Nginx编译安装及简单配置
1、安装依赖包
yum -y install pcre-devel zlib-devel openssl-devel gcc gcc-c++ make //pcre,openssl 可选择编译安装
2、创建应用用户
useradd -M -s /sbin/nologin nginx
3、安装 nginx
#tar xf nginx-1.14.0.tar.gz -C /usr/local/src/ #cd /usr/local/src/nginx-1.14.0/ #./configure \ --prefix=/usr/local/nginx \ --user=nginx \ --group=nginx \ --with-http_stub_status_module \ --with-http_ssl_module \
--with-http_gzip_static_module \ --with-pcre=/home/ap/appuser/web_server/Package/pcre-8.41 \ --with-openssl=/home/ap/appuser/web_server/Package/openssl-1.0.2h \ 注释: --with-http_gzip_static_module //开启gzip静态模块,用于发送预压缩的文件 --with-http_ssl_module //用于支持HTTPS
4、nginx 启动、停止
#/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf //指定配置文件启动 #/usr/local/nginx/sbin/nginx -s reload //平滑重启 #kill -HUP nginx主进程号(cat /usr/local/nginx/logs/nginx.pid) //平滑重启 #/usr/local/nginx/sbin/nginx -s stop //快速停止 #/usr/local/nginx/sbin/nginx -s quit //不接收新的请求,等连接的请求完成在停止(生产建议使用此方法) #/usr/local/nginx/sbin/nginx -t //验证nginx配置文件是否正确
5、nginx 代理
server { listen 8080; server_name localhost; location / { root html; index index.html index.htm; } location /web/ { prox_pass http://127.0.0.1:8080/web/; } location /www/ { prox_pass http://127.0.0.1:8080/web/; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } }
6、nginx 负载均衡
worker_processes 4; //cpu个数或核数 worker_rlimit_nofile 10240; //一个nginx进程打开的最多文件描述符数目,最好与ulimit -n的值保持一致 events { use epoll; //工作模式 worker_connections 10240; //单个worker进程允许客户端最大连接数,进程连接数量要小于等于系统的最大打开文件数、及(ulimit -a|grep "open files") } upstream www_server { #ip_hash; server 192.168.36.154:8001; server 192.168.36.156:8001; } server { listen 80; server_name localhost; access_log logs/access.log main; location / { proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-NginX-Proxy true; proxy_pass http://www_server/; } }
7、nginx 证书配置
server { listen 443 ssl; server_name localhost; ssl_certificate ssl/server.cer; //公钥证书(注意证书路径,我的证书是在nginx/conf/ssl/下) ssl_certificate_key ssl/server.key; //私钥证书 ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; #ssl_ciphers HIGH:!aNULL:!MD5;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
8、nginx 日志切割脚本
#vim /home/ap/apache/web_server/nginx/nginx-log.sh #!/bin/bash #set -x Date=`date -d '-1 day' +%Y%m%d` File="access.log" log_path="/home/ap/apache/web_server/nginx/logs" Pid=`cat /home/ap/apache/web_server/nginx/logs/nginx.pid` backup_file="/home/ap/log/Public/nginx-log" if [ -e /home/ap/apache/web_server/nginx/logs/nginx.pid ];then mv $log_path/$File $backup_file/$File-$Date touch $log_path/$File kill -USR1 $Pid fi #chmod +x /home/ap/apache/web_server/nginx/nginx-log.sh #crontab -e //添加计划任务 0 0 * * * /usr/bin/sh /home/ap/apache/web_server/nginx/nginx-log.sh
9、nginx代理自动添加端口问题
port_in_redirect off;
10、nginx + keepalived
安装keepalived: #tar xvf keepalived-1.3.6.tar.gz #cd keepalived-1.3.6 #./configure --prefix=/usr/local/keepalived --with-ssl=/usr/lib64/openssl --sysconf=/etc/ && make && make install #cp linux-file/keepalived-1.3.6/keepalived/etc/init.d/keepalived /etc/init.d/ #chmod +x /etc/init.d/keepalived #ln -s /usr/local/keepalived/sbin/keepalived /sbin/ 指定日志路径: #vim /etc/sysconfig/keepalived KEEPALIVED_OPTIONS="-D" 修改为 KEEPALIVED_OPTIONS="-D -d -S 0" #vim /etc/rsyslog.d/keepalived.conf local0.* /home/ap/apache/web_server/keepalived/logs/keepalived.log //日志路径 #/etc/init.d/rsyslog restart //重启 rsyslog MAST 配置文件修改: #vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { #notification_email { # acassen@firewall.loc # failover@firewall.loc # sysadmin@firewall.loc #} #notification_email_from Alexandre.Cassen@firewall.loc #smtp_server 192.168.200.1 #smtp_connect_timeout 30 router_id SERVER_1 #vrrp_skip_check_adv_addr #vrrp_strict #vrrp_garp_interval 0 #vrrp_gna_interval 0 } #vrrp_script chk_nginx { # script "/etc/keepalived/nginx_check.sh" # interval 5 #} vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 52 priority 100 mcast_src_ip 172.36.9.129 advert_int 1 authentication { auth_type PASS auth_pass 123456 } #track_script { #chk_nginx #} virtual_ipaddress { 172.36.9.108/24 } } BACKUP 配置文件修改: #vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { #notification_email { # acassen@firewall.loc # failover@firewall.loc # sysadmin@firewall.loc #} #notification_email_from Alexandre.Cassen@firewall.loc #smtp_server 192.168.200.1 #smtp_connect_timeout 30 router_id SERVER_2 #vrrp_skip_check_adv_addr #vrrp_strict #vrrp_garp_interval 0 #vrrp_gna_interval 0 } #vrrp_script chk_nginx { # script "/etc/keepalived/nginx_check.sh" # interval 5 #} vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 52 priority 90 mcast_src_ip 172.36.9.130 advert_int 1 authentication { auth_type PASS auth_pass 123456 } #track_script { #chk_nginx #} virtual_ipaddress { 172.36.9.108/24 } } nginx 检测脚本: #!/bin/bash A=`ps -C nginx --no-header |wc -l` if [ $A -eq 0 ];then echo `date +%Y-%m-%d-%H:%M`': nginx is not healthy, try to killall keepalived' >> /etc/keepalived/keepalived.log /etc/init.d/keepalived stop fi #/etc/init.d/keepalived start //启动
posted on 2019-08-30 11:06 yuxiangling 阅读(257) 评论(0) 收藏 举报
浙公网安备 33010602011771号