day12-nginx

nginx

前台服务器并发大

安装nginx

useradd –s /sbin/nologin nginx

tar xf nginx-xxx.tar.gz

yum install –y gcc pcre-devel openssl-devel

./configure --prefix=/etc/nginx --user=nginx --group=nginx --with-http_ssl_module --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log

 1 nginx path prefix: "/etc/nginx"
 2 
 3 nginx binary file: "/etc/nginx/sbin/nginx"
 4 
 5 nginx modules path: "/etc/nginx/modules"
 6 
 7 nginx configuration prefix: "/etc/nginx/conf"
 8 
 9 nginx configuration file: "/etc/nginx/conf/nginx.conf"
10 
11 nginx pid file: "/etc/nginx/logs/nginx.pid"
12 
13 nginx error log file: "/var/log/nginx/error.log"
14 
15 nginx http access log file: "/var/log/nginx/access.log"
16 
17 nginx http client request body temporary files: "client_body_temp"
18 
19 nginx http proxy temporary files: "proxy_temp"
20 
21 nginx http fastcgi temporary files: "fastcgi_temp"
22 
23 nginx http uwsgi temporary files: "uwsgi_temp"
24 
25 nginx http scgi temporary files: "scgi_temp"
26 
27 make && make install

 

注意:默认该软件不提供启动脚本

   

nginx配置文件及目录

/etc/nginx        安装目录

/etc/nginx/conf/nginx.conf        主配置文件

/etc/nginx/html        网页目录

/etc/nginx/logs        日志文件

sbin/nginx        启动脚本

   

启动nginx服务

-v    查看nginx

-V    查看编译参数

-t    测试默认配置文件

-c    指定配置文件

 

[root@localhost sbin]# ./nginx -v

nginx version: nginx/1.10.1

[root@localhost sbin]# ./nginx -V

nginx version: nginx/1.10.1

built by gcc 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC)

built with OpenSSL 1.0.0-fips 29 Mar 2010

TLS SNI support enabled

configure arguments: --prefix=/etc/nginx --user=nginx --group=nginx --with-http_ssl_module --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log

[root@localhost sbin]# ./nginx -t

nginx: the configuration file /etc/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/conf/nginx.conf test is successful

 

停止nginx

格式:pkill/kill    信号    进程名/pid号

常用信号

TERM,INT    快速关闭

QUIT    从容关闭,关闭主进程顺便关闭工作子进程

HUP    重载配置用新的配置        相当于服务reload,服务不关闭,重新读取配置文件

kill -HUP `cat /var/run/nginx.pid`

USR1    重新打开日志文件

USR2    平滑升级可执行程序        服务不关闭,升级程序

WINCH    从容关闭工作进程,不会立即关闭子进程

   

可使用kill –l 查看

kill    PID        默认是    15) SIGTERM

kill    -9    为    9) SIGKILL    

ctrl+c    为    2) SIGINT

   

/usr/local/nginx/sbin/nginx        开启服务

/usr/local/nginx/sbin/nginx –s stop    关闭服务

   

升级nginx

[root@localhost sbin]# /etc/nginx/sbin/nginx -V

nginx version: nginx/1.10.1

built by gcc 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC)

built with OpenSSL 1.0.0-fips 29 Mar 2010

TLS SNI support enabled

configure arguments: --prefix=/etc/nginx --user=nginx --group=nginx --with-http_ssl_module --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log

 

tar xf nginx-xxx1.tar.gz

./configure --prefix=/etc/nginx --user=nginx --group=nginx --with-http_ssl_module --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log

make

cd /etc/nginx/sbin

mv nginx nginxold    备份以前版本的nginx程序

cd nginx/objs    打开新版本的nginx目录下的objs

[root@localhost nginx-1.11.4]# cp objs/nginx /etc/nginx/sbin/nginx    复制新版本的nginx程序

cd ..

make upgrade

[root@localhost ~]# /etc/nginx/sbin/nginx -v

nginx version: nginx/1.11.4

 

主配置选项:

 1 user nginx        进程所有者
 2 
 3 worker_processes 1;    启动进程数量,(推荐:最好等于CPU核心的数量)
 4 
 5 error_log /var/log/nginx/error.log;    日志文件
 6 
 7 pid    /var/run/nignx.pid;    PID文件
 8 
 9 events {    
10 
11     use epoll;
12 
13     worker_connections    1024;        单个进程最大并发量
14 
15 }
16 
17 keepalive_timeout 65    保持连接,超时时间
18 
19 tcp_nodelay    on;    禁用nagle        禁用延迟.无等待(要求并发量高,设置)
20 
21 gzip    on;    开启gzip压缩        提高速度
22 
23 gzip_min_length    1000;    最小压缩文件大小
24 
25 gzip_disable "MISE[1-6]\.(?!.*SV1)";    针对IE禁用gzip
26 
27    
28 
29 server{        定义虚拟主机
30 
31     listen 80;
32 
33     server_name web1.myweb.com;
34 
35     location / {    发布目录    相当于http://192.168.100.100/根下
36 
37         root html;
38 
39         index index.html index.htm index.php;
40 
41         allow 192.168.100.101;        只允许192.168.100.101访问
42 
43         deny all;
44 
45         auth_basic "auth-domain";            //开启账户验证
46 
47         auth_basic_user_file /usr/local/nginx/conf/user.list;        //指定账户及密码的保存文件路径
48 
49 }
50 
51 }

 

   

