nginx配置https网站和按照域名划分虚拟主机 server { listen 80; listen [::]:80; server_name zhangmingrui.cool; return 301 https://$host$request_uri; } server { listen 80; listen [::]:80; server_name doc.zhangmingrui.cool; return 301 https://$host$request_uri; } {callout color="#f0ad4e"}说明：此处按域名不同配置了两个虚拟主机，监听ipv4/ipv6网段对80端口的访问；return行的目的是把所有的HTTP请求重定向到https，强制所有的访问都走https模式。{/callout}server { if (!-e $request_filename) { rewrite ^(.*)$ /index.php$1 last; } listen 443 ssl; server_tokens off; keepalive_timeout 5; root /usr/share/nginx/html; index index.php index.html; server_name zhangmingrui.cool; ssl_certificate /etc/nginx/conf.d/zhangmingrui.cool_bundle.crt; ssl_certificate_key /etc/nginx/conf.d/zhangmingrui.cool.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; location ~ \.php(\/.*)*$ { root /usr/share/nginx/html; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; include fastcgi_params; client_max_body_size 20m; fastcgi_connect_timeout 30s; fastcgi_send_timeout 30s; fastcgi_read_timeout 30s; fastcgi_intercept_errors on; } }{callout color="#f0ad4e"}说明：该段配置是启用https功能。if判断的功能是为了将动态链接伪装成静态链接。ssl_certificate 与 ssl_certificate_key是配置公私钥，其后跟的是公私钥的存储地址。{/callout}{abtn icon="fa-download" color="#ff6800" href="https://doc.zhangmingrui.cool/usr/uploads/2024/01/2854896986.conf" radius="17.5" content="下载nginx配置文件（default.conf）"/}{abtn icon="fa-download" color="#ff6800" href="https://doc.zhangmingrui.cool/usr/uploads/2024/01/807304331.conf" radius="17.5" content="下载nginx配置文件（https.conf）"/}

kubernetes管理节点安装过程 k8s管理节点安装过程： { } 1.配置镜像仓库 { } 2.配置防火墙规则 { } 3.安装软件包（maser） { } 4.镜像导入仓库 { } 5.Tab检设置 { } 6.安装代理软件包 { } 7.配置master主机环境 { } 8.使用kubeadm部署 { } 9.验证安装结果1.配置镜像仓库 本例中使用docker-distribution软件包来做镜像仓库（配置非常简单）。生产环境中一般使用harbor来做镜像仓库。docker-distribution提供的仓库功能非常简陋，使用http通信，没有访问认证功能，因此一般用于内网环境。其优点是安装方便使用简单。{callout color="#f0ad4e"}该私有仓库默认监听端口是5000，镜像存放地址为/var/lib/registry/目录。以下操作在用作私有仓库的主机上配置。{/callout}yum install -y docker-distribution systemctl enable --now docker-distribution curl -s http://registry:5000/v2/_catalog备注：因没有修改hosts文件，故上图示例在访问仓库时使用了ip地址的方式。2.配置防火墙规则 {callout color="#f0ad4e"}禁用 selinux，禁用 swap，卸载 firewalld-*{/callout}3.安装软件包（maser） {callout color="#f0ad4e"}安装kubeadm、kubectl、kubelet、docker-ce软件包，以下操作在master主机上进行{/callout}yum makecache yum install -y kubeadm kubelet kubectl docker-ce mkdir -p /etc/docker vim /etc/docker/daemon.json { "exec-opts":["native.cgroupdriver=systemd"], "registry-mirrors":["http://registry:5000","https://hub-mirror.c.163.com"], "insecure-registries":["192.168.1.30:5000","registry:5000"] }{callout color="#f0ad4e"}说明：1.native.cgroupdriver=systemd: 让docker是用与kubelet相同的驱动模式2.registry-mirrors：镜像仓库3.insecure-registries：私有仓库地址4.总的来说，该json文件第一行是指定k8s使用的驱动模式，第二行是告诉k8s镜像仓库的地址，第三行是告诉k8s私有仓库的地址。{/callout}4.镜像导入仓库#查看安装kubernetes所需要的容器 kubeadm config images list k8s.gcr.io/kube-apiserver:v1.22.5 k8s.gcr.io/kube-controller-manager:v1.22.5 k8s.gcr.io/kube-scheduler:v1.22.5 k8s.gcr.io/kube-proxy:v1.22.5 k8s.gcr.io/pause:3.5 k8s.gcr.io/etcd:3.5.0-0 k8s.gcr.io/coredns/coredns:v1.8.4将以上软件包下载好之后打包上传到master主机上。