Tengine 기반 리버스 프록시 상세 구성
28951 단어 tengine
SUSE Linux Enterprise Server 10 SP1 (x86_64)
참고: 모든 패키지는/data/소프트웨어 디렉토리에 배치됩니다.
nginx_tcp_proxy_module:
https://github.com/yaoweibin/nginx_tcp_proxy_module
nginx-hmux-module:
https://github.com/wangbin579/nginx-hmux-module
ngx_cache_purge:
http://labs.frickle.com/files/
#---------------------------------------------------------------------------------------------------------------------------------------------
1. 메모리 관리 라이브러리
# tar -zxvf libunwind-1.0.1.tar.gz
# cd libunwind-1.0.1
# LAGS=-fPIC ./configure --prefix=/usr/local
# make LAGS=-fPIC
# make LAGS=-fPIC install
# tar -zxvf gperftools-2.0.tar.gz
# cd gperftools-2.0
# ./configure --prefix=/usr/local
# make && make install
#---------------------------------------------------------------------------------------------------------------------------------------------
2. 정규 라이브러리
# tar -xvzf pcre-8.32.tar.gz
# cd pcre-8.32
# LAGS=-fPIC ./configure --prefix=/usr/local
# make LAGS=-fPIC
# make LAGS=-fPIC install
#---------------------------------------------------------------------------------------------------------------------------------------------
3. OpenSSL 라이브러리
# tar xvzf openssl-1.0.1g.tar.gz
# cd openssl-1.0.1g
# ./config shared --prefix=/usr/local
# make && make install
#---------------------------------------------------------------------------------------------------------------------------------------------
4. IP 지리적 위치 지정 구성 요소
# tar xvzf GeoIP-latest.tar.gz
# cd GeoIP-1.5.0
# ./configure --prefix=/usr/local
# make && make install
#---------------------------------------------------------------------------------------------------------------------------------------------
5. 관련 디렉터리 생성
# mkdir -p/data/nginx_temp/{nginx_client,nginx_proxy,nginx_fastcgi,nginx_temp,nginx_cache}
# mkdir -p/data/logs/{nginx,web}/data/web/{data,conf}
#---------------------------------------------------------------------------------------------------------------------------------------------
6. Tengine 컴파일 설치
# tar xvzf nginx-hmux-module-1.3.tar.gz
# tar xvzf nginx_tcp_proxy_module-0.4.5.tar.gz
# tar xvzf tengine-1.5.2.tar.gz
# cd tengine-1.5.2
# patch -p1 < ../nginx_tcp_proxy_module-0.4.5/tcp.patch
# ./configure --prefix=/usr/local/nginx\
--lock-path=/var/lock/nginx.lock\
--pid-path=/var/run/nginx.pid\
--error-log-path=/data/logs/nginx/error.log\
--http-log-path=/data/logs/nginx/access.log\
--user=nobody\
--group=nogroup\
--with-pcre=../pcre-8.32\
--with-pcre-opt=-fPIC\
--with-openssl=../openssl-1.0.1g\
--with-openssl-opt=-fPIC\
--with-backtrace_module\
--with-http_stub_status_module\
--with-http_gzip_static_module\
--with-http_realip_module\
--with-http_concat_module=shared\
--with-http_sysguard_module=shared\
--with-http_limit_conn_module=shared\
--with-http_limit_req_module=shared\
--with-http_split_clients_module=shared\
--with-http_footer_filter_module=shared\
--with-http_geoip_module=shared\
--with-http_sub_module=shared\
--with-http_access_module=shared\
--with-http_upstream_ip_hash_module=shared\
--with-http_upstream_least_conn_module=shared\
--with-http_referer_module=shared\
