Nginx编译安装及平滑升级
基于仓库安装
官网地址: http://nginx.org/en/linux_packages.html
sudo apt install curl gnupg2 ca-certificates lsb-release ubuntu-keyring curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null gpg --dry-run --quiet --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \ http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list root@ops106:~# apt list nginx Listing... Done nginx/stable 1.20.2-1~focal arm64 N: There are 6 additional versions. Please use the '-a' switch to see them. root@ops106:~# apt install nginx # 查看版本及编译参数 root@ops106:~# nginx -V nginx version: nginx/1.20.2 built by gcc 9.3.0 (Ubuntu 9.3.0-10ubuntu2) built with OpenSSL 1.1.1f 31 Mar 2020 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -fdebug-prefix-map=/data/builder/debuild/nginx-1.20.2/debian/debuild-base/nginx-1.20.2=. -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'
编译安装1.18.0
安装依赖工具
apt install gcc openssl libssl-dev libpcre3 libpcre3-dev zlib1g-dev make libncurses-dev libperl-dev
创建用户
groupadd nginx
useradd nginx -g nginx -s /sbin/nologin -M
下载软件包&解压
wget http://nginx.org/download/nginx-1.18.0.tar.gz tar xf nginx-1.18.0.tar.gz
修改相应报文Server首部(可选)
cd nginx-1.18.0 vim src/core/nginx.h #define NGINX_VERSION "1.11.30" #define NGINX_VER "super ops/" NGINX_VERSION # 没有禁用版本后显示 vim src/http/ngx_http_header_filter_module.c static u_char ngx_http_server_string[] = "Server: super ops" CRLF; # server_tokens off; 指令显示此处版本
编译安装
./configure --prefix=/usr/local/nginx \ --user=nginx \ --group=nginx \ --with-http_ssl_module \ --with-http_v2_module \ --with-http_realip_module \ --with-http_sub_module \ --with-http_stub_status_module \ --with-http_gzip_static_module \ --with-pcre \ # --with-http_perl_module \ --with-stream \ --with-stream_ssl_module \ --with-stream_realip_module \ --with-http_addition_module \ --with-http_dav_module \ --with-http_flv_module \ --with-http_mp4_module make && make install
修改目录权限
chown -R nginx.nginx /usr/local/nginx
准备启动文件
cat /usr/lib/systemd/system/nginx.service [Unit] Description=nginx - high performance web server Documentation=https://nginx.org/en/docs/ After=network-online.target remote-fs.target nss-lookup.target Wants=network-online.target [Service] Type=forking PIDFile=/usr/local/nginx/run/nginx.pid ExecStart=/usr/local/bin/nginx -c /usr/local/nginx/conf/nginx.conf ExecReload=/bin/sh -c "/bin/kill -s HUP $(/bin/cat /usr/local/nginx/run/nginx.pid)" ExecStop=/bin/sh -c "/bin/kill -s TERM $(/bin/cat /usr/local/nginx/run/nginx.pid)" [Install] WantedBy=multi-user.target
启动测试
systemctl start nginx
systemctl enable nginx
systemctl status nginx
验证
curl -I 10.211.55.106 HTTP/1.1 200 OK Server: super ops/1.11.30 Date: Tue, 30 Nov 2021 12:21:57 GMT Content-Type: text/html Content-Length: 612 Last-Modified: Tue, 30 Nov 2021 12:11:57 GMT Connection: keep-alive ETag: "61a6150d-264" Accept-Ranges: bytes
平滑升级和回滚
实验: 将nginx版本1.18.0升级到nginx1.20.2版本。
平滑升级流程
- 将旧Nginx二进制文件换成新Nginx程序文件(注意先备份)
- 向master进程发送USR2信号
