1、简述CGI与FASTCGI区别
CGI和FastCGI都是为了让Web服务器能够将代码交给解释器运行:
CGI方式,web服务器会fork一个新的子进程来运行外部的解释器,动态资源交给子进程处理完毕后,将处理完的数据返回给web服务器,这个子进程也随之退出,如果用户下次还请求动态脚本,WEB服务器需要fork一个新的进程再次处理;
而FastCGI则不属于HTTPD子进程的单独程序,开启后会持续等待并处理请求,当web服务器收到请求动态脚本时,WEB服务器将内容传递给fastcgi单独的进程,这个进程可以通过UDS方式将数据交给本机的解释器处理代码,也可以通过tcp封装后交给远端的服务器处理,处理完毕后进程也不会退出,而是持续监听新的动态资源请求;
2、 编译安装基于fastcgi模式的多虚拟主机的wordpress和discuz的LAMP架构
执行环境:基于key验证的SSH已配置;inventory包含[localhost] [websrv] [mysql]三个组;两台虚拟机,控制器IP:192.168.11.3(localhost);被控主机:192.168.11.7(同时属于websrv和mysql);
[root@centos8-1 ansible]# cat inventory
[localhost]
192.168.11.3
[websrv]
192.168.11.7
[mysql]
192.168.11.7
[root@centos8-1 ansible]# cat ansible.cfg
[defaults]
inventory = inventory
remote_user = root
host_key_checking = false
module_name = shell
如果IP地址不一样的话,只需要修改phpfpm_ip变量的值即可。
其他yum环境等都是标配
下面三个包最好自己下载放到/root/下面,因为get_url总可能因为各种原因下载失败,wordpress不用管下载的包名。
目前测试下来可以一次过,执行完毕后windows配置hosts文件可以直接安装:
https://cn.wordpress.org/latest-zh_CN.tar.gz
https://github.com/kkos/oniguruma/archive/v6.9.4.tar.gz
https://www.php.net/distributions/php-7.4.27.tar.xz
http://download.comsenz.com/DiscuzX/3.3/Discuz_X3.3_SC_UTF8.zip
discuz 3.3版本的需要使用5.7版本的mysql,否则discuz安装是sql语句会执行失败。
没有加上PHP加速,实在写不动了
---
- hosts: all
vars:
- phpfpm_ip: 192.168.11.3
- httpdfile: httpd-2.4.52
- aprfile: apr-1.7.0
- aprutilfile: apr-util-1.6.1
- mysqlfile: mysql-5.7.35-linux-glibc2.12-x86_64.tar.gz
- mysqlpath: mysql-5.7.35-linux-glibc2.12-x86_64
- mysqlversion: MySQL-5.7
- apppath: /usr/local
- apache_path: /data/httpd24
- apachefile: /data/httpd24/conf/httpd.conf
- oniguruma_url: https://github.com/kkos/oniguruma/archive/v6.9.4.tar.gz
- oniguruma: oniguruma-6.9.4
- oniguruma_file: /usr/lib64/pkgconfig/oniguruma.pc
- phpsource: php-7.4.27
- phppath: /data/php74
- php_file: "/data/php74/var/run/php-fpm.pid"
- wp_url: https://cn.wordpress.org/latest-zh_CN.tar.gz
- wp_name: latest-zh_CN.tar.gz
- discuz_url: http://download.comsenz.com/DiscuzX/3.3/Discuz_X3.3_SC_UTF8.zip
- discuz_name: Discuz_X3.3_SC_UTF8.zip
vars_prompt:
name: lisenallowedclients
prompt: "你希望通过哪台主机连接php-fpm?(请输入IP地址,如:192.168.11.7)"
private: no
tasks:
- name: 控制主机集中下载软件(mysql不是集中下载,懒得改了),然后分发到被控主机,同时节约机器,控制主机作为php-fpm server
block:
- shell: setenforce 0
ignore_errors: true
- service: name=firewalld state=stopped enabled=no
- replace: path=/etc/selinux/config regexp="^(SELINUX=).*" replace="\1disabled" backup=yes
- name: 文件下载
block:
- shell: ls -1 /root/
register: lsroot
ignore_errors: yes
- get_url: url="https://mirror.tuna.tsinghua.edu.cn/apache/httpd/{{httpdfile}}.tar.bz2" dest=/root/ validate_certs=false
when: "(httpdfile + '.tar.bz2') not in lsroot.stdout_lines"
- get_url: url="https://mirror.tuna.tsinghua.edu.cn/apache/apr/{{aprfile}}.tar.bz2" dest=/root/ validate_certs=false
when: "(aprfile + '.tar.bz2') not in lsroot.stdout_lines"
- get_url: url="https://mirror.tuna.tsinghua.edu.cn/apache/apr/{{aprutilfile}}.tar.bz2" dest=/root/ validate_certs=false
when: "(aprutilfile + '.tar.bz2') not in lsroot.stdout_lines"
