一、依赖
1. gcc 安装
安装 nginx 需要先将官网下载的源码进行编译,编译依赖 gcc 环境,如果没有 gcc 环境,则需要安装:
yum install gcc-c++
2. PCRE pcre-devel 安装
PCRE(Perl Compatible Regular Expressions) 是一个Perl库,包括 perl 兼容的正则表达式库。nginx 的 http 模块使用 pcre 来解析正则表达式,所以需要在 linux 上安装 pcre 库,pcre-devel 是使用 pcre 开发的一个二次开发库。nginx也需要此库。命令:
yum install -y pcre pcre-devel
3. zlib 安装
zlib 库提供了很多种压缩和解压缩的方式, nginx 使用 zlib 对 http 包的内容进行 gzip ,所以需要在 Centos 上安装 zlib 库。
yum install -y zlib zlib-devel
4. OpenSSL 安装
OpenSSL 是一个强大的安全套接字层密码库,囊括主要的密码算法、常用的密钥和证书封装管理功能及 SSL 协议,并提供丰富的应用程序供测试或其它目的使用。
nginx 不仅支持 http 协议,还支持 https(即在ssl协议上传输http),所以需要在 Centos 安装 OpenSSL 库。
yum install -y openssl openssl-devel
yum install -y gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel
二、安装包下载
直接下载.tar.gz
安装包,地址:https://nginx.org/en/download.html
wget -c https://nginx.org/download/nginx-1.14.0.tar.gz
三、解压
tar zxvf nginx-1.14.0.tar.gz
四、配置安装
cd nginx-1.14.0 ./configure --prefix=/usr/local/nginx --with-stream make && make install
mkdir -p /var/cache/nginx /etc/nginx/http.d /etc/nginx/stream.d
五、配置nginx转发
stream { upstream proxy_card { # simple round-robin 转发IP和端口 server 192.168.1.12:12340; server 192.168.1.13:12340; #check interval=3000 rise=2 fall=5 timeout=1000; #check interval=3000 rise=2 fall=5timeout=1000 #check interval=3000 rise=2 fall=5timeout=1000 #check_http_send "GET /HTTP/1.0\r\n\r\n"; #check_http_expect_alive http_2xxhttp_3xx; } server { listen 12340; #监听端口 proxy_pass proxy_card; #转发请求 } }
六、工具
查找安装路径:
whereis nginx
启动停止
cd /usr/local/nginx/sbin/ ./nginx ./nginx -s stop ./nginx -s quit ./nginx -s reload ./nginx -s quit:此方式停止步骤是待nginx进程处理任务完毕进行停止。 ./nginx -s stop:此方式相当于先查出nginx进程id再使用kill命令强制杀掉进程。
查询nginx进程:
ps aux|grep nginx
重启
1.先停止再启动(推荐): 对 nginx 进行重启相当于先停止再启动,即先执行停止命令再执行启动命令。如下: ./nginx -s quit ./nginx 2.重新加载配置文件: 当 ngin x的配置文件 nginx.conf 修改后,要想让配置生效需要重启 nginx,使用-s reload不用先停止 ngin x再启动 nginx 即可将配置信息在 nginx 中生效,如下: ./nginx -s reload
自启动:
即在rc.local增加启动代码就可以了。 vi /etc/rc.local 增加一行 /usr/local/nginx/sbin/nginx 设置执行权限: chmod 755 rc.local
七、tcp转发测试
编辑/etc/nginx/nginx.conf文件,追加
stream { log_format proxy '$remote_addr [$time_local] ' '$protocol $status $bytes_sent $bytes_received ' '$session_time "$upstream_addr" ' '"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"'; access_log /var/log/nginx/stream.access.log proxy; upstream slb_test_apiserver_local { server 172.31.185.139:6443 weight=5 max_fails=3 fail_timeout=30s; server 172.31.185.138:6443 weight=5 max_fails=3 fail_timeout=30s; server 172.31.185.137:6443 weight=5 max_fails=3 fail_timeout=30s; } server { listen 6443; proxy_pass slb_test_apiserver_local; proxy_connect_timeout 1s; proxy_timeout 3s; access_log /var/log/nginx/slb_test_apiserver_local.log proxy; } }
重启nginx,测试成功
八、快速编译配置
快速编译可以应付大部分情况
./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie' --add-module=/tmp/echo-nginx-module
其中,如不需要echo模块,将最后一个选项去掉,如需要echo模块,从github上面拉到指定位置
九、grpc协议转发
upstream myservice { server 10.0.0.1:8888 weight=5 max_fails=3 fail_timeout=30s; server 10.0.0.2:8888 weight=5 max_fails=3 fail_timeout=30s; } server { listen 9999 http2 ; server_name www.myhost.com; if ( $host != "www.myhost.com"){ return 404; } location / { grpc_pass grpc://myservice; proxy_connect_timeout 1s; } access_log /var/log/nginx/myservice.log main; }
十、nginx.conf配置文件如下
user nobody; #Single core worker_processes 2; #Multicore #worker_processes 8; #worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 10240; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" "$http_host"' '$request_time $upstream_response_time $pipe - $upstream_addr'; log_format post_format $request_body; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 120; proxy_connect_timeout 600; proxy_send_timeout 600s; proxy_read_timeout 600s; #gzip on; include /etc/nginx/http.d/*.conf; } stream { log_format proxy '$remote_addr [$time_local] ' '$protocol $status $bytes_sent $bytes_received ' '$session_time "$upstream_addr" ' '"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"'; access_log /var/log/nginx/stream.access.log proxy; include /etc/nginx/stream.d/*.conf; }