


  • CGI方式,web服务器会fork一个新的子进程来运行外部的解释器,动态资源交给子进程处理完毕后,将处理完的数据返回给web服务器,这个子进程也随之退出,如果用户下次还请求动态脚本,WEB服务器需要fork一个新的进程再次处理;

  • 而FastCGI则不属于HTTPD子进程的单独程序,开启后会持续等待并处理请求,当web服务器收到请求动态脚本时,WEB服务器将内容传递给fastcgi单独的进程,这个进程可以通过UDS方式将数据交给本机的解释器处理代码,也可以通过tcp封装后交给远端的服务器处理,处理完毕后进程也不会退出,而是持续监听新的动态资源请求;

2、 编译安装基于fastcgi模式的多虚拟主机的wordpress和discuz的LAMP架构

执行环境:基于key验证的SSH已配置;inventory包含[localhost] [websrv] [mysql]三个组;两台虚拟机,控制器IP:;被控主机:同时属于websrv和mysql);

[root@centos8-1 ansible]# cat inventory 


[root@centos8-1 ansible]# cat ansible.cfg 
inventory = inventory
remote_user = root
host_key_checking = false
module_name = shell





discuz 3.3版本的需要使用5.7版本的mysql,否则discuz安装是sql语句会执行失败。


- hosts: all
    - phpfpm_ip:
    - httpdfile: httpd-2.4.52
    - aprfile: apr-1.7.0
    - aprutilfile: apr-util-1.6.1
    - mysqlfile: mysql-5.7.35-linux-glibc2.12-x86_64.tar.gz
    - mysqlpath: mysql-5.7.35-linux-glibc2.12-x86_64
    - mysqlversion: MySQL-5.7
    - apppath: /usr/local
    - apache_path: /data/httpd24
    - apachefile: /data/httpd24/conf/httpd.conf
    - oniguruma_url: https://github.com/kkos/oniguruma/archive/v6.9.4.tar.gz
    - oniguruma: oniguruma-6.9.4
    - oniguruma_file: /usr/lib64/pkgconfig/oniguruma.pc
    - phpsource: php-7.4.27
    - phppath: /data/php74
    - php_file: "/data/php74/var/run/php-fpm.pid"
    - wp_url: https://cn.wordpress.org/latest-zh_CN.tar.gz
    - wp_name: latest-zh_CN.tar.gz
    - discuz_url: http://download.comsenz.com/DiscuzX/3.3/Discuz_X3.3_SC_UTF8.zip
    - discuz_name: Discuz_X3.3_SC_UTF8.zip
      name: lisenallowedclients
      prompt: "你希望通过哪台主机连接php-fpm?(请输入IP地址,如:" 
      private: no
    - name: 控制主机集中下载软件(mysql不是集中下载,懒得改了),然后分发到被控主机,同时节约机器,控制主机作为php-fpm server
        - shell: setenforce 0
          ignore_errors: true
        - service: name=firewalld state=stopped enabled=no
        - replace: path=/etc/selinux/config regexp="^(SELINUX=).*" replace="\1disabled" backup=yes
        - name: 文件下载
            - shell: ls -1 /root/
              register: lsroot
              ignore_errors: yes
            - get_url: url="https://mirror.tuna.tsinghua.edu.cn/apache/httpd/{{httpdfile}}.tar.bz2" dest=/root/ validate_certs=false
              when: "(httpdfile + '.tar.bz2') not in lsroot.stdout_lines"
            - get_url: url="https://mirror.tuna.tsinghua.edu.cn/apache/apr/{{aprfile}}.tar.bz2" dest=/root/ validate_certs=false
              when: "(aprfile + '.tar.bz2') not in lsroot.stdout_lines"
            - get_url: url="https://mirror.tuna.tsinghua.edu.cn/apache/apr/{{aprutilfile}}.tar.bz2" dest=/root/ validate_certs=false
              when: "(aprutilfile + '.tar.bz2') not in lsroot.stdout_lines"
            - get_url: url="{{oniguruma_url}}" dest="/root/{{oniguruma}}.tar.gz"
              when: "(oniguruma + '.tar.gz') not in lsroot.stdout_lines"
            - get_url: url="https://www.php.net/distributions/{{phpsource}}.tar.xz" validate_certs=false dest=/root/
              when: "(phpsource + '.tar.xz') not in lsroot.stdout_lines"
            - name: 下载wordpress
              get_url: url="{{wp_url}}" validate_certs=false dest=/root/latest-zh_CN.tar.gz
              when: "wp_name not in lsroot.stdout_lines"
            - shell: mv wordpress* latest-zh_CN.tar.gz
              ignore_errors: true
            - name: 下载discuz
              get_url: url="{{discuz_url}}" validate_certs=false dest=/root/
              when: "discuz_name not in lsroot.stdout_lines"
        - name: oniguruma编译安装
            - unarchive: src=/root/{{oniguruma}}.tar.gz dest=/root/ copy=no
            - yum: name="gcc,openssl-devel,libxml2-devel,bzip2-devel,libmcrypt-devel,sqlite-devel,autoconf,automake,libtool" state=latest
            - wait_for: path=/root/{{oniguruma}}/autogen.sh state=present
            - shell: chdir=/root/{{oniguruma}} ./autogen.sh && ./configure --prefix=/usr
              register: onigurumaconfig
            - shell: chdir=/root/{{oniguruma}} make -j 2 && make install
              when: onigurumaconfig.rc == 0
          when: "oniguruma_file is not exists"
        - name: php-fpm编译安装
            - unarchive: src=/root/{{phpsource}}.tar.xz dest=/root/ copy=no
            - wait_for: path=/root/{{phpsource}} state=present
            - shell: chdir=/root/{{phpsource}} ./configure --prefix={{phppath}} --enable-mysqlnd --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-openssl --with-zlib  --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --enable-mbstring --enable-xml --enable-sockets --enable-fpm --enable-maintainer-zts --disable-fileinfo
              register: phpconfig
            - shell: chdir=/root/{{phpsource}} make -j 2 && make install
              when: phpconfig.rc == 0
            - wait_for: path="{{phppath}}" state=present
            - name: 添加man帮助
              lineinfile: path=/etc/man_db.conf insertafter="^MANDATORY_MANPATH" line="MANDATORY_MANPATH           {{phppath}}/php/man"
            - block:
