porting guide (web middleware)

Kunpeng BoostKit for Web

Porting Guide (Web Middleware)

Issue 13

Date 2021-07-15

HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2021. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without priorwritten consent of Huawei Technologies Co., Ltd. Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respectiveholders. NoticeThe purchased products, services and features are stipulated by the contract made between Huawei andthe customer. All or part of the products, services and features described in this document may not bewithin the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,information, and recommendations in this document are provided "AS IS" without warranties, guaranteesor representations of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute a warranty of any kind, express or implied.

Issue 13 (2021-07-15) Copyright © Huawei Technologies Co., Ltd. i

Contents

1 Nginx1.14.2 Porting Guide.................................................................................................... 11.1 Introduction............................................................................................................................................................................... 11.2 Environment Requirements................................................................................................................................................. 21.3 Configuring the Installation Environment...................................................................................................................... 21.3.1 Configuring a Network Proxy.......................................................................................................................................... 31.3.2 Configuring the Yum Source............................................................................................................................................ 31.3.3 Installing Dependencies..................................................................................................................................................... 51.3.4 Upgrading OpenSSL............................................................................................................................................................ 51.3.5 Disabling the Firewall.........................................................................................................................................................91.4 Installing Nginx........................................................................................................................................................................ 91.4.1 Installation Modes............................................................................................................................................................... 91.4.2 Installing Nginx from the Source................................................................................................................................. 101.4.3 Installing Nginx by Using an RPM Package Obtained from a Mirror Site.....................................................121.4.4 Installing Nginx by Using the Yum Source Obtained from a Mirror Site.......................................................131.4.5 Installing Nginx by Using a Script............................................................................................................................... 141.5 Running and Verifying Nginx............................................................................................................................................171.5.1 Generating a Certificate.................................................................................................................................................. 171.5.2 Configuring Functions...................................................................................................................................................... 181.5.3 Running Nginx.................................................................................................................................................................... 211.5.4 Verifying Nginx................................................................................................................................................................... 221.6 Uninstalling Nginx................................................................................................................................................................ 23

2 Apache 2.4.39 Porting Guide.............................................................................................. 242.1 Introduction............................................................................................................................................................................ 242.2 Environment Requirements............................................................................................................................................... 242.3 Configuring the Installation Environment.................................................................................................................... 252.3.1 Configuring a Network Proxy........................................................................................................................................ 252.3.2 Configuring the Yum Source..........................................................................................................................................262.3.3 Installing Dependencies.................................................................................................................................................. 282.4 Installing Apache...................................................................................................................................................................282.4.1 Installation Modes.............................................................................................................................................................282.4.2 Installing Apache by Compiling the Source Code.................................................................................................. 292.4.3 Installing Apache by Using an RPM Package Obtained from a Mirror Site..................................................302.4.4 Installing Apache by Using the Yum Source Obtained from a Mirror Site....................................................31

Kunpeng BoostKit for WebPorting Guide (Web Middleware) Contents

Issue 13 (2021-07-15) Copyright © Huawei Technologies Co., Ltd. ii

2.4.5 Installing Apache by Using a Script............................................................................................................................ 322.5 Running and Verifying Apache.........................................................................................................................................342.5.1 Parameter Configuration................................................................................................................................................ 342.5.2 Starting Apache..................................................................................................................................................................352.5.3 Verifying Apache................................................................................................................................................................ 352.6 Uninstalling Apache............................................................................................................................................................. 35

3 Tengine 2.2.2 Porting Guide................................................................................................373.1 Introduction............................................................................................................................................................................ 373.2 Environment Requirements............................................................................................................................................... 383.3 Configuring the Installation Environment.................................................................................................................... 393.3.1 Configuring a Network Proxy........................................................................................................................................ 393.3.2 Configuring the Yum Source..........................................................................................................................................393.3.3 Installing Dependencies.................................................................................................................................................. 413.3.4 Upgrading OpenSSL......................................................................................................................................................... 413.3.5 Disabling the Firewall...................................................................................................................................................... 453.4 Installing Tengine.................................................................................................................................................................. 453.4.1 Installation Modes.............................................................................................................................................................453.4.2 Installing Tengine by Compiling the Source Code................................................................................................. 463.4.3 Installing Tengine by Using an RPM Package Obtained from a Mirror Site.................................................473.4.4 Installing Tengine by Using the Yum Source Obtained from a Mirror Site...................................................483.4.5 Installing Tengine by Using a Script............................................................................................................................493.5 Running and Verifying Tengine........................................................................................................................................ 523.5.1 Generating a Certificate.................................................................................................................................................. 523.5.2 Configuring Functions...................................................................................................................................................... 533.5.3 Running Tengine................................................................................................................................................................ 553.5.4 Verifying Tengine............................................................................................................................................................... 563.6 Uninstalling Tengine............................................................................................................................................................ 583.7 Troubleshooting..................................................................................................................................................................... 583.7.1 Error with src/core/ngx_murmurhash.c......................................................................................................................593.7.2 Error with src/os/unix/ngx_user.c................................................................................................................................. 59

4 Memcached 1.5.12 Porting Guide......................................................................................614.1 Introduction............................................................................................................................................................................ 614.2 Environment Requirements............................................................................................................................................... 614.3 Configuring the Installation Environment.................................................................................................................... 624.3.1 Configuring a Network Proxy........................................................................................................................................ 624.3.2 Configuring the Yum Source..........................................................................................................................................634.3.3 Installing the Dependencies...........................................................................................................................................654.4 Installing Memcached......................................................................................................................................................... 654.5 Running and Verifying Memcached............................................................................................................................... 66

5 Squid 4.8 Porting Guide....................................................................................................... 695.1 Introduction............................................................................................................................................................................ 69


Issue 13 (2021-07-15) Copyright © Huawei Technologies Co., Ltd. iii

5.2 Environment Requirements............................................................................................................................................... 705.3 Configuring the Installation Environment.................................................................................................................... 705.3.1 Configuring a Network Proxy........................................................................................................................................ 715.3.2 Configuring the Yum Source..........................................................................................................................................715.3.3 Installing Dependencies.................................................................................................................................................. 735.4 Installing Squid...................................................................................................................................................................... 735.4.1 Installation Modes.............................................................................................................................................................735.4.2 Installing Squid by Compiling the Source Code...................................................................................................... 745.4.3 Installing Squid by Using an RPM Package Obtained from a Mirror Site..................................................... 755.4.4 Installing Squid by Using the Yum Source Obtained from a Mirror Site....................................................... 765.4.5 Installing Squid by Using a Script................................................................................................................................ 775.5 Running and Verifying Squid............................................................................................................................................ 80

6 Varnish 6.2.0 Porting Guide................................................................................................ 816.1 Introduction............................................................................................................................................................................ 816.2 Environment Requirements............................................................................................................................................... 816.3 Configuring the Compilation Environment.................................................................................................................. 826.3.1 Configuring a Network Proxy........................................................................................................................................ 826.3.2 Configuring the Yum Source..........................................................................................................................................836.3.3 Installing Dependencies.................................................................................................................................................. 856.3.4 Disabling the Firewall...................................................................................................................................................... 866.4 Installing Varnish.................................................................................................................................................................. 866.4.1 Installation Modes.............................................................................................................................................................866.4.2 Installing Varnish from the Source Code...................................................................................................................876.4.3 Installing Varnish by Using an RPM Package Obtained from a Mirror Site................................................. 886.4.4 Installing Varnish by Using the Yum Source Obtained from a Mirror Site................................................... 896.4.5 Installing Varnish by Using a Script............................................................................................................................ 896.5 Running and Verifying Varnish........................................................................................................................................ 92

7 HAProxy 1.9.0 Porting Guide.............................................................................................. 947.1 Introduction............................................................................................................................................................................ 947.2 Environment Requirements............................................................................................................................................... 957.3 Configuring the Installation Environment.................................................................................................................... 967.3.1 Configuring a Network Proxy........................................................................................................................................ 967.3.2 Configuring the Yum Source..........................................................................................................................................967.4 Installing HAProxy................................................................................................................................................................ 987.4.1 Installation Methods........................................................................................................................................................ 987.4.2 Compiling and Installing HAProxy from Source Code.......................................................................................... 997.4.3 Installing HAProxy by Using an RPM Package Obtained from a Mirror Site.............................................1007.4.4 Installing HAProxy by Using the Yum Source Obtained from a Mirror Site...............................................1017.4.5 Installing HAProxy by Using a Script........................................................................................................................1017.5 Running and Verifying HAProxy.................................................................................................................................... 1037.6 Uninstalling HAProxy........................................................................................................................................................ 106


Issue 13 (2021-07-15) Copyright © Huawei Technologies Co., Ltd. iv

8 Lighttpd 1.4.53 Porting Guide.......................................................................................... 1078.1 Introduction.......................................................................................................................................................................... 1078.2 Environment Requirements.............................................................................................................................................1088.3 Configuring the Installation Environment................................................................................................................. 1088.3.1 Configuring a Network Proxy..................................................................................................................................... 1098.3.2 Configuring the Yum Source....................................................................................................................................... 1098.3.3 Installing Dependencies................................................................................................................................................ 1118.3.4 Disabling the Firewall.................................................................................................................................................... 1118.4 Installing Lighttpd.............................................................................................................................................................. 1118.4.1 Installation Modes.......................................................................................................................................................... 1118.4.2 Installing Lighttpd by Compiling the Source Code.............................................................................................. 1128.4.3 Installing Lighttpd by Using an RPM Package Obtained from a Mirror Site............................................. 1138.4.4 Installing Lighttpd by Using the Yum Source Obtained from a Mirror Site............................................... 1148.4.5 Installing Lighttpd by Using a Script........................................................................................................................ 1158.5 Running and Verifying Lighttpd.................................................................................................................................... 1178.6 Uninstalling Lighttpd.........................................................................................................................................................119

A Change History....................................................................................................................121


Issue 13 (2021-07-15) Copyright © Huawei Technologies Co., Ltd. v

1 Nginx1.14.2 Porting Guide

1.1 Introduction

1.2 Environment Requirements

1.3 Configuring the Installation Environment

1.4 Installing Nginx

1.5 Running and Verifying Nginx

1.6 Uninstalling Nginx

1.1 Introduction

Nginx OverviewNginx is a lightweight web server that can act as a reverse proxy or mail (IMAP/POP3) proxy. It provides high level concurrency with a low memory footprint.Nginx supports FastCGI, SSL, virtual hosts, URL rewriting, gzip, and extension ofmany third-party modules.

Programming language: C

Brief description: a web server, reverse proxy server, or mail (IMAP/POP3) proxyserver

Recommended VersionNginx 1.14.2

NO TE

This document applies to Nginx 1.14.2. It also provides reference for porting of other Nginxversions.

Kunpeng BoostKit for WebPorting Guide (Web Middleware) 1 Nginx1.14.2 Porting Guide

Issue 13 (2021-07-15) Copyright © Huawei Technologies Co., Ltd. 1


Hardware RequirementsTable 1-1 lists the hardware requirements.

Table 1-1 Hardware requirements

Item Description

Server TaiShan 200 server (model 2280)

CPU Huawei Kunpeng 920 5250 processor

Memory No specific requirements

Storage No specific requirements

Drive partition No specific requirements

Network Connected to the Internet

OS RequirementsTable 1-2 lists the OS requirements.

Table 1-2 OS requirements

Item Version Description

CentOS 7.6 for aarch64Kernel: 4.14.0-115.el7a.0.1.aarch64

Run the lscpu command to viewthe CPU information.Run the cat /etc/*releasecommand to view the systemversion.Run the uname -r command toview the kernel version.Run the uname -a command toview the environment information.

openEuler 20.03 (LTS-SP1) foraarch64Kernel:4.19.90-2012.4.0.0053.oe1.aarch64

NO TE

When installing an OS, choose Minimal Install and select Development Tools to minimizemanual operations.




1.3.1 Configuring a Network ProxyNO TE

If you cannot directly access the Internet, configure a network proxy.

Step 1 Modify the profile file.

1. Open the /etc/profile file.vi /etc/profile

2. Add the following content to the /etc/profile file based on site requirements.export http_proxy="http://Username:Password@Proxy IP address:proxy port"export https_proxy=$http_proxyexport no_proxy=127.0.0.1,.huawei.com,localhost,local,.local

3. Make the proxy take effect.source /etc/profile

Step 2 Check that the Internet connection is normal.curl www.baidu.com

----End

1.3.2 Configuring the Yum SourceNO TE

If you have access to the Internet, see Configuring a Yum Source from the Internet.If you do not have access to the Internet, see Configuring a Local Yum Source.

Configuring a Yum Source from the Internet

Step 1 View the Yum source.

Check for the Yum source. If it is available, go to Step 5.ls /etc/yum.repos.d/

Step 2 Back up the Yum source.cd /etc/yum.repos.dmkdir bakmv *.repo bak

Step 3 Configure the Yum source.● CentOS:

wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.huaweicloud.com/repository/conf/CentOS-AltArch-7.repo

● openEuler:wget -O /etc/yum.repos.d/openEulerOS.repo https://repo.huaweicloud.com/repository/conf/openeuler_aarch64.repo

Step 4 View the Yum source.● CentOS:

ls /etc/yum.repos.d/cat /etc/yum.repos.d/CentOS-Base.repo

● openEuler:ls /etc/yum.repos.d/cat /etc/yum.repos.d/openEulerOS.repo

Step 5 Make the Yum source take effect.



yum clean allyum makecacheyum list

----End

Configuring a Local Yum Source

Step 1 Mount the OS image file.

Method 1:

1. Upload the OS image file to the /root directory.2. Mount the OS image file to the /mnt directory.

– CentOS:mount /root/CentOS-7-aarch64-Everything-1810.iso /mnt

– openEuler:mount /root/openEuler-20.03-LTS-SP1-everything-aarch64-dvd.iso /mnt

NO TE

Rename the ISO file based on the site requirements. The renaming operationtakes effect only once and becomes invalid after a system restart. You canperform the following operations for the image file to be automatically mountedupon system startup.

