一、安装nginx
监控检查的安装:https://github.com/yaoweibin/nginx_upstream_check_module
编译参数
./configure \ --prefix=/opt/nginx \ --user=nginx \ --group=nginx \ --conf-path=/opt/nginx/conf/nginx.conf \ --error-log-path=/opt/nginx/log/error.log \ --http-log-path=/opt/nginx/log/access.log \ --http-client-body-temp-path=/opt/nginx/client/ \ --http-proxy-temp-path=/opt/nginx/proxy/ \ --http-fastcgi-temp-path=/opt/nginx/fcgi/ \ --http-uwsgi-temp-path=/opt/nginx/uwsgi \ --http-scgi-temp-path=/opt/nginx/scgi --with-pcre \ --with-http_ssl_module \ --with-http_flv_module \ --with-http_gzip_static_module \ --with-http_stub_status_module \ --with-http_realip_module \ --pid-path=/opt/nginx/nginx.pid \ --with-file-aio --with-http_image_filter_module \ --add-module=/opt/nginx_upstream_check_module-master \ # 健康检查的模块 --with-stream # tcp 协议的模块
1)准备2台服务器,环境一样,同时执行
rpm -ivh http://mirrors.aliyun.com/epel/epel-release-latest-6.noarch.rpm yum install nginx -y vim /etc/sysconfig/iptables 添加80端口 /etc/init.d/iptables restart nginx 启动 [root@nginx-server nginx]# ps -ef|grep nginx root 1439 1 0 19:48 ? 00:00:00 nginx: master process nginx nginx 1440 1439 0 19:48 ? 00:00:00 nginx: worker process root 1644 1325 0 20:10 pts/0 00:00:00 grep nginx
二、修改默认访问页
1)关键配置文件的路径
/usr/share/nginx nginx的前端配置信息 /etc/nginx nginx的相关配置脚本文件
2)nginx的重要命令
nginx -t 检查语法 nginx 启动 nginx -s reload 平滑重启
3)修改其中一个的默认主页,便于观察实现负载均衡
[root@nginx-server ~]# cat /usr/share/nginx/html/index.html I am 192.168.1.29
4)nginx的重点配置文件
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_time 65;
server {
listen 80; # 192.168.1.29:80
server_name www.abcdefg.org;
location / {
root html/www;
index index.html index.htm;
}
}
}
一个server标签则是一个标签
ip映射:192.168.1.29 www.abcdefg.org
三、修改配置文件,实现nginx代理
1)nginx 代理测试(访问外网实质指向内网服务器)。。vhosts是已经做好的代理文件
[root@admin vhosts]# cat xueying.conf server { listen 10051; server_name 110.110.110.110; charset utf8; location / { proxy_pass http://192.168.1.222; } }
1.1)代理tcp协议
stream { upstream cloudsocket { hash $remote_addr consistent; # $binary_remote_addr; server 10.0.5.14:5901 weight=5 max_fails=3 fail_timeout=30s; } server { listen 5901;#数据库服务器监听端口 proxy_connect_timeout 10s; proxy_timeout 300s;#设置客户端和代理服务之间的超时时间,如果5分钟内没操作将自动断开。 proxy_pass cloudsocket; } }
2)以nginx服务代理nginx为例
[root@nginx-server conf.d]# cat test_server.conf
upstream 192.168.1.29 {
server 192.168.1.25:80;
}
server {
listen 80;
server_name 192.168.1.29;
charset utf8;
location / {
proxy_pass http://192.168.1.29;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
访问 192.168.1.29 实质指向了192.168.1.25:80
3)以nginx代理Tomcat服务为例
[root@nginx-server conf.d]# cat test_server.conf
upstream 192.168.1.29 {
server 192.168.1.40:8080;
}
server {
listen 80;
server_name 192.168.1.29;
charset utf8;
location / {
proxy_pass http://192.168.1.29;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
访问 192.168.1.29 实质指向了192.168.1.40:8080
四、实现nginx负载均衡
1)测试情况一。nginx和tomcat的负载均衡
[root@nginx-server conf.d]# cat test_server.conf
upstream 192.168.1.29 {
server 192.168.1.25:80;
server 192.168.1.40:8080;
}
server {
listen 80;
server_name 192.168.1.29;
charset utf8;
location / {
proxy_pass http://192.168.1.29;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:6969; client_max_body_size 20m; }
2) 更换端口实现负载均衡
upstream nginxserver1 { server 192.168.10.25:80; server 192.168.10.26:80; } server { listen 8555; server_name 192.168.10.5; #charset koi8-r; #access_log logs/host.access.log main; location / { proxy_pass http://nginxserver1; index index.html index.htm; } }
五、添加负载均衡的健康检查
upstream 192.168.10.100 { server 192.168.10.142:8085; #web01 server 192.168.10.100:8085; # web28 check interval=3000 rise=2 fall=3 timeout=3000 type=http port=8085; #check interval=3000 rise=2 fall=5 timeout=1000 type=http; #check_http_send "GET /index.php HTTP/1.1\r\nHost: 10.19.145.144\r\n\r\n"; #check_http_expect_alive http_2xx http_3xx ; } server { listen 81; server_name 192.168.10.100; charset utf8; access_log /data/log/mytestpvz2/cloud.pvz2android.popcap.com.cn_access.log main; error_log /data/log/mytestpvz2/cloud.pvz2android.popcap.com.cn_error.log; location / { proxy_pass http://192.168.10.100; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
六、nginx日志切割
1)nginx日志切割的原理
把每天的日志重新命名为日期日志
[root@nginx-server ~]# ls /var/log/nginx/ access.log error.log [root@nginx-server ~]# cd /var/log/nginx/ [root@nginx-server ~]# mv access.log access_$(date +%F -d -1day).log [root@nginx-server nginx]# nginx -s reload [root@nginx-server nginx]# ls access_2018-02-27.log access.log error.log
