一:背景
在实际的开发当中,nginx一般会被当作是一个负载均衡的组件。我们可以在nginx中看日志等。
二:nginx的安装部署
准备工作
创建nginx用户
useradd nginx -d /sbin/nologin
安装开发依赖包
yum -y groupinstall "Development tools" "Server Platform Libraries"
yum -y install gd gd-devel pcre-devel
yum -y install openssl openssl-devel
下载
进入/root/download目录,下载,解压安装包
wget http://nginx.org/download/nginx-1.2.9.tar.gz
tar -zxvf nginx-1.2.9.tar.gz
wget http://downloads.sourceforge.net/project/pcre/pcre/8.33/pcre-8.33.zip
unzip pcre-8.33.zip
安装
安装pcre到/usr/local
cd pcre-8.33
./configure --prefix=/usr/local/pcre-8.33
make && make install
安装nginx到/data/nginx
cd /root/download/nginx-1.2.9
./configure \
--prefix=/data/nginx \
--error-log-path=/data/log/nginx/error.log \
--http-log-path=/data/log/nginx/access.log \
--pid-path=/var/run/nginx/nginx.pid \
--lock-path=/var/lock/nginx.lock \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_flv_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--http-client-body-temp-path=/var/tmp/nginx/client/ \
--http-proxy-temp-path=/var/tmp/nginx/proxy/ \
--http-fastcgi-temp-path=/var/tmp/nginx/fcgi/ \
--http-uwsgi-temp-path=/var/tmp/nginx/uwsgi \
--http-scgi-temp-path=/var/tmp/nginx/scgi \
--with-pcre=/root/download/pcre-8.33 \
--with-file-aio \
--with-http_image_filter_module
make && make install
配置
默认配置:/data/nginx/conf/nginx.conf
user nginx nginx;
worker_processes 8;
worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;
error_log /data/log/nginx/nginx_error.log crit;
#pid /usr/local/nginx/nginx.pid;
#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 50000;
events
{
use epoll;
worker_connections 50000;
}
http
{
include mime.types;
default_type application/octet-stream;
underscores_in_headers on;
access_log off;
error_log off;
#charset utf-8;
server_names_hash_bucket_size 128;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
# 日志格式(std log) 注:各字段间以\t(tab字符)分隔。不能简单复制,否则会以空格作为分隔符了
log_format main '$time_iso8601 $status $connection $connection_requests $remote_addr $http_x_forwarded_for $remote_user
$request_length $request_time $request_method $server_protocol $http_host $server_port $uri $args $http_referer $body_bytes_sent
$http_user_agent $ssl_protocol $ssl_cipher $upstream_addr $upstream_status $upstream_response_time';
log_format time '$remote_addr $time_local $request_time $http_host $request $status';
# 处理时间
keepalive_timeout 60;
# 用户请求头的超时时间
client_header_timeout 1m;
# 用户请求体的超时时间
client_body_timeout 1m;
# 用户请求体最大字节数
client_max_body_size 10m;
# proxy 用
#send_timeout 3m;
# 这几个值不能太小 太小会影响商城购物车的数据
connection_pool_size 256;
client_header_buffer_size 64k;
large_client_header_buffers 4 64k;
request_pool_size 64k;
output_buffers 4 64k;
postpone_output 1460;
client_body_buffer_size 256k;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 60;
fastcgi_read_timeout 60;
## 这个不能大小 太小会常出502错误
fastcgi_buffer_size 256k;
fastcgi_buffers 8 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
# fastcgi_temp_path /dev/shm;
# fastcgi_intercept_errors on;
# open_file_cache max=50000 inactive=20s;
# # 多长时间检查一次缓存的有效信息
# open_file_cache_min_uses 1;
# open_file_cache_valid 30s;
gzip on;
gzip_min_length 4k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
