共计 8747 个字符,预计需要花费 22 分钟才能阅读完成。
主机环境 RedHat6.5 64 位
实验环境 服务端 ip172.25.29.1 nginx
服务端 ip 172.25.29.2 apache
服务端 ip 172.25.29.3 apache
测试端 ip 172.25.254.29
安装包 nginx-1.10.1.tar.gz
nginx 用作反向代理
服务端 1
1. 安装 nginx
1. 解压及简单配置
[root@server1 mnt]# yum install gcc -y #安装 gcc
[root@server1 mnt]# tar zxf nginx-1.10.1.tar.gz #解压 nginx 压缩包
[root@server1 mnt]# ls
nginx-1.10.1 nginx-1.10.1.tar.gz
[root@server1 mnt]# cd nginx-1.10.1
[root@server1 nginx-1.10.1]# vim auto/cc/gcc #禁止 debug 调试
178 # debug
179#CFLAGS=”$CFLAGS -g”
[root@server1 nginx-1.10.1]# vim src/core/nginx.h #禁止出现 nginx 版本号,以保证安全性
14 #defineNGINX_VER “nginx/”
2. 软件配置(静态)
[root@server1 nginx-1.10.1]# ./configure–prefix=/usr/local/lnmp/nginx –with-http_ssl_module–with-http_stub_status_module
如果出现以下错误
[root@server1 nginx-1.10.1]# yum install pcre-devel -y
重新配置
[root@server1 nginx-1.10.1]# ./configure–prefix=/usr/local/lnmp/nginx –with-http_ssl_module–with-http_stub_status_module
如果出现以下错误
[root@server1 nginx-1.10.1]# yum install openssl-devel -y
重新配置
[root@server1 nginx-1.10.1]# ./configure–prefix=/usr/local/lnmp/nginx –with-http_ssl_module–with-http_stub_status_module
3. 编译、链接、安装
[root@server1 nginx-1.10.1]# make
[root@server1 nginx-1.10.1]# make install
2. 将 nginx 作为系统变量,开启 nginx
[root@server1nginx-1.10.1]# cd /usr/local/lnmp/nginx/
[root@server1 nginx]# ls
conf html logs sbin
[root@server1 nginx]# ln -s /usr/local/lnmp/nginx/sbin/nginx/usr/local/sbin/ #作软链接将 nginx 的启动命令作为系统命令
[root@server1 nginx]# nginx -t #检测
nginx: the configuration file/usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conftest is successful
[root@server1 nginx]# nginx #打开 nginx
[root@server1 nginx]# cd conf/
3. 配置文件中模块的修改及测试
[root@server1 conf]# useradd -u 900 -d /usr/local/lnmp/nginx/nginx #创建管理 nginx 的用户
1. 修改用户、添加 cpu 及绑定 cpu
[root@server1 conf]# vim nginx.conf
2 user nginx; #修改 nginx 的用户
3 worker_processes 2; #工作进程,两块 cpu
4 worker_cpu_affinity01 10; #绑定 cpu
[root@server1 conf]# nginx -t #检测
nginx: the configuration file/usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conftest is successful
[root@server1 conf]# nginx -s reload #重载
测试
[root@server1 conf]# ps aux | grep nginx
[root@server1 conf]# vim nginx.conf
13 events {
14 worker_connections 4096; #支持的最大链接数
15 }
[root@server1 conf]# nginx -t #检测
nginx: the configuration file/usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conftest is successful
[root@server1 conf]# nginx -s reload #重载
[root@server1 conf]# vim /etc/security/limits.conf #系统分配给 nginx 的
51 nginx – nofile 200
52 nginx – nproc 200
[root@server1 conf]# :() { :|:&};: #测试
如果把上面 200 改成 4096,那么系统直接卡死
2. 查看 nginx 状态
[root@server4 conf]# vim nginx.conf #查看 nginx 状态
57 location /status {
58 stub_status on;
59 access_log off;
60 }
[root@server1 conf]# nginx -t
nginx: the configuration file/usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conftest is successful
[root@server4 conf]# nginx -s reload
