需求背景:
企业nginx网站,erp、sap、web、www、api....集群,单一服务器不影响网站继续使用!
需求环境:
ubuntu 20.4 + nginx 1.20.0
需要技能:
熟悉ubuntu,会用日常网络指令
了解nginx原理
熟悉nginx配置,vhosts、conf、cert、ssl、upstream、configure
一、安装nginx之前,安装一下工具
sudo apt-get install libpcre3 libpcre3-dev
sudo apt-get install zlib1g-dev
sudo apt-get install openssl libssl-dev
sudo apt-get install gcc
sudo apt update
sudo apt-get install libpcre3-dev
sudo apt-get install ruby
sudo apt-get install zlib1g-dev
二、安装anginx
1、下载anginx
http://nginx.org/en/download.html
2.移动文件
mv 文件名称 目标路径
3、解压文件
tar -zxvf nginx-1.16.1.tar.gz
tar -zxvf nginx-1.16.1.tar.gz
tar -zxvf nginx-1.20.2.tar.gz -C /usr/local/
4、进入目录
cd nginx-1.20.2/
5.#编译
./configure --with-http_ssl_module
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
./configure
三、遇到问题,解决问题
1、#提示没有安装的工具包
见步骤一,并且删除nginx-1.22.1,重新安装
#安装
make && make install
2、遇到问题1:
进入/usr/local 获取pcre编译安装包,在http://www.pcre.org/上可以获取当前最新的版本
pcre-8.38.tar.bz2 解压: tar -jxvf pcre-8.38.tar.bz2
进入解压缩目录,执行./configure。
遇到问题一:./configure: error: C compiler cc is not found
解决方案: sudo apt-get install -y gcc
遇到问题二:configure: error: You need a C++ compiler for C++ support.
解决方案:sudo apt-get install build-essential
再./configure
3、遇到问题2:
./configure: error: SSL modules require the OpenSSL library.
You can either do not enable the modules, or install the OpenSSL library
into the system, or build the OpenSSL library statically from the source
with nginx by using --with-openssl=<path> option.
sudo apt-get install openssl libssl-dev
四、配置与管理
1、查看配置
cd /usr/local/nginx
vi nginx.conf
cd /usr/local/vhosts
vi wwws_*.com.cn
2、加载配置
cd /usr/local/nginx/sbin/
./nginx -s reload
3、nginx集群
upstream xhapi.*.com.cn {
server 172.20.0.122:8062 fail_timeout=60;
server 172.20.0.121:8061 fail_timeout=60;
server 172.20.0.123:8063 fail_timeout=60;
}
upstream shopmall.*.com.cn {
server 172.20.0.122:8062 fail_timeout=60;
server 172.20.0.121:8061 fail_timeout=60;
server 172.20.0.123:8360 fail_timeout=60;
}
upstream www.*.com.cn {
server 172.20.0.122:8090 fail_timeout=60;
server 172.20.0.121:8091 fail_timeout=60;
server 172.20.0.123:8091 fail_timeout=60;
}
upstream erp.*.com.cn {
server 172.20.0.121:8070 fail_timeout=60;
server 172.20.0.122:8070 fail_timeout=60;
server 172.20.0.123:8070 fail_timeout=60;
server 192.168.8.66:8070 fail_timeout=60;
}
4、nginx 关联虚拟主机配置
在nginx.conf最后添加一行
include /usr/local/nginx/vhosts/*;
添加vhosts目录,查看目录下https://www.*.com.cn配置文件wwws_*.com.cn实例
server {
listen 443 ssl;
server_name www.derier.com.cn;
#ssl on;
charset UTF-8;
#access_log /usr/local/nginx/logs/www_*_com.access.log json;
access_log /usr/local/nginx/logs/www_*_com.access.log combined;
root /mnt/webapps/web;
#ssl_certificate /usr/local/nginx/conf/cert/www/cert-1540543392281_www.*.com.cn.crt;
#ssl_certificate_key /usr/local/nginx/conf/cert/www/cert-1540543392281_www.*.com.cn.key;
#ssl_session_timeout 5m;
#ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_prefer_server_ciphers on;
#证书配置
ssl_certificate /usr/local/nginx/conf/cert/www/8209311_www.*.com.cn.pem;
ssl_certificate_key /usr/local/nginx/conf/cert/www/8209311_www.*.com.cn.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
#pc自动跳转手机
if ($http_user_agent ~* (nokia|iphone|android|samsung|htc|blackberry)) {
rewrite ^(.*) https://m.derier.com.cn$1;
}
#配置Nginx动静分离,定义的静态页面直接从Nginx发布目录读取。
#location ~ .*\.(htm|gif|jpg|jpeg|bmp|png|js|ico|txt|css)$ {
# root /derier/tomcat7_derier1/webapps/smartwx;
# access_log off;
# #expires定义用户浏览器缓存的时间为7天,如果静态页面不常更新,可以设置更长,这样可以节省带宽和缓解服务器的压力
# expires 7d;
#}
#Nginx动静分,图片转发。
location ~ .*\.(JPG|gif|jpg|jpeg|bmp|png|pdf|mp4)$ {
root /mnt/images1;
access_log off;
#expires定义用户浏览器缓存的时间为7天,如果静态页面不常更新,可以设置更长,这样可以节省带宽和缓解服务器的压力
expires 7d;
}
location ^~ /index.html {
return 301 https://www.*.com.cn;
}
location = /news/ {
# root html;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://www.derier.com.cn;
}
location = /news/default.html {
# root html;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://www.derier.com.cn;
}
location / {
# root html;
index views/login.html;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://www.derier.com.cn;
}
location = /50x.html {
root html;
}
}