创建密码文件:

yum install -y

yum whatprovides /usr/bin/htpasswd         查看这条命令来自哪个包

htpasswd –c /etc/nginx/conf/user.list 用户名    第一次创建加-c选项 下次创建用户无需加c

htpasswd /etc/nginx/conf/user.list用户名

可以对密码进行加密

htpasswd –cm /usr/local/nginx/conf/ user.list 用户名

   

 

启动脚本(简单实现功能,以后会改善)

 1 #!/bin/bash
 2 
 3 # chkconfig: - 85 15
 4 
 5 case "$1" in
 6 
 7 start)
 8 
 9 /etc/nginx/sbin/nginx
10 
11 echo "$0:nginx ok..."
12 
13 ;;
14 
15 stop)
16 
17 /etc/nginx/sbin/nginx -s stop
18 
19 #kill -INT `cat /var/run/nginx.pid`
20 
21 echo "$0:nginx stop..."
22 
23 ;;
24 
25 reload)
26 /etc/nginx/sbin/nginx -s reload
27 #kill -HUP `cat /var/run/nginx.pid`
28 
29 echo "$0:nginx reload..."
30 
31 ;;
32 
33 *)
34 
35 echo "$0:start|stop|restart|reload"
36 
37 esac

 

 

虚拟主机

 1 server{
 2 
 3 listen 80;
 4 
 5 server_name www.web1.com;
 6 
 7 location / {
 8 
 9 root web1;
10 
11 index index.html index.htm;
12 
13 }
14 
15 }
16 
17 server{
18 
19 listen 80;
20 
21 server_name www.web2.com;
22 
23 location / {
24 
25 root web2;
26 
27 index index.html;
28 
29 }

 

 

基于SSL的网站

加密算法:对称加密,非对称加密

基于SSL的网站基于非对称加密算法

需要生产:私钥、证书

生产私钥和证书

# openssl genrsa -out cert.key 2048            

生成密钥,gen后面是RSA算法,cret.key是文件名字

# openssl req -new -x509 -key cert.key -out cert.pem    用私钥生成证书

[root@localhost nginx]# ls cert.*

cert.key cert.pem

 

# cp cert.* /etc/nginx/conf  默认放在nginx/conf目录下

 配置文件

 

 1     keepalive_timeout  65;
 2     gzip  on;
 3     gzip_min_length 1000;
 4     gzip_disable "MISE[1-6]\.(?!.*SV1)";
 5         server{
 6                 listen 80;
 7                 server_name www.web1.com;
 8                 location / {
 9                         root web1;
10                         index index.html index.htm;
11 #                       auth_basic "auth-domain";
12 #                       auth_basic_user_file /etc/nginx/conf/user.list;
13                 }
14         }
15 
16 #user  nobody;
17 user nginx;
18 worker_processes  1;
19 error_log  /var/log/nginx/error.log;
20 #error_log  logs/error.log  notice;
21 #error_log  logs/error.log  info;
22 pid        /var/run/nginx.pid;
23 events {
24     use epoll;
25     worker_connections  1024;
26 }
27 http {
28     include       mime.types;
29     default_type  application/octet-stream;
30     #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
31     #                  '$status $body_bytes_sent "$http_referer" '
32     #                  '"$http_user_agent" "$http_x_forwarded_for"';
33     #access_log  logs/access.log  main;
34     sendfile        on;
35     tcp_nopush     on;
36     #keepalive_timeout  0;
37         server{
38                 listen 80;
39                 server_name www.web2.com;
40                 location / {
41                 root web2;
42                 index index.html;
43                 }
44         }
45 
46 server {
47         listen 443;
48         server_name www.web3.com;
49         ssl  on;
50         ssl_certificate      cert.pem;
51         ssl_certificate_key  cert.key;
52         location / {
53                 root web3;
54                 index index.html;
55         }}
56         server {
57         listen 443;
58         server_name www.web4.com;
59         ssl  on;
60         ssl_certificate      /etc/nginx/ssl/test.pem;
61         ssl_certificate_key  /etc/nginx/ssl/test.key;
62         location / {
63                 root web4;
64                 index index.html;
65         }
66         }
67 }

 

nginx反向代理

优势:调度快,调试机制丰富

缺点:ACL访问控制简单(没有SQUID功能多),缓存机制

主服务配置文件

upstream test {
        server 192.168.100.101;
        server 192.168.100.102;
}
server {
        listen 80;
        server_name www.test.com;
        location / {
                proxy_pass http://test;
        }
}

 

其他两台192.168.100.101和102,开启WEB服务即可

 客户端验证

这是轮询访问

 

nginx目前支持4种分配方式

轮询(默认)逐一手循环调度

weight指定轮询机率,权重值和访问比率正比

ip_hash每个请求根据访问IP分配一个固定t后端服务器

fair按后端服务器响应时间短的优先分配

状态类型

down:表示当前server暂时不参与负载

max_fails:允许请求失败的次数(默认为1)

fail_timeout:max_fails次失败后,暂停提供服务时间

backup:备份服务器

 

当server 192.168.100.101 weight=2;改为

验证

 

 1 upstream test {
 2         ip_hash;    给同一用户分配固定服务器
 3         server 192.168.100.101 weight=2;权重为2
 4         server 192.168.100.102 max_fails=2 fail_timeout=30;如何该地址有三次连接失败,则宕机30秒
 5         server 192.168.100.103 down; 宕机服务器
 6         server 192.168.100.104 backup;备份服务器 (当前面的服务器都宕机才会启用)
 7 }
 8 server {
 9         listen 80;
10         server_name www.test.com;
11         location / {
12                 proxy_pass http://test;
13         }
14 }

 

posted @ 2016-09-19 17:35  Final233  阅读(261)  评论(0编辑  收藏  举报