2)写日志切割的脚本
[root@nginx-server nginx]# cd /var/log/nginx/ [root@nginx-server nginx]# rm -rf access_2018-02-27.log [root@nginx-server nginx]# cat cut_nginx_log.sh #!/bin/bash nginx -s reload cd /var/log/nginx &&\ /bin/mv access.log access_$(date +%F -d -1day).log [root@nginx-server nginx]# nginx -s reload [root@nginx-server nginx]# sh cut_nginx_log.sh [root@nginx-server nginx]# ls access_2018-02-27.log cut_nginx_log.sh error.log # 写定时任务 [root@nginx-server nginx]# crontab -e 00 00 * * * /bin/sh /var/log/nginx/cut_nginx_log.sh >/dev/null 2>&1
3.1)日志切割优化
#!/bin/bash /bin/mv /data/log/nginx/cloud_access.log /data/log/nginx/cloud_access_$(date +%F -d -1day).log /bin/mv /data/log/nginx/cloud_error.log /data/log/nginx/cloud_error_$(date +%F -d -1day).log /opt/nginx/sbin/nginx -s reload # cloud_access_2019-05-06.log #格式 #优化文件压缩 /bin/mv /data/log/msg/messages /data/log/msg/messages-$(date +%Y%m%d -d -1day) service rsyslog restart gzip /data/log/msg/messages-$(date +%Y%m%d -d -1day) # messages-20190506.gz 格式
3.2)写入定时任务
SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root HOME=/ # For details see man 4 crontabs # Example of job definition: # .---------------- minute (0 - 59) # | .------------- hour (0 - 23) # | | .---------- day of month (1 - 31) # | | | .------- month (1 - 12) OR jan,feb,mar,apr ... # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat # | | | | | # * * * * * user-name command to be executed 00 00 * * * root /bin/sh /opt/cut_log.sh >/dev/null 2>&1
添加最后一行:00 00 * * * root /bin/sh /opt/cut_nginx_log.sh >/dev/null 2>&1
systemctl restart crond.service 重启定时任务
七、nginx代理django-web框架
1)修改nginx配置文件
[root@tomcat conf.d]# cat test.conf
upstream 192.168.1.40 {
#server 192.168.1.40:8080;
server 127.0.0.1:8000;
}
server {
listen 80;
server_name 192.168.1.40;
charset utf8;
location / {
proxy_pass http://192.168.1.40;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
2)添加被允许访问的IP
[root@tomcat demo1]# vim settings.py ............. ALLOWED_HOSTS = ['192.168.1.40'] .............
3)浏览器访问验证
七、扩展知识。网络代理
现象:有2台互通的机器,但是有一台有网络,有一台,没有网络,因为没有dns
如何让没有网络的机器能使用yum源
1)在有网络的机器上面配置nginx文件
server { resolver 192.168.10.1 192.168.2.1; # dns resolver_timeout 5s; listen 8000; server_name 0.0.0.0; access_log /data/log/nginx/myjumpserver_access.log main; error_log /data/log/nginx/myjumpserver_error.log; location / { proxy_pass $scheme://$host$request_uri; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $Host; proxy_set_header X-Forwarder-For $Host; proxy_buffering on; proxy_max_temp_file_size 0; proxy_cache_valid 200 320 10m; proxy_cache_valid 301 1h; proxy_cache_valid any 1m; # include /data/app/nginx/conf/proxy.conf; } }
检查语法,重启
2)在另一台没有网络的机器上,加上上面机器的代码配置文件
[root@cmdb ~]# vim /etc/yum.conf
proxy=http://192.168.10.101:8000
八、tcp代理
user nginx; worker_processes 4; worker_cpu_affinity 00000001 00000010 00000100 00001000; worker_rlimit_nofile 204800; pid /var/run/nginx.pid; events { worker_connections 204800; use epoll; multi_accept off; } http { include /opt/lnmp_zabbix/nginx/conf/mime.types; default_type application/octet-stream; log_format main '$remote_addr --- $remote_user --- [$time_local] --- $request --- ' '"$status" --- $body_bytes_sent --- "$http_referer" --- ' '"$http_user_agent" --- "$http_x_forwarded_for"'; log_format mtr '$remote_addr [$time_local] "$request_uri" ' '$status "$http_referer" ' '"$http_user_agent" "$host"'; sendfile on; keepalive_timeout 30; client_header_timeout 30; client_body_timeout 40; server_tokens off; tcp_nodelay on; gzip on; include /opt/lnmp_zabbix/nginx/conf/vhost/*.conf; fastcgi_send_timeout 300; fastcgi_read_timeout 300; #fastcgi_buffer_size 16k; #fastcgi_buffers 16 16k; #fastcgi_busy_buffers_size 16k; fastcgi_buffer_size 64k; fastcgi_buffers 4 64k; fastcgi_busy_buffers_size 128k; server_names_hash_bucket_size 128; client_header_buffer_size 2k; large_client_header_buffers 4 4k; client_max_body_size 100k; open_file_cache max=51200 inactive=20s; open_file_cache_valid 30s; open_file_cache_min_uses 1; } stream { upstream cloudsocket { hash $remote_addr consistent; # $binary_remote_addr; server 192.192.213.69:3306 weight=5 max_fails=3 fail_timeout=30s; } server { listen 80; proxy_connect_timeout 10s; proxy_timeout 300s; proxy_pass cloudsocket; } }