# proxy_cache_path /dev/shm/nginx_cache levels=1:2 keys_zone=cache_one:200m inactive=1d max_size=200m;
# limit_zone one $binary_remote_addr 10m;
# server
# {
# error_page 404 /error.html;
#
# error_page 500 502 503 504 /notic.html;
# location = /notic.html {
# root html;
# }
# }
#
include vhosts/*.com;
include vhosts/*.conf;
include vhosts/*.cn;
#隐藏nginx版本信息
server_tokens off;
#禁用空主机头访问
server {
listen 80 default;
return 403;
}
}
虚拟机配置:/data/nginx/conf/vhosts/xxxxxxxxxx.conf
upstream xxxxxxxxxx {
server localhost:8080;
keepalive 4;
}
server {
listen 80;
server_name xxxxxxx.com;
access_log /data/log/nginx/tv_access.log;
location ~* .*\.svn.* {
return 404;
}
# location /fileserver {
# alias /mnt/www/fileserver;
# }
location / {
proxy_store off;
proxy_redirect off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://xxxxxx/;
}
}
server {
listen 443;
access_log /data/log/nginx/xxxxxxxxxxx.log;
server_name xxxxxxxxxxxxxxx.com;
ssl on;
ssl_certificate xxxxxxxxxxxxxx;
ssl_certificate_key xxxxxxxxxxxxxxxx;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-RC4-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:ECDHE-RSA-AES128-SHA256:RC4-SHA:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!DSS:!PKS;
ssl_prefer_server_ciphers on;
location / {
proxy_store off;
proxy_redirect off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header x-scheme true;
proxy_set_header xxxxxxxxxxxxxxxxxxxx;
proxy_pass http://xxxxxxxxxxxxx;
}
}
运行
执行命令
/data/nginx/sbin/nginx
提示
nginx: [emerg] mkdir() "/var/tmp/nginx/client/" failed (2: No such file or directory)创建临时目录
mkdir -p /var/tmp/nginx/client
日志切割
vim /data/nginx/sbin/cut_nginx_log.sh
#!/bin/bash
log_path=/data/log/nginx/
date=`date -d "yesterday" +"%Y%m%d"`
access_file=${log_path}access_${date}.log
error_file=${log_path}error_${date}.log
mv ${log_path}access.log ${access_file}
mv ${log_path}error.log ${error_file}
kill -USR1 `cat ${log_path}nginx.pid`
使用cron调度,crontab -e 设置:
0 0 * * * /data/nginx/sbin/cut_nginx_log.sh
自启动
创建 /etc/init.d/nginx 文件,内容如下#!/bin/sh
#
# nginx - this script starts and stops the nginx daemon
#
# chkconfig: - 85 15
# description: NGINX is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /etc/nginx/nginx.conf
# config: /etc/sysconfig/nginx
# pidfile: /var/run/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/data/nginx/sbin/nginx"
prog=$(basename $nginx)
NGINX_CONF_FILE="/data/nginx/conf/nginx.conf"
[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
lockfile=/var/lock/subsys/nginx
make_dirs() {
# make required directories
user=`$nginx -V 2>&1 | grep "configure arguments:" | sed 's/[^*]*--user=\([^ ]*\).*/\1/g' -`
if [ -z "`grep $user /etc/passwd`" ]; then
useradd -M -s /bin/nologin $user
fi
options=`$nginx -V 2>&1 | grep 'configure arguments:'`
for opt in $options; do
if [ `echo $opt | grep '.*-temp-path'` ]; then
value=`echo $opt | cut -d "=" -f 2`
if [ ! -d "$value" ]; then
# echo "creating" $value
mkdir -p $value && chown -R $user $value
fi
fi
done
}
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
make_dirs
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
sleep 1
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
说明:来源于
自启动配置
接下来要给这个脚本执行权限
chmod a+x /etc/init.d/nginx
然后配置为自启动
chkconfig --add nginx
chkconfig nginx on
三:其它
本文的主要内容来自于本人的导师张彦。