                - copy: src={{phppath}}/{{item.k}} dest={{phppath}}/{{item.v}} remote_src=yes
                    - {k: etc/php-fpm.conf.default, v: etc/php-fpm.conf}
                    - {k: etc/php-fpm.d/www.conf.default, v: etc/php-fpm.d/www.conf}
                - name: 修改php-fpm.conf文件
                  lineinfile: path={{phppath}}/etc/php-fpm.conf regexp="{{item.k}}" line="{{item.v}}" backrefs=true
                    - {k: ^;pid(.*)$, v: pid\1 }
                    - {k: ^;error_log(.*)$, v: error_log\1}
                - name: 修改www.conf文件
                  lineinfile: path={{phppath}}/etc/php-fpm.d/www.conf regexp="{{item.k}}" line="{{item.v}}" backrefs=true
                    - {k: ^user = nobody, v: user = apache}
                    - {k: ^group = nobody, v: group = apache}
                    - {k: ^listen.*, v: listen = 9000}
                    - {k: ^;listen\.allowed_clients.*, v: "listen.allowed_clients = {{lisenallowedclients}}"}
                    - {k: ^;pm.status_path(.*), v: pm.status_path\1}
                    - {k: ^;ping.path(.*), v: ping.path\1}
                    - {k: ^;ping.response(.*), v: ping.response\1}
                    - {k: ^;access.log(.*), v: access.log = /data/php74/var/log/access.log}
                    - {k: ^;access.format(.*), v: access.format\1}
                    - {k: "php_value[session.save_handler].*", v: "php_value[session.save_handler] = files"}
                - name: no matching line has to use "insertafter" option
                  lineinfile: path={{phppath}}/etc/php-fpm.d/www.conf insertafter="{{item.k}}" line="{{item.v}}"
                    - {k: "php_value[session.save_path].*", v: "php_value[session.save_path] = /data/php74/log/session"}
              tags: phpconfigfile
          when: "php_file is not exists"
        - block:
            - copy:
                content: |
                    # It's not recommended to modify this file in-place, because it
                    # will be overwritten during upgrades.  If you want to customize,
                    # the best way is to use the "systemctl edit" command
                    Description=The PHP FastCGI Process Manager
                    After=syslog.target network.target
                    ExecStart=/data/php74/sbin/php-fpm --daemonize
                    ExecReload=/bin/kill -USR2 $MAINPID
                dest: /usr/lib/systemd/system/php74-php-fpm.service
                mode: u+x
            - shell: systemctl daemon-reload
            - shell: id apache
              register: apacheid
              ignore_errors: true
            - block:
                - group: name=apache gid=992 system=yes state=present
                - user: name=apache system=yes uid=995 group=apache state=present shell=/sbin/nologin
              when: apacheid.rc != 0
            - service: name=php74-php-fpm.service state=restarted enabled=yes
          tags: phpservicefile
      when: "'localhost' in group_names"
      tags: phpfpminstall
    - name: 安装Apache
      stat: path="/data/httpd24/logs/httpd.pid"
      register: apachepid
      when: "'websrv' in group_names"
    - debug: 
        msg: "{{apachepid.stat.exists}}"
      when: "'websrv' in group_names"
    - block:
        - shell: setenforce 0
          ignore_errors: true
        - service: name=firewalld state=stopped enabled=no
        - replace: path=/etc/selinux/config regexp="^(SELINUX=).*" replace="\1disabled" backup=yes
        - yum: name="bzip2,gcc,make,pcre-devel,openssl-devel,expat-devel" state=latest
        - file: dest={{apache_path}} state=directory
        - unarchive: src=/root/{{ item }} dest=/root/ copy=yes
            - "{{httpdfile}}.tar.bz2"
            - "{{aprfile}}.tar.bz2"
            - "{{aprutilfile}}.tar.bz2"
        - shell: ls -1 /root/{{httpdfile}}/srclib
          register: lssrclib
          ignore_errors: yes
        - shell: mv /root/{{aprfile}} /root/{{httpdfile}}/srclib/apr
          when: "'apr' not in lssrclib.stdout_lines"
        - shell: mv /root/{{aprutilfile}} /root/{{httpdfile}}/srclib/apr-util
          when: "'apr-util' not in lssrclib.stdout_lines"
        - wait_for: path=/root/{{httpdfile}}/srclib/apr-util state=present
        - wait_for: path=/root/{{httpdfile}}/srclib/apr state=present
        - shell: chdir=/root/{{httpdfile}} ./configure --prefix={{apache_path}} --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-included-apr --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork
        - shell: chdir=/root/{{httpdfile}} make -j 2 && make install
          register: configurehttpd
        - fail: msg="httpd compilation fail!"
          when: configurehttpd.rc != 0
        - shell: id apache
          register: apacheid
          ignore_errors: true
        - block:
            - group: name=apache system=yes state=present
            - user: name=apache system=yes group=apache state=present shell=/sbin/nologin
