编译安装nginx并实现反向代理负载均衡和缓存功能

| 分类 linux  | 标签 nginx  反向代理  负载均衡  缓存 

一、编译安装nginx

1、下载

[root@ns1 ~]# wget http://nginx.org/download/nginx-1.10.0.tar.gz

2、解压

[root@ns1 ~]# tar xf nginx-1.10.0.tar.gz
[root@ns1 ~]# cd nginx-1.10.0

3、安装依赖组件

[root@ns1 nginx-1.10.0]# yum install pcre-devel    #url重写需要的组件
[root@ns1 nginx-1.10.0]# yum install zlib-devel    #gzip所依赖组件
[root@ns1 nginx-1.10.0]# yum install openssl-devel        #openssl依赖的组件
[root@ns1 nginx-1.10.0]# groupadd -r nginx           #创建一个nginx系统组
[root@ns1 nginx-1.10.0]# useradd -g nginx -r nginx   #在nginx组中加入nginx用户
[root@ns1 nginx-1.10.0]# id nginx
uid=996(nginx) gid=994(nginx) 组=994(nginx)

4、编译安装

【注意】因为nginx部分模块不支持动态加载,所以需要什么模块一定要提前指定好,淘宝的tengine则支持动态加载模块。

[root@ns1 nginx-1.10.0]# ./configure --prefix=/usr/local/nginx --conf-path=/etc/nginx/nginx.conf --user=nginx --group=nginx --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/lock/nginx.lock --with-http_ssl_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_flv_module --with-http_mp4_module --http-client-body-temp-path=/var/tmp/nginx/client --http-proxy-temp-path=/var/tmp/nginx/proxy --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi
[root@ns1 nginx-1.10.0]# mkdir -pv /var/tmp/nginx/{client,proxy,fastcgi,uwsgi}
[root@ns1 nginx-1.10.0]# make && make install

5、./configure选项说明

[root@ns1 nginx-1.10.0]# ./configure --help

  --help                             print this message            #帮助

  --prefix=PATH                      set installation prefix        #安装路径
  --sbin-path=PATH                   set nginx binary pathname        #主程序安装路径
  --modules-path=PATH                set modules path                #模块安装路径
  --conf-path=PATH                   set nginx.conf pathname        #主配置文件安装路径
  --error-log-path=PATH              set error log pathname        #错误日志路径
  --pid-path=PATH                    set nginx.pid pathname        #pid文件路径
  --lock-path=PATH                   set nginx.lock pathname        #锁文件路径

  --user=USER                        set non-privileged user for    #nginx启动时work进程以什么身份运行
                                     worker processes
  --group=GROUP                      set non-privileged group for    #nginx启动时work进程以什么组运行
                                     worker processes

  --build=NAME                       set build name             #指定编译的名称
  --builddir=DIR                     set build directory        #指定编译的目录
                                                                     #with的是默认没启用的模块,with后启用
                                                                     #without的是默认启动的模块,without后关闭
  --with-select_module               enable select module            #开起select模块
  --without-select_module            disable select module           #关闭select模块
  --with-poll_module                 enable poll module              #开起poll模块
  --without-poll_module              disable poll module             #关闭poll模块

  --with-threads                     enable thread pool support        #启用线程池

  --with-file-aio                    enable file AIO support        #开起文件AIO功能,一般用来提高图片站读i/o操作
  --with-ipv6                        enable IPv6 support                #开起ipv6支持

  --with-http_ssl_module             enable ngx_http_ssl_module        #启用ssl模块
  --with-http_v2_module              enable ngx_http_v2_module        #源自spdy协议,优先请求浏览器最继续的内容
  --with-http_realip_module          enable ngx_http_realip_module    #反向代理时把真实访问ip传给后端
  --with-http_addition_module        enable ngx_http_addition_module    #在页面后添加文本
  --with-http_xslt_module            enable ngx_http_xslt_module        #在响应XML文件时,转为一个或多个XSLT样式
  --with-http_xslt_module=dynamic    enable dynamic ngx_http_xslt_module    #动态的xslt模块
  --with-http_image_filter_module    enable ngx_http_image_filter_module    #开启图片转换功能,依赖 libgd 库,能够对图片进行转换格式,尺寸等
  
