一、编译安装nginx
1、下载
[root@ns1 ~]# wget http://nginx.org/download/nginx-1.10.0.tar.gz
2、解压
[root@ns1 ~]# tar xf nginx-1.10.0.tar.gz [root@ns1 ~]# cd nginx-1.10.0
3、安装依赖组件
[root@ns1 nginx-1.10.0]# yum install pcre-devel #url重写需要的组件 [root@ns1 nginx-1.10.0]# yum install zlib-devel #gzip所依赖组件 [root@ns1 nginx-1.10.0]# yum install openssl-devel #openssl依赖的组件 [root@ns1 nginx-1.10.0]# groupadd -r nginx #创建一个nginx系统组 [root@ns1 nginx-1.10.0]# useradd -g nginx -r nginx #在nginx组中加入nginx用户 [root@ns1 nginx-1.10.0]# id nginx uid=996(nginx) gid=994(nginx) 组=994(nginx
4、编译安装
【注意】因为nginx部分模块不支持动态加载,所以需要什么模块一定要提前指定好,淘宝的tengine则支持动态加载模块。
[root@ns1 nginx-1.10.0]# ./configure --prefix=/usr/local/nginx --conf-path=/etc/nginx/nginx.conf --user=nginx --group=nginx --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/lock/nginx.lock --with-http_ssl_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_flv_module --with-http_mp4_module --http-client-body-temp-path=/var/tmp/nginx/client --http-proxy-temp-path=/var/tmp/nginx/proxy --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi [root@ns1 nginx-1.10.0]# mkdir -pv /var/tmp/nginx/{client,proxy,fastcgi,uwsgi} [root@ns1 nginx-1.10.0]# make && make install
5、./configure选项说明
[root@ns1 nginx-1.10.0]# ./configure --help --help print this message #帮助 --prefix=PATH set installation prefix #安装路径 --sbin-path=PATH set nginx binary pathname #主程序安装路径 --modules-path=PATH set modules path #模块安装路径 --conf-path=PATH set nginx.conf pathname #主配置文件安装路径 --error-log-path=PATH set error log pathname #错误日志路径 --pid-path=PATH set nginx.pid pathname #pid文件路径 --lock-path=PATH set nginx.lock pathname #锁文件路径 --user=USER set non-privileged user for #nginx启动时work进程以什么身份运行 worker processes --group=GROUP set non-privileged group for #nginx启动时work进程以什么组运行 worker processes --build=NAME set build name #指定编译的名称 --builddir=DIR set build directory #指定编译的目录 #with的是默认没启用的模块,with后启用 #without的是默认启动的模块,without后关闭 --with-select_module enable select module #开起select模块 --without-select_module disable select module #关闭select模块 --with-poll_module enable poll module #开起poll模块 --without-poll_module disable poll module #关闭poll模块 --with-threads enable thread pool support #启用线程池 --with-file-aio enable file AIO support #开起文件AIO功能,一般用来提高图片站读i/o操作 --with-ipv6 enable IPv6 support #开起ipv6支持 --with-http_ssl_module enable ngx_http_ssl_module #启用ssl模块 --with-http_v2_module enable ngx_http_v2_module #源自spdy协议,优先请求浏览器最继续的内容 --with-http_realip_module enable ngx_http_realip_module #反向代理时把真实访问ip传给后端 --with-http_addition_module enable ngx_http_addition_module #在页面后添加文本 --with-http_xslt_module enable ngx_http_xslt_module #在响应XML文件时,转为一个或多个XSLT样式 --with-http_xslt_module=dynamic enable dynamic ngx_http_xslt_module #动态的xslt模块 --with-http_p_w_picpath_filter_module enable ngx_http_p_w_picpath_filter_module #开启图片转换功能,依赖 libgd 库,能够对图片进行转换格式,尺寸等 --with-http_p_w_picpath_filter_module=dynamic #动态的p_w_picpath_filter模块 enable dynamic ngx_http_p_w_picpath_filter_module --with-http_geoip_module enable ngx_http_geoip_module #开启GeoIP功能,需要geoIP 数据库的支持 --with-http_geoip_module=dynamic enable dynamic ngx_http_geoip_module #动态geoip模块 --with-http_sub_module enable ngx_http_sub_module #sub模块,用来替换相应包指定内容 --with-http_dav_module enable ngx_http_dav_module #开启WebDAV功能,此方法可以开启PUT、DELETE、COPY、MKCOL、MOVE等HTTP方法,建议关闭 --with-http_flv_module enable ngx_http_flv_module #流媒体模块 --with-http_mp4_module enable ngx_http_mp4_module #mp4模块 --with-http_gunzip_module enable ngx_http_gunzip_module #开启gzip方式传输模式,能够大大减少带宽消耗 --with-http_gzip_static_module enable ngx_http_gzip_static_module #压缩静态页面的gizp模块 --with-http_auth_request_module enable ngx_http_auth_request_module #基于请求的返回结果来控制用户鉴权 --with-http_random_index_module enable ngx_http_random_index_module #响应用户以 “/” 结尾的请求,并在该目录下随机选择一个文件作为index文件。