Nginx的编译安装以及简单配置

Linux运维笔记 专栏收录该内容
80 篇文章 0 订阅

编译环境

  • 操作系统 rhel6.5 ;
  • 内核版本 2.6.32-431.el6.x86_64;
  • 使用软件包为 nginx-1.10.1.tar.gz;
  • 主机为172.25.23.6;
  • hostname:server6.com;
  • 虚拟机类型:kvm;
[root@server6 ~]# tar xvf nginx-1.10.1.tar.gz 

编译选项:
–prefix=/usr/local/lnmp/nginx
–with-http_ssl_module
–with-http_stub_status_module

  • 可能出现的错误
  • Linux 2.6.32-431.el6.x86_64 x86_64
    checking for C compiler … not found
    ./configure: error: C compiler cc is not found
  • 解决的办法:
[root@server6 nginx-1.10.1]# yum install gcc make -y
  • 可能出现的错误2

    ./configure: error: the HTTP rewrite module requires the PCRE library.
    You can either disable the module by using –without-http_rewrite_module
    option, or install the PCRE library into the system, or build the PCRE library
    statically from the source with nginx by using –with-pcre= option.

  • 解决的办法

[root@server6 nginx-1.10.1]# yum install -y pcre-devel
  • 可能出现的错误3

    ./configure: error: SSL modules require the OpenSSL library.
    You can either do not enable the modules, or install the OpenSSL library
    into the system, or build the OpenSSL library statically from the source
    with nginx by using –with-openssl= option.

  • 解决的办法

[root@server6 nginx-1.10.1]# yum install -y openssl-devel
  • 执行编译命令:
[root@server6 nginx-1.10.1]#  ./configure \
--prefix=/usr/local/lnmp/nginx  \ 
--with-http_ssl_module \
 --with-http_stub_status_module
  • 认真检查MakeFile 文件生成的过程没有错误,并且出现:
configuration summary
  + using system PCRE library   
  + using system OpenSSL library
  + md5: using OpenSSL library
  + sha1: using OpenSSL library
  + using system zlib library

  nginx path prefix: "/usr/local/lnmp/nginx"
  nginx binary file: "/usr/local/lnmp/nginx/sbin/nginx"
  nginx modules path: "/usr/local/lnmp/nginx/modules"
  nginx configuration prefix: "/usr/local/lnmp/nginx/conf"
  nginx configuration file: "/usr/local/lnmp/nginx/conf/nginx.conf"
  nginx pid file: "/usr/local/lnmp/nginx/logs/nginx.pid"
  nginx error log file: "/usr/local/lnmp/nginx/logs/error.log"
  nginx http access log file: "/usr/local/lnmp/nginx/logs/access.log"
  nginx http client request body temporary files: "client_body_temp"
  nginx http proxy temporary files: "proxy_temp"
  nginx http fastcgi temporary files: "fastcgi_temp"
  nginx http uwsgi temporary files: "uwsgi_temp"
  nginx http scgi temporary files: "scgi_temp"
  • 执行make命令
[root@server6 nginx-1.10.1]# make
  • 执行 make install 命令
[root@server6 nginx-1.10.1]# make install
  • 配置软链接,方便进行访问
[root@server6 sbin]# ln -sv /usr/local/lnmp/nginx/sbin/nginx /usr/local/sbin/
`/usr/local/sbin/nginx' -> `/usr/local/lnmp/nginx/sbin/nginx'
  • 关闭可能会影响nginx正常访问的服务,这里是测试环境,生产环境中不建议进行关闭:
root@server6 sbin]# setenforce 0
[root@server6 sbin]# /etc/init.d/iptables stop
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]
[root@server6 sbin]# chkconfig iptables off
  • 通过浏览器查看Nginx的欢迎页面
    这里写图片描述

  • 由于Nginx工作的用户是nobody,需要添加nginx用户
    这里写图片描述

[root@server6 conf]# useradd -u 1000 -d /usr/local/lnmp/nginx/ nginx
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
[root@server6 conf]# id nginx
uid=1000(nginx) gid=1000(nginx) groups=1000(nginx)
  • 修改CPU的上限为两个,启动多线程,首先需要修改虚拟机的配置,这里是用的虚拟机是KVM
    这里写图片描述
  • 修改CPU 通过命令
[root@server6 ~]# lscpu 
Architecture:          x86_64
CPU op-mode(s):        32-bit, 64-bit
Byte Order:            Little Endian
CPU(s):                2
On-line CPU(s) list:   0,1
Thread(s) per core:    1
Core(s) per socket:    1

这里写图片描述

  • 修改Nginx的配置文件
[root@server6 conf]# vim nginx.conf
user  nginx;
worker_processes  2;
worker_cpu_affinity 01 10;
  • 查看修改之后的结果
    这里写图片描述

  • 修改对于资源的限制

[root@server6 conf]# su - nginx
-bash-4.1$ ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 3771
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 10240
cpu time               (seconds, -t) unlimited
max user processes              (-u) 1024
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
  • 编辑系统对于资源的限制文件;
[root@server6 conf]# vim /etc/security/limits.conf 
添加:
# End of file
#
nginx           -       nofile          4096
nginx           -       nproc           4096
  • 再次查看修改后的资源限制情况
[root@server6 conf]# su - nginx
-bash-4.1$ ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 3771
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 4096
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 10240
cpu time               (seconds, -t) unlimited
max user processes              (-u) 4096
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