  --with-http_image_filter_module=dynamic        #动态的image_filter模块
                                     enable dynamic ngx_http_image_filter_module
  --with-http_geoip_module           enable ngx_http_geoip_module    #开启GeoIP功能,需要geoIP 数据库的支持
  --with-http_geoip_module=dynamic   enable dynamic ngx_http_geoip_module    #动态geoip模块
  --with-http_sub_module             enable ngx_http_sub_module            #sub模块,用来替换相应包指定内容
  --with-http_dav_module             enable ngx_http_dav_module            #开启WebDAV功能,此方法可以开启PUT、DELETE、COPY、MKCOL、MOVE等HTTP方法,建议关闭
  
  --with-http_flv_module             enable ngx_http_flv_module            #流媒体模块
  --with-http_mp4_module             enable ngx_http_mp4_module            #mp4模块
  --with-http_gunzip_module          enable ngx_http_gunzip_module    #开启gzip方式传输模式,能够大大减少带宽消耗
  --with-http_gzip_static_module     enable ngx_http_gzip_static_module    #压缩静态页面的gizp模块
  --with-http_auth_request_module    enable ngx_http_auth_request_module   #基于请求的返回结果来控制用户鉴权
  --with-http_random_index_module    enable ngx_http_random_index_module   #响应用户以 “/” 结尾的请求,并在该目录下随机选择一个文件作为index文件。此模块先于 ngx_http_index_module 被执行
  
  --with-http_secure_link_module     enable ngx_http_secure_link_module    #开启安全链接功能。防盗链用
  --with-http_degradation_module     enable ngx_http_degradation_module    #内存不足时,Nginx将返回204或444给客户端
  --with-http_slice_module           enable ngx_http_slice_module        #开启切片模块,对大文件切片用
  --with-http_stub_status_module     enable ngx_http_stub_status_module    #nginx状态页面模块

  --without-http_charset_module      disable ngx_http_charset_module    #下面都是默认安装的模块,有需要可以关闭
  --without-http_gzip_module         disable ngx_http_gzip_module
  --without-http_ssi_module          disable ngx_http_ssi_module
  --without-http_userid_module       disable ngx_http_userid_module
  --without-http_access_module       disable ngx_http_access_module
  --without-http_auth_basic_module   disable ngx_http_auth_basic_module
  --without-http_autoindex_module    disable ngx_http_autoindex_module
  --without-http_geo_module          disable ngx_http_geo_module
  --without-http_map_module          disable ngx_http_map_module
  --without-http_split_clients_module disable ngx_http_split_clients_module
  --without-http_referer_module      disable ngx_http_referer_module
  --without-http_rewrite_module      disable ngx_http_rewrite_module
  --without-http_proxy_module        disable ngx_http_proxy_module
  --without-http_fastcgi_module      disable ngx_http_fastcgi_module
  --without-http_uwsgi_module        disable ngx_http_uwsgi_module
  --without-http_scgi_module         disable ngx_http_scgi_module
  --without-http_memcached_module    disable ngx_http_memcached_module
  --without-http_limit_conn_module   disable ngx_http_limit_conn_module
  --without-http_limit_req_module    disable ngx_http_limit_req_module
  --without-http_empty_gif_module    disable ngx_http_empty_gif_module
  --without-http_browser_module      disable ngx_http_browser_module
  --without-http_upstream_hash_module
                                     disable ngx_http_upstream_hash_module
  --without-http_upstream_ip_hash_module
                                     disable ngx_http_upstream_ip_hash_module
  --without-http_upstream_least_conn_module
                                     disable ngx_http_upstream_least_conn_module
  --without-http_upstream_keepalive_module
                                     disable ngx_http_upstream_keepalive_module
  --without-http_upstream_zone_module
                                     disable ngx_http_upstream_zone_module

