BentCoder's questions

我无法让 php-fpm 错误日志出现在 docker std 中。到目前为止，我已经尝试了很多建议，但由于某种原因根本没有进展。我正在发布我的整个设置，以便有人可以帮助我正确的方向。我所看到的只是app_php_1 | 172.21.0.7 - 06/Apr/2019:12:26:37 +0000 "GET /index.php" 500

PHP-FPM

Dockerfile

FROM php:7.2.13-fpm-alpine3.8

RUN apk update \
 && apk add --no-cache $PHPIZE_DEPS \
    bash git zip unzip

RUN docker-php-ext-install opcache
RUN docker-php-ext-enable opcache

RUN rm -rf /var/cache/apk/*

COPY php.ini /usr/local/etc/php/conf.d/php.override.ini
COPY www.conf /usr/local/etc/php-fpm.d/www.conf

WORKDIR /app

CMD ["php-fpm", "--nodaemonize"]

php.ini

[php]
date.timezone=UTC
log_errors=On
error_reporting=E_ALL & ~E_DEPRECATED & ~E_STRICT
display_errors=Off
max_execution_time=60
memory_limit=256M

[opcache]
opcache.enable_cli=1
opcache.memory_consumption=256
opcache.max_accelerated_files=20000
realpath_cache_size=4096K
realpath_cache_ttl=600

www.conf

[global]
daemonize=no

[www]
user=www-data
group=www-data

listen=app_nginx:9000

pm=dynamic
pm.max_children=30
pm.start_servers=2
pm.min_spare_servers=2
pm.max_requests=1000

NGINX

Dockerfile

FROM nginx:1.15.8-alpine

RUN apk add --no-cache bash

RUN rm -rf /var/cache/apk/*

COPY app.conf /etc/nginx/conf.d/default.conf
COPY nginx.conf /etc/nginx/nginx.conf
COPY app_ssl.crt /etc/ssl/certs/app_ssl.crt
COPY app_ssl.key /etc/ssl/private/app_ssl.key

应用程序配置文件

server {
    listen 80;

    server_name localhost;

    root /app/public;

    listen 443 default_server ssl;
    ssl_certificate /etc/ssl/certs/app_ssl.crt;
    ssl_certificate_key /etc/ssl/private/app_ssl.key;

    location / {
        try_files $uri /index.php$is_args$args;
    }

    location ~ ^/index\.php(/|$) {
        fastcgi_pass app_php:9000;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        fastcgi_hide_header X-Powered-By;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        fastcgi_param DOCUMENT_ROOT $realpath_root;
        internal;
    }

    location ~ \.php$ {
        return 404;
    }
}

nginx.conf

user nginx;

worker_processes 2;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

events {
    worker_connections 1024;

    use epoll;
}

http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    log_format json_combined escape=json
      '{'
        '"time_local":"$time_local",'
        '"remote_addr":"$remote_addr",'
        '"remote_user":"$remote_user",'
        '"request":"$request",'
        '"status": "$status",'
        '"body_bytes_sent":"$body_bytes_sent",'
        '"request_time":"$request_time",'
        '"http_referrer":"$http_referer",'
        '"http_user_agent":"$http_user_agent"'
      '}';

    access_log /var/log/nginx/access.log json_combined;

    fastcgi_buffers 8 16k;
    fastcgi_buffer_size 32k;
    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;

    keepalive_timeout 65;

    server_tokens off;

    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection '1; mode=block';
    add_header X-Frame-Options DENY;
    add_header Strict-Transport-Security 'max-age=31536000; includeSubdomains; preload';
    add_header 'Referrer-Policy' 'no-referrer-when-downgrade';

    types_hash_max_size 2048;

    gzip on;

    include /etc/nginx/conf.d/*.conf;
}

码头工人-compose.yml

version: "3"

services:
  app_php:
    build:
      context: "./php"
    volumes:
      - "../..:/app:consistent"
  app_nginx:
    build:
      context: "./nginx"
    ports:
      - "5080:80"
      - "5443:443"
    volumes:
      - "../..:/app:consistent"
    depends_on:
      - "aapp_php"

我尝试了什么

我彼此独立地尝试了这些/文件，而不是一次完成。

• 更改/proc/self/fd/2为/dev/stdout/ /dev/stderrforerror_log和文件中的access.log属性/usr/local/etc/php-fpm.d/docker.conf。

• 在文件底部添加了以下代码www.conf。

catch_workers_output = yes
php_flag[display_errors] = off
php_admin_flag[log_errors] = on
php_admin_value[error_log] = /var/log/php-fpm-error.log
php_admin_value[error_log] = /dev/stdout
php_admin_value[error_log] = /dev/stderr

