• Nginx


    安装

    本文链接:https://www.cnblogs.com/outsrkem/p/11745848.html

    安装版本为官网 nginx-1.17.5.tar.gz

    手动部署说明

    useradd -r -s /sbin/nologin nginx
    
    yum -y install gcc* pcre pcre-devel perl perl-devel zlib zlib-devel openssl openssl-devel
    ./configure --user=nginx --group=nginx 
    --prefix=/usr/local/nginx 
    --pid-path=/usr/local/nginx/run/nginx.pid
    --with-http_stub_status_module --with-http_ssl_module make -j && make install -j

    find . -type d -name vim -exec cp -a {} ~/.vim ;
    cd /usr/local/ && chown -R  nginx.nginx ./nginx/

    状态统计

    a、安装 nginx 时将 --with-http_stub_status_module 模块开启

    b、修改 nginx 配置 server 标签中添加如下内容

    ./configure --prefix=/usr/local/nginx 
    --user=nginx 
    --group=nginx 
    --with-http_stub_status_module
    make && make install
    location /nginx-status{
        stub_status on;
        access_log off;
    }

    c、客户端访问网址:http://IP/nginx-status

    反向代理

    a、在另外一台机器上安装 apache,并填写测试页面

    b、在 nginx 服务器的配置文件 server 标签中添加如下三行,ip 指向被代理的服务器

    location ~ .php$ {
        proxy_pass http://192.168.99.4:80;
    }

    c、重启 nginx,并使用客户端访问测试

    负载均衡

    a、使用默认的rr轮训算法,修改nginx配置文件
    在server标签前添加:

    upstream bbs {
        server 192.168.99.4:80;
        server 192.168.99.16:80;
    }

    在server标签中修改下面3行

    location ~ .php$ {
        proxy_pass http://bbs;
    }

    添加反向代理,代理地址填写upstream声明的名字

    upstream bbs {
      server 192.168.99.14:80;
      server 192.168.99.16:80;
    }
    server {
      listen 80;
      server_name localhost;
    location / {
        root html;
        index index.php index.htm;
      }
        error_page 500 502 503 504 /50x.html;
        location = 50x.html {
        root html;
      }
      location ~ .php$ {
        proxy_pass http://bbs;
      }
      location ~ .* {
         proxy_pass http://bbs;
         proxy_set_header Host $http_host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      }
    
    }

    c、开启并设置两台99.4 & 99.16的主机
    安装apache并设置不同的index.html页面内容
    d、重启nginx,并使用客户端访问测试

    补充:使用rr轮训算法实现加权轮询

    upstream itxdl.com {
        server 192.168.88.100:80 weight=1;
        server 192.168.88.200:80 weight=2;
    }

     展示目录文件

    server {
            listen       80;
            server_name  localhost;
            root         /home/;               # 目录路径      
            location / {
                autoindex on;                  # 打开目录浏览功能
                autoindex_exact_size off;      # on、off:以可读的方式显示文件大小
                autoindex_localtime on;        # on、off:是否以服务器的文件时间作为显示的时间
                charset utf-8,gbk;             # 展示中文文件名
                index index.html;
            }
    }

      

    http2.0

    开启http2.0必须使用https协议

    ./configure --user=nginx --group=nginx 
    --prefix=/usr/local/nginx 
    --with-http_stub_status_module 
    --with-http_ssl_module 
    --with-http_v2_module 
    --with-openssl=/root/openssl-1.0.2h #指定该软件位置,且软件版本高于 1.0.1
    make && make install

     创建自签证书

    mkdir /usr/local/nginx/ssl
    cd /usr/local/nginx/ssl
    openssl genrsa -out pan.key 2048
    openssl req -new -x509 -key pan.key -out pan.crt -subj /C=CN/ST=BJ/L=BJ/O=DEVOPS/CN=nginx.yong.com 
    

    修改server区域,并实现https加密。

    server {
            listen     443 ssl http2;        #固定顺序
            server_name  nginx.yong.com;
            ssl_certificate /usr/local/nginx/ssl/pan.crt;
            ssl_certificate_key /usr/local/nginx/ssl/pan.key;
    }

    说明:

    http2.0测试方法

    模板网站:https://http2.akamai.com/demo

    1:chrome浏览器:下载插件:HTTP/2 and SPDY indicator
    2:firefox浏览器:  下载插件:HTTP/2 and SPDY indicator 2.3

