Nginx

安装

本文链接：https://www.cnblogs.com/outsrkem/p/11745848.html

安装版本为官网 nginx-1.17.5.tar.gz

手动部署说明

useradd -r -s /sbin/nologin nginx

yum -y install gcc* pcre pcre-devel perl perl-devel zlib zlib-devel openssl openssl-devel
./configure --user=nginx --group=nginx 
--prefix=/usr/local/nginx 
--pid-path=/usr/local/nginx/run/nginx.pid 
--with-http_stub_status_module 
--with-http_ssl_module

make -j && make install -j

find . -type d -name vim -exec cp -a {} ~/.vim ;
cd /usr/local/ && chown -R  nginx.nginx ./nginx/

状态统计

a、安装 nginx 时将 --with-http_stub_status_module 模块开启

b、修改 nginx 配置 server 标签中添加如下内容

./configure --prefix=/usr/local/nginx 
--user=nginx 
--group=nginx 
--with-http_stub_status_module
make && make install

location /nginx-status{
    stub_status on;
    access_log off;
}

c、客户端访问网址:http://IP/nginx-status

反向代理

a、在另外一台机器上安装 apache，并填写测试页面

b、在 nginx 服务器的配置文件 server 标签中添加如下三行，ip 指向被代理的服务器

location ~ .php$ {
    proxy_pass http://192.168.99.4:80;
}

c、重启 nginx，并使用客户端访问测试

负载均衡

a、使用默认的rr轮训算法，修改nginx配置文件
在server标签前添加：

upstream bbs {
    server 192.168.99.4:80;
    server 192.168.99.16:80;
}

在server标签中修改下面3行

location ~ .php$ {
    proxy_pass http://bbs;
}

添加反向代理，代理地址填写upstream声明的名字

upstream bbs {
  server 192.168.99.14:80;
  server 192.168.99.16:80;
}
server {
  listen 80;
  server_name localhost;
location / {
    root html;
    index index.php index.htm;
  }
    error_page 500 502 503 504 /50x.html;
    location = 50x.html {
    root html;
  }
  location ~ .php$ {
    proxy_pass http://bbs;
  }
  location ~ .* {
     proxy_pass http://bbs;
     proxy_set_header Host $http_host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }

}

c、开启并设置两台99.4 & 99.16的主机
安装apache并设置不同的index.html页面内容
d、重启nginx，并使用客户端访问测试

补充：使用rr轮训算法实现加权轮询

upstream itxdl.com {
    server 192.168.88.100:80 weight=1;
    server 192.168.88.200:80 weight=2;
}

 展示目录文件

server {
        listen       80;
        server_name  localhost;
        root         /home/;               # 目录路径      
        location / {
            autoindex on;                  # 打开目录浏览功能
            autoindex_exact_size off;      # on、off：以可读的方式显示文件大小
            autoindex_localtime on;        # on、off：是否以服务器的文件时间作为显示的时间
            charset utf-8,gbk;             # 展示中文文件名
            index index.html;
        }
}

  

http2.0

开启http2.0必须使用https协议

./configure --user=nginx --group=nginx 
--prefix=/usr/local/nginx 
--with-http_stub_status_module 
--with-http_ssl_module 
--with-http_v2_module 
--with-openssl=/root/openssl-1.0.2h #指定该软件位置，且软件版本高于 1.0.1
make && make install

 创建自签证书

mkdir /usr/local/nginx/ssl
cd /usr/local/nginx/ssl
openssl genrsa -out pan.key 2048
openssl req -new -x509 -key pan.key -out pan.crt -subj /C=CN/ST=BJ/L=BJ/O=DEVOPS/CN=nginx.yong.com 

修改server区域,并实现https加密。

server {
        listen     443 ssl http2;        #固定顺序
        server_name  nginx.yong.com;
        ssl_certificate /usr/local/nginx/ssl/pan.crt;
        ssl_certificate_key /usr/local/nginx/ssl/pan.key;
}

说明：

http2.0测试方法

模板网站：https://http2.akamai.com/demo

1：chrome浏览器：下载插件：HTTP/2 and SPDY indicator
2：firefox浏览器：  下载插件：HTTP/2 and SPDY indicator 2.3

HTTP 的性能优化的关键不在于高带宽而是低延迟。
TCP 连接会随着时间进行自我协调，起初会限制连接的最大速度，如果数据传输成功，会随着时间的推移提高传输的速度。
这种调谐则被称为 TCP 慢启动，由于这种原因，让原本具有突发性和短时性的 HTTP 连接变的十分低效。
HTTP2.0 通过让所有的数据流共用一个连接，可以有效的使用 TCP 连接，让高带宽也能真正的服务性能的提升。
1、但连接多资源的方式，减少服务器的连接压力，内存占用更少，连接吞吐量更大
2、由于 TCP 连接的减少而使网络拥堵状况得以改善，同时 TCP 慢启动时间减少，使拥塞和丢包恢复速度更快