• 还有一些，但我忘记了。

我已经设置了一个代理服务器，它将客户端请求转发到到目前为止工作正常的上游服务器。但是，我要解决的问题是强制上游服务器记录代理服务器的请求 ID。这可能吗？只是为了让您知道$_SERVER上游服务器的变量包含[HTTP_X_REQUEST_ID] => 84708dd39a6c0c91e0d1a97404b40f75

代理服务器

配置

server {
    ...

    add_header              X-Request-ID       $request_id;
    proxy_set_header        X-Request-ID       $request_id;

    location ~ ^/api/(.*) {
        proxy_pass http://192.168.0.1:8080/$1$is_args$args;
    }

    ...
}

日志格式

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                '$status $body_bytes_sent "$http_referer" '
                '"$http_user_agent" "$http_x_forwarded_for" "$request_id"';

日志

172.17.0.1 ...... "84708dd39a6c0c91e0d1a97404b40f75"

上游服务器

配置

server {
    location ~ ^/index\.php(/|$) {
        fastcgi_pass php_server:9000;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        fastcgi_param DOCUMENT_ROOT $realpath_root;
        internal;
    }
}

日志格式

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                '$status $body_bytes_sent "$http_referer" '
                '"$http_user_agent" "$http_x_forwarded_for" "$request_id"';

日志

172.20.0.1 ...... "172.17.0.1" "7376e0cead9741e7ec07a9194efc80e6"

预期日志

172.20.0.1 ...... "172.17.0.1" "84708dd39a6c0c91e0d1a97404b40f75"

当我在 Ubuntu 中按照以下步骤操作时，NTP 已启用并同步。然而，在 Debian Jessie 中情况正好相反。有人知道 Debian 说“不”的原因吗？由于“当地时间”是正确的，我还应该担心吗？

采取的步骤

$ timedatectl set-timezone Europe/London

$ sudo apt-get install -y ntp

$ cat /etc/ntp.conf
driftfile /var/lib/ntp/ntp.drift
server 0.uk.pool.ntp.org iburst
server 1.uk.pool.ntp.org iburst
server 2.uk.pool.ntp.org iburst
server 3.uk.pool.ntp.org iburst
restrict 127.0.0.1
restrict ::1

$ service ntp stop
$ ntpd -gq
$ service ntp start

$ systemctl enable ntp
$ systemctl restart ntp

Debian 状态

$ timedatectl
      Local time: Sun 2018-05-27 08:57:32 BST
  Universal time: Sun 2018-05-27 07:57:32 UTC
        RTC time: Sun 2018-05-27 07:57:30
       Time zone: Europe/London (BST, +0100)
     NTP enabled: no
NTP synchronized: no
 RTC in local TZ: no
      DST active: yes
 Last DST change: DST began at
                  Sun 2018-03-25 00:59:59 GMT
                  Sun 2018-03-25 02:00:00 BST
 Next DST change: DST ends (the clock jumps one hour backwards) at
                  Sun 2018-10-28 01:59:59 BST
                  Sun 2018-10-28 01:00:00 GMT


$ ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
+h88-150-240-202 217.114.59.66    3 u   36   64    1   10.349   -1.919   0.882
*ntp3.wirehive.n 195.66.241.2     2 u   33   64    3   13.717   -0.094   1.398
+ns1.do.steersne 195.66.241.3     2 u   32   64    3    9.994   -1.230   0.947

Ubuntu 状态

$ timedatectl
      Local time: Sun 2018-03-14 10:51:48 GMT
  Universal time: Sun 2018-03-14 10:51:48 UTC
        RTC time: Sun 2018-03-14 10:51:46
       Time zone: Europe/London (GMT, +0000)
 Network time on: yes
NTP synchronized: yes
 RTC in local TZ: no

当我调用 NGINX 服务器时，它应该为存储在远程 PHP 服务器上的 php 文件提供服务。目前我得到404 Not Found - nginx/1.10.3 (Ubuntu). 如果我更改root /srv/www/site为root /var/www/html，它会成功地index.html从 NGINX 提供服务，因此请求实际上根本不会到达 PHP 服务器。

• PHP服务器：192.168.99.31（PHP 7.1.15）
• NGINX 服务器：192.168.99.32 ( nginx version: nginx/1.10.3 (Ubuntu))

如下所示，可以从 NGINX 服务器通过端口访问 PHP 服务器，9000因此我认为这里没有任何与连接相关的问题。

vagrant@nginx:~$ nc -zv 192.168.99.31 9000
Connection to 192.168.99.31 9000 port [tcp/*] succeeded!

