NGINX构架实验 （nfs、nginx反代、nginx upstream、nginx fastcgi ）

NGINX构架实验 （nfs、nginx反代、nginx upstream、nginx fastcgi ）

 

172.16.31.124 nginx 反向代理图片到11.100.46.9

反向代理静态页面到static upstream组11.100.46.4 （nginx）11.100.46.7（apache）健康检查

反向代理.php到动态fastcgi server 11.100.40.124

mysql server地址11.100.40.125

设置缓存

设置cacache

安装xchache

设置buffer

设置连接参数

一、安装主服务器172.16.31.124

1、安装nginx

# rpm -ivh http://172.16.31.125/soft/nginx-filesystem-1.10.2-1.el6.noarch.rpm http://172.16.31.125/soft/nginx-all-modules-1.10.2-1.el6.noarch.rpm http://172.16.31.125/soft/nginx-1.10.2-1.el6.x86_64.rpm –nodeps

2、创建nginx配置文件

 

# vim /etc/nginx/nginx.conf

user nginx nginx;

pid /var/run/nginx/nginx.pid;

worker_rlimit_core 1G;

worker_rlimit_nofile 65535;

 

worker_processes 3;

worker_cpu_affinity 0001 0010 0100;

timer_resolution 1000ms;

worker_priority -10;

 

events {

accept_mutex on;

worker_connections 10240;

accept_mutex_delay 500ms;

use epoll;

}

 

lock_file /var/lock/nginx.lock;

 

daemon on;

error_log /var/log/nginx/error.log error;

master_process on;

 

http {

include mime.types;

default_type application/octet-stream;

sendfile on;

keepalive_timeout 65;

include server.conf;

error_page 404 /404.html;

error_page 500 502 504 /50x.html;

error_page 503 =200 /empty.gif;

 

}

 

 

# vim server.conf

server {

listen 172.16.31.124:80;

server_name name2.nginx.cpe.com;

 

location / {

root /usr/share/html/;

}

 

}

3、启动并测试nginx

# nginx

二、安装上游服务器web

1、11.100.46.7

# yum -y install httpd

#service httpd start

2、11.100.46.4

# rpm -ivh http://172.16.31.125/soft/nginx-filesystem-1.10.2-1.el6.noarch.rpm http://172.16.31.125/soft/nginx-all-modules-1.10.2-1.el6.noarch.rpm http://172.16.31.125/soft/nginx-1.10.2-1.el6.x86_64.rpm –nodeps

#nginx

3、11.100.46.9

# rpm -ivh http://172.16.31.125/soft/nginx-filesystem-1.10.2-1.el6.noarch.rpm http://172.16.31.125/soft/nginx-all-modules-1.10.2-1.el6.noarch.rpm http://172.16.31.125/soft/nginx-1.10.2-1.el6.x86_64.rpm –nodeps

#nginx

三、配置upstream

1、编辑nginx.conf 在http {}创建upsteam

# vim /etc/nginx/nginx.conf

upstream dynamic {

ip_hash;

server 11.100.40.124 weight=2 max_fails=3 fail_timeout=1s;

keepalive 8;

}

#由于非商业版无法使用cookie绑定负载均衡所以使用iphash来绑定cookie。

#memcache、fscgi有时会使用长连接。

 

upstream static {

least_conn;

server 11.100.46.7 weight=2 max_fails=3 fail_timeout=1s;

server 11.100.46.4 max_fails=3 fail_timeout=1s;

}

#静态连接使用短连接+ least_conn调度，会考虑权重以及后端服务器负载情况。

 

upstream images {

# ip_hash;

least_conn;

server 11.100.46.9 weight=2 max_fails=3 fail_timeout=1s;

# server 11.100.46.4 max_fails=3 fail_timeout=1s;

# server 11.100.46.9 max_fails=3 fail_timeout=1s backup;

# sticky cookie srv_id expires=1h path=/;

}

#静态连接使用短连接+ least_conn调度，会考虑权重以及后端服务器负载情况。

#match welcome是health check的官方配置由于不是商业版无法完成测试

#sticky cookie是官方商业版标准配置方式

 

