nginx服務
1.nginx 安裝
1).解壓文件
# tar zxf nginx-1.12.0.tar.gz
2).創建用戶
# useradd -M -d /usr/local/lnmp/nginx -s /sbin/nologin -u 800 nginx
3).修改配置文件
# vim nginx-1.12.0/auto/cc/gcc
172 #CFLAGS="$CFLAGS -g" (註釋掉這行,去掉 debug 模式編譯,編譯以後程序只有幾百 k)
# vim nginx-1.12.0/src/core/nginx.h
12 #define nginx_version 1012000
13 #define NGINX_VERSION "1.12.0"
14 #define NGINX_VER "nginx" (修改此行, 去掉後面的 “ NGINX_VERSION”,為了安全,這樣編譯後外界無法獲取程序的版本號)
4).安裝軟件包依賴文件和nginx服務
# yum install gcc pcre-devel openssl-devel -y
# ./configure --prefix=/usr/local/lnmp/nginx --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_stub_status_module
5).重新編譯
# make && make install
6).做軟鏈接
# ln -s /usr/local/lnmp/nginx/sbin/nginx /sbin/
# nginx 啟動nginx
# nginx -s stop
測試:
[[email protected] sbin]# nginx
[[email protected] sbin]# curl -I localhost
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 20 Jul 2017 13:42:42 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Thu, 20 Jul 2017 12:57:37 GMT
Connection: keep-alive
ETag: "5970a8c1-264"
Accept-Ranges: bytes
2.nginx 進程數設置 ,處理最大連接數設置
Nginx默認沒有開啟利用多核CPU,我們可以通過增加worker_cpu_affinity配置參數來充分利用多核CPU。CPU是任務處理,計算最關鍵的資源,CPU核越多,性能就越好。
通過 cat /proc/cpuinfo或lscpu來看cpu核心數
(1)cpu有多少個核,就有幾位數,1代表內核開啟,0代表內核關閉
(2)worker_processes最多開啟8個,8個以上性能就不會再提升了,而且穩定性會變的更低,因此8個進程夠用了
配置Nginx多核CPU,worker_cpu_affinity使用方法和範例
1. 2核CPU,開啟2個進程
# vim /usr/local/lnmp/nginx/conf/nginx.conf
3 worker_processes 2; #2個進程
4 worker_cpu_affinity 01 10; #cpu內核1和2
13 events {
14 worker_connections 65535; #連接數
15 }
118 server {
119 listen 80;
120 server_name www.westos.org;
121 location / {
122 root /web1;
123 index index.html;
124 }
# vim /etc/security/limits.conf
51 nginx - nofile 65535
# usermod -s /bin/bash nginx
切換到nginx執行ulimit -a進行查看最大連接數
nginx -t#檢測語法
nginx#運行 nginx
nginx -s reload#重載主配置文件
nginx -s stop#關閉 nginx
# ulimit -a
# mkdir /web1
# cat /web1/index.html
<h1>www.westos.org</h1>
# nginx -s reload
測試:
##nginx的https加密服務
# vim /usr/local/lnmp/nginx/conf/nginx.conf
99 server {
100 listen 443 ssl;
101 server_name localhost;
102
103 ssl_certificate cert.pem;
104 ssl_certificate_key cert.pem;
105
106 ssl_session_cache shared:SSL:1m;
107 ssl_session_timeout 5m;
108
109 ssl_ciphers HIGH:!aNULL:!MD5;
110 ssl_prefer_server_ciphers on;
111
112 location / {
113 root html;
114 index index.html index.htm;
115 }
116 }
## 生成數字證書
# cd /etc/pki/tls/private/
# openssl genrsa 2048 > localhost.key
# cd /etc/pki/tls/certs/
# make testcert
# cd /etc/pki/tls/certs/
# make cert.pem
# mv /etc/pki/tls/certs/cert.pem /usr/local/lnmp/nginx/conf/
# nginx -t
# nginx -s reload
# netstat -antlp 查看端口
測試:
###### nginx 訪問控制######
# vim /usr/local/lnmp/nginx/conf/nginx.conf
49 location /status {
50 stub_status on;
51 access_log off;
52 allow 172.25.62.250; ##只允許172.25.62.250訪問
53 deny all;
54 }
# nginx -t
# nginx -s reload
測試:# curl http://172.25.62.1/status
######## nginx網頁重寫 ######
訪問www.westos.org跳轉到https://www.westos.org
# vim /usr/local/lnmp/nginx/conf/nginx.conf
105 server {
106 listen 443 ssl;
107 server_name www.westos.org;
108
109 ssl_certificate cert.pem;
110 ssl_certificate_key cert.pem;
111
112 ssl_session_cache shared:SSL:1m;
113 ssl_session_timeout 5m;
114
115 ssl_ciphers HIGH:!aNULL:!MD5;
116 ssl_prefer_server_ciphers on;
117
118 location / {
119 root /wed1;
120 index index.html index.htm;
121 }
122 }
123
124 server {
125 listen 80;
126 server_name www.westos.org;
127
128 rewrite ^(.*)$ https://www.westos.org$1 permanent;
129 }
$1可以讓訪問指定目錄,permanent 永久 redirect 暫時
# nginx -t
# nginx -s reload
測試:
######## nginx負載均衡 #######
1.輪詢(默認weight=1)默認選項,當weight不指定時,各服務器weight相同,每個請求按時間順序逐一分配到不同的後端服務器,如果後端服務器down掉,能自動剔除。
2.weight
指定輪詢幾率,weight和訪問比率成正比,用於後端服務器性能不均的情況。如果後端服務器down掉,能自動剔除。
比如下面配置,則1.11服務器的訪問量為1.10服務器的兩倍。
3.ip_hash
每個請求按訪問ip的hash結果分配,這樣每個訪客固定訪問一個後端服務器,可以解決session不能跨服務器的問題。如果後端服務器down掉,要手工down掉。
4.當2,3的服務都down掉後,本地的服務就會頂上,顯示信息proxy_pass反向代理每次改完配置文件都要nginx -t 進行語法檢查,nginx -s reload進行路徑更新nginx -s stop關閉服務
# vim /usr/local/lnmp/nginx/conf/nginx.conf
18 http {
19 upstream westos {
20 ip_hash;
21 server 172.25.62.2:80 weight=2;
22 server 172.25.62.3:8080;
23# server 172.25.62.1:8000 backup;
24 }
25 include mime.types;
26 default_type application/octet-stream;
128 server {
129 listen 80;
130 server_name www.westos.org;
131
132 # rewrite ^(.*)$ https://www.westos.org$1 permanent;
133 location / {
134 proxy_pass http://westos;
135 }
136 }
測試:
# for i in {1..10};do curl www.westos.org;done
<h1>server3-www.westos.org</h1>
<h1>server2</h1>
<h1>server3-www.westos.org</h1>
<h1>server2</h1>
<h1>server3-www.westos.org</h1>
<h1>server2</h1>
<h1>server3-www.westos.org</h1>
<h1>server2</h1>
<h1>server3-www.westos.org</h1>
<h1>server2</h1>
nginx服務