[root@server1 mnt]# yum install httpd -y
[root@server1 conf]# vim /etc/httpd/conf/httpd.conf
136 Listen 8080 #之前 nginx 监听 80 端口,httpd 就换了端口
[root@server1 conf]# /etc/init.d/httpd start
Starting httpd: [OK]
测试 172.25.29.1/status
3.nginx 访问加密(自定义签名证书)
在互联网中,如果访问不加密,会导致很多重要信息泄露,所有才有了加密
[root@server4 conf]# vim nginx.conf #访问加密
101 #
102 server {
103 listen 443 ssl;
104 server_name localhost;
105
106 ssl_certificate cert.pem;
107 ssl_certificate_key cert.pem;
108
109 ssl_session_cache shared:SSL:1m;
110 ssl_session_timeout 5m;
111
112 ssl_ciphers HIGH:!aNULL:!MD5;
113 ssl_prefer_server_ciphers on;
114
115 location / {
116 root html;
117 index index.html index.htm;
118 }
119 }
120
[root@server1 conf]# cd /etc/pki/tls/certs/
[root@server1 certs]# make cert.pem #生成自定义签名证书
umask 77 ; \
PEM1=`/bin/mktemp/tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp/tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req-utf8 -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2-set_serial 0 ; \
cat $PEM1 > cert.pem ; \
echo “” >> cert.pem ; \
cat $PEM2 >>cert.pem ; \
rm -f $PEM1 $PEM2
Generating a 2048 bit RSA private key
…………..+++
…………….+++
writing new private key to ‘/tmp/openssl.9egbT2’
—–
You are about to be asked to enter information that will beincorporated
into your certificate request.
What you are about to enter is what is called a DistinguishedName or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Shaanxi
Locality Name (eg, city) [Default City]:xi’an
Organization Name (eg, company) [Default Company Ltd]:wen
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server’s hostname)[]:server1.example.com
Email Address []:root@server1.example.com
[root@server1 certs]# mv cert.pem /usr/local/lnmp/nginx/conf/
[root@server1 certs]# nginx -t
nginx: the configuration file/usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conftest is successful
[root@server1 certs]# nginx -s reload
测试 https://172.25.29.1
选择 I Understand the Risks, 确认
4. 虚拟主机
虚拟主机允许从一个 httpd 服务器同时为多个网站提供服务
[root@server1 certs]# cd /usr/local/lnmp/nginx/conf/
[root@server1 conf]# vim nginx.conf
120 server {
121 listen 80; #监听端口
122 server_name www.wen.com; #域名
123
124 location / {
125 root /web1; #默认发布目录
126 index index.html; #默认发布文件
127 }
128 }
129 server {
130 listen 80;
131 server_name www.mi.com;
132
133 location / {
134 root /web2;
135 index index.html;
136 }
137 }
[root@server1 conf]# mkdir /web1 /web2
[root@server1 conf]# vim /web1/index.html
Welcome to www.wen.com
[root@server1 conf]# vim /web2/index.html
Welcome to www.mi.com
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.confsyntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conftest is successful
[root@server1 conf]# nginx -s reload
测试
在测试端的主机里加上域名解析
[root@foundation29 Desktop]# vim /etc/hosts
172.25.29.1 www.wen.comwww.mi.com
5. 轮询负载均衡
参数说明:round-robin(默认)
wegiht:默认为 1.weight 越大,负载的权重就越大