- get_url: url="{{oniguruma_url}}" dest="/root/{{oniguruma}}.tar.gz"
when: "(oniguruma + '.tar.gz') not in lsroot.stdout_lines"
- get_url: url="https://www.php.net/distributions/{{phpsource}}.tar.xz" validate_certs=false dest=/root/
when: "(phpsource + '.tar.xz') not in lsroot.stdout_lines"
- name: 下载wordpress
get_url: url="{{wp_url}}" validate_certs=false dest=/root/latest-zh_CN.tar.gz
when: "wp_name not in lsroot.stdout_lines"
- shell: mv wordpress* latest-zh_CN.tar.gz
ignore_errors: true
- name: 下载discuz
get_url: url="{{discuz_url}}" validate_certs=false dest=/root/
when: "discuz_name not in lsroot.stdout_lines"
- name: oniguruma编译安装
block:
- unarchive: src=/root/{{oniguruma}}.tar.gz dest=/root/ copy=no
- yum: name="gcc,openssl-devel,libxml2-devel,bzip2-devel,libmcrypt-devel,sqlite-devel,autoconf,automake,libtool" state=latest
- wait_for: path=/root/{{oniguruma}}/autogen.sh state=present
- shell: chdir=/root/{{oniguruma}} ./autogen.sh && ./configure --prefix=/usr
register: onigurumaconfig
- shell: chdir=/root/{{oniguruma}} make -j 2 && make install
when: onigurumaconfig.rc == 0
when: "oniguruma_file is not exists"
- name: php-fpm编译安装
block:
- unarchive: src=/root/{{phpsource}}.tar.xz dest=/root/ copy=no
- wait_for: path=/root/{{phpsource}} state=present
- shell: chdir=/root/{{phpsource}} ./configure --prefix={{phppath}} --enable-mysqlnd --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-openssl --with-zlib --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --enable-mbstring --enable-xml --enable-sockets --enable-fpm --enable-maintainer-zts --disable-fileinfo
register: phpconfig
- shell: chdir=/root/{{phpsource}} make -j 2 && make install
when: phpconfig.rc == 0
- wait_for: path="{{phppath}}" state=present
- name: 添加man帮助
lineinfile: path=/etc/man_db.conf insertafter="^MANDATORY_MANPATH" line="MANDATORY_MANPATH {{phppath}}/php/man"
- block:
- copy: src={{phppath}}/{{item.k}} dest={{phppath}}/{{item.v}} remote_src=yes
loop:
- {k: etc/php-fpm.conf.default, v: etc/php-fpm.conf}
- {k: etc/php-fpm.d/www.conf.default, v: etc/php-fpm.d/www.conf}
- name: 修改php-fpm.conf文件
lineinfile: path={{phppath}}/etc/php-fpm.conf regexp="{{item.k}}" line="{{item.v}}" backrefs=true
loop:
- {k: ^;pid(.*)$, v: pid\1 }
- {k: ^;error_log(.*)$, v: error_log\1}
- name: 修改www.conf文件
lineinfile: path={{phppath}}/etc/php-fpm.d/www.conf regexp="{{item.k}}" line="{{item.v}}" backrefs=true
loop:
- {k: ^user = nobody, v: user = apache}
- {k: ^group = nobody, v: group = apache}
- {k: ^listen.*, v: listen = 9000}
- {k: ^;listen\.allowed_clients.*, v: "listen.allowed_clients = {{lisenallowedclients}}"}
- {k: ^;pm.status_path(.*), v: pm.status_path\1}
- {k: ^;ping.path(.*), v: ping.path\1}
- {k: ^;ping.response(.*), v: ping.response\1}
- {k: ^;access.log(.*), v: access.log = /data/php74/var/log/access.log}
- {k: ^;access.format(.*), v: access.format\1}
- {k: "php_value[session.save_handler].*", v: "php_value[session.save_handler] = files"}
