编译环境
- 操作系统
rhel6.5
; - 内核版本
2.6.32-431.el6.x86_64
; - 使用软件包为
nginx-1.10.1.tar.gz
; - 主机为
172.25.23.6
; hostname:server6.com
;- 虚拟机类型:
kvm
;
[root@server6 ~]# tar xvf nginx-1.10.1.tar.gz
编译选项:
–prefix=/usr/local/lnmp/nginx
–with-http_ssl_module
–with-http_stub_status_module
- 可能出现的错误
- Linux 2.6.32-431.el6.x86_64 x86_64
checking for C compiler … not found
./configure: error: C compiler cc is not found
- 解决的办法:
[root@server6 nginx-1.10.1]# yum install gcc make -y
可能出现的错误2
./configure: error: the HTTP rewrite module requires the PCRE library.
You can either disable the module by using –without-http_rewrite_module
option, or install the PCRE library into the system, or build the PCRE library
statically from the source with nginx by using –with-pcre= option.解决的办法
[root@server6 nginx-1.10.1]# yum install -y pcre-devel
可能出现的错误3
./configure: error: SSL modules require the OpenSSL library.
You can either do not enable the modules, or install the OpenSSL library
into the system, or build the OpenSSL library statically from the source
with nginx by using –with-openssl= option.解决的办法
[root@server6 nginx-1.10.1]# yum install -y openssl-devel
- 执行编译命令:
[root@server6 nginx-1.10.1]# ./configure \
--prefix=/usr/local/lnmp/nginx \
--with-http_ssl_module \
--with-http_stub_status_module
- 认真检查
MakeFile
文件生成的过程没有错误,并且出现:
configuration summary
+ using system PCRE library
+ using system OpenSSL library
+ md5: using OpenSSL library
+ sha1: using OpenSSL library
+ using system zlib library
nginx path prefix: "/usr/local/lnmp/nginx"
nginx binary file: "/usr/local/lnmp/nginx/sbin/nginx"
nginx modules path: "/usr/local/lnmp/nginx/modules"
nginx configuration prefix: "/usr/local/lnmp/nginx/conf"
nginx configuration file: "/usr/local/lnmp/nginx/conf/nginx.conf"
nginx pid file: "/usr/local/lnmp/nginx/logs/nginx.pid"
nginx error log file: "/usr/local/lnmp/nginx/logs/error.log"
nginx http access log file: "/usr/local/lnmp/nginx/logs/access.log"
nginx http client request body temporary files: "client_body_temp"
nginx http proxy temporary files: "proxy_temp"
nginx http fastcgi temporary files: "fastcgi_temp"
nginx http uwsgi temporary files: "uwsgi_temp"
nginx http scgi temporary files: "scgi_temp"
- 执行
make
命令
[root@server6 nginx-1.10.1]# make
- 执行
make install
命令
[root@server6 nginx-1.10.1]# make install
- 配置软链接,方便进行访问
[root@server6 sbin]# ln -sv /usr/local/lnmp/nginx/sbin/nginx /usr/local/sbin/
`/usr/local/sbin/nginx' -> `/usr/local/lnmp/nginx/sbin/nginx'
- 关闭可能会影响nginx正常访问的服务,这里是测试环境,生产环境中不建议进行关闭:
root@server6 sbin]# setenforce 0
[root@server6 sbin]# /etc/init.d/iptables stop
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
[root@server6 sbin]# chkconfig iptables off
通过浏览器查看
Nginx
的欢迎页面
由于
Nginx
工作的用户是nobody
,需要添加nginx
用户
[root@server6 conf]# useradd -u 1000 -d /usr/local/lnmp/nginx/ nginx
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
[root@server6 conf]# id nginx
uid=1000(nginx) gid=1000(nginx) groups=1000(nginx)
- 修改CPU的上限为两个,启动多线程,首先需要修改虚拟机的配置,这里是用的虚拟机是
KVM
- 修改
CPU
通过命令
[root@server6 ~]# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 2
On-line CPU(s) list: 0,1
Thread(s) per core: 1
Core(s) per socket: 1
- 修改
Nginx
的配置文件
[root@server6 conf]# vim nginx.conf
user nginx;
worker_processes 2;
worker_cpu_affinity 01 10;
查看修改之后的结果
修改对于资源的限制
[root@server6 conf]# su - nginx
-bash-4.1$ ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 3771
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 10240
cpu time (seconds, -t) unlimited
max user processes (-u) 1024
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
- 编辑系统对于资源的限制文件;
[root@server6 conf]# vim /etc/security/limits.conf
添加:
# End of file
#
nginx - nofile 4096
nginx - nproc 4096
- 再次查看修改后的资源限制情况
[root@server6 conf]# su - nginx
