4，nginx基础

ubuntu+nginx+php

---

1，安装nginx

sudo apt install php7.2
sudo apt install php7.2-fpm
sudo apt install nginx

2，配置php-fpm

sudo vim /etc/php/7.2/fpm/php.ini 

#  778行 cgi.fix_fathinfo=0

sudo vim /etc/php/7.2/fpm/pool.d/www.conf

#  36行 listen = 127.0.0.1:9000
#  62行 listen.allowed_clients = 127.0.0.1
# 113行 pm.max_children = 50
# 139行 pm.max_requests = 500
# 340行 request_terminate_timeout = 0
# 344行 rlimit_files = 1024

3，nginx配置

sudo vim /etc/nginx/sites-available/default

#  44行 index index.php index.html ……
#  56-63行
location ~ \.php$ {
    root          html;
    fastcgi_pass  127.0.0.1:9000;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME  /var/www/html/$fastcgi_script_name;
    include        fastcgi_params;
}

4，重启服务

service php7.2-fpm restart
service nginx restart

参考资料：https://blog.csdn.net/qq_36290650/article/details/90411807

---

SSL模块

---

这里使用openssl创建自签名证书：

sudo openssl genrsa -out cert.key 2048
sudo openssl req -new -x509 -key cert.key -out cert.pem

Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Chongqing
Locality Name (eg, city) []:Chongqing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:rain
Organizational Unit Name (eg, section) []:rain
Common Name (e.g. server FQDN or YOUR name) []:rainmark
Email Address []:xxx@qq.com

sudo vim /etc/nginx/sites-enabled/default

# HTTPS server

server {
  listen      443 ssl;
  server_name  localhost;
  ssl_certificate      /etc/nginx/cert.pem;
  ssl_certificate_key  /etc/nginx/cert.key;
  ssl_session_cache    shared:SSL:1m;
  ssl_session_timeout  5m;
  ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers  on;

  location / {
    root  html;
    index  index.php index.html index.htm;
  }

  location ~ \.php$ {
    fastcgi_pass  127.0.0.1:9000;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME  /var/www/html/$fastcgi_script_name;
    fastcgi_param  HTTPS on;
    include        fastcgi_params;
  }
}

---

反向代理（负载均衡）

---

nginx支持的负载均衡调度算法方式如下：

weight轮询（默认）：按照顺序逐一分配到不同的后端服务器。可以给不同的服务器设置权重值（weight）；权重数据越大，被分配到请求的几率越大；该权重值，主要针对实际工作环境中不同的服务器硬件配置进行调整的。

ip_hash：按照发起客户端的ip的hash结果进行匹配，这样的算法下一个固定ip地址的客户端总会访问到同一个后端服务器，这也在一定程度上解决了集群部署环境下session共享的问题。

fair：智能调整调度算法，动态的根据后端服务器的请求处理到响应的时间进行均衡分配，响应时间短处理效率高的服务器分配到请求的概率高，响应时间长处理效率低的服务器分配到的请求少；结合了前两者的优点的一种调度算法。但是需要注意的是nginx默认不支持fair算法，如果要使用这种调度算法，请安装upstream_fair模块

url_hash：按照访问的url的hash结果分配请求，每个请求的url会指向后端固定的某个服务器，可以在nginx作为静态服务器的情况下提高缓存效率。同样要注意nginx默认不支持这种调度算法，要使用的话需要安装nginx的hash软件包

例：

upstream backend {
  server backend1.example.com weight=5;
  server backend2.example.com:8080;
  server unix:/tmp/backend3;
}
server {
  location / {
    proxy_pass  http://backend;
  }
}

---

附：个人使用的 /etc/nginx/sites-enabled/default 文件内容

---

##
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#

upstream backend {
  server 192.168.3.33;
  server 192.168.3.34;
}

server {
  listen 80 default_server;
  listen [::]:80 default_server;
  index index.php index.html index.htm index.nginx-debian.html;

  location / {
    proxy_pass  http://backend;
    try_files $uri $uri/ =404;
  }

  location ~ .*\.(js|css|jpg|jpeg|gif|png|ico|pdf|txt)$ {
    proxy_pass  http://backend;
  }

  location ~ \.php$ {
    root          /var/www/html;
    fastcgi_pass  127.0.0.1:9000;
    fastcgi_index  index.php;
    include        fastcgi_params;
  }
}
server {
  listen      443 ssl;
  server_name  localhost;
  ssl_certificate      /etc/nginx/cert.pem;
  ssl_certificate_key  /etc/nginx/cert.key;
  ssl_session_cache    shared:SSL:1m;
  ssl_session_timeout  5m;
  ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers  on;

  location / {
    proxy_pass  http://backend;
    try_files $uri $uri/ =404;
  }

  location ~ .*\.(js|css|jpg|jpeg|gif|png|ico|pdf|txt)$ {
    proxy_pass  http://backend;
  }

  location ~ \.php$ {
    fastcgi_pass  127.0.0.1:9000;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME  /var/www/html/$fastcgi_script_name;
    fastcgi_param  HTTPS on;
    include        fastcgi_params;
  }
}