1. Open the fstab file.vi /etc/fstab

2. Add the following content to the end of the fstab file.

○ CentOS:/root/CentOS-7-aarch64-Everything-1810.iso /mnt iso9660 loop 0 0

○ openEuler:/root/openEuler-20.03-LTS-SP1-everything-aarch64-dvd.iso /mnt iso9660 loop 0 0

3. Save and exit the fstab file.

Method 2:

1. Use a browser to log in to the BMC and use the KVM to load the OS imagefile.

2. Check the device symbol corresponding to the OS image.ls /dev/sr*

3. Mount the OS image file to the /mnt directory.mount /dev/sr0 /mntdf -h | grep /mntls /mnt/

NO TE

Ensure that /dev/sr0 is the same as the device symbol displayed in Step 1.2.


Step 3 Configure the local Yum source.

1. Go to the /etc/yum.repos.d directory.cd /etc/yum.repos.d



2. Create a local.repo file.

a. Open the local.repo file.vi local.repo

b. Add the following information to the local.repo file.[local]name=local.repobaseurl=file:///mntenabled=1gpgcheck=0

NO TE

The file path in baseurl is the image mount path, which is the /mnt directory inStep 1.

c. Save the local.repo file and exit.d. View the local.repo file.

cat local.repo

Step 4 Make the Yum source take effect.yum clean allyum makecacheyum list

----End

1.3.3 Installing Dependencies● CentOS:

yum install gcc gcc-c++ make libtool zlib zlib-devel pcre pcre-devel perl-devel perl-ExtUtils-Embed perl-WWW-Curl wget -y

● openEuler:yum install gcc gcc-c++ make libtool zlib zlib-devel pcre pcre-devel perl-devel perl-ExtUtils-Embed openssl openssl-devel net-tools* wget -y

1.3.4 Upgrading OpenSSLNO TE

The OpenSSL version must be 1.1.1a or later.● The OpenSSL version provided by CentOS is 1.0.2k-fips. This document uses an upgrade

to 1.1.1a as an example.● If Nginx is installed through installation from source code, choose Installation

from Source Code to upgrade OpenSSL.● If Nginx is installed through installation from the mirror site, choose Installing the

RPM Package to upgrade OpenSSL.● If the OpenSSL version provided by openEuler is 1.1.1f, you do not need to upgrade

OpenSSL. Skip this section.

Installation from Source Code

Step 1 Obtain the OpenSSL source code.

1. Download the OpenSSL source code package using the local browser.Download address: https://codeload.github.com/openssl/openssl/tar.gz/OpenSSL_1_1_1a

2. Upload the source code package to the /home directory on the server.



https://codeload.github.com/openssl/openssl/tar.gz/OpenSSL_1_1_1a


NO TE

If the server is connected to the Internet, you can run the wget command on theserver to download the source code.1. Go to the /home directory and download the source code package.

cd /homewget https://codeload.github.com/openssl/openssl/tar.gz/OpenSSL_1_1_1a --no-check-certificate

2. Rename the downloaded source code package. (The name of the OpenSSL sourcecode package downloaded using a local browser is different from that downloadedusing the wget command. In this section, the OpenSSL source code package isobtained by using a local browser. If you obtain it using the wget command,rename the downloaded source code package.)mv OpenSSL_1_1_1a openssl-OpenSSL_1_1_1a.tar.gz

Step 2 Decompress the OpenSSL source code package.tar -xvf openssl-OpenSSL_1_1_1a.tar.gz

Step 3 Go to the openssl-OpenSSL_1_1_1a directory and run the ls command to querythe files in the directory.cd openssl-OpenSSL_1_1_1a/ls

Step 4 Configure OpenSSL../config



Step 5 Perform the compilation and installation.make -j60 && make -j60 install

NO TE

-j60: Make full use of multi-core CPUs to accelerate compilation.

You can run the lscpu command to query the number of CPU cores.

Step 6 Configure the ld.so.conf file.echo "/usr/local/lib/" >> /etc/ld.so.confldconfig -v

Step 7 Make OpenSSL take effect.

1. Add OpenSSL to the environment variables.echo export PATH=/usr/local/bin:\$PATH >> /etc/profile

2. Make the environment variables take effect.source /etc/profile

Step 8 View the OpenSSL version.● Method 1:

hash -ropenssl version

● Method 2:hash -rwhich openssl/usr/local/bin/openssl version

Step 9 View the OpenSSL installation directory (OPENSSLDIR).openssl version -a

----End



NO TE

To uninstall OpenSSL that is installed using the source code, use either of the followingmethods:● Method 1:

cd /home/openssl-OpenSSL_1_1_1amake uninstallhash -ropenssl versionopenssl version -a

● Method 2:openssl version -arm -rf /usr/local/sslrm -rf /usr/local/lib/engines-1.1rm -rf /usr/local/bin/opensslhash -ropenssl versionopenssl version -a

Installing the RPM Package

Step 1 Obtain the OpenSSL RPM package.

1. Download the RPM package using a local browser.Download address:https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/openssl-libs-1.1.1a-3.el7.aarch64.rpmhttps://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/openssl-1.1.1a-3.el7.aarch64.rpmhttps://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/openssl-devel-1.1.1a-3.el7.aarch64.rpm

2. Copy the RPM package to the /home directory on the server.

NO TE

If the server is connected to the Internet, you can run the wget command on theserver to download the RPM package.cd /homewget https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/openssl-libs-1.1.1a-3.el7.aarch64.rpm --no-check-certificatewget https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/openssl-1.1.1a-3.el7.aarch64.rpm --no-check-certificatewget https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/openssl-devel-1.1.1a-3.el7.aarch64.rpm --no-check-certificate

Step 2 Install OpenSSL.rpm -ivh openssl-libs-1.1.1a-3.el7.aarch64.rpm openssl-1.1.1a-3.el7.aarch64.rpm openssl-devel-1.1.1a-3.el7.aarch64.rpm --force --nodeps


Step 4 Make OpenSSL take effect.echo export PATH=/usr/local/bin:\$PATH >> /etc/profilesource /etc/profile



https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/openssl-libs-1.1.1a-3.el7.aarch64.rpm


https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/openssl-1.1.1a-3.el7.aarch64.rpm


https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/openssl-devel-1.1.1a-3.el7.aarch64.rpm


Step 5 View the OpenSSL version.

Method 1:hash -ropenssl version

Method 2:

hash -rwhich openssl/usr/local/bin/openssl version


----End

NO TE

To uninstall OpenSSL that is installed using the RPM package, run the following commands:rpm -qa | grep opensslrpm -e --nodeps openssl-devel-1.1.1a openssl-1.1.1a openssl-libs-1.1.1arpm -qa | grep opensslhash -ropenssl versionopenssl version -a

1.3.5 Disabling the FirewallNO TE

In the test environment, the firewall is disabled to avoid network impact. Configure thefirewall based on the actual requirements.

Step 1 Stop the firewall service.systemctl stop firewalld.service

Step 2 Disable the firewall.systemctl disable firewalld.service

NO TE

Once disabled, the firewall will not start upon OS reboot.

Step 3 Check the firewall.systemctl status firewalld.service

----End

1.4 Installing Nginx

1.4.1 Installation ModesTable 1-3 describes the four installation modes. Choose one based on your siterequirements.



Table 1-3 Installation modes

InstallationMode

Description Remarks

1.4.2 InstallingNginx fromthe Source

Install Nginx from the source code. You need to manuallydownload the sourcecode.

1.4.3 InstallingNginx byUsing an RPMPackageObtained froma Mirror Site

Download the RPM package froma mirror site and install the RPMpackage.

You need to manuallydownload the RPMpackage from a mirrorsite.

1.4.4 InstallingNginx byUsing the YumSourceObtained froma Mirror Site

Configure the network source ofthe mirror site to enable the RPMpackage to be downloaded andinstalled on a server directly. Theserver must be able to access theInternet.

The RPM package isautomaticallydownloaded from amirror site and installedon the server.

4.5-InstallingNginx byUsing a Script(recommended)

Run a script to implementautomatic compilation,deployment, and performancetuning.

Use a script to performone-click compilation,deployment, andperformance tuning.

1.4.2 Installing Nginx from the SourceStep 1 Obtain the Nginx source code.

1. Download the source code package using the local browser.Download address: https://nginx.org/download/nginx-1.14.2.tar.gz


NO TE

If the server is connected to the network, run the wget command to download thesource code.cd /homewget https://nginx.org/download/nginx-1.14.2.tar.gz --no-check-certificate

Step 2 Decompress the Nginx installation package.tar -xvf nginx-1.14.2.tar.gz

Step 3 Go to the nginx-1.14.2 directory.cd nginx-1.14.2/

Step 4 Configure Nginx.● CentOS:

./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --



https://nginx.org/download/nginx-1.14.2.tar.gz

with-http_gzip_static_module --with-http_perl_module --with-pcre --with-openssl=/home/openssl-OpenSSL_1_1_1a

● openEuler:./configure --prefix=/usr/local/nginx --with-http_ssl_module

Table 1-4 describes the parameters.

Table 1-4 Parameter description

Parameter Description

--prefix=PATH Specifies the Nginx installationdirectory. The default installationdirectory is /usr/local/nginx.

--with-http_ssl_module Uses the HTTPS module. By default,this module is not built. If you want touse the HTTPS module, ensure thatOpenSSL and openssl-devel have beeninstalled.

--with-http_realip_module Changes the client IP address (forexample, X-Real-IP or X-Forwarded-For) in the client request header toenable the back-end server to recordthe original client IP address.

--with-http_addition_module Adds text content before or after aresponse.

--with-http_flv_module Loads the streaming media (flash).

--with-http_mp4_module Loads the streaming media (mp4).

--with-pcre Sets the source code path of the PerlCompatible Regular Expressions(PCRE) library. If Nginx is installed byusing the yum command, run --with-pcre to locate the library file. If --with-pcre=PATH is used, you need todownload the PCRE library source code(version 4.4-8.30) from the PCREwebsite and decompress it. The Perlregular expressions are used in thelocation instruction andngx_http_rewrite_module module.

--with-openssl=PATH Specifies the directory where theOpenSSL (version 1.1.1a) source codeis decompressed.

--with-zlib=PATH Specifies the directory where the zlib(version 1.1.3-1.2.5) source code isdecompressed. zlib is used by thengx_http_gzip_module that is enabledby default.




--with-http_stub_status_module Monitors the Nginx status.The with-http_stub_status_modulemodule does not need to beconfigured because it affects the Nginxperformance.

--add-module=PATH Adds a third-party module, forexample, the nginx-sticky-module-ngor cache module. Recompilation isrequired each time a new module isadded. (Tengine does not need to berecompiled when a new module isadded.)

Step 5 Compile and install Nginx.make -j60 && make install

NO TE

-j60: Make full use of multi-core CPU to accelerate compilation.You can run the lscpu command to query the number of CPU cores.

Step 6 Query the installation directory.ls /usr/local/nginx

Step 7 View the version./usr/local/nginx/sbin/nginx -v

----End

1.4.3 Installing Nginx by Using an RPM Package Obtainedfrom a Mirror Site

NO TE

The binary packages available at the Kunpeng mirror site are compiled based on the opensource code, and do not involve vulnerability or bug fixes.When using open source software, comply with the applicable license agreements.openEuler does not support such an RPM package installation method.

Step 1 Obtain the Nginx RPM package.

1. Download the RPM package using a local browser.URL: https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/nginx-1.14.2-1.el7_4.aarch64.rpm




https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/nginx-1.14.2-1.el7_4.aarch64.rpm

https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/nginx-1.14.2-1.el7_4.aarch64.rpm

NO TE

If the server is connected to the Internet, you can run the wget command on theserver to download the RPM package.cd /homewget https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/nginx-1.14.2-1.el7_4.aarch64.rpm --no-check-certificate

Step 2 Install Nginx.rpm -ivh nginx-1.14.2-1.el7_4.aarch64.rpm



----End

1.4.4 Installing Nginx by Using the Yum Source Obtained froma Mirror Site

NO TE

The binary packages available at the Kunpeng mirror site are compiled based on the opensource code, and do not involve vulnerability or bug fixes.When using open source software, comply with the applicable license agreements.openEuler does not support such a Yum source installation method.


Step 2 Configure the network source.


2. Create the rpm.repo file.

a. Create a file named rpm.repo.vi rpm.repo

b. Add the following information to the rpm.repo file.[rpm]name=rpmbaseurl=https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/gpgcheck=0enabled=1

NO TE

Set baseurl to the address of the mirror site.

c. Save and close the rpm.repo file.

Step 3 Make the network source take effect.yum clean allyum makecacheyum list



Step 4 Install Nginx using the Yum source.yum -y install nginx-1.14.2-1.el7_4.aarch64 --enablerepo=rpm



----End

1.4.5 Installing Nginx by Using a ScriptStep 1 Obtain the script used to deploy Nginx.

1. Download the script package using the local browser.Download address: https://mirrors.huaweicloud.com/kunpeng/archive/kunpeng_solution/web/Scripts/nginx_automation.tar.gz

2. Upload the script to the /home directory.

NO TE

If the server is connected to the Internet, you can run the wget command on theserver to download the script package.cd /home/wget https://mirrors.huaweicloud.com/kunpeng/archive/kunpeng_solution/web/Scripts/nginx_automation.tar.gz --no-check-certificate

Step 2 Decompress the script package.tar -xzvf nginx_automation.tar.gz

Step 3 Go to the nginx_automation directory and run the ls command to query the filesin the directory.cd nginx_automation



https://mirrors.huaweicloud.com/kunpeng/archive/kunpeng_solution/web/Scripts/nginx_automation.tar.gz

https://mirrors.huaweicloud.com/kunpeng/archive/kunpeng_solution/web/Scripts/nginx_automation.tar.gz

ll

Table 1-5 describes the script package.