此模块先于 ngx_http_index_module 被执行 --with-http_secure_link_module enable ngx_http_secure_link_module #开启安全链接功能。防盗链用 --with-http_degradation_module enable ngx_http_degradation_module #内存不足时,Nginx将返回204或444给客户端 --with-http_slice_module enable ngx_http_slice_module #开启切片模块,对大文件切片用 --with-http_stub_status_module enable ngx_http_stub_status_module #nginx状态页面模块 --without-http_charset_module disable ngx_http_charset_module #下面都是默认安装的模块,有需要可以关闭 --without-http_gzip_module disable ngx_http_gzip_module --without-http_ssi_module disable ngx_http_ssi_module --without-http_userid_module disable ngx_http_userid_module --without-http_access_module disable ngx_http_access_module --without-http_auth_basic_module disable ngx_http_auth_basic_module --without-http_autoindex_module disable ngx_http_autoindex_module --without-http_geo_module disable ngx_http_geo_module --without-http_map_module disable ngx_http_map_module --without-http_split_clients_module disable ngx_http_split_clients_module --without-http_referer_module disable ngx_http_referer_module --without-http_rewrite_module disable ngx_http_rewrite_module --without-http_proxy_module disable ngx_http_proxy_module --without-http_fastcgi_module disable ngx_http_fastcgi_module --without-http_uwsgi_module disable ngx_http_uwsgi_module --without-http_scgi_module disable ngx_http_scgi_module --without-http_memcached_module disable ngx_http_memcached_module --without-http_limit_conn_module disable ngx_http_limit_conn_module --without-http_limit_req_module disable ngx_http_limit_req_module --without-http_empty_gif_module disable ngx_http_empty_gif_module --without-http_browser_module disable ngx_http_browser_module --without-http_upstream_hash_module disable ngx_http_upstream_hash_module --without-http_upstream_ip_hash_module disable ngx_http_upstream_ip_hash_module --without-http_upstream_least_conn_module disable ngx_http_upstream_least_conn_module --without-http_upstream_keepalive_module disable ngx_http_upstream_keepalive_module --without-http_upstream_zone_module disable ngx_http_upstream_zone_module --with-http_perl_module enable ngx_http_perl_module #开起perl模块 --with-http_perl_module=dynamic enable dynamic ngx_http_perl_module #动态perl模块 --with-perl_modules_path=PATH set Perl modules path --with-perl=PATH set perl binary pathname --http-log-path=PATH set http access log pathname #访问日志路径 --http-client-body-temp-path=PATH set path to store #客户端上传内容临时存放位置,路径不存在则必须先创建 http client request body temporary files --http-proxy-temp-path=PATH set path to store #作为代理服务器代理内容临时存放位置 http proxy temporary files --http-fastcgi-temp-path=PATH set path to store #fastcgi协议工作时所需临时目录 http fastcgi temporary files --http-uwsgi-temp-path=PATH set path to store #uwsgi协议工作时所需临时目录 http uwsgi temporary files --http-scgi-temp-path=PATH set path to store #scgi协议工作时所需临时目录 http scgi temporary files --without-http disable HTTP server --without-http-cache disable HTTP cache --with-mail enable POP3/IMAP4/SMTP proxy module #开起mail模块 --with-mail=dynamic enable dynamic POP3/IMAP4/SMTP proxy module #开起mail动态模块 --with-mail_ssl_module enable ngx_mail_ssl_module --without-mail_pop3_module disable ngx_mail_pop3_module --without-mail_imap_module disable ngx_mail_imap_module --without-mail_smtp_module disable ngx_mail_smtp_module --with-stream enable TCP/UDP proxy module #stream模块用于tcp/udp和负载均衡 --with-stream=dynamic enable dynamic TCP/UDP proxy module #动态stream模块 --with-stream_ssl_module enable ngx_stream_ssl_module --without-stream_limit_conn_module disable ngx_stream_limit_conn_module --without-stream_access_module disable ngx_stream_access_module --without-stream_upstream_hash_module disable ngx_stream_upstream_hash_module --without-stream_upstream_least_conn_module disable ngx_stream_upstream_least_conn_module --without-stream_upstream_zone_module disable ngx_stream_upstream_zone_module --with-google_perftools_module enable ngx_google_perftools_module #内存管理模块合理调配系统内存资源给服务器 --with-cpp_test_module enable ngx_cpp_test_module #启用ngx_cpp_test_module支持 --add-module=PATH enable external module #启用外部模块支持 --add-dynamic-module=PATH enable dynamic external module #动态加载外部模块 --with-cc=PATH set C compiler pathname #用于C编译环境非默认的情况,指向C编译器路径 --with-cpp=PATH set C preprocessor pathname #指向C预处理路径 --with-cc-opt=OPTIONS set additional C compiler options #设置C编译器参数 --with-ld-opt=OPTIONS set additional linker options #设置连接文件参数 --with-cpu-opt=CPU build for the specified CPU, valid values: #指定编译的CPU pentium, pentiumpro, pentium3, pentium4, athlon, opteron, sparc32, sparc64, ppc64 --without-pcre disable PCRE library usage --with-pcre force PCRE library usage #url重写时所需模块,有更强大的正则引擎 --with-pcre=DIR set path to PCRE library sources --with-pcre-opt=OPTIONS set additional build options for PCRE --with-pcre-jit build PCRE with JIT compilation support --with-md5=DIR set path to md5 library sources --with-md5-opt=OPTIONS set additional build options for md5 --with-md5-asm use md5 assembler sources --with-sha1=DIR set path to sha1 library sources --with-sha1-opt=OPTIONS set additional build options for sha1 --with-sha1-asm use sha1 assembler sources --with-zlib=DIR set path to zlib library sources gzip --with-zlib-opt=OPTIONS set additional build options for zlib --with-zlib-asm=CPU use zlib assembler sources optimized for the specified CPU, valid values: pentium, pentiumpro --with-libatomic force libatomic_ops library usage --with-libatomic=DIR set path to libatomic_ops library sources --with-openssl=DIR set path to OpenSSL library sources #openssl所在位置 --with-openssl-opt=OPTIONS set additional build options for OpenSSL --with-debug enable debug logging
二、启动脚本
[root@ns1 init.d]# vim /etc/init.d/nginx #编写启动脚本 #! /bin/bash # # nginx - this script starts and stops the nginx daemon # # chkconfig: - 85 15 # description: Nginx is an HTTP(S) server, HTTP(S) reverse \ # proxy and IMAP/POP3 proxy server # # processname: nginx # config: /etc/nginx/nginx.conf # pidfile: /var/run/nginx/nginx.pid # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ "$NETWORKING" = "no" ] && exit 0 nginx="/usr/local/nginx/sbin/nginx" #根据自己的安装位置修改这里 prog=$(basename $nginx) NGINX_CONF_FILE="/etc/nginx/nginx.conf" #修改这里 [ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx lockfile=/var/lock/nginx.lock #修改这里 start() { [ -x $nginx ] || exit 5 [ -f $NGINX_CONF_FILE ] || exit 6 echo -n $"Starting $prog: " daemon $nginx -c $NGINX_CONF_FILE retval=$? echo [ $retval -eq 0 ] && touch $lockfile return $retval } stop() { echo -n $"Stopping $prog: " killproc $prog -QUIT retval=$? echo [ $retval -eq 0 ] && rm -f $lockfile return $retval } restart() { configtest || return $? stop sleep 1 start } reload() { configtest || return $? echo -n $"Reloading $prog: " killproc $nginx -HUP RETVAL=$? echo } force_reload() { restart } configtest() { $nginx -t -c $NGINX_CONF_FILE } rh_status() { status $prog } rh_status_q() { rh_status >/dev/null 2>&1 } case "$1" in start) rh_status_q && exit 0 $1 ;; stop) rh_status_q || exit 0 $1 ;; restart|configtest) $1 ;; reload) rh_status_q || exit 7 $1 ;; force-reload) force_reload ;; status) rh_status ;; condrestart|try-restart) rh_status_q || exit 0 ;; *) echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}" exit 2 esac [root@localhost nginx-1.10.0]# chmod 755 /etc/init.d/nginx [root@localhost nginx-1.10.0]# service nginx restart #开机启动 [root@localhost nginx-1.10.0]# chkconfig --add nginx [root@localhost nginx-1.10.0]# chkconfig nginx on [root@localhost nginx-1.10.0]# chkconfig --list nginx nginx 0:关 1:关 2:开 3:开 4:开 5:开 6:关
