day12-nginx
nginx php
前臺服務器併發大 html
安裝nginx node
useradd –s /sbin/nologin nginx nginx
tar xf nginx-xxx.tar.gz web
yum install –y gcc pcre-devel openssl-devel 算法
./configure --prefix=/etc/nginx --user=nginx --group=nginx --with-http_ssl_module --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log 後端
1 nginx path prefix: "/etc/nginx" 2 3 nginx binary file: "/etc/nginx/sbin/nginx" 4 5 nginx modules path: "/etc/nginx/modules" 6 7 nginx configuration prefix: "/etc/nginx/conf" 8 9 nginx configuration file: "/etc/nginx/conf/nginx.conf" 10 11 nginx pid file: "/etc/nginx/logs/nginx.pid" 12 13 nginx error log file: "/var/log/nginx/error.log" 14 15 nginx http access log file: "/var/log/nginx/access.log" 16 17 nginx http client request body temporary files: "client_body_temp" 18 19 nginx http proxy temporary files: "proxy_temp" 20 21 nginx http fastcgi temporary files: "fastcgi_temp" 22 23 nginx http uwsgi temporary files: "uwsgi_temp" 24 25 nginx http scgi temporary files: "scgi_temp" 26 27 make && make install
注意:默認該軟件不提供啓動腳本 緩存
nginx配置文件及目錄 bash
/etc/nginx 安裝目錄 服務器
/etc/nginx/conf/nginx.conf 主配置文件
/etc/nginx/html 網頁目錄
/etc/nginx/logs 日誌文件
sbin/nginx 啓動腳本
啓動nginx服務
-v 查看nginx
-V 查看編譯參數
-t 測試默認配置文件
-c 指定配置文件
[root@localhost sbin]# ./nginx -v
nginx version: nginx/1.10.1
[root@localhost sbin]# ./nginx -V
nginx version: nginx/1.10.1
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC)
built with OpenSSL 1.0.0-fips 29 Mar 2010
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --user=nginx --group=nginx --with-http_ssl_module --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log
[root@localhost sbin]# ./nginx -t
nginx: the configuration file /etc/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/conf/nginx.conf test is successful
中止nginx
格式:pkill/kill 信號 進程名/pid號
經常使用信號
TERM,INT 快速關閉
QUIT 從容關閉,關閉主進程順便關閉工做子進程
HUP 重載配置用新的配置 至關於服務reload,服務不關閉,從新讀取配置文件
kill -HUP `cat /var/run/nginx.pid`
USR1 從新打開日誌文件
USR2 平滑升級可執行程序 服務不關閉,升級程序
WINCH 從容關閉工做進程,不會當即關閉子進程
可以使用kill –l 查看
kill PID 默認是 15) SIGTERM
kill -9 爲 9) SIGKILL
ctrl+c 爲 2) SIGINT
/usr/local/nginx/sbin/nginx 開啓服務
/usr/local/nginx/sbin/nginx –s stop 關閉服務
升級nginx
[root@localhost sbin]# /etc/nginx/sbin/nginx -V
nginx version: nginx/1.10.1
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC)
built with OpenSSL 1.0.0-fips 29 Mar 2010
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --user=nginx --group=nginx --with-http_ssl_module --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log
tar xf nginx-xxx1.tar.gz
./configure --prefix=/etc/nginx --user=nginx --group=nginx --with-http_ssl_module --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log
make
cd /etc/nginx/sbin
mv nginx nginxold 備份之前版本的nginx程序
cd nginx/objs 打開新版本的nginx目錄下的objs
[root@localhost nginx-1.11.4]# cp objs/nginx /etc/nginx/sbin/nginx 複製新版本的nginx程序
cd ..
make upgrade
[root@localhost ~]# /etc/nginx/sbin/nginx -v
nginx version: nginx/1.11.4
主配置選項:
1 user nginx 進程全部者 2 3 worker_processes 1; 啓動進程數量,(推薦:最好等於CPU核心的數量) 4 5 error_log /var/log/nginx/error.log; 日誌文件 6 7 pid /var/run/nignx.pid; PID文件 8 9 events { 10 11 use epoll; 12 13 worker_connections 1024; 單個進程最大併發量 14 15 } 16 17 keepalive_timeout 65 保持鏈接,超時時間 18 19 tcp_nodelay on; 禁用nagle 禁用延遲.無等待(要求併發量高,設置) 20 21 gzip on; 開啓gzip壓縮 提升速度 22 23 gzip_min_length 1000; 最小壓縮文件大小 24 25 gzip_disable "MISE[1-6]\.(?!.*SV1)"; 針對IE禁用gzip 26 27 28 29 server{ 定義虛擬主機 30 31 listen 80; 32 33 server_name web1.myweb.com; 34 35 location / { 發佈目錄 至關於http://192.168.100.100/根下 36 37 root html; 38 39 index index.html index.htm index.php; 40 41 allow 192.168.100.101; 只容許192.168.100.101訪問 42 43 deny all; 44 45 auth_basic "auth-domain"; //開啓帳戶驗證 46 47 auth_basic_user_file /usr/local/nginx/conf/user.list; //指定帳戶及密碼的保存文件路徑 48 49 } 50 51 }
建立密碼文件:
yum install -y