# match welcome {

# status 200;

# header Content-Type = text/html;

# body ~ “Welcome to nginx!”;

# }

 

}

 

 

2、在server{}中反向代理指向upstream组

 

server {

listen 172.16.31.124:80;

server_name name2.nginx.cpe.com;

 

location / {

proxy_pass http://dynamic;

}

 

location ~*\.(.jpg|gif|jpeg|png)$ {

proxy_pass http://images;

}

}

 

3、配置代理服务器向后端服务器传递真实ip写入log

 

(1)编辑文件在代理服务器上加入访问日志配置 172.16.31.124

在server.conf中server{}相应location中加入：

    # vim /etc/nginx/server.conf

    proxy_set_header Host $host;

    proxy_set_header X-Real-IP $remote_addr;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

 

(2)下游apache服务器接受11.100.46.7传递的日志参数

配置apache日志

# vim /etc/httpd/conf/httpd.conf

LogFormat “\”%{X-Real-IP}i\” %h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\” \”%{X-Forwarded-For}i\”” combined

#LogFormat “%h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\”” combined

 

(3)下游nginx服务器接受11.100.46.4、11.100.46.9传递的日志参数

在nginx.conf http {}中加入log配置文件

    # vim /etc/nginx/nginx.conf

     log_format main ‘$http_X_Real_IP – $remote_addr [$time_local] “$request” ‘

     ‘$status $body_bytes_sent “$http_referer” ‘

     ‘”$http_user_agent” “$http_x_forwarded_for”‘;

 

 

 

 

4、编译安装fpm-php 高级配置

 

 

 

# wget http://172.16.31.125/soft/php-5.6.30.tar.gz

 

# rpm -ivh http://172.16.31.125/soft/libmcrypt-2.5.8-9.el6.x86_64.rpm

# rpm -ivh http://172.16.31.125/soft/libmcrypt-devel-2.5.8-9.el6.x86_64.rpm

# rpm -ivh http://172.16.31.125/soft/mhash-0.9.9.9-3.el6.x86_64.rpm

# rpm -ivh http://172.16.31.125/soft/mcrypt-2.6.8-10.el6.x86_64.rpm

 

# tar xf php-5.6.30.tar.gz

# cd php-5.6.30

./configure –prefix=/usr/local/php \

–enable-mysqlnd –with-mysql –with-mysqli \

–with-openssl \

–enable-mbstring \

–with-freetype-dir –with-jpeg-dir –with-png-dir \

–with-zlib-dir –with-libxml-dir=/usr –enable-xml \

–with-mhash –with-mcrypt \

–enable-sockets –enable-fpm \

–with-config-file-path=/etc/php –with-config-file-scan-dir=/etc/php \

–with-bz2 –with-curl

 

configure: error: Cannot find OpenSSL’s <evp.h>

# yum -y install openssl-devel

 

configure: error: Please reinstall the BZip2 distribution

# yum -y reinstall bzip2 bzip2-devel

 

configure: error: Please reinstall the libcurl distribution –

easy.h should be in <curl-dir>/include/curl/

# yum -y install curl curl-devel

 

# yum -y install openssl-devel bzip2 bzip2-devel curl curl-devel libxml2-devel

 

configure: error: xml2-config not found. Please check your libxml2 installation.