三、配置2个基于nginx的web
(172.16.22.39)(172.16.22.40)
[root@ns2 ~]# vim /etc/nginx/nginx.conf user nginx; #以哪个用户的身份运行nginx worker_processes 1; #运行几个worker进程 error_log /var/log/nginx/error.log; #错误日志位置 #error_log logs/error.log notice; #error_log logs/error.log info; pid /var/run/nginx/nginx.pid; #pid文件位置 events { worker_connections 1024; #一个worker进程的最大并发数量 } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' #日志格式 '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; #访问日志位置和应用上面的格式 sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #持久连接时间 gzip on; #开起gzip压缩 server { listen 80; server_name ns3.xinfeng.com; #charset koi8-r; #access_log logs/host.access.log main; location / { root /var/www/html; #根目录位置 index index.html index.htm; #首页索引文件 } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; #错误页面位置 location = /50x.html { root html; } } [root@ns2 ~]# vim /var/www/html/index.htmlns2.xinfeng.com
[root@ns2 ~]# service nginx start [root@ns3 ~]# vim /var/www/html/index.htmlns3.xinfeng.com
[root@ns3 ~]# vim /var/www/html/ds.htmlThere is ds.
[root@ns3 ~]# service nginx start
四、配置反向代理,负载均衡,缓存
1、创建缓存目录和修改hosts文件(172.16.22.38)
#创建缓存目录(172.16.22.38),修改hosts文件(全部主机) [root@ns1 ~]# mkdir -pv /cache/nginx [root@ns1 ~]# chown nginx:nginx /cache/nginx [root@ns1 ~]# vim /etc/hosts 172.16.22.38 ns1.xinfeng.com 172.16.22.39 ns2.xinfeng.com 172.16.22.40 ns3.xinfeng.com #另外两台也要修改
2、修改代理服务器配置文件(172.16.22.38)
[root@ns1 ~]# vim /etc/nginx/nginx.conf user nginx; worker_processes 1; error_log /var/log/nginx/error.log error; pid /var/run/nginx/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; proxy_cache_path /cache/nginx/ levels=1:1 keys_zone=mycache:32m; #缓存路径,1:1表示1级目录下有1个子目录,缓存key名称为mycache后面调用时要用,缓存大小为32m sendfile on; #tcp_nopush on; keepalive_timeout 65; gzip on; upstream xinfengsvr { #定义一个负载均衡组,组名叫xinfengsvr,下面直接调用组名 server 172.16.22.39:80 weight=1 max_fails=2 fail_timeout=1; #权重1,错误2次,每次超时1秒,就算健康状态,检测失败,还可以在后面街上backup将次服务器作为备用服务器 server 172.16.22.40:80 weight=1 max_fails=2 fail_timeout=1; # } server { listen 80; server_name ns1.xinfeng.com; location / { root /var/www/html; index index.html index.htm; proxy_pass http://xinfengsvr/; #将对本服务器首页的请求代理至负载均衡组xinfengsvr,以实现负载均衡 } location /index/ { proxy_cache mycache; #调用缓存key为mycahe proxy_cache_valid 200 1m; #返回值为200的缓存1分钟 #root /var/www/html; proxy_pass http://172.16.22.40/ds.html; #将url为/index/的代理至ns3.xinfeng.com/ds.html proxy_set_header Host $host; #把客户端真实主机名传递给后端服务器 proxy_set_header X-Real-IP $remote_addr; #把客户端真实ip传递给后端服务器 index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /var/www/html; } } } [root@ns1 ~]# service nginx reload [root@ns1 ~]# service nginx restart
在把客户端ip发给后端服务器时,apache需要修改httpd.conf
LogFormat "%{X-Real-IP}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent
如果是后端nginx,需要修改nginx.conf
--with-http_realip_module #需要安装时开起此模块 set_real_ip_from 192.168.1.0/24; #这里是前端代理服务器ip,可以是单个IP或者IP段 set_real_ip_from 192.168.2.1; real_ip_header X-Real-IP;
五、查看结果
1、查看缓存结果
[root@ns1 ~]# cd /cache/nginx [root@ns1 ~]# ls 5 [root@ns1 ~]# ls 5/d/a9c378c70c62b5ed29dac22910c12ad5