- name: no matching line has to use "insertafter" option
lineinfile: path={{phppath}}/etc/php-fpm.d/www.conf insertafter="{{item.k}}" line="{{item.v}}"
loop:
- {k: "php_value[session.save_path].*", v: "php_value[session.save_path] = /data/php74/log/session"}
tags: phpconfigfile
when: "php_file is not exists"
- block:
- copy:
content: |
# It's not recommended to modify this file in-place, because it
# will be overwritten during upgrades. If you want to customize,
# the best way is to use the "systemctl edit" command
[Unit]
Description=The PHP FastCGI Process Manager
After=syslog.target network.target
[Service]
Type=forking
ExecStart=/data/php74/sbin/php-fpm --daemonize
ExecReload=/bin/kill -USR2 $MAINPID
PrivateTmp=tru
[Install]
WantedBy=multi-user.target
dest: /usr/lib/systemd/system/php74-php-fpm.service
mode: u+x
- shell: systemctl daemon-reload
- shell: id apache
register: apacheid
ignore_errors: true
- block:
- group: name=apache gid=992 system=yes state=present
- user: name=apache system=yes uid=995 group=apache state=present shell=/sbin/nologin
when: apacheid.rc != 0
- service: name=php74-php-fpm.service state=restarted enabled=yes
tags: phpservicefile
when: "'localhost' in group_names"
tags: phpfpminstall
- name: 安装Apache
stat: path="/data/httpd24/logs/httpd.pid"
register: apachepid
when: "'websrv' in group_names"
- debug:
msg: "{{apachepid.stat.exists}}"
when: "'websrv' in group_names"
- block:
- shell: setenforce 0
ignore_errors: true
- service: name=firewalld state=stopped enabled=no
- replace: path=/etc/selinux/config regexp="^(SELINUX=).*" replace="\1disabled" backup=yes
- yum: name="bzip2,gcc,make,pcre-devel,openssl-devel,expat-devel" state=latest
- file: dest={{apache_path}} state=directory
- unarchive: src=/root/{{ item }} dest=/root/ copy=yes
loop:
- "{{httpdfile}}.tar.bz2"
- "{{aprfile}}.tar.bz2"
- "{{aprutilfile}}.tar.bz2"
- shell: ls -1 /root/{{httpdfile}}/srclib
register: lssrclib
ignore_errors: yes
- shell: mv /root/{{aprfile}} /root/{{httpdfile}}/srclib/apr
when: "'apr' not in lssrclib.stdout_lines"
- shell: mv /root/{{aprutilfile}} /root/{{httpdfile}}/srclib/apr-util
when: "'apr-util' not in lssrclib.stdout_lines"
- wait_for: path=/root/{{httpdfile}}/srclib/apr-util state=present
- wait_for: path=/root/{{httpdfile}}/srclib/apr state=present
- shell: chdir=/root/{{httpdfile}} ./configure --prefix={{apache_path}} --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-included-apr --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork
- shell: chdir=/root/{{httpdfile}} make -j 2 && make install
register: configurehttpd
- fail: msg="httpd compilation fail!"
when: configurehttpd.rc != 0
- shell: id apache
register: apacheid
ignore_errors: true
- block:
- group: name=apache system=yes state=present
- user: name=apache system=yes group=apache state=present shell=/sbin/nologin
when: apacheid.rc != 0
- shell: ls -1 {{apache_path}}/conf/httpd.conf
register: httpdconf
ignore_errors: yes
- fail: msg="File not found!"