          when: apacheid.rc != 0
        - shell: ls -1 {{apache_path}}/conf/httpd.conf
          register: httpdconf
          ignore_errors: yes
        - fail: msg="File not found!"
          when: httpdconf.rc != 0
        - block:
            - replace: path={{apache_path}}/conf/httpd.conf regexp="^(User).*" replace="\1  apache"
            - replace: path={{apache_path}}/conf/httpd.conf regexp="^(Group).*" replace="\1  apache"
        - shell: grep -iE "^user|^group" {{apache_path}}/conf/httpd.conf
          register: grepug
          ignore_errors: true
        - debug:
            msg: "{{grepug.stdout}}"
        - copy: content="PATH={{apache_path}}/bin:$PATH" dest=/etc/profile.d/httpd.sh
        - name: activate PATH_varia 
          shell: source /etc/profile.d/httpd.sh
        - shell: echo $PATH
          register: pathvari
        - debug:
            msg: "{{ pathvari.stdout }}"
        - name: insert httpd to mandb
          lineinfile: path=/etc/man_db.conf insertafter='^MANDATORY_MANPATH' line='MANDATORY_MANPATH           {{apache_path}}/man'
        - shell: mandb
        - name: set auto start
          lineinfile: path=/etc/rc.d/rc.local insertafter=EOF line="{{apache_path}}/bin/apachectl start" mode=u+x
        - file: dest=/usr/lib/systemd/system/httpd24.service state=touch force=yes
        - copy: 
            content: |
              Description=The Apache HTTP Server
              After=network.target remote-fs.target nss-lookup.target
              ExecStart={{apache_path}}/bin/apachectl start
              #ExecStart={{apache_path}}/bin/httpd $OPTIONS -k start
              ExecReload={{apache_path}}/bin/apachectl graceful
              #ExecReload={{apache_path}}/bin/httpd $OPTIONS -k graceful
              ExecStop={{apache_path}}/bin/apachectl stop
            dest: /usr/lib/systemd/system/httpd24.service
        - service: name=httpd24 state=started enabled=yes
          tags: sstart
        - block:
            - replace: path={{apache_path}}/conf/httpd.conf regexp="^(DocumentRoot).*" replace="\1 "/var/www/html""
            - lineinfile: path={{apache_path}}/conf/httpd.conf insertafter=EOF line="IncludeOptional conf.d/*.conf"
            - file: path={{item}} state=directory recurse=yes
                - "{{apache_path}}/conf.d"
                - /var/www/html
            - file: path={{apache_path}}/conf.d/myhttp.conf state=touch
            - copy: 
                content: |
                  <Directory "/var/www/html">
                  AllowOverride None
                  Require all granted
                dest: "{{apache_path}}/conf.d/myhttp.conf"
            - template:
                src: index.html.j2
                dest: /var/www/html/index.html
                force: yes
              ignore_errors: yes
            - service: name=httpd24 state=restarted enabled=yes
          tags: configblock
      when: "'websrv' in group_names"
    - name: 安装mysql
      stat: path="/data/mysql/{{ansible_hostname}}.pid"
      register: p
      when: "'mysql' in group_names"
    - debug: 
        msg: "{{p.stat.exists}}"
      when: "'mysql' in group_names"
    - block:
        - service:
            name: firewalld
            state: stopped
            enabled: no
        - shell: sed -r -i.bak 's/(^SELINUX=).*/\1disabled/g' /etc/selinux/config
        - shell: setenforce 0
          ignore_errors: true
        - yum: name="libaio,numactl-libs" state=present
        - shell: id mysql
          register: mysqlid
          ignore_errors: true
        - block:
            - group: name=mysql gid=306 system=yes state=present
            - user: name=mysql system=yes uid=306 group=mysql state=present home=/data/mysql shell=/bin/false
          when: mysqlid.rc != 0
        - shell: ls -1 /root/{{ mysqlfile }}
          register: mysqllsinfo
          ignore_errors: true
        - get_url: url="http://mirrors.163.com/mysql/Downloads/{{mysqlversion}}/{{mysqlfile}}" dest=/root/
          when: mysqllsinfo.rc != 0
        - file: dest=/data/mysql state=directory owner=mysql group=mysql
        - shell: ls -1 {{apppath}}/{{mysqlpath}}
          register: checkmysqlpath
          ignore_errors: true
        - unarchive: src=/root/{{ mysqlfile }} dest={{apppath}} copy=no
          when: checkmysqlpath.rc != 0
        - file: dest={{ apppath }}/mysql src={{ apppath }}/{{ mysqlpath }} state=link
        - file: dest={{apppath}}/mysql/ state=directory owner=root group=root recurse=yes
        - file: dest="{{ item.name }}" state="{{ item.state }}"
            - { name: '/etc/my.cnf', state: 'touch' }
            - { name: '/etc/my.cnf.d', state: 'directory' }
        - wait_for: path=/etc/my.cnf state=present
        - wait_for: path=/etc/my.cnf.d state=present
        - copy:
            content: |
              datadir = /data/mysql
              innodb_file_per_table = on
              skip_name_resolve = on 