Table 1-5 Script package

Folder or File Description

deps directory Directory used for compilation and installation.NOTE

The installer script obtains the OpenSSL and Nginxsource code using the wget command. If the servercannot access the Internet, download the sourcecode (see 1.4.2 Installing Nginx from the Source)and save the source code to this directory.

scripts directory Directory in which the general tuning script,Nginx configuration optimization script, andthe script for binding NIC interrupts to coresare stored.

install.sh Script used to implement one-clickcompilation, deployment, and tuning of Nginx.

rollback.sh Script used to roll back all operationsperformed by install.sh.

startNginx.sh Script for starting the Nginx instance.

Step 4 Configure the network ports in the environment.

1. Modify the install.sh file.vi install.sh

2. Set the network port names in eth0, eth1, eth2, and eth3.3. Set sense based on actual situation.4. Save and close the install.sh script.

Step 5 Run the install.sh script. After the script is executed, restart the server for thesettings to take effect.sh install.sh



NO TE

The settings about the binding between NIC interrupts and CPU cores will be invalid afterthe server is restarted. Therefore, add the settings in the /etc/profile file, which enables thecommand for binding NIC interrupts to cores to run each time the server restarts.

Step 6 Run the startNginx.sh script to start Nginx.sh startNginx.sh

Step 7 Check the Nginx process.ps -ef | grep nginx



NO TE

● After this step is performed, you can skip Running Nginx and 1.5.4 Verifying Nginx.

● To roll back the deployment, run the rollback.sh script and restart the device.sh rollback.sh

----End

1.5 Running and Verifying Nginx

1.5.1 Generating a Certificate

NO TE

The digital certificate generated is a local security certificate generated by OpenSSL. Thiscertificate is used only for device commissioning. When the device is put into commercialuse, you need to replace it with a commercial security certificate issued by a formalCertificate Authority (CA).

Step 1 Go to the /usr/local/nginx directory and generate a private key.cd /usr/local/nginxopenssl genrsa -des3 -out server_2048.key 2048

Enter a password twice. The server_2048.key file is generated.

You can run the following command to enable the file to be used without apassword:

openssl rsa -in server_2048.key -out server_2048.key

Step 2 Create a certificate signing request (CSR).openssl req -new -key server_2048.key -out server_2048.csr



Enter the password you set in step Step 1. (If the file is set to be used without apassword, you do not need to enter the password.) Set Country Name to CN, andpress Enter.

Step 3 Rewrite the key.openssl rsa -in server_2048.key -out server_2048.key

Enter the password you set in Step 1. If password-free access is enabled for thefile, you do not need to enter the password.

Step 4 Generate a certificate.openssl x509 -req -days 365 -in server_2048.csr -signkey server_2048.key -out server_2048.crt

----End

1.5.2 Configuring Functions

Configuring HTTPS

Step 1 Run the following command to open the nginx.conf file:vi /usr/local/nginx/conf/nginx.conf

Step 2 Edit the file as follows. Save the file and exit.● Change #user nobody; to user root;.● Delete all number signs (#) from the # HTTPS server module.● In the # HTTPS server module, change listen 443 ssl; to listen 20000 ssl;.● In the # HTTPS server module, change ssl_certificate cert.pem; to

ssl_certificate /usr/local/nginx/server_2048.crt;.● In the # HTTPS server module, change ssl_certificate_key cert.key; to

ssl_certificate_key /usr/local/nginx/server_2048.key;.

File before modification:



#user nobody;...# HTTPS server # #server { # listen 443 ssl; # server_name localhost;

# ssl_certificate cert.pem; # ssl_certificate_key cert.key;

# ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m;

# ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on;

# location / { # root html; # index index.html index.htm; # } #}

File after modification:

user root;...# HTTPS server # server { listen 20000 ssl; server_name localhost; ssl_certificate /usr/local/nginx/server_2048.crt; ssl_certificate_key /usr/local/nginx/server_2048.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { root html; index index.html index.htm; } }

----End

Configuring HTTP

Step 1 Run the following command to open the nginx.conf file:vi /usr/local/nginx/conf/nginx.conf

Step 2 Edit the file as follows. Save the file and exit.● Change #user nobody; to user root;.● In the http module, change listen 80; to listen 10000;.


#user nobody;...

http { include mime.types; default_type application/octet-stream;

#log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" '



# '"$http_user_agent" "$http_x_forwarded_for"';

#access_log logs/access.log main;

sendfile on; #tcp_nopush on;

#keepalive_timeout 0; keepalive_timeout 65;

#gzip on;

server { listen 80; server_name localhost;

#charset koi8-r;

#access_log logs/host.access.log main;

location / { root html; index index.html index.htm; } }}


user root;...http { include mime.types; default_type application/octet-stream;

#log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"';




#gzip on;


#charset koi8-r;


location / { root html; index index.html index.htm; } }}...

----End



1.5.3 Running NginxStep 1 Start Nginx using either of the following methods:

Method 1: Start Nginx using a script./usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf

Method 2: Start Nginx as a service (add Nginx to the Service list, and then startthe service using a command).

1. Edit the /etc/init.d/nginx file.rm -rf /etc/init.d/nginxvi /etc/init.d/nginx

Add the following information, save the file, and exit:#!/bin/bash# chkconfig: 2345 10 90# description: nginxcase "$1" in 'start') /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf echo "$0_start"; ;; 'stop') /usr/local/nginx/sbin/nginx -s quit echo "$0_stop"; ;;esac

2. Modify the permission on the /etc/init.d/nginx file.chmod 777 /etc/init.d/nginxll /etc/init.d/nginx

3. Add Nginx to the chkconfig management list.chkconfig --add /etc/init.d/nginx

4. Enable Nginx to automatically start upon OS startup.chkconfig nginx on

5. Start Nginx.service nginx start


NO TE

You can stop Nginx using one of the following methods. Stopping Nginx interrupts services.Exercise caution when performing this operation.

● Method 1: Stop Nginx using a script./usr/local/nginx/sbin/nginx -s quit

● Method 2: Stop Nginx using a process.pkill nginx

● Method 3: Stop Nginx as a service.service nginx stop

----End



1.5.4 Verifying NginxStep 1 Check the Nginx listen port. (20000 is the HTTPS listen port and 10000 is the

HTTP listen port.)netstat -anpt | grep 10000netstat -anpt | grep 20000netstat -anpt

Step 2 View the Nginx HTML file.ll /usr/local/nginx/html/

Step 3 Verify the HTTPS function.

Access the Nginx HTML page using the curl command.

curl -k https://127.0.0.1:20000/index.html

If "Welcome to nginx" is displayed, the HTTPS function is configured successfully.

Step 4 Verify the HTTP function.

Access the Nginx HTML page using the curl command.

curl http://127.0.0.1:10000/index.html



If "Welcome to nginx" is displayed, the HTTP function is configured successfully.

----End

1.6 Uninstalling Nginx

Uninstalling Nginx (Installed by Compiling the Source)

Step 1 During source code compilation and installation, only the corresponding files aregenerated. Therefore, you can directly delete the corresponding directories.rm -rf /usr/local/nginxls /usr/local/nginx

----End

Uninstalling Nginx (Installed from the Mirror Site)

Step 1 Uninstall Nginx.rpm -qa | grep nginxrpm -e --nodeps nginx-1.14.2

Step 2 If no information is displayed, the uninstallation is complete.rpm -qa | grep nginx

Step 3 Delete the installation directory.rm -rf /usr/local/nginxls /usr/local/nginx

----End



2 Apache 2.4.39 Porting Guide

2.1 Introduction



2.4 Installing Apache

2.5 Running and Verifying Apache

2.6 Uninstalling Apache

2.1 Introduction

Apache Overview

Apache HTTP Server (Apache for short) is an open-source web page server of theApache Software Foundation. It can run on a majority of operating systems (OSs)and is widely used due to its multiple platforms and high security, known as oneof the most popular web server software programs. It is fast and reliable, and canbe extended using simple APIs to compile interpreters such as Perl and Python tothe server.


Brief description: web server

Recommended Version

Apache httpd 2.4.39 or later


Hardware Requirements

Table 2-1 lists the hardware requirements.

Kunpeng BoostKit for WebPorting Guide (Web Middleware) 2 Apache 2.4.39 Porting Guide



Item Description







OS Requirements

Table 2-2 lists the OS requirements.






NO TE












----End

2.3.2 Configuring the Yum Source

NO TE

If you have access to the Internet, see Configuring a Yum Source from the Internet.

If you do not have access to the Internet, see Configuring a Local Yum Source.





Step 3 Configure the Yum source.

● CentOS:wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.huaweicloud.com/repository/conf/CentOS-AltArch-7.repo



● CentOS:ls /etc/yum.repos.d/cat /etc/yum.repos.d/CentOS-Base.repo



----End





Method 1:




NO TE

Rename the ISO file based on the site requirements. The renaming operationtakes effect only once and becomes invalid after a system restart. You canperform the following operations for the image file to be automatically mountedupon system startup.1. Open the fstab file.

vi /etc/fstab





Method 2:




NO TE







b. Add the following information to the local.repo file.[local]name=local.repo



baseurl=file:///mntenabled=1gpgcheck=0

NO TE


c. Save the local.repo file and exit.

d. View the local.repo file.cat local.repo


----End

2.3.3 Installing Dependenciesyum -y install gcc gcc-c++ make libtool zlib zlib-devel openssl openssl-devel pcre* apr*

2.4 Installing Apache

2.4.1 Installation ModesTable 2-3 describes the four installation modes. Choose one based on your siterequirements.


InstallationMethod

Description Remarks

2.4.2 InstallingApache byCompiling theSource Code

Install Apache from the sourcecode.

You need to manuallydownload the sourcecode.

2.4.3 InstallingApache byUsing an RPMPackageObtained froma Mirror Site

Download the RPM package froma mirror site and install it.

Manually download theRPM package from amirror site.

2.4.4 InstallingApache byUsing the YumSourceObtained froma Mirror Site


Configure the networksource and automaticallydownload the RPMpackage from a mirrorsite.



InstallationMethod

Description Remarks

2.4.5 InstallingApache byUsing a Script(recommended)

Run a script to implement one-click compilation, deployment, andtuning.

Run a script toimplement one-clickcompilation,deployment, and tuning.

2.4.2 Installing Apache by Compiling the Source CodeStep 1 Obtain the Apache source code.

1. Download the source code from the local browser.

Download address: https://archive.apache.org/dist/httpd/httpd-2.4.39.tar.bz2

2. Upload the source package to the /home directory on the server.

NO TE

If the server is connected to the Internet, run the wget command to download thesource code.cd /homewget https://archive.apache.org/dist/httpd/httpd-2.4.39.tar.bz2 --no-check-certificate

Step 2 Decompress the Apache installation package.cd /home/tar -xvf httpd-2.4.39.tar.bz2

Step 3 Go to the httpd-2.4.39 directory and view files in it.cd /home/httpd-2.4.39/ls

Step 4 Configure Apache../configure --build=arm --prefix=/usr/local/apache2 --enable-so --with-mpm=worker



https://archive.apache.org/dist/httpd/httpd-2.4.39.tar.bz2

https://archive.apache.org/dist/httpd/httpd-2.4.39.tar.bz2

NO TE

● --prefix=PATH: specifies the Apache installation directory.● --with-mpm=worker: specifies the Apache working mode.

Step 5 Perform compilation.make -j60

-j60 leverages the multi-core CPUs to speed up the compilation.

Step 6 Start the installation.make install

Step 7 View the installation directory.ls /usr/local/apache2

Step 8 View the version./usr/local/apache2/bin/apachectl -v

----End

2.4.3 Installing Apache by Using an RPM Package Obtainedfrom a Mirror Site

NO TE


Step 1 Obtain the Apache RPM package.

1. Download the RPM package using the local browser.URL: https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/httpd-2.4.39-3.el7.aarch64.rpm



https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/httpd-2.4.39-3.el7.aarch64.rpm

https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/httpd-2.4.39-3.el7.aarch64.rpm


NO TE

If the server can access the Internet, you can run the wget command on the server todownload the RPM package.cd /homewget https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/httpd-2.4.39-3.el7.aarch64.rpm --no-check-certificate

Step 2 Install Apache.cd /homerpm -ivh httpd-2.4.39-3.el7.aarch64.rpmrpm -qa | grep httpd



----End

2.4.4 Installing Apache by Using the Yum Source Obtainedfrom a Mirror Site

NO TE

The binary packages available at the Kunpeng mirror site are compiled based on the opensource code, and do not involve vulnerability or bug fixes.

When using open source software, comply with the applicable license agreements.

openEuler does not support such a Yum source installation method.





a. Create the rpm.repo file.vi rpm.repo

b. Add the following information to the rpm.repo file:[rpm]name=rpmbaseurl=https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/gpgcheck=0enabled=1



Step 4 Install Apache using the Yum source.yum -y install httpd-2.4.39-3.el7.aarch64



The installed Apache is in the /usr/local/apache2 directory.



----End

2.4.5 Installing Apache by Using a ScriptStep 1 Obtain the Apache script package.

1. Download the script package using the local browser.Download address: https://mirrors.huaweicloud.com/kunpeng/archive/kunpeng_solution/web/Scripts/apache_automation.tar.gz

2. Save the script package to the /home directory.

NO TE

If the server can access the Internet, you can run the wget command on the server todownload the script package.cd /homewget https://mirrors.huaweicloud.com/kunpeng/archive/kunpeng_solution/web/Scripts/apache_automation.tar.gz --no-check-certificate

Step 2 Decompress the script package.cd /home/tar -xzvf apache_automation.tar.gz

Step 3 Go to the apache_automation directory and run the ll command to view the filesin the directory.cd apache_automationll



https://mirrors.huaweicloud.com/kunpeng/archive/kunpeng_solution/web/Scripts/apache_automation.tar.gz

https://mirrors.huaweicloud.com/kunpeng/archive/kunpeng_solution/web/Scripts/apache_automation.tar.gz


Table 2-4 Overall script directory structure

Directory Description

deps Directory used for compilation and installation.NOTE

The installation script first obtains the Apachesource code using the wget command. If the serveris not connected to the Internet, download theApache source code (see 2.4.2 Installing Apache byCompiling the Source Code) and save the sourcecode to this directory.

scripts Optimization script directory, which containscommon optimization scripts.

install.sh Script used to compile, deploy, and tuneApache.

rollback.sh Rollback script, which is used to roll back alloperations of the script.

