編譯環境
- 作業系統
;rhel6.5
- 核心版本
;2.6.32-431.el6.x86_64
- 使用軟體包為
;nginx-1.10.1.tar.gz
- 主機為
;172.25.23.6
-
;hostname:server6.com
- 虛拟機類型:
;kvm
編譯選項:
–prefix=/usr/local/lnmp/nginx
–with-http_ssl_module
–with-http_stub_status_module
- 可能出現的錯誤
Linux 2.6.32-431.el6.x86_64 x86_64
checking for C compiler … not found
./configure: error: C compiler cc is not found
- 解決的辦法:
- 可能出現的錯誤2
./configure: error: the HTTP rewrite module requires the PCRE library.
You can either disable the module by using –without-http_rewrite_module
option, or install the PCRE library into the system, or build the PCRE library
statically from the source with nginx by using –with-pcre= option.
- 解決的辦法
- 可能出現的錯誤3
./configure: error: SSL modules require the OpenSSL library.
You can either do not enable the modules, or install the OpenSSL library
into the system, or build the OpenSSL library statically from the source
with nginx by using –with-openssl= option.
- 解決的辦法
- 執行編譯指令:
[[email protected] nginx-1.10.1]# ./configure \
--prefix=/usr/local/lnmp/nginx \
--with-http_ssl_module \
--with-http_stub_status_module
- 認真檢查
檔案生成的過程沒有錯誤,并且出現:MakeFile
configuration summary
+ using system PCRE library
+ using system OpenSSL library
+ md5: using OpenSSL library
+ sha1: using OpenSSL library
+ using system zlib library
nginx path prefix: "/usr/local/lnmp/nginx"
nginx binary file: "/usr/local/lnmp/nginx/sbin/nginx"
nginx modules path: "/usr/local/lnmp/nginx/modules"
nginx configuration prefix: "/usr/local/lnmp/nginx/conf"
nginx configuration file: "/usr/local/lnmp/nginx/conf/nginx.conf"
nginx pid file: "/usr/local/lnmp/nginx/logs/nginx.pid"
nginx error log file: "/usr/local/lnmp/nginx/logs/error.log"
nginx http access log file: "/usr/local/lnmp/nginx/logs/access.log"
nginx http client request body temporary files: "client_body_temp"
nginx http proxy temporary files: "proxy_temp"
nginx http fastcgi temporary files: "fastcgi_temp"
nginx http uwsgi temporary files: "uwsgi_temp"
nginx http scgi temporary files: "scgi_temp"
- 執行
指令make
- 執行
指令make install
- 配置軟連結,友善進行通路
[[email protected] sbin]# ln -sv /usr/local/lnmp/nginx/sbin/nginx /usr/local/sbin/
`/usr/local/sbin/nginx' -> `/usr/local/lnmp/nginx/sbin/nginx'
- 關閉可能會影響nginx正常通路的服務,這裡是測試環境,生産環境中不建議進行關閉:
root@server6 sbin]# setenforce 0
[root@server6 sbin]# /etc/init.d/iptables stop
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
[root@server6 sbin]# chkconfig iptables off
- 通過浏覽器檢視
的歡迎頁面Nginx
- 由于
工作的使用者是Nginx
,需要添加nobody
使用者nginx
[[email protected] conf]# useradd -u 1000 -d /usr/local/lnmp/nginx/ nginx
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
[[email protected] conf]# id nginx
uid=(nginx) gid=(nginx) groups=(nginx)
- 修改CPU的上限為兩個,啟動多線程,首先需要修改虛拟機的配置,這裡是用的虛拟機是
KVM
- 修改
通過指令CPU
[[email protected] ~]# lscpu
Architecture: x86_64
CPU op-mode(s): -bit, -bit
Byte Order: Little Endian
CPU(s):
On-line CPU(s) list: ,
Thread(s) per core:
Core(s) per socket:
- 修改
的配置檔案Nginx
[root@server6 conf]# vim nginx.conf
user nginx;
worker_processes ;
worker_cpu_affinity ;
- 檢視修改之後的結果
- 修改對于資源的限制
[root@server6 conf]# su - nginx
-bash-$ ulimit -a
core file size (blocks, -c)
data seg size (kbytes, -d) unlimited
scheduling priority (-e)
file size (blocks, -f) unlimited
pending signals (-i)
max locked memory (kbytes, -l)
max memory size (kbytes, -m) unlimited
open files (-n)
pipe size ( bytes, -p)
POSIX message queues (bytes, -q)
real-time priority (-r)
stack size (kbytes, -s)
cpu time (seconds, -t) unlimited
max user processes (-u)
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
- 編輯系統對于資源的限制檔案;
[root@server6 conf]# vim /etc/security/limits.conf
添加:
# End of file
#
nginx - nofile
nginx - nproc
- 再次檢視修改後的資源限制情況
[root@server6 conf]# su - nginx
-bash-$ ulimit -a
core file size (blocks, -c)