              !includedir /etc/my.cnf.d
            dest: /etc/my.cnf
        - shell: ls -1a /data/mysql
          register: checkdatadirectory
        - shell: rm -rf /data/mysql/*
          when: checkdatadirectory["stdout_lines"] | length > 2
        - shell: "{{apppath}}/mysql/bin/mysqld --initialize-insecure --user=mysql --datadir=/data/mysql"
          register: initsql
        - debug:
            msg: "mysql database initialize Successed!"
          when: initsql.rc == 0
        - shell: echo 'PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
        - name: activate PATH_varia 
          shell: source /etc/profile.d/mysql.sh
        - shell: echo $PATH
          register: pathvari
        - debug:
            msg: "{{ pathvari.stdout }}"
        - copy: src={{apppath}}/mysql/support-files/mysql.server dest=/etc/init.d/mysqld remote_src=yes mode=u+x
        - shell: chkconfig --add mysqld
        - shell: chkconfig mysqld on
        - service: name=mysqld state=restarted enabled=yes
      when: "'mysql' in group_names"
    - name: 服务相关配置
        - file: dest=/data/php state=directory owner=apache group=apache
        - file: dest=/data/php74 owner=apache group=apache recurse=yes
          when: "'localhost' in group_names"
        - file: dest=/data/httpd24 owner=apache group=apache recurse=yes
          when: "'websrv' in group_names"
      when: 'group_names | intersect(["localhost","websrv"])'
      tags: servicefilecreate
    - block:
        - name: modify httpd.conf
          lineinfile: path={{apache_path}}/conf/httpd.conf regexp="{{item.k}}" line="{{item.v}}" backrefs=true
            - {k: ^#LoadModule proxy_module modules/mod_proxy.so, v: LoadModule proxy_module modules/mod_proxy.so}
            - {k: ^#LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so, v: LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so}
            - {k: "(\\s+DirectoryIndex).*", v: \1  index.php}
        - file: dest=/data/httpd24/conf.d/fcgi.conf state=touch owner=apache group=apache
        - block:
            - copy:
                content: |
                  ProxyRequests Off
                  AddType application/x-httpd-php .php

