CentOS6.5环境安装nginx服务器及负载均衡配置的方法

发布时间:2022-04-29 16:27:17 作者:iii
来源:亿速云 阅读:122
# CentOS6.5环境安装nginx服务器负载均衡配置的方法

## 前言

在当今互联网应用中,Nginx作为一款高性能的Web服务器和反向代理服务器,已经成为许多企业和开发者的首选。本文将详细介绍在CentOS6.5环境下安装Nginx服务器以及配置负载均衡的完整方法,帮助读者构建高可用的Web服务架构。

## 一、环境准备

### 1.1 系统要求

- 操作系统:CentOS 6.5(64位)
- 内存:至少512MB(建议1GB以上)
- 磁盘空间:至少10GB可用空间
- 网络连接:正常联网状态

### 1.2 更新系统

在开始安装前,建议先更新系统到最新状态:

```bash
yum update -y
yum upgrade -y

1.3 安装必要工具

安装编译和系统管理所需的工具:

yum install -y wget gcc gcc-c++ make automake autoconf libtool pcre* zlib openssl openssl-devel

二、Nginx安装

2.1 下载Nginx源码包

建议从Nginx官网获取稳定版本:

wget http://nginx.org/download/nginx-1.20.1.tar.gz
tar -zxvf nginx-1.20.1.tar.gz
cd nginx-1.20.1

2.2 编译安装Nginx

执行以下命令进行编译安装:

./configure \
--prefix=/usr/local/nginx \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_realip_module \
--with-threads \
--with-stream \
--with-stream_ssl_module

make && make install

2.3 配置环境变量

为了方便使用nginx命令,需要配置环境变量:

echo 'export PATH=$PATH:/usr/local/nginx/sbin' >> /etc/profile
source /etc/profile

2.4 创建系统服务

创建Nginx的init脚本:

vi /etc/init.d/nginx

添加以下内容:

#!/bin/sh
#
# nginx - this script starts and stops the nginx daemon
#
# chkconfig:   - 85 15
# description:  Nginx is an HTTP(S) server, HTTP(S) reverse \
#               proxy and IMAP/POP3 proxy server
# processname: nginx
# config:      /usr/local/nginx/conf/nginx.conf
# pidfile:     /usr/local/nginx/logs/nginx.pid

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0

nginx="/usr/local/nginx/sbin/nginx"
prog=$(basename $nginx)

NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"

[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx

lockfile=/var/lock/subsys/nginx

make_dirs() {
   # make required directories
   user=`$nginx -V 2>&1 | grep "configure arguments:" | sed 's/[^*]*--user=\([^ ]*\).*/\1/g' -`
   if [ -z "`grep $user /etc/passwd`" ]; then
       useradd -M -s /bin/nologin $user
   fi
   options=`$nginx -V 2>&1 | grep 'configure arguments:'`
   for opt in $options; do
       if [ `echo $opt | grep '.*-temp-path'` ]; then
           value=`echo $opt | cut -d "=" -f 2`
           if [ ! -d "$value" ]; then
               # echo "creating" $value
               mkdir -p $value && chown -R $user $value
           fi
       fi
   done
}

start() {
    [ -x $nginx ] || exit 5
    [ -f $NGINX_CONF_FILE ] || exit 6
    make_dirs
    echo -n $"Starting $prog: "
    daemon $nginx -c $NGINX_CONF_FILE
    retval=$?
    echo
    [ $retval -eq 0 ] && touch $lockfile
    return $retval
}

stop() {
    echo -n $"Stopping $prog: "
    killproc $prog -QUIT
    retval=$?
    echo
    [ $retval -eq 0 ] && rm -f $lockfile
    return $retval
}

restart() {
    configtest || return $?
    stop
    sleep 1
    start
}

reload() {
    configtest || return $?
    echo -n $"Reloading $prog: "
    killproc $nginx -HUP
    RETVAL=$?
    echo
}

force_reload() {
    restart
}

configtest() {
  $nginx -t -c $NGINX_CONF_FILE
}

rh_status() {
    status $prog
}

rh_status_q() {
    rh_status >/dev/null 2>&1
}

case "$1" in
    start)
