主机环境 redhat6.5 64位
实验环境 服务端 ip172.25.29.1 nginx
服务端 ip 172.25.29.2 apache
服务端 ip 172.25.29.3 apache
测试端 ip 172.25.254.29
安装包 nginx-1.10.1.tar.gz
nginx用作反向代理
服务端1
1. 安装nginx
1.解压及简单配置
[root@server1 mnt]# yum install gcc -y #安装gcc
[root@server1 mnt]# tar zxf nginx-1.10.1.tar.gz #解压nginx压缩包
[root@server1 mnt]# ls
nginx-1.10.1 nginx-1.10.1.tar.gz
[root@server1 mnt]# cd nginx-1.10.1
[root@server1 nginx-1.10.1]# vim auto/cc/gcc #禁止debug调试
178 # debug
179#CFLAGS="$CFLAGS -g"
[root@server1 nginx-1.10.1]# vim src/core/nginx.h #禁止出现nginx版本号,以保证安全性
14 #defineNGINX_VER "nginx/"
2.软件配置(静态)
[root@server1 nginx-1.10.1]# ./configure--prefix=/usr/local/lnmp/nginx --with-http_ssl_module--with-http_stub_status_module
如果出现以下错误
[root@server1 nginx-1.10.1]# yum install pcre-devel -y
重新配置
[root@server1 nginx-1.10.1]# ./configure--prefix=/usr/local/lnmp/nginx --with-http_ssl_module--with-http_stub_status_module
如果出现以下错误
[root@server1 nginx-1.10.1]# yum install openssl-devel -y
重新配置
[root@server1 nginx-1.10.1]# ./configure--prefix=/usr/local/lnmp/nginx --with-http_ssl_module--with-http_stub_status_module
3.编译、链接、安装
[root@server1 nginx-1.10.1]# make
[root@server1 nginx-1.10.1]# make install
2.将nginx作为系统变量,开启nginx
[[email protected]]# cd /usr/local/lnmp/nginx/
[root@server1 nginx]# ls
conf html logs sbin
[root@server1 nginx]# ln -s /usr/local/lnmp/nginx/sbin/nginx/usr/local/sbin/ #作软链接将nginx的启动命令作为系统命令
[root@server1 nginx]# nginx -t #检测
nginx: the configuration file/usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conftest is successful
[root@server1 nginx]# nginx #打开nginx
[root@server1 nginx]# cd conf/
3.配置文件中模块的修改及测试
[root@server1 conf]# useradd -u 900 -d /usr/local/lnmp/nginx/nginx #创建管理nginx的用户
1.修改用户、添加cpu及绑定cpu
[root@server1 conf]# vim nginx.conf
2 user nginx; #修改nginx的用户
3 worker_processes 2; #工作进程,两块cpu
4 worker_cpu_affinity01 10; #绑定cpu
[root@server1 conf]# nginx -t #检测
nginx: the configuration file/usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conftest is successful
[root@server1 conf]# nginx -s reload #重载
测试
[root@server1 conf]# ps aux | grep nginx
[root@server1 conf]# vim nginx.conf
13 events {
14 worker_connections 4096; #支持的最大链接数
15 }
[root@server1 conf]# nginx -t #检测
nginx: the configuration file/usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conftest is successful
[root@server1 conf]# nginx -s reload #重载
[root@server1 conf]# vim /etc/security/limits.conf #系统分配给nginx的
51 nginx - nofile 200
52 nginx - nproc 200
[root@server1 conf]# :() { :|:& };: #测试
如果把上面200改成4096,那么系统直接卡死
2.查看nginx状态
[root@server4 conf]# vim nginx.conf #查看nginx状态
57 location /status {
58 stub_status on;
59 access_log off;
60 }
[root@server1 conf]# nginx -t
nginx: the configuration file/usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conftest is successful
[root@server4 conf]# nginx -s reload
[root@server1 mnt]# yum install httpd -y
[root@server1 conf]# vim /etc/httpd/conf/httpd.conf
136 Listen 8080 #之前nginx监听80端口,httpd就换了端口
[root@server1 conf]# /etc/init.d/httpd start
Starting httpd: [ OK ]
测试 172.25.29.1/status
3.nginx访问加密(自定义签名证书)
在互联网中,如果访问不加密,会导致很多重要信息泄露,所有才有了加密
[root@server4 conf]# vim nginx.conf #访问加密
101 #
102 server {
103 listen 443 ssl;
104 server_name localhost;
105
106 ssl_certificate cert.pem;
107 ssl_certificate_key cert.pem;
108
109 ssl_session_cache shared:SSL:1m;
110 ssl_session_timeout 5m;
111
112 ssl_ciphers HIGH:!aNULL:!MD5;
113 ssl_prefer_server_ciphers on;
114
115 location / {
116 root html;
117 index index.html index.htm;
118 }
119 }
120
[root@server1 conf]# cd /etc/pki/tls/certs/
[root@server1 certs]# make cert.pem #生成自定义签名证书
umask 77 ; \
PEM1=`/bin/mktemp/tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp/tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req-utf8 -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2-set_serial 0 ; \
cat $PEM1 > cert.pem ; \
echo "" >> cert.pem ; \
cat $PEM2 >>cert.pem ; \
rm -f $PEM1 $PEM2
Generating a 2048 bit RSA private key
..............+++
................+++
writing new private key to '/tmp/openssl.9egbT2'
-----
You are about to be asked to enter information that will beincorporated
into your certificate request.