Step 4 Run the install.sh script. After the script is executed, restart the device for theoptimization to take effect.sh install.sh

If the environment needs to be rolled back or the deployment using a script fails,run the rollback script to roll back the script operation and restart the device.

sh rollback.sh



----End

2.5 Running and Verifying Apache

2.5.1 Parameter ConfigurationStep 1 Modify the httpd.conf file.

1. Open the file.vi /usr/local/apache2/conf/httpd.conf

2. Modify the file as follows, and save and close the file.– Line 52:

Listen 80

Modify it as follows:Listen 0.0.0.0:80

– Line 89:#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

Modify it as follows:LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

– Line 198 (the IP address and port of the server):#ServerName www.example.com:80

Modify it as follows:ServerName 192.168.1.115:80

NO TE

The IP address 192.168.1.115 is used as an example. You can run the ifconfigcommand to query the IP address of the server.

– Line 463:#Include conf/extra/httpd-mpm.conf

Modify it as follows:Include conf/extra/httpd-mpm.conf

– Line 490:#Include conf/extra/httpd-default.conf

Modify it as follows:Include conf/extra/httpd-default.conf

Step 2 Modify the httpd-default.conf file.

1. Open the file.vim /usr/local/apache2/conf/extra/httpd-default.conf

2. Line 23:MaxKeepAliveRequests 100

Modify it as follows:MaxKeepAliveRequests 0

----End



2.5.2 Starting ApacheStep 1 Start Apache.

/usr/local/apache2/bin/httpd -f /usr/local/apache2/conf/httpd.conf -k start

----End

2.5.3 Verifying ApacheStep 1 Verify Apache.

ps -ef | grep httpd

If the Apache process is displayed in the command output, Apache has beenstarted.

● (Optional) Run the following command to stop Apache. You do not need torun this command during service running./usr/local/apache2/bin/httpd -f /usr/local/apache2/conf/httpd.conf -k stop

● Uninstall Apache and query the result.– Query and uninstall Apache that is installed by using an RPM package.

rpm -qa | grep httpdrpm -e --nodeps httpd-2.4.39

– Query and uninstall Apache that is installed by compiling the sourcecode.rpm -qa | grep httpdrm -rf /usr/local/apache2

----End

2.6 Uninstalling Apache

Uninstalling HAProxy (Installed by Compiling the Source)

Step 1 During source code compilation and installation, only the corresponding files aregenerated. Therefore, you can directly delete the corresponding directories.rm -rf /usr/local/apache2ls /usr/local/apache2

----End



Installation and Uninstallation Using the Mirror Site

Step 1 Uninstall Apache.rpm -qa | grep httpdrpm -e --nodeps httpd-2.4.39-3.el7.aarch64

Step 2 If no information is displayed, Apache has been uninstalled.rpm -qa | grep httpd

Step 3 Delete the installation directory.rm -rf /usr/local/apache2ls /usr/local/apache2

----End



3 Tengine 2.2.2 Porting Guide

3.1 Introduction



3.4 Installing Tengine

3.5 Running and Verifying Tengine

3.6 Uninstalling Tengine

3.7 Troubleshooting

3.1 Introduction

Tengine OverviewTengine is a web server project initiated by Taobao. Based on Nginx, Tengineprovides many advanced functions and features to meet the requirements ofwebsites with large access traffic. It aims to build an efficient and secure webplatform.


Brief description: lightweight web server

Recommended VersionSoftware Version

Tengine 2.2.2

OpenSSL 1.1.1a

Kunpeng BoostKit for WebPorting Guide (Web Middleware) 3 Tengine 2.2.2 Porting Guide


NO TE

This document applies to Tengine 2.2.2. It also provides reference for porting of otherTengine versions.





Item Description







OS Requirements







NO TE












----End
















----End



Method 1:




NO TE







Method 2:




NO TE










NO TE



cat local.repo


----End

3.3.3 Installing Dependencies● CentOS:

yum install gcc gcc-c++ make libtool zlib zlib-devel pcre pcre-devel perl-devel perl-ExtUtils-Embed perl-WWW-Curl wget -y

● openEuler:yum install gcc gcc-c++ make libtool zlib zlib-devel pcre pcre-devel perl-devel perl-ExtUtils-Embed openssl openssl-devel net-tools* wget -y

3.3.4 Upgrading OpenSSLNO TE

The OpenSSL version must be 1.1.1a or later.● The OpenSSL version provided by CentOS is 1.0.2k-fips. This document uses an upgrade

to 1.1.1a as an example.● If Nginx is installed through installation from source code, choose Installation

from Source Code to upgrade OpenSSL.● If Nginx is installed through installation from the mirror site, choose Installing the

RPM Package to upgrade OpenSSL.● If the OpenSSL version provided by openEuler is 1.1.1f, you do not need to upgrade

OpenSSL. Skip this section.

Installation from Source Code

Step 1 Obtain the OpenSSL source code.

1. Download the OpenSSL source code package using the local browser.



Download address: https://codeload.github.com/openssl/openssl/tar.gz/OpenSSL_1_1_1a


NO TE

If the server is connected to the Internet, you can run the wget command on theserver to download the source code.1. Go to the /home directory and download the source code package.

cd /homewget https://codeload.github.com/openssl/openssl/tar.gz/OpenSSL_1_1_1a --no-check-certificate

2. Rename the downloaded source code package. (The name of the OpenSSL sourcecode package downloaded using a local browser is different from that downloadedusing the wget command. In this section, the OpenSSL source code package isobtained by using a local browser. If you obtain it using the wget command,rename the downloaded source code package.)mv OpenSSL_1_1_1a openssl-OpenSSL_1_1_1a.tar.gz

Step 2 Decompress the OpenSSL source code package.tar -xvf openssl-OpenSSL_1_1_1a.tar.gz

Step 3 Go to the openssl-OpenSSL_1_1_1a directory and run the ls command to querythe files in the directory.cd openssl-OpenSSL_1_1_1a/ls

Step 4 Configure OpenSSL../config





Step 5 Perform the compilation and installation.make -j60 && make -j60 install

NO TE

-j60: Make full use of multi-core CPUs to accelerate compilation.

You can run the lscpu command to query the number of CPU cores.


Step 7 Make OpenSSL take effect.

1. Add OpenSSL to the environment variables.echo export PATH=/usr/local/bin:\$PATH >> /etc/profile


Step 8 View the OpenSSL version.● Method 1:

hash -ropenssl version

● Method 2:hash -rwhich openssl/usr/local/bin/openssl version


----End



NO TE

To uninstall OpenSSL that is installed using the source code, use either of the followingmethods:● Method 1:

cd /home/openssl-OpenSSL_1_1_1amake uninstallhash -ropenssl versionopenssl version -a

● Method 2:openssl version -arm -rf /usr/local/sslrm -rf /usr/local/lib/engines-1.1rm -rf /usr/local/bin/opensslhash -ropenssl versionopenssl version -a

Installing the RPM Package

Step 1 Obtain the OpenSSL RPM package.

1. Download the RPM package using a local browser.Download address:https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/openssl-libs-1.1.1a-3.el7.aarch64.rpmhttps://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/openssl-1.1.1a-3.el7.aarch64.rpmhttps://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/openssl-devel-1.1.1a-3.el7.aarch64.rpm


NO TE

If the server is connected to the Internet, you can run the wget command on theserver to download the RPM package.cd /homewget https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/openssl-libs-1.1.1a-3.el7.aarch64.rpm --no-check-certificatewget https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/openssl-1.1.1a-3.el7.aarch64.rpm --no-check-certificatewget https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/openssl-devel-1.1.1a-3.el7.aarch64.rpm --no-check-certificate

Step 2 Install OpenSSL.rpm -ivh openssl-libs-1.1.1a-3.el7.aarch64.rpm openssl-1.1.1a-3.el7.aarch64.rpm openssl-devel-1.1.1a-3.el7.aarch64.rpm --force --nodeps


Step 4 Make OpenSSL take effect.echo export PATH=/usr/local/bin:\$PATH >> /etc/profilesource /etc/profile









Step 5 View the OpenSSL version.

Method 1:hash -ropenssl version

Method 2:

hash -rwhich openssl/usr/local/bin/openssl version


----End

NO TE

To uninstall OpenSSL that is installed using the RPM package, run the following commands:rpm -qa | grep opensslrpm -e --nodeps openssl-devel-1.1.1a openssl-1.1.1a openssl-libs-1.1.1arpm -qa | grep opensslhash -ropenssl versionopenssl version -a





NO TE



----End

3.4 Installing Tengine

3.4.1 Installation ModesTable lists four installation modes. Select one installation mode based on the siterequirements.




InstallationMethod

Description Remarks

3.4.2 InstallingTengine byCompiling theSource Code

Install Tengine from the sourcecode.

Manually download thesource code.

3.4.3 InstallingTengine byUsing an RPMPackageObtained froma Mirror Site



3.4.4 InstallingTengine byUsing the YumSourceObtained froma Mirror Site



InstallingTengine byUsing a Script(recommended)



3.4.2 Installing Tengine by Compiling the Source CodeStep 1 Obtain the Tengine source code.

1. Download the source code from the local browser.

Download address: https://tengine.taobao.org/download/tengine-2.2.2.tar.gz

2. Upload the source package to the /home directory on the server.

NO TE

If the server is connected to the Internet, run the wget command to download thesource code.cd /homewget https://tengine.taobao.org/download/tengine-2.2.2.tar.gz --no-check-certificate

Step 2 Decompress the Tengine installation package.tar -xzvf tengine-2.2.2.tar.gz

Step 3 Go to the tengine-2.2.2 directory.cd tengine-2.2.2

Step 4 Configure Tengine.



https://tengine.taobao.org/download/tengine-2.2.2.tar.gz

https://tengine.taobao.org/download/tengine-2.2.2.tar.gz

./configure --prefix=/usr/local/tengine-nginx --with-http_ssl_module --with-openssl-async --with-cc-opt="-DNGX_SECURE_MEM -I/usr/local/include -Wno-error=deprecated-declarations" --with-ld-opt="-Wl,-rpath=/usr/local/lib -L/usr/local/lib"

Step 5 Compile and install Tengine.make -j60 && make install

NO TE

1. If an error message is displayed stating "src/core/ngx_murmurhash.c:37:11: error: thisstatement may fall through [-Werror=implicit-fallthrough=]", see 3.7.1 Error with src/core/ngx_murmurhash.c.

2. If an error message is displayed stating "src/os/unix/ngx_user.c:36:7: error: 'structcrypt_data' has no member named 'current_salt'", see 3.7.2 Error with src/os/unix/ngx_user.c.

Step 6 View the installation directory.ll /usr/local/tengine-nginx

Step 7 View the version./usr/local/tengine-nginx/sbin/nginx -v

----End

3.4.3 Installing Tengine by Using an RPM Package Obtainedfrom a Mirror Site

NO TE



openEuler does not support such an RPM package installation method.

Step 1 Obtain the RPM package of the Tengine.

1. Download the RPM package using a local browser.

URL: https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/tengine-2.2.2-1.el7_4.ngx.aarch64.rpm




https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/tengine-2.2.2-1.el7_4.ngx.aarch64.rpm

https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/tengine-2.2.2-1.el7_4.ngx.aarch64.rpm

NO TE

If the server is connected to the Internet, you can run the wget command on theserver to download the RPM package.cd /homewget https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/tengine-2.2.2-1.el7_4.ngx.aarch64.rpm --no-check-certificate

Step 2 Install Tengine.rpm -ivh tengine-2.2.2-1.el7_4.ngx.aarch64.rpm

Step 3 View the installation directory.ls /usr/local/tengine-nginx


----End

3.4.4 Installing Tengine by Using the Yum Source Obtainedfrom a Mirror Site

NO TE







2. Create an rpm.repo file.

a. Create an rpm.repo file.vi rpm.repo


NO TE

The path specified by baseurl is the address of the mirror site.





Step 4 Install Tengine using the Yum source.yum -y install tengine-2.2.2-1.el7_4.ngx.aarch64 --enablerepo=rpm

Step 5 View the installation directory.ls /usr/local/tengine-nginx/


----End

3.4.5 Installing Tengine by Using a ScriptStep 1 Obtain the Tengine script package.

1. Download the script package using a local browser.Download address: https://mirrors.huaweicloud.com/kunpeng/archive/kunpeng_solution/web/Scripts/tengine_automation.tar.gz

2. Copy the script package to the /home directory.

NO TE

If the server is connected to the Internet, you can run the wget command on theserver to download the script package.cd /home/wget https://mirrors.huaweicloud.com/kunpeng/archive/kunpeng_solution/web/Scripts/tengine_automation.tar.gz --no-check-certificate

Step 2 Decompress the script package.tar -xzvf tengine_automation.tar.gz



https://mirrors.huaweicloud.com/kunpeng/archive/kunpeng_solution/web/Scripts/tengine_automation.tar.gz

https://mirrors.huaweicloud.com/kunpeng/archive/kunpeng_solution/web/Scripts/tengine_automation.tar.gz

Step 3 Go to the tengine_automation directory and query the files in the directory.cd tengine_automationll

For details about the script directory structure, see Table 3-4.



deps Directory used for compilation and installationNOTE

The installer script obtains the OpenSSL and Tenginesource code using the wget command. If the serveris not connected to the Internet, download thesource code (see 3.3.4 Upgrading OpenSSL and3.4.2 Installing Tengine by Compiling the SourceCode) and save it to this directory.

scripts Optimization script directory, which containsthe common optimization script, Nginxconfiguration optimization script, and thescript for binding NIC interrupts to cores.

install.sh Script used to implement one-clickcompilation, deployment, and tuning.


startNginx.sh Script for starting the Nginx instance.

