一、依赖

1. gcc 安装
安装 nginx 需要先将官网下载的源码进行编译,编译依赖 gcc 环境,如果没有 gcc 环境,则需要安装:

yum install gcc-c++

2. PCRE pcre-devel 安装
PCRE(Perl Compatible Regular Expressions) 是一个Perl库,包括 perl 兼容的正则表达式库。nginx 的 http 模块使用 pcre 来解析正则表达式,所以需要在 linux 上安装 pcre 库,pcre-devel 是使用 pcre 开发的一个二次开发库。nginx也需要此库。命令:

yum install -y pcre pcre-devel

3. zlib 安装
zlib 库提供了很多种压缩和解压缩的方式, nginx 使用 zlib 对 http 包的内容进行 gzip ,所以需要在 Centos 上安装 zlib 库。

yum install -y zlib zlib-devel

4. OpenSSL 安装
OpenSSL 是一个强大的安全套接字层密码库,囊括主要的密码算法、常用的密钥和证书封装管理功能及 SSL 协议,并提供丰富的应用程序供测试或其它目的使用。
nginx 不仅支持 http 协议,还支持 https(即在ssl协议上传输http),所以需要在 Centos 安装 OpenSSL 库。

yum install -y openssl openssl-devel
yum install -y gcc-c++  pcre pcre-devel zlib zlib-devel openssl openssl-devel 

二、安装包下载

直接下载.tar.gz安装包,地址:https://nginx.org/en/download.html

wget -c https://nginx.org/download/nginx-1.14.0.tar.gz

三、解压

tar zxvf nginx-1.14.0.tar.gz

四、配置安装

cd nginx-1.14.0
./configure --prefix=/usr/local/nginx  --with-stream
make && make install
mkdir -p /var/cache/nginx /etc/nginx/http.d /etc/nginx/stream.d

五、配置nginx转发

stream {
    upstream proxy_card {
        # simple round-robin  转发IP和端口
        server 192.168.1.12:12340;
        server 192.168.1.13:12340;
        #check interval=3000 rise=2 fall=5 timeout=1000;
        #check interval=3000 rise=2 fall=5timeout=1000
        #check interval=3000 rise=2 fall=5timeout=1000
        #check_http_send "GET /HTTP/1.0\r\n\r\n";
        #check_http_expect_alive http_2xxhttp_3xx;
    }
    server {
        listen 12340; #监听端口
        proxy_pass proxy_card;  #转发请求
    }
}

六、工具

查找安装路径:

whereis nginx
启动停止
cd /usr/local/nginx/sbin/
./nginx 
./nginx -s stop
./nginx -s quit
./nginx -s reload
./nginx -s quit:此方式停止步骤是待nginx进程处理任务完毕进行停止。
./nginx -s stop:此方式相当于先查出nginx进程id再使用kill命令强制杀掉进程。

查询nginx进程:

ps aux|grep nginx

重启

1.先停止再启动(推荐):
对 nginx 进行重启相当于先停止再启动,即先执行停止命令再执行启动命令。如下:

./nginx -s quit
./nginx
2.重新加载配置文件:
当 ngin x的配置文件 nginx.conf 修改后,要想让配置生效需要重启 nginx,使用-s reload不用先停止 ngin x再启动 nginx 即可将配置信息在 nginx 中生效,如下:
./nginx -s reload

自启动:

即在rc.local增加启动代码就可以了。

vi /etc/rc.local
增加一行 /usr/local/nginx/sbin/nginx
设置执行权限:

chmod 755 rc.local

七、tcp转发测试

 编辑/etc/nginx/nginx.conf文件,追加

stream {
    log_format proxy '$remote_addr [$time_local] '
                     '$protocol $status $bytes_sent $bytes_received '
                     '$session_time "$upstream_addr" '
                     '"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
    access_log /var/log/nginx/stream.access.log proxy;


    upstream slb_test_apiserver_local {
        server 172.31.185.139:6443 weight=5 max_fails=3 fail_timeout=30s;
        server 172.31.185.138:6443 weight=5 max_fails=3 fail_timeout=30s;
        server 172.31.185.137:6443 weight=5 max_fails=3 fail_timeout=30s;
    }

    server {
        listen 6443;
        proxy_pass slb_test_apiserver_local;
        proxy_connect_timeout 1s;
        proxy_timeout 3s;
        access_log /var/log/nginx/slb_test_apiserver_local.log proxy;
    }
}

重启nginx,测试成功

八、快速编译配置

快速编译可以应付大部分情况

./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie' --add-module=/tmp/echo-nginx-module

其中,如不需要echo模块,将最后一个选项去掉,如需要echo模块,从github上面拉到指定位置

 

九、grpc协议转发

upstream myservice {
    server 10.0.0.1:8888 weight=5 max_fails=3 fail_timeout=30s;
    server 10.0.0.2:8888 weight=5 max_fails=3 fail_timeout=30s;
}
server {
    listen   9999 http2 ;
    server_name www.myhost.com;
    if ( $host != "www.myhost.com"){
        return 404;
    }
    location / {
        grpc_pass grpc://myservice;
        proxy_connect_timeout 1s;
    }
    access_log  /var/log/nginx/myservice.log  main;
}

 

十、nginx.conf配置文件如下

user  nobody;

#Single core
worker_processes  2;

#Multicore
#worker_processes     8;
#worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  10240;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for" "$http_host"'
                      '$request_time $upstream_response_time $pipe - $upstream_addr';

    log_format  post_format $request_body;

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  120;
    proxy_connect_timeout 600;
    proxy_send_timeout 600s;
    proxy_read_timeout 600s;

    #gzip  on;

    include /etc/nginx/http.d/*.conf;
}


stream {
    log_format proxy '$remote_addr [$time_local] '
                     '$protocol $status $bytes_sent $bytes_received '
                     '$session_time "$upstream_addr" '
                     '"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
    access_log /var/log/nginx/stream.access.log proxy;

    include /etc/nginx/stream.d/*.conf;
}

 

posted on 2018-01-26 15:38  芒果-Vic  阅读(1027)  评论(0编辑  收藏  举报