一、安装nginx1.14,并平滑升级到1.15
在企业中,nginx服务必须时时出于开启状态,即使想要更新文件,那么也需要再线的更新,这就是平滑升级、热部署的意思。
1、首先安装1.142版本的nginx
1)解压包,修改配置文件
tar zxf nginx-1.14.2.tar.gz
cd nginx-1.14.2
ls
vim auto/cc/gcc
修改如下
171 # debug
172 #CFLAGS="$CFLAGS -g"
2)安装依赖软件,编译环境,编译,安装
yum install gcc pcre-devel zlib-devel -y
./configure --prefix=/usr/local/nginx
make && make install
3)启动nginx,查看进程号
发现有两个nginx的进程一个是master进程,一个是worker进程,master是主进程,用来派生worker进程,worker进程是实际工作的进程。
[root@server1 sbin]# ps -ef | grep nginx
root 4632 1 0 11:08 ? 00:00:00 nginx: master process ./nginx
nobody 4633 4632 0 11:08 ? 00:00:00 nginx: worker process
root 4638 2041 0 11:11 pts/0 00:00:00 grep --color=auto nginx
查看版本号
[root@server1 sbin]# ./nginx -v
nginx version: nginx/1.14.2
查看编译这个版本所添加的模块
[root@server1 sbin]# ./nginx -V
nginx version: nginx/1.14.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC)
configure arguments: --prefix=/usr/local/nginx
2、编译nginx1.15版本,并复制二进制文件
1)解压包,修改配置文件
tar zxf nginx-1.15.8.tar.gz
2)编译环境,编译(不安装)
./configure --prefix=/usr/local/nginx/
make
3)备份1.142的启动二进制文件
cd /usr/local/nginx/sbin/
cp nginx nginx.back
4)复制配置文件
cd ~/nginx-1.15.8/objs/ ##nginx编译后的文件在这里,里面有二进制启动文件,模块
cp nginx /usr/local/nginx/sbin/ -f
3、nginx1.15平滑升级热部署
1)首先升级前的状态
有两个nginx1.42打开的master和worker
[root@server1 objs]# ps -ef | grep nginx
root 4632 1 0 11:08 ? 00:00:00 nginx: master process ./nginx
nobody 4633 4632 0 11:08 ? 00:00:00 nginx: worker process
root 7160 2041 0 11:41 pts/0 00:00:00 grep --color=auto nginx
2)启动新的nginx进程
启动新的maskter和worker进程(是由nginx1.15启动的)
[root@server1 objs]# kill -USR2 4632
[root@server1 objs]# ps -ef | grep nginx
root 4632 1 0 11:08 ? 00:00:00 nginx: master process ./nginx
nobody 4633 4632 0 11:08 ? 00:00:00 nginx: worker process
root 7161 4632 0 11:44 ? 00:00:00 nginx: master process ./nginx
nobody 7162 7161 0 11:44 ? 00:00:00 nginx: worker process
root 7164 2041 0 11:44 pts/0 00:00:00 grep --color=auto nginx
3)关闭原来的work进程
关闭nginx1.42的worker进程
kill -WINCH 4632
[root@server1 objs]# ps -ef | grep nginx
root 4632 1 0 11:08 ? 00:00:00 nginx: master process ./nginx
root 7161 4632 0 11:44 ? 00:00:00 nginx: master process ./nginx
nobody 7162 7161 0 11:44 ? 00:00:00 nginx: worker process
root 7166 2041 0 11:52 pts/0 00:00:00 grep --color=auto nginx
4)查看版本号,发现已经更新为1.15.8版本
[root@server1 objs]# cd /usr/local/nginx/sbin/
[root@server1 sbin]# ./nginx -v
nginx version: nginx/1.15.8
4.恢复原来1.14nginx
1)恢复二进制文件
cd /usr/local/nginx/sbin/
cp nginx.back nginx -f
2)恢复nginx1.42的worker进程
[root@server1 sbin]# kill -HUP 4632
[root@server1 sbin]# ps -ef | grep nginx
root 4632 1 0 11:08 ? 00:00:00 nginx: master process ./nginx
