部署Nginx+Apache动静分离（实战！可跟做！）-创新互联

Nginx动静分离介绍

1.Nginx的静态处理能力很强，但是动态处理不足，因此，在企业中常用动静分离技术

2.针对PHP的动静分离

静态页面交给Nginx处理

动态页面交给PHP+FPM模块或Apache处理

3.在Nginx的配置中，是通过location配置段配合正则匹配实现静态与动态页面的不同处理方式

反向代理原理

1.Nginx不仅能作为Web服务器，还具有反向代理、负载均衡和缓存的功能
2.Nginx通过proxy模块实现将客户端的请求代理至，上游服务器，此时nginx与.上游服务器的连接是通过http协议进行的
3.Nginx在实现反向代理功能时的最重要指令为proxy_pass, 它能够并能够根据URI、客户端参数或其它的处理逻辑将用户请求调度至，上游服务器

配置Nginx实现动静分离

1.本案例根据企业需要，将配置Nginx实现动静分离，对php页面的请求转发给LAMP处理，而静态页面交给Nginx处理，以实现动静分离

2.架构如图所示：

配置步骤：

1.配置Nginx处理动态页面请求，在server{};中加入
2.在Apache.工作目录新建test.php
3.重启Nginx并测试

[root@nginx php5]#vim /usr/local/httpd/conf/nginx.conf
  server {
  .....
  location ~ \.php$ {
        proxy_pass http://192.168.9.237:8080;
......                                          //LAMP的IP地址

Demo：

环境准备：两台CentOS 7，其中7-3做为lamp，7-4做为nginx

第一步：安装httpd

[root@localhost ~]# yum install httpd httpd-devel -y
[root@localhost ~]# firewall-cmd --permanent --zone=public --add-service=http
success
[root@localhost ~]# firewall-cmd --permanent --zone=public --add-service=https
success
[root@localhost ~]# firewall-cmd --reload
success
[root@localhost ~]# systemctl start httpd

第二步：安装mariadb数据库（快捷轻量化的数据库）

[root@lamp ~]# yum install mariadb mariadb-server mariadb-libs mariadb-devel -y
[root@lamp ~]# systemctl start mariadb
[root@lamp ~]# systemctl start mariadb
[root@lamp ~]# netstat -ntap | grep 3306
tcp        0      0 0.0.0.0:3306            0.0.0.0:*       LISTEN      16836/mysqld    
[root@lamp ~]# mysql_secure_installation                //对数据库进行设置
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):       //给root管理员设定密码，直接回车  
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y      //是否设置，选择yes
New password:       //输入新密码
Re-enter new password:      //重复输入新密码
Password updated successfully!
Reloading privilege tables..
 ... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] n     //是否删除匿名用户，选择no
 ... skipping.
Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] n       //是否拒绝root用户远程登陆，选择no
 ... skipping.
By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] n      //是否删除测试数据库，选择no
 ... skipping.
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y        //是否加载权限列表，选择yes
 ... Success!
Cleaning up...
All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!

第三步：安装php

[root@lamp ~]# yum install php -y 
[root@lamp ~]# yum install php-mysql -y
[root@lamp ~]# yum install -y php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-soap curl curl-devel php-bcmath
[root@lamp ~]# cd /var/www/html/
[root@lamp html]# ls
[root@lamp html]# vim index.php