when: httpdconf.rc != 0
- block:
- replace: path={{apache_path}}/conf/httpd.conf regexp="^(User).*" replace="\1 apache"
- replace: path={{apache_path}}/conf/httpd.conf regexp="^(Group).*" replace="\1 apache"
- shell: grep -iE "^user|^group" {{apache_path}}/conf/httpd.conf
register: grepug
ignore_errors: true
- debug:
msg: "{{grepug.stdout}}"
- copy: content="PATH={{apache_path}}/bin:$PATH" dest=/etc/profile.d/httpd.sh
- name: activate PATH_varia
shell: source /etc/profile.d/httpd.sh
- shell: echo $PATH
register: pathvari
- debug:
msg: "{{ pathvari.stdout }}"
- name: insert httpd to mandb
lineinfile: path=/etc/man_db.conf insertafter='^MANDATORY_MANPATH' line='MANDATORY_MANPATH {{apache_path}}/man'
- shell: mandb
- name: set auto start
lineinfile: path=/etc/rc.d/rc.local insertafter=EOF line="{{apache_path}}/bin/apachectl start" mode=u+x
- file: dest=/usr/lib/systemd/system/httpd24.service state=touch force=yes
- copy:
content: |
[Unit]
Description=The Apache HTTP Server
After=network.target remote-fs.target nss-lookup.target
Documentation=man:httpd(8)
Documentation=man:apachectl(8)
[Service]
Type=forking
#EnvironmentFile=/etc/sysconfig/httpd
ExecStart={{apache_path}}/bin/apachectl start
#ExecStart={{apache_path}}/bin/httpd $OPTIONS -k start
ExecReload={{apache_path}}/bin/apachectl graceful
#ExecReload={{apache_path}}/bin/httpd $OPTIONS -k graceful
ExecStop={{apache_path}}/bin/apachectl stop
KillSignal=SIGCONT
PrivateTmp=true
[Install]
WantedBy=multi-user.target
dest: /usr/lib/systemd/system/httpd24.service
- service: name=httpd24 state=started enabled=yes
tags: sstart
- block:
- replace: path={{apache_path}}/conf/httpd.conf regexp="^(DocumentRoot).*" replace="\1 "/var/www/html""
- lineinfile: path={{apache_path}}/conf/httpd.conf insertafter=EOF line="IncludeOptional conf.d/*.conf"
- file: path={{item}} state=directory recurse=yes
loop:
- "{{apache_path}}/conf.d"
- /var/www/html
- file: path={{apache_path}}/conf.d/myhttp.conf state=touch
- copy:
content: |
<Directory "/var/www/html">
AllowOverride None
Require all granted
</Directory>
dest: "{{apache_path}}/conf.d/myhttp.conf"
- template:
src: index.html.j2
dest: /var/www/html/index.html
force: yes
ignore_errors: yes
- service: name=httpd24 state=restarted enabled=yes
tags: configblock
when: "'websrv' in group_names"
- name: 安装mysql
stat: path="/data/mysql/{{ansible_hostname}}.pid"
register: p
when: "'mysql' in group_names"
- debug:
msg: "{{p.stat.exists}}"
when: "'mysql' in group_names"
- block:
- service:
name: firewalld
state: stopped
enabled: no
- shell: sed -r -i.bak 's/(^SELINUX=).*/\1disabled/g' /etc/selinux/config
- shell: setenforce 0
ignore_errors: true
- yum: name="libaio,numactl-libs" state=present
- shell: id mysql
register: mysqlid
ignore_errors: true
- block:
- group: name=mysql gid=306 system=yes state=present
- user: name=mysql system=yes uid=306 group=mysql state=present home=/data/mysql shell=/bin/false
when: mysqlid.rc != 0
- shell: ls -1 /root/{{ mysqlfile }}
register: mysqllsinfo
ignore_errors: true
- get_url: url="http://mirrors.163.com/mysql/Downloads/{{mysqlversion}}/{{mysqlfile}}" dest=/root/
when: mysqllsinfo.rc != 0
- file: dest=/data/mysql state=directory owner=mysql group=mysql
- shell: ls -1 {{apppath}}/{{mysqlpath}}
register: checkmysqlpath
ignore_errors: true
- unarchive: src=/root/{{ mysqlfile }} dest={{apppath}} copy=no
when: checkmysqlpath.rc != 0
- file: dest={{ apppath }}/mysql src={{ apppath }}/{{ mysqlpath }} state=link
- file: dest={{apppath}}/mysql/ state=directory owner=root group=root recurse=yes
- file: dest="{{ item.name }}" state="{{ item.state }}"
loop:
- { name: '/etc/my.cnf', state: 'touch' }
- { name: '/etc/my.cnf.d', state: 'directory' }
- wait_for: path=/etc/my.cnf state=present
- wait_for: path=/etc/my.cnf.d state=present
- copy:
content: |
[mysqld]
datadir = /data/mysql
innodb_file_per_table = on
skip_name_resolve = on
[client]
!includedir /etc/my.cnf.d
dest: /etc/my.cnf
- shell: ls -1a /data/mysql
register: checkdatadirectory
- shell: rm -rf /data/mysql/*
when: checkdatadirectory["stdout_lines"] | length > 2
- shell: "{{apppath}}/mysql/bin/mysqld --initialize-insecure --user=mysql --datadir=/data/mysql"
register: initsql
- debug:
msg: "mysql database initialize Successed!"