--with-http_rewrite_module=shared\
--with-http_memcached_module=shared\
--with-http_upstream_session_sticky_module=shared\
--with-http_addition_module=shared\
--with-http_xslt_module=shared\
--with-http_image_filter_module=shared\
--with-http_user_agent_module=shared\
--with-http_empty_gif_module=shared\
--with-http_browser_module=shared\
--with-google_perftools_module\
--with-http_map_module=shared\
--with-http_userid_filter_module=shared\
--with-http_charset_filter_module=shared\
--with-http_trim_filter_module=shared\
--with-http_lua_module=shared\
--without-http_fastcgi_module\
--without-http_uwsgi_module\
--without-http_scgi_module\
--without-select_module\
--without-poll_module\
--add-module=../nginx-hmux-module-1.3\
--add-module=../nginx_tcp_proxy_module-0.4.5\
--with-ld-opt='-ltcmalloc_minimal'\
--http-client-body-temp-path=/data/nginx_temp/nginx_client\
--http-proxy-temp-path=/data/nginx_temp/nginx_proxy\
--http-fastcgi-temp-path=/data/nginx_temp/nginx_fastcgi
# make && make install
#---------------------------------------------------------------------------------------------------------------------------------------------
7. Tengine 캐시 플러시 모듈
# cd/data/software
# tar xvzf ngx_cache_purge-2.0.tar.gz
# ./dso_tool --add-module=/data/software/ngx_cache_purge-2.0
#---------------------------------------------------------------------------------------------------------------------------------------------
8. Tengine 구성
# rm -f/usr/local/nginx/html/*.html
# rm -f/usr/local/nginx/conf/*.default
# mkdir/usr/local/nginx/conf/SET
# vim/usr/local/nginx/conf/nginx.conf
user nobody nogroup;
worker_processes auto;
worker_cpu_affinity auto;
error_log /data/logs/nginx/error.log crit;
pid /var/run/nginx.pid;
google_perftools_profiles /var/tmp/tcmalloc;
worker_rlimit_nofile 65535;
dso {
load ngx_http_rewrite_module.so;
load ngx_http_access_module.so;
load ngx_http_concat_module.so;
load ngx_http_limit_conn_module.so;
load ngx_http_limit_req_module.so;
load ngx_http_sysguard_module.so;
load ngx_http_upstream_session_sticky_module.so;
load ngx_http_cache_purge_module.so;
load ngx_http_trim_filter_module.so;
}
events {
use epoll;
worker_connections 10240;
}
http {
server_tokens off;
server_tag off;
autoindex off;
access_log off;
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 10m;
client_body_buffer_size 256k;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
proxy_buffer_size 128k;
proxy_buffers 4 128k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_headers_hash_max_size 1024;
proxy_headers_hash_bucket_size 128;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_temp_path /data/nginx_temp/nginx_temp;
proxy_cache_path /data/nginx_temp/nginx_cache levels=1:2 keys_zone=cache_one:2048m inactive=30m max_size=60g;
# backend web server address pool
include SET/*.conf;
log_format access '$remote_addr - $remote_user [$time_local] "$request"'
'$status $body_bytes_sent "$http_referer"'
'"$http_user_agent" $http_x_forwarded_for';
# system resource overload protect
server {
sysguard on;
sysguard_load load=10.5 action=/loadlimit;
sysguard_mem swapratio=20% action=/swaplimit;
sysguard_mem free=100M action=/freelimit;
