Nginx的特性
- 支持高并发:能支持几万并发连接(特别是静态小文件业务环境)
- 资源消耗少:在3万并发连接下,开启10哥Nginx线程消耗的内存不到200MB
- 可以做HTTP反向代理及加速缓存,即负载均衡功能,内置对RS节点服务器健康检查功能,这相当于专业的Haproxy软件或LVS的功能
- 具备Squid等专业缓存软件等的缓存功能。
- 支持异步网络I/O事件模型epoll(linux2.6+)。
1.安装Nginx所需要的pcre库和openssl #pcre兼容正则表达 openssl在使用https会用到此模块不装会报错
yum install -y pcre-devel openssl-devel
apt-get install -y openssl libssl-dev libpcre3 libpcre3-dev
2.下载Nginx源码包 到官网http://nginx.org/下载 企业应用建议下载半年以前的稳定版 #wget 可以加-q参数不显示过程
wget http://nginx.org/download/nginx-1.14.0.tar.gz
3.创建nginx程序用户
useradd -s /sbin/nologin -M www
4.解压源码包编译安装 并做软连接启动 #停止nginx -s stop 重启nginx -s reload 检测配置文件nginx -t 查看状态信息nginx -V
tar xf nginx-1.14.0.tar.gz -C /usr/src/
cd /usr/src/nginx-1.14.0/
./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module;make;make install ln -s /usr/local/nginx/sbin/* /usr/local/sbin/ /usr/local/nginx/sbin/nginx
5.初步了解nginx主配置文件 #在/usr/local/nginx/conf/nginx.conf nginx的优化主要在于修改nginx的主配文件
egrep -v "#|^$" nginx.conf
user nginx nginx; #用户和组为nginx
worker_processes 1; #worker进程的数量
error_log logs/error.log info; #错误日志及纪录级别(默认没开)
pid logs/nginx.pid; #进程号存储位置(默认没开)
events { #事件区块开始
use epoll; #工作模式为epoll io异步 可不设定系统自动选择最佳模式
worker_connections 1024; #每个worker进程支持的最大连接数
} #事件区块结束
http { #http区块开始
include mime.types; #Nginx支持的媒体类型库文件包含
default_type application/octet-stream; #默认的媒体类型
sendfile on; #开启高效传输模式
keepalive_timeout 65; #连接超时。
server { #网站配置区域(第一个server第一个虚拟主机站点)
listen 80; #提供服务的端口,默认80
server_name www.wk.org; #提供服务的域名主机名
location / { #第一个Location区块开始
root html; #站点的根目录(相对于nginx安装路径)
index index.html index.htm; #默认的首页文件,多个用空格分开
}
error_page 500 502 503 504 /50x.html; #出现对应的http状态码时,使用50x.html回应客户
location = /50x.html { #Location区块开始,访问50x.html
root html; #指定对应的站点目录为html
}
}
server { #网站配置区域(第二个server第二个虚拟主机站点)
listen 80; #提供服务的端口,默认80
server_name bbs.wk.org; #提供服务的域名主机名
location / { #服务区块
root html; #相对路径(nginx安装路径)
index index.html index.htm;
}
location = /50x.html { #发生错误访问的页面
root html;
}
}
}
Nginx模块
规范化虚拟主机
nginx主配置文件
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include extra/www.conf; #虚拟网站配置信息统一放在了当前的extra目录下
include extra/mail.conf;
include extra/status.conf;
}
extra目录下的文件
cat extra/www.conf
server {
listen 80;
server_name www.wk.com;
location / {
root /var/www/html/wwwcom;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/html;
}
}
Nginx状态信息功能
/usr/local/nginx/sbin/nginx -V #查看是否编译了信息状态模块
nginx version: nginx/1.14.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module #标红为信息状态模块
cat /usr/local/nginx/conf/extra/status.conf
server{
listen 80;
server_name status.wk.com;
location / {
stub_status on; #开启信息功能模块
access_log off; #不做日志访问记录
}
}
增加错误日志
在主配文件 加入error_log logs/error.log;
nginx访问日志切割
mkdir -p /server/scripts/
cd /server/scripts/
vim cut_nginx.log.sh
#!/bin
#日志切割脚本
Date=`date +%Y%m%d`
Bdir="/usr/local/nginx"
Nginxlogdir="$Bdir/logs"
Logname="access"
[ -d $Nginxlogdir ] && cd $Nginxlogdir ||exit 2
[ -f "$Logname".log ] ||exit 3
/bin/mv "$Logname".log "$Date"_"$Logname".log
$Bdir/sbin/nginx -s reload
find "$Nginxlogdir" -name "$Logname*" -type f -mtime +7|xargs /bin/rm
放入定时任务
或
#!/bin/bash
#日志切割脚本
log_path=/var/log/nginx/
log_file=/var/log/nginx/`date +%Y`/`date +%m`
pid_file='/usr/local/nginx/logs/nginx.pid'
old_access_log='/usr/local/nginx/logs/www.amber.com.access.log'
access_log=`echo $old_access_log |awk -F'/' '{print $NF}'`
err_log='/usr/local/nginx/logs/error.log'
if [ -f $pid_file ];then
[ -d $log_file ] || mkdir -p
$log_file
mv $old_access_log
${log_file}/${access_log}-$(date +%d)
kill -USR1 `cat $pid_file`