# yum -y install libxml2-devel

 

# make -j 4 && make install

启动fastcgi：

 

配置启动脚本

# cp sapi/fpm/init.d.php-fpm /etc/rc.d/init.d/php-fpm

按实际情况修改：

# vim /etc/rc.d/init.d/php-fpm

php_fpm_BIN=/usr/local/php/sbin/php-fpm

php_fpm_CONF=/etc/php/php-fpm.conf

php_fpm_PID=/var/run/php-fpm.pid

# chmod +x /etc/rc.d/init.d/php-fpm

# chkconfig –add php-fpm

# chkconfig php-fpm on

 

创建配置文件：

# mkdir -pv /etc/php

# cp php.ini-production /etc/php/php.ini

# cp /usr/local/php/etc/php-fpm.conf.default /etc/php/php-fpm.conf

# vim /etc/php/php-fpm.conf

启用如下选项：

pm.max_children = 50

pm.start_servers = 5

pm.min_spare_servers = 2

pm.max_spare_servers = 8

pid = /var/run/php-fpm.pid

user = nginx

group = nginx

listen = 11.100.40.124:9000

 

5、安装nfs

172.16.31.124 用户nginx信息

# id nginx

uid=987(nginx) gid=982(nginx) groups=982(nginx)

 

# yum -y install nfs-utils

# service rpcbind start

# service nfs start

# rpcinfo -p

100005 1 udp 53616 mountd

100005 1 tcp 45831 mountd

100005 2 udp 50841 mountd

100005 2 tcp 53544 mountd

100005 3 udp 55905 mountd

100005 3 tcp 47932 mountd

100003 2 tcp 2049 nfs

100003 3 tcp 2049 nfs

100003 4 tcp 2049 nfs

 

 

创建web，php目录

# mkdir -pv /web/phps/

# groupadd -r -g 982 nginx

# useradd -M -u 987 -g 982 -s /sbin/nologin nginx

# chmod -R u=rwx,g=rwx,o= /web/phps/

 

 

编辑配置文件加入：

# vim /etc/exports

/web/phps/ 172.16.31.124(rw,all_squash,anonuid=987,anongid=982)

导出nfs:

# exportfs -ar

# showmount -e

Export list for localhost.localdomain:

/web/phps 11.100.46.4

 

5、在172.16.31.124上配置挂载nfs

安装nfs服务：

# yum -y install nfs-utils rpcbind

保存两端nginx uid与gid一致

# id nginx

uid=987(nginx) gid=982(nginx) groups=982(nginx)

#挂载nfs文件夹

# mkdir -pv /web/phps/

# showmount -e 11.100.40.124

Export list for 11.100.40.124:

/web/phps 172.16.31.124

# mount -t nfs 11.100.40.124:/web/phps /web/phps/

 

测试nfs创建测试页面：

# sudo -u nginx vim /web/phps/index.php

<?php

phpinfo();

?>

 

6、配置nginx fscgi：

# vim /etc/nginx/server.conf

location ~ \.php$ {

root /var/www/html/;

index index.php index.html index.htm;

fastcgi_pass 11.100.40.124:9000;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;

include /etc/nginx/fastcgi_params;

root /web/phps/;

 

add_header X-Via $upstream_addr;

add_header X-Cache $upstream_cache_status;

}

 

7、编辑fascgi传递参数

# vim /etc/nginx/fastcgi_params

 

fastcgi_param GATEWAY_INTERFACE CGI/1.1;

fastcgi_param SERVER_SOFTWARE nginx;

fastcgi_param QUERY_STRING $query_string;

fastcgi_param REQUEST_METHOD $request_method;

fastcgi_param CONTENT_TYPE $content_type;

fastcgi_param CONTENT_LENGTH $content_length;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

 

fastcgi_param SCRIPT_NAME $fastcgi_script_name;

fastcgi_param REQUEST_URI $request_uri;

fastcgi_param DOCUMENT_URI $document_uri;

fastcgi_param DOCUMENT_ROOT $document_root;

fastcgi_param SERVER_PROTOCOL $server_protocol;

 

fastcgi_param REMOTE_ADDR $remote_addr;

fastcgi_param REMOTE_PORT $remote_port;

fastcgi_param SERVER_ADDR $server_addr;

fastcgi_param SERVER_PORT $server_port;

fastcgi_param SERVER_NAME $server_name;