        rh_status_q && exit 0
        $1
        ;;
    stop)
        rh_status_q || exit 0
        $1
        ;;
    restart|configtest)
        $1
        ;;
    reload)
        rh_status_q || exit 7
        $1
        ;;
    force-reload)
        force_reload
        ;;
    status)
        rh_status
        ;;
    condrestart|try-restart)
        rh_status_q || exit 0
            ;;
    *)
        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
        exit 2
esac

设置执行权限并添加服务:

chmod +x /etc/init.d/nginx
chkconfig --add nginx
chkconfig nginx on

2.5 启动Nginx服务

service nginx start

2.6 验证安装

检查Nginx是否正常运行:

curl -I 127.0.0.1

应该能看到类似以下的输出:

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 01 Jan 2023 00:00:00 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 01 Jan 2023 00:00:00 GMT
Connection: keep-alive
ETag: "xxxxxxxx-xxx"
Accept-Ranges: bytes

三、Nginx基础配置

3.1 配置文件结构

Nginx的主要配置文件位于:

/usr/local/nginx/conf/nginx.conf

典型的配置文件结构如下:

main        # 全局配置
events     # 工作模式配置
http       # http设置
    server    # 服务器主机配置
        location  # 路由配置
    server
        location
    upstream # 负载均衡配置

3.2 基本配置示例

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    tcp_nopush     on;
    tcp_nodelay    on;
    keepalive_timeout  65;
    types_hash_max_size 2048;

    gzip  on;
    gzip_disable "msie6";

    include /etc/nginx/conf.d/*.conf;
}

3.3 虚拟主机配置

创建虚拟主机配置文件:

vi /usr/local/nginx/conf/conf.d/default.conf

添加以下内容:

server {
    listen       80;
    server_name  localhost;

    location / {
        root   /usr/local/nginx/html;
        index  index.html index.htm;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/local/nginx/html;
    }
}

测试配置并重新加载:

nginx -t
service nginx reload

四、负载均衡配置

4.1 负载均衡概述

Nginx支持多种负载均衡算法: 1. 轮询(默认) 2. 加权轮询 3. IP哈希 4. 最少连接 5. 响应时间(商业版)

4.2 基本负载均衡配置

假设有三台后端服务器: - 192.168.1.101 - 192.168.1.102 - 192.168.1.103

编辑Nginx配置文件:

http {
    upstream backend {
        server 192.168.1.101;
        server 192.168.1.102;
        server 192.168.1.103;
    }

    server {
        listen 80;
        
        location / {
            proxy_pass http://backend;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }
}

4.3 加权轮询配置

upstream backend {
    server 192.168.1.101 weight=3;
    server 192.168.1.102 weight=2;
    server 192.168.1.103 weight=1;
}

4.4 IP哈希配置

upstream backend {
    ip_hash;
    server 192.168.1.101;
    server 192.168.1.102;
    server 192.168.1.103;
}

4.5 最少连接配置

upstream backend {
    least_conn;
    server 192.168.1.101;
    server 192.168.1.102;
    server 192.168.1.103;
}

4.6 健康检查配置

Nginx可以通过max_fails和fail_timeout参数实现简单的健康检查:

upstream backend {
    server 192.168.1.101 max_fails=3 fail_timeout=30s;
    server 192.168.1.102 max_fails=3 fail_timeout=30s;
    server 192.168.1.103 max_fails=3 fail_timeout=30s;
}

4.7 高级负载均衡配置

4.7.1 备份服务器

upstream backend {
    server 192.168.1.101;
    server 192.168.1.102;
    server 192.168.1.103 backup;
}

4.7.2 慢启动

upstream backend {
    server 192.168.1.101 slow_start=30s;