root 7161 4632 0 11:44 ? 00:00:00 nginx: master process ./nginx
nobody 7162 7161 0 11:44 ? 00:00:00 nginx: worker process
nobody 7186 4632 0 12:49 ? 00:00:00 nginx: worker process
root 7188 2041 0 12:49 pts/0 00:00:00 grep --color=auto nginx
3)断开nginx1.15的worker连接
[root@server1 sbin]# kill -WINCH 7161
[root@server1 sbin]# ps -ef | grep nginx
root 4632 1 0 11:08 ? 00:00:00 nginx: master process ./nginx
root 7161 4632 0 11:44 ? 00:00:00 nginx: master process ./nginx
nobody 7186 4632 0 12:49 ? 00:00:00 nginx: worker process
root 7190 2041 0 12:50 pts/0 00:00:00 grep --color=auto nginx
4)查看nginx的版本号恢复到1.14
[root@server1 sbin]# /usr/local/nginx/sbin/./nginx -v
nginx version: nginx/1.14.2
二、日志的打包
1、其他服务器发送10W条指令
ab -c 10 -n 100000 http://172.25.85.1/index.html
2、发现日志为16M
日志量很大学要每天打包日志
cd /usr/local/nginx/logs/
[root@server1 logs]# du -h access.log
16M access.log
3、打包日志
[root@server1 logs]# date +%F
2019-02-23
[root@server1 logs]# mv access.log `date +%F -d -1day`_access.log ##打包前一天的日志
[root@server1 logs]# ls
2019-02-22_access.log error.log nginx.pid nginx.pid.oldbin
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
为什么df和du出的大小不同?
数据来源不同
df 磁盘大小,通过操作系统检索,
du -sh 文件大小,时时检索
free -m 内存大小
tps 吞吐量: 每秒钟处理的量
并发量:同一时可以处理的命令
nginx作反向代理时,需要除2
最好的测试方法:压力测试
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
三、rehl企业7系统启动脚本的编写
首先,需要关闭nginx
ps ax
kill 4632
kill 7161
kill 7186
1、复制httpd的启动文件
yum install httpd -y
cd /usr/lib/systemd/
ls
cd system
ls
cat httpd.service
scp httpd.service /etc/systemd/system/nginx.service
2、编写nginx的启动文件,并加载
cd /etc/systemd/system/
vim nginx.service
[Unit]
Description=The nginx HTTP Server
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s stop
PrivateTmp=true
[Install]
WantedBy=multi-user.target
systemctl daemon-reload
测试:
[root@server1 system]# systemctl start nginx
Warning: nginx.service changed on disk. Run 'systemctl daemon-reload' to reload units.
[root@server1 system]# systemctl daemon-reload
[root@server1 system]# systemctl start nginx
[root@server1 system]# systemctl status nginx
● nginx.service - The nginx HTTP Server
Loaded: loaded (/etc/systemd/system/nginx.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2019-02-23 13:38:39 CST; 39s ago
Main PID: 7371 (nginx)
CGroup: /system.slice/nginx.service
├─7371 nginx: master process /usr/local/nginx/sbin/nginx
└─7372 nginx: worker process
Feb 23 13:38:39 server1 systemd[1]: Starting The nginx HTTP Server...
Feb 23 13:38:39 server1 systemd[1]: PID file /usr/local/nginx/logs/nginx.pi...t.
Feb 23 13:38:39 server1 systemd[1]: Started The nginx HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.