- master进程修改pid文件名加上后缀.oldbin,成为nginx.pid.oldbin
- master进程用新Nginx文件启动新master进程成为旧master的子进程,系统中将有新旧两个Nginx
- 主进程共同提供Web服务,当前新的请求仍然由旧Nginx的worker进程进行处理,将新生成的master
- 进程的PID存放至新生成的pid文件nginx.pid
- 向旧的Nginx服务进程发送WINCH信号,使旧的Nginx worker进程平滑停止
- 向旧master进程发送QUIT信号,关闭老master,并删除Nginx.pid.oldbin文件
- 如果发现升级有问题,可以回滚∶向老master发送HUP,向新master发送QUIT
编译1.20.2版本Nginx
# 下载并解压 wget http://nginx.org/download/nginx-1.20.2.tar.gz tar xf nginx-1.20.2.tar.gz cd nginx-1.20.2 # 修改响应头 root@ops106:~/nginx-1.20.2# vim src/core/nginx.h #define NGINX_VERSION "1.12.2" #define NGINX_VER "Super Ops/" NGINX_VERSION root@ops106:~/nginx-1.20.2# vim src/http/ngx_http_header_filter_module.c static u_char ngx_http_server_string[] = "Server: Super Ops" CRLF; # 编译
./configure --prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_sub_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-pcre \
# --with-http_perl_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-http_addition_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module
# 只需要make 不需要make install make
备份旧版本nginx程序并拷贝新版本
mv /usr/local/nginx/sbin/nginx{,.bak} cp objs/nginx /usr/local/nginx/sbin/ cd /usr/local/nginx/sbin/ root@ops106:/usr/local/nginx/sbin# ls -l total 16820 -rwxr-xr-x 1 root root 8676640 Nov 30 13:37 nginx -rwxr-xr-x 1 nginx nginx 8543112 Nov 30 12:11 nginx.bak
检查&发送USR2信号进行平滑升级
root@ops106:/usr/local/nginx# pwd /usr/local/nginx # 使用新命令检查配置 root@ops106:/usr/local/nginx# sbin/nginx -t # 查看旧版本nginx进程状态 root@ops106:/usr/local/nginx# ps auxf | grep nginx root 17411 0.0 0.0 5832 640 pts/1 S+ 13:42 0:00 \_ grep --color=auto nginx root 13473 0.0 0.1 13024 1740 ? Ss 12:21 0:00 nginx: master process /usr/local/bin/nginx -c /usr/local/nginx/conf/nginx.conf nginx 13474 0.0 0.5 13776 5292 ? S 12:21 0:00 \_ nginx: worker process # 发送 USR2 平滑升级信号 #USR2 平滑升级可执行程序,将存储有旧版本主进程PID的文件重命名为nginx.pid.oldbin,并启动新的 nginx #此时两个master的进程都在运行,只是旧的master不在监听,由新的master监听80 #此时Nginx开启一个新的master进程,这个master进程会生成新的worker进程,这就是升级后的Nginx进 程,此时老的进程不会自动退出,但是当接收到新的请求不作处理而是交给新的进程处理。 root@ops106:/usr/local/nginx# kill -USR2 `ps -ef | grep "nginx: master process" | grep -v grep | awk '{print $2}'` # 查看最新进程状态 # 可以看到两个master,新的master是旧版master的子进程,并生成新版的worker进程 root@ops106:/usr/local/nginx# ps auxf | grep nginx root 17424 0.0 0.0 5832 676 pts/1 S+ 13:43 0:00 \_ grep --color=auto nginx root 13473 0.0 0.2 13024 2556 ? Ss 12:21 0:00 nginx: master process /usr/local/bin/nginx -c /usr/local/nginx/conf/nginx.conf nginx 13474 0.0 0.5 13776 5292 ? S 12:21 0:00 \_ nginx: worker process #先关闭旧nginx的worker进程,而不关闭nginx主进程方便回滚 #向原Nginx主进程发送WINCH信号,它会逐步关闭旗下的工作进程(主进程不退出),这时所有请求都会由新 版Nginx处理 root@ops106:/usr/local/nginx# kill -WINCH `cat /usr/local/nginx/run/nginx.pid.oldbin` #经过一段时间测试,新版本服务没问题,最后退出老的master root@ops106:/usr/local/nginx# kill -QUIT `cat /usr/local/nginx/run/nginx.pid.oldbin`
回滚操作
#最后关闭新版的master kill -QUIT `cat /usr/local/nginx/run/nginx.pid`
作者:闫世成
出处:http://cnblogs.com/yanshicheng
本文版权归作者和博客园共有,欢迎转载,但未经作者同意必须保留此段声明,且在文章页面明显位置给出原文连接。如有问题或建议,请联系上述邮箱,非常感谢。