data seg size (kbytes, -d) unlimited
scheduling priority (-e)
file size (blocks, -f) unlimited
pending signals (-i)
max locked memory (kbytes, -l)
max memory size (kbytes, -m) unlimited
open files (-n)
pipe size ( bytes, -p)
POSIX message queues (bytes, -q)
real-time priority (-r)
stack size (kbytes, -s)
cpu time (seconds, -t) unlimited
max user processes (-u)
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
- 使用
指令對ab
進行一次測試nginx
[[email protected] Desktop]# ab -n 5000 -c 100 http://172.25.23.6/index.html
This is ApacheBench, Version <$Revision: $>
Copyright Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking (be patient)
Completed requests
Completed requests
Completed requests
Completed requests
Completed requests
Completed requests
Completed requests
Completed requests
Completed requests
Completed requests
Finished requests
Server Software: nginx/
Server Hostname:
Server Port:
Document Path: /index.html
Document Length: bytes
Concurrency Level:
Time taken for tests: seconds
Complete requests:
Failed requests:
Write errors:
Total transferred: bytes
HTML transferred: bytes
Requests per second: [#/sec] (mean)
Time per request: [ms] (mean)
Time per request: [ms] (mean, across all concurrent requests)
Transfer rate: [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect:
Processing:
Waiting:
Total:
Percentage of the requests served within a certain time (ms)
%
%
%
%
%
%
%
%
% (longest request)
- 通過浏覽器檢視
的工作狀态資訊Nginx
[[email protected] nginx]# vim conf/nginx.conf
location /status {
stub_status on;
access_log off;
}
[[email protected] nginx]# nginx -t
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful
- 配置
支援Nginx
的通路方式HTTPS
[[email protected] nginx]# vim conf/nginx.conf
HTTPS server
server {
listen ssl;
server_name server6.com;
ssl_certificate cert.pem;
ssl_certificate_key cert.pem;
ssl_session_cache shared:SSL:m;
ssl_session_timeout m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
- 需要生成密鑰檔案
[[email protected] nginx]# cd /etc/pki/tls/certs/
[[email protected] certs]# ls
ca-bundle.crt ca-bundle.trust.crt make-dummy-cert Makefile renew-dummy-cert
[[email protected] certs]# make cert.pem
umask ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -utf8 -newkey rsa: -keyout $PEM1 -nodes -x509 -days -out $PEM2 -set_serial ; \
cat $PEM1 > cert.pem ; \
echo "" >> cert.pem ; \
cat $PEM2 >> cert.pem ; \
rm -f $PEM1 $PEM2
Generating a bit RSA private key
.....................+++
....................................+++
writing new private key to '/tmp/openssl.HhyS3f'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name ( letter code) [XX]:CN
State or Province Name (full name) []:Shaanxi
Locality Name (eg, city) [Default City]:Xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:server6.com
Email Address []:[email protected]
[[email protected] certs]# mv cert.pem /usr/local/lnmp/nginx/conf/
[[email protected] nginx]# nginx -t
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful
[[email protected] nginx]# nginx -s reload
- 通過浏覽器通過
的方式進行通路HTTPS
- 配置域名主機
[root@server6 nginx]# vim conf/nginx.conf
server {
listen ;
server_name server6.westos.org;
location / {
root /web1;
index index.html;
}
}
server {
listen ;
server_name server6.westos.org;
location / {
root /web2;
index index.html;
}
}
[root@server3 ~]# mkdir /web1
[root@server3 ~]# echo server6.westos.com > /web1/index.html
[root@server3 ~]# chown nginx.nginx /web1/ -R
[root@server3 ~]# mkdir /web2
[root@server3 ~]# echo server6.linux.com > /web2/index.html
[root@server3 ~]# chown nginx.nginx /web2/ -R
[root@server3 ~]# nginx -s reload
- 需要在真機上面配置域名解析,這裡通過
進行配置/etc/hosts
[[email protected] Desktop]# vim /etc/hosts
添加
server6.com server6 server6.linux.org server6.westos.org
- 驗證上述的結果
- 接下來需要兩台主機實作
對Nginx
服務的排程httpd
實驗主機: server3.com 172.25.23.3