[root@server1 system]# systemctl stop nginx
[root@server1 system]# systemctl status nginx
● nginx.service - The nginx HTTP Server
Loaded: loaded (/etc/systemd/system/nginx.service; disabled; vendor preset: disabled)
Active: inactive (dead)
四、nginx最大并发数的设置
连接数的限制,取决于三个(三者取最小):
1、内核的限制
2、系统的限制
3、服务硬件的限制
1)服务数量的开启
cd /usr/local/nginx/conf/
vim nginx.conf
events {
worker_connections 1024; ##默认设置为1024
}
2)查看硬件允许数量
这是内核根据系统硬件,提供的也可以认为设定,受到系统pm模块的限制
说明这个参数,取决于电脑的硬件
[root@server1 conf]# sysctl -a |grep file
fs.file-max = 98287 ##取决于cpu
fs.file-nr = 832 0 98287
fs.xfs.filestream_centisecs = 3000
查看资源
3)查看pm模块
vim /etc/pam.d/system-auth
4)添加用户,并修改配置文件
[root@server1 conf]# useradd -M -d /usr/local/nginx -s /sbin/nologin nginx
[root@server1 conf]# id nginx
uid=1000(nginx) gid=1000(nginx) groups=1000(nginx)
vim /usr/local/nginx/conf/nginx.conf
5)修改pm限制
vim /etc/security/limits.conf
fork炸弹(fork bomb)在计算机领域中是一种利用系统调用fork(或其他等效的方式)进行的拒绝服务攻击。与病毒与蠕虫不同的是,fork炸弹没有传染性,而且 fork炸弹会使对同时执行进程、程序数设限的系统无法执行新程序,对于不设限的系统则使之停止响应
五、配置文件的解说
http {
include mime.types; ##包含文件
default_type application/octet-stream; ##默认类型,访问时,默认类型的查看
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on; ##当磁盘发送给应用层时,实现0复制,直接传送给os缓存,由内核完成
#tcpnopush on; ##这两个参数再sendfile开启时候才起作用,一个防止网络阻塞,一个防止磁盘阻塞
##tcp nopush on;
#keepalive_timeout 0;
keepalive_timeout 65; ##超时连接时间的设置,如果65没有操作,断开
#gzip on; ##网页压缩,有压缩大小,压缩级别,压缩类型进行压缩,F12查看文件的大小
六、限制连接量模块
limit_conn_zone $binary_remote_addr zone=addr:10M ##定义10M空间
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
location /download/ {
limit_conn addr 1; ##一次连接一个
limit rate50k;
limit req zone=one burst=5; ##1秒处理1个请求,一次处理五个
}
七、获取真实主机后面的ip
ln -s /usr/local/nginx/sbin/nginx /sbin/ ##软连接
1、编写配置文件
vim /usr/local/nginx/conf/nginx.conf
116 server {
117 listen 80;
118 server_name server1.westos.org;
119
120 location / {
121 return 200;
122 }
123 }
2、本地解析
vim /etc/hosts
server {
listen 80;
server_name server1.westos.org;
location / {
return 200 "client real ip: $remote_addr\n";
}
}
}
测试
[root@server1 system]# curl -I server1.westos.org
HTTP/1.1 200 OK
Server: nginx/
Date: Fri, 22 Feb 2019 01:54:25 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
vim /usr/local/nginx/conf/nginx.conf
nginx -s reload
server {
listen 80;
server_name server1.westos.org;
location / {
return 200 "client real ip: $remote_addr\n";
}
}
[root@server1 system]# curl server1.westos.org
client real ip: 172.25.38.1
3、添加nginx,访问真实ip模块
cd
nginx -v ##查看版本
nginx -V ##查看nginx的编译过程
cd nginx-1.14.2
make clean
./configure --prefix=/usr/local/nginx/ --with-http_realip_module
make
cd objs/
vim ngx_modules.c ##查看模块是否存在
4、复制启动文件
cp nginx /usr/local/nginx/sbin/
5、编写配置文件
vim /usr/local/nginx/conf/nginx.conf
server {
listen 80;
server_name server1.westos.org;
set_real_ip_from 172.25.38.1;
real_ip_header X-Forwarded-For;
real_ip_recursive off; ##off不管真实虚拟,回复最后一个ip
location / {
return 200 "client real ip: $remote_addr\n";
}
}
}
测试