What you are about to enter is what is called a DistinguishedName or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Shaanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:wen
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname)[]:server1.example.com
Email Address []:[email protected]
[root@server1 certs]# mv cert.pem /usr/local/lnmp/nginx/conf/
[root@server1 certs]# nginx -t
nginx: the configuration file/usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conftest is successful
[root@server1 certs]# nginx -s reload
测试 https://172.25.29.1
选择 I Understand the Risks,确认
4.虚拟主机
虚拟主机允许从一个httpd服务器同时为多个网站提供服务
[root@server1 certs]# cd /usr/local/lnmp/nginx/conf/
[root@server1 conf]# vim nginx.conf
120 server {
121 listen 80; #监听端口
122 server_name www.wen.com; #域名
123
124 location / {
125 root /web1; #默认发布目录
126 index index.html; #默认发布文件
127 }
128 }
129 server {
130 listen 80;
131 server_name www.mi.com;
132
133 location / {
134 root /web2;
135 index index.html;
136 }
137 }
[root@server1 conf]# mkdir /web1 /web2
[root@server1 conf]# vim /web1/index.html
Welcome to www.wen.com
[root@server1 conf]# vim /web2/index.html
Welcome to www.mi.com
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.confsyntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conftest is successful
[root@server1 conf]# nginx -s reload
测试
在测试端的主机里加上域名解析
[root@foundation29 Desktop]# vim /etc/hosts
172.25.29.1 www.wen.comwww.mi.com
5.轮询负载均衡
参数说明: round-robin (默认)
wegiht :默认为1.weight越大,负载的权重就越大
backup: 其它所有的非backup机器都down时,才会请求backup机器。所以这台机器压力会最轻
ip_hash:每个请求按访问ip的hash结果分配,这样每个访客固定访问一个后端服务器,可以解决session的问题
[root@server1 conf]# vim nginx.conf
18 http {
19 upstream wen {
20 server 172.25.29.2:80;
21 server 172.25.29.3:80weight=2;
22 server 172.25.29.4:8080backup;
23 }
125 server {
126 listen80;
127 server_name www.wen.com;
128
129 location / {
130 #root /web1;
131 #index index.html;
132 proxy_pass http://wen;
133 }
134 }
[root@server1 conf]# nginx -t
nginx: the configuration file/usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conftest is successful
[root@server1 conf]# nginx -s reload
[root@server1 conf]# vim /var/www/html/index.html
[root@server1 conf]# /etc/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
其他两个2,3服务端,测试时要保证其http服务开启且默认访问的首页的路径下要有index.html文件,在文件里要有内容(随便什么都行)
测试
[kiosk@foundation29 ~]$ for i in $(seq 10 );do curl www.wen.com; done
server3
www.westos.org-server2
server3
server3
www.westos.org-server2
server3
server3
www.westos.org-server2
server3
server3
[kiosk@foundation29 ~]$ for i in $(seq 10 );do curl www.wen.com; done 当server3 httpd stop 之后
www.westos.org-server2
www.westos.org-server2
www.westos.org-server2
www.westos.org-server2
www.westos.org-server2
www.westos.org-server2
www.westos.org-server2
www.westos.org-server2
www.westos.org-server2
www.westos.org-server2
[kiosk@foundation29 ~]$ for i in $(seq 10 );do curl www.wen.com; done 当server2和server3httpd都 stop 之后
please try again!
please try again!
please try again!
please try again!
please try again!
please try again!
please try again!
please try again!
please try again!
please try again!
[kiosk@foundation29 ~]$ for i in $(seq 10 );do curl www.wen.com; done 当server2 和server3的httpd 都start之后,继续轮询
www.westos.org-server2
www.westos.org-server2
server3
server3
www.westos.org-server2
server3
server3
www.westos.org-server2
server3
server3