1、下载nginx
从官方下载稳定版本的nginx,建议不要下载最新版本。
http://nginx.org/download/nginx-1.20.2.tar.gz
# 下载nginx
wget http://nginx.org/download/nginx-1.20.2.tar.gz
2、Linux内核优化
## Linux内核优化
cat >> /etc/security/limits.conf << EOF
* soft nofile 65536
* hard nofile 65536
* soft nproc 65536
* hard nproc 65536
* soft memlock unlimitea
* hard memlock unlimited
EOF
cat >> /etc/sysctl.conf << EOF
##安装k8s时:net.ipv4.ip_forward = 1
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 10000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 30
net.ipv4.ip_local_port_range = 1024 65535
EOF
sysctl -p
3、安装nginx
# 下载nginx
wget http://nginx.org/download/nginx-1.20.2.tar.gz
tar -xzvf nginx-1.20.2.tar.gz -C /root/
# 安装依赖
yum -y install gcc-c++ pcre-devel pcre openssl-devel unzip.x86_64 zip.x86_64 patch
编译安装nginx
cd /root/nginx-1.20.2/
./configure --prefix=/usr/local/nginx --with-stream --with-stream=dynamic --with-http_sub_module --with-http_stub_status_module --modules-path=/usr/local/nginx/modules --with-http_ssl_module --with-poll_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_realip_module --with-http_dav_module --with-threads --with-pcre
make && make install
# make j4 && make install
4、system启动服务nginx
cat > /usr/lib/systemd/system/nginx.service << EOF
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
EOF
5、启动nginx
systemctl daemon-reload
systemctl restart nginx