创建systenctl脚本

[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/run/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s stop
PrivateTmp=true
Restart=on-failure
RestartSec=2s
[Install]
WantedBy=multi-user.target

相关命令

systemctl daemon-reload
systemctl start nginx.service
systemctl status nginx.service
systemctl enable nginx.service

配置文件

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '{"accessip_list":"$proxy_add_x_forwarded_for",'
                      '"http_host":"$host",'
                      '"@timestamp":"$time_iso8601",'
                      '"method":"$request_method",'
                      '"http_origin":"$http_origin",'
                      '"x_forwarded":"$http_x_forwarded_for",'
                      '"url":"$request_uri",'
                      '"status":"$status",'
                      '"http_referer":"$http_referer",'
                      '"body_bytes_sent":"$body_bytes_sent",'
                      '"request_time":"$request_time",'
                      '"http_user_agent":"$http_user_agent",'
                      '"total_bytes_sent":"$bytes_sent",'
                      '"server_ip":"$server_addr"}';

    access_log  logs/access.log  main;
    server_tokens   off;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    gzip  on;

    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header 'Access-Control-Allow-Origin' $http_origin;
        add_header 'Access-Control-Allow-Methods' 'POST,GET,OPTIONS,PUT,DELETE';
        add_header 'Access-Control-Max-Age' '3600';

        location / {
            root   html;
            index  index.html index.htm;
        }
        location /api/ {

            if ($request_method = 'OPTIONS') {
                add_header 'Access-Control-Allow-Origin' $http_origin;
                add_header 'Access-Control-Allow-Methods' $http_access_control_request_method;
                add_header 'Access-Control-Allow-Credentials' 'true';
                add_header 'Access-Control-Allow-Headers' $http_access_control_request_headers;
                add_header 'Access-Control-Max-Age' '1728000';
                return 204;
             } 
　　　　　　　　# 请求：http://10.10.10.22/api/v1.0/token/   # 后端地址：/v1.0/token/
            proxy_pass http://10.10.10.23/;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
}

#!/bin/bash
function checkPort() {
    counter=$(ps -C nginx --no-heading|wc -l)
    timeout 1 bash -c "cat < /dev/null > /dev/tcp/127.0.0.1/$1" &>/dev/null
    return $?
}

function startNginx(){
    if [ "${counter}" == "0" ]; then
        /usr/local/nginx/sbin/nginx
    else
       /usr/local/nginx/sbin/nginx -s reload
    fi
}

tcpPort=80
checkPort $tcpPort
if [ $? -ne 0 ]; then
    startNginx

    checkPort $tcpPort
    if [ $? -ne 0 ]; then
        startNginx
    fi
fi

yum -y install gd gd-devel
yum -y install libxml2 libxml2-devel libxslt libxslt-devel
yum -y install perl-devel perl-ExtUtils-Embed
yum -y install google-perftools google-perftools-devel

./configure --prefix=/usr/share/nginx 
--sbin-path=/usr/sbin/nginx 
--modules-path=/usr/lib64/nginx/modules 
--conf-path=/etc/nginx/nginx.conf 
--error-log-path=/var/log/nginx/error.log 
--http-log-path=/var/log/nginx/access.log 
--http-client-body-temp-path=/var/lib/nginx/tmp/client_body 
--http-proxy-temp-path=/var/lib/nginx/tmp/proxy 
--http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi 
--http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi 
--http-scgi-temp-path=/var/lib/nginx/tmp/scgi 
--pid-path=/run/nginx.pid 
--lock-path=/run/lock/subsys/nginx 
--user=nginx 
--group=nginx 
--with-file-aio 
--with-http_ssl_module 
--with-http_v2_module 
--with-http_realip_module 
--with-stream_ssl_preread_module 
--with-http_addition_module 
--with-http_xslt_module=dynamic 
--with-http_image_filter_module=dynamic 
--with-http_sub_module 
--with-http_dav_module 
--with-http_flv_module 
--with-http_mp4_module 
--with-http_gunzip_module 
--with-http_gzip_static_module 
--with-http_random_index_module 
--with-http_secure_link_module 
--with-http_degradation_module 
--with-http_slice_module 
--with-http_stub_status_module 
--with-http_perl_module=dynamic 
--with-http_auth_request_module 
--with-mail=dynamic 
--with-mail_ssl_module 
--with-pcre 
--with-pcre-jit 
--with-stream=dynamic 
--with-stream_ssl_module 
--with-google_perftools_module 
--with-debug

Nginx配置文件，HTTP2.0

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;
    keepalive_timeout  65;
    gzip  on;

    server {
        listen       80;
        server_name  localhost;
        rewrite ^(.*)$ https://www.nginx.com permanent;
    }


    # HTTPS server
    #
    server {
        listen       443 ssl http2;
        server_name  localhost;

        ssl_certificate      ../cert/www.pem;
        ssl_certificate_key  ../cert/www-key.pem;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location / {
            root   html;
            index  index.html index.htm;
        }
    }

}