    HTTP 的性能优化的关键不在于高带宽而是低延迟。
    TCP 连接会随着时间进行自我协调,起初会限制连接的最大速度,如果数据传输成功,会随着时间的推移提高传输的速度。
    这种调谐则被称为 TCP 慢启动,由于这种原因,让原本具有突发性和短时性的 HTTP 连接变的十分低效。
    HTTP2.0 通过让所有的数据流共用一个连接,可以有效的使用 TCP 连接,让高带宽也能真正的服务性能的提升。
    1、但连接多资源的方式,减少服务器的连接压力,内存占用更少,连接吞吐量更大
    2、由于 TCP 连接的减少而使网络拥堵状况得以改善,同时 TCP 慢启动时间减少,使拥塞和丢包恢复速度更快

    创建systenctl脚本

    [Unit]
    Description=nginx - high performance web server
    Documentation=http://nginx.org/en/docs/
    After=network.target remote-fs.target nss-lookup.target
    [Service]
    Type=forking
    PIDFile=/usr/local/nginx/run/nginx.pid
    ExecStartPre=/usr/local/nginx/sbin/nginx -t
    ExecStart=/usr/local/nginx/sbin/nginx
    ExecReload=/usr/local/nginx/sbin/nginx -s reload
    ExecStop=/usr/local/nginx/sbin/nginx -s stop
    PrivateTmp=true
    Restart=on-failure
    RestartSec=2s
    [Install]
    WantedBy=multi-user.target

    相关命令

    systemctl daemon-reload
    systemctl start nginx.service
    systemctl status nginx.service
    systemctl enable nginx.service

    配置文件

    #user  nobody;
    worker_processes  1;
    
    #error_log  logs/error.log;
    #error_log  logs/error.log  notice;
    #error_log  logs/error.log  info;
    
    #pid        logs/nginx.pid;
    
    
    events {
        worker_connections  1024;
    }
    
    
    http {
        include       mime.types;
        default_type  application/octet-stream;
    
        log_format  main  '{"accessip_list":"$proxy_add_x_forwarded_for",'
                          '"http_host":"$host",'
                          '"@timestamp":"$time_iso8601",'
                          '"method":"$request_method",'
                          '"http_origin":"$http_origin",'
                          '"x_forwarded":"$http_x_forwarded_for",'
                          '"url":"$request_uri",'
                          '"status":"$status",'
                          '"http_referer":"$http_referer",'
                          '"body_bytes_sent":"$body_bytes_sent",'
                          '"request_time":"$request_time",'
                          '"http_user_agent":"$http_user_agent",'
                          '"total_bytes_sent":"$bytes_sent",'
                          '"server_ip":"$server_addr"}';
    
        access_log  logs/access.log  main;
        server_tokens   off;
    
        sendfile        on;
        #tcp_nopush     on;
    
        #keepalive_timeout  0;
        keepalive_timeout  65;
    
        gzip  on;
    
        server {
            listen       80;
            server_name  localhost;
    
            #charset koi8-r;
    
            #access_log  logs/host.access.log  main;
    
            add_header 'Access-Control-Allow-Credentials' 'true';
            add_header 'Access-Control-Allow-Origin' $http_origin;
            add_header 'Access-Control-Allow-Methods' 'POST,GET,OPTIONS,PUT,DELETE';
            add_header 'Access-Control-Max-Age' '3600';
    
            location / {
                root   html;
                index  index.html index.htm;
            }
            location /api/ {
    
                if ($request_method = 'OPTIONS') {
                    add_header 'Access-Control-Allow-Origin' $http_origin;
                    add_header 'Access-Control-Allow-Methods' $http_access_control_request_method;
                    add_header 'Access-Control-Allow-Credentials' 'true';
                    add_header 'Access-Control-Allow-Headers' $http_access_control_request_headers;
                    add_header 'Access-Control-Max-Age' '1728000';
                    return 204;
                 } 
            # 请求:http://10.10.10.22/api/v1.0/token/   # 后端地址:/v1.0/token/
                proxy_pass http://10.10.10.23/;
            }
    
            error_page   500 502 503 504  /50x.html;
            location = /50x.html {
                root   html;
            }
        }
    }
    #!/bin/bash
    function checkPort() {
        counter=$(ps -C nginx --no-heading|wc -l)
        timeout 1 bash -c "cat < /dev/null > /dev/tcp/127.0.0.1/$1" &>/dev/null
        return $?
    }
    
    function startNginx(){
        if [ "${counter}" == "0" ]; then
            /usr/local/nginx/sbin/nginx
        else
           /usr/local/nginx/sbin/nginx -s reload
        fi
    }
    
    tcpPort=80
    checkPort $tcpPort
    if [ $? -ne 0 ]; then
        startNginx
    
        checkPort $tcpPort
        if [ $? -ne 0 ]; then
            startNginx
        fi
    fi
    yum -y install gd gd-devel
    yum -y install libxml2 libxml2-devel libxslt libxslt-devel
    yum -y install perl-devel perl-ExtUtils-Embed
    yum -y install google-perftools google-perftools-devel
    
