nginx 1.4.0 默认配置文件分析

 未分类  No Responses »
5 月 072013
 

1

#user  nobody;
worker_processes  1;

2

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

3

#pid        logs/nginx.pid;

4

events {
 worker_connections  1024;
}

5

http {
 include       mime.types;
 default_type  application/octet-stream;
#log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
 #                  '$status $body_bytes_sent "$http_referer" '
 #                  '"$http_user_agent" "$http_x_forwarded_for"';
#access_log  logs/access.log  main;
sendfile        on;
 #tcp_nopush     on;
#keepalive_timeout  0;
 keepalive_timeout  65;
#gzip  on;
server {
 listen       80;
 server_name  localhost;
#charset koi8-r;
#access_log  logs/host.access.log  main;
location / {
 root   html;
 index  index.html index.htm;
 }
#error_page  404              /404.html;
# redirect server error pages to the static page /50x.html
 #
 error_page   500 502 503 504  /50x.html;
 location = /50x.html {
 root   html;
 }
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
 #
 #location ~ \.php$ {
 #    proxy_pass   http://127.0.0.1;
 #}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
 #
 #location ~ \.php$ {
 #    root           html;
 #    fastcgi_pass   127.0.0.1:9000;
 #    fastcgi_index  index.php;
 #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
 #    include        fastcgi_params;
 #}
# deny access to .htaccess files, if Apache's document root
 # concurs with nginx's one
 #
 #location ~ /\.ht {
 #    deny  all;
 #}
 }
# another virtual host using mix of IP-, name-, and port-based configuration
 #
 #server {
 #    listen       8000;
 #    listen       somename:8080;
 #    server_name  somename  alias  another.alias;
#    location / {
 #        root   html;
 #        index  index.html index.htm;
 #    }
 #}
# HTTPS server
 #
 #server {
 #    listen       443;
 #    server_name  localhost;
#    ssl                  on;
 #    ssl_certificate      cert.pem;
 #    ssl_certificate_key  cert.key;
#    ssl_session_timeout  5m;
#    ssl_protocols  SSLv2 SSLv3 TLSv1;
 #    ssl_ciphers  HIGH:!aNULL:!MD5;
 #    ssl_prefer_server_ciphers   on;
#    location / {
 #        root   html;
 #        index  index.html index.htm;
 #    }
 #}
}

获取nginx的性能状态信息

在编译nginx过程中需启用–with-http_stub_status_module参数

查看当前安装Nginx的版本与配置信息

[root@localhost conf]# export PATH=/usr/local/nginx/sbin/:$PATH
[root@localhost conf]# nginx -V
nginx version: nginx/1.4.0
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC)
TLS SNI support enabled
configure arguments: –prefix=/usr/local/nginx –with-http_stub_status_module
–with-http_ssl_module –with-pcre=../pcre-8.32/
–with-zlib=../zlib-1.2.8 –with-openssl=../openssl-1.0.1e
[root@localhost conf]#

添加

location /status {
stub_status on;
access_log  off;
allow 192.168.244.0/24;
deny all;
}

nginx-140-config-01

服务器文件列表
[root@localhost conf]# pwd
/usr/local/nginx/conf
[root@localhost conf]# mkdir ../html/pub
[root@localhost conf]# touch ../html/pub/hello.txt

location /pub   {
autoindex on;
autoindex_exact_size on;
autoindex_localtime off;
}

nginx-140-config-02

检测配置文件正确性

[root@localhost conf]# nginx -t -c /usr/local/nginx/conf/nginx.conf
nginx: [emerg] unexpected end of file, expecting “}” in /usr/local/nginx/conf/nginx.conf:131
nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
[root@localhost conf]#

nginx-140-config-03

[root@localhost conf]# nginx -t -c /usr/local/nginx/conf/nginx.conf
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost conf]#

 

About FastCGI

 未分类  No Responses »
5 月 072013
 

About FastCGI

FastCGI is simple because it is actually CGI with only a few extensions.
Like CGI, FastCGI is also language-independent. For instance, FastCGI provides a way to improve the performance of the thousands of Perl applications that have been written for the Web.
Like CGI, FastCGI runs applications in processes isolated from the core Web server, which provides greater security than APIs. (APIs link application code into the core Web server, which means that a bug in one API-based application can corrupt another application or the core server; a malicious API-based application can, for example, steal key security secrets from another application or the core server.)
Although FastCGI cannot duplicate the universality of CGI overnight, the FastCGI developers are committed to propagating FastCGI as an open standard. To that end, free FastCGI application libraries (C/C++, Java, Perl, Tcl) and upgrade modules for popular free servers (Apache, ISS, Lighttpd) are available.
Like CGI, FastCGI is not tied to the internal architecture of any Web server and is therefore stable even when server technology changes. An API reflects the internal architecture of a Web server, so when that architecture changes, so does the API.