                  <virtualhost *:80>
                  servername blog.mxx.com
                  documentroot /data/php/blog
                  CustomLog {{apache_path}}/logs/blog_access.log combined
                  <directory /data/php/blog>
                  require all granted
                  AllowOverride None
                  ProxyPassMatch ^/(.*\.php)$  fcgi://{{phpfpm_ip}}:9000/data/php/blog/$1
                  ProxyPassMatch ^/(status|ping)$ fcgi://{{phpfpm_ip}}:9000/$1 

                  <virtualhost *:80>
                  servername discuz.mxx.com
                  documentroot /data/php/discuz
                  CustomLog {{apache_path}}/logs/discuz_access.log combined
                  <directory /data/php/discuz>
                  require all granted
                  AllowOverride None
                  ProxyPassMatch ^/(.*\.php)$  fcgi://{{phpfpm_ip}}:9000/data/php/discuz/$1
                dest: /data/httpd24/conf.d/fcgi.conf
                force: yes
            - service: name=httpd24 state=restarted
          tags: fastcgi
      when: "'websrv' in group_names"
      tags: apachefastcgi
    - name: 安装wordpress
        - unarchive: src=/root/latest-zh_CN.tar.gz dest=/root/ owner=apache group=apache
          when: 'group_names | intersect(["localhost","websrv"])'
        - shell: cp -a /root/wordpress /data/php/blog
          when: "'localhost' in group_names"
        - shell: cp -a /root/wordpress /data/php/blog
          when: "'websrv' in group_names"
        - name: 创建远程账户和数据库
            - shell: mysql -e "select user,host from mysql.user where host='%';"
              register: mysqlaccount
              ignore_errors: true
            - block:
                - shell: mysql -e "create user if not exists root@'%' identified by 'root';grant all on *.* to root@'%';"
                - shell: mysql -e "create database if not exists wordpress;"
          when: "'mysql' in group_names"
          tags: createsqlaccount
      tags: wordpressinstall
    - name: 安装discuz
        - copy: src=/root/{{discuz_name}} dest=/root/
        - yum: name=zip state=present
        - unarchive: src=/root/{{discuz_name}} dest=/root/ owner=apache group=apache
        #- shell: "unzip {{discuz_name}}"
        - shell: cp -a /root/upload /data/php/discuz
        - file: dest=/data/php/discuz state=directory owner=apache group=apache recurse=true
        - name: 创建远程账户和数据库
            - shell: mysql -e "create user if not exists root@'%' identified by 'root';grant all on *.* to root@'%';"
            - shell: mysql -e "create database if not exists discuz;"
          when: "'mysql' in group_names"
          tags: createsqlaccount2
      tags: discuzinstall

windows中设置hosts文件来模拟DNS解析: blog.mxx.com discuz.mxx.com log.mxx.com








