CAS集群部署之nginx安装以及配置说明
此安装说明中包含配置SSL证书和nginx会话保持之sticky模块配置
环境检查
安装nginx前首先要确认系统中安装了gcc、pcre-devel、zlib-devel、openssl-devel
- rpm包安装的,可以用 rpm -qa 看到,如果要查找某软件包是否安装,用 rpm -qa | grep “软件或者包的名字”
- 以deb包安装的,可以用 dpkg -l 看到。如果是查找指定软件包,用 dpkg -l | grep “软件或者包的名字”
- yum方法安装的,可以用 yum list installed 查找,如果是查找指定包,用 yum list installed | grep “软件名或者包名”
安装命令
yum -y install gcc pcre-devel zlib-devel openssl openssl-devel
下载nginx源码
nginx下载地址:https://nginx.org/download/
cd /opt/gdsapp/cluster/
tar -zxvf nginx-1.13.11.tar.gz
下载nginx-sticky-module模块
下载地址:https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/08a395c66e42.zip
cd /opt/gdsapp/cluster/tools
unzip nginx-goodies-nginx-sticky-module-ng-08a395c66e42.zip
mv nginx-goodies-nginx-sticky-module-ng-08a395c66e42 nginx-sticky-module-ng
开始安装
1.进入nginx源码目录
cd /opt/gdsapp/cluster/nginx-1.13.11
2.配置nginx安装目录以及模块
./configure --prefix=/opt/gdsapp/cluster/nginx-1-13-11 --with-http_stub_status_module --with-http_ssl_module --add-module=/opt/gdsapp/cluster/tools/nginx-sticky-module-ng
3.make(编译并安装nginx)
make
make install
4.创建tmp/www文件夹
由于安装后的nginx没有tmp目录,需手动给/opt/gdsapp/cluster/nginx-1-13-11中创建。
5.修改nginx.conf配置
打开/opt/gdsapp/cluster/nginx-1-13-11/conf/nginx.conf
将里面内容替换为以下配置(注意该配置仅运用于nginx1.13.11版本,其它版本请参考下方配置进行修改)
#user nobody;
#nginx 进程数,建议按照cpu 数目来指定,一般为它的倍数 (如,2个四核的cpu计为8)。
worker_processes 4;
#error_log logs/error.log;
#error_log logs/error.log notice;
error_log logs/error.log info;
pid logs/nginx.pid;
#nginx 进程打开的最多文件描述符数目,最好与ulimit -n 的值保持一致
worker_rlimit_nofile 65535;
events {
#使用epoll 的I/O 模型
use epoll;
#每个进程允许的最多连接数, 理论上每台nginx 服务器的最大连接数为worker_processes*worker_connections
worker_connections 65535;
accept_mutex on;
multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
server_names_hash_max_size 512;
#客户端请求头部的缓冲区大小,这个可以根据你的系统分页大小来设置,一般一个请求头的大小不会超过1k,不过由于一般系统分页都要大于1k,所以这里设置为分页大小。分页大小可以用命令getconf PAGESIZE 取得。
client_header_buffer_size 2048k;
large_client_header_buffers 8 256k;
client_max_body_size 1000m;
client_header_timeout 60s;
client_body_timeout 60s;
client_body_buffer_size 512k;
##缓存cache参数配置##
proxy_connect_timeout 3;
proxy_read_timeout 60;
proxy_send_timeout 5;
proxy_buffer_size 128k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
#缓存到nginx的本地目录
proxy_temp_path tmp/www;
proxy_cache_path tmp/cache_cas levels=1:2 keys_zone=cache_cas:200m inactive=1d max_size=10g;
##end##
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#日志格式化
log_format main
'$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent $http_x_forwarded_for '
'upstream_addr:$upstream_addr '
'req_body:$request_body'
'request_time:$request_time';
access_log logs/access.log main;
sendfile on;
tcp_nopush on;
#keepalive 超时时间。
keepalive_timeout 65;
keepalive_requests 50000;
send_timeout 15;
tcp_nodelay on;
gzip on; #表示允许压缩的页面最小字节数,页面字节数从header头的Content-Length中获取。默认值是0,表示不管页面多大都进行压缩,建议设置成大于1K。如果小于1K可能会越压越大
gzip_min_length 1k;
#压缩缓存区大小
gzip_buffers 4 32k;
#压缩版本
gzip_http_version 1.1;
#压缩比率
gzip_comp_level 9;
#指定压缩的类型
gzip_types text/plain application/x-javascript text/css application/xml;
#vary header支持
gzip_vary on;
#隐藏Nginx版本号
server_tokens off;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
#负载均衡算法
#sticky:基于cookie的一种nginx的负载均衡
#ip_hash:基于Hash 计算(应用场景:保持session 一至性)
#url_hash:第三方(应用场景:静态资源缓存,节约存储,加快速度)
#least_conn:最少链接
#east_time:最小的响应时间,计算节点平均响应时间,然后取响应最快的那个,分配更高权重。
upstream cas {
sticky;
server 192.168.4.1:8443 weight=2 max_fails=3 fail_timeout=30s;
server 192.168.4.2:6443 weight=2 max_fails=3 fail_timeout=30s;
}
# HTTPS server
server {
listen 443 ssl;
server_name localhost;
ssl on;
ssl_certificate /opt/gdsapp/cluster/nginx-1-13-11/cacerts/xxx.com.pem;
ssl_certificate_key /opt/gdsapp/cluster/nginx-1-13-11/cacerts/xxx.com.key;
location ~ ^/(images|javascript|js|css|flash|media|static|jpg|jpeg|png|ico|map|json)/ {
proxy_pass https://cas;
proxy_redirect off;
proxy_cache_valid 200 302 404 202 30d;
proxy_cache_valid any 5m;
proxy_cache cache_cas;
expires 360d;
}
location / {
proxy_pass https://cas;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_ssl_session_reuse off;
}
}
}
*注意:需要手动修改nginx.conf中如下配置
upstream cas {
sticky;
server 192.168.4.1:8443 weight=2 max_fails=3 fail_timeout=30s;
server 192.168.4.2:6443 weight=2 max_fails=3 fail_timeout=30s;
}
# HTTPS server
server {
ssl_certificate /opt/gdsapp/cluster/nginx-1-13-11/cacerts/xxx.com.pem;
ssl_certificate_key /opt/gdsapp/cluster/nginx-1-13-11/cacerts/xxx.com.key;
}
6.启动nginx
cd /opt/gdsapp/cluster/nginx-1-13-11/sbin
启动,关闭,重启,命令:
./nginx 启动
./nginx -s stop 关闭
./nginx -s reload 重启