|
生产场景:nginx实战安装
一、准备环境:
1.1 操作系统:centos 6、7
安装常用软件
yum install tree telnet dos2unix sysstat lrzsz nc nmap zip unzip -y 1.2 官网下载ngnx源码包nginx-1.12.2.tar.gz,并隐藏nginx版本号和修改nginx软件名
下载nginx源码包nginx-1.12.2.tar.gz,并隐藏nginx版本号和修改nginx软件名(此步骤省略)。
二、开始安装nginx
2.1 开始安装nginx并启动测试
####################快速安装nginx#############################
mkdir /server/tools -p
mkdir /application
yum install openssl openssl-devel pcre pcre-devel -y
useradd www -s /sbin/nologin -M
cd /server/tools/
rz -y #上传优化好隐藏nginx版本号和修改nginx软件名字为Tengine的模板或者直接下载官网wget http://nginx.org/download/nginx-1.12.2.tar.gz,建议上传优化好的模板
tar xf nginx-1.12.2.tar.gz
cd nginx-1.12.2
./configure --user=www --group=www --prefix=/application/nginx-1.12.2 --with-http_stub_status_module --with-http_ssl_module
make
make install
ln -s /application/nginx-1.12.2/ /application/nginx
####################快速安装nginx#############################
检查语法并启动nginx
/application/nginx/sbin/nginx -t
/application/nginx/sbin/nginx
[root@web01 nginx-1.12.2]# ps -ef|grep nginx
root 25150 1 0 16:39 ? 00:00:00 nginx: master process /application/nginx-1.12.2 sbin/nginx
www 25151 25150 0 16:39 ? 00:00:00 nginx: worker process
root 25164 16972 0 16:41 pts/0 00:00:00 grep nginx
浏览器打开web02 IP查看是否可以看到nginx主页:
http://10.0.0.8/
测试完成后关闭nginx服务。
/application/nginx/sbin/nginx -s stop 2.2 优化nginx配置文件
2.2.1 优化nginx.conf配置文件
cd /application/nginx/conf/
cp nginx.conf{,.ori}
egrep -v "^$|#" nginx.conf.default >nginx.conf #最小化nginx配置
查看默认配置文件
[root@web01 conf]# cat nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
vim nginx.conf把server标签移除,并在http标签中加入include extra/www.conf;和include extra/status.conf;
[root@web01 conf]# vim nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include extra/www.conf;
#include extra/status.conf;
}
2.2.2 优化www.conf配置文件
增加www.conf目录extra及配置文件www.conf
cd /application/nginx/conf
mkdir extra
[root@web01 extra]# vim extra/www.conf #添加server标签,www1.etiantian.com用于监控www.etiantian.com是否正常
server {
listen 80;
server_name www1.etiantian.com ;
location / {
root html/www;
index index.html index.htm;
}
}
配置完成后,重启nginx生效
/application/nginx/sbin/nginx -t
/application/nginx/sbin/nginx -s reload
2.2.3 优化status.conf配置文件
1) 增加status.conf目录及配置文件
[root@web01 conf]# pwd
/application/nginx/conf
[root@web01-14 conf]# vim extra/status.conf
### status
server {
listen 80;
server_name status.etiantian.com;
access_log off;
location / {
stub_status on;
access_log off;
allow 10.0.0.0/24;
deny all;
}
}
2) 也可以用location的方式实现状态配置,例如在任意一个虚拟主机里面为server标签增加如下配置,例如www.conf的server标签增加
location /nginx_status {
stub_status on;
access_log off;
allow 10.0.0.0/24; #允许IP段访问
deny all; #禁止IP段访问
}
例如放到www.conf的server标签里面
[root@web01 extra]# vim extra/www.conf #添加server标签,www1.etiantian.com用于监控
server {
listen 80;
server_name www.etiantian.com www1.etiantian.com;
location / {
root html/www;
index index.html index.htm;
}
location /nginx_status {
stub_status on;
access_log off;
allow 10.0.0.0/24; #允许IP段访问
deny all; #禁止IP段访问
}
}
3) 配置完成后重启nginx让配置生效
