您好,登录后才能下订单哦!
# CentOS6.5环境安装nginx服务器及负载均衡配置的方法
## 前言
在当今互联网应用中,Nginx作为一款高性能的Web服务器和反向代理服务器,已经成为许多企业和开发者的首选。本文将详细介绍在CentOS6.5环境下安装Nginx服务器以及配置负载均衡的完整方法,帮助读者构建高可用的Web服务架构。
## 一、环境准备
### 1.1 系统要求
- 操作系统:CentOS 6.5(64位)
- 内存:至少512MB(建议1GB以上)
- 磁盘空间:至少10GB可用空间
- 网络连接:正常联网状态
### 1.2 更新系统
在开始安装前,建议先更新系统到最新状态:
```bash
yum update -y
yum upgrade -y
安装编译和系统管理所需的工具:
yum install -y wget gcc gcc-c++ make automake autoconf libtool pcre* zlib openssl openssl-devel
建议从Nginx官网获取稳定版本:
wget http://nginx.org/download/nginx-1.20.1.tar.gz
tar -zxvf nginx-1.20.1.tar.gz
cd nginx-1.20.1
执行以下命令进行编译安装:
./configure \
--prefix=/usr/local/nginx \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_realip_module \
--with-threads \
--with-stream \
--with-stream_ssl_module
make && make install
为了方便使用nginx命令,需要配置环境变量:
echo 'export PATH=$PATH:/usr/local/nginx/sbin' >> /etc/profile
source /etc/profile
创建Nginx的init脚本:
vi /etc/init.d/nginx
添加以下内容:
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemon
#
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /usr/local/nginx/conf/nginx.conf
# pidfile: /usr/local/nginx/logs/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/usr/local/nginx/sbin/nginx"
prog=$(basename $nginx)
NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"
[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
lockfile=/var/lock/subsys/nginx
make_dirs() {
# make required directories
user=`$nginx -V 2>&1 | grep "configure arguments:" | sed 's/[^*]*--user=\([^ ]*\).*/\1/g' -`
if [ -z "`grep $user /etc/passwd`" ]; then
useradd -M -s /bin/nologin $user
fi
options=`$nginx -V 2>&1 | grep 'configure arguments:'`
for opt in $options; do
if [ `echo $opt | grep '.*-temp-path'` ]; then
value=`echo $opt | cut -d "=" -f 2`
if [ ! -d "$value" ]; then
# echo "creating" $value
mkdir -p $value && chown -R $user $value
fi
fi
done
}
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
make_dirs
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
sleep 1
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
设置执行权限并添加服务:
chmod +x /etc/init.d/nginx
chkconfig --add nginx
chkconfig nginx on
service nginx start
检查Nginx是否正常运行:
curl -I 127.0.0.1
应该能看到类似以下的输出:
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 01 Jan 2023 00:00:00 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 01 Jan 2023 00:00:00 GMT
Connection: keep-alive
ETag: "xxxxxxxx-xxx"
Accept-Ranges: bytes
Nginx的主要配置文件位于:
/usr/local/nginx/conf/nginx.conf
典型的配置文件结构如下:
main # 全局配置
events # 工作模式配置
http # http设置
server # 服务器主机配置
location # 路由配置
server
location
upstream # 负载均衡配置
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
gzip on;
gzip_disable "msie6";
include /etc/nginx/conf.d/*.conf;
}
创建虚拟主机配置文件:
vi /usr/local/nginx/conf/conf.d/default.conf
添加以下内容:
server {
listen 80;
server_name localhost;
location / {
root /usr/local/nginx/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/nginx/html;
}
}
测试配置并重新加载:
nginx -t
service nginx reload
Nginx支持多种负载均衡算法: 1. 轮询(默认) 2. 加权轮询 3. IP哈希 4. 最少连接 5. 响应时间(商业版)
假设有三台后端服务器: - 192.168.1.101 - 192.168.1.102 - 192.168.1.103
编辑Nginx配置文件:
http {
upstream backend {
server 192.168.1.101;
server 192.168.1.102;
server 192.168.1.103;
}
server {
listen 80;
location / {
proxy_pass http://backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
upstream backend {
server 192.168.1.101 weight=3;
server 192.168.1.102 weight=2;
server 192.168.1.103 weight=1;
}
upstream backend {
ip_hash;
server 192.168.1.101;
server 192.168.1.102;
server 192.168.1.103;
}
upstream backend {
least_conn;
server 192.168.1.101;
server 192.168.1.102;
server 192.168.1.103;
}
Nginx可以通过max_fails和fail_timeout参数实现简单的健康检查:
upstream backend {
server 192.168.1.101 max_fails=3 fail_timeout=30s;
server 192.168.1.102 max_fails=3 fail_timeout=30s;
server 192.168.1.103 max_fails=3 fail_timeout=30s;
}
upstream backend {
server 192.168.1.101;
server 192.168.1.102;
server 192.168.1.103 backup;
}
upstream backend {
server 192.168.1.101 slow_start=30s;
server 192.168.1.102 slow_start=30s;
server 192.168.1.103 slow_start=30s;
}
worker_processes auto; # 自动设置为CPU核心数
worker_cpu_affinity auto; # CPU亲和性
worker_rlimit_nofile 65535; # 文件描述符限制
events {
worker_connections 65535;
multi_accept on;
use epoll;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
keepalive_requests 1000;
client_header_timeout 10;
client_body_timeout 10;
reset_timedout_connection on;
send_timeout 2;
}
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m inactive=60m use_temp_path=off;
server {
location / {
proxy_cache my_cache;
proxy_pass http://backend;
proxy_cache_valid 200 302 10m;
proxy_cache_valid 404 1m;
}
}
server_tokens off;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "default-src 'self'";
server {
listen 443 ssl;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
}
可能原因: 1. 端口被占用
netstat -tulnp | grep :80
nginx -t
chown -R nginx:nginx /usr/local/nginx
可能原因: 1. 后端服务未启动 2. 防火墙阻止连接
iptables -L -n
优化建议: 1. 调整worker_processes和worker_connections 2. 启用keepalive 3. 使用gzip压缩 4. 配置缓存
查看访问日志:
tail -f /var/log/nginx/access.log
分析流量:
awk '{print $1}' /var/log/nginx/access.log | sort | uniq -c | sort -nr | head -n 10
启用Nginx状态模块:
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
访问结果示例:
Active connections: 3
server accepts handled requests
100 100 200
Reading: 0 Writing: 1 Waiting: 2
配置logrotate:
vi /etc/logrotate.d/nginx
添加内容:
/var/log/nginx/*.log {
daily
missingok
rotate 30
compress
delaycompress
notifempty
create 640 nginx adm
sharedscripts
postrotate
[ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid`
endscript
}
本文详细介绍了在CentOS6.5环境下安装Nginx服务器以及配置负载均衡的完整流程。从环境准备、Nginx安装、基础配置到负载均衡的各种策略,再到性能优化和安全配置,涵盖了构建生产级Nginx服务所需的主要知识点。通过合理的配置和优化,Nginx能够高效地处理大量并发连接,为Web应用提供稳定可靠的服务。
在实际应用中,还需要根据具体业务需求调整配置参数,并定期监控服务器状态,确保服务的高可用性。随着业务增长,可以考虑引入更高级的负载均衡策略和集群管理方案,如使用Nginx Plus或结合Kubernetes等容器编排工具。
service nginx start
service nginx stop
service nginx restart
service nginx reload
nginx -t
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。