一、模块说明
Nginx反向代理服务、缓存服务、负载均衡服务。
二、目录结构
三、代码展示 1、files目录 conf.d #其下存放nginx的配置文件,根据环境不同使用不同代码,也可以使用puppet的environments技术,本人暂未研究。 DeployPub #生产环境的配置文件
DeployTest #测试环境的配置文件
test01.conf #nginx虚拟主机配置文件,可以将upstream单独存放一个文件,然后一个server一个文件,后台如10.188.1.11:8888就是你的网站地址了,可用iis\tomcat\apache\php\nginx等等搭建,这就不用说了吧
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
| upstream www{
server 10.188.1.11:8888 weight=5 max_fails=2 fail_timeout=30s;
server 10.188.1.12:8888 weight=5 max_fails=2 fail_timeout=30s;
keepalive 20;
}
server
{
listen 80;
server_name www.ewin.com;
location /
{
proxy_pass http://www;
proxy_next_upstream http_502 http_504 error timeout invalid_header;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location ~ /purge(/.*)
{
allow 10.188.1.0/24;
deny all;
proxy_cache_purge tmpcache $host$1$is_args$args;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|css|html|shtml|htm)$
{
proxy_cache tmpcache;
proxy_cache_valid 200 304 12h;
proxy_cache_valid 301 302 1m;
proxy_cache_valid any 1m;
proxy_cache_key $host$uri$is_args$args;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://web-html;
}
location /nginxstatus {
stub_status on;
access_log off;
allow 10.188.1.0/24;
deny all;
}
access_log /var/log/nginx/www.log main;
}
|
pack #存放相关安装包 nginx_install.sh #nginx安装脚本 1
2
3
4
5
6
| #!/bin/bash
cd /usr/local/src/nginx-1.6.2
make clean
/bin/bash configure --prefix=/usr/local/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx/nginx.pid --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --lock-path=/var/lock/nginx.lock --user=nginx --group=nginx --with-pcre=/usr/local/src/pcre-8.35 --with-zlib=/usr/local/src/zlib-1.2.8 --with-openssl=/usr/local/src/openssl-1.0.1j --with-http_stub_status_module --add-module=/usr/local/src/ngx_cache_purge-2.3 --with-http_perl_module --with-http_realip_module
make
make install
|
说明:编译命令中定义了相关目录、用户等;启用了PCRE(正则匹配)、ZLIB、SSL、STATUS(状态监控)、PURGE(缓存清除插件)、PERL模块、REALIP模块(真实IP) 其中PERL模块用于URL忽略大小写,参考 http://www.cnblogs.com/tommyli/p/3543303.html
2、manifests目录 init.pp 1
2
3
| class nginx{
include nginx::install,nginx::config,nginx::service
}
|
install.pp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
| class nginx::install {
Exec{ path => ['/usr/bin','/usr/sbin','/bin'] }
package { ['perl-devel','perl-ExtUtils-Embed']:
#'perl','pcre','zlib-devel','gcc-c++','gcc','openssl-devel'
#注意:主机安装的其他模块中已有的package不重复,如果只安装本nginx模块,则需要将上面注释的package都加在列表中。
ensure => installed,
before => Exec['install_nginx'],
}
file { '/usr/local/src':
ensure => directory,
source => 'puppet:///modules/nginx/pack',
ignore => '.svn',
owner => root,
group => root,
mode => '0640',
recurse => remote,
before => Exec['install_nginx'],
}
exec { 'pcre':
command => 'tar -zxf pcre-8.35.tar.gz',
cwd => '/usr/local/src',
refreshonly => true,
subscribe => File['/usr/local/src'],
before => Exec['install_nginx'],
}
exec { 'zlib':
command => 'tar -zxf zlib-1.2.8.tar.gz',
cwd => '/usr/local/src',
refreshonly => true,
subscribe => File['/usr/local/src'],
before => Exec['install_nginx'],
}
exec { 'openssl':
command => 'tar -zxf openssl-1.0.1j.tar.gz',
cwd => '/usr/local/src',
refreshonly => true,
subscribe => File['/usr/local/src'],
before => Exec['install_nginx'],
}
exec { 'cache':
command => 'tar -zxf ngx_cache_purge-2.3.tar.gz',
cwd => '/usr/local/src',
refreshonly => true,
subscribe => File['/usr/local/src'],
before => Exec['install_nginx'],
}
exec { 'nginx':
command => 'tar -zxf nginx-1.6.2.tar.gz',
cwd => '/usr/local/src/',
refreshonly => true,
subscribe => File['/usr/local/src'],
before => Exec['install_nginx'],
}
file { '/usr/local/src/nginx_install.sh':
ensure => file,
owner => root,
group => root,
mode => 755,
source => 'puppet:///modules/nginx/nginx_install.sh',
before => Exec['install_nginx'],
}
exec { 'install_nginx':
command => '/bin/bash nginx_install.sh',
cwd => "/usr/local/src",
refreshonly => true,
subscribe => File['/usr/local/src/nginx_install.sh'],
}
}
|
config.pp #$nginx_conf参数用来确认主机使用哪个环境的配置文件,可在foreamen的主机属性里设置,或节点site.pp里设置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