 

测试php看是否成功

 

8、安装mysql

(1)下载解压mysql

# wget http://mirrors.tuna.tsinghua.edu.cn/mariadb//mariadb-5.5.54/bintar-linux-x86_64/mariadb-5.5.54-linux-x86_64.tar.gz -c

# tar xf mariadb-5.5.54-linux-x86_64.tar.gz -C /usr/local/

# cd /usr/local/

# mkdir -pv /mydata/data

# groupadd -r mysql

# useradd -r mysql -g mysql

# chown mysql:mysql /mydata -R

# ln -sv mariadb-5.5.54-linux-x86_64 mysql

# cd mysql

(2)创建初始化数据库：

# scripts/mysql_install_db –user=mysql –datadir=/mydata/data/

(3)提供启动脚本：

# cp support-files/mysql.server /etc/rc.d/init.d/mysqld

# chkconfig –add mysqld

# chkconfig mysqld on

(4)提供配置文件

# mkdir -pv /etc/mysql

# cp support-files/my-large.cnf /etc/mysql/my.cnf

(5)编辑配置文件：

# vim /etc/mysql/my.cnf

在[mysqld]段加入

datadir = /mydata/data

innodb_file_per_table = on

skip_name_resolve = on

(6)配置man文档

# vim /etc/man.config

MANPATH /usr/local/mysql/man/man

(7)导入mysql头文件

# ln -sv /usr/local/mysql/include /usr/include/mysql

(8)增加环境变量

# vim /etc/profile.d/mysql.sh

export PATH=”/usr/local/mysql/bin/:${PATH}”

# yum -y install mysql

(9)初始化wordpress数据库

mysql> use msyql;

mysql> create database wordpress;

mysql> grant all privileges on wordpress to ‘wordpress’@’11.100.40.124’ identified by ‘cisco’;

 

9、重新编译fpm-php支持mysql

 

# cd /root/php-5.6.30

./configure –prefix=/usr/local/php \

–with-mysql –with-mysqli –with-pdo-mysql \

–with-openssl \

–enable-mbstring \

–enable-sysvshm \

–with-freetype-dir –with-jpeg-dir –with-png-dir \

–with-zlib-dir –with-libxml-dir=/usr –enable-xml \

–with-mhash –with-mcrypt \

–enable-sockets –enable-fpm \

–with-config-file-path=/etc/ –with-config-file-scan-dir=/etc/php.d/ \

–with-bz2 –with-curl

 

# make -j 4 && make install

配置启动脚本

# cp sapi/fpm/init.d.php-fpm /etc/rc.d/init.d/php-fpm

按实际情况修改：

# vim /etc/rc.d/init.d/php-fpm

php_fpm_BIN=/usr/local/php/sbin/php-fpm

php_fpm_CONF=/etc/php/php-fpm.conf

php_fpm_PID=/var/run/php-fpm.pid

# chmod +x /etc/rc.d/init.d/php-fpm

# chkconfig –add php-fpm

# chkconfig php-fpm on

 

创建配置文件：

# mkdir -pv /etc/php/

# cp php.ini-production /etc/php/php.ini

# cp /usr/local/php/etc/php-fpm.conf.default /etc/php/php-fpm.conf

# vim /etc/php/php-fpm.conf

启用如下选项：

pm.max_children = 50

pm.start_servers = 5

pm.min_spare_servers = 2

pm.max_spare_servers = 8

pid = /var/run/php-fpm.pid

user = nginx

group = nginx

listen = 11.100.40.124:9000

 

10、安装x-cache

i.安装xcache

# wget http://xcache.lighttpd.net/pub/Releases/3.2.0/xcache-3.2.0.tar.gz

# tar -xf xcache-3.2.0.tar.gz

# cd xcache-3.2.0

# /usr/local/php/bin/phpize

# ./configure –enable-xcache –with-php-config=/usr/local/php/bin/php-config

# make && make install

 

ii. 编辑php.ini，整合php和xcache：

首先将xcache提供的样例配置导入php.ini

# cp xcache.ini /etc/php.d/

 