PHP

vagrant@php:~$ cat /etc/php/7.1/fpm/pool.d/www.conf

[www]
user                   = www-data
group                  = www-data

listen                 = 9000
listen.allowed_clients = 192.168.99.32
listen.owner           = www-data
listen.group           = www-data

pm = dynamic
pm.max_children        = 5
pm.start_servers       = 2
pm.min_spare_servers   = 1
pm.max_spare_servers   = 3

-

vagrant@php:~$ dpkg --list | grep php

ii  php-common                       1:60+ubuntu16.04.1+deb.sury.org+1
ii  php7.1                           7.1.15-1+ubuntu16.04.1+deb.sury.org+2
ii  php7.1-cgi                       7.1.15-1+ubuntu16.04.1+deb.sury.org+2
ii  php7.1-cli                       7.1.15-1+ubuntu16.04.1+deb.sury.org+2
ii  php7.1-common                    7.1.15-1+ubuntu16.04.1+deb.sury.org+2
ii  php7.1-fpm                       7.1.15-1+ubuntu16.04.1+deb.sury.org+2
ii  php7.1-json                      7.1.15-1+ubuntu16.04.1+deb.sury.org+2
ii  php7.1-mbstring                  7.1.15-1+ubuntu16.04.1+deb.sury.org+2
ii  php7.1-mcrypt                    7.1.15-1+ubuntu16.04.1+deb.sury.org+2
ii  php7.1-mysql                     7.1.15-1+ubuntu16.04.1+deb.sury.org+2
ii  php7.1-opcache                   7.1.15-1+ubuntu16.04.1+deb.sury.org+2
ii  php7.1-readline                  7.1.15-1+ubuntu16.04.1+deb.sury.org+2
ii  php7.1-zip                       7.1.15-1+ubuntu16.04.1+deb.sury.org+2

-

vagrant@php:~$ cat /srv/www/site/index.php 
<?php
echo 'Hello from PHP host'.PHP_EOL;

NGINX

vagrant@nginx:~$ cat /etc/nginx/sites-available/default

server {
        listen 80 default_server;
        listen [::]:80 default_server;

        root /srv/www/site;
        index index.php index.html;
        server_name _;

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass 192.168.99.31:9000;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
        }

        location ~ /\.ht {
                deny all;
        }

        error_log /var/log/nginx/site_error.log;
        access_log /var/log/nginx/site_access.log;
}

-

vagrant@nginx:~$ cat /etc/nginx/snippets/fastcgi-php.conf

fastcgi_split_path_info ^(.+\.php)(/.+)$;
try_files $fastcgi_script_name =404;
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_index index.php;
include fastcgi.conf;

-

vagrant@nginx:~$ cat /etc/nginx/fastcgi.conf

fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REQUEST_SCHEME     $scheme;
fastcgi_param  HTTPS              $https if_not_empty;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

fastcgi_param  REDIRECT_STATUS    200;

我有这个 HAProxy 配置，如您所见，我在backends 中有很多重复的东西。有没有办法摆脱重复，例如stats？

global
    log 127.0.0.1 local0
    log 127.0.0.1 local1 notice
    daemon
    maxconn 2000

defaults
    log global
    mode http
    option httplog
    option dontlognull
    retries 3
    option redispatch
    timeout connect 5000ms
    timeout client 50000ms
    timeout server 50000ms

frontend http-in
    bind *:80
    acl url_a path_reg ^\/a$|\/a\/
    use_backend webservers_a if url_a
    acl url_b path_reg ^\/b$|\/b\/
    use_backend webservers_b if url_b
    default_backend webservers_main

backend webservers_main
    mode http
    stats enable
    stats auth admin:admin
    stats uri /haproxy?stats
    balance roundrobin
    option httpchk
    option forwardfor
    option http-server-close
    server web1 192.168.50.21:80 maxconn 32 check

backend webservers_a
    mode http
    stats enable
    stats auth admin:admin
    stats uri /haproxy?stats
    balance roundrobin
    option httpchk
    option forwardfor
    option http-server-close
    server web2 192.168.50.22:80 maxconn 32 check

backend webservers_b
    mode http
    stats enable
    stats auth admin:admin
    stats uri /haproxy?stats
    balance roundrobin
    option httpchk
    option forwardfor
    option http-server-close
    server web3 192.168.50.23:80 maxconn 32 check

首先，我对 HAProxy 堆栈的体验只有一天之久，所以我希望我的问题是有道理的。

我有 2 个 HAProxy 虚拟机和 2 个 Apache 虚拟机（流浪机器），如下所示。

192.168.50.11 HAPROXY VM1
192.168.50.12 HAPROXY VM2
192.168.50.21 APACHE VM1
192.168.50.22 APACHE VM2

192.168.50.10 FLOATING IP - set in keepalived of both HAProxy servers above

如果我关闭其中一台 Apache 服务器并且呼叫http://192.168.50.10系统仍然可以正常工作，那很好。但是，如果我关闭其中一台 HAProxy 服务器，整个服务就会关闭。根据我下面的配置，你能告诉我我在这里缺少什么吗？