Step 4 Configure the network ports in the environment.


2. Find the eth0 and eth2 parameters and enter the network port names in thecurrent environment.

3. Set sense based on actual situation.4. Save and exit the install.sh script.




NO TE

The operation of binding NIC interrupts to cores becomes invalid after the device isrestarted. Therefore, this operation is directly written to the /etc/profile file. The commandfor binding NIC interrupts to cores is executed each time the device is restarted.

Step 6 Run the startNginx.sh script to start Nginx. Then, run the ps command to checkthe Nginx process.sh startNginx.sh

● After Step 6 is performed, you can skip Running Tengine.● If the environment needs to be rolled back or the deployment using a script

fails, run the rollback script to roll back the script operation and restart thedevice.sh rollback.sh

----End



3.5 Running and Verifying Tengine

3.5.1 Generating a CertificateNO TE

The digital certificate generated is a local security certificate generated by OpenSSL. Thiscertificate is used only for device commissioning. When the device is put into commercialuse, replace it with a commercial security certificate issued by a formal Certificate Authority(CA).

Step 1 Go to the /usr/local/tengine-nginx directory and generate a key.cd /usr/local/tengine-nginxopenssl genrsa -des3 -out server_2048.key 2048

Enter a password twice. The server_2048.key file is generated.

You can run the following command to use the file without a password:

openssl rsa -in server_2048.key -out server_2048.key

Step 2 Create a certificate signing request (CSR).openssl req -new -key server_2048.key -out server_2048.csr


Step 3 Rewrite the key.openssl rsa -in server_2048.key -out server_2048.key




Step 4 Generate the certificate.openssl x509 -req -days 365 -in server_2048.csr -signkey server_2048.key -out server_2048.crt

----End

3.5.2 Configuring Functions

Configuring HTTPS

Step 1 Open the nginx.conf file:vi /usr/local/tengine-nginx/conf/nginx.conf

Step 2 Edit the file as follows. Save the file and exit.● Change #user nobody; to user root;.● Delete all number signs (#) from the # HTTPS server module.● In the # HTTPS server module, change listen 443 ssl; to listen 20000 ssl;.● In the # HTTPS server module, change ssl_certificate cert.pem; to

ssl_certificate /usr/local/tengine-nginx/server_2048.crt;.● In the # HTTPS server module, change ssl_certificate_key cert.key; to

ssl_certificate_key /usr/local/tengine-nginx/server_2048.key;.● In the # HTTPS server module, add ssl_async on; below server_name

localhost; to enable the asynchronous function.


#user nobody;...# HTTPS server # #server { # listen 443 ssl; # server_name localhost;

# ssl_certificate cert.pem; # ssl_certificate_key cert.key;

# ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m;

# ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on;

# location / { # root html; # index index.html index.htm; # } #}




user root;...# HTTPS server # server { listen 20000 ssl; server_name localhost; ssl_async on; ssl_certificate /usr/local/tengine-nginx/server_2048.crt; ssl_certificate_key /usr/local/tengine-nginx/server_2048.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { root html; index index.html index.htm; } }

----End

Configuring HTTP

Step 1 Open the nginx.conf file:vi /usr/local/tengine-nginx/conf/nginx.conf

Step 2 Edit the file as follows. Save the file and exit.● Change #user nobody; to user root;.● In the http module, change listen 80; to listen 10000;.


#user nobody;...

http { include mime.types; default_type application/octet-stream;





#gzip on;


#charset koi8-r;


location / { root html; index index.html index.htm; }



}}


user root;...http { include mime.types; default_type application/octet-stream;





#gzip on;


#charset koi8-r;


location / { root html; index index.html index.htm; } }}...

----End

3.5.3 Running TengineStep 1 Start Nginx using either of the following methods:

Method 1: Start Nginx using a script./usr/local/tengine-nginx/sbin/nginx -c /usr/local/tengine-nginx/conf/nginx.conf

Method 2: Start Nginx as a service (add Nginx to the Service list, and then startthe service using a command).

1. Edit the /etc/init.d/nginx file.rm -rf /etc/init.d/nginxvi /etc/init.d/nginx

Add the following information, save the file, and exit:#!/bin/bash# chkconfig: 2345 10 90# description: nginxcase "$1" in 'start') /usr/local/tengine-nginx/sbin/nginx -c /usr/local/tengine-nginx/conf/nginx.conf echo "$0_start"; ;; 'stop') /usr/local/tengine-nginx/sbin/nginx -s quit



echo "$0_stop"; ;;esac

2. Modify the permission on the /etc/init.d/nginx file.chmod 777 /etc/init.d/nginxll /etc/init.d/nginx

3. Add Nginx to the chkconfig management list.chkconfig --add /etc/init.d/nginx

4. Enable Nginx to automatically start upon OS startup.chkconfig nginx on

5. Start Nginx.service nginx start

● During the startup, if a message is displayed stating "failed:no memory",which indicates that the cache is insufficient,

Set an appropriate cache size in the configuration file and restart the system.sed -i "/http {/a\check_shm_size 50m;" /usr/local/tengine-nginx/conf/nginx.conf

● During the startup, if a message is displayed stating "invalid port in resolver"2017:231::6:6" in /usr/local/tengine-nginx/conf/nginx.conf:127", whichindicates the parser port is invalid:

Delete nameserver from the /etc/resolv.conf file and restart the system.


NO TE

You can stop Nginx using one of the following methods. Stopping Nginx interrupts services.Exercise caution when performing this operation.

● Method 1: Stop Nginx using a script./usr/local/tengine-nginx/sbin/nginx -s quit

● Method 2: Stop Nginx using a process.pkill nginx

● Method 3: Stop Nginx as a service.service nginx stop

----End

3.5.4 Verifying TengineStep 1 Check the Nginx listen port (20000 is the HTTPS listen port, and 10000 is the

HTTP listen port).netstat -anpt | grep 10000netstat -anpt | grep 20000netstat -anpt



Step 2 View the Nginx HTML file.ll /usr/local/tengine-nginx/html/

Step 3 Verify the HTTPS function.

Access the Nginx HTML page using curl.

curl -k https://127.0.0.1:20000/index.html

If the welcome to Tengine information is displayed, the HTTPS function isconfigured successfully.

Step 4 Verify the HTTP function.

Access the Nginx HTML page using curl.

curl http://127.0.0.1:10000/index.html



If the welcome to Tengine information is displayed, the HTTP function isconfigured successfully.

----End

3.6 Uninstalling Tengine

Uninstalling Tengine (Installed by Compiling the Source)

Step 1 During source code compilation and installation, only the corresponding files aregenerated. Therefore, you can directly delete the corresponding directories.rm -rf /usr/local/tengine-nginxls /usr/local/tengine-nginx

----End

Uninstalling Tengine (Installed from the Mirror Site)

Step 1 Uninstall Nginx.rpm -qa | grep tenginerpm -e --nodeps tengine-2.2.2-1.el7_4.ngx

Step 2 If no information is displayed, the uninstallation is complete.rpm -qa | grep tengine

Step 3 Delete the installation directory.rm -rf /usr/local/tengine-nginxls /usr/local/tengine-nginx

----End

3.7 Troubleshooting



3.7.1 Error with src/core/ngx_murmurhash.c

SymptomWhen compiling and installing Tengine, an error with src/core/ngx_murmurhash.c is reported.

Handling Procedure1. Open the Makefile file.

vi objs/Makefile

2. Delete -Werror from the CFLAGS file, save the file, and exit.

3.7.2 Error with src/os/unix/ngx_user.c

SymptomWhen compiling and installing Tengine, an error with src/os/unix/ngx_user.c isreported.

Handling Procedure1. Open the ngx_user.c file:

vi src/os/unix/ngx_user.c

2. Comment out the 36th line, save the file, and exit./*cd.current_salt[0] = ~salt[0];*/



4 Memcached 1.5.12 Porting Guide

4.1 Introduction



4.4 Installing Memcached

4.5 Running and Verifying Memcached

4.1 Introduction

Memcached Overview

Memcached is a high-performance distributed memory-caching server, developedby Brad Fitzpatric from Danga Interactive, a subsidiary of LiveJournal. It is used tocache database query results and reduce database access times to improve thespeed and scalability of dynamic web applications.

Official Memcached website: https://memcached.org/

Development language: C

Brief description: distributed memory-caching server





Item Description


Kunpeng BoostKit for WebPorting Guide (Web Middleware) 4 Memcached 1.5.12 Porting Guide


https://memcached.org/

Item Description






OS Requirements







NO TE







2. Add the following content to the /etc/profile file based on site requirements.



export http_proxy="http://Username:Password@Proxy IP address:proxy port"export https_proxy=$http_proxyexport no_proxy=127.0.0.1,.huawei.com,localhost,local,.local



----End















----End



Method 1:



1. Upload the OS image file to the /root directory.

2. Mount the OS image file to the /mnt directory.



NO TE







Method 2:




NO TE










NO TE



cat local.repo


----End

4.3.3 Installing the DependenciesPrepare the C compiler, GNU, Make, Automake, libevent, and libevent-devellibraries needed to compile Memcached.

Step 1 Install the GNU Compiler Collection (GCC). If GCC has been installed, skip thisstep.yum -y install gcc gcc-c++ kernel-devel

Step 2 Install GNU make, Automake, unzip, and Telnet. If they have been installed, skipthis step.yum -y install make automake unzip telnet

Step 3 Install the third-party libraries libevent and libevent-devel.yum -y install libevent libevent-devel

----End

4.4 Installing MemcachedStep 1 Obtain the Memcached source code.

1. Download the Memcached source code package using the local browser.Download address: https://github.com/memcached/memcached/archive/1.5.12.zip

2. Copy the source code to the /home directory on the server.

NO TE

If the server is connected to the Internet, you can run the wget command on theserver to download the source code.cd /homewget https://github.com/memcached/memcached/archive/1.5.12.zip --no-check-certificate

Step 2 Decompress the source code package.cd /homeunzip 1.5.12.zip

Step 3 Switch to the memcached-1.5.12 directory.cd memcached-1.5.12



https://github.com/memcached/memcached/archive/1.5.12.zip

https://github.com/memcached/memcached/archive/1.5.12.zip

Step 4 Configure Memcached.sh autogen.sh./configure --prefix=/opt/memcached

NO TE

--prefix indicates the Memcached installation directory, for example, /opt/memcached inthis step.

Step 5 Perform the compilation and installation.make -j60 && make install

NO TE

-j60 leverages multi-core CPUs to speed up the compilation.

Step 6 View the installation directory.ls /opt/memcachedls /opt/memcached/bin/

Step 7 Configure environment variables.

1. Add the following command to the /etc/profile file:echo export PATH=$PATH:/opt/memcached/bin/ >> /etc/profile


----End

4.5 Running and Verifying MemcachedStep 1 Start the Memcached service.

memcached -t 24 -p 11211 -u root -m 49152 -c 10240

Table 4-3 describes the startup command parameters.

Table 4-3 Startup command parameter description

Parameter Description Default Value

-t Specifies the number of threads. 4

-p Specifies the TCP listening port. 11211

-u Specifies the user who starts theprocess.

By default, the root usercannot start the process.

-m Specifies the memory sizeallocated to Memcached.The unit is MB.

64 MB

-c Specifies the maximum numberof concurrent connections.

1024



Parameter Description Default Value

-d Starts a daemon in thebackground.

-

NO TE

To stop Memcached, press Ctrl+C.

Step 2 Start another shell window to connect to Memcached.telnet 127.0.0.1 11211

NO TE

1. In addition to connecting to the Memcached service using Telnet to obtain data, thesource code provides some tool scripts, such as memcached-tool, in the scriptsdirectory of the source code. memcached-tool describes how to use memcached-tool.

2. To exit the Telnet connection, run the quit command.quit

Table 4-4 memcached-tool

Command Description

./memcached-tool localhost display Displays slabs information.

./memcached-tool 10.0.0.5:11211display

Displays slabs information.

./memcached-tool 10.0.0.5:11211 stats Displays Memcached statistics.

./memcached-tool 10.0.0.5:11211settings

Displays Memcached settings.

./memcached-tool 10.0.0.5:11211 sizes Displays the size and number of allitems.

./memcached-tool 10.0.0.5:11211dump [limit]

Outputs Keys and Values from thecache.

Step 3 After the connection is set up, run the stats command to obtain the statistics ofthe Memcached server.stats



Table 4-5 lists the common stats commands.

Table 4-5 stats commands

Command Description

stats Displays the overall status of Memcached, includingthe startup time, amount of data stored, cache hitratio, and number of current connections.

stats items Outputs the item information of each slab.

stats slabs Outputs more detailed slab information.

stats sizes Displays the size and number of all items.

stats cachedump<slabId> <limit>

Outputs data in <slabId>. <limit> indicates thenumber of data outputs. If the input is 0, all data inthe slab is output.

stats detail <on|off|dump>

Sets (on/off) or displays (dump) detailed operationrecords, such as the get/set operation.

flush_all Invalidates all items in the memory. This operationdoes not suspend the server because the memoryspace is not released but the existing items are markedas invalid.