docker load -i init/v1.22.5.tar.xz docker images|while read i t _;do [[ "${t}" == "TAG" ]] && continue docker tag ${i}:${t} registry:5000/k8s/${i##*/}:${t} docker push registry:5000/k8s/${i##*/}:${t} docker rmi ${i}:${t} registry:5000/k8s/${i##*/}:${t} donecurl -s http://registry:5000/v2/_catalog|python -m json.tool { "repositories": [ "k8s/coredns", "k8s/etcd", "k8s/kube-apiserver", "k8s/kube-controller-manager", "k8s/kube-proxy", "k8s/kube-scheduler", "k8s/pause" ] }5.Tab检设置source <(kubeadm completion bash|tee /etc/bash_completion.d/kubeadm) source <(kubectl completion bash|tee /etc/bash_completion.d/kubectl)6.安装代理软件包#k8s可以调用lvs进行负载均衡，但需要提前安装好软件包 yum install -y ipvsadm ipset7.配置master主机环境for i in overlay br_netfilter;do modprobe ${i} echo "${i}" >>/etc/modules-load.d/containerd.conf done{callout color="#f0ad4e"}modprobe overlay 载入overlay内核模块modprobe命令用于载入内核模块rmmod 删除内核模块（rmmod overlay）lsmod| grep overlay 用于查看模块是否载入{/callout}cat >/etc/sysctl.d/99-kubernetes-cri.conf<<EOF net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 EOF sysctl --system{callout color="#f0ad4e"}sysctl --system将配置的文件和子文件一起载入sysctl -p 只是载入默认配置{/callout}8.使用kubeadm部署kubeadm init --config=init/kubeadm-init.yaml --dry-run{callout color="#f0ad4e"}预安装，会输出若干信息，没有 Error 和 Warning 就是正常。{/callout}rm -rf /etc/kubernetes/tmp kubeadm init --config=init/kubeadm-init.yaml |tee init/init.log mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config{dotted startColor="#ff6c6c" endColor="#1989fa"/}应答文件创建方式#创建模板文件 kubeadm config print init-defaults > init.yaml #查询kube proxy配置信息 kubeadm config print init-defaults --component-configs KubeProxyConfiguration #查询kubeletConfiguration配置信息 kubeadm config print init-defaults --component-configs KubeletConfiguration #查询当前版本信息(以yaml格式展示) kubeadm version -o yaml #编辑应答文件，生成完整的应答文件应答文件部分内容解读12: advertiseAddress: 192.168.1.50 #管理节点的IP地址 15：criSocket: /var/run/dockershim.sock #Runtime的socket地址 17：name: master #管理节点的名称 30：imageRepository: registry:5000/k8s #私有仓库地址 32：kubernetesVersion: 1.22.5 #版本信息，镜像标签 35：podSubnet: 10.244.0.0/16 #pod地址段（新添加的信息） 36：serviceSubnet: 10.245.0.0/16 #service地址段 #在文件最后追加，启用IPVS模式 --- kind: KubeProxyConfiguration apiVersion: kubeproxy.config.k8s.io/v1alpha1 mode: ipvs ipvs: strictARP: true #设置kubelet使用的Croup驱动模式为systemd --- kind: KubeletConfiguration apiVersion: kubelet.config.k8s.io/v1beta1 cgroupDriver: systemd9.验证安装结果kubectl cluster-info Kubernetes control plane is running at https://192.168.1.50:6443 CoreDNS is running at https://192.168.1.50:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'. kubectl get nodes NAME STATUS ROLES AGE VERSION master NotReady control-plane,master 90s v1.22.5{abtn icon="fa-download" color="#ff6800" href="https://doc.zhangmingrui.cool/usr/uploads/2024/01/3144342264.yaml" radius="17.5px" content="点击下载init.yaml文件"/}

nginx配置文件详解 #user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / { root html; index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} }

