基于Tengine的反向代理详细配置

SUSE Linux Enterprise Server 10 SP1 (x86_64)

注:所有软件包都放置在/data/software目录下

nginx_tcp_proxy_module:

https://github.com/yaoweibin/nginx_tcp_proxy_module 

nginx-hmux-module:

https://github.com/wangbin579/nginx-hmux-module

ngx_cache_purge:

#---------------------------------------------------------------------------------------------------------------------------------------------

1、内存管理库

# tar -zxvf libunwind-1.0.1.tar.gz

# cd libunwind-1.0.1

# LAGS=-fPIC ./configure --prefix=/usr/local

# make LAGS=-fPIC

# make LAGS=-fPIC install


# tar -zxvf gperftools-2.0.tar.gz

# cd gperftools-2.0

# ./configure --prefix=/usr/local

# make && make install


#---------------------------------------------------------------------------------------------------------------------------------------------

2、正则库

# tar -xvzf pcre-8.32.tar.gz

# cd pcre-8.32

# LAGS=-fPIC ./configure --prefix=/usr/local

# make LAGS=-fPIC

# make LAGS=-fPIC install


#---------------------------------------------------------------------------------------------------------------------------------------------

3、OpenSSL库

# tar xvzf openssl-1.0.1g.tar.gz

# cd openssl-1.0.1g

# ./config shared --prefix=/usr/local

# make && make install


#---------------------------------------------------------------------------------------------------------------------------------------------

4、IP地理位置定位组件

# tar xvzf GeoIP-latest.tar.gz

# cd GeoIP-1.5.0

# ./configure --prefix=/usr/local

# make && make install


#---------------------------------------------------------------------------------------------------------------------------------------------

5、相关目录创建

# mkdir -p /data/nginx_temp/{nginx_client,nginx_proxy,nginx_fastcgi,nginx_temp,nginx_cache}

# mkdir -p /data/logs/{nginx,web} /data/web/{data,conf}


#---------------------------------------------------------------------------------------------------------------------------------------------

6、Tengine编译安装

# tar xvzf nginx-hmux-module-1.3.tar.gz

# tar xvzf nginx_tcp_proxy_module-0.4.5.tar.gz


# tar xvzf tengine-1.5.2.tar.gz

# cd tengine-1.5.2

# patch -p1 < ../nginx_tcp_proxy_module-0.4.5/tcp.patch


# ./configure --prefix=/usr/local/nginx \

--lock-path=/var/lock/nginx.lock \

--pid-path=/var/run/nginx.pid \

--error-log-path=/data/logs/nginx/error.log \

--http-log-path=/data/logs/nginx/access.log \

--user=nobody \

--group=nogroup \

--with-pcre=../pcre-8.32 \

--with-pcre-opt=-fPIC \

--with-openssl=../openssl-1.0.1g \

--with-openssl-opt=-fPIC \

--with-backtrace_module \

--with-http_stub_status_module \

--with-http_gzip_static_module \

--with-http_realip_module \

--with-http_concat_module=shared \

--with-http_sysguard_module=shared \

--with-http_limit_conn_module=shared \

--with-http_limit_req_module=shared \

--with-http_split_clients_module=shared \

--with-http_footer_filter_module=shared \

--with-http_geoip_module=shared \

--with-http_sub_module=shared \

--with-http_access_module=shared \

--with-http_upstream_ip_hash_module=shared \

--with-http_upstream_least_conn_module=shared \

--with-http_referer_module=shared \

--with-http_rewrite_module=shared \

--with-http_memcached_module=shared \

--with-http_upstream_session_sticky_module=shared \

--with-http_addition_module=shared \

--with-http_xslt_module=shared \

--with-http_image_filter_module=shared \

--with-http_user_agent_module=shared \

--with-http_empty_gif_module=shared \

--with-http_browser_module=shared \

--with-google_perftools_module \

--with-http_map_module=shared \

--with-http_userid_filter_module=shared \

--with-http_charset_filter_module=shared \

--with-http_trim_filter_module=shared \

--with-http_lua_module=shared \

--without-http_fastcgi_module \

--without-http_uwsgi_module \

--without-http_scgi_module \

--without-select_module \

--without-poll_module \

--add-module=../nginx-hmux-module-1.3 \

--add-module=../nginx_tcp_proxy_module-0.4.5 \

--with-ld-opt='-ltcmalloc_minimal' \

--http-client-body-temp-path=/data/nginx_temp/nginx_client \

--http-proxy-temp-path=/data/nginx_temp/nginx_proxy \

--http-fastcgi-temp-path=/data/nginx_temp/nginx_fastcgi


# make && make install


#---------------------------------------------------------------------------------------------------------------------------------------------

