|
|
环境:
OS: RHEL 5.4
Nginx IP: 192.168.128.134
Squid_1 IP: 192.168.128.135
Squid_2 IP: 192.168.128.137
Squid_2 IP: 192.168.128.139
Apache IP: 192.168.128.136
网站域名:pic.123.com
软件版本:Nginx 0.8.15
Squid 3.0.STABLE7
Apache 2.2.14
因我们的架构是做一个漫画网站.全都是静态的页面.所以不需要安装php.
开始安装:
Nginx: (192.168.128.134)
1、安装Nginx所需的pcre库, fair组件
#cd /usr/local/src/tarbag
#tar zxvf pcre-7.9.tar.gz -C ../software
#cd ../software/pcre-7.9/
#./configure
#make && make install
#cd ../../tarbag
#tar xvzf gnosek-nginx-upstream-fair-2131c73.tar.gz -C ../software
2、安装Nginx
#tar zxvf nginx-0.8.15.tar.gz -C ../software
#cd ../software/nginx-0.8.15/
#./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --add-module=/usr/local/gnosek-nginx-upstream-fair-2131c73
#make && make install
#cd ../../tarbag
3、创建Nginx日志目录
#mkdir -p /www/nginx/logs
#chmod +w /www/nginx/logs
#chown -R www:www /www/nginx/logs
4、创建Nginx配置文件
①、在/usr/local/nginx/conf/目录中创建nginx.conf文件:
#rm -f /usr/local/nginx/conf/nginx.conf
#vi /usr/local/nginx/conf/nginx.conf
user www www;
worker_processes 8;
error_log /www/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/nginx.pid;
#Specifies the value for maximum file descriptors that can be opened by this process.worker_rlimit_nofile 65535;
events
{
use epoll;
worker_connections 65535;
}
http
{
include mime.types;
default_type application/octet-stream;
keepalive_timeout 120;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
upstream pic.123.com {
server 192.168.128.135:80;
server 192.168.128.137:80;
server 192.168.128.139:80;
}
server
{
listen 80;
server_name pic.123.com;
location / {
proxy_pass http://pic.123.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /NginxStatus {
stub_status on;
access_log on;
auth_basic "NginxStatus";
}
log_format www_123_com '$remote_addr - $remote_user [$time_local] $request '
'"$status" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /www/nginx/logs/www.log www_123_com;
}
}
5、优化Linux内核参数
vi /etc/sysctl.conf
在末尾增加以下内容:
引用
# Add
net.ipv4.tcp_max_syn_backlog = 65536
net.core.netdev_max_backlog = 32768
net.core.somaxconn = 32768
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_tw_recycle = 1
#net.ipv4.tcp_tw_len = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800
#net.ipv4.tcp_fin_timeout = 30
#net.ipv4.tcp_keepalive_time = 120
net.ipv4.ip_local_port_range = 1024 65535
使配置立即生效:
/sbin/sysctl –p
6、nginx开机自动启动的实现:
# vim /etc/init.d/nginx
#!/bin/sh
#chkconfig: 35 85 15
#description: nginx
#function: use this script to stop,start,restart nginx....
#author:lw.yang
nginx_BIN=/usr/local/nginx/sbin/nginx
nginx_CONF=/usr/local/nginx/conf/nginx.conf
nginx_PID=/usr/local/nginx/logs/nginx.pid
nginx_PORT=`/bin/netstat -ntpl |grep nginx |grep 80 |wc -l`
case $1 in
start)
if [ $nginx_PORT = 0 ];then
echo "staring nginx..."
$nginx_BIN
else echo "starting naginx failed,Address already in use..."
exit 2
fi
;;
stop)
echo "stoping nginx..."
if [ -f $nginx_PID ];then
kill -QUIT `cat $nginx_PID`
else echo "nginx is no running...."
fi
;;
status)
if [ -f $nginx_PID ];then
echo "nginx is running..."
else echo "nginx is stop..."
fi
;;
restart)
if [ -f $nginx_PID ];then
kill -HUP `cat $nginx_PID`
else echo "nginx is no running...."
fi
;;
*)
echo "Usage: $0 {start|stop|status|restart}"
exit 1
;;
esac
# chmod +x /etc/init.d/nginx
# chkconfig --add nginx
# chkconfig nginx on
# service nginx start
staring nginx...