實驗主機: server4.com 172.25.23.4
* 首先需要在
以及
server3
server4
上面配置好httpd服務
* server3主機配置
[root@server3 ~]# cat /var/www/html/index.html
<h2>Server Linux Virtual server</h2>
[root@server3 ~]# /etc/init.d/iptables stop
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
[root@server3 ~]# chkconfig iptables off
[root@server3 ~]# setenforce 0
[root@server3 ~]# /etc/init.d/httpd start
Starting httpd: [ OK ]
server4主機配置
[root@server4 ~]# echo server4.com >> /var/www/html/index.html
[root@server4 ~]# setenforce 0
[root@server4 ~]# /etc/init.d/httpd start
Starting httpd: [ OK ]
server6 Nginx主機上面的服務配置
[[email protected] ~]# vim /usr/local/lnmp/nginx/conf/nginx.conf
http {
upstream westos {
server :;
server :;
}
server {
listen ;
server_name server6.westos.org;
location / {
# root /web1;
# index index.html;
proxy_pass http://westos;
}
}
- 可以檢視
對于兩台主機的排程情況Nginx
- 按
重新整理頁面之後,看到的是這個頁面F5
- 在停止某一個節點的服務後,檢視nginx是否會将服務排程到關閉服務的節點上面:
[root@server3 ~]# /etc/init.d/httpd stop
Stopping httpd: [ OK ]
- 再次重新整理之後,看到的仍然是這個頁面;
- 驗證
對于排程過程的影響:weight
- 驗證之前(需要說明一下,為了對比明顯,分别将server3 server4上面的index.html進行修改)
[[email protected] Desktop]# for i in $(seq 10);do curl server6.westos.org ;done
server4.com
server3.com
server4.com
server3.com
server4.com
server3.com
server4.com
server3.com
server4.com
server3.com
- 修改配置檔案,增權重值
weight
[root@server6 ~]# vim /usr/local/lnmp/nginx/conf/nginx.conf
http {
upstream westos {
server .: weight=;
server .:;
}
}
[root@my Desktop]# ssh 172.25.23.6 'nginx -s reload'
- 同樣使用上述的指令進行檢視
[[email protected] Desktop]# for i in $(seq 10);do curl server6.westos.org ;done
server3.com
server4.com
server3.com
server3.com
server4.com
server3.com
server3.com
server4.com
server3.com
server3.com
- 驗證
算法的過程ip_hash
- 修改配置檔案,增加
選項ip_hash
[root@server6 ~]# vim /usr/local/lnmp/nginx/conf/nginx.conf
http {
upstream westos {
ip_hash;
server .: weight=;
server .:;
}
[root@server6 ~]# nginx -s reload
- 使用指令通路,檢視結果
[[email protected] Desktop]# for i in $(seq 10);do curl server6.westos.org ;done
server3.com
server3.com
server3.com
server3.com
server3.com
server3.com
server3.com
server3.com
server3.com
server3.com
- 關閉
上面的server3
服務 ,排程的httpd
算法将失效hash
[[email protected] Desktop]# ssh 172.25.23.3 '/etc/init.d/httpd stop'
X11 forwarding request failed on channel
Stopping httpd: [ OK ]
[[email protected] Desktop]# for i in $(seq 10);do curl server6.westos.org ;done
server4.com
server4.com
server4.com
server4.com
server4.com
server4.com
server4.com
server4.com
server4.com
server4.com
- 驗證
算法,并且将backup
所在的主機作為Nginx
和server3
主機當機後的備用提示節點server4
[root@server6 ~]# yum install httpd -y
nginx已經占用端口,修改httpd為
[root@server6 ~]# vim /etc/httpd/conf/httpd.conf
#Listen 12.34.56.78:80
Listen
[root@server6 ~]# /etc/init.d/httpd start
[root@server6 ~]# echo "the server is testing please try again later" > /var/www/html/index.html
- 修改
的配置檔案,将本機作為備用節點Nginx
http {
upstream westos {
server :;
server :;
server : backup;
}
}
- 停止兩台主機上面的服務,并且檢視備用節點是否正常工作
[[email protected]my Desktop]# ssh 172.25.23.4 '/etc/init.d/httpd stop'
X11 forwarding request failed on channel
Stopping httpd: [ OK ]
[[email protected]my Desktop]# ssh 172.25.23.3 '/etc/init.d/httpd stop'
X11 forwarding request failed on channel
Stopping httpd: [ OK ]
[[email protected]my Desktop]# for i in $(seq 10);do curl server6.westos.org ;done
the server is testing please try again later
the server is testing please try again later
the server is testing please try again later
the server is testing please try again later
the server is testing please try again later
the server is testing please try again later
the server is testing please try again later
the server is testing please try again later
the server is testing please try again later
the server is testing please try again later