php-fpm和nginx平滑重启

1.php-fpm 平滑重启

保留主进程,杀死子进程。给php-fpm发送重启信号kill -USR2 pid  这个pid既可以是master进程的pid,也可以是worker进程的pid,如果是master进程的pid就会吧所有worker进程重启,如果是worker进程的pid就是只重启当个worker进程,

如果在php-fpm.conf文件配置的process_control_timeout时间内子进程没有退出,那么master进程会升级SIGQUIT为SIGTERM,SIGTERM为SIGKILL,并注册1s的定时事件。SIGKILL就直接终止worker进程了,SIGTERM还能再给worker进程1s的时间。

发送重启信号是会通知master,master获取event然后给worker进程发送退出的信号SIGQUIT,worker进程接收信号后交给对应的信号处理函数处理,信号函数就是将in_shutdown变量置为1,这样worker进程 在调用fcgi_accept_request进程下一个进程处理时就不接收直接退出了,(注意这里也会有处理时间过长问题),如果进程还没有执行结束也会退出,这样就会出现代码逻辑执行一半的情况,所以要特别注意。从这里可以看出来php-fpm的重启逻辑简单粗暴,(在规定时间内处理完请求,完成不了就不管了),由于php-fpm一个worker进程每次只能处理一个请求,所以不需要计数器之类的,这样就更简单了。

命令:#kill -SIGUSR2 31158  或者  #service php-fpm reload
继续阅读“php-fpm和nginx平滑重启”

slim+nginx请求报 404

请求1  http://www.slim.com 正常

请求2 http://www.slim.com/users 报404

上面两个在路由文件已经配置了,为什么一个成功一个失败呢?

检查:发现请求2没有走到代码里面,感觉时服务器配置问题

网上查了一下时伪静态问题

nginx设置

root        /Users/jackluo/Works/php/rest;

    location / {
        root    /Users/jackluo/Works/php/rest;
        index   index.html index.php;
        try_files $uri $uri/ /index.php?$args;
    }

继续阅读“slim+nginx请求报 404”

nginx初探

nginx应用场景

静态处理

反向代理

负载均衡

资源缓存

安全防护

访问控制

访问认证

下载站点及用户权限认证配置
 1.下载站点配置
          location /down {
                root /usr/share/nginx;
                autoindex on;
                autoindex_localtime on;
                autoindex_exact_size off;
                #访问down目录开启权限认证
                auth_basic "请输入用户名和密码";
                auth_basic_user_file /etc/nginx/auth_conf;#此目录保存的是用户名和密码 
          }
2.
#yum install httpd_tools //安装工具
#htpasswd -b /etc/nginx/auth_conf test 123 //生成用户名为test 密码为123
3.当访问http://xxxxx/down时需要输入上面的用户名和密码

继续阅读“nginx初探”

nginx+php环境下配置ssl证书

1.下载ssl证书

2.把证书上传到服务器(nginx安装目录下新建文件夹/cert/,把证书加压到cert目录)

3.编辑nginx.conf文件

1)新增一个server

      server {
        listen 443 ssl;   #SSL协议访问端口号为443。此处如未添加ssl,可能会造成Nginx无法启动。
        server_name www.stonebaby.net;  #将localhost修改为您证书绑定的域名,例如:www.example.com。
        root /usr/share/nginx/www;
        index index.php index.html index.htm;
        ssl_certificate cert/3879579_www.stonebaby.net.pem;   #将domain name.pem替换成您证书的文件名。
        ssl_certificate_key cert/3879579_www.stonebaby.net.key;   #将domain name.key替换成您证书的密钥文件名。
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;  #使用此加密套件。
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;   #使用该协议进行配置。
        ssl_prefer_server_ciphers on;
        location ~ \.php$ {
         root  /usr/share/nginx/www;   #站点目录。
         index  index.php index.html index.htm;
         fastcgi_pass 127.0.0.1:9000;
         fastcgi_index index.php;
         fastcgi_param SCRIPT_FILENAME /usr/share/nginx/www$fastcgi_script_name;
         include  fastcgi_params;
          }
        }

2)服务器安全组,放开443端口

3)修改原来的80端口server,http重定向到https

server_name localhost;   #将localhost修改为您证书绑定的域名,例如:www.example.com。
rewrite ^(.*)$ https://$host$1 permanent;   #将所有http请求通过rewrite重定向到https。

4.重启服务器

nginx多站点代理配置

user root;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;#引入配置文件

events {
worker_connections 1024;
}

http {
log_format main ‘$remote_addr – $remote_user [$time_local] “$request” ‘
‘$status $body_bytes_sent “$http_referer” ‘
‘”$http_user_agent” “$http_x_forwarded_for”‘;

access_log /var/log/nginx/access.log main;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;

include /etc/nginx/mime.types;
default_type application/octet-stream;

# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;

server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
index index.php index.html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;

# location / {
# }

location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html$fastcgi_script_name;
include fastcgi_params;
}
error_page 404 /404.html;
location = /40x.html {
}

error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}

#server {
#listen 80;
#listen [::]:80;

# server_name www.wordwwwp.com;

# proxy_connect_timeout 300s;
# proxy_send_timeout 300s;
# proxy_read_timeout 300s;
# fastcgi_send_timeout 300s;
# fastcgi_read_timeout 300s;

# location / {
# proxy_pass http://127.0.0.1:8080;
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection ‘upgrade’;
# proxy_set_header Host $host;
# proxy_cache_bypass $http_upgrade;
# try_files $uri $uri/ =404;
# }
#}

upstream wordp {#代理到8080端口
server localhost:8080;
}

server {
listen 80;
server_name www.wordp.com;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://wordp/;#注意点,必须要有最后的‘/’

}
}

upstream bbs {#代理到8081端口
server localhost:8081;
}

server {
listen 80;
server_name www.bbs.com;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://bbs/;#注意点,必须要有最后的‘/’
}
}

# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2 default_server;
# listen [::]:443 ssl http2 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate “/etc/pki/nginx/server.crt”;
# ssl_certificate_key “/etc/pki/nginx/private/server.key”;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers PROFILE=SYSTEM;
# ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location / {
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }

}