  --with-http_perl_module            enable ngx_http_perl_module    #开起perl模块
  --with-http_perl_module=dynamic    enable dynamic ngx_http_perl_module    #动态perl模块
  --with-perl_modules_path=PATH      set Perl modules path
  --with-perl=PATH                   set perl binary pathname

  --http-log-path=PATH               set http access log pathname    #访问日志路径
  --http-client-body-temp-path=PATH  set path to store                #客户端上传内容临时存放位置,路径不存在则必须先创建
                                     http client request body temporary files
  --http-proxy-temp-path=PATH        set path to store                #作为代理服务器代理内容临时存放位置
                                     http proxy temporary files
  --http-fastcgi-temp-path=PATH      set path to store                #fastcgi协议工作时所需临时目录
                                     http fastcgi temporary files
  --http-uwsgi-temp-path=PATH        set path to store                #uwsgi协议工作时所需临时目录
                                     http uwsgi temporary files
  --http-scgi-temp-path=PATH         set path to store                #scgi协议工作时所需临时目录
                                     http scgi temporary files

  --without-http                     disable HTTP server
  --without-http-cache               disable HTTP cache

  --with-mail                        enable POP3/IMAP4/SMTP proxy module    #开起mail模块
  --with-mail=dynamic                enable dynamic POP3/IMAP4/SMTP proxy module    #开起mail动态模块
  --with-mail_ssl_module             enable ngx_mail_ssl_module
  --without-mail_pop3_module         disable ngx_mail_pop3_module
  --without-mail_imap_module         disable ngx_mail_imap_module
  --without-mail_smtp_module         disable ngx_mail_smtp_module

  --with-stream                      enable TCP/UDP proxy module    #stream模块用于tcp/udp和负载均衡
  --with-stream=dynamic              enable dynamic TCP/UDP proxy module    #动态stream模块
  --with-stream_ssl_module           enable ngx_stream_ssl_module
  --without-stream_limit_conn_module disable ngx_stream_limit_conn_module
  --without-stream_access_module     disable ngx_stream_access_module
  --without-stream_upstream_hash_module
                                     disable ngx_stream_upstream_hash_module
  --without-stream_upstream_least_conn_module
                                     disable ngx_stream_upstream_least_conn_module
  --without-stream_upstream_zone_module
                                     disable ngx_stream_upstream_zone_module

  --with-google_perftools_module     enable ngx_google_perftools_module  #内存管理模块合理调配系统内存资源给服务器
  --with-cpp_test_module             enable ngx_cpp_test_module    #启用ngx_cpp_test_module支持

  --add-module=PATH                  enable external module    #启用外部模块支持
  --add-dynamic-module=PATH          enable dynamic external module    #动态加载外部模块

  --with-cc=PATH                     set C compiler pathname    #用于C编译环境非默认的情况,指向C编译器路径
  --with-cpp=PATH                    set C preprocessor pathname    #指向C预处理路径
  --with-cc-opt=OPTIONS              set additional C compiler options    #设置C编译器参数
  --with-ld-opt=OPTIONS              set additional linker options    #设置连接文件参数
  --with-cpu-opt=CPU                 build for the specified CPU, valid values:    #指定编译的CPU
                                     pentium, pentiumpro, pentium3, pentium4,
                                     athlon, opteron, sparc32, sparc64, ppc64

  --without-pcre                     disable PCRE library usage
  --with-pcre                        force PCRE library usage        #url重写时所需模块,有更强大的正则引擎
  --with-pcre=DIR                    set path to PCRE library sources
  --with-pcre-opt=OPTIONS            set additional build options for PCRE
  --with-pcre-jit                    build PCRE with JIT compilation support

  --with-md5=DIR                     set path to md5 library sources
  --with-md5-opt=OPTIONS             set additional build options for md5
  --with-md5-asm                     use md5 assembler sources

