安装
本文链接:https://www.cnblogs.com/outsrkem/p/11745848.html
安装版本为官网 nginx-1.17.5.tar.gz
手动部署说明
useradd -r -s /sbin/nologin nginx yum -y install gcc* pcre pcre-devel perl perl-devel zlib zlib-devel openssl openssl-devel ./configure --user=nginx --group=nginx --prefix=/usr/local/nginx
--pid-path=/usr/local/nginx/run/nginx.pid --with-http_stub_status_module --with-http_ssl_module make -j && make install -j
find . -type d -name vim -exec cp -a {} ~/.vim ;
cd /usr/local/ && chown -R nginx.nginx ./nginx/
状态统计
a、安装 nginx 时将 --with-http_stub_status_module 模块开启
b、修改 nginx 配置 server 标签中添加如下内容
./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module make && make install
location /nginx-status{
stub_status on;
access_log off;
}
c、客户端访问网址:http://IP/nginx-status
反向代理
a、在另外一台机器上安装 apache,并填写测试页面
b、在 nginx 服务器的配置文件 server 标签中添加如下三行,ip 指向被代理的服务器
location ~ .php$ { proxy_pass http://192.168.99.4:80; }
c、重启 nginx,并使用客户端访问测试
负载均衡
a、使用默认的rr轮训算法,修改nginx配置文件
在server标签前添加:
upstream bbs { server 192.168.99.4:80; server 192.168.99.16:80; }
在server标签中修改下面3行
location ~ .php$ { proxy_pass http://bbs; }
添加反向代理,代理地址填写upstream声明的名字
upstream bbs { server 192.168.99.14:80; server 192.168.99.16:80; } server { listen 80; server_name localhost; location / { root html; index index.php index.htm; } error_page 500 502 503 504 /50x.html; location = 50x.html { root html; } location ~ .php$ { proxy_pass http://bbs; } location ~ .* { proxy_pass http://bbs; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
c、开启并设置两台99.4 & 99.16的主机
安装apache并设置不同的index.html页面内容
d、重启nginx,并使用客户端访问测试
补充:使用rr轮训算法实现加权轮询
upstream itxdl.com { server 192.168.88.100:80 weight=1; server 192.168.88.200:80 weight=2; }
展示目录文件
server { listen 80; server_name localhost; root /home/; # 目录路径 location / { autoindex on; # 打开目录浏览功能 autoindex_exact_size off; # on、off:以可读的方式显示文件大小 autoindex_localtime on; # on、off:是否以服务器的文件时间作为显示的时间 charset utf-8,gbk; # 展示中文文件名 index index.html; } }
http2.0
开启http2.0必须使用https协议
./configure --user=nginx --group=nginx --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-openssl=/root/openssl-1.0.2h #指定该软件位置,且软件版本高于 1.0.1
make && make install
创建自签证书
mkdir /usr/local/nginx/ssl cd /usr/local/nginx/ssl openssl genrsa -out pan.key 2048 openssl req -new -x509 -key pan.key -out pan.crt -subj /C=CN/ST=BJ/L=BJ/O=DEVOPS/CN=nginx.yong.com
修改server区域,并实现https加密。
server { listen 443 ssl http2; #固定顺序 server_name nginx.yong.com; ssl_certificate /usr/local/nginx/ssl/pan.crt; ssl_certificate_key /usr/local/nginx/ssl/pan.key; }
说明:
http2.0测试方法
模板网站:https://http2.akamai.com/demo
1:chrome浏览器:下载插件:HTTP/2 and SPDY indicator
2:firefox浏览器: 下载插件:HTTP/2 and SPDY indicator 2.3
HTTP 的性能优化的关键不在于高带宽而是低延迟。
TCP 连接会随着时间进行自我协调,起初会限制连接的最大速度,如果数据传输成功,会随着时间的推移提高传输的速度。
这种调谐则被称为 TCP 慢启动,由于这种原因,让原本具有突发性和短时性的 HTTP 连接变的十分低效。
HTTP2.0 通过让所有的数据流共用一个连接,可以有效的使用 TCP 连接,让高带宽也能真正的服务性能的提升。
1、但连接多资源的方式,减少服务器的连接压力,内存占用更少,连接吞吐量更大
2、由于 TCP 连接的减少而使网络拥堵状况得以改善,同时 TCP 慢启动时间减少,使拥塞和丢包恢复速度更快
创建systenctl脚本
[Unit] Description=nginx - high performance web server Documentation=http://nginx.org/en/docs/ After=network.target remote-fs.target nss-lookup.target [Service] Type=forking PIDFile=/usr/local/nginx/run/nginx.pid ExecStartPre=/usr/local/nginx/sbin/nginx -t ExecStart=/usr/local/nginx/sbin/nginx ExecReload=/usr/local/nginx/sbin/nginx -s reload ExecStop=/usr/local/nginx/sbin/nginx -s stop PrivateTmp=true Restart=on-failure RestartSec=2s [Install] WantedBy=multi-user.target
相关命令
systemctl daemon-reload
systemctl start nginx.service
systemctl status nginx.service
systemctl enable nginx.service
配置文件
#user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; log_format main '{"accessip_list":"$proxy_add_x_forwarded_for",' '"http_host":"$host",' '"@timestamp":"$time_iso8601",' '"method":"$request_method",' '"http_origin":"$http_origin",' '"x_forwarded":"$http_x_forwarded_for",' '"url":"$request_uri",' '"status":"$status",' '"http_referer":"$http_referer",' '"body_bytes_sent":"$body_bytes_sent",' '"request_time":"$request_time",' '"http_user_agent":"$http_user_agent",' '"total_bytes_sent":"$bytes_sent",' '"server_ip":"$server_addr"}'; access_log logs/access.log main; server_tokens off; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; gzip on; server { listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Origin' $http_origin; add_header 'Access-Control-Allow-Methods' 'POST,GET,OPTIONS,PUT,DELETE'; add_header 'Access-Control-Max-Age' '3600'; location / { root html; index index.html index.htm; } location /api/ { if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' $http_origin; add_header 'Access-Control-Allow-Methods' $http_access_control_request_method; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Headers' $http_access_control_request_headers; add_header 'Access-Control-Max-Age' '1728000'; return 204; } # 请求:http://10.10.10.22/api/v1.0/token/ # 后端地址:/v1.0/token/ proxy_pass http://10.10.10.23/; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } }
#!/bin/bash function checkPort() { counter=$(ps -C nginx --no-heading|wc -l) timeout 1 bash -c "cat < /dev/null > /dev/tcp/127.0.0.1/$1" &>/dev/null return $? } function startNginx(){ if [ "${counter}" == "0" ]; then /usr/local/nginx/sbin/nginx else /usr/local/nginx/sbin/nginx -s reload fi } tcpPort=80 checkPort $tcpPort if [ $? -ne 0 ]; then startNginx checkPort $tcpPort if [ $? -ne 0 ]; then startNginx fi fi
yum -y install gd gd-devel yum -y install libxml2 libxml2-devel libxslt libxslt-devel yum -y install perl-devel perl-ExtUtils-Embed yum -y install google-perftools google-perftools-devel ./configure --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-stream_ssl_preread_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-http_auth_request_module --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-google_perftools_module --with-debug
Nginx配置文件,HTTP2.0
#user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; gzip on; server { listen 80; server_name localhost; rewrite ^(.*)$ https://www.nginx.com permanent; } # HTTPS server # server { listen 443 ssl http2; server_name localhost; ssl_certificate ../cert/www.pem; ssl_certificate_key ../cert/www-key.pem; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { root html; index index.html index.htm; } } }