[root@server1 objs]# curl -H "X-Forwarded-For: 1.1.1.1" server1.westos.org
client real ip: 1.1.1.1
[root@server1 objs]# curl -H "X-Forwarded-For: 1.1.1.1,172.25.38.1" server1.westos.org
client real ip: 172.25.38.1
6、编写配置文件
vim /usr/local/nginx/conf/nginx.conf
server {
listen 80;
server_name server1.westos.org;
set_real_ip_from 172.25.38.1;
real_ip_header X-Forwarded-For;
real_ip_recursive on; ##过滤真实ip
location / {
return 200 "client real ip: $remote_addr\n";
}
}
}
测试:
[root@server1 objs]# curl -H "X-Forwarded-For: 1.1.1.1,172.25.38.1" server1.westos.org
client real ip: 1.1.1.1
八、实现方向代理,使得真实主机能访问到真实ip
九、、动态模块编译,缩小图片大小
1、重新编译环境,添加动态模块
cd nginx-1.14.2
make clean
./configure --help | grep real
./configure --help | grep dynamic
yum list gd ##查询图像包
yum install -y ~/gd-devel-2.0.35-26.el7.x86_64.rpm
./configure --prefix=/usr/local/nginx/ --with-http_realip_module --with http_image_filter_module=dynamic
make
2、复制启动二进制文件
cd objs/
ls
nginx -s stop
cp nginx /usr/local/nginx/sbin/nginx
3、复制动态模块
mkdir /usr/local/nginx/modules
cp ngx_http_image_filter_module.so /usr/local/nginx/modules/
4、编写配置文件
cd /usr/local/nginx/conf/
vim nginx.conf
1 load_module modules/ngx_http_image_filter_module.so;
location /download/ {
#limit conn addr 1;
#limit_rate 50k;
#limit req zone=one burst=5;
image_filter resize 100 200; ##在打开和不打开情况下查看文件大小
#autoindex on; ##打开可以访问172.25.38.1/download
}
loaction=url 含义大致相同
5、在发布目录下,放入文件
cd /usr/local/nginx/
ls
cd html/
ls
mkdir download
cd download/
ls
6、重新加载nginx
vim /usr/local/nginx/conf/nginx.conf
nginx -s reload
测试:
关闭状态下,访问172.25.38.1/download,查看图片大小
打开状态下,访问172.25.38.1/download
十、错误出现的网页 errot_page
vim /usr/local/nginx/conf/nginx.conf
error_page 500 502 503 504 /50x.html; ##根据http状态码,访问网页
以不同字母开头代表不同:
100 消息
200 成功
300 重定向
400 请求错误
500 服务器错误
十一、静态图片缓存
1、vim /usr/local/nginx/conf/nginx.conf
location ~ .*\.(jpg|png|css|js)?$ {
expires 30d; ##缓存三十天
}
nginx -s reload
2、查看缓存天数
[root@server1 download]# curl -I 172.25.38.1/download/vim.jpg
HTTP/1.1 200 OK
Server: nginx/
Date: Fri, 22 Feb 2019 05:25:20 GMT
Content-Type: image/jpeg
Content-Length: 453575
Last-Modified: Fri, 22 Feb 2019 03:42:44 GMT
Connection: keep-alive
ETag: "5c6f6fb4-6ebc7"
Expires: Sun, 24 Mar 2019 05:25:20 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
3、修感配置文件
[root@server1 download]# vim /usr/local/nginx/conf/nginx.conf
location ~ .*\.(jpg|png|css|js)?$ {
expires 60d;
[root@server1 download]# nginx -s reload
4、查看缓存天数为60天
[root@server1 download]# curl -I 172.25.38.1/download/vim.jpg
HTTP/1.1 200 OK
Server: nginx/
Date: Fri, 22 Feb 2019 05:26:00 GMT
Content-Type: image/jpeg
Content-Length: 453575
Last-Modified: Fri, 22 Feb 2019 03:42:44 GMT
Connection: keep-alive
ETag: "5c6f6fb4-6ebc7"
Expires: Tue, 23 Apr 2019 05:26:00 GMT
Cache-Control: max-age=5184000
Accept-Ranges: bytes
十二、HTTPS及其重定向
1、编写虚拟主机
1)新建目录,别写发布目录
mkdir /web
cd /web/
vim index.html
web
vim test.html
test
2)编写nginx配置文件
