文章目录
一、学习目标
1、学习安装nginx。
2、做负载均衡。
二、步骤:
1、下载nginx。
我这里下载稳定版本的。
你也可以下载历史版本的。
可以下载好,使用winscp上传,或者直接在服务器上下载:
wget http://nginx.org/download/nginx-1.18.0.tar.gz
2、解压安装:
1)、准备环境:
#c和c++的编译环境
yum install gcc gcc-c++ -y
#安装pcre和zlib
yum install -y pcre-devel
yum install -y zlib-devel
2)、解压:
tar -zxvf nginx-1.18.0.tar.gz
解压完成,然后进入并编译:
cd nginx-1.18.0
./configure --prefix=/opt/nginx
make && make install
3)、启动nginx
cd /opt/nginx/sbin/
./nginx
# 或者
/opt/nginx/sbin/nginx
查看是否启动:
ps -ef |grep nginx
然后使用本地浏览器访问http://服务器公务ip地址:80:
出现下面这个界面代表已经成功。
3、配置反向代理(负载均衡)
假如4个服务器,都配置了nodejs的服务接口,分别是127.0.0.1:8090、127.0.0.1:8091、127.0.0.1:8092和127.0.0.1:8093 这4个地址。打算先用本地这几个服务接口进行模拟多台机器的效果。
我们首先进入nginx配置文件:
vi /opt/nginx/conf/nginx.conf
1)、修改1:
upstream nodejs_pool {
#server 服务ip地址:端口号 weight表示权值,权值越大,被分配的几率越大;
server 127.0.0.1:8090 weight=1;
server 127.0.0.1:8091 weight=1;
server 127.0.0.1:8092 weight=1;
server 127.0.0.1:8093 weight=1;
}
这样我们的负载均衡后台服务就配置好了
2)、修改2:
然后我们需要在server中配置一个location进行监听访问,并转发到我们配置的stream上:
然后保存退出。
3)、完整的修改后文件:
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
#
upstream nodejs_pool {
#server 服务ip地址:端口号 weight表示权值,权值越大,被分配的几率越大;
server 127.0.0.1:8090 weight=1;
server 127.0.0.1:8091 weight=1;
server 127.0.0.1:8092 weight=1;
server 127.0.0.1:8093 weight=1;
}
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
#location / {
# root html;
# index index.html index.htm;
#}
location / {
proxy_pass http://nodejs_pool; #转向nodejs_pool处理
proxy_redirect off;#是否跳转
proxy_set_header Host $host; #请求要转发的host
proxy_set_header X-Real-IP $remote_addr;#请求的远程地址 这些在浏览器的header都可看,不一一解释
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_max_temp_file_size 0;
proxy_connect_timeout 90; #连接前面的服务器超时时间
proxy_send_timeout 90;#请求转发数据报文的超时时间
proxy_read_timeout 90;#读取超时时间
proxy_buffer_size 4k; # 缓冲区的大小
proxy_buffers 4 32k; #
proxy_busy_buffers_size 64k; # #proxy_buffers缓冲区,网页平均在32k以下的
proxy_temp_file_write_size 64k; ##高负荷下缓冲大小(proxy_buffers*2)
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
4、nginx配置服务和开机自启
1)、需要更改:
- nginx执行路径:
将nginx="/usr/sbin/nginx"改为nginx执行程序的路径nginx="/opt/nginx/sbin/nginx" - 配置文件路径改为自己安装位置的路径:
将NGINX_CONF_FILE="/etc/nginx/nginx.conf"改为NGINX_CONF_FILE="/opt/nginx/conf/nginx.conf"
我直接粘过来改好的:
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemon
#
# chkconfig: - 85 15
# description: NGINX is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /etc/nginx/nginx.conf
# config: /etc/sysconfig/nginx
# pidfile: /var/run/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
# nginx="/usr/sbin/nginx"
nginx="/opt/nginx/sbin/nginx"
prog=$(basename $nginx)
# NGINX_CONF_FILE="/etc/nginx/nginx.conf"
NGINX_CONF_FILE="/opt/nginx/conf/nginx.conf"
[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
lockfile=/var/lock/subsys/nginx
make_dirs() {
# make required directories
user=`$nginx -V 2>&1 | grep "configure arguments:.*--user=" | sed 's/[^*]*--user=\([^ ]*\).*/\1/g' -`
if [ -n "$user" ]; then
if [ -z "`grep $user /etc/passwd`" ]; then
useradd -M -s /bin/nologin $user
fi
options=`$nginx -V 2>&1 | grep 'configure arguments:'`
for opt in $options; do
if [ `echo $opt | grep '.*-temp-path'` ]; then
value=`echo $opt | cut -d "=" -f 2`
if [ ! -d "$value" ]; then
# echo "creating" $value
mkdir -p $value && chown -R $user $value
fi
fi
done
fi
}
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
make_dirs
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
sleep 1
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $prog -HUP
retval=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
2)、创建/etc/init.d/nginx
vi /etc/init.d/nginx
将上面修改好的文件复制过来:
然后修改权限:
chmod 775 /etc/init.d/nginx
3)、将/etc/init.d/nginx文件加入chkconfig进行管理
chkconfig --add /etc/init.d/nginx
加入之后我们就可以用service 命令进行nginx的操作了
我的服务器提示让用systemctl来代替service。
systemctl stop nginx
systemctl start nginx
systemctl restart nginx
4)、chkconfig配置nginx为开机自动启动模式
chkconfig --level 3 nginx on
这样就可以开机自启动了。
为了测试是否可以重启后自动开启nginx,我这里登陆阿里云重启下:
等待一会,等重启完成,应该就可以了。
重新登陆之后,发现已经启动nginx了。
5)、如果外网服务访问,关闭防火墙
不过如果关闭防火墙,记得现在访问端口的ip,防止黑客攻击,其实就算有防火墙,还是要限制访问ip,这样能防止黑客攻击。
# 防火墙的状态
sudo systemctl status firewalld
sudo systemctl start firewalld
sudo systemctl stop firewalld
查看防火墙的状态的命令为:sudo systemctl status firewalld。
打开防火墙的方式有两种:
一种是打开后重启会恢复回原来的状态,命令为:sudo systemctl start firewalld;
另一种是打开后重启不会恢复到原来的状态,命令为:sudo systemctl enable firewalld,这种方式输入命令后要重启系统才会生效。
关闭防火墙的方式也有两种,和打开相对应,命令分别为
sudo systemctl stop firewalld
sudo systemctl disable firewalld
关闭防火墙就能访问了。
参考文章:
https://www.cnblogs.com/yzeng/p/9077619.html
https://blog.csdn.net/chenlongjs/article/details/103782042
https://blog.csdn.net/leshami/article/details/78749291
https://blog.csdn.net/weixin_43976137/article/details/86016427
https://www.cnblogs.com/terry-love/p/11552262.html
255