-bash-4.1$ ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 3771
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 4096
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 10240
cpu time (seconds, -t) unlimited
max user processes (-u) 4096
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
- 使用
ab
命令对nginx
进行一次测试
[root@my Desktop]# ab -n 5000 -c 100 http://172.25.23.6/index.html
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking 172.25.23.6 (be patient)
Completed 500 requests
Completed 1000 requests
Completed 1500 requests
Completed 2000 requests
Completed 2500 requests
Completed 3000 requests
Completed 3500 requests
Completed 4000 requests
Completed 4500 requests
Completed 5000 requests
Finished 5000 requests
Server Software: nginx/1.10.1
Server Hostname: 172.25.23.6
Server Port: 80
Document Path: /index.html
Document Length: 612 bytes
Concurrency Level: 100
Time taken for tests: 0.467 seconds
Complete requests: 5000
Failed requests: 0
Write errors: 0
Total transferred: 4225000 bytes
HTML transferred: 3060000 bytes
Requests per second: 10703.20 [#/sec] (mean)
Time per request: 9.343 [ms] (mean)
Time per request: 0.093 [ms] (mean, across all concurrent requests)
Transfer rate: 8832.23 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 2 1.3 2 7
Processing: 1 7 3.8 6 17
Waiting: 1 7 4.0 6 17
Total: 5 9 3.0 8 18
Percentage of the requests served within a certain time (ms)
50% 8
66% 10
75% 12
80% 12
90% 15
95% 15
98% 15
99% 16
100% 18 (longest request)
- 通过浏览器查看
Nginx
的工作状态信息
[root@server6 nginx]# vim conf/nginx.conf
location /status {
stub_status on;
access_log off;
}
[root@server6 nginx]# nginx -t
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful
- 配置
Nginx
支持HTTPS
的访问方式
[root@server6 nginx]# vim conf/nginx.conf
HTTPS server
server {
listen 443 ssl;
server_name server6.com;
ssl_certificate cert.pem;
ssl_certificate_key cert.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
- 需要生成密钥文件
[root@server6 nginx]# cd /etc/pki/tls/certs/
[root@server6 certs]# ls
ca-bundle.crt ca-bundle.trust.crt make-dummy-cert Makefile renew-dummy-cert
[root@server6 certs]# make cert.pem
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -utf8 -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
cat $PEM1 > cert.pem ; \
echo "" >> cert.pem ; \
cat $PEM2 >> cert.pem ; \
rm -f $PEM1 $PEM2
Generating a 2048 bit RSA private key
.....................+++
....................................+++
writing new private key to '/tmp/openssl.HhyS3f'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Shaanxi
Locality Name (eg, city) [Default City]:Xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:server6.com
Email Address []:root@server6.com
[root@server6 certs]# mv cert.pem /usr/local/lnmp/nginx/conf/
[root@server6 nginx]# nginx -t
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful
[root@server6 nginx]# nginx -s reload
- 通过浏览器通过
HTTPS
的方式进行访问
- 配置域名主机
[root@server6 nginx]# vim conf/nginx.conf
server {
listen 80;
server_name server6.westos.org;
location / {
root /web1;
index index.html;
}
}
server {
listen 80;
server_name server6.westos.org;
location / {
root /web2;
index index.html;
}
}
[root@server3 ~]# mkdir /web1
[root@server3 ~]# echo server6.westos.com > /web1/index.html
[root@server3 ~]# chown nginx.nginx /web1/ -R
[root@server3 ~]# mkdir /web2
[root@server3 ~]# echo server6.linux.com > /web2/index.html
[root@server3 ~]# chown nginx.nginx /web2/ -R
[root@server3 ~]# nginx -s reload
- 需要在真机上面配置域名解析,这里通过
/etc/hosts
进行配置
[root@my Desktop]# vim /etc/hosts
添加
172.25.23.6 server6.com server6 server6.linux.org server6.westos.org
- 验证上述的结果
- 接下来需要两台主机实现
Nginx
对httpd
服务的调度
实验主机: server3.com 172.25.23.3
实验主机: server4.com 172.25.23.4
* 首先需要在server3
以及server4