vim /usr/local/nginx/conf/nginx.conf
server {
listen 80;
server_name www.westos.org;
location / {
root /web;
index index.html;
}
nginx -s reload
nginx
测试
需要添加本地解析
vim/etc/hosts
[root@foundation38 kiosk]# vim /etc/hosts
[root@foundation38 kiosk]# curl www.westos.org
web
2、重新编译添加ssl模块
3、
78 cd
79 cd nginx-1.14.2
80 make clean
81 ./configure --help | dynamic
82 ./configure --help | grep dynamic
83 ./configure --help | grep real
84 ./configure --help | grep ssl
85 ./configure --prefix=/usr/local/nginx/ --with-http_image_filter_module=dynamic --with-http_realip_module --with-http_ssl_module
86 yum install openssl-devel -y
87 ./configure --prefix=/usr/local/nginx/ --with-http_image_filter_module=dynamic --with-http_realip_module --with-http_ssl_module
88 make
89 cd objs/
90 ll /usr/local/nginx/modules/
91 cp ngx_http_image_filter_module /usr/local/nginx/modules/
92 cp ngx_http_image_filter_module.so /usr/local/nginx/modules/
93 cp nginx /usr/local/nginx/sbin/
94 nginx -s stop
95 ps ax
96 kill 2085
97 cp nginx /usr/local/nginx/sbin/
98 cd /etc/pki/
99 ls
100 cd tls/
101 ls
102 cd certs
103 ls
104 vim Makefile
105 make cert.pem
106 ls
107 cp cert.pem /usr/local/nginx/conf/
108 vim /usr/local/nginx/conf/nginx.conf
109 nginx
110 curl -I www.westos.org
111 vim /usr/local/nginx/conf/nginx.conf
112 nginx -s reload
113 vim /usr/local/nginx/conf/nginx.conf
114 nginx -s reload
115 vim /usr/local/nginx/conf/nginx.conf
116 nginx -s reload
server {
listen 443 ssl;
server_name www.westos.org;
ssl_certificate cert.pem;
ssl_certificate_key cert.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /web;
index index.html index.htm;
}
}
server {
listen 80;
server_name www.westos.org;
rewrite ^/(.*) https://www.westos.org/$1 permanent;
# location / {
# root /web;
# index index.html;
# }
}
[kiosk@foundation38 ~]$ curl -I www.westos.org
HTTP/1.1 301 Moved Permanently
Server: nginx/
Date: Fri, 22 Feb 2019 06:31:24 GMT
Content-Type: text/html
Content-Length: 179
Connection: keep-alive
Location: https://www.westos.org/
[kiosk@foundation38 ~]$ curl -I www.westos.org/test.html
HTTP/1.1 301 Moved Permanently
Server: nginx/
Date: Fri, 22 Feb 2019 06:31:40 GMT
Content-Type: text/html
Content-Length: 179
Connection: keep-alive
Location: https://www.westos.org/test.html
server {
listen 80;
server_name www.westos.org;
rewrite ^/(.*) https://www.westos.org;
# location / {
# root /web;
# index index.html;
# }
}
[kiosk@foundation38 ~]$ curl -I www.westos.org/test.html
HTTP/1.1 302 Moved Temporarily
Server: nginx/
Date: Fri, 22 Feb 2019 06:33:18 GMT
Content-Type: text/html
Content-Length: 155
Connection: keep-alive
Location: https://www.westos.org
十三、重定向rewrite
百度竞价排名
十四、盗链技术
十五、防盗链技术
大概 每个work链接占用大约424字节
十六、apache和nginx的区别
select(遍历,),epoll(那个数据好了,提示),select,aid,lt,et(只提醒一次)
prefork(一个进程对应一个线程,默认8个),worker(每个进程里面有多个线程,可处理多并发),event
thread :线程池
sendfile(文件系统传输方式):小文件 使用dma技术(减少cpu的操作),
内存映射map(内存共享):
aio 全异步 处理大文件,nginx的aio模块