  --with-sha1=DIR                    set path to sha1 library sources
  --with-sha1-opt=OPTIONS            set additional build options for sha1
  --with-sha1-asm                    use sha1 assembler sources

  --with-zlib=DIR                    set path to zlib library sources    gzip
  --with-zlib-opt=OPTIONS            set additional build options for zlib
  --with-zlib-asm=CPU                use zlib assembler sources optimized
                                     for the specified CPU, valid values:
                                     pentium, pentiumpro

  --with-libatomic                   force libatomic_ops library usage
  --with-libatomic=DIR               set path to libatomic_ops library sources

  --with-openssl=DIR                 set path to OpenSSL library sources        #openssl所在位置
  --with-openssl-opt=OPTIONS         set additional build options for OpenSSL

  --with-debug                       enable debug logging

二、启动脚本

[root@ns1 init.d]# vim /etc/init.d/nginx    #编写启动脚本
#! /bin/bash
#
# nginx - this script starts and stops the nginx daemon
#
# chkconfig:   - 85 15
# description:  Nginx is an HTTP(S) server, HTTP(S) reverse \
#               proxy and IMAP/POP3 proxy server
#
# processname: nginx
# config:      /etc/nginx/nginx.conf
# pidfile:     /var/run/nginx/nginx.pid

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0

nginx="/usr/local/nginx/sbin/nginx"    #根据自己的安装位置修改这里
prog=$(basename $nginx)

NGINX_CONF_FILE="/etc/nginx/nginx.conf"    #修改这里

[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx

lockfile=/var/lock/nginx.lock    #修改这里

start() {
    [ -x $nginx ] || exit 5
    [ -f $NGINX_CONF_FILE ] || exit 6
    echo -n $"Starting $prog: "
    daemon $nginx -c $NGINX_CONF_FILE
    retval=$?
    echo
    [ $retval -eq 0 ] && touch $lockfile
    return $retval
}

stop() {
    echo -n $"Stopping $prog: "
    killproc $prog -QUIT
    retval=$?
    echo
    [ $retval -eq 0 ] && rm -f $lockfile
    return $retval
}

restart() {
    configtest || return $?
    stop
    sleep 1
    start
}

reload() {
    configtest || return $?
    echo -n $"Reloading $prog: "
    killproc $nginx -HUP
    RETVAL=$?
    echo
}

force_reload() {
    restart
}

configtest() {
  $nginx -t -c $NGINX_CONF_FILE
}

rh_status() {
    status $prog
}

rh_status_q() {
    rh_status >/dev/null 2>&1
}

case "$1" in
    start)
        rh_status_q && exit 0
        $1
        ;;
    stop)
        rh_status_q || exit 0
        $1
        ;;
    restart|configtest)
        $1
        ;;
    reload)
        rh_status_q || exit 7
        $1
        ;;
    force-reload)
        force_reload
        ;;
    status)
        rh_status
        ;;
    condrestart|try-restart)
        rh_status_q || exit 0
            ;;
    *)
        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
        exit 2
esac
                        
[root@localhost nginx-1.10.0]# chmod 755 /etc/init.d/nginx
[root@localhost nginx-1.10.0]# service nginx restart
#开机启动
[root@localhost nginx-1.10.0]# chkconfig --add nginx
[root@localhost nginx-1.10.0]# chkconfig nginx on
[root@localhost nginx-1.10.0]# chkconfig --list nginx
nginx          	0:关	1:关	2:开	3:开	4:开	5:开	6:关

三、配置2个基于nginx的web

(172.16.22.39)(172.16.22.40)

[root@ns2 ~]# vim /etc/nginx/nginx.conf
user  nginx;    #以哪个用户的身份运行nginx
worker_processes  1;    #运行几个worker进程

error_log  /var/log/nginx/error.log;    #错误日志位置
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

pid        /var/run/nginx/nginx.pid;    #pid文件位置


events {
    worker_connections  1024;    #一个worker进程的最大并发数量
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '        #日志格式
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;    #访问日志位置和应用上面的格式

