个人主页

nginx离线安装

3/20/2021 nginx

# nginx 离线安装

规则 nginx 启动进程可以在 conf 里指定 user(user  work;)但是这个只有在用 root 启动的情况有意义, 如果是用其他用户启动的 nginx master 是没有意义的 nginx 会忽略这个配置,如下 nginx warning 所述

nginx: [warn] the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /home/work/app/nginx/conf/nginx.conf:1

结论 1,在非 root 账户下启动时,nignx 的 master 和 worker 进程的 owner 都将是这个账户, 2,在 root 账户下启动时 nignx 的 master 进程是的 owner 是 root,worker 的 owner 在 conf 已配置用户的情况下,owner 是配置的用户,否则将是 nobody,而且也可能导致 nginx 的一些文件的 owner 也是 nobody

# nginx 安装及配置

//进入目录
# cd /root
// 安装openssl  如果不需要https,就不需要装openssl,可跳过
# tar -zxvf openssl-1.1.1.tar.gz
# cd openssl-1.1.1
# ./config && make && make install
// 安装zlib
# cd ..
# tar -zxvf zlib-1.2.11.tar.gz
# cd zlib-1.2.11
# ./configure && make && make install
// 安装prce
# cd ..
# tar -zxvf pcre-8.38.gz
# cd pcre-8.38
# ./configure && make && make install
//安装nginx
# tar -zxvf nginx-1.14.0.tar.gz
# cd nginx-1.14.0
# ./configure --prefix=/usr/local/nginx --with-pcre=../pcre-8.38 --with-zlib=../zlib-1.2.11 --with-openssl=../openssl-1.1.1 --with-poll_module --with-http_stub_status_module --with-http_ssl_module
# make && make install
// 验证nginx安装是否安装完成
# cd /usr/local/nginx
# ./nginx -v

// nginx基本命令
# 启动 进入sbin目录,输入命令 ./nginx
# 停止 ./nginx -s stop
# 重启./nginx -s reload

参考文档 (opens new window)

//如果当前服务器没有安装 gcc,则需要执行以下步骤 1、安装包存放目录:128.0.97.34/tools/gcc-c++-4.8.5.tar.gz

2、 复制安装包到 root 目录下 3、 解压: tar -zxf gcc-c++-4.8.5.tar.gz 4、 进入解压后的文件夹执行命令 rpm -Uvh *.rpm --nodeps –force 5、 查看安装结果: gcc -v 参考文档 (opens new window)

#user caec;
worker_processes 1;

error_log /home/ap/caec/logs/nginx/error.log error;
pid /home/ap/caec/nginx/logs/nginx.pid;

events {
  worker_connections 1024;
}

http {
  include mime.types;
  default_type application/octet-stream;

  log_format main '$remote_addr - $remote_user [$time_local] - $upstream_addr "$request" '
                '$status $body_bytes_sent "$http_referer" '
                '"$http_user_agent" "$http_x_forwarded_for"         $request_time $upstream_response_time';

  access_log /home/ap/caec/logs/nginx/access.log main;
  sendfile on;
  keepalive_timeout 60s;

  client_max_body_size 100M;
  client_body_buffer_size 128k;
  fastcgi_intercept_errors on;

  upstream dynamic {
    server 10.100.67.148:8101;
    server 10.100.67.149:8101;
  }

  server{
    listen 8088;
    server_name localhost;
    location / {
      proxy_set_header            Host $host;
      proxy_set_header            X-real-ip $remote_addr;
      proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
      root /home/ap/caec/caec_static;
      index index.html index.htm;
      if($request_filename ~* .*\.(?:htm|html)$){
         add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
      }
    .}
    location /fincld-acteg/ { proxy_pass http://dynamic; }
    location /param-web/ { proxy_pass http://dynamic; }
    location /acten-web/ { proxy_pass http://dynamic; }
  }
}

为了保证 access.log 和 error.log 大小,需要对 nginx 日志进行按日切割,保留最近一个月的日志,需要由定时任务每日 23 点 59 分执行以下脚本

