Nginx編譯安裝及簡單配置

一、安裝依賴包

yum -y install pcre-devel zlib-devel openssl-devel gcc gcc-c++ make    //pcre，openssl 可選擇編譯安裝

二、建立應用用戶

useradd -M -s /sbin/nologin nginx

三、安裝 nginx

#tar xf nginx-1.14.0.tar.gz -C /usr/local/src/
#cd /usr/local/src/nginx-1.14.0/
#./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-http_stub_status_module \
--with-http_ssl_module \
--without-http_rewrite_module \
--with-http_gzip_static_module \
--with-pcre=/home/ap/appuser/web_server/Package/pcre-8.41 \
--with-openssl=/home/ap/appuser/web_server/Package/openssl-1.0.2h \

註釋： --without-http_rewrite_module //重寫模塊默認開
--with-http_gzip_static_module  //開啓gzip靜態模塊，用於發送預壓縮的文件
--with-http_ssl_module  //用於支持HTTPS

四、nginx 啓動、中止

#/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf  //指定配置文件啓動
#/usr/local/nginx/sbin/nginx -s reload //平滑重啓
#kill -HUP nginx主進程號(cat /usr/local/nginx/logs/nginx.pid)  //平滑重啓
#/usr/local/nginx/sbin/nginx -s stop  //快速中止
#/usr/local/nginx/sbin/nginx -s quit  //不接收新的請求，等鏈接的請求完成在中止（生產建議使用此方法）
#/usr/local/nginx/sbin/nginx -t  //驗證nginx配置文件是否正確

五、nginx 代理

    server {
        listen       8080;
        server_name  localhost;

        location / {
            root   html;
            index  index.html index.htm;
        }
        location /web/ {  prox_pass http://127.0.0.1:8080/web/;  }
        location /www/ {  prox_pass http://127.0.0.1:8080/web/;  }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }

六、nginx 負載均衡

worker_processes  4;  //cpu個數或核數
worker_rlimit_nofile 10240;  //一個nginx進程打開的最多文件描述符數目，最好與ulimit -n的值保持一致

events {
    use epoll;  //工做模式
    worker_connections  10240;  //單個worker進程容許客戶端最大鏈接數，進程鏈接數量要小於等於系統的最大打開文件數、及(ulimit -a|grep "open files")
}
    upstream www_server {
        #ip_hash;
        server 192.168.36.154:8001;
        server 192.168.36.156:8001;
    }
    server {
        listen 80;
        server_name localhost;
        access_log  logs/access.log  main;
        location / {
                proxy_set_header        Host            $host:$server_port;
                proxy_set_header        X-Real-IP       $remote_addr;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-NginX-Proxy true;
                proxy_pass http://www_server/;
        }
    }

七、nginx 證書配置

    server {
        listen       443 ssl;
        server_name  localhost;

        ssl_certificate      ssl/server.cer; //公鑰證書（注意證書路徑，個人證書是在nginx/conf/ssl/下）
        ssl_certificate_key  ssl/server.key;  //私鑰證書

        ssl_session_cache    shared:SSL:10m;
        ssl_session_timeout  10m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location / {
            root   html;
            index  index.html index.htm;
        }
    }

 八、nginx 日誌切割腳本

#vim /home/ap/apache/web_server/nginx/nginx-log.sh

#!/bin/bash
#set -x

Date=`date -d '-1 day' +%Y%m%d`
File="access.log"
log_path="/home/ap/apache/web_server/nginx/logs"
Pid=`cat /home/ap/apache/web_server/nginx/logs/nginx.pid`
backup_file="/home/ap/log/Public/nginx-log"

if [ -e /home/ap/apache/web_server/nginx/logs/nginx.pid ];then
        mv $log_path/$File $backup_file/$File-$Date
        touch $log_path/$File
        kill -USR1 $Pid
fi

#chmod +x /home/ap/apache/web_server/nginx/nginx-log.sh

#crontab -e   //添加計劃任務
0 0 * * * /usr/bin/sh /home/ap/apache/web_server/nginx/nginx-log.sh

九、nginx + keepalived

安裝keepalived：
#tar xvf keepalived-1.3.6.tar.gz
#cd keepalived-1.3.6
#./configure --prefix=/usr/local/keepalived --with-ssl=/usr/lib64/openssl --sysconf=/etc/ && make && make install
#cp linux-file/keepalived-1.3.6/keepalived/etc/init.d/keepalived /etc/init.d/
#chmod +x /etc/init.d/keepalived
#ln -s /usr/local/keepalived/sbin/keepalived /sbin/ 指定日誌路徑：
#vim /etc/sysconfig/keepalived
KEEPALIVED_OPTIONS="-D" 修改成 KEEPALIVED_OPTIONS="-D -d -S 0"

#vim /etc/rsyslog.d/keepalived.conf
local0.* /home/ap/apache/web_server/keepalived/logs/keepalived.log  //日誌路徑

#/etc/init.d/rsyslog restart  //重啓 rsyslog
 MAST 配置文件修改：
#vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {
   #notification_email {
   #  acassen@firewall.loc
   #  failover@firewall.loc
   #  sysadmin@firewall.loc
   #}
   #notification_email_from Alexandre.Cassen@firewall.loc
   #smtp_server 192.168.200.1
   #smtp_connect_timeout 30
   router_id SERVER_1
   #vrrp_skip_check_adv_addr
   #vrrp_strict
   #vrrp_garp_interval 0
   #vrrp_gna_interval 0
}

#vrrp_script chk_nginx {
#  script "/etc/keepalived/nginx_check.sh"
#  interval 5
#}


vrrp_instance VI_1 {
    state MASTER interface eth0
    virtual_router_id 52
    priority 100
    mcast_src_ip 172.36.9.129
    advert_int 1
    
    authentication {
        auth_type PASS
        auth_pass 123456
    }

    #track_script {
    #chk_nginx
    #}

    virtual_ipaddress {
        172.36.9.108/24
    }
}

BACKUP 配置文件修改：
#vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {
   #notification_email {
   #  acassen@firewall.loc
   #  failover@firewall.loc
   #  sysadmin@firewall.loc
   #}
   #notification_email_from Alexandre.Cassen@firewall.loc
   #smtp_server 192.168.200.1
   #smtp_connect_timeout 30
   router_id SERVER_2
   #vrrp_skip_check_adv_addr
   #vrrp_strict
   #vrrp_garp_interval 0
   #vrrp_gna_interval 0
}

#vrrp_script chk_nginx {
#  script "/etc/keepalived/nginx_check.sh"
#  interval 5
#}


vrrp_instance VI_1 {
    state BACKUP interface eth0
    virtual_router_id 52
    priority 90
    mcast_src_ip 172.36.9.130
    advert_int 1
    
    authentication {
        auth_type PASS
        auth_pass 123456
    }

    #track_script {
    #chk_nginx
    #}

    virtual_ipaddress {
        172.36.9.108/24
    }
}

nginx 檢測腳本：
#!/bin/bash
A=`ps -C nginx --no-header |wc -l`
if [ $A -eq 0 ];then
   echo `date +%Y-%m-%d-%H:%M`':  nginx is not healthy, try to killall keepalived' >> /etc/keepalived/keepalived.log
   /etc/init.d/keepalived stop
fi 
#/etc/init.d/keepalived start //啓動