手机版
你好,游客 登录 注册 搜索
背景:
阅读新闻

Nginx源码安装、文件模块的修改、访问加密(自定义签名证书)及轮询负载均衡

[日期:2016-10-13] 来源:Linux社区  作者:firelowrie [字体: ]

主机环境 RedHat6.5  64位
实验环境 服务端 ip172.25.29.1    nginx
  服务端 ip 172.25.29.2  apache
  服务端 ip 172.25.29.3  apache
  测试端 ip 172.25.254.29
安装包      nginx-1.10.1.tar.gz
nginx用作反向代理
 
服务端1
1.  安装nginx
1.解压及简单配置
[root@server1 mnt]# yum install gcc -y      #安装gcc
[root@server1 mnt]# tar zxf nginx-1.10.1.tar.gz  #解压nginx压缩包
[root@server1 mnt]# ls
nginx-1.10.1 nginx-1.10.1.tar.gz
[root@server1 mnt]# cd nginx-1.10.1
[root@server1 nginx-1.10.1]# vim auto/cc/gcc    #禁止debug调试
 178 # debug
 179#CFLAGS="$CFLAGS -g"
[root@server1 nginx-1.10.1]# vim src/core/nginx.h  #禁止出现nginx版本号,以保证安全性
 14 #defineNGINX_VER          "nginx/"
 
  2.软件配置(静态)
[root@server1 nginx-1.10.1]# ./configure--prefix=/usr/local/lnmp/nginx --with-http_ssl_module--with-http_stub_status_module
 
如果出现以下错误

[root@server1 nginx-1.10.1]# yum install pcre-devel -y
 
重新配置
[root@server1 nginx-1.10.1]# ./configure--prefix=/usr/local/lnmp/nginx --with-http_ssl_module--with-http_stub_status_module
 
如果出现以下错误

[root@server1 nginx-1.10.1]# yum install openssl-devel -y
 
重新配置
[root@server1 nginx-1.10.1]# ./configure--prefix=/usr/local/lnmp/nginx --with-http_ssl_module--with-http_stub_status_module
 
3.编译、链接、安装
[root@server1 nginx-1.10.1]# make

[root@server1 nginx-1.10.1]# make install


 
2.将nginx作为系统变量,开启nginx
 [root@server1nginx-1.10.1]# cd /usr/local/lnmp/nginx/
[root@server1 nginx]# ls
conf  html  logs sbin
[root@server1 nginx]# ln -s /usr/local/lnmp/nginx/sbin/nginx/usr/local/sbin/  #作软链接将nginx的启动命令作为系统命令
[root@server1 nginx]# nginx -t    #检测
nginx: the configuration file/usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conftest is successful
[root@server1 nginx]# nginx    #打开nginx
[root@server1 nginx]# cd conf/
 
3.配置文件中模块的修改及测试
[root@server1 conf]# useradd -u 900 -d /usr/local/lnmp/nginx/nginx  #创建管理nginx的用户
 
1.修改用户、添加cpu及绑定cpu
[root@server1 conf]# vim nginx.conf
  2 user  nginx;    #修改nginx的用户
  3 worker_processes  2;  #工作进程,两块cpu
  4 worker_cpu_affinity01 10;  #绑定cpu
[root@server1 conf]# nginx -t  #检测
nginx: the configuration file/usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conftest is successful
[root@server1 conf]# nginx -s reload  #重载
 
测试
[root@server1 conf]# ps aux | grep nginx


 
[root@server1 conf]# vim nginx.conf
 13 events {
 14    worker_connections  4096; #支持的最大链接数
 15 }
[root@server1 conf]# nginx -t  #检测
nginx: the configuration file/usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conftest is successful
[root@server1 conf]# nginx -s reload  #重载
 
[root@server1 conf]# vim /etc/security/limits.conf  #系统分配给nginx的
 51 nginx  -      nofile  200
 52 nginx  -      nproc  200
[root@server1 conf]# :() { :|:& };:    #测试 
如果把上面200改成4096,那么系统直接卡死
 