# vim /etc/php/xcache.ini

extension = /usr/local/php/lib/php/extensions/no-debug-non-zts-20121212/xcache.so

 

11、nginx性能优化

# vim /etc/sysctl.conf

net.ipv4.ip_forward = 0

net.ipv4.conf.default.rp_filter = 1

net.ipv4.conf.default.accept_source_route = 0

kernel.sysrq = 0

kernel.core_uses_pid = 1

net.ipv4.tcp_syncookies = 1

kernel.msgmnb = 65536

kernel.msgmax = 65536

kernel.shmmax = 68719476736

kernel.shmall = 4294967296

net.ipv4.tcp_max_tw_buckets = 6000

net.ipv4.tcp_sack = 1

net.ipv4.tcp_window_scaling = 1

net.ipv4.tcp_rmem = 4096 87380 4194304

net.ipv4.tcp_wmem = 4096 16384 4194304

net.core.wmem_default = 8388608

net.core.rmem_default = 8388608

net.core.rmem_max = 16777216

net.core.wmem_max = 16777216

net.core.netdev_max_backlog = 262144

net.core.somaxconn = 262144

net.ipv4.tcp_max_orphans = 3276800

net.ipv4.tcp_max_syn_backlog = 262144

net.ipv4.tcp_timestamps = 0

net.ipv4.tcp_synack_retries = 1

net.ipv4.tcp_syn_retries = 1

net.ipv4.tcp_tw_recycle = 1

net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_mem = 94500000 915000000 927000000

net.ipv4.tcp_fin_timeout = 1

net.ipv4.tcp_keepalive_time = 30

net.ipv4.ip_local_port_range = 1024 65000

 

# sysctl -p

# ulimit -n 65535

 

12、主配置文件参数

user nginx nginx;

pid /var/run/nginx/nginx.pid;

worker_rlimit_core 1G;

worker_rlimit_nofile 65535;

 

worker_processes 3;

worker_cpu_affinity 0001 0010 0100;

timer_resolution 1000ms;

worker_priority -10;

 

lock_file /var/lock/nginx.lock;

daemon on;

error_log /var/log/nginx/error.log error;

master_process on;

 

events {

accept_mutex on;

worker_connections 10240;

accept_mutex_delay 500ms;

use epoll;

}

 

 

http {

 

include mime.types;

default_type application/octet-stream;

sendfile on;

keepalive_timeout 65;

include server.conf;

 

tcp_nopush on;

tcp_nodelay off;

types_hash_max_size 2048;

reset_timedout_connection on;

keepalive_requests 100;

 

proxy_buffering on;

proxy_buffer_size 8k;

proxy_buffers 4 64k;

proxy_temp_file_write_size 128k;

proxy_max_temp_file_size 128m;

proxy_busy_buffers_size 128k;

 

client_body_temp_path /var/tmp/client_body_temp 1 2;

proxy_temp_path /var/tmp/proxy_temp 1 2;

proxy_pass_request_body on;

proxy_pass_request_headers on;

 

client_max_body_size 20m;

client_body_buffer_size 256k;

ignore_invalid_headers on;

server_names_hash_max_size 256;

server_names_hash_bucket_size 64;

client_header_buffer_size 8k;

large_client_header_buffers 4 32k;

connection_pool_size 256;

request_pool_size 64k;

 

fastcgi_connect_timeout 300;

fastcgi_send_timeout 300;

fastcgi_read_timeout 300;

fastcgi_buffer_size 64k;

fastcgi_buffers 4 64k;

fastcgi_busy_buffers_size 128k;

fastcgi_temp_file_write_size 128k;

fastcgi_cache_path /cache/nginx/fastcgi_cache levels=1:2 keys_zone=test_fastcgi:100M inactive=5m;

fastcgi_temp_path /tmp/wpcache/temp;

fastcgi_cache_key “$scheme$request_method$host$request_uri”;