/application/nginx/sbin/nginx -t
/application/nginx/sbin/nginx -s reload
4)浏览器访问status.etiantian.com查看状态
2.3 增加日志文件
2.3.1 增加错误日志和访问日志
增加错误日志error_log可以在nginx.conf中添加,也可以在www.conf中添加。
error_log logs/error.log; log_format用来定义访问日志的格式,在http标签中添加
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main; #访问日志不建议全局添加,所以注释了。
[root@web01 ~]# vim /application/nginx/conf/nginx.conf
worker_processes 1;
error_log logs/error.log; #增加错误日志
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#add log
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
keepalive_timeout 65;
include extra/www.conf;
include extra/status.conf;
}
在www.conf的server标签中增加 access_log logs/access_www.log main;即可
如果是高并发访问日志加access_log logs/access_www.log main gzip buffer=32k flush=5s;经过验证加此项访问日志会出现乱么,暂时未找到乱么原因。
[root@web01 conf]# vim extra/www.conf
server {
listen 80;
server_name www1.etiantian.com ;
location / {
root html/www;
index index.html index.htm;
}
access_log logs/access_www.log main;
#access_log logs/access_www.log main gzip buffer=32k flush=5s;
#access_log off;
}
配置完成后,重启nginx生效
/application/nginx/sbin/nginx -t
/application/nginx/sbin/nginx -s reload
查看日志:
[root@web01 logs]# pwd
/application/nginx/logs
[root@web01 logs]# tailf access_www.log
在linux客户端机器上面
curl www.etiantian.com或者curl -I www.etaintian.com 然后就出现了访问日志
[root@web01 logs]# tailf access_www.log
121.76.16.231 - - [11/Aug/2018:16:22:33 +0800] "GET / HTTP/1.1" 200 6002 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" "112.74.36.43"
121.25.115.6 - - [11/Aug/2018:16:22:34 +0800] "GET / HTTP/1.1" 200 6002 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" "112.74.36.43"
121.76.16.225 - - [11/Aug/2018:16:22:34 +0800] "GET / HTTP/1.1" 200 6002 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" "112.74.36.43"
121.76.16.232 - - [11/Aug/2018:16:22:35 +0800] "GET / HTTP/1.1" 200 6002 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" "112.74.36.43"
2.3.2 切割访问日志
1)写切割脚本
mkdir /server/scripts -p
mkdir /data/backup/logs -p
cd /server/scripts/
[root@web01 scripts]# vim cut_nginx_log.sh
#!/bin/bash
Dateformat=`date +%Y%m%d -d "-1 day"`
Basedir="/application/nginx"
Nginxlogdir="$Basedir/logs"
Logname="access_www"
Backuplogdir="/data/backup/logs"
[ -d $Nginxlogdir ] && cd $Nginxlogdir||exit 1
[ -f ${Logname}.log ]||exit 1
/bin/mv ${Logname}.log ${Backuplogdir}/${Dateformat}_${Logname}.log
$Basedir/sbin/nginx -s reload
2)定时任务,每天凌晨00:00执行切割脚本
[root@web01 scripts]# crontab -e
#creat by jeremy 2018-06-28
*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1
00 00 * * * /bin/sh /server/scripts/cut_nginx_log.sh >/dev/null 2>&1
查看定时任务
[root@web01 scripts]# crontab -l
#creat by jeremy 2018-06-28
*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1
00 00 * * * /bin/sh /server/scripts/cut_nginx_log.sh >/dev/null 2>&1
查看定时任务效果
[root@web01 logs]# ll /data/backup/logs/
total 8
-rw-r--r-- 1 root root 0 Aug 11 16:49 20180810_access_www.log
-rw-r--r-- 1 root root 8135 Aug 11 16:27 20180811_access_www.log
|
|
|
|
|
|
|