location /loadlimit {
return 503;
}
location /swaplimit {
return 503;
}
location /freelimit {
return 503;
}
}
# refuse request server by ipaddr
server {
server_name _;
return 404;
}
# web page cache and proxy setting
include /data/web/conf/*.conf;
}# vim/usr/local/nginx/conf/SET/NORTH1.conf
upstream NORTH1_SERVER_PROXY {
consistent_hash $request_uri;
server 192.168.1.101:80 weight=1;
server 192.168.1.102:80 weight=1;
server 192.168.1.103:80 weight=1;
server 192.168.1.104:80 weight=1;
session_sticky;
check interval=3000 rise=2 fall=5 timeout=1000 type=http;
check_http_send "GET / HTTP/1.0\r
\r
";
check_http_expect_alive http_2xx http_3xx;
}# mkdir -p/data/logs/web/test.qq.com
# vim/data/web/conf/test.qq.com.conf
server {
listen 80;
server_name test.qq.com;
index index.html index.htm index.php;
root /data/nginx_temp/nginx_cache;
access_log on;
trim on;
trim_jscss on;
location / {
proxy_next_upstream http_500 http_502 http_503 http_504 error timeout invalid_header;
proxy_pass http://NORTH1_SERVER_PROXY;
# ,
if (-d $request_filename) {
rewrite ^/(.*)$ http://$host/index.html break;
}
}
location ~ .*\. (php)?$ {
proxy_next_upstream http_500 http_502 http_503 http_504 error timeout invalid_header;
proxy_pass http://NORTH1_SERVER_PROXY;
}
location ~ /purge(/.*) {
allow 127.0.0.1;
allow 192.168.1.0/24;
deny all;
proxy_cache_purge cache_one $host$1$is_args$args;
}
location ~ .*\.(htm|html|js|css|gif|jpg|jpeg|png|bmp|ico|swf|flv)$ {
proxy_next_upstream http_500 http_502 http_503 http_504 error timeout invalid_header;
proxy_cache cache_one;
proxy_cache_valid 200 304 15m;
proxy_cache_valid 301 302 10m;
proxy_cache_valid any 1m;
proxy_cache_key $host$uri$is_args$args;
add_header Ten-webcache '$upstream_cache_status from $host';
proxy_pass http://NORTH1_SERVER_PROXY;
expires 30m;
}
location ~ /\.ht {
deny all;
}
access_log /data/logs/web/test.qq.com/access.log access;
}#---------------------------------------------------------------------------------------------------------------------------------------------
9. Tengine 시작 스크립트
# vim/etc/init.d/nginx
#!/bin/sh
#
# nginx - this script start and stop the nginx daemon
#
# chkconfig: 2345 55 25
# description: Startup script for nginx
# processname: nginx
# config: /usr/local/nginx/conf/nginx.conf
# pidfile: /var/run/nginx.pid
#
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/local/nginx/sbin/nginx
CONFIGFILE=/usr/local/nginx/conf/nginx.conf
PIDFILE=/var/run/nginx.pid
SCRIPTNAME=/etc/init.d/nginx
LOCKFILE=/var/lock/nginx.lock
set -e
[ -x "$DAEMON" ] || exit 0
start() {
echo "Startting Nginx......"
[ -x $DAEMON ] || exit 5
[ -f $CONFIGFILE ] || exit 6
$DAEMON -c $CONFIGFILE || echo -n "Nginx already running!"
[ $? -eq 0 ] && touch $LOCKFILE
}
stop() {
echo "Stopping Nginx......"
MPID=`ps aux | grep nginx | awk '/master/{print $2}'`
if [ "${MPID}X" != "X" ]; then
kill -QUIT $MPID
[ $? -eq 0 ] && rm -f $LOCKFILE
else
echo "Nginx server is not running!"
fi
}
reload() {
echo "Reloading Nginx......"
MPID=`ps aux | grep nginx | awk '/master/{print $2}'`
if [ "${MPID}X" != "X" ]; then
kill -HUP $MPID
else
echo "Nginx can't reload!"