find $log_path -mtime +30 |xargs rm
-rf
else
echo "nginx未运行!" |tee
-a $err_log
fi
二者都可用
#!/bin/bash read -p "请将nginx包放入/root下并输入nginx的版本号:(例1.12.0)" Nginx /etc/init.d/iptables stop setenforce 0 &>/dev/null ping -c 3 -i 0.1 -w 0.1 www.baidu.com &>/dev/null [ $? -eq 0 ] || { echo "请确保公网能用" exit } rm -rf /etc/yum.repos.d/* echo '# CentOS-Base.repo # unless you are manually picking other mirrors. # # remarked out baseurl= line instead. # # # CentOS-Base.repo # unless you are manually picking other mirrors. # # remarked out baseurl= line instead. # # [base] name=CentOS-$releasever - Base - 163.com baseurl=http://mirrors.163.com/centos/$releasever/os/$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os gpgcheck=1 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6 #released updates [updates] name=CentOS-$releasever - Updates - 163.com baseurl=http://mirrors.163.com/centos/$releasever/updates/$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates gpgcheck=1 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6 #additional packages that may be useful [extras] name=CentOS-$releasever - Extras - 163.com baseurl=http://mirrors.163.com/centos/$releasever/extras/$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras gpgcheck=1 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6 #additional packages that extend functionality of existing packages [centosplus] name=CentOS-$releasever - Plus - 163.com baseurl=http://mirrors.163.com/centos/$releasever/centosplus/$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus gpgcheck=1 enabled=0 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6 #contrib - packages by Centos Users [contrib] name=CentOS-$releasever - Contrib - 163.com baseurl=http://mirrors.163.com/centos/$releasever/contrib/$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib gpgcheck=1 enabled=0 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6 '>/etc/yum.repos.d/CentOS6-Base-163.repo yum -y clean all &>/dev/null yum makecache &>/dev/null yum -y install pcre-devel openssl-devel wget gcc gcc-c++ make >&/dev/null [ $? -eq 0 ] || { echo “yum安装失败” exit 2 } grep www /etc/passwd &>/dev/null [ $? -eq 0 ] || useradd -s /sbin/nologin -M www cd /root/ [ -f nginx-"$Nginx".tar.gz ] ||{ echo "root下没有nginx-"$Nginx".tar.gz包" exit 3 } [ -d /usr/src/nginx-$Nginx/ ] && rm -rf /usr/src/nginx-$Nginx/ tar xf nginx-"$Nginx".tar.gz -C /usr/src/ &>/dev/null cd /usr/src/nginx-$Nginx/ [ -d /usr/local/nginx/ ] && rm -rf /usr/local/nginx ./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module &>/dev/null;make &>/dev/null;make install &>/dev/null [ -L /usr/local/sbin/nginx ] && rm -rf /usr/local/sbin/nginx ln -s /usr/local/nginx/sbin/* /usr/local/sbin/ echo ' #!/bin/bash # chkconfig: 200 80 80 #!nginx bash . /etc/init.d/functions Nginx=/usr/local/nginx/sbin/nginx case $1 in start) $Nginx &>/dev/null [ $? -eq 0 ]&& action "启动成功.................." /bin/true ||action "启动失败....................." /bin/false ;; stop) $Nginx -s stop &>/dev/null [ $? -eq 0 ]&& action "服务已关闭.................." /bin/true || action "服务未开启....................." /bin/false ;; restart) $0 stop $0 start ;; reload) $Nginx -s reload &>/dev/null [ $? -eq 0 ]&& action "服务已重启.................." /bin/true || action "请先开启服务....................." /bin/false ;; status) netstat -anput |grep 'LISTEN' |grep 'nginx' [ $? -eq 0 ] && echo "服务已启动" || echo "服务未启动" ;; *) echo "请输入status|stop|start|restart|reload" esac '>/etc/init.d/nginx chmod +x /etc/init.d/nginx chkconfig --add nginx /etc/init.d/nginx restart