backup:其它所有的非 backup 机器都 down 时,才会请求 backup 机器。所以这台机器压力会最轻
ip_hash:每个请求按访问 ip 的 hash 结果分配,这样每个访客固定访问一个后端服务器,可以解决 session 的问题
[root@server1 conf]# vim nginx.conf
18 http {
19 upstream wen {
20 server 172.25.29.2:80;
21 server 172.25.29.3:80weight=2;
22 server 172.25.29.4:8080backup;
23 }
125 server {
126 listen80;
127 server_name www.wen.com;
128
129 location / {
130 #root /web1;
131 #index index.html;
132 proxy_pass http://wen;
133 }
134 }
[root@server1 conf]# nginx -t
nginx: the configuration file/usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conftest is successful
[root@server1 conf]# nginx -s reload
[root@server1 conf]# vim /var/www/html/index.html
[root@server1 conf]# /etc/init.d/httpd restart
Stopping httpd: [OK]
Starting httpd: [OK]
其他两个 2,3 服务端,测试时要保证其 http 服务开启且默认访问的首页的路径下要有 index.html 文件,在文件里要有内容(随便什么都行)
测试
[kiosk@foundation29 ~]$ for i in $(seq 10);do curl www.wen.com; done
<h1>server3</h1>
<h1>www.westos.org-server2</h1>
<h1>server3</h1>
<h1>server3</h1>
<h1>www.westos.org-server2</h1>
<h1>server3</h1>
<h1>server3</h1>
<h1>www.westos.org-server2</h1>
<h1>server3</h1>
<h1>server3</h1>
[kiosk@foundation29 ~]$ for i in $(seq 10);do curl www.wen.com; done 当 server3 httpd stop 之后
<h1>www.westos.org-server2</h1>
<h1>www.westos.org-server2</h1>
<h1>www.westos.org-server2</h1>
<h1>www.westos.org-server2</h1>
<h1>www.westos.org-server2</h1>
<h1>www.westos.org-server2</h1>
<h1>www.westos.org-server2</h1>
<h1>www.westos.org-server2</h1>
<h1>www.westos.org-server2</h1>
<h1>www.westos.org-server2</h1>
[kiosk@foundation29 ~]$ for i in $(seq 10);do curl www.wen.com; done 当 server2 和 server3httpd 都 stop 之后
<h1>please try again!</h1>
<h1>please try again!</h1>
<h1>please try again!</h1>
<h1>please try again!</h1>
<h1>please try again!</h1>
<h1>please try again!</h1>
<h1>please try again!</h1>
<h1>please try again!</h1>
<h1>please try again!</h1>
<h1>please try again!</h1>
[kiosk@foundation29 ~]$ for i in $(seq 10);do curl www.wen.com; done 当 server2 和 server3 的 httpd 都 start 之后,继续轮询
<h1>www.westos.org-server2</h1>
<h1>www.westos.org-server2</h1>
<h1>server3</h1>
<h1>server3</h1>
<h1>www.westos.org-server2</h1>
<h1>server3</h1>
<h1>server3</h1>
<h1>www.westos.org-server2</h1>
<h1>server3</h1>
<h1>server3</h1>
更多 Nginx 负载均衡配置 相关教程见以下内容:
Nginx 负载均衡配置说明 http://www.linuxidc.com/Linux/2016-03/129424.htm
Linux 下 Nginx+Tomcat 负载均衡和动静分离配置要点 http://www.linuxidc.com/Linux/2016-01/127255.htm
Docker+Nginx+Tomcat7 配置简单的负载均衡 http://www.linuxidc.com/Linux/2015-12/125907.htm
Nginx 负载均衡(主备)+Keepalived http://www.linuxidc.com/Linux/2015-12/126865.htm
使用 Nginx 作为负载均衡器 http://www.linuxidc.com/Linux/2015-12/125789.htm
使用 Nginx 简单实现负载均衡 http://www.linuxidc.com/Linux/2016-08/134443.htm
Nginx 负载均衡与高可用的实现 http://www.linuxidc.com/Linux/2016-04/130350.htm
Nginx 的详细介绍:请点这里
Nginx 的下载地址:请点这里
本文永久更新链接地址:http://www.linuxidc.com/Linux/2016-10/135976.htm