#!/bin/bash
yesterday=$(date +%d)
LOG_HOME='/home/ap/caec/logs/nginx'
LOG_PATH_BAK=access.${yesterday}.log
LOG_PATH_ERROR_BAK=error.${yesterday}.log
mv ${LOG_HOME}/access.log ${LOG_HOME}/${LOG_PATH_BAK}
mv ${LOG_HOME}/error.log ${LOG_HOME}/${LOG_PATH_ERROR_BAK}
kill -USR1 `cat /home/ap/caec/nginx/logs/nginx.pid`

chmod -R 755 split_nginx_logs.sh
配置nginx日志定时任务
crontab -e
写入
59 23 * * * /home/ap/caec/nginx/logs/split_nginx_logs.sh
保存
运行crontab -l查看配置是否正确

root用户安装启动nginx
tar -zxvf soft/pcre-8.38.tar.gz
cd pcre-8.38
./configure &&make && make install
cd ..
tar -zxvf  soft/zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure &&make && make install
cd ..
tar -zxvf soft/nginx-1.14.0.tar.gz
cd nginx-1.14.0
./configure --prefix=/home/ap/caec/nginx --with-http_stub_status_module --with-pcre=../pcre-8.38 --with-zlib=../zlib-1.2.11
make && make install

普通用户启动nginx
tar -zxvf soft/pcre-8.38.tar.gz
cd pcre-8.38
./configure &&make && make install
cd ..
tar -zxvf  soft/zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure &&make && make install
cd ..
tar -zxvf soft/nginx-1.14.0.tar.gz
cd nginx-1.14.0
./configure --prefix=/home/ap/caec/nginx --with-http_stub_status_module --with-pcre=../pcre-8.38 --with-zlib=../zlib-1.2.11
make && make install
cd /home/ap/caec/
chown -R caec:caec nginx

进入 caec 用户,修改 nginx 配置文件:/home/ap/caec/nginx/conf/nginx.conf

user caec;

worker_processes 1;

error_log /home/ap/caec/nginx/logs/error.log error;

pid /home/ap/caec/nginx/logs/nginx.pid;

events { worker_connections 1024;}

http {

include mime.types;
default_type application/octet-stream;
access_log /home/ap/caec/nginx/logs/access.log;
sendfile on;
keepalive_timeout 60s;

client_max_body_size 100M;
client_body_buffer_size 128k;
fastcgi_intercept_errors on;

upstream dynamic {
server 实际ip:8101 maxfails=1 fail_timeout=40s;
 }

Server {
listen 8088;
server_name localhost;
location / {
proxy_set_header  Host $host;
proxy_set_header  X-real-ip $remote_addr;
proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;

root /home/ap/caec/caec_static;
index index.html index.htm;
if($request_filename ~* .*\.(?:htm|html)$){
add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
}
.}
location /fincld-acteg/ { proxy_pass http://dynamic; }
location /param-weeb/ { proxy_pass http://dynamic; }
location /acten-web/ { proxy_pass http://dynamic; }
 }
}

修改完配置后,进入/home/ap/caec/nginx/sbin 目录,运行./nginx 启动 nginx

访问 ip:8088,出现首页则说明安装成功

Nginx 安装配置 Lua 支持 下载最新的 luajit 和 ngx_devel_kit 以及 lua-nginx-module 解压

tar -zxvf ngx_devel_kit-0.2.19.tar.gz
tar -zxvf lua-nginx-module-0.10.12.tar.gz

编译安装 LuaJIT,即 Lua 及时编译器

tar -zxvf LuaJIT-2.0.4.tar.gz
cd LuaJIT-2.0.4/
make && make install

重新安装 nginx

cd /root/nginx-1.18.0
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --add-module=../ngx_devel_kit-0.2.19/ --add-module=../lua-nginx-module-0.10.13/ --with-pcre=../pcre-8.38 --with-zlib=../zlib-1.2.11
make && make install

