安装nginx
如用源码安装,需要先准备编译环境
yum -y install gcc gcc-c++ ncurses-devel unzip patch perl*
1)pcre安装
下载地址http://sourceforge.net/projects/pcre/files/pcre/8.37/pcre-8.37.tar.gz
[root@localhost local]# tar -zxvf pcre-8.37.tar.gz
[root@localhost local]# cd pcre-8.37
[root@localhost pcre-8.37]# ./configure
[root@localhost pcre-8.37]# make
[root@localhost pcre-8.37]# make install
2)安装zlib包
下载地址http://zlib.net/zlib-1.2.8.tar.gz
[root@localhost pcre-8.37]# cd /usr/local/
[root@localhost local]# tar -zxvf zlib-1.2.8.tar.gz
[root@localhost local]# cd zlib-1.2.8
[root@localhost zlib-1.2.8]# ./configure
[root@localhost zlib-1.2.8]# make
[root@localhost zlib-1.2.8]# make install
3)安装ssl
下载地址:http://www.openssl.org/source/
[root@localhost pcre-8.37]# cd /usr/local/
[root@localhost local]# tar -zxvf openssl-1.0.2c.tar.gz
4)安装nginx_upstream_check_module模块 (健康监测)
下载地址:https://github.com/yaoweibin/nginx_upstream_check_module/archive/master.zip
[root@localhost local]# unzip nginx_upstream_check_module-master.zip
##5)安装nginx
下载地址http://nginx.org/download/
[root@localhost zlib-1.2.8]# cd /usr/local/
[root@localhost local]# tar -zxvf nginx-1.9.2.tar.gz
[root@localhost local]# cd nginx-1.9.2
[root@unicorn01 nginx-1.9.2]# patch -p0 < /usr/local/nginx_upstream_check_module-master/check_1.9.2+.patch
[root@localhost nginx-1.9.2]# ./configure --prefix=/usr/local/nginx --add-module=/usr/local/nginx_upstream_check_module-master --with-pcre=/usr/local/pcre-8.37 --with-zlib=/usr/local/zlib-1.2.8 --with-http_ssl_module --with-openssl=/usr/local/openssl-1.0.2c
[root@localhost nginx-1.9.2]# make [root@localhost nginx-1.9.2]# make install
##6)配置nginx
```shell
root@localhost local]# cd /usr/local/nginx/conf/
[root@localhost conf]# vim nginx.conf
此处根据项目需求配置负载均衡和请求代理转发
例如:
upstream cluster {
# simple round-robin
server 192.168.0.1:80;
server 192.168.0.2:80;
check interval=5000 rise=1 fall=3 timeout=4000;
#check interval=3000 rise=2 fall=5 timeout=1000 type=ssl_hello;
#check interval=3000 rise=2 fall=5 timeout=1000 type=http;
#check_http_send "HEAD / HTTP/1.0\r\n\r\n";
#check_http_expect_alive http_2xx http_3xx;
} upstream group1 {
server 10.51.19.63:80;
}
server {
listen 80;
#listen 8602;
server_name localhost;
#proxy_redirect http://localhost:80/M00 /M00;
#charset koi8-r;
#access_log logs/host.access.log main;
#location / {
# root html;
# index index.html index.htm;
#} location / {
proxy_pass [http://cluster](http://cluster/);
}
location /nstatus {
check_status;
access_log off;
#allow SOME.IP.ADD.RESS;
#deny all;
}
location /group1/M00 {
proxy_pass http://group1;
#health_check match=not_redirect;
proxy_redirect off;
proxy_set_header Host $host;
#proxy_cache cache_one;
proxy_cache_valid 200 1h;
# proxy_cache_valid 301 1d;
# proxy_cache_valid any 1m;
expires 30d;
}
location / {
proxy_pass [http://10.51.19.66:15672](http://10.51.19.66:15672/);
}
location /message {
proxy_pass [http://10.51.19.66:8080](http://10.51.19.66:8080/);
}
location /filews{
proxy_pass [http://10.51.19.63:8081](http://10.51.19.63:8081/);
}
location /infows{
proxy_pass [http://10.51.19.63:8082](http://10.51.19.63:8082/);
}
location /cms{