这里写图片描述

  • 使用ab命令对nginx进行一次测试
[root@my Desktop]# ab -n 5000 -c 100 http://172.25.23.6/index.html
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 172.25.23.6 (be patient)
Completed 500 requests
Completed 1000 requests
Completed 1500 requests
Completed 2000 requests
Completed 2500 requests
Completed 3000 requests
Completed 3500 requests
Completed 4000 requests
Completed 4500 requests
Completed 5000 requests
Finished 5000 requests


Server Software:        nginx/1.10.1
Server Hostname:        172.25.23.6
Server Port:            80

Document Path:          /index.html
Document Length:        612 bytes

Concurrency Level:      100
Time taken for tests:   0.467 seconds
Complete requests:      5000
Failed requests:        0
Write errors:           0
Total transferred:      4225000 bytes
HTML transferred:       3060000 bytes
Requests per second:    10703.20 [#/sec] (mean)
Time per request:       9.343 [ms] (mean)
Time per request:       0.093 [ms] (mean, across all concurrent requests)
Transfer rate:          8832.23 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    2   1.3      2       7
Processing:     1    7   3.8      6      17
Waiting:        1    7   4.0      6      17
Total:          5    9   3.0      8      18

Percentage of the requests served within a certain time (ms)
  50%      8
  66%     10
  75%     12
  80%     12
  90%     15
  95%     15
  98%     15
  99%     16
 100%     18 (longest request)
  • 通过浏览器查看Nginx的工作状态信息
[root@server6 nginx]# vim conf/nginx.conf
location /status {
    stub_status on;
    access_log off;

}
[root@server6 nginx]# nginx -t
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful

这里写图片描述

  • 配置Nginx支持HTTPS的访问方式
[root@server6 nginx]# vim conf/nginx.conf
HTTPS server

    server {
       listen       443 ssl;
       server_name  server6.com;

       ssl_certificate      cert.pem;
       ssl_certificate_key  cert.pem;

       ssl_session_cache    shared:SSL:1m;
       ssl_session_timeout  5m; 

       ssl_ciphers  HIGH:!aNULL:!MD5;
       ssl_prefer_server_ciphers  on; 

       location / { 
           root   html;
           index  index.html index.htm;
       } 
      }
  • 需要生成密钥文件
[root@server6 nginx]# cd /etc/pki/tls/certs/
[root@server6 certs]# ls
ca-bundle.crt  ca-bundle.trust.crt  make-dummy-cert  Makefile  renew-dummy-cert
[root@server6 certs]# make cert.pem
umask 77 ; \
    PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
    PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
    /usr/bin/openssl req -utf8 -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
    cat $PEM1 >  cert.pem ; \
    echo ""    >> cert.pem ; \
    cat $PEM2 >> cert.pem ; \
    rm -f $PEM1 $PEM2
Generating a 2048 bit RSA private key
.....................+++
....................................+++
writing new private key to '/tmp/openssl.HhyS3f'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Shaanxi
Locality Name (eg, city) [Default City]:Xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:server6.com
Email Address []:root@server6.com
[root@server6 certs]# mv cert.pem /usr/local/lnmp/nginx/conf/
[root@server6 nginx]# nginx -t
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful

[root@server6 nginx]# nginx -s reload
  • 通过浏览器通过HTTPS的方式进行访问

这里写图片描述

这里写图片描述

  • 配置域名主机
[root@server6 nginx]# vim conf/nginx.conf
 server {
        listen 80;
        server_name server6.westos.org;
        location / {
                root /web1;
                index index.html;
        }
    }
    server {
        listen 80;
        server_name server6.westos.org;
        location / {
                root /web2;
                index index.html;
        }
    }

[root@server3 ~]# mkdir /web1
[root@server3 ~]# echo server6.westos.com > /web1/index.html
[root@server3 ~]# chown nginx.nginx /web1/ -R
[root@server3 ~]# mkdir /web2
[root@server3 ~]# echo server6.linux.com > /web2/index.html
[root@server3 ~]# chown nginx.nginx /web2/ -R
[root@server3 ~]# nginx -s reload
  • 需要在真机上面配置域名解析,这里通过/etc/hosts进行配置
[root@my Desktop]# vim /etc/hosts
添加
172.25.23.6 server6.com server6 server6.linux.org server6.westos.org
  • 验证上述的结果
    这里写图片描述

这里写图片描述

  • 接下来需要两台主机实现Nginxhttpd服务的调度

实验主机: server3.com 172.25.23.3
实验主机: server4.com 172.25.23.4
* 首先需要在server3以及server4上面配置好httpd服务
* server3主机配置