when: initsql.rc == 0
- shell: echo 'PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
- name: activate PATH_varia
shell: source /etc/profile.d/mysql.sh
- shell: echo $PATH
register: pathvari
- debug:
msg: "{{ pathvari.stdout }}"
- copy: src={{apppath}}/mysql/support-files/mysql.server dest=/etc/init.d/mysqld remote_src=yes mode=u+x
- shell: chkconfig --add mysqld
- shell: chkconfig mysqld on
- service: name=mysqld state=restarted enabled=yes
when: "'mysql' in group_names"
- name: 服务相关配置
block:
- file: dest=/data/php state=directory owner=apache group=apache
- file: dest=/data/php74 owner=apache group=apache recurse=yes
when: "'localhost' in group_names"
- file: dest=/data/httpd24 owner=apache group=apache recurse=yes
when: "'websrv' in group_names"
when: 'group_names | intersect(["localhost","websrv"])'
tags: servicefilecreate
- block:
- name: modify httpd.conf
lineinfile: path={{apache_path}}/conf/httpd.conf regexp="{{item.k}}" line="{{item.v}}" backrefs=true
loop:
- {k: ^#LoadModule proxy_module modules/mod_proxy.so, v: LoadModule proxy_module modules/mod_proxy.so}
- {k: ^#LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so, v: LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so}
- {k: "(\\s+DirectoryIndex).*", v: \1 index.php}
- file: dest=/data/httpd24/conf.d/fcgi.conf state=touch owner=apache group=apache
- block:
- copy:
content: |
ProxyRequests Off
AddType application/x-httpd-php .php
<virtualhost *:80>
servername blog.mxx.com
documentroot /data/php/blog
CustomLog {{apache_path}}/logs/blog_access.log combined
<directory /data/php/blog>
require all granted
AllowOverride None
</directory>
ProxyPassMatch ^/(.*\.php)$ fcgi://{{phpfpm_ip}}:9000/data/php/blog/$1
ProxyPassMatch ^/(status|ping)$ fcgi://{{phpfpm_ip}}:9000/$1
</virtualhost>
<virtualhost *:80>
servername discuz.mxx.com
documentroot /data/php/discuz
CustomLog {{apache_path}}/logs/discuz_access.log combined
<directory /data/php/discuz>
require all granted
AllowOverride None
</directory>
ProxyPassMatch ^/(.*\.php)$ fcgi://{{phpfpm_ip}}:9000/data/php/discuz/$1
</virtualhost>
dest: /data/httpd24/conf.d/fcgi.conf
force: yes
- service: name=httpd24 state=restarted
tags: fastcgi
when: "'websrv' in group_names"
tags: apachefastcgi
- name: 安装wordpress
block:
- unarchive: src=/root/latest-zh_CN.tar.gz dest=/root/ owner=apache group=apache
when: 'group_names | intersect(["localhost","websrv"])'
- shell: cp -a /root/wordpress /data/php/blog
when: "'localhost' in group_names"
- shell: cp -a /root/wordpress /data/php/blog
when: "'websrv' in group_names"
- name: 创建远程账户和数据库
block:
- shell: mysql -e "select user,host from mysql.user where host='%';"
register: mysqlaccount
ignore_errors: true
- block:
- shell: mysql -e "create user if not exists root@'%' identified by 'root';grant all on *.* to root@'%';"
- shell: mysql -e "create database if not exists wordpress;"
when: "'mysql' in group_names"
tags: createsqlaccount
tags: wordpressinstall
- name: 安装discuz
block:
- copy: src=/root/{{discuz_name}} dest=/root/
- yum: name=zip state=present
- unarchive: src=/root/{{discuz_name}} dest=/root/ owner=apache group=apache
#- shell: "unzip {{discuz_name}}"
- shell: cp -a /root/upload /data/php/discuz
- file: dest=/data/php/discuz state=directory owner=apache group=apache recurse=true
- name: 创建远程账户和数据库
block:
- shell: mysql -e "create user if not exists root@'%' identified by 'root';grant all on *.* to root@'%';"
- shell: mysql -e "create database if not exists discuz;"
when: "'mysql' in group_names"
tags: createsqlaccount2
tags: discuzinstall
windows中设置hosts文件来模拟DNS解析:
192.168.11.7 blog.mxx.com discuz.mxx.com log.mxx.com
执行结果
image.png
wordpress可以正常显示,如果不是php动态生成的资源的话:
image.png
因为我把php-fpm和httpd放在了不同主机,但discuz安装后的css是动态生成的,结果会生成到php-fpm服务器的discuz/data/cache目录中,而httpd服务器因为没这个资源,结果请求时访问不到,导致首页不正常,目前想到的方式是通过NFS挂载看看是否可以解决,但这章还没学完,所以之后再来处理。
image.png
3、通过loganalyzer展示数据库中的日志
image.png