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;        #持久连接时间

    gzip  on;                #开起gzip压缩

    server {
        listen       80;
        server_name  ns3.xinfeng.com;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   /var/www/html;    #根目录位置
            index  index.html index.htm;    #首页索引文件
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;        #错误页面位置
        location = /50x.html {
            root   html;
        }
}
[root@ns2 ~]# vim /var/www/html/index.html
<h1>ns2.xinfeng.com</h1>
[root@ns2 ~]# service nginx start


[root@ns3 ~]# vim /var/www/html/index.html
<h1>ns3.xinfeng.com</h1>
[root@ns3 ~]# vim /var/www/html/ds.html
<h1>There is ds.</h1>
[root@ns3 ~]# service nginx start

四、配置反向代理,负载均衡,缓存

1、创建缓存目录和修改hosts文件(172.16.22.38)

#创建缓存目录(172.16.22.38),修改hosts文件(全部主机)
[root@ns1 ~]# mkdir -pv /cache/nginx
[root@ns1 ~]# chown nginx:nginx /cache/nginx
[root@ns1 ~]# vim /etc/hosts
172.16.22.38    ns1.xinfeng.com
172.16.22.39    ns2.xinfeng.com
172.16.22.40    ns3.xinfeng.com
#另外两台也要修改

2、修改代理服务器配置文件(172.16.22.38)

[root@ns1 ~]# vim /etc/nginx/nginx.conf
user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log error;

pid        /var/run/nginx/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    proxy_cache_path /cache/nginx/ levels=1:1 keys_zone=mycache:32m;    #缓存路径,1:1表示1级目录下有1个子目录,缓存key名称为mycache后面调用时要用,缓存大小为32m

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    gzip  on;

    upstream xinfengsvr {        #定义一个负载均衡组,组名叫xinfengsvr,下面直接调用组名
        server 172.16.22.39:80 weight=1 max_fails=2 fail_timeout=1;    #权重1,错误2次,每次超时1秒,就算健康状态,检测失败,还可以在后面街上backup将次服务器作为备用服务器
        server 172.16.22.40:80 weight=1 max_fails=2 fail_timeout=1;    #
        }

    server {
        listen       80;
        server_name  ns1.xinfeng.com;

        location / {
            root    /var/www/html;
            index    index.html index.htm;
            proxy_pass   http://xinfengsvr/;    #将对本服务器首页的请求代理至负载均衡组xinfengsvr,以实现负载均衡
            }


        location /index/ {
            proxy_cache mycache;    #调用缓存key为mycahe
            proxy_cache_valid 200 1m;    #返回值为200的缓存1分钟
           #root   /var/www/html;
            proxy_pass http://172.16.22.40/ds.html;    #将url为/index/的代理至ns3.xinfeng.com/ds.html
            proxy_set_header Host $host;        #把客户端真实主机名传递给后端服务器
            proxy_set_header X-Real-IP $remote_addr;    #把客户端真实ip传递给后端服务器
            index  index.html index.htm;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /var/www/html;
        }


    }


}

[root@ns1 ~]# service nginx reload
[root@ns1 ~]# service nginx restart

在把客户端ip发给后端服务器时,apache需要修改httpd.conf

LogFormat "%{X-Real-IP}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

如果是后端nginx,需要修改nginx.conf

--with-http_realip_module    #需要安装时开起此模块
set_real_ip_from   192.168.1.0/24;     #这里是前端代理服务器ip,可以是单个IP或者IP段
set_real_ip_from   192.168.2.1;
real_ip_header     X-Real-IP;

五、查看结果

1、查看缓存结果

[root@ns1 ~]# cd /cache/nginx
[root@ns1 ~]# ls
5
[root@ns1 ~]# ls 5/d/a9c378c70c62b5ed29dac22910c12ad5

2、负载均衡效果

1

3、反向代理效果

2


上一篇     下一篇