[root@server3 ~]# cat  /var/www/html/index.html 
<h2>Server 3 Linux Virtual server</h2>
[root@server3 ~]# /etc/init.d/iptables stop
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]
[root@server3 ~]# chkconfig iptables off
[root@server3 ~]# setenforce 0
[root@server3 ~]# /etc/init.d/httpd start
Starting httpd:                                            [  OK  ]

server4主机配置

[root@server4 ~]# echo server4.com >> /var/www/html/index.html
[root@server4 ~]# setenforce 0
[root@server4 ~]# /etc/init.d/httpd start
Starting httpd:                                            [  OK  ]

server6 Nginx主机上面的服务配置

[root@server6 ~]# vim /usr/local/lnmp/nginx/conf/nginx.conf
http {
        upstream westos {
                server 172.25.23.3:80;
                server 172.25.23.4:80;
        }

    server {
        listen 80;
        server_name server6.westos.org;
        location / {
        #       root /web1;
        #       index index.html;
        proxy_pass http://westos;
        }
    }
  • 可以查看Nginx对于两台主机的调度情况

这里写图片描述

  • F5刷新页面之后,看到的是这个页面

这里写图片描述

  • 在停止某一个节点的服务后,查看nginx是否会将服务调度到关闭服务的节点上面:
[root@server3 ~]# /etc/init.d/httpd stop
Stopping httpd:                                            [  OK  ]

这里写图片描述

  • 再次刷新之后,看到的仍然是这个页面;

  • 验证weight对于调度过程的影响:

  • 验证之前(需要说明一下,为了对比明显,分别将server3 server4上面的index.html进行修改)
[root@my Desktop]# for i in $(seq 10);do curl server6.westos.org ;done 
server4.com
server3.com
server4.com
server3.com
server4.com
server3.com
server4.com
server3.com
server4.com
server3.com
  • 修改配置文件,增加权值weight

[root@server6 ~]# vim /usr/local/lnmp/nginx/conf/nginx.conf
http {
        upstream westos {
                server 172.25.23.3:80 weight=2;
                server 172.25.23.4:80;
        }

}

[root@my Desktop]# ssh 172.25.23.6 'nginx -s reload'
  • 同样使用上述的命令进行查看
[root@my Desktop]# for i in $(seq 10);do curl server6.westos.org ;done  
server3.com
server4.com
server3.com
server3.com
server4.com
server3.com
server3.com
server4.com
server3.com
server3.com
  • 验证ip_hash算法的过程
  • 修改配置文件,增加ip_hash选项
[root@server6 ~]# vim /usr/local/lnmp/nginx/conf/nginx.conf
http {
        upstream westos {
                ip_hash;
                server 172.25.23.3:80 weight=2;
                server 172.25.23.4:80;
        }

[root@server6 ~]# nginx -s reload
  • 使用命令访问,查看结果
[root@my Desktop]# for i in $(seq 10);do curl server6.westos.org ;done  
server3.com
server3.com
server3.com
server3.com
server3.com
server3.com
server3.com
server3.com
server3.com
server3.com
  • 关闭server3上面的httpd服务 ,调度的hash算法将失效
[root@my Desktop]# ssh 172.25.23.3 '/etc/init.d/httpd stop'
X11 forwarding request failed on channel 0
Stopping httpd: [  OK  ]
[root@my Desktop]# for i in $(seq 10);do curl server6.westos.org ;done  
server4.com
server4.com
server4.com
server4.com
server4.com
server4.com
server4.com
server4.com
server4.com
server4.com
  • 验证backup算法,并且将Nginx所在的主机作为server3server4主机宕机后的备用提示节点
[root@server6 ~]# yum install httpd -y 
nginx已经占用80端口,修改httpd为8080
[root@server6 ~]# vim /etc/httpd/conf/httpd.conf 
#Listen 12.34.56.78:80
Listen 8080
[root@server6 ~]# /etc/init.d/httpd start
[root@server6 ~]# echo "the server is testing please try again later" > /var/www/html/index.html
  • 修改Nginx的配置文件,将本机作为备用节点
http {
        upstream westos {
                server 172.25.23.3:80;
                server 172.25.23.4:80;
                server 172.25.23.6:8080 backup;

        }
 }
  • 停止两台主机上面的服务,并且查看备用节点是否正常工作
[root@my Desktop]# ssh 172.25.23.4 '/etc/init.d/httpd stop'
X11 forwarding request failed on channel 0
Stopping httpd: [  OK  ]
[root@my Desktop]# ssh 172.25.23.3 '/etc/init.d/httpd stop'
X11 forwarding request failed on channel 0
Stopping httpd: [  OK  ]

[root@my Desktop]# for i in $(seq 10);do curl server6.westos.org ;done  
the server is testing please try again later
the server is testing please try again later
the server is testing please try again later
the server is testing please try again later
the server is testing please try again later
the server is testing please try again later
the server is testing please try again later
the server is testing please try again later
the server is testing please try again later
the server is testing please try again later
  • 0
    点赞
  • 0
    评论
  • 0
    收藏
  • 一键三连
    一键三连
  • 扫一扫,分享海报

©️2021 CSDN 皮肤主题: 大白 设计师:CSDN官方博客 返回首页
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、C币套餐、付费专栏及课程。

余额充值