Para's

Appearance

常用访问工具

xshell

ftp~

sftp

Nginx(web server)5W

Nginx/weibo

openresty/csdn/qq

Tengine/Aserver/taobao

BWS/1.1

GWS/1.1

why not Apache 1w 5w

5w+? ->lvs/硬件

  • 4层与7层/下一跳
  • 硬件/路由/网关/交换机

Why openresty/Tengine

kong

envoy

yum/brew/apt

墙:

https://developer.aliyun.com/mirror/

http://mirrors.ustc.edu.cn/

where

/bin,/sbin(only root),/usr/bin,/usr/sbin

/etc/

whereis nginx (where in windows)

/usr/sbin/nginx

etc/nginx/

how to as a service

systemctl enable nginx

systemctl start nginx

/usr/lib/systemd/system/nginx.service

```systemctl daemon-reload``

ExecStartPre=/usr/bin/rm -f /run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t 
ExecStart=/usr/sbin/nginx  
ExecReload=/usr/sbin/nginx -s reload
ExecStop=/usr/sbin/nginx -s stop
ExecQuit=/usr/sbin/nginx -s quit
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
PrivateTmp=true

config in nginx 

# user  www www;

worker_processes auto;
worker_cpu_affinity auto;

error_log  /alidata/www/wwwlogs/nginx_error.log  crit;

#pid        /usr/local/nginx/logs/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;

events
    {
        use epoll;
        worker_connections 51200;
        multi_accept off;
        accept_mutex off;
    }

http
    {
        include       mime.types;
        default_type  application/octet-stream;

        server_names_hash_bucket_size 128;
        client_header_buffer_size 32k;
        large_client_header_buffers 4 32k;
        client_max_body_size 50m;

        sendfile on;
        sendfile_max_chunk 512k;
        tcp_nopush on;

        keepalive_timeout 60;

        tcp_nodelay on;

        fastcgi_connect_timeout 300;
        fastcgi_send_timeout 300;
        fastcgi_read_timeout 300;
        fastcgi_buffer_size 64k;
        fastcgi_buffers 4 64k;
        fastcgi_busy_buffers_size 128k;
        fastcgi_temp_file_write_size 256k;

        gzip on;
        gzip_min_length  1k;
        gzip_buffers     4 16k;
        gzip_http_version 1.1;
        gzip_comp_level 2;
        gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss;
        gzip_vary on;
        gzip_proxied   expired no-cache no-store private auth;
        gzip_disable   "MSIE [1-6]\.";

        #limit_conn_zone $binary_remote_addr zone=perip:10m;
        ##If enable limit_conn_zone,add "limit_conn perip 10;" to server section.

        server_tokens off;
        access_log off;

server
    {
        listen 80 default_server reuseport;
		listen 443 ssl http2;
		ssl_certificate /etc/letsencrypt/live/hangye.pinming.cn/fullchain.pem;
		ssl_certificate_key /etc/letsencrypt/live/hangye.pinming.cn/privkey.pem;
		ssl_protocols TLSv1.1 TLSv1.2;
		ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
		ssl_prefer_server_ciphers on;
		ssl_session_cache shared:SSL:10m;
		ssl_session_timeout 10m;	
        #listen [::]:80 default_server ipv6only=on;
        server_name _;
        index index.html index.htm index.php;
        root  /alidata/www/wwwroot;

        #error_page   404   /404.html;

        # Deny access to PHP files in specific directory
        #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

        #include enable-php.conf;

        location /nginx_status
        {
            stub_status on;
            access_log   off;
        }
        location /Report/ {
			auth_basic "User Authentication";
			auth_basic_user_file /usr/local/nginx/conf/pass.db;
        }		
        location /java/ {
            proxy_pass     http://127.0.0.1:8080/;
			proxy_redirect default;
            proxy_set_header   X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
	    location /python/ {
            proxy_pass     http://127.0.0.1:5000/;
			proxy_redirect default;
            proxy_set_header   X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }	
	    location /crm/ {
            proxy_pass     http://127.0.0.1:50001/;
			proxy_redirect default;
            proxy_set_header   X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }			
	    location /go/ {
            proxy_pass     http://127.0.0.1:4000/;
			proxy_redirect default;
            proxy_set_header   X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }		
        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }

        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~ /\.
        {
            deny all;
        }

        access_log  /alidata/www/wwwlogs/access.log;
    }
include vhost/*.conf;
}

worker_processes

epoll /linux2.4/2.6

worker_connections

gzip

error_log/access_log

https/ssl/openssl/pem/cert

Why LNMP or Not

数据库Mysql

外部访问

Navicat-Premium

内部部访问

mysql -uroot -p***

数据库迁移

/data

binlog/redis(basave) -> AOF(append of file)

安装by docker

mysql:

console
docker run --name some-mysql -v /alidata/mysql/:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=pinming@1024 -p 3306:3306 -d mysql

如何创建一个远程服务及访问方式 演示一个简单的案例

java

yum install java (openjdk / jdk)

java -jar a.jar

python

​ yum install python3

​ pip install -i https://pypi.tuna.tsinghua.edu.cn/simple

​ pip install gunicorn

​ pip install -r requirements.txt

​ gunicorn crm_flask:app -c guconfig.py

go

​ yum install golang

​ go run main.go

why proxy by nginx?

  • port
  • ajax
    • 前后端分离
    • CDN(OSS自定义域名)

screen & docker

  • muti-app

why docker? 云原生/k8s/CI/CD/jinkins/云函数/

https://docs.github.com/en/actions/examples/using-scripts-to-test-your-code-on-a-runner

微服务(服务发现+服务熔断+负载均衡+身份认证+鉴权)->Service Mesh

Powered by VitePress - 1.4.1