tengine & waf:
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
cd /etc/yum.repos.d/
wget http://mirrors.163.com/.help/CentOS6-Base-163.repo
mv CentOS6-Base-163.repo CentOS-Base.repo
yum makecache
yum -y update
cd /etc/pki/rpm-gpg/
wget http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-6
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
cd ~
yum install -y readline-devel pcre-devel openssl-devel
yum install -y gcc
unzip ngx.zip
cd ngx
chmod -R +x *
yum install pcre-devel
yum install zlib zlib-devel
yum install openssl openssl-devel
./configure --prefix=/usr/local/nginx --with-luajit --with-http_stub_status_module --with-pcre --with-pcre-jit --without-http_redis2_module --with-http_iconv_module
gmake && gmake install
ln -s /usr/local/nginx/ /usr/local/nginx
测试openresty安装
# vim /usr/local/nginx/nginx/conf/nginx.conf
server {
location /hello {
default_type text/html;
content_by_lua_block {
ngx.say("HelloWorld")
}
}
}
# /usr/local/nginx/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/nginx/conf/nginx.conf test is successful
# /usr/local/nginx/nginx/sbin/nginx
Hello World
# curl http://127.0.0.1/hello
HelloWorld
waf 部署测试:
上传lua编写的waf到conf目录
#cp -a ./waf/waf /usr/local/nginx/nginx/conf/
修改Nginx的配置文件,加入以下配置。注意路径,同时WAF日志默认存放在/tmp/日期_waf.log
在nginx.conf的http段添加
lua_shared_dict limit 50m;
lua_package_path "/usr/local/nginx/nginx/conf/waf/?.lua";
init_by_lua_file "/usr/local/nginx/nginx/conf/waf/init.lua";
access_by_lua_file "/usr/local/nginx/nginx/conf/waf/access.lua";
配置nginx支持php
# vim /usr/local/nginx/nginx/conf/nginx.conf
'''
修改nginx运行账号为:nginx组的nginx用户----这段是注释
user nginx nginx;
'''
vi /etc/nginx/conf.d/default.conf
#增加index.php
index index.php index.html index.htm;
取消FastCGI server部分location的注释,并要注意fastcgi_param行的参数,改为$document_root$fastcgi_script_name,或者使用绝对路径
# /usr/local/nginx/nginx/sbin/nginx -t
# /usr/local/nginx/nginx/sbin/nginx
yum -y install zlib zlib-devel
yum install -y php php-mysql php-gd libjpeg* php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-mcrypt php-bcmath php-mhash libmcrypt libmcrypt-devel php-fpm
#启动php-fpm
/etc/rc.d/init.d/php-fpm start
设置自动启动
chkconfig php-fpm on
在/usr/local/nginx/nginx/html目录编写:
vim index.php
<?php
phpinfo();
?>
#/usr/local/nginx/nginx/sbin/nginx -s reload
测试访问:http://waf.com/index.php?id=../../../../etc/passwd
提示有网站防火墙,则成功!
设置nginx开机启动:
vi /etc/init.d/nginx (输入下面的代码)
#!/bin/bash
# nginx Startup script for the Nginx HTTP Server
# it is v.0.0.2 version.
# chkconfig: - 85 15
# description: Nginx is a high-performance web and proxy server.
# It has a lot of features, but it's not for everyone.
# processname: nginx
# pidfile: /var/run/nginx.pid
# config: /usr/local/nginx/conf/nginx.conf
nginxd=/usr/local/nginx/nginx/sbin/nginx
nginx_config=/usr/local/nginx/nginx/conf/nginx.conf
nginx_pid=/var/run/nginx.pid
RETVAL=0
prog="nginx"
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -x $nginxd ] || exit 0
# Start nginx daemons functions.
start() {
if [ -e $nginx_pid ];then
echo "nginx already running...."
exit 1
fi
echo -n $"Starting $prog: "
daemon $nginxd -c ${nginx_config}
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch /var/lock/subsys/nginx
return $RETVAL
}
# Stop nginx daemons functions.
stop() {
echo -n $"Stopping $prog: "
killproc $nginxd
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f /var/lock/subsys/nginx /var/run/nginx.pid
}
# reload nginx service functions.
reload() {
echo -n $"Reloading $prog: "
#kill -HUP `cat ${nginx_pid}`
killproc $nginxd -HUP
RETVAL=$?
echo
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
stop
start
;;
status)
status $prog
RETVAL=$?