在 nginx 配置文件中加上:

lua_shared_dict prometheus_metrics 10M;
lua_package_path "/path/to/nginx-lua-prometheus/?.lua;;";
init_worker_by_lua_block {
  prometheus = require("prometheus").init("prometheus_metrics")
  metric_requests = prometheus:counter(
    "nginx_http_requests_total", "Number of HTTP requests", {"host", "status"})
  metric_latency = prometheus:histogram(
    "nginx_http_request_duration_seconds", "HTTP request latency", {"host"})
  metric_connections = prometheus:gauge(
    "nginx_http_connections", "Number of HTTP connections", {"state"})
}
log_by_lua_block {
  metric_requests:inc(1, {ngx.var.server_name, ngx.var.status})
  metric_latency:observe(tonumber(ngx.var.request_time), {ngx.var.server_name})
}


server {
  listen 9145;
  allow 192.168.0.0/16;
  deny all;
  location /metrics {
    content_by_lua_block {
      metric_connections:set(ngx.var.connections_reading, {"reading"})
      metric_connections:set(ngx.var.connections_waiting, {"waiting"})
      metric_connections:set(ngx.var.connections_writing, {"writing"})
      prometheus:collect()
    }
  }
}

重启

报错如下: 解决:

cd /lib64
ln -s /usr/local/lib/libluajit-5.1.so.2 /lib64/libluajit-5.1.so.2
ll libluajit-5.1.so.2

cd /root/nginx-1.18.0
echo "/usr/local/LuaJIT/lib" >> /etc/ld.so.conf

cd /usr/local/nginx/sbin
./nginx -s reload

nginx 配置文件

#user caec;
worker_processes 1;

error_log /home/ap/caec/logs/nginx/error.log error;
pid /home/ap/caec/nginx/logs/nginx.pid;

events {
  worker_connections 1024;
}

http {
  include mime.types;
  default_type application/octet-stream;

  log_format main '$remote_addr - $remote_user [$time_local] - $upstream_addr "$request" '
                '$status $body_bytes_sent "$http_referer" '
                '"$http_user_agent" "$http_x_forwarded_for"';

  access_log /home/ap/caec/logs/nginx/access.log main buffer=64k;
  sendfile on;
  keepalive_timeout 60s;

  client_max_body_size 100M;
  client_body_buffer_size 128k;
  fastcgi_intercept_errors on;

  upstream dynamic {
server 10.100.67.148:8101;
    server 10.100.67.149:8101;
  }

  server{
    listen 8088;
    server_name localhost;
    location / {
      proxy_set_header            Host $host;
      proxy_set_header            X-real-ip $remote_addr;
      proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
      root /home/ap/caec/caec_static;
      index index.html index.htm;
      if($request_filename ~* .*\.(?:htm|html)$){
         add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
      }
    .}
    location /fincld-acteg/ { proxy_pass http://dynamic; }
    location /param-web/ { proxy_pass http://dynamic; }
    location /acten-web/ { proxy_pass http://dynamic; }
  }
}

nginx IP 漂移

vim  /etc/keepalived/keepalived.conf
# 主配置
global_defs {
   router_id LVS_DEVEL
}
## keepalived 会定时执行脚本并对脚本执行的结果进行分析,动态调整 vrrp_instance 的优先级。如果脚本执行结果为 0,并且 weight 配置的值大于 0,则优先级相应的增加。如果脚本执行结果非 0,并且 weight配置的值小于 0,则优先级相应的减少。其他情况,维持原本配置的优先级,即配置文件中 priority 对应的值。
vrrp_script chk_nginx {
    script "/etc/keepalived/nginx_check.sh" ## 检测 nginx 状态的脚本路径
    interval 2 ## 检测时间间隔
    weight -20 ## 如果条件成立,权重-20
}
## 定义虚拟路由, VI_1 为虚拟路由的标示符,自己定义名称
vrrp_instance VI_1 {
   state MASTER ## 主节点为 MASTER, 对应的备份节点为 BACKUP
   interface eth0 ## 绑定虚拟 IP 的网络接口,与本机 IP 地址所在的网络接口相同, 我的是 eth0
   virtual_router_id 33 ## 虚拟路由的 ID 号, 两个节点设置必须一样, 可选 IP 最后一段使用, 相同的 VRID 为一个组,他将决定多播的 MAC 地址
   priority 100 ## 节点优先级, 值范围 0-254, MASTER 要比 BACKUP 高
   nopreempt ## 优先级高的设置 nopreempt 解决异常恢复后再次抢占的问题
   advert_int 1 ## 组播信息发送间隔,两个节点设置必须一样, 默认 1s
## 设置验证信息,两个节点必须一致
authentication {
   auth_type PASS
   auth_pass 1111 ## 真实生产,按需求对应该过来
}
## 将 track_script 块加入 instance 配置块
track_script {
   chk_nginx ## 执行 Nginx 监控的服务
} #
# 虚拟 IP 池, 两个节点设置必须一样
virtual_ipaddress {
   192.168.50.130 ## 虚拟 ip,可以定义多个
}
}