两台服务器上的 HAProxy 设置

/etc/default/haproxy

ENABLED=1

/etc/haproxy/haproxy.cfg

global
    log /dev/log local0
    log 127.0.0.1 local1 notice
    user haproxy
    group haproxy
    maxconn 2000
    daemon

defaults
    log global
    mode http
    option httplog
    option dontlognull
    retries 3
    option redispatch
    timeout connect 5000
    timeout client 50000
    timeout server 50000

listen webservers 192.168.50.10:80
    balance roundrobin
    stats enable
    stats auth admin:admin
    stats uri /haproxy?stats
    option httpchk
    option forwardfor
    option http-server-close
    server webserver1 192.168.50.21:80 check
    server webserver2 192.168.50.22:80 check

两台服务器上的保持设置

/etc/sysctl.conf

net.ipv4.ip_nonlocal_bind=1

等/keepalived/keepalived.conf

vrrp_script chk_haproxy {
    script "killall -0 haproxy"
    #Ping every 2 seconds
    interval 2
    weight 2
}

vrrp_instance VI_1 {
    interface eth0
    state MASTER
    virtual_router_id 51
    priority 11
    virtual_ipaddress {
        192.168.50.10
    }
    track_script {
        chk_haproxy
    }
}

注意：仅priority取决于 VM，因此它适用priority 11于192.168.50.11 HAPROXY VM1机器和机器。priority 12192.168.50.12 HAPROXY VM2

我在阅读下面的博客文章后创建了这个示例。

• 在 Debian Lenny 上使用 HAProxy/Keepalived 设置高可用性负载均衡器（具有故障转移和会话支持）
• 如何使用 KEEPALIVED 设置 HAProxy

我有两个HAProxy虚拟机和两个 Apache 虚拟机（流浪机器），如下所示。

192.168.50.11 HAPROXY VM1
192.168.50.12 HAPROXY VM2
192.168.50.21 APACHE VM1
192.168.50.22 APACHE VM2

我遇到的问题是 Apacheaccess.log文件每秒都在增长，因为即使没有来自任何客户端的请求，两个 HAProxy 服务器都在 ping 两个 Apache 服务器。我需要停止记录不必要的日志，如下所示。我在两个 HAProxy 服务器上都运行了 keepalived 服务。

$sudo tail -f /var/log/apache2/access.log

192.168.50.11 - - [09/Jul/2016:12:46:49 +0000] "OPTIONS / HTTP/1.0" 200 180 "-" "-"
192.168.50.11 - - [09/Jul/2016:12:46:51 +0000] "OPTIONS / HTTP/1.0" 200 180 "-" "-"
192.168.50.12 - - [09/Jul/2016:12:46:51 +0000] "OPTIONS / HTTP/1.0" 200 180 "-" "-"
192.168.50.11 - - [09/Jul/2016:12:46:51 +0000] "OPTIONS / HTTP/1.0" 200 180 "-" "-"
192.168.50.11 - - [09/Jul/2016:12:46:53 +0000] "OPTIONS / HTTP/1.0" 200 180 "-" "-"
192.168.50.12 - - [09/Jul/2016:12:46:53 +0000] "OPTIONS / HTTP/1.0" 200 180 "-" "-"
192.168.50.11 - - [09/Jul/2016:12:46:53 +0000] "OPTIONS / HTTP/1.0" 200 180 "-" "-"
192.168.50.11 - - [09/Jul/2016:12:46:55 +0000] "OPTIONS / HTTP/1.0" 200 180 "-" "-"
192.168.50.12 - - [09/Jul/2016:12:46:55 +0000] "OPTIONS / HTTP/1.0" 200 180 "-" "-"
192.168.50.11 - - [09/Jul/2016:12:46:55 +0000] "OPTIONS / HTTP/1.0" 200 180 "-" "-"
.......
.......

这些不是任何人的实际要求。

haproxy.cfg

global
    log /dev/log local0
    log 127.0.0.1 local1 notice
    user haproxy
    group haproxy
    maxconn 2000
    daemon

defaults
    log global
    mode http
    option httplog
    option dontlognull
    retries 3
    timeout connect 5000
    timeout client 50000
    timeout server 50000

frontend http-in
    bind 192.168.50.10:80
    default_backend webservers

backend webservers
    balance roundrobin
    stats enable
    stats auth admin:admin
    stats uri /haproxy?stats
    option httpchk
    option forwardfor
    option http-server-close
    server webserver1 192.168.50.21:80 check
    server webserver2 192.168.50.22:80 check