Nginx
cpu 修改
work 并发量修改
ssl 认证制作
虚拟主机
利用虚拟主机进行后台调度 lb
status 简单监控模块
- 基本流程
client -> cdn -> lvs(4) -> nginx(7)
nginx 企业版(nginx plus) 社区版
nginx 源码安装
tar zxf nginx-1.10.1.tar.gz
- 1:装的nginx不显示版本
/root/nginx-1.10.1/src/core
14 #define NGINX_VER "nginx/"
- 2:取消debug模式,装的包能小点
/root/nginx-1.10.1/auto/cc
178 # debug
179 #CFLAGS="$CFLAGS -g"
- 3:安装依赖包
yum install -y pcre-devel openssl-devel zlib-devel
- 4:编译
./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_ssl_module --with-http_stub_status_module
make && make install
- 5:启动
ssl 认证
- 1:修改配置文件
- 2:做认证
############################################################
/etc/pki/tls/certs #路径
[root@server2 certs]# make cert.pem
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -utf8 -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
cat $PEM1 > cert.pem ; \
echo "" >> cert.pem ; \
cat $PEM2 >> cert.pem ; \
rm -f $PEM1 $PEM2
Generating a 2048 bit RSA private key
.............................................................................................+++
........+++
writing new private key to '/tmp/openssl.VCa4Fh'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:shaanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:server1
Email Address []:root@localhost
[root@server2 certs]#
[root@server2 certs]# ls
ca-bundle.crt cert.pem Makefile
ca-bundle.trust.crt make-dummy-cert renew-dummy-cert
[root@server2 certs]# cp cert.pem /usr/local/nginx/conf/
##############################################################
- 测试
for i in {1..20};do curl www.westos.org; done
- nginx 配置文件
[root@foundation1 day03]# cat nginx.conf
user nginx;
worker_processes 1; #常见三个参数 1 2 auto自动 ps ax lscpu
#worker_cpu_affinity 0001 0010 0100 1000;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 65535;
# 并发量控制
# 修改此处也要修改etc/security/limits.conf 最后一行添加
# nginx - nofile 65535
}
http {
upstream westos { #调度器设置
server 172.25.200.3:80 weight=3; #weight 权重
server 172.25.200.4:80; #后面加 backup 可以作为后台
}
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
#keepalive_timeout 0;
#keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
location /status { #简单监控状态 ip/status
stub_status on;
access_log off;
allow all; #设置白名单,也可以在下面设置黑名单
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#ssl 认证
server {
listen 443 ssl;
server_name localhost;
ssl_certificate cert.pem;
ssl_certificate_key cert.pem; #修改此处
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
#虚拟主机设置
server {
listen 80;
server_name www.westos.org;
location / {
# root /www1;
# index index.html;
proxy_pass http://westos; #调用上面的 upstream 22行
}
}
server {
listen 80;
server_name bbs.westos.org;
location / {
root /www2;
index index.html;
}
}
}
- nginx 官网
www.nginx.com