    ./configure --prefix=/usr/share/nginx 
    --sbin-path=/usr/sbin/nginx 
    --modules-path=/usr/lib64/nginx/modules 
    --conf-path=/etc/nginx/nginx.conf 
    --error-log-path=/var/log/nginx/error.log 
    --http-log-path=/var/log/nginx/access.log 
    --http-client-body-temp-path=/var/lib/nginx/tmp/client_body 
    --http-proxy-temp-path=/var/lib/nginx/tmp/proxy 
    --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi 
    --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi 
    --http-scgi-temp-path=/var/lib/nginx/tmp/scgi 
    --pid-path=/run/nginx.pid 
    --lock-path=/run/lock/subsys/nginx 
    --user=nginx 
    --group=nginx 
    --with-file-aio 
    --with-http_ssl_module 
    --with-http_v2_module 
    --with-http_realip_module 
    --with-stream_ssl_preread_module 
    --with-http_addition_module 
    --with-http_xslt_module=dynamic 
    --with-http_image_filter_module=dynamic 
    --with-http_sub_module 
    --with-http_dav_module 
    --with-http_flv_module 
    --with-http_mp4_module 
    --with-http_gunzip_module 
    --with-http_gzip_static_module 
    --with-http_random_index_module 
    --with-http_secure_link_module 
    --with-http_degradation_module 
    --with-http_slice_module 
    --with-http_stub_status_module 
    --with-http_perl_module=dynamic 
    --with-http_auth_request_module 
    --with-mail=dynamic 
    --with-mail_ssl_module 
    --with-pcre 
    --with-pcre-jit 
    --with-stream=dynamic 
    --with-stream_ssl_module 
    --with-google_perftools_module 
    --with-debug

    Nginx配置文件,HTTP2.0

    #user  nobody;
    worker_processes  1;
    
    #error_log  logs/error.log;
    #error_log  logs/error.log  notice;
    #error_log  logs/error.log  info;
    
    #pid        logs/nginx.pid;
    
    
    events {
        worker_connections  1024;
    }
    
    
    http {
        include       mime.types;
        default_type  application/octet-stream;
    
        #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
        #                  '$status $body_bytes_sent "$http_referer" '
        #                  '"$http_user_agent" "$http_x_forwarded_for"';
    
        #access_log  logs/access.log  main;
    
        sendfile        on;
        #tcp_nopush     on;
        keepalive_timeout  65;
        gzip  on;
    
        server {
            listen       80;
            server_name  localhost;
            rewrite ^(.*)$ https://www.nginx.com permanent;
        }
    
    
        # HTTPS server
        #
        server {
            listen       443 ssl http2;
            server_name  localhost;
    
            ssl_certificate      ../cert/www.pem;
            ssl_certificate_key  ../cert/www-key.pem;
    
            ssl_session_cache    shared:SSL:1m;
            ssl_session_timeout  5m;
    
            ssl_ciphers  HIGH:!aNULL:!MD5;
            ssl_prefer_server_ciphers  on;
    
            location / {
                root   html;
                index  index.html index.htm;
            }
        }
    
    }


    作者:Outsrkem
    出处:https://www.cnblogs.com/outsrkem/
    本文版权归作者和博客园共有,欢迎转载,但未经作者同意必须保留此段声明,且在文章页面明显位置给出原文连接,否则保留追究法律责任的权利。

  • 相关阅读:
    我的公众号 猫和大叔(maohedashu)
    centos编译php时出现make: *** [sapi/fpm/phpfpm] Error 1
    如何在centos和linux等主机上安装 pstree
    如何在centos下卸载干净nginx
    监控感悟(一)
    ant design vue 获取上传图片的像素
    ant vue中atree默认展开指定的树节点不起作用
    uniapp中组件属性设置不生效的解决方案
    vue+canvas实现简易画板
    ant design vue级联选择懒加载省市区三级数据
  • 原文地址:https://www.cnblogs.com/outsrkem/p/11745848.html
Copyright © 2020-2023  润新知