----End



5 Squid 4.8 Porting Guide

5.1 Introduction



5.4 Installing Squid

5.5 Running and Verifying Squid

5.1 Introduction

Squid OverviewSquid cache (Squid for short) is a popular proxy server and web cache server, andis open-source software (GNU common public license). Squid has a wide range ofapplications. It caches related requests by the front-end cache server as a webserver to improve the speed of the web server, caches the World Wide Web,domain name systems, and other network searches for a group of people to sharenetwork resources, filters traffic to help ensure network security, and accesses theInternet through a proxy in a local area network. Squid runs on Unix systems.Squid has a long history of development, and its functions are quite complete. Inaddition to HTTP, FTP and HTTPS are well supported. IPv6 is also supported in thetest version 3.0.

Programming language: C++

Brief description: web proxy service and web cache server

Recommended VersionSquid 4.8

Kunpeng BoostKit for WebPorting Guide (Web Middleware) 5 Squid 4.8 Porting Guide





Item Description













NO TE












----End

















----End



Method 1:




NO TE







Method 2:




NO TE










NO TE





----End

5.3.3 Installing Dependenciesyum install gcc libxml2-devel libcap-devel libtool-ltdl-devel perl* -y

5.4 Installing Squid

5.4.1 Installation ModesTable 5-3 lists four installation modes. Select one installation mode based on thesite requirements.


InstallationMethod

Description Remarks

InstallingSquid byCompiling theSource Code

Install Squid from the source code. Manually download thesource code.

5.4.3 InstallingSquid byUsing an RPMPackageObtained froma Mirror Site





InstallationMethod

Description Remarks

5.4.4 InstallingSquid byUsing the YumSourceObtained froma Mirror Site



InstallingSquid byUsing theOne-clickCompilation,Deployment,andOptimizationScript(recommended)



5.4.2 Installing Squid by Compiling the Source CodeStep 1 Obtain the Squid source code.

1. Download address: http://www.squid-cache.org/Versions/v4/squid-4.8.tar.gz

2. Upload the source code to the /home directory on the server.

NO TE

If the server can access the Internet, you can run the wget command on the server todownload the source code.cd /homewget http://www.squid-cache.org/Versions/v4/squid-4.8.tar.gz --no-check-certificate

Step 2 Decompress the source code package.tar -zxvf squid-4.8.tar.gz



http://www.squid-cache.org/Versions/v4/squid-4.8.tar.gz

http://www.squid-cache.org/Versions/v4/squid-4.8.tar.gz

Step 3 Configure Squid.cd /home/squid-4.8/./configure

NO TE

Squid is installed in /usr/local/squid by default. If you want to install Squid in anotherdirectory, use the --prefix option. Example:./configure --prefix=/${PATH_TO_SQUID}

Step 4 Compile and install Squid.make -j60 && make install

----End

5.4.3 Installing Squid by Using an RPM Package Obtainedfrom a Mirror Site

NO TE




Step 1 Obtain the Squid RPM package.

1. Download the RPM package using a local browser.URL: https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/squid-4.8-1.el7.aarch64.rpm


NO TE

If the server can access the Internet, you can run the wget command on the server todownload the RPM package.

Step 2 Install Squid.rpm -ivh squid-4.8-1.el7.aarch64.rpm

Step 3 The installed Squid is in the /usr/local/squid directory.ls /usr/local/squid

----End

5.4.4 Installing Squid by Using the Yum Source Obtained froma Mirror Site

NO TE








a. Run the following command to open the rpm.repo file:vi rpm.repo




https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/squid-4.8-1.el7.aarch64.rpm

https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/squid-4.8-1.el7.aarch64.rpm

NO TE




Step 4 Install Squid using the Yum source.yum install squid-4.8-1.el7.aarch64

The installed Squid is in the /usr/local/squid directory.

----End

5.4.5 Installing Squid by Using a ScriptStep 1 Obtain the Squid script package.

1. Download the script package using a local browser.URL: https://mirrors.huaweicloud.com/kunpeng/archive/kunpeng_solution/web/Scripts/squid_automation.tar.gz

2. Copy squid_automation.tar.gz to the /home directory.

NO TE

If the server can access the Internet, you can run the wget command on the server todownload the script package.

Step 2 Go to the home directory and decompress the script package.cd /home/tar -xzvf squid_automation.tar.gz

Step 3 Go to the squid_automation directory and query the files in the directory.cd squid_automationll



https://mirrors.huaweicloud.com/kunpeng/archive/kunpeng_solution/web/Scripts/squid_automation.tar.gz

https://mirrors.huaweicloud.com/kunpeng/archive/kunpeng_solution/web/Scripts/squid_automation.tar.gz



Folder or File Description

deps folder Directory used for compilation and installationNOTE

The installer script downloads the Squid source codeusing the wget command. If the server is notconnected to the Internet, download the Squidsource code (see 5.4.2 Installing Squid byCompiling the Source Code) and save it to thisdirectory.

scripts folder Optimization script directory, which containsthe common optimization script, configurationoptimization script, and the script for bindingNIC interrupts to cores.

install.sh Script used to implement one-clickcompilation, deployment, and tuning.


Step 4 Configure the network port.


2. Enter the network port name (eth0) and IP address.

NO TE

The parameters in the install.sh file are described as follows:eth0="": communication network port name. This parameter is mandatory.IP: IP address of the communication network port eth0. This parameter is mandatory.

3. Save and close the install.sh script.




NO TE

The script contains common optimization. The software optimization needs to be adjustedbased on the site requirements.

Step 6 Modify the network port name in the startSquid.sh file to be the same as that inthe install.sh file.

1. Edit the startSquid.sh file.vi startSquid.sh

2. Enter the network port name (eth0), which must be the same as the eth0network port name in the install.sh file.

NO TE

The parameters in the startSquid.sh file are described as follows:eth0: name of the communication network port in the current environment. The GENIC cannot be used. This parameter is mandatory. The value is the same as eth0 inthe install.sh file.

3. Save and close the startSquid.sh script.

Step 7 Run the startSquid.sh script to start Squid.sh startSquid.sh

Step 8 Check the Squid process.ps -ef | grep squid

● After performing Step 8, you can skip Running and Verifying Squid.● (Optional) If the environment needs to be rolled back or the deployment

using a script fails, run the rollback script to roll back the script operation andrestart the device.sh rollback.sh



----End

5.5 Running and Verifying SquidStep 1 Grant the permission on logs in the Squid installation directory.

chmod 777 /usr/local/squid/var/logs/

Step 2 Start Squid./usr/local/squid/sbin/squid

Step 3 Verify Squid.ps -ef |grep squid

If the Squid process is displayed, Squid is running properly.

● (Optional) Run the following command to stop Squid. Do not run thiscommand when services are running./usr/local/squid/sbin/squid -k shutdown

● (Optional) Uninstall Squid and query the result.rpm -qa |grep squidrpm -e --nodeps squid-4.8rm -rf /usr/local/squid/

----End



6 Varnish 6.2.0 Porting Guide

6.1 Introduction


6.3 Configuring the Compilation Environment

6.4 Installing Varnish

6.5 Running and Verifying Varnish

6.1 Introduction

OverviewVarnish is a high-performance and open-source reverse proxy server and HTTPaccelerator. Compared with traditional cache servers, Varnish has higherperformance, faster speed, and easier management. Many large websites useVarnish to replace Squid, contributing to the rapid development of Varnish.

Programming language: C++

One-sentence description: reverse proxy server and HTTP accelerator

Recommended VersionVarnish 6.2.0



Kunpeng BoostKit for WebPorting Guide (Web Middleware) 6 Varnish 6.2.0 Porting Guide



Item Description







OS Requirements







NO TE


6.3 Configuring the Compilation Environment










----End

6.3.2 Configuring the Yum Source

NO TE







Step 3 Configure the Yum source.

● CentOS:wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.huaweicloud.com/repository/conf/CentOS-AltArch-7.repo



● CentOS:ls /etc/yum.repos.d/cat /etc/yum.repos.d/CentOS-Base.repo



----End





Method 1:




NO TE

Rename the ISO file based on the site requirements. The renaming operationtakes effect only once and becomes invalid after a system restart. You canperform the following operations for the image file to be automatically mountedupon system startup.1. Open the fstab file.

vi /etc/fstab





Method 2:




NO TE







b. Add the following information to the local.repo file.[local]name=local.repo



baseurl=file:///mntenabled=1gpgcheck=0

NO TE





----End

6.3.3 Installing DependenciesStep 1 Install the required dependencies.

yum install -y autoconf automake jemalloc-devel libedit-devel libtool ncurses-devel pcre-devel pkgconfig python-docutils python-sphinx graphviz httpd wget

Step 2 Download Python 3.6, then compile and install it. (Python 3 delivered withopenEuler is later than 3.6 and does not need to be installed.)

1. Obtain the Python 3.6 source code.

a. Download the Python 3.6 source code package using the local browser.

URL: https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tgz

b. Copy the source code to the /home directory on the server.

NO TE

If the server is connected to the Internet, you can run the wget command todownload the source code.cd /home/wget https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tgz --no-check-certificate

2. Create an installation directory python3. Decompress the source package andgo to the decompressed directory.mkdir /usr/local/python3 && tar -zxvf Python-3.6.0.tgz && cd Python-3.6.0

3. Configure, compile, and install Python../configure --prefix=/usr/local/python3 && make -j60 && make install

4. Set environment variables to be effective.echo export PATH=$PATH:/usr/local/python3/bin >> /etc/profile && source /etc/profile

5. Verify the Python 3.6 installation.python3 --version

If the Python version is Python 3.6.0, the installation is successful.

----End



https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tgz

6.3.4 Disabling the Firewall

NO TE




NO TE



----End

6.4 Installing Varnish

6.4.1 Installation ModesTable 6-3 describes the installation modes for Varnish.


InstallationMethod

Description Remarks

6.4.2 InstallingVarnish fromthe SourceCode

Install Varnish from the sourcecode.


6.4.3 InstallingVarnish byUsing an RPMPackageObtained froma Mirror Site



6.4.4 InstallingVarnish byUsing the YumSourceObtained froma Mirror Site

Download the RPM package byconfiguring the network source ofthe mirror site (the server must beable to access the extranet) andinstall it.




InstallationMethod

Description Remarks

6.4.5 InstallingVarnish byUsing a Script(recommended)

Run the script to perform one-clickcompilation, deployment, andtuning.

Run the script to performone-click compilation,deployment, and tuning.

6.4.2 Installing Varnish from the Source Code

Obtaining the Source CodeStep 1 Download the Varnish source code package using the local browser.

URL: https://varnish-cache.org/_downloads/varnish-6.2.0.tgz

Step 2 Copy the source code to the /home directory on the server.

NO TE

If the server is connected to the Internet, you can run the wget command on the server todownload the source code.cd /homewget https://varnish-cache.org/_downloads/varnish-6.2.0.tgz --no-check-certificate

----End

Compiling and Installing VarnishStep 1 Go to the home directory.

cd /home/

Step 2 Decompress the source code package.tar -zxvf varnish-6.2.0.tgz

Step 3 Go to the varnish-6.2.0 directory.cd /home/varnish-6.2.0/

Step 4 Perform automatic compilation.sh autogen.sh

Step 5 Check the dependency../configure --prefix=/usr/local/varnish



https://varnish-cache.org/_downloads/varnish-6.2.0.tgz

NO TE

--prefix=PATH: specifies the Varnish installation directory.

Step 6 Compile and install Varnish.make -j60 && make install

----End

Configuration File

Step 1 Create a folder in the Varnish installation path for storing the configuration file.cd /usr/local/varnish && mkdir config

Step 2 Copy the configuration file to the config directory.cp /usr/local/varnish/share/doc/varnish/example.vcl /usr/local/varnish/config/default.vcl

----End

6.4.3 Installing Varnish by Using an RPM Package Obtainedfrom a Mirror Site

NO TE


Step 1 Obtain the RPM package of Varnish 6.2.0.

1. Download the RPM package using the local browser.URL: https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/varnish-6.2.0-1.el7.aarch64.rpm


NO TE

If the server is connected to the Internet, you can run the wget command on theserver to download the RPM package.

Step 2 Install Varnish.rpm -ivh varnish-6.2.0-1.el7.aarch64.rpm

Step 3 Check the installed Varnish in the /usr/local/varnish.ls /usr/local/varnish

----End



https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/varnish-6.2.0-1.el7.aarch64.rpm

https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/varnish-6.2.0-1.el7.aarch64.rpm

6.4.4 Installing Varnish by Using the Yum Source Obtainedfrom a Mirror Site

NO TE

The binary packages available at the Kunpeng mirror site are compiled based on the opensource code, and do not involve vulnerability or bug fixes.When using open source software, comply with the applicable license agreements.openEuler does not support such a Yum source installation method.





a. Create an rpm.repo file.vi rpm.repo


NO TE


c. Save and exit the rpm.repo file.


Step 4 Install Varnish using the Yum source.yum install varnish-6.2.0-1.el7.aarch64

Step 5 Check the installed Varnish in the /usr/local/varnish.ls /usr/local/vanish/

----End

6.4.5 Installing Varnish by Using a ScriptStep 1 Obtain the script used to deploy Varnish.

1. Download the script package using the local browser.URL: https://mirrors.huaweicloud.com/kunpeng/archive/kunpeng_solution/web/Scripts/varnish_automation.tar.gz



https://mirrors.huaweicloud.com/kunpeng/archive/kunpeng_solution/web/Scripts/varnish_automation.tar.gz

https://mirrors.huaweicloud.com/kunpeng/archive/kunpeng_solution/web/Scripts/varnish_automation.tar.gz

2. Copy varnish_automation.tar.gz to the /home directory.

NO TE

If the server is connected to the Internet, you can run the wget command on theserver to download the script package.

Step 2 Go to the /home directory and decompress the script package.cd /home/tar -xzvf varnish_automation.tar.gz

Step 3 Go to the varnish_automation directory and view the files in the directory.cd varnish_automationll


Table 6-4 Script package

Directory/File Description

deps directory Directory used for compilation and installation.NOTE

The installer script obtains the Varnish source codeusing the wget command. If the server is notconnected to the Internet, download the Varnishsource code and Python 3.6.0 source codepackage (see Obtaining the Source Code and Step2.1) and save them to this directory.

scripts directory Directory in which the general tuning script,configuration optimization script, and thescript for binding NIC interrupts to cores arestored.