上面配置好httpd服务
* server3主机配置
[root@server3 ~]# cat /var/www/html/index.html
<h2>Server 3 Linux Virtual server</h2>
[root@server3 ~]# /etc/init.d/iptables stop
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
[root@server3 ~]# chkconfig iptables off
[root@server3 ~]# setenforce 0
[root@server3 ~]# /etc/init.d/httpd start
Starting httpd: [ OK ]
server4主机配置
[root@server4 ~]# echo server4.com >> /var/www/html/index.html
[root@server4 ~]# setenforce 0
[root@server4 ~]# /etc/init.d/httpd start
Starting httpd: [ OK ]
server6 Nginx主机上面的服务配置
[root@server6 ~]# vim /usr/local/lnmp/nginx/conf/nginx.conf
http {
upstream westos {
server 172.25.23.3:80;
server 172.25.23.4:80;
}
server {
listen 80;
server_name server6.westos.org;
location / {
# root /web1;
# index index.html;
proxy_pass http://westos;
}
}
- 可以查看
Nginx
对于两台主机的调度情况
- 按
F5
刷新页面之后,看到的是这个页面
- 在停止某一个节点的服务后,查看nginx是否会将服务调度到关闭服务的节点上面:
[root@server3 ~]# /etc/init.d/httpd stop
Stopping httpd: [ OK ]
再次刷新之后,看到的仍然是这个页面;
验证
weight
对于调度过程的影响:- 验证之前(需要说明一下,为了对比明显,分别将server3 server4上面的index.html进行修改)
[root@my Desktop]# for i in $(seq 10);do curl server6.westos.org ;done
server4.com
server3.com
server4.com
server3.com
server4.com
server3.com
server4.com
server3.com
server4.com
server3.com
- 修改配置文件,增加权值
weight
[root@server6 ~]# vim /usr/local/lnmp/nginx/conf/nginx.conf
http {
upstream westos {
server 172.25.23.3:80 weight=2;
server 172.25.23.4:80;
}
}
[root@my Desktop]# ssh 172.25.23.6 'nginx -s reload'
- 同样使用上述的命令进行查看
[root@my Desktop]# for i in $(seq 10);do curl server6.westos.org ;done
server3.com
server4.com
server3.com
server3.com
server4.com
server3.com
server3.com
server4.com
server3.com
server3.com
- 验证
ip_hash
算法的过程 - 修改配置文件,增加
ip_hash
选项
[root@server6 ~]# vim /usr/local/lnmp/nginx/conf/nginx.conf
http {
upstream westos {
ip_hash;
server 172.25.23.3:80 weight=2;
server 172.25.23.4:80;
}
[root@server6 ~]# nginx -s reload
- 使用命令访问,查看结果
[root@my Desktop]# for i in $(seq 10);do curl server6.westos.org ;done
server3.com
server3.com
server3.com
server3.com
server3.com
server3.com
server3.com
server3.com
server3.com
server3.com
- 关闭
server3
上面的httpd
服务 ,调度的hash
算法将失效
[root@my Desktop]# ssh 172.25.23.3 '/etc/init.d/httpd stop'
X11 forwarding request failed on channel 0
Stopping httpd: [ OK ]
[root@my Desktop]# for i in $(seq 10);do curl server6.westos.org ;done
server4.com
server4.com
server4.com
server4.com
server4.com
server4.com
server4.com
server4.com
server4.com
server4.com
- 验证
backup
算法,并且将Nginx
所在的主机作为server3
和server4
主机宕机后的备用提示节点
[root@server6 ~]# yum install httpd -y
nginx已经占用80端口,修改httpd为8080
[root@server6 ~]# vim /etc/httpd/conf/httpd.conf
#Listen 12.34.56.78:80
Listen 8080
[root@server6 ~]# /etc/init.d/httpd start
[root@server6 ~]# echo "the server is testing please try again later" > /var/www/html/index.html
- 修改
Nginx
的配置文件,将本机作为备用节点
http {
upstream westos {
server 172.25.23.3:80;
server 172.25.23.4:80;
server 172.25.23.6:8080 backup;
}
}
- 停止两台主机上面的服务,并且查看备用节点是否正常工作
[root@my Desktop]# ssh 172.25.23.4 '/etc/init.d/httpd stop'
X11 forwarding request failed on channel 0
Stopping httpd: [ OK ]
[root@my Desktop]# ssh 172.25.23.3 '/etc/init.d/httpd stop'
X11 forwarding request failed on channel 0
Stopping httpd: [ OK ]
[root@my Desktop]# for i in $(seq 10);do curl server6.westos.org ;done
the server is testing please try again later
the server is testing please try again later
the server is testing please try again later
the server is testing please try again later
the server is testing please try again later
the server is testing please try again later
the server is testing please try again later
the server is testing please try again later
the server is testing please try again later
the server is testing please try again later