fi
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
stop
sleep 1
start
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|reload|restart}"
exit 3
;;
esac
exit 0# chmod +x/etc/init.d/nginx
# chkconfig --add nginx
# service nginx start
#---------------------------------------------------------------------------------------------------------------------------------------------
10、텐진 건강검진
# mkdir -p/data/web/data/mycheckweb.act.qq.com
# echo "OK">/data/web/data/mycheckweb.act.qq.com/index.html
# echo "너의 인트라넷 IP mycheckweb.act.qq.com">>/etc/hosts
# touch/var/lock/check_web.lock
#vim/data/web/conf/checkweb_for_nginx.conf
server {
listen 80;
server_name mycheckweb.act.qq.com;
access_log off;
location / {
root /data/web/data/mycheckweb.act.qq.com;
index index.html;
}
location ~ health_status {
check_status;
allow 127.0.0.1;
allow 192.168.1.0/24;
deny all;
}
}# vim/usr/local/nginx/sbin/check_web.sh
#!/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
retval=`ping -c 3 mycheckweb.act.qq.com | awk '/received/ {print $4}'`
[[ ${retval} -eq 0 ]] && exit 1
retval=`curl -I -s "http://mycheckweb.act.qq.com" | grep "200 OK"`
if [[ "${retval}x" = "x" ]]; then
[[ -e /usr/local/nginx ]] && /sbin/service nginx restart >/dev/null 2>&1
fi#chmod +x/usr/local/nginx/sbin/check_web.sh
# crontab -e
*/5 * * * * (flock --timeout=0/var/lock/check_web.lock/usr/local/nginx/sbin/check_web.sh >/dev/null 2>&1)
#---------------------------------------------------------------------------------------------------------------------------------------------
11. Tengine 접근 로그 절단 및 정리
# vim/usr/local/nginx/sbin/cut_nginx_log.sh
#!/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
## the nginx access logs base path
WEBLOG_PATH="/data/logs/web"
retval=`ps aux | grep ngin[x] | wc -l`
if [ ${retval} -eq 0 ]; then
echo "The daemon process for nginx has no found."
exit 1
fi
## avoid errors for USR1 signal, and modify 750 privilege
chown -R nobody:nogroup /data/logs/{nginx,web}
chmod -R 750 /data/logs/{nginx,web}
## cut nginx access logs
for LOGFILE in `find ${WEBLOG_PATH} -type f -name access.log`
do
LOGPATH=`dirname ${LOGFILE}`
mv ${LOGPATH}/access.log ${LOGPATH}/access_$(date -d "yesterday" +"%Y-%m-%d").log
done
kill -USR1 `ps aux | grep nginx | awk '/master/{print $2}'`
## and then modify original privileges
chown -R nobody:nogroup /data/logs/{nginx,web}
chmod -R 640 /data/logs/{nginx,web}
## clear 10 days ago's nginx access logs
LOGFILE=access_$(date -d "10 days ago" +"%Y-%m-%d").log
find ${WEBLOG_PATH} -type f -name ${LOGFILE} -exec rm -f {} \;# crontab -e
00 00 * * */bin/bash/usr/local/nginx/sbin/cut_nginx_log.sh >/dev/null 2>&1
#---------------------------------------------------------------------------------------------------------------------------------------------
12. 시스템 최적화
### 네트워크 매개 변수 설정
# vim/etc/sysctl.conf
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 80000
net.core.somaxconn = 32768
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_intvl = 20
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.core.netdev_max_backlog = 32768
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_retries2 = 5
net.ipv4.tcp_mem = 41943040 73400320 94371840
net.ipv4.tcp_max_orphans = 3276800
fs.file-max = 1300000# sysctl -p
### 파일 설명자 설정
# echo "ulimit -SHn 65535">>/etc/profile
# source/etc/profile
#---------------------------------------------------------------------------------------------------------------------------------------------
13. 테스트
로컬 HOSTS 바인딩 액세스
http://mycheckweb.act.qq.com/health_status
이 내용에 흥미가 있습니까?
현재 기사가 여러분의 문제를 해결하지 못하는 경우 AI 엔진은 머신러닝 분석(스마트 모델이 방금 만들어져 부정확한 경우가 있을 수 있음)을 통해 가장 유사한 기사를 추천합니다:
Keepalived_tengine 는 discuz 부하 균형 과 높 은 사용 가능머리말 위의 블 로그 에 서 는 nginx 가 helh nginx 를check 기능 이 비 즈 니스 버 전에 들 어가 서 커 뮤 니 티 버 전의 nginx 가 부하 균형 을 이 루 고 백 엔 드 의 RS 호스트 에 ...
텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
CC BY-SA 2.5, CC BY-SA 3.0 및 CC BY-SA 4.0에 따라 라이센스가 부여됩니다.
좋은 웹페이지 즐겨찾기