Directory/File Description

install.sh Script used to implement one-clickcompilation, deployment, and tuning ofVarnish.

rollback.sh Script used to roll back all operationsperformed by install.sh.

Step 4 Configure the network port.


2. Enter the network port name and IP address.

NO TE

The parameters in the install.sh file are described as follows:

eth0: name of the network port in the current environment. The GE NIC cannot beused. This parameter is mandatory.

IP: IP address of the network port eth0. This parameter is mandatory.

3. Save and exit the install.sh script.


NO TE

The script contains general tuning. The software-based tuning needs to be performed basedon actual situation.

Step 6 Modify the network port name in the startSquid.sh file to be the same as that inthe install.sh file.

1. Open the install.sh file in edit mode.vi startVarnish.sh

2. Enter the network port name, which must be the same as the eth0 networkport name in the install.sh file.

NO TE

The parameter in the startVarnish.sh file is described as follows:

eth0: name of the network port in the current environment. The GE NIC cannot beused. This parameter is mandatory. The value must be the same as that of eth0 in theinstall.sh file.



3. Save and exit the startVarnish.sh script.

Step 7 Run the startVarnish.sh script to start the Varnish.sh startVarnish.sh

Step 8 Check the Varnish process.ps -ef | grep varnish

● After performing Step 8, you can skip Running and Verifying Varnish.

● To roll back the deployment, run the rollback.sh script and restart the device.sh rollback.sh

----End

6.5 Running and Verifying VarnishThe following describes how to run and verify the Varnish when the local host isused as a backend object.

Step 1 Modify the backend IP address and port number for the reverse proxy test.

(If the cache policy needs to be configured, obtain the latest Varnish Book fromthe official website.) In this example, the local host is configured as the backendobject. The default port number is 80.

1. Open the configuration file.vi /usr/local/varnish/config/default.vcl

2. Modify the file as follows, and save the change and exit:vcl 4.0;# Default backend definition. Set this to point to your content server.backend default {.host = "127.0.0.1";.port = "80";}

sub vcl_recv {}sub vcl_backend_response {}sub vcl_deliver {}



Step 2 Start the HTTP service of the backend object.systemctl start httpd

Step 3 Start Varnish./usr/local/varnish/sbin/varnishd -a :12345 -T 127.0.0.1:6082 -s malloc,10GB -f /usr/local/varnish/config/default.vcl

Table 6-5 describes the related parameters.

Table 6-5 Varnish startup parameters


-a address:port Specifies the IP address and portnumber used by Varnish to monitorthe HTTP service. The default IPaddress is the IP address of the localhost.

-T address:port Specifies the Telnet managementaddress and port number of Varnish.

-s Specifies the cache storage mode forVarnish. In this example, malloc isused. A total of 10 GB memory spaceis allocated.

-f Specifies the location of the Varnishconfiguration file.

Step 4 Verify Varnish.

Enter http://IP address:port in the address box of the browser to access the localhost. If the test page of the backend service is displayed, the Varnish verification issuccessful.

NO TE

● To stop Varnish, run the following command (do not run this command during servicerunning):pkill varnish

● To uninstall Varnish and query the result:– Uninstall Varnish that is installed from the source code.

rm -rf /usr/local/varnish/

– Uninstall Varnish that is installed by using an RPM package.rpm -qa |grep varnishrpm -e --nodeps varnish-6.2.0

----End



7 HAProxy 1.9.0 Porting Guide

7.1 Introduction



7.4 Installing HAProxy

7.5 Running and Verifying HAProxy

7.6 Uninstalling HAProxy

7.1 Introduction

HAProxy Overview

HAProxy is a free and open source piece of software written in C language. Itprovides high availability, load balancing, and application proxy based on TCP andHTTP. HAProxy implements an event-driven, single-process model that supportstens of thousands of concurrent connections. Its operation mode allows it to beeasily and safely integrated into your current architecture, while protecting yourweb servers from being exposed to the network. Multiprocess or multithreadedmodels are limited by memory, system schedulers, and locks, and they rarelyhandle thousands of concurrent connections. Event-driven models do not havethese problems because they can manage resource and times better. However,they have a poor availability on multi-core systems. They have to be optimized foreach CPU time slice (Cycle) to do more work. HAProxy is especially suited to websites that are heavily loaded and often require session maintenance or seven-tierprocessing.


Brief description: web load balancer

Recommended Version

HAProxy 1.9.0

Kunpeng BoostKit for WebPorting Guide (Web Middleware) 7 HAProxy 1.9.0 Porting Guide


NO TE

This document applies to HAProxy 1.9.0. It also provides reference for porting of otherHAProxy versions.





Item Description







OS Requirements







NO TE












----End
















----End



Method 1:




NO TE







Method 2:




NO TE










NO TE



cat local.repo


----End

7.4 Installing HAProxy

7.4.1 Installation MethodsInstallation methods describes the installation methods for HAProxy. InstallHAProxy based on actual situation.

Table 7-3 Installation methods

InstallationMethod

Description Remarks

7.4.2Compiling andInstallingHAProxy fromSource Code

Install HAProxy from the sourcecode.


7.4.3 InstallingHAProxy byUsing an RPMPackageObtained froma Mirror Site

Download the RPM package froma mirror site and install the RPMpackage.

You need to manuallydownload the RPMpackage from a mirrorsite.



InstallationMethod

Description Remarks

7.4.4 InstallingHAProxy byUsing the YumSourceObtained froma Mirror Site


The RPM package isautomaticallydownloaded from amirror site and installedon the server.

7.4.5 InstallingHAProxy byUsing a Script(recommended)

Run a script to implement one-click compilation, deployment, andtuning.

You need to run a scriptto implement one-clickcompilation,deployment, and tuning.

7.4.2 Compiling and Installing HAProxy from Source CodeStep 1 Obtain the HAProxy source code.

1. Download the HAProxy source code package using a local browser.Download address: https://www.haproxy.org/download/1.9/src/haproxy-1.9.0.tar.gz


NO TE

If the server is connected to the Internet, you can run the wget command on theserver to download the source code.cd /homewget https://www.haproxy.org/download/1.9/src/haproxy-1.9.0.tar.gz --no-check-certificate

Step 2 Switch to the home directory.cd /home/

Step 3 Decompress the HAProxy package.tar -xzvf haproxy-1.9.0.tar.gz

Step 4 Switch to the haproxy-1.9.0 directory.



https://www.haproxy.org/download/1.9/src/haproxy-1.9.0.tar.gz

https://www.haproxy.org/download/1.9/src/haproxy-1.9.0.tar.gz

cd /home/haproxy-1.9.0/

Step 5 Compile and install HAProxy.make TARGET=linux41 && make install PREFIX=/usr/local/haproxy/

NO TE

PREFIX=PATH specifies the HAProxy installation directory.

Step 6 Create a folder in the HAProxy installation path for storing the configuration file.mkdir -p /usr/local/haproxy/conf

Step 7 Copy the configuration file from the source code directory to the installationdirectory.cp /home/haproxy-1.9.0/examples/*.cfg /usr/local/haproxy/conf/

Step 8 Check the installation directory.ll /usr/local/haproxy

----End

7.4.3 Installing HAProxy by Using an RPM Package Obtainedfrom a Mirror Site

NO TE


Step 1 Obtain the RPM package of HAProxy 1.9.0.

1. Download the RPM package using the local browser.URL: https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/haproxy-1.9.0-1.el7.aarch64.rpm


NO TE


Step 2 Install HAProxy.rpm -ivh haproxy-1.9.0-1.el7.aarch64.rpm



https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/haproxy-1.9.0-1.el7.aarch64.rpm

https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/haproxy-1.9.0-1.el7.aarch64.rpm

Step 3 Check the installation directory.ls /usr/local/haproxy

----End

7.4.4 Installing HAProxy by Using the Yum Source Obtainedfrom a Mirror Site

NO TE




1. Switch to the /etc/yum.repos.d directory.cd /etc/yum.repos.d


a. Create the rpm.repo file.vi rpm.repo


NO TE




Step 4 Install HAProxy using the Yum source.yum install haproxy-1.9.0-1.el7.aarch64

Step 5 Check the installation directory.ls /usr/local/haproxy

----End

7.4.5 Installing HAProxy by Using a ScriptStep 1 Obtain the HAProxy script package.



1. Download the script package using the local browser.URL: https://mirrors.huaweicloud.com/kunpeng/archive/kunpeng_solution/web/Scripts/haproxy_automation.tar.gz

2. Save the script package haproxy_automation.tar.gz to the /home directory.

NO TE


Step 2 Go to the /home directory and decompress the script package.cd /home/tar -xzvf haproxy_automation.tar.gz

Step 3 Switch to the haproxy_automation directory and view the files in the directory.cd haproxy_automationll


Table 7-4 haproxy_automation directory structure

Folder orFile

Description

deps Directory used for compilation and installation.NOTE

The installation script first obtains the HAProxy source code using thewget command. If the server is not connected to the Internet,download the HAProxy source code (see 7.4.2 Compiling andInstalling HAProxy from Source Code) and save the source code tothis directory.



https://mirrors.huaweicloud.com/kunpeng/archive/kunpeng_solution/web/Scripts/haproxy_automation.tar.gz

https://mirrors.huaweicloud.com/kunpeng/archive/kunpeng_solution/web/Scripts/haproxy_automation.tar.gz

Folder orFile

Description

scripts Folder in which common tuning scripts are stored.

install.sh Script used to compile, deploy, and tune HAProxy.

rollback.sh Script used to roll back all the operations performed by thescript.

Step 4 Run the install.sh script. After the script is executed, restart the server for thetuning to take effect.sh install.sh

NO TE

● The script contains only common tuning. Software tuning needs to be performed basedon actual situation.

● (Optional) If the environment needs to be rolled back or the deployment using a scriptfails, run the rollback script to roll back the script operation and restart the device.sh rollback.sh

----End

7.5 Running and Verifying HAProxyStep 1 Configure parameters.

1. Back up the option-http_proxy.cfg file.mv /usr/local/haproxy/conf/option-http_proxy.cfg /usr/local/haproxy/conf/option-http_proxy.cfg_bak

2. Create an option-http_proxy.cfg file.vi /usr/local/haproxy/conf/option-http_proxy.cfg

3. Modify the file as follows (Replace IP1:PORT1 and IP2:PORT2 with the actualvalues), and save the file and exit.globalmaxconn 20000log 127.0.0.1 local0 infouid 0gid 0chroot /usr/local/haproxynbproc 4daemon



defaultsmode httpretries 3timeout connect 10stimeout client 20stimeout server 30stimeout check 2sfrontend test-proxybind *:80mode httplog globaldefault_backend test-proxy-srvbackend test-proxy-srvbalance roundrobinoption http-server-closeoption httpchk GET /index.htmlhttp-check expect status 200server web1 IP1:PORT1 weight 3server web2 IP2:PORT2 weight 3

Table 7-5 describes the parameters in the configuration file.

Table 7-5 Example configuration file and parameter description


global -

maxconn 20000 Specifies the maximum number ofconnections.

log 127.0.0.1 local0 info Specifies the log output device. info indicatesthe log severity level.

uid 0 Specifies the ID of the user who runs HAProxy.

gid 0 Specifies the ID of the user group to which theuser running HAProxy belongs.

chroot /usr/local/haproxy Specifies the chroot running path.

nbproc 4 Specifies the number of processes.

daemon Runs HAProxy in the background.

defaults -

mode http Specifies the processed type (layer 7 usesHTTP, and layer 4 uses TCP).

retries 3 Specifies the maximum number of retry timesfor connecting to the backend server. If thenumber of retry times exceeds the specifiedvalue, the backend server is unavailable.

timeout connect 10s Specifies the maximum time allowed before aconnection is set up between HAProxy and thebackend server

timeout client 20s Specifies the timeout period for keeping anidle connection with the client.




timeout server 30s Specifies the timeout period for keeping anidle connection with the server.

timeout check 2s Specifies the timeout period for checking theserver.

frontend test-proxy -

bind *:80 Specifies one or more listening sockets. Theasterisk (*) indicates all IPv4 addresses.

mode http Specifies the processed type (layer 7 usesHTTP, and layer 4 uses TCP).

log global Inherits the definition of log in the globalsection.

default_backend test-proxy-srv

Specifies the default backend server pool.

backend test-proxy-srv -

balance roundrobin Specifies the load balancing algorithmroundrobin, which is a weight-based pollingalgorithm and applies to scenarios whereserver performance is even.

option http-server-close Enables this function when persistentconnection is enabled.

option httpchk GET /index.htmlhttp-check expect status200

Enables HTTP service status check (healthcheck). Checks the returned status code. If"200" is not received, the request is notscheduled to backend servers.

server web1 IP1:PORT1weight 3server web2 IP2:PORT2weight 3

Defines multiple backend servers.Format: server <name> <address>:[port][param*]NOTE

IP1:PORT1 and IP2:PORT2 indicate the IP addressesand port numbers of the backend servers.

Step 2 Start HAProxy.taskset -c 0-3 /usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/conf/option-http_proxy.cfg



NO TE

If the error message "cannot bind socket [0.0.0.0:80]" is displayed, check the process thatoccupies port 80, stop the process, and then start HAProxy again.netstat -anpt | grep 80kill -9 136508

Step 3 Verify HAProxy.ps -ef | grep haproxy

The HAProxy process is displayed.

Open the browser, enter http://HAProxy IP address:80 in the address box andpress Enter. The WebUI page of the backend server is displayed, indicating thatHAProxy is running properly. Refresh the page. The page switches betweenbackend servers.