Not only does FastCGI restore the strengths of CGI, it also adds two new benefits:

Distributed computing: Companies can run their FastCGI application on a different machine from the one on which they run their Web server. Distributed computing is a proven technique for scaling, linking to existing corporate systems, improving system availability, and improving security via compartmentalization, such as firewalls.
Multiple and extensible roles: CGI applications compute the response to an HTTP request. FastCGI applications can do that and more, such as perform modular authentication and authorization checks and translate data from one type to another. FastCGI is designed so that more roles can be introduced in the future.

http://www.fastcgi.com/drupal/

Nginx与Apache并行处理web请求

 未分类  No Responses »
5 月 062013
 

编译安装apache

[root@localhost ~]# yum install perl gcc make
[root@localhost ~]# groupadd -r apache
[root@localhost ~]# useradd -r -M -g apache apache
[root@localhost ~]# tar xzf httpd-2.2.24.tar.gz
[root@localhost ~]# cd httpd-2.2.24
[root@localhost httpd-2.2.24]# ./configure --prefix=/usr/local/apache \
 > --enable-so --enable-rewrite
[root@localhost httpd-2.2.24]# make
[root@localhost httpd-2.2.24]# make install

编译安装php

[root@localhost ~]# tar xzf php-5.2.17.tar.gz
[root@localhost ~]# cd php-5.2.17
[root@localhost php-5.2.17]# yum install libxml2-devel
[root@localhost php-5.2.17]# yum install gd-devel libpng-devel libjpeg-devel
[root@localhost php-5.2.17]# ./configure --prefix=/usr/local/php \
 > --with-apxs2=/usr/local/apache/bin/apxs \
 > --enable-fastcgi --enable-mbstring \
 > --with-gd=/usr/ --with-png-dir=/usr/ --with-jpeg-dir=/usr/
[root@localhost php-5.2.17]# make
[root@localhost php-5.2.17]# make install
[root@localhost php-5.2.17]# cp php.ini-dist /usr/local/php/lib/php.ini

编译安装nginx

[root@localhost ~]# tar xzf nginx-1.4.0.tar.gz
[root@localhost ~]# tar xzf openssl-1.0.1e.tar.gz
[root@localhost ~]# tar xzf zlib-1.2.8.tar.gz
[root@localhost ~]# tar xzf pcre-8.32.tar.gz
[root@localhost nginx-1.4.0]# cd nginx-1.4.0
[root@localhost nginx-1.4.0]# yum install gcc-c++
[root@localhost nginx-1.4.0]# ./configure --prefix=/usr/local/nginx \
 > --with-http_stub_status_module --with-http_ssl_module \
 > --with-pcre=../pcre-8.32/ --with-zlib=../zlib-1.2.8 \
 > --with-openssl=../openssl-1.0.1e
[root@localhost nginx-1.4.0]# make
[root@localhost nginx-1.4.0]# make install

修改nginx配置文件

#location ~ \.php$ {
 #    proxy_pass   http://127.0.0.1;
 #}
location ~ \.php$ {
 proxy_pass   http://127.0.0.1:8080;
 }

修改apache配置文件

[root@localhost ~]# vi /usr/local/apache/conf/httpd.conf
 Listen 8080
User apache
Group apache
ServerName 127.0.0.1:8080
<IfModule dir_module>
 DirectoryIndex index.php
</IfModule>
AddType application/x-httpd-php .php
#DocumentRoot "/usr/local/apache/htdocs"
DocumentRoot "/usr/local/nginx/html"
#<Directory "/usr/local/apache/htdocs">
#    Options Indexes FollowSymLinks
#    AllowOverride None
#    Order allow,deny
#    Allow from all
#</Directory>
<Directory "/usr/local/nginx/html">
 Options Indexes FollowSymLinks
 AllowOverride None
 Order allow,deny
 Allow from all
</Directory>

启动apache并查看监听

[root@localhost ~]# /usr/local/apache/bin/apachectl start
[root@localhost ~]# netstat -lutn |grep 8080
 tcp        0      0 :::8080                     :::*                        LISTEN
[root@localhost ~]#

启动nginx并查看监听

[root@localhost ~]# /usr/local/nginx/sbin/nginx
[root@localhost ~]# netstat -lut |grep http
 tcp        0      0 *:http                      *:*                         LISTEN
[root@localhost ~]#

创建php测试文件

[root@localhost ~]# vi /usr/local/nginx/html/hello.php
 <?php phpinfo(); ?>

nginx-apache-0201

访问http://192.168.244.135/index.html后的nginx日志记录

[root@localhost ~]# cat /usr/local/nginx/logs/access.log
192.168.244.1 - - [06/May/2013:16:53:22 +0800] "GET / HTTP/1.1" 200 612 "-"
 "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0"

nginx-apache-0202

访问http://192.168.244.135/hello.php后的apache日志记录

[root@localhost ~]# cat /usr/local/apache/logs/access_log
 127.0.0.1 - - [06/May/2013:19:09:00 +0800] "GET /hello.php HTTP/1.0" 200 43026
 127.0.0.1 - - [06/May/2013:19:09:00 +0800] "GET
 /hello.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 HTTP/1.0" 200 2524
 127.0.0.1 - - [06/May/2013:19:09:00 +0800] "GET
 /hello.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 HTTP/1.0" 200 2146

freeradius服务器基本安装与配置

 未分类  No Responses »
5 月 022013
 

yum install gcc make openssl-devel

[root@localhost etc]# cd /usr/local/fr/etc/raddb/
[root@localhost raddb]# ls
acct_users                 clients.conf       ldap.attrmap    sites-available
attrs                      dictionary         modules         sites-enabled
attrs.access_challenge     eap.conf           policy.conf     sql
attrs.access_reject        example.pl         policy.txt      sql.conf
attrs.accounting_response  experimental.conf  preproxy_users  sqlippool.conf
attrs.pre-proxy            hints              proxy.conf      templates.conf
certs                      huntgroups         radiusd.conf    users
[root@localhost raddb]# vi users

testing Cleartext-Password :=”password”

[root@localhost raddb]# ../../bin/radtest testing password 127.0.0.1 0 testing123
Sending Access-Request of id 185 to 127.0.0.1 port 1812
User-Name = “testing”
User-Password = “password”
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=185, length=20
[root@localhost raddb]#

 Newer Entries