proxy_pass [http://10.51.19.63:8083](http://10.51.19.63:8083/);
}
location /cmsfile{
proxy_pass [http://10.51.19.63:8083](http://10.51.19.63:8083/);
}
location /cgiws{
proxy_pass [http://10.51.19.64:8081](http://10.51.19.64:8081/);
}
location /hexinstat{
proxy_pass [http://10.51.19.64:8082](http://10.51.19.64:8082/);
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html { root html; }
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass [http://127.0.0.1](http://127.0.0.1/);
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
server {
listen 443;
server_name localhost; ssl on;
ssl_certificate server.pem;
ssl_certificate_key server.key;
#ssl_client_certificate ca.crt;
#ssl_verify_client on;
#ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
#ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
location /cgiws {
proxy_pass [http://10.51.19.64:8081/cgiws](http://10.51.19.64:8081/cgiws);
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header SSL_CERT $ssl_client_cert;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /infows {
proxy_pass [http://10.51.19.63:8082](http://10.51.19.63:8082/);
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header SSL_CERT $ssl_client_cert;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /group1/M00 {
proxy_pass http://group1;
#health_check match=not_redirect;
proxy_redirect off;
proxy_set_header Host $host;
#proxy_cache cache_one;
proxy_cache_valid 200 1h;
# proxy_cache_valid 301 1d;
# proxy_cache_valid any 1m;
expires 30d;
}
#location / {
# root html;
# index index.html index.htm;
#}
}
7)启动、重启、停止
[root@localhost conf]# /usr/local/nginx/sbin/nginx
重启:
[root@localhost conf]# /usr/local/nginx/sbin/nginx -s reload
停止:
[root@localhost conf]# /usr/local/nginx/sbin/nginx -s stop
验证配置文件:
[root@localhost conf]# /usr/local/nginx/sbin/nginx -t
8)nginx监控配置
location /status {
stub_status on; auth_basic "NginxStatus";
}
http://localhost:8083/status
Active connections: 2
server accepts handled requests
3 3 54
Reading: 0 Writing: 1 Waiting: 1
解析:
Active connections //当前 Nginx 正处理的活动连接数。
server accepts handled requests //总共处理了3 个连接 , 成功创建 3 次握手,总共处理了54个请求。
Reading //nginx 读取到客户端的 Header 信息数。
Writing //nginx 返回给客户端的 Header 信息数。
Waiting //开启 keep-alive 的情况下,这个值等于 active - (reading + writing),意思就是 Nginx 已经处理完正在等候下一次请求指令的驻留连接
9)nginx出现异常开启日志分析
log_format main 'remote_user [request" '
'body_bytes_sent "$http_referer" '
'"http_x_forwarded_for"'
'"upstream_status" "request_time"';
access_log logs/access.log main;
参数说明示例
$remote_addr 客户端地址 211.28.65.253
$remote_user 客户端用户名称 --
$time_local 访问时间和时区 18/Jul/2012:17:00:01 +0800
$request 请求的URI和HTTP协议 "GET /article-10000.html HTTP/1.1"
$http_host 请求地址,即浏览器中你输入的地址(IP或域名) www.it300.com
192.168.100.100
$status HTTP请求状态 200
$upstream_status upstream状态 200
$body_bytes_sent 发送给客户端文件内容大小 1547
$http_referer url跳转来源 https://www.baidu.com/
ssl_protocol SSL协议版本 TLSv1 upstream_addr 后台upstream的地址,即真正提供服务的主机地址 10.10.10.100:80 upstream_response_time 请求过程中,upstream响应时间 0.002
切记:
1、首先,确保安装了OpenSSL库,并且安装Nginx时使用了–with-http_ssl_module参数。
2、证书拷至nginx目录,配置如下server
3、第一次配置https时必须重启nginx才能生效,不能reload!