2.查看nginx状态
[root@server4 conf]# vim nginx.conf  #查看nginx状态
 57        location /status {
 58                stub_status on;
 59                access_log off;
 60        }
[root@server1 conf]# nginx -t
nginx: the configuration file/usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conftest is successful
[root@server4 conf]# nginx -s reload
[root@server1 mnt]# yum install httpd -y
 
[root@server1 conf]# vim /etc/httpd/conf/httpd.conf
  136 Listen 8080      #之前nginx监听80端口,httpd就换了端口
[root@server1 conf]# /etc/init.d/httpd start
Starting httpd:                                          [  OK  ]
测试 172.25.29.1/status


 
3.nginx访问加密(自定义签名证书)
在互联网中,如果访问不加密,会导致很多重要信息泄露,所有才有了加密
[root@server4 conf]# vim nginx.conf    #访问加密
101    #
102    server {
103        listen      443 ssl;
104        server_name  localhost;
105
106        ssl_certificate      cert.pem;
107        ssl_certificate_key  cert.pem;
108
109        ssl_session_cache    shared:SSL:1m;
110        ssl_session_timeout  5m;
111
112        ssl_ciphers  HIGH:!aNULL:!MD5;
113        ssl_prefer_server_ciphers  on;
114
115        location / {
116            root  html;
117            index  index.html index.htm;
118        }
119    }
120
[root@server1 conf]# cd /etc/pki/tls/certs/
[root@server1 certs]# make cert.pem    #生成自定义签名证书
umask 77 ; \
    PEM1=`/bin/mktemp/tmp/openssl.XXXXXX` ; \
    PEM2=`/bin/mktemp/tmp/openssl.XXXXXX` ; \
    /usr/bin/openssl req-utf8 -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2-set_serial 0 ; \
    cat $PEM1 >  cert.pem ; \
    echo ""    >> cert.pem ; \
    cat $PEM2 >>cert.pem ; \
    rm -f $PEM1 $PEM2
Generating a 2048 bit RSA private key
..............+++
................+++
writing new private key to '/tmp/openssl.9egbT2'
-----
You are about to be asked to enter information that will beincorporated
into your certificate request.
What you are about to enter is what is called a DistinguishedName or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Shaanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:wen
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname)[]:server1.example.com
Email Address []:root@server1.example.com
[root@server1 certs]# mv cert.pem /usr/local/lnmp/nginx/conf/
[root@server1 certs]# nginx -t
nginx: the configuration file/usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conftest is successful
[root@server1 certs]# nginx -s reload
 
测试 https://172.25.29.1


选择 I Understand the Risks,确认


 
4.虚拟主机
虚拟主机允许从一个httpd服务器同时为多个网站提供服务
[root@server1 certs]# cd /usr/local/lnmp/nginx/conf/
[root@server1 conf]# vim nginx.conf
120    server {
121                listen 80;  #监听端口
122                server_name www.wen.com;  #域名
123
124                location / {
125                        root /web1;    #默认发布目录
126                        index index.html;  #默认发布文件
127                }
128    }
129    server {
130                listen 80;
131                server_name www.mi.com;
132
133                location / {
134                        root /web2;
135                        index index.html;
136                }
137    }
[root@server1 conf]# mkdir /web1 /web2
[root@server1 conf]# vim /web1/index.html
Welcome to www.wen.com
[root@server1 conf]# vim /web2/index.html
Welcome to www.mi.com
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.confsyntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conftest is successful
[root@server1 conf]# nginx -s reload
测试
在测试端的主机里加上域名解析
[root@foundation29 Desktop]# vim /etc/hosts
172.25.29.1 www.wen.comwww.mi.com


 
5.轮询负载均衡
  参数说明: round-robin (默认)
    wegiht :默认为1.weight越大,负载的权重就越大
            backup: 其它所有的非backup机器都down时,才会请求backup机器。所以这台机器压力会最轻
ip_hash:每个请求按访问ip的hash结果分配,这样每个访客固定访问一个后端服务器,可以解决session的问题
 