# vi /etc/keepalived/keepalived.conf
global_defs {
## keepalived 自带的邮件提醒需要开启 sendmail 服务。 建议用独立的监控或第三方 SMTP
   router_id LVS_DEVEL
}
## keepalived 会定时执行脚本并对脚本执行的结果进行分析,动态调整 vrrp_instance 的优先级。如果脚本执行结果为 0,并且 weight 配置的值大于 0,则优先级相应的增加。如果脚本执行结果非 0,并且 weight配置的值小于 0,则优先级相应的减少。其他情况,维持原本配置的优先级,即配置文件中 priority 对应的值。
vrrp_script chk_nginx {
script "/etc/keepalived/nginx_check.sh" ## 检测 nginx 状态的脚本路径
interval 2 ## 检测时间间隔
weight -20 ## 如果条件成立,权重-20
}
## 定义虚拟路由, VI_1 为虚拟路由的标示符,自己定义名称
vrrp_instance VI_1 {
   state MASTER ## 主节点为 MASTER, 对应的备份节点为 BACKUP
   interface eth0 ## 绑定虚拟 IP 的网络接口,与本机 IP 地址所在的网络接口相同, 我的是 eth0
   virtual_router_id 33 ## 虚拟路由的 ID 号, 两个节点设置必须一样, 可选 IP 最后一段使用, 相同的 VRID 为一个组,他将决定多播的 MAC 地址
   priority 100 ## 节点优先级, 值范围 0-254, MASTER 要比 BACKUP 高
   nopreempt ## 优先级高的设置 nopreempt 解决异常恢复后再次抢占的问题
   advert_int 1 ## 组播信息发送间隔,两个节点设置必须一样, 默认 1s
## 设置验证信息,两个节点必须一致
authentication {
   auth_type PASS
   auth_pass 1111 ## 真实生产,按需求对应该过来
}
## 将 track_script 块加入 instance 配置块
track_script {
   chk_nginx ## 执行 Nginx 监控的服务
} #
# 虚拟 IP 池, 两个节点设置必须一样
virtual_ipaddress {
   192.168.50.130 ## 虚拟 ip,可以定义多个
}
}

(2)备配置文件

g# vi /etc/keepalived/keepalived.conf
global_defs {
  router_id LVS_DEVEL
}
vrrp_script chk_nginx {
  script "/etc/keepalived/nginx_check.sh"
  interval 2
  weight -20
}
vrrp_instance VI_1 {
  state BACKUP
  interface eth0
  virtual_router_id 33
  priority 90
  advert_int 1
  authentication {
  auth_type PASS
  auth_pass 1111
}
track_script {
  chk_nginx
}
virtual_ipaddress {
  192.168.50.130
}
}

chmod 755 /etc/keepalived/nginx_check.sh
#!/bin/bash
A=`ps -C nginx --no-header | wc -l`
if [ $A -eq 0 ];then
    /usr/local/nginx/sbin/nginx
    sleep 2
    if [ `ps -C nginx --no-header | wc -l` -eq 0 ];then
        pkill keepalived
    fi
fi

4)启动或者重启keepalived服务
systemctl restart keepalived
Last Updated: 3/20/2021, 5:09:06 PM