Nginx 部署及配置

Tengine + Luajit2

系统账号及环境配置

sudo useradd -g 100 -u 200 user_00
sudo groupadd -g 300 www
sudo useradd -g 300 -u 300 -s /sbin/nologin www
sudo mkdir -p /usr/local/services/src
sudo chown -R user_00.usrs /usr/local/services
su - user_00
cd /usr/local/services/src

LuaJIT部署

$ wget http://luajit.org/download/LuaJIT-2.1.0-beta2.tar.gz
tar xf LuaJIT-2.1.0-beta1.tar.gz
cd LuaJIT-2.1.0-beta1
make PREFIX=/usr/local/services
make install PREFIX=/usr/local/services
echo "/usr/local/services/lib" |sudo tee -a /etc/ld.so.conf
sudo ldconfig

Tengine 部署

$ wget http://tengine.taobao.org/download/tengine-2.1.2.tar.gz
$ wget ftp://ftp.lanet.lv/pub/unix/security/libmd5-0.8.2b.tar.gz
$ wget https://sourceforge.net/projects/pcre/files/pcre/8.39/pcre-8.39.tar.gz/download
$ wget https://www.openssl.org/source/openssl-1.0.2j.tar.gz
$ ./configure \
--prefix=/usr/local/services/tengine-2.1.2 \
--user=www \
--group=www \
--with-http_ssl_module \
--with-http_lua_module \
--with-http_realip_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-sha1=/usr \
--with-openssl=/usr/local/services/src/openssl-1.0.2j \
--with-md5=/usr/local/services/src/md5 \
--with-pcre=/usr/local/services/src/pcre-8.39 \
--with-luajit-inc=/usr/local/services/include/luajit-2.1 \
--with-luajit-lib=/usr/local/services/lib \
--without-select_module --without-poll_module \
--without-http_userid_module \
--without-mail_pop3_module \
--without-mail_imap_module >/dev/null
make >/dev/null && make install >/dev/null
 
cd /usr/local/services/tengine-2.1.2
mkdir {temp,conf/sites-{available,enabled}}
sudo chown www.www temp

Tengine 主配置文件

cd /usr/local/services/tengine-2.1.2/conf
cat nginx.conf
user www www;
worker_processes 2;
worker_cpu_affinity auto;
pid        logs/nginx.pid;
error_log  logs/error.log  error;
#Specifies the value for maximum file descriptors that can be opened by this process.
events {
    use epoll;
    worker_connections  102400;
}
worker_rlimit_nofile 102400;
http {
    include       mime.types;
    server_info   off;
    server_tokens off;
    server_tag    off;
    default_type  application/octet-stream;
    real_ip_header X-Forwarded-For;
    set_real_ip_from 172.31.0.0/16;
    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" $request_time $upstream_response_time $host';
    server_names_hash_bucket_size 256;
    client_header_buffer_size 256k;
    large_client_header_buffers 8 128k;
    client_max_body_size    8m;
    sendfile          on;
    tcp_nopush        on;
    tcp_nodelay       on;
    keepalive_timeout 60;
    proxy_connect_timeout 100s;
    proxy_read_timeout 300;
    proxy_send_timeout 300;
    proxy_buffer_size 512k;
    proxy_buffers  16 256k;
    proxy_busy_buffers_size 512k;
    proxy_temp_file_write_size 512k;
    proxy_ignore_client_abort on;
    gzip              on;
    gzip_min_length   1k;
    gzip_buffers      4 16k;
    gzip_http_version 1.0;
    gzip_comp_level   2;
    gzip_types        text/plain application/javascript application/x-javascript text/css application/xml text/javascript;
    gzip_vary         on;
    charset           utf-8;
    access_log        logs/access.log main;
    log_not_found     off;
    ssi               on;
    ssi_silent_errors on;
    ssi_types         text/shtml;
    fastcgi_temp_path     temp/fastcgi_temp;
    client_body_temp_path temp/client_body_temp;
    proxy_temp_path       temp/proxy_temp;
    scgi_temp_path        temp/scgi_temp;
    uwsgi_temp_path       temp/uwsgi_temp;
    #error_page  500 502 503 504      /50x.html;
    #error_page  400 403 405 408 404  /40x.html;
    req_status_zone server "$host" 256M;
    req_status_zone_add_indicator server $limit;
    upstream appname {
        server 127.0.0.1:8000     weight=1;
        server 127.0.0.2:8000     weight=1;
        keepalive 600;
        check interval=5000 rise=2 fall=5 timeout=1000 type=http;
        check_keepalive_requests 100;
        check_http_send "HEAD / HTTP/1.0\r\nConnection: keep-alive\r\n\r\n";
        check_http_expect_alive http_2xx http_3xx;
    }
    server {
        listen       80 default;
        server_name  _;
        return       444;
        access_log   off;
    }
include sites-enabled/*.conf;
}

Tomcat 动静分离

cd /usr/local/services/tengine-2.1.2/conf/sites-available
cat www.soa.com.conf
server {
    listen      80;
    server_name www.soa.com;
    root        /data/apps/soa/appname;
    req_status  server;
 
    location / {
        index index.html index.jsp;
        try_files $uri $uri/ @proxy;
    }
 
    location @proxy {
        proxy_pass http://appname;
    }
 
    location ~ \.jsp$ {
        proxy_redirect off;
        proxy_pass http://www.esearchapi.com;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
 
    location ~ .*\.(js|css)?$ {
        expires      12h;
    }
 
    location ~ .*\.(gif|jpg|jpeg|png|bmp)$ {
        expires      1d;
    }
}

Tengine 运行状态,用于监控

cd /usr/local/services/tengine-2.1.2/conf/sites-available
cat 127.0.0.1.conf
server {
    listen          80;
    server_name     127.0.0.1;
    access_log      off;
 
    set $limit 0;
    if ($arg_limit = '1') { set $limit 1; }
 
    location /stats {
        stub_status on;
    }  
 
    location /upstream_stats {
        check_status;
    }  
 
    location /request_stats {
        req_status_show;
        req_status_show_field req_total conn_total bytes_in bytes_out rt
        http_200 http_404 http_403 http_500 http_502 http_503 http_504
        http_2xx http_3xx http_4xx http_5xx http_other_status $limit;
    }  
}
posted @ 2017-07-19 10:33  dba_devops  阅读(515)  评论(0编辑  收藏  举报