 [root@server1 conf]# vim nginx.conf
 18 http {
 19        upstream wen {
 20                server 172.25.29.2:80;
 21                server 172.25.29.3:80weight=2;
 22                server 172.25.29.4:8080backup;
 23        }
125    server {
126                listen80;
127                server_name www.wen.com;
128
129                location / {
130                        #root /web1;
131                        #index index.html;
132                        proxy_pass http://wen;   
133                }
134    }
[root@server1 conf]# nginx -t
nginx: the configuration file/usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conftest is successful
[root@server1 conf]# nginx -s reload
[root@server1 conf]# vim /var/www/html/index.html
[root@server1 conf]# /etc/init.d/httpd restart
Stopping httpd:                                          [  OK  ]
Starting httpd:                                          [  OK  ]
 
 
其他两个2,3服务端,测试时要保证其http服务开启且默认访问的首页的路径下要有index.html文件,在文件里要有内容(随便什么都行)
测试
[kiosk@foundation29 ~]$ for i in $(seq 10 );do curl www.wen.com; done
<h1>server3</h1>
<h1>www.westos.org-server2</h1>
<h1>server3</h1>
<h1>server3</h1>
<h1>www.westos.org-server2</h1>
<h1>server3</h1>
<h1>server3</h1>
<h1>www.westos.org-server2</h1>
<h1>server3</h1>
<h1>server3</h1>
[kiosk@foundation29 ~]$ for i in $(seq 10 );do curl www.wen.com; done  当server3 httpd stop 之后
<h1>www.westos.org-server2</h1>
<h1>www.westos.org-server2</h1>
<h1>www.westos.org-server2</h1>
<h1>www.westos.org-server2</h1>
<h1>www.westos.org-server2</h1>
<h1>www.westos.org-server2</h1>
<h1>www.westos.org-server2</h1>
<h1>www.westos.org-server2</h1>
<h1>www.westos.org-server2</h1>
<h1>www.westos.org-server2</h1>
[kiosk@foundation29 ~]$ for i in $(seq 10 );do curl www.wen.com; done  当server2和server3httpd都 stop 之后
<h1>please try again!</h1>
<h1>please try again!</h1>
<h1>please try again!</h1>
<h1>please try again!</h1>
<h1>please try again!</h1>
<h1>please try again!</h1>
<h1>please try again!</h1>
<h1>please try again!</h1>
<h1>please try again!</h1>
<h1>please try again!</h1>
 
[kiosk@foundation29 ~]$ for i in $(seq 10 );do curl www.wen.com; done  当server2 和server3的httpd 都start之后,继续轮询
<h1>www.westos.org-server2</h1>
<h1>www.westos.org-server2</h1>
<h1>server3</h1>
<h1>server3</h1>
<h1>www.westos.org-server2</h1>
<h1>server3</h1>
<h1>server3</h1>
<h1>www.westos.org-server2</h1>
<h1>server3</h1>
<h1>server3</h1>

更多Nginx负载均衡配置相关教程见以下内容

Nginx负载均衡配置说明 http://www.linuxidc.com/Linux/2016-03/129424.htm

Linux下Nginx+Tomcat负载均衡和动静分离配置要点  http://www.linuxidc.com/Linux/2016-01/127255.htm

Docker+Nginx+Tomcat7配置简单的负载均衡  http://www.linuxidc.com/Linux/2015-12/125907.htm

Nginx负载均衡(主备)+Keepalived  http://www.linuxidc.com/Linux/2015-12/126865.htm

使用Nginx作为负载均衡器 http://www.linuxidc.com/Linux/2015-12/125789.htm

使用Nginx简单实现负载均衡  http://www.linuxidc.com/Linux/2016-08/134443.htm

Nginx负载均衡与高可用的实现 http://www.linuxidc.com/Linux/2016-04/130350.htm

Nginx 的详细介绍请点这里
Nginx 的下载地址请点这里

本文永久更新链接地址http://www.linuxidc.com/Linux/2016-10/135976.htm

linux
相关资讯       Nginx源码安装 
本文评论   查看全部评论 (0)
表情: 表情 姓名: 字数

       

评论声明
  • 尊重网上道德,遵守中华人民共和国的各项有关法律法规
  • 承担一切因您的行为而直接或间接导致的民事或刑事法律责任
  • 本站管理人员有权保留或删除其管辖留言中的任意内容
  • 本站有权在网站内转载或引用您的评论
  • 参与本评论即表明您已经阅读并接受上述条款