/lamp.sh
#准备php配置文件和启动文件
cp php.ini-production /etc/php.ini
cp sapi/fpm/php-fpm.service /usr/lib/systemd/system/
cd /apps/php/etc
cp php-fpm.conf.default php-fpm.conf
cd php-fpm.d/
cp www.conf.default www.conf
#修改进程所有者
vim /apps/php/etc/php-fpm.d/www.conf
user apache
group apache
#支持status和ping页面
pm.status_path = /fpm_status
ping.path = /ping
#支持opcache加速
mkdir /etc/php.d/
vim /etc/php.d/opcache.ini
[opcache]
zend_extension=opcache.so
opcache.enable=1
systemctl daemon-reload
systemctl status php-fpm.service
systemctl enable --now php-fpm.service
2.3.4 修改配置 httpd 支持 php-fpm
vim /apps/httpd/conf/httpd.conf
#取消下面两行的注释
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
#修改下面行
<IfModule dir_module>
DirectoryIndex index.php index.html
</IfModule>
#加下面三行
AddType application/x-httpd-php .php
#AddType application/x-httpd-php-source .phps
ProxyRequests Off
#实现第一个虚拟主机
<virtualhost *:80>
servername blog.magedu.org
documentroot /data/wordpress
<directory /data/wordpress>
require all granted
</directory>
ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/data/wordpress/$1
#实现status和ping页面
ProxyPassMatch ^/(fpm_status|ping)$ fcgi://127.0.0.1:9000/$1
CustomLog "logs/access_wordpress_log" common
</virtualhost>
#第二个虚拟主机
<virtualhost *:80>
servername forum.magedu.org
documentroot /data/discuz
<directory /data/discuz/>
require all granted
</directory>
ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/data/discuz/$1
CustomLog "logs/access_discuz_log" common
</virtualhost>
apachectl restart
2.3.5 准备wordpress和discuz! 相关文件
#准备wordpress程序文件
mkdir /data/
tar xvf wordpress-5.9.2-zh_CN.tar.gz
mv wordpress/ /data
setfacl –R –m u:apache:rwx /data/wordpress/
#或者chown –R apache.apache /data/wordpress
#准备discuz!程序文件
unzip Discuz_X3.4_SC_UTF8_20220131.zip
mv DiscuzX/upload/ /data/discuz
setfacl -R -m u:apache:rwx /data/discuz/
7.2.3.5 测试访问
vim /etc/hosts
10.0.0.153 blog.jlj.com/ forum.jlj.com
2.3.6修改成UDS模式
vim /apps/php/etc/php-fpm.d/www.conf
;listen = 127.0.0.1:9000
listen = /run/php-fpm.sock
listen.owner = apache
listen.group = apache
listen.mode = 0660
systemctl restart php-fpm
ll /run/php-fpm.sock
srw-rw---- 1 apache apache 0 Dec 14 11:11 /run/php-fpm.sock
vim /apps/httpd/conf/httpd.conf
<virtualhost *:80>
servername blog.magedu.org
documentroot /data/wordpress
<directory /data/wordpress>
require all granted
</directory>
#ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/data/wordpress/$1
ProxyPassMatch ^/(.*\.php)$ "unix:/run/phpfpm.
sock|fcgi://localhost/data/wordpress/"
#ProxyPassMatch ^/(fpm_status|ping)$ fcgi://127.0.0.1:9000/$1
ProxyPassMatch ^/(fpm_status|ping)$ "unix:/run/php-fpm.sock|fcgi://localhost/"
CustomLog "logs/access_wordpress_log" common
</virtualhost>
<virtualhost *:80>
servername forum.magedu.org
documentroot /data/discuz
<directory /data/discuz>
require all granted
</directory>
#ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/data/discuz/$1
ProxyPassMatch ^/(.*\.php)$ "unix:/run/phpfpm.
sock|fcgi://localhost/data/discuz/"
#ProxyPassMatch ^/(fpm_status|ping)$ fcgi://127.0.0.1:9000/$1
ProxyPassMatch ^/(fpm_status|ping)$ "unix:/run/php-fpm.sock|fcgi://localhost/"
CustomLog "logs/access_discuz_log" common
</virtualhost>
systemctl restart httpd
3、通过loganalyzer展示数据库中的日志
利用rsyslog日志服务,将收集的日志记录于MySQL中
两台主机
- 一台:rsyslog日志服务器,IP:10.0.0.152
- 一台:mariadb数据库服务器,IP:10.0.0.154
在rsyslog服务器上安装连接mysql模块相关的程序包
yum install rsyslog-mysql
scp /usr/share/doc/rsyslog/mysql-createDB.sql 10.0.0.154:/data
准备MySQL Server
yum install mariadb-server
#在mariadb数据库服务器上创建相关数据库和表,并授权rsyslog能连接至当前服务器
mysql
mysql>source /data/mysql-createDB.sql
mysql>GRANT ALL ON Syslog.* TO 'rsyslog'@'10.0.0.%' IDENTIFIEDBY '123456';
配置日志服务器将日志发送至指定数据库
#配置rsyslog将日志保存到mysql中
vim /etc/rsyslog.conf
####MODULES####
#在 MODULES 语言下面,如果是 CentOS 8 加下面行
module(load="ommysql")
#在 MODULES 语言下面,如果是 CentOS 7,6 加下面行
$ModLoad ommysql
#在RULES语句块加下面行的格式
#facility.priority :ommysql:DBHOST,DBNAME,DBUSER, PASSWORD
*.info :ommysql:10.0.0.18,Syslog,rsyslog,123456
systemctl restart rsyslog.service
测试
#在日志服务器上生成日志
logger "this is a test log"
#在数据库上查询到上面的测试日志
MariaDB [(none)]> use Syslog
Database changed
MariaDB [Syslog]> SELECT COUNT(*) FROM SystemEvents;
+----------+
| COUNT(*) |
+----------+
| 17 |
+----------+
1 row in set (0.00 sec)
通过 loganalyzer 展示数据库中的日志
- 三台主机
- 一台日志服务器 IP:10.0.0.152,
- 一台数据库服务器 IP:10.0.0.154
- 一台当httpd+php 服务器,并安装loganalyzer展示web图形,IP:10.0.0.151
在10.0.0.154主机上安装httpd, php和相关软件包
yum -y install httpd php-fpm php-mysqlnd php-gd
systemctl enable --now httpd php-fpm
在10.0.0.28主机上安装LogAnalyzer
tar xvf loganalyzer-4.1.10.tar.gz
mv loganalyzer-4.1.10/src/ /var/www/html/log
touch /var/www/html/log/config.php
chmod 666 /var/www/html/log/config.php
基于 web 页面初始化
访问http://10.0.0.28/log 实现初始化
安全加固
chmod 644 /var/www/html/log/config.php