;;
*)
echo $"Usage: $prog {start|stop|restart|reload|status|help}"
exit 1
esac
exit $RETVAL
chmod a+x /etc/init.d/nginx (a+x ==> all user can execute 所有用户可执行)
vi /etc/rc.local
加入一行 /etc/init.d/nginx start 保存并退出,下次重启会生效。
安装java+kafka:
下载java1.7,然后解压
tar zxvf jdk-7u25-linux-x64.tar.gz
mv jdk1.7.0_25 /usr/local/java
vim /etc/profile
export JAVA_HOME=/usr/local/java/
export JRE_HOME=$JAVA_HOME/jre/
export CLASSPATH=.:$JAVA_HOME/lib:$JRE_HOME/lib
export PATH=$JAVA_HOME/bin:$PATH
source /etc/profile
java --version
wget https://github.com/doujiang24/lua-resty-kafka/archive/master.zip
unzip master.zip
wget http://archive.apache.org/dist/kafka/0.8.2.1/kafka_2.11-0.8.2.1.tgz
注意,kafka_2.11-0.8.2.1.tgz版本是已经编译好的版本,解压就能使用。
tar -xzvf kafka_2.11-0.8.2.1.tgz #解压
mv kafka_2.11-0.8.2.1 /usr/local/kafka #移动到安装目录
2、配置kafka
mkdir /usr/local/kafka/log/kafka #创建kafka日志目录
cd /usr/local/kafka/config #进入配置目录
vi server.properties #编辑修改相应的参数
broker.id=0
port=9092 #端口号
host.name=192.168.0.11 #服务器IP地址,修改为自己的服务器IP
log.dirs=/usr/local/kafka/log/kafka #日志存放路径,上面创建的目录
zookeeper.connect=localhost:2181 #zookeeper地址和端口,单机配置部署,localhost:2181
:wq! #保存退出
3、配置zookeeper
mkdir /usr/local/kafka/zookeeper #创建zookeeper目录
mkdir /usr/local/kafka/log/zookeeper #创建zookeeper日志目录
cd /usr/local/kafka/config #进入配置目录
vi zookeeper.properties #编辑修改相应的参数
dataDir=/usr/local/kafka/zookeeper #zookeeper数据目录
dataLogDir=/usr/local/kafka/log/zookeeper #zookeeper日志目录
clientPort=2181
maxClientCnxns=100
tickTime=2000
initLimit=10
syncLimit=5
:wq! #保存退出
四、创建启动、关闭kafka脚本
cd /usr/local/kafka
#创建启动脚本
vi kafkastart.sh #编辑,添加以下代码
#!/bin/sh
#启动zookeeper
/usr/local/kafka/bin/zookeeper-server-start.sh /usr/local/kafka/config/zookeeper.properties &
sleep 3 #等3秒后执行
#启动kafka
/usr/local/kafka/bin/kafka-server-start.sh /usr/local/kafka/config/server.properties &
:wq! #保存退出
#创建关闭脚本
vi kafkastop.sh #编辑,添加以下代码
#!/bin/sh
#关闭zookeeper
/usr/local/kafka/bin/zookeeper-server-stop.sh /usr/local/kafka/config/zookeeper.properties &
sleep 3 #等3秒后执行
#关闭kafka
/usr/local/kafka/bin/kafka-server-stop.sh /usr/local/kafka/config/server.properties &
:wq! #保存退出
#添加脚本执行权限
chmod +x kafkastart.sh
chmod +x kafkastop.sh
五、设置脚本开机自动执行
vi /etc/rc.d/rc.local #编辑,在最后添加一行
sh /usr/local/kafka/kafkastart.sh & #设置开机自动在后台运行脚本