docker搭建nginx与php的compose文件 说明： 　1.php容器为了能与nginx容器通信，网络模式需要设置为container，与nginx共用网卡。为确保php容器的正常启动，需要设置容器间的启动顺序，也就是依赖，因此添加了 depends_on字段，以确保先启动nginx容器，之后再启动php容器。 　 2.为了保存网站数据，需要设置存储映射。html目录下存在网站文件，conf目录下存放nginx配置文件，log目录下存放日志文件。本文中的示例是一个容器内配置了两个网址，故存储映射分别做了两遍。为了确保php也能访问到网站数据，需要在php容器中进行html目录的映射。 　 3.开启https需要配置公钥与私钥，相关配置需要在nginx配置中修改。 　 4.nginx与php通信有两种方式。一种是通过9000端口，这需要php监听9000端口。当nginx发现有php访问请求时会把该请求转发给9000端口，php监听到请求后处理请求然后将处理结果返回给nginx，nginx再将结果返回给用户。另一种方式是使用sock文件。 　 5.对小网站而言两种处理php请求的效率区别不大，但在高并发大访问量的网站中，使用sock文件来处理php请求效率会高一些。 {mtitle title="yaml代码"/}{lamp/}version: "2" services: nginx: container_name: nginx image: nginx:latest environment: - TZ=Asia/Shanghai ports: - 80:80 - 443:443 volumes: - /website/html/:/usr/share/nginx/html/ - /website/conf/:/etc/nginx/conf.d/ - /website/log/:/var/log/nginx/ - /website/doc_html/:/usr/share/nginx/doc_html/ php: container_name: php image: php:7.4-fpm volumes: - /website/html/:/usr/share/nginx/html - /website/doc_html/:/usr/share/nginx/doc_html/ network_mode: "container:nginx" restart: always depends_on: - nginx {abtn icon="fa-arrow-circle-o-down" color="#ff6800" href="https://doc.zhangmingrui.cool/usr/uploads/2024/01/96183612.yaml" radius="17.5px" content="点击下载yaml文件"/}

php 8.2 安装过程 本次安装php8.2使用的是源码包安装方法。该方法可以按照实际需要配置php模块，灵活度较高。安装过程比较简单，主要是安装php所需要的依赖比较繁琐。下文就比较常见的依赖包安装方法进行了归纳汇总。#下载php8.3.1软件包 curl -o /root/php-8.3.1.tar.gz https://www.php.net/distributions/php-8.3.1.tar.gz #解压缩 tar xf php-8.3.1.tar.gz #配置阿里云yum源 rm -rf /etc/yum.repos.d/*.repo curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo yum makecache #安装编译工具 yum -y install gcc make #进入php源码包目录 cd php-8.3.1 #使用./configure自定义需要的模块，生成Makefile文件 ./configure --prefix=/usr/local/php/ --build=x86_64-linux-gnu --with-config-file-path=/usr/local/etc/php --with-config-file-scan-dir=/usr/local/etc/php/conf.d --enable-option-checking=fatal --with-mhash --with-pic --enable-ftp --enable-mbstring --enable-mysqlnd --with-password-argon2 --with-sodium=shared --with-pdo-sqlite=/usr --with-sqlite3=/usr --with-curl --with-iconv --with-openssl --with-readline --with-zlib --disable-phpdbg --with-pear --with-libdir=lib/x86_64-linux-gnu --disable-cgi --enable-fpm --with-fpm-user=www-data --with-fpm-group=www-data --with-mysqli #根据提示安装需要的依赖 yum -y install libxml2 libxml2-devel yum -y install openssl-devel yum -y install sqlite-devel yum -y install libcurl-devel yum -y install readline-devel #安装依赖oniguruma包 mkdir /root/onigur cd /root/onigur/ curl -o /root/onigur/oniguruma-devel-6.8.2-2.el8.x86_64.rpm \ http://mirror.centos.org/centos/8-stream/PowerTools/x86_64/os/Packages/oniguruma-devel-6.8.2-2.el8.x86_64.rpm curl -o /root/onigur/oniguruma-6.8.2-2.el8.x86_64.rpm \ http://mirror.centos.org/centos/8-stream/AppStream/x86_64/os/Packages/oniguruma-6.8.2-2.el8.x86_64.rpm yum -y install oniguruma-devel-6.8.2-2.el8.x86_64.rpm yum -y install oniguruma-6.8.2-2.el8.x86_64.rpm #安装依赖libsodium包 curl -o /root/last.tar https://download.libsodium.org/libsodium/releases/LATEST.tar.gz tar -zxf LATEST.tar.gz cd libsodium-stable/ ./configure make && make install vim /etc/profile export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig source /etc/profile pkg-config --list-all | grep libsodium #查看是否安装成功 #安装依赖libargon2 curl -O https://dl.fedoraproject.org/pub/epel/8/Everything/x86_64/Packages/l/libargon2-20171227-3.el8.x86_64.rpm curl -O https://dl.fedoraproject.org/pub/epel/8/Everything/x86_64/Packages/l/libargon2-devel-20171227-3.el8.x86_64.rpm yum -y install libargon2-20171227-3.el8.x86_64.rpm libargon2-devel-20171227-3.el8.x86_64.rpm #安装php cd /root/php-8.3 make && make installphp ./configure通过后，会出现下图所示提示make install后会显示如下界面