NO TE

● (Optional) Run the following command to stop HAProxy. Do not run this commandwhen services are running.pkill haproxy

----End

7.6 Uninstalling HAProxy

Uninstalling HAProxy (Installed by Compiling the Source)

Step 1 During source code compilation and installation, only the corresponding files aregenerated. Therefore, you can directly delete the corresponding directories.rm -rf /usr/local/haproxyls /usr/local/haproxy

----End


Step 1 Uninstall HAProxy.rpm -qa | grep haproxyrpm -e --nodeps haproxy-1.9.0

Step 2 If no information is displayed, HAProxy has been uninstalled.rpm -qa | grep haproxy

Step 3 Delete the installation directory.rm -rf /usr/local/haproxyls /usr/local/haproxy

----End



8 Lighttpd 1.4.53 Porting Guide

8.1 Introduction



8.4 Installing Lighttpd

8.5 Running and Verifying Lighttpd

8.6 Uninstalling Lighttpd

8.1 Introduction

Lighttpd OverviewLighttpd is open-source web server software optimized for speed-criticalenvironments while remaining standards-compliant, secure and flexible. Lighttpdfeatures low memory footprint, small CPU load, speed optimizations, andabundant modules.

As one of the best open-source lightweight web server software, Lighttpd supportsimportant functions such as FastCGI, CGI, Auth, output compress, URL rewriting,and alias. Apache is popular because it provides various functions. Many functionsof Apache are supported by Lighttpd. This is very important for Apache usersbecause many functions must be available after migration to Lighttpd.


Brief description: web server

Recommended VersionLighttpd 1.4.53

Kunpeng BoostKit for WebPorting Guide (Web Middleware) 8 Lighttpd 1.4.53 Porting Guide





Item Description













NO TE












----End

















----End



Method 1:




NO TE







Method 2:




NO TE










NO TE



cat local.repo


----End

8.3.3 Installing Dependenciesyum -y install gcc gcc-c++ glib2-devel pcre-devel bzip2-devel zlib-devel gamin-devel





NO TE



----End

8.4 Installing Lighttpd

8.4.1 Installation ModesTable 8-3 describes four installation methods. Select one based on the siterequirements.



Table 8-3 Installation methods

InstallationMethod

Description Remarks

InstallingLighttpd byCompiling theSource Code

Install Lighttpd from the sourcecode.


8.4.3 InstallingLighttpd byUsing an RPMPackageObtained froma Mirror Site



8.4.4 InstallingLighttpd byUsing the YumSourceObtained froma Mirror Site



InstallingLighttpd byUsing theOne-clickCompilation,Deployment,andOptimizationScript(recommended)



8.4.2 Installing Lighttpd by Compiling the Source CodeStep 1 Obtain the Lighttpd source code.

1. Download the Lighttpd source code from a local browser.

Download address: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.53.tar.gz


NO TE

If the server is connected to the Internet, you can run the wget command on theserver to download the source code.cd /homewget https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.53.tar.gz --no-check-certificate



https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.53.tar.gz

https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.53.tar.gz

Step 2 Switch to the home directory.cd /home/

Step 3 Decompress the Lighttpd installation package.tar -zxvf lighttpd-1.4.53.tar.gz

Step 4 Go to the lighttpd-1.4.53 directory.cd /home/lighttpd-1.4.53/

Step 5 Configure Lighttpd../configure --prefix=/usr/local/lighttpd --with-fam

NO TE

● --prefix=PATH specifies the Lighttpd installation directory.● --with-fam reduces the number of times that stat() is called.

Step 6 Compile and install Lighttpd.make -j60 && make install

Step 7 Create a folder in the installation directory.cd /usr/local/lighttpd/ && mkdir log webpages cache config

NO TE

After Lighttpd is installed, only three folders lib, sbin, and share exist in the installationdirectory. Other files need to be copied and created.

Step 8 Copy the Lighttpd configuration files lighttpd.conf, modules.conf, and conf.d tothe installation path /usr/local/lighttpd/config.cp /home/lighttpd-1.4.53/doc/config/lighttpd.conf /usr/local/lighttpd/configcp /home/lighttpd-1.4.53/doc/config/modules.conf /usr/local/lighttpd/configcp -r /home/lighttpd-1.4.53/doc/config/conf.d /usr/local/lighttpd/config

Step 9 View the installation directory.ls /usr/local/lighttpd

----End

8.4.3 Installing Lighttpd by Using an RPM Package Obtainedfrom a Mirror Site

NO TE


Step 1 Obtain the RPM package of Lighttpd 1.4.53.

1. Download the RPM package using a local browser.Download address: https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/lighttpd-1.4.53-el7.aarch64.rpm



https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/lighttpd-1.4.53-el7.aarch64.rpm

https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/lighttpd-1.4.53-el7.aarch64.rpm


NO TE


Step 2 Install Lighttpd.rpm -ivh lighttpd-1.4.53-el7.aarch64.rpm

Step 3 The installed Lighttpd is in the /usr/local/lighttpd directory.ls /usr/local/lighttpd

----End

8.4.4 Installing Lighttpd by Using the Yum Source Obtainedfrom a Mirror Site

NO TE






a. Run the following command to open the rpm.repo file:vi rpm.repo


NO TE






Step 4 Install Lighttpd using Yum.yum -y install lighttpd-1.4.53-el7.aarch64

Step 5 The installed Lighttpd is in the /usr/local/lighttpd directory.

----End

8.4.5 Installing Lighttpd by Using a ScriptStep 1 Obtain the Lighttpd script package.

1. Download the script package using a local browser.URL: https://mirrors.huaweicloud.com/kunpeng/archive/kunpeng_solution/web/Scripts/lighttpd_automation.tar.gz

2. Copy lighttpd_automation.tar.gz to the /home directory.

NO TE


Step 2 Go to the home directory and decompress the script package.cd /home/tar -xzvf lighttpd_automation.tar.gz

Step 3 Go to the lighttpd_automation directory and query the files in the directory.cd lighttpd_automationll



https://mirrors.huaweicloud.com/kunpeng/archive/kunpeng_solution/web/Scripts/lighttpd_automation.tar.gz

https://mirrors.huaweicloud.com/kunpeng/archive/kunpeng_solution/web/Scripts/lighttpd_automation.tar.gz




deps Directory used for compilation and installationNOTE

The installation script first obtains the Lighttpdsource code using the wget command. If the serveris not connected to the Internet, download theLighttpd source code (see Step 1.1) and save thesource code to this directory.

scripts Folder in which common optimization scriptsare stored.

install.sh Script used to implement one-clickcompilation, deployment, and tuning ofLighttpd.



NO TE

● The script contains only common tuning. Software tuning needs to be performed basedon actual situation.

● (Optional) If the environment needs to be rolled back or the deployment using a scriptfails, run the rollback script to roll back the script operation and restart the device.sh rollback.sh

----End



8.5 Running and Verifying LighttpdStep 1 Modify the lighttpd.conf file.

1. Open the file.vi /usr/local/lighttpd/config/lighttpd.conf

2. Modify the following content.

– Modify lines 16 to 20 as follows:var.log_root = "/usr/local/lighttpd/log"var.server_root = "/usr/local/lighttpd"var.state_dir = "/usr/local/lighttpd"var.home_dir = "/usr/local/lighttpd"var.conf_dir = "/usr/local/lighttpd/config"

– Modify line 61 as follows:var.cache_dir = "/usr/local/lighttpd/cache"

– Comment out line 93.#server.use-ipv6 = "enable"

– Modify lines 104 and 105 as follows:server.username = "lighttpd1"server.groupname = "lighttpd"



NO TE

This parameter indicates the operation permission. The root user is notrecommended.

– Modify line 115 (path for storing the access page) as follows:server.document-root = server_root + "/webpages"

– Modify line 246 (cache mode) as follows: (The default value is simple.According to the official explanation, fam is better than simple.)server.stat-cache-engine = "fam"

– Add the following content to line 182. (This configuration item is used toconfigure the multi-process mode. The lighttpd process is a singleprocess by default. You can change the value based on the siterequirements.)server.max-worker = 4

3. Save the settings and exit.Press Esc to exit the edit mode and run :wq to save the file.

Step 2 Create a lighttpd user and a lighttpd user group.● Create the group:

groupadd lighttpd

● Create the user:useradd -g lighttpd lighttpd1

Step 3 Change the ownership of the directory.chown lighttpd1 /usr/local/lighttpd/log

Step 4 Compile a test web page in the /usr/local/lighttpd/webpages directory.cd /usr/local/lighttpd/webpages

1. Create an HTML file.vi index.html

2. Add the following content and save the file:<html><head>



<title>lighttpd test</title></head><body><p>this is a testing</p></body></html>

Step 5 Start Lighttpd./usr/local/lighttpd/sbin/lighttpd -f /usr/local/lighttpd/config/lighttpd.conf

Step 6 Check the Lighttpd process.ps -ef | grep lighttpd

Step 7 Verify Lighttpd.

Open the browser and enter http://IP address:80/index.html in the address box. If"this is a testing page" is displayed, the test is successful.

NO TE

● Run the following command to stop Lighttpd:pkill lighttpd

● View the logs:vi /usr/local/lighttpd/log/error.logvi /usr/local/lighttpd/log/access.log

● View the listening port:netstat -anpt | grep 80

----End

8.6 Uninstalling Lighttpd

Uninstalling Lighttpd (Installed by Compiling the Source)

Step 1 During source code compilation and installation, only the corresponding files aregenerated. Therefore, you can directly delete the corresponding directories.rm -rf /usr/local/lighttpdls /usr/local/lighttpd

----End


Step 1 Uninstall Lighttpd.rpm -qa | grep lighttpdrpm -e --nodeps lighttpd-1.4.53

Step 2 If no information is displayed, Lighttpd has been uninstalled.rpm -qa | grep lighttpd

Step 3 Delete the installation directory.rm -rf /usr/local/lighttpd



ls /usr/local/lighttpd

----End



A Change History

Date Description

2021-07-15 This issue is the thirteenth official release.Added the adaptation of each component to openEuler.Removed the Nginx 1.14.2 Porting Guide (openEuler 20.03) andincorporated its content into 1 Nginx1.14.2 Porting Guide.

2021-04-25 This issue is the twelfth official release.Modified the commands in 7.4.2 Compiling and InstallingHAProxy from Source Code to make them consistent with thefigures.

2021-03-23 This issue is the eleventh official release.Change the solution name from "Kunpeng Web Solution" toKunpeng BoostKit for Web.

2020-12-15 This issue is the tenth official release.● Optimized the document to enable commands and code

segments in this document to be copied and executed.● Modified the description of some operations.

2020-11-16 This issue is the ninth official release.Tengine 2.2.2 Porting Guide (CentOS 7.6):Modified the code in 3.4.2 Installing Tengine by Compiling theSource Code.

2020-10-27 This issue is the eighth official release.Modified the description of some operations.

2020-10-10 This issue is the seventh official release.Added } to the code in 1.5.2 Configuring Functions.

2020-09-23 This issue is the sixth official release.Added the Nginx 1.14.2 Porting Guide (openEuler 20.03).

Kunpeng BoostKit for WebPorting Guide (Web Middleware) A Change History


Date Description

2020-09-21 This issue is the fifth official release.● Changed "Web Application Solution" to "Web Solution".● Added another method of starting Nginx in 1.5.3 Running

Nginx.

2020-09-02 This issue is the fourth official release.Nginx 1.14.2 Porting Guide (CentOS 7.6):Added 1.5.2 Configuring Functions, 1.5.4 Verifying Nginx, and1.6 Uninstalling Nginx.

2020-08-26 This issue is the third official release.Tengine 2.2.2 Porting Guide (CentOS 7.6):● Deleted the procedure for downloading the KAE RPM package

in 3.4.2 Installing Tengine by Compiling the Source Code.



Date Description

2020-05-09 This issue is the second official release.● Nginx 1.14.2 Porting Guide (CentOS 7.6):

– Deleted the procedure for verifying Nginx by performingtest cases in 1.5.3 Running Nginx.

– Added the procedure for downloading the one-click scriptpackage in 1.4.5 Installing Nginx by Using a Script.

– Added a "Caution" in 1.5.1 Generating a Certificate.● Apache 2.4.39 Porting Guide (CentOS 7.6):

– Deleted the procedure for verifying Apache by performingtest cases in 2.5 Running and Verifying Apache.

– Added the procedure for downloading the one-click scriptpackage in 2.4.5 Installing Apache by Using a Script.

● Tengine 2.2.2 Porting Guide (CentOS 7.6):– Deleted the procedure for verifying Tengine by performing

test cases and added three Cautions in 3.5.3 RunningTengine.

– Added a Note in 3.5.1 Generating a Certificate.– Added the procedure for downloading the one-click script

package in 3.4.5 Installing Tengine by Using a Script.● Memcached 1.512 Porting Guide (CentOS 7.6):

– Deleted the procedure for verifying Memcached byperforming test cases in 4.5 Running and VerifyingMemcached.

– Moved "More Resources" to 4.5 Running and VerifyingMemcached.

● Squid 4.8 Porting Guide (CentOS 7.6):– Deleted the procedure for verifying Squid by performing test

cases in 5.5 Running and Verifying Squid.– Added the procedure for downloading the one-click script

package in 5.4.5 Installing Squid by Using a Script.● Varnish 6.2.0 Porting Guide (CentOS 7.6):

– Deleted the procedure for verifying Varnish by performingtest cases in 6.5 Running and Verifying Varnish.

– Added the procedure for downloading the one-click scriptpackage in 6.4.5 Installing Varnish by Using a Script.

● HAProxy 1.9.0 Porting Guide (CentOS 7.6):Added the procedure for downloading the one-click scriptpackage in 7.4.5 Installing HAProxy by Using a Script.

● Lighttpd 1.4.53 Porting Guide (CentOS 7.6):Added the procedure for downloading the one-click scriptpackage in 8.4.5 Installing Lighttpd by Using a Script.

2020-03-20 This issue is the first official release.



porting guide (web middleware)

Documents