输入:wq保存退出
[root@lamp html]# systemctl restart httpd.service

这时在宿主机的浏览器中输入地址：http://192.168.18.128/index.php，就可以访问到lamp的php主页

测试准备：

[root@lamp html]# vim index.php

输入:wq保存退出

此时 http://192.168.18.128/index.php 这个地址上显示的内容如下：

Nginx上的操作：

[root@nginx ~]# mkdir /aaa
[root@nginx ~]# mount.cifs //192.168.10.193/rpm /aaa
Password for root@//192.168.10.193/rpm:  
[root@nginx ~]# cd /aaa
[root@nginx aaa]# ls
apr-1.6.2.tar.gz                  error.png                  nginx-1.12.2.tar.gz
apr-util-1.6.0.tar.gz             httpd-2.4.29.tar.bz2       php-7.1.10.tar.bz2
awstats-7.6.tar.gz                lf.jpg                     php-7.1.20.tar.gz
cronolog-1.6.2-14.el7.x86_64.rpm  mysql-5.6.26.tar.gz
Discuz_X3.4_SC_UTF8.zip           mysql-boost-5.7.20.tar.gz
[root@nginx aaa]# tar zxvf nginx-1.12.2.tar.gz -C /opt/ 
[root@nginx aaa]# cd /opt
[root@nginx opt]# ls
nginx-1.12.2  rh
[root@nginx opt]# cd nginx-1.12.2/
[root@nginx nginx-1.12.2]# useradd -M -s /sbin/nologin nginx
[root@nginx nginx-1.12.2]# yum install gcc gcc-c++ pcre-devel zlib-devel -y
[root@nginx nginx-1.12.2]# ./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-http_stub_status_module
[root@nginx nginx-1.12.2]# make && make install
[root@nginx nginx-1.12.2]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
[root@nginx nginx-1.12.2]# vim /etc/init.d/nginx
#!/bin/bash
# chkconfig: - 99 20
# description: Nginx Service Control Script
PROG="/usr/local/nginx/sbin/nginx"
PIDF="/usr/local/nginx/logs/nginx.pid"
case "$1" in
  start)
    $PROG
    ;;
  stop)
    kill -s QUIT $(cat $PIDF)
    ;;  
  restart)
    $0 stop
    $0 start
    ;;  
  reload)
    kill -s HUP $(cat $PIDF)
    ;;  
  *)    
        echo "Usage: $0 {start|stop|restart|reload}"
        exit 1  
esac            
exit 0
输入:wq保存退出
[root@nginx nginx-1.12.2]# chmod +x /etc/init.d/nginx 
[root@nginx nginx-1.12.2]# chkconfig --add nginx
[root@nginx nginx-1.12.2]# yum install elinks -y
[root@nginx nginx-1.12.2]# service nginx start
[root@nginx nginx-1.12.2]# netstat -ntap | grep 80
tcp        0      0 0.0.0.0:80        0.0.0.0:*          LISTEN      42028/nginx: master 
[root@nginx nginx-1.12.2]# systemctl stop firewalld.service 
[root@nginx nginx-1.12.2]# setenforce 0
root@nginx nginx-1.12.2]# elinks http://192.168.18.136/

此时得到如下界面，可按q，选择yes，回车退出

此时在宿主机输入：http://192.168.18.136/index.html 这个网址，会得到以下界面

此时如果输入：http://192.168.18.136/index.php 则无法处理，得到如下界面：

第四步：做转发处理：

[root@nginx nginx-1.12.2]# vim /usr/local/nginx/conf/nginx.conf
location ~ \.php$ {
            proxy_pass   http://192.168.18.128;
        }
#以上内容意思为：动态请求转交给谁去处理
#我们找到以上内容将前面的注释去掉，并将其中的IP地址改为另外一台7-3的地址
输入:wq保存退出
[root@nginx nginx-1.12.2]# service nginx stop
[root@nginx nginx-1.12.2]# service nginx start

此时输入：http://192.168.18.136/index.php 这个网址可以得到如下界面：

因为此处交给Apache去处理php的请求

结论：后缀为html就是静态元素，后缀为php就是动态元素，地址是不用改变的，因为我们在其中做了转发处理！动静分离实验成功！

另外有需要云服务器可以了解下创新互联cdcxhl.cn，海内外云服务器15元起步，三天无理由+7*72小时售后在线，公司持有idc许可证，提供“云服务器、裸金属服务器、高防服务器、香港服务器、美国服务器、虚拟主机、免备案服务器”等云主机租用服务以及企业上云的综合解决方案，具有“安全稳定、简单易用、服务可用性高、性价比高”等特点与优势，专为企业上云打造定制，能够满足用户丰富、多元化的应用场景需求。