 

 

 

error_page 404 /404.html;

error_page 500 502 504 /50x.html;

error_page 503 =200 /empty.gif;

 

gzip on;

gzip_http_version 1.1;

gzip_vary on;

gzip_proxied any;

gzip_min_length 1024;

gzip_comp_level 6;

gzip_buffers 16 8k;

gzip_proxied expired no-cache no-store private auth no_last_modified no_etag;

gzip_types text/plain application/x-javascript text/css application/xml application/json;

gzip_disable “MSIE [1-6]\.(?!.*SV1)”;

 

proxy_cache_path /cache/nginx/ levels=1:2:2 keys_zone=map:100m inactive=10m;

 

 

 

log_format main ‘$server_addr $remote_addr [$time_local] $msec+$connection ‘

‘”$request” $status $connection $request_time $body_bytes_sent “$http_referer” ‘

‘”$http_user_agent” “$http_x_forwarded_for”‘;

access_log /var/log/nginx/access.log main;

 

upstream dynamic {

ip_hash;

server 11.100.40.124 weight=2 max_fails=3 fail_timeout=1s;

keepalive 8;

}

 

upstream static {

least_conn;

server 11.100.46.7 weight=2 max_fails=3 fail_timeout=1s;

server 11.100.46.4 max_fails=3 fail_timeout=1s;

}

 

upstream images {

least_conn;

server 11.100.46.9 weight=2 max_fails=3 fail_timeout=1s;

}

 

 

 

}

 

 

13、server.conf

server {

listen 172.16.31.124:80;

server_name 172.16.31.124;

 

location / {

proxy_pass http://static;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

#health_check;

 

add_header X-Via $upstream_addr;

add_header X-Cache $upstream_cache_status;

proxy_cache map;

 

proxy_cache_valid 200 302 10m;

#缓存状态码为：200 302 10分钟；

proxy_cache_valid 301 1h;

#缓存状态码为：301的一小时；

proxy_cache_valid any 1m;

#缓存其它的1分钟；

proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504 http_403 http_404;

#为情况，可以使用过期缓存。

proxy_cache_revalidate on;

#缓存到期后重新检查后，重新启用；

proxy_cache_min_uses 1;

#请求最小一次就缓存；

proxy_cache_methods GET HEAD;

#缓存方法为GET HEAD的；

}

 

location ~*\.()$ {

proxy_pass http://images;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

 

add_header X-Via $upstream_addr;

add_header X-Cache $upstream_cache_status;

 

}

 

 

location ~ \.php$ {

index index.php index.html index.htm;

fastcgi_pass 11.100.40.124:9000;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;

include /etc/nginx/fastcgi_params;

root /web/phps/;

 

add_header X-Via $upstream_addr;

add_header X-Cache $upstream_cache_status;

 

fastcgi_cache test_fastcgi;

fastcgi_cache_valid 200 302 1h;

fastcgi_cache_valid 301 1d;

fastcgi_cache_valid any 1m;

}

location /wordpress/ {

index index.php index.html index.htm;

fastcgi_pass 11.100.40.124:9000;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;

include /etc/nginx/fastcgi_params;

root /web/phps/;

 

fastcgi_cache test_fastcgi;

fastcgi_cache_valid 200 302 1h;

fastcgi_cache_valid 301 1d;

fastcgi_cache_valid any 1m;

}

}

 

 

 

 

14、打开php错误日志

 

(1)修改php-fpm.conf中配置 没有则增加

catch_workers_output = yes

error_log = /var/log/php/php-fpm.log

 

 

(2)修改php.ini中配置，没有则增加

log_errors = On

error_log = “/var/log/php/php-fpm.log”

error_reporting=E_ALL&~E_NOTICE

 

 

(10)测试fascgi连接mysql