Nginx1.19安装优化监控实时同步手册

环境如下:

[root@xxxxx ~]# cat /etc/redhat-release 
CentOS Linux release 7.9.2009 (Core)
[root@xxxxx ~]# ls
nginx-1.19.6         nginx-module-vts-master      nginx-vts-exporter-0.10.7
nginx-1.19.6.tar.gz  nginx-module-vts-master.zip  nginx-vts-exporter-0.10.7.zip

安装

# 添加用户
useradd nginx && usermod -s /sbin/nologin nginx
# 安装依赖
yum install gcc gcc-c++ pcre-devel openssl-devel zlib zlib-devel pcre -y
# 编译安装 nginx-module-vts-master 是监控用的,后面会细说
./configure --prefix=/usr/local/nginx  --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie' --add-module=/root/nginx-module-vts-master/ && make && make install

配置

nginx.conf

user nginx;
worker_processes  auto;
worker_cpu_affinity auto;
error_log  logs/error.log warn;
pid        /var/run/nginx.pid;
worker_rlimit_nofile 65535;

events {
    use epoll;
    worker_connections  65535;
}


http {
    fastcgi_intercept_errors on;
    proxy_intercept_errors on;
    include       mime.types;
    default_type  application/octet-stream;
    charset     UTF-8;
 
    large_client_header_buffers 4 16k;
    client_body_buffer_size 64k;
    proxy_connect_timeout 300;
    proxy_read_timeout 300;
    proxy_send_timeout 300;
    proxy_busy_buffers_size 64k;
    proxy_temp_file_write_size 64k;
    client_header_buffer_size 64k;
    client_max_body_size 50m;
    proxy_buffer_size 64k;
    proxy_buffers 8 32k;

log_format access ' $remote_addr; -; $remote_user; [$time_local]; "$request"; $status; $body_bytes_sent; "$http_referer"; "$http_user_agent"; $http_x_forwarded_for; $server_addr; $upstream_addr; $upstream_response_time; $request_time;';

    access_log  logs/access.log access buffer=32k;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout  120s 120s;
    keepalive_requests 300;

    gzip  on;
    gzip_min_length 1k;
    gzip_buffers 32 4k;
    gzip_http_version 1.1;
    gzip_comp_level 4;
    gzip_types text/plain application/x-javascript application/javascript application/css text/css application/xml text/javascript;
    gzip_vary on;

    include   /usr/local/nginx/conf/vhost/*.conf;
}

https.conf (性能提升的关键)

server {
    listen  443 ssl reuseport http2;
    server_name xx.cn;
    ssl_certificate /usr/local/nginx/cert/xx.cer;
    ssl_certificate_key /usr/local/nginx/cert/xx.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";ssl_prefer_server_ciphers on;
    error_page 400 401 402 403 404  408 410 412 413 414 415 500 501 502 503 506 = /error.html;
}

监控

由于要监控 Nginx 的 qps,需要用到 https://github.com/hnlq715/nginx-vts-exporter,而 Nginx-vts-exporter 又依赖于 nginx-module-vts,nginx-module-vts 前面编译的时候已经添加了该模块了。下面配置一下:

http {
    vhost_traffic_status_zone;

    ...

    server {

        ...

        location /status {
        	allow 192.168.201.0/24;
            deny all;
            vhost_traffic_status_display;
            vhost_traffic_status_display_format html;
        }
    }
}

打开浏览器访问 http://192.168.201.179/status/format/json 即可看到相应指标。这不是重点,看下一个Nginx-vts-exporter,这个自己编译老是有问题,找同事要了现成的包

nohup ./nginx-vts-exporter --nginx.scrape_uri=http://127.0.0.1/status/format/json &

同步

使用 lsyncd + rsyncd 做实时同步。将179的/usr/local/nginx/conf//usr/local/nginx/html目录实时同步到180机器上。

179操作:

yum install lsyncd -y

配置

[root@yyyyy web-service]# cat /etc/lsyncd.conf 
settings {
    logfile = "/tmp/lsyncd.log",         
    statusFile = "/tmp/lsyncd.status",   
    pidfile = "/var/run/lsyncd.pid",         
    statusInterval = 1,                      
    nodaemon = false,                        
    inotifyMode  = "CloseWrite",
    maxProcesses = 1,                        
    maxDelays = 1,                           
}
sync {
    default.rsync,
    source = "/usr/local/nginx/conf/",       
    target = "xx@192.168.201.180::conf", 
    default.rsync,
    source = "/usr/local/nginx/html/",
    target = "xx@192.168.201.180::html",
    exclude = "/image",
rsync = {
    binary = "/usr/bin/rsync", 
    archive = true,            
    compress = false,          
    owner = true,              
    perms = true,              
    whole_file = false,
    password_file = "/etc/passwd.txt"
    }
}
sync {
    default.rsync,
    source = "/usr/local/nginx/html/",
    target = "xx@192.168.201.180::html",
    exclude = "/image",
rsync = {
    binary = "/usr/bin/rsync",
    archive = true,
    compress = false,
    owner = true,
    perms = true,
    whole_file = false,
    password_file = "/etc/passwd.txt"
    }
}

密码文件

[root@yyyyy]# cat /etc/passwd.txt
RFSiGjEgP$$062Lm
[root@yyyyy]# chmod 400 /etc/passwd.txt

180操作:

安装

yum install rsync -y

配置

[root@xxxxx web-service]# cat /etc/rsyncd.conf 
log file = /var/log/rsyncd.log
pidfile = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
secrets file = /etc/rsync.pass 
max connections = 0
uid = root
gid = root
port = 873
use chroot = no
read only = no
list = no
timeout = 600
auth users = xx
hosts allow = 192.168.201.179
hosts deny = 0.0.0.0/32

[html]
path = /usr/local/nginx/html/
comment = html

[conf]
path = /usr/local/nginx/conf/
comment = conf

验证文件

/etc/rsync.pass

[root@xxxxx]# chmod 400 /rsync.pass
[root@xxxxx]# cat /etc/rsync.pass 
xx:RFSiGjEgP$$062Lm

在179新建一个文件,看看是否会实时同步到180

posted @ 2020-12-30 14:43  海口-熟练工  阅读(353)  评论(0编辑  收藏  举报