:wq! #保存退出
sh /usr/local/kafka/kafkastart.sh #启动kafka
sh /usr/local/kafka/kafkastop.sh #关闭kafka
至此,Linux下Kafka单机安装配置完成。
扩展阅读:
Kafka创建topic
/usr/local/kafka/bin/kafka-topics.sh --create --zookeeper localhost:2181 --replication-factor 1 --partitions 1 --topic test
最简单的使用方式是从Github上下载一个最新的KafkaOffsetMonitor-assembly-0.2.1.jar,上传到某服务器上,然后执行一句命令就可以运行起来。
java -cp KafkaOffsetMonitor-assembly-0.2.0.jar com.quantifind.kafka.offsetapp.OffsetGetterWeb --zk m000:2181,m001:2181,m002:2181 --port 8088 --refresh 10.seconds --retain 2.days
在消费kafka的时候需要配置hosts信息主机名对应本地ip的映射,如下:
192.168.1.192 Bingscan
这样的话,在执行kafka消费的时候才不会报错:
sh /usr/local/kafka/bin/kafka-console-consumer.sh --zookeeper 192.168.1.192:2181 --topic waf_logger --from-beginning
安装mysql
第1步、yum安装mysql
[root@stonex ~]# yum -y install mysql-server
安装结果:
Installed:
mysql-server.x86_64 0:5.1.73-3.el6_5
Dependency Installed:
mysql.x86_64 0:5.1.73-3.el6_5 perl-DBD-MySQL.x86_64 0:4.013-3.el6 perl-DBI.x86_64 0:1.609-4.el6
第2步、设置开机启动
[root@stonex ~]# chkconfig mysqld on
第3步、启动MySql服务
[root@stonex ~]# service mysqld start
第4步、设置MySQL的root用户设置密码
[root@stonex ~]# mysql -u root
Welcome to the MySQL monitor. Commands end with ; or \g.
...... 省略了一些行
mysql> select user,host,password from mysql.user;
查询用户的密码,都为空,用下面的命令设置root的密码为root
mysql> set password for root@localhost=password('root');
mysql> exit
第5步、用新密码登陆
[root@stonex ~]# mysql -u root -p
第6步、基本命令
show databases; //查看系统已存在的数据库
use databasesname; //选择需要使用的数据库
drop database databasename; //删除选定的数据库
exit //退出数据库的连接
create database test01; //建立名为test的数据库
show tables; // 列出当前数据库下的表
其他基本的增删改查使用标准SQL即可
第7步、开放远程登录权限
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'root' WITH GRANT OPTION;
FLUSH PRIVILEGES;
关于lua+nginx全局变量和共享内存的区别;
共享内存:是在nginx上启动时加载开辟的内存空间,用于数据交换存储,动态,可以自由增加删除,并且在所有worker间共享;
全局变量:仅限在lua内部的机制,在Lua VM中开辟的全局变量,仅限在lua层使用,不会共享到worker中;
+++++++
先知道:nginx在启动后,在unix系统中会以daemon的方式在后台运行,后台进程包含一个master进程和多个worker进程。
+++++++
关于优先级:结论是,在实际的情况下,共享内存shared会先于全局变量创建,并且覆盖到所有的worker里面,也就是在每次reload的时候,先以daemon启动后,在创建master和worker的同时就创建了shared,然后才到lua的vm创建,最后才出现全局变量。理论上优先级共享缓存比lua全局变量要优先。
关于性能问题:结论是,在实际情况下,nginx的共享内存shared会更快些,因为直接转成buffer,在请求的生命周期里面,会优先访问shared再到lua,访问lua的时候还得过一道VM(lua的虚拟机)。
++++++++++++