| class nginx::config {
include nginx::config::iptables
group { "nginx":
ensure => present,
before => USER["nginx"],
}
user { "nginx":
ensure => present,
groups => 'nginx',
shell => '/sbin/nologin',
}
file { '/etc/nginx/nginx.conf':
ensure => file,
owner => root,
group => root,
mode => 400,
content => template("nginx/nginx.conf.erb"),
require => Class['nginx::install'],
}
case $nginx_conf {
pub: {
file { '/etc/nginx/conf.d':
ensure => directory,
source => 'puppet:///modules/nginx/conf.d/DeployPub',
ignore => '.svn',
owner => root,
group => root,
mode => '0640',
recurse => remote,
require => Class['nginx::install'],
}
}
test: {
file { '/etc/nginx/conf.d':
ensure => directory,
source => 'puppet:///modules/nginx/conf.d/DeployTest',
ignore => '.svn',
owner => root,
group => root,
mode => '0640',
recurse => remote,
require => Class['nginx::install'],
}
}
}
file { 'nginxd':
path => '/etc/rc.d/init.d/nginxd',
ensure => file,
owner => root,
group => root,
mode => 755,
content => template("nginx/nginxd.erb"),
require => Class['nginx::install'],
}
}
class nginx::config::iptables {
Exec{ path => ['/usr/bin','/usr/sbin','/bin','/sbin'] }
exec { 'open_port_80':
command => 'iptables -I INPUT -p tcp --dport 80 -j ACCEPT',
unless => 'grep "tcp --dport 80" /etc/sysconfig/iptables 2>/dev/null',
notify => Exec['save_port_80'],
}
exec { 'save_port_80':
command => 'service iptables save',
refreshonly => true,
}
}
|
service.pp
1
2
3
4
5
6
7
8
9
| class nginx::service {
service { 'nginxd':
ensure => 'running',
enable => 'true',
hasrestart => 'true',
hasstatus => 'true',
subscribe => Class["nginx::config"],
}
}
|
3、templates目录
nginx.conf.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
| user nginx nginx;
worker_processes 1;
error_log /var/log/nginx/error.log crit;
pid /var/run/nginx/nginx.pid;
worker_rlimit_nofile 1024; #ulimit -n
events
{
use epoll;
worker_connections 1024;
}
http
{
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
#charset utf-8;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 64k;
perl_set $url '
sub {
my $r = shift;
my $re = lc($r->uri);
return $re;
}
';
server_tokens off;
sendfile on;
autoindex on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
#压缩功能
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
#limit_zone crawler $binary_remote_addr 10m;
#缓存功能
#客户端请求的最大的单个文件字节数
client_max_body_size 300m;
#缓冲区代理缓冲用户请求的最大字节数
client_body_buffer_size 128k;
#和后端连接(发起握手)的超时时间
proxy_connect_timeout 600;
#连接成功后等待后端响应的超时时间
proxy_read_timeout 600;
#后端数据回传时间
proxy_send_timeout 600;
#代理请求缓存区保存头信息的块大小
proxy_buffer_size 16k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
#缓存文件路径
proxy_temp_path /usr/local/nginx/proxy_temp;
proxy_cache_path /usr/local/nginx/proxy_cache levels=1:2 keys_zone=tmpcache:200m inactive=1d max_size=2g;
#levels两层HASH目录,缓存区名称为tmpcache,内存缓存20M,1天内没被访问会被删除,硬盘缓存200M
include /etc/nginx/conf.d/*.conf;
}
|
nginxd.erb #nginx服务脚本 service nginxd start
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
| #!/bin/bash
# chkconfig: 35 85 15
# description: nginx is a World Wide Web server.
. /etc/rc.d/init.d/functions
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/usr/sbin/nginx"
prog=$(basename $nginx)
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
lockfile=/var/lock/subsys/nginx
make_dirs() {
# make required directories
user=`nginx -V 2>&1 | grep "configure arguments:" | sed 's/[^*]*--user=\([^ ]*\).*/\1/g' -`
options=`$nginx -V 2>&1 | grep 'configure arguments:'`
for opt in $options; do
if [ `echo $opt | grep '.*-temp-path'` ]; then
value=`echo $opt | cut -d "=" -f 2`
if [ ! -d "$value" ]; then
# echo "creating" $value
mkdir -p $value && chown -R $user $value
fi
fi
done
}
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
make_dirs
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
sleep 1
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
|
四、Foreman配置
导入模块
我这里是以配置组的形式添加给主机了,单个的可以在右下方可用类中点击nginx添加
添加参数:
推送给客户端主机:
完成后查看报告,根据报告做相应调整。
|
QQ群⑧:
窥视卡
雷达卡
发表于 2016-3-24 08:59:15
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