yum whatprovides /usr/bin/htpasswd 查看這條命令來自哪一個包
htpasswd –c /etc/nginx/conf/user.list 用戶名 第一次建立加-c選項 下次建立用戶無需加c
htpasswd /etc/nginx/conf/user.list用戶名
能夠對密碼進行加密
htpasswd –cm /usr/local/nginx/conf/ user.list 用戶名
啓動腳本(簡單實現功能,之後會改善)
1 #!/bin/bash 2 3 # chkconfig: - 85 15 4 5 case "$1" in 6 7 start) 8 9 /etc/nginx/sbin/nginx 10 11 echo "$0:nginx ok..." 12 13 ;; 14 15 stop) 16 17 /etc/nginx/sbin/nginx -s stop 18 19 #kill -INT `cat /var/run/nginx.pid` 20 21 echo "$0:nginx stop..." 22 23 ;; 24 25 reload) 26 /etc/nginx/sbin/nginx -s reload 27 #kill -HUP `cat /var/run/nginx.pid` 28 29 echo "$0:nginx reload..." 30 31 ;; 32 33 *) 34 35 echo "$0:start|stop|restart|reload" 36 37 esac
虛擬主機
1 server{ 2 3 listen 80; 4 5 server_name www.web1.com; 6 7 location / { 8 9 root web1; 10 11 index index.html index.htm; 12 13 } 14 15 } 16 17 server{ 18 19 listen 80; 20 21 server_name www.web2.com; 22 23 location / { 24 25 root web2; 26 27 index index.html; 28 29 }
基於SSL的網站
加密算法:對稱加密,非對稱加密
基於SSL的網站基於非對稱加密算法
須要生產:私鑰、證書
生產私鑰和證書
# openssl genrsa -out cert.key 2048
生成密鑰,gen後面是RSA算法,cret.key是文件名字
# openssl req -new -x509 -key cert.key -out cert.pem 用私鑰生成證書
[root@localhost nginx]# ls cert.*
cert.key cert.pem
# cp cert.* /etc/nginx/conf 默認放在nginx/conf目錄下
配置文件
1 keepalive_timeout 65; 2 gzip on; 3 gzip_min_length 1000; 4 gzip_disable "MISE[1-6]\.(?!.*SV1)"; 5 server{ 6 listen 80; 7 server_name www.web1.com; 8 location / { 9 root web1; 10 index index.html index.htm; 11 # auth_basic "auth-domain"; 12 # auth_basic_user_file /etc/nginx/conf/user.list; 13 } 14 } 15 16 #user nobody; 17 user nginx; 18 worker_processes 1; 19 error_log /var/log/nginx/error.log; 20 #error_log logs/error.log notice; 21 #error_log logs/error.log info; 22 pid /var/run/nginx.pid; 23 events { 24 use epoll; 25 worker_connections 1024; 26 } 27 http { 28 include mime.types; 29 default_type application/octet-stream; 30 #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 31 # '$status $body_bytes_sent "$http_referer" ' 32 # '"$http_user_agent" "$http_x_forwarded_for"'; 33 #access_log logs/access.log main; 34 sendfile on; 35 tcp_nopush on; 36 #keepalive_timeout 0; 37 server{ 38 listen 80; 39 server_name www.web2.com; 40 location / { 41 root web2; 42 index index.html; 43 } 44 } 45 46 server { 47 listen 443; 48 server_name www.web3.com; 49 ssl on; 50 ssl_certificate cert.pem; 51 ssl_certificate_key cert.key; 52 location / { 53 root web3; 54 index index.html; 55 }} 56 server { 57 listen 443; 58 server_name www.web4.com; 59 ssl on; 60 ssl_certificate /etc/nginx/ssl/test.pem; 61 ssl_certificate_key /etc/nginx/ssl/test.key; 62 location / { 63 root web4; 64 index index.html; 65 } 66 } 67 }
nginx反向代理
優點:調度快,調試機制豐富
缺點:ACL訪問控制簡單(沒有SQUID功能多),緩存機制
主服務配置文件
upstream test { server 192.168.100.101; server 192.168.100.102; } server { listen 80; server_name www.test.com; location / { proxy_pass http://test; } }
其餘兩臺192.168.100.101和102,開啓WEB服務便可
客戶端驗證
這是輪詢訪問
nginx目前支持4種分配方式
輪詢(默認)逐一手循環調度
weight指定輪詢機率,權重值和訪問比率正比
ip_hash每一個請求根據訪問IP分配一個固定t後端服務器
fair按後端服務器響應時間短的優先分配
狀態類型
down:表示當前server暫時不參與負載
max_fails:容許請求失敗的次數(默認爲1)
fail_timeout:max_fails次失敗後,暫停提供服務時間
backup:備份服務器
當server 192.168.100.101 weight=2;改成
驗證
1 upstream test { 2 ip_hash; 給同一用戶分配固定服務器 3 server 192.168.100.101 weight=2;權重爲2 4 server 192.168.100.102 max_fails=2 fail_timeout=30;如何該地址有三次鏈接失敗,則宕機30秒 5 server 192.168.100.103 down; 宕機服務器 6 server 192.168.100.104 backup;備份服務器 (當前面的服務器都宕機纔會啓用) 7 } 8 server { 9 listen 80; 10 server_name www.test.com; 11 location / { 12 proxy_pass http://test; 13 } 14 }
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. Window下Ribbit MQ安裝
- 2. Linux下Redis安裝及集羣搭建
- 3. shiny搭建網站填坑戰略
- 4. Mysql8.0.22安裝與配置詳細教程
- 5. Hadoop安裝及配置
- 6. Python爬蟲初學筆記
- 7. 部署LVS-Keepalived高可用集羣
- 8. keepalived+mysql高可用集羣
- 9. jenkins 公鑰配置
- 10. HA實用詳解