Squid安装 (192.168.128.135-137-139)
#cd /usr/local/src/tarbag
#wget http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE7.tar.gz
# groupadd squid
# useradd -g squid -s /sbin/nologin squid
# tar -zxvf squid-3.0.STABLE7.tar.gz –C ../software/
#cd /usr/local/src/software/squid-3.0.STABLE7/
# ./configure --prefix=/usr/local/squid --enable-gnuregex --enable-arp-acl --enable-auth="basic" --enable-basic-auth-helpers="NCSA" --enable-async-io=80 --enable-storeio=ufs --enable-icmp --enable-kill-parent-hack --enable-snmp --disable-ident-lookups --enable-cache-digests --enable-ssl --enable-delay-pools --enable-poll --enable-linux-netfilter --enable-underscore --enable-err-language="Simplify_Chinese" --enable-default-err-languages="Simplify_Chinese"
解释说明:
--prefix=/usr/local/squid //指定安装路径
--enable-arp-acl //这样可以在规则设置中直接通过客户端的MAC地址进行管理,防止客户使用IP欺骗
--enable-async-io=80 //这个主要是设置async模式来运行squid,我的理解是设置用线程来运行squid,如果服务器配置很不错,有1G以上内存,cpu使用SMP的方式的话可以考虑设成160或者更高。如果服务器比较糟糕就根据实际情况设了。另外此项还另cache文件支持aufs
--enable-auth-modules //此编译选项启用认证模块,可以对访问代理用户进行授权。
--enable-cache-digests //使能缓存摘要,本来此项目的是为了在Squid集群服务之间迅速发现缓存对象,这里在本地使用,可以加快请求时,检索缓存内容的速度。
--enable-err-language="Simplify_Chinese" 和--enable-default-err-languages="Simplify_Chinese" //指定出错是显示的错误页面为简体中文
--enable-delay-pools //此选项使能一个延时池,这样能对某些特定的请求限制额定带宽。
--enable-gnuregex //由于Squid大量使用字符串处理做各种判断,加此项能更好处理。
--enable-icmp //加入icmp支持
--disable-ident-lookups //防止系统使用RFC931规定的身份识别方法。
--enable-kill-parent-hack //关掉suqid的时候,要不要连同父进程一起关掉,这个当然要啦
--enable-linux-netfilter //允许使用Linux的透明代理功能。
--enable-poll //应启用Poll()函数而不是select()函数,通常而言poll(轮询)比select要好,但configure(脚本程序)已知Poll在某些平台下失效, 若你认为你比configure编译配置脚本程序要聪明的话,可以用这个选项启用Poll。总之就是用这个可以提升性能就是啦。
--enable-snmp //此选项可以让MRTG使用SNMP协议对服务器的流量状态进行监测,因此必须选择此项,使Squid支持SNMP接口。
--enable-storeio=ufs,null //使用的文件系统通常是默认的ufs,不过如果想要做一个不缓存任何文件的代理服务器,就需要加上null文件系统。
--enable-underscore //允许解析的URL中出现下划先,因为默认squid会认为带下划线的URL地址是非法的,并拒绝访问该地址。
#make && make install
# /usr/local/squid/sbin/squid -z //测试Squid运行状况
# chown -R squid.squid /usr/local/squid/var/
修改squid配置文件
#vim /usr/local/squid/etc/squid.conf
#########一些访问控制的设置##############
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow all
http_access allow localnet
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
icp_access allow localnet
icp_access deny all
htcp_access allow localnet
htcp_access deny all
##### 配置 squid2、squid3 为其邻居,当 squid1 在其缓存中没有找到请求的资源时,通过 ICP 查询去其邻居中取得缓存############
cache_peer s2.766.com sibling 80 3130
cache_peer s3.766.com sibling 80 3130
#### 将pic.123.com 域的请求通过 RR 轮询方式转发到apache节点############
squid1 的父节点,originserver 参数指明是源服务器, round-robin 参数指明 squid 通过轮询方式将请求分发到其中一台父节点; squid 同时会对这些父节点的健康状态进行检查,如果父节点 down 了,那么 squid 会从剩余的 origin 服务器中抓取数据.我们这里只有一个节点.
cache_peer 192.168.128.136 parent 80 0 no-query originserver round-robin name=web1
cache_peer_domain web1 pic.123.com
hierarchy_stoplist cgi-bin
####### 对 squid 的一些优化 ###############
maximum_object_size_in_memory 1024 KB //内存中缓存的最大对象 1024KB
maximum_object_size 10240 KB // 能缓存的最大对象为 10M
cache_mem 64 MB //squid 用于缓存的内存量
#####日志和缓存目录的设置###########
access_log /usr/local/squid/var/logs/access.log squid
cache_log /usr/local/squid/var/logs/cache.log
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|/?) 0 0% 0
refresh_pattern . 0 20% 4320
cache_effective_user squid
cache_effective_group squid
######### 设定 squid 的主机名 , 如无此项 squid 将无法启动
visible_hostname s1.766.com
############# 配置 squid 为加速模式 #################
http_port 80 accel vhost vport
icp_port 3130
coredump_dir /usr/local/squid/var/cache
在hosts添加如下行.让squid能找到其邻居.
#cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
192.168.128.137 s2.766.com
192.168.128.139 s3.766.com
其他两台squid配置跟其一致.只要修改上面标明颜色的地方和/etc/hosts文件即可.
Squid开机自动启动的实现:
# vim /etc/init.d/squid
#!/bin/sh
#chkconfig: 35 85 15
#description: squid
#function: use this script to stop,start,restart squid....
#author:hsf
squid_BIN=/usr/local/squid/sbin/squid
squid_CONF=/usr/local/squid/etc/squid.conf
squid_PID=/usr/local/squid/var/logs/squid.pid
squid_PORT=`/bin/netstat -ntpl |grep squid |grep 80 |wc -l`
case $1 in
start)
if [ $squid_PORT = 0 ];then
echo "staring squid..."
$squid_BIN
else echo "starting squid failed,Address already in use..."
exit 2
fi
;;
stop)
echo "stoping squid..."
if [ -f $squid_PID ];then
kill -QUIT `cat $squid_PID`
else echo "squid is no running...."
fi
;;
status)
if [ -f $squid_PID ];then
echo "squid is running..."
else echo "squid is stop..."
fi
;;
restart)
if [ -f $squid_PID ];then
kill -HUP `cat $squid_PID`
else echo "squid is no running...."
fi
;;
*)
echo "Usage: $0 {start|stop|status|restart}"
exit 1
;;
esac
Apache安装(192.168.128.136)
见apache安装配置文档.
版权声明:本文为博主原创文章,未经博主允许不得转载。 |
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2015-11-19 12:38:55
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