    server 192.168.1.102 slow_start=30s;
    server 192.168.1.103 slow_start=30s;
}

五、性能优化

5.1 工作进程优化

worker_processes auto; # 自动设置为CPU核心数
worker_cpu_affinity auto; # CPU亲和性
worker_rlimit_nofile 65535; # 文件描述符限制

5.2 连接优化

events {
    worker_connections 65535;
    multi_accept on;
    use epoll;
}

5.3 HTTP优化

http {
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    keepalive_requests 1000;
    client_header_timeout 10;
    client_body_timeout 10;
    reset_timedout_connection on;
    send_timeout 2;
}

5.4 Gzip压缩

gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

5.5 缓存优化

proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m inactive=60m use_temp_path=off;

server {
    location / {
        proxy_cache my_cache;
        proxy_pass http://backend;
        proxy_cache_valid 200 302 10m;
        proxy_cache_valid 404 1m;
    }
}

六、安全配置

6.1 隐藏Nginx版本信息

server_tokens off;

6.2 防止点击劫持

add_header X-Frame-Options "SAMEORIGIN";

6.3 XSS保护

add_header X-XSS-Protection "1; mode=block";

6.4 内容安全策略

add_header Content-Security-Policy "default-src 'self'";

6.5 SSL配置

server {
    listen 443 ssl;
    ssl_certificate /path/to/cert.pem;
    ssl_certificate_key /path/to/key.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
}

七、常见问题解决

7.1 启动失败

可能原因: 1. 端口被占用

   netstat -tulnp | grep :80
  1. 配置文件语法错误
    
    nginx -t
    
  2. 权限问题
    
    chown -R nginx:nginx /usr/local/nginx
    

7.2 502 Bad Gateway

可能原因: 1. 后端服务未启动 2. 防火墙阻止连接

   iptables -L -n
  1. PHP-FPM配置问题

7.3 性能问题

优化建议: 1. 调整worker_processes和worker_connections 2. 启用keepalive 3. 使用gzip压缩 4. 配置缓存

7.4 日志分析

查看访问日志:

tail -f /var/log/nginx/access.log

分析流量:

awk '{print $1}' /var/log/nginx/access.log | sort | uniq -c | sort -nr | head -n 10

八、监控与维护

8.1 状态监控

启用Nginx状态模块:

location /nginx_status {
    stub_status on;
    access_log off;
    allow 127.0.0.1;
    deny all;
}

访问结果示例:

Active connections: 3 
server accepts handled requests
 100 100 200 
Reading: 0 Writing: 1 Waiting: 2 

8.2 日志轮转

配置logrotate:

vi /etc/logrotate.d/nginx

添加内容:

/var/log/nginx/*.log {
    daily
    missingok
    rotate 30
    compress
    delaycompress
    notifempty
    create 640 nginx adm
    sharedscripts
    postrotate
        [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid`
    endscript
}

8.3 性能监控工具

  1. nginx-module-vts
  2. ngxtop
  3. GoAccess

九、总结

本文详细介绍了在CentOS6.5环境下安装Nginx服务器以及配置负载均衡的完整流程。从环境准备、Nginx安装、基础配置到负载均衡的各种策略,再到性能优化和安全配置,涵盖了构建生产级Nginx服务所需的主要知识点。通过合理的配置和优化,Nginx能够高效地处理大量并发连接,为Web应用提供稳定可靠的服务。

在实际应用中,还需要根据具体业务需求调整配置参数,并定期监控服务器状态,确保服务的高可用性。随着业务增长,可以考虑引入更高级的负载均衡策略和集群管理方案,如使用Nginx Plus或结合Kubernetes等容器编排工具。

附录

A. 常用命令

B. 参考资料

  1. Nginx官方文档:https://nginx.org/en/docs/
  2. Nginx配置指南:https://www.nginx.com/resources/wiki/
  3. CentOS官方文档:https://www.centos.org/docs/

C.

推荐阅读:
  1. CentOS6.5系统中如何配置Nginx服务器
  2. CentOS6.5环境如何安装nginx服务器及配置负载均衡

免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。

centos nginx

上一篇:Linux环境下怎么安装及使用Nginx

下一篇:在lnmp环境中的nginx怎么编译安装

相关阅读

您好,登录后才能下订单哦!

密码登录
登录注册
其他方式登录
点击 登录注册 即表示同意《亿速云用户服务条款》