7、Tengine缓存刷新模块

# cd /data/software

# tar xvzf ngx_cache_purge-2.0.tar.gz

# ./dso_tool --add-module=/data/software/ngx_cache_purge-2.0


#---------------------------------------------------------------------------------------------------------------------------------------------

8、Tengine配置

# rm -f /usr/local/nginx/html/*.html

# rm -f /usr/local/nginx/conf/*.default

# mkdir /usr/local/nginx/conf/SET


# vim /usr/local/nginx/conf/nginx.conf

user nobody nogroup;

worker_processes auto;

worker_cpu_affinity auto;

error_log /data/logs/nginx/error.log crit;

pid /var/run/nginx.pid;

google_perftools_profiles /var/tmp/tcmalloc;

worker_rlimit_nofile 65535;

dso {

load ngx_http_rewrite_module.so;

load ngx_http_access_module.so;

load ngx_http_concat_module.so;

load ngx_http_limit_conn_module.so;

load ngx_http_limit_req_module.so;

load ngx_http_sysguard_module.so;

load ngx_http_upstream_session_sticky_module.so;

load ngx_http_cache_purge_module.so;

load ngx_http_trim_filter_module.so;

}

events {

use epoll;

worker_connections 10240;

}

http {

server_tokens off;

server_tag off;

autoindex off;

access_log off;

include mime.types;

default_type application/octet-stream;

server_names_hash_bucket_size 128;

client_header_buffer_size 32k;

large_client_header_buffers 4 32k;

client_max_body_size 10m;

client_body_buffer_size 256k;

sendfile on;

tcp_nopush on;

keepalive_timeout 60;

tcp_nodelay on;

gzip on;

gzip_min_length 1k;

gzip_buffers 4 16k;

gzip_http_version 1.0;

gzip_comp_level 2;

gzip_types text/plain application/x-javascript text/css application/xml;

gzip_vary on;

proxy_connect_timeout 600;

proxy_read_timeout 600;

proxy_send_timeout 600;

proxy_buffer_size 128k;

proxy_buffers 4 128k;

proxy_busy_buffers_size 256k;

proxy_temp_file_write_size 256k;

proxy_headers_hash_max_size 1024;

proxy_headers_hash_bucket_size 128;

proxy_redirect off;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_temp_path /data/nginx_temp/nginx_temp;

proxy_cache_path /data/nginx_temp/nginx_cache levels=1:2 keys_zone=cache_one:2048m inactive=30m max_size=60g;

# backend web server address pool

include SET/*.conf;

log_format access '$remote_addr - $remote_user [$time_local] "$request"'

'$status $body_bytes_sent "$http_referer"'

'"$http_user_agent" $http_x_forwarded_for';

# system resource overload protect

server {

sysguard on;

sysguard_load load=10.5 action=/loadlimit;

sysguard_mem swapratio=20% action=/swaplimit;

sysguard_mem free=100M action=/freelimit;

location /loadlimit {

return 503;

}

location /swaplimit {

return 503;

}

location /freelimit {

return 503;

}

}

# refuse request server by ipaddr

server {

server_name _;

return 404;

}

# web page cache and proxy setting

include /data/web/conf/*.conf;

}


# vim /usr/local/nginx/conf/SET/NORTH1.conf

upstream NORTH1_SERVER_PROXY {

consistent_hash $request_uri;

server 192.168.1.101:80 weight=1;

server 192.168.1.102:80 weight=1;

server 192.168.1.103:80 weight=1;

server 192.168.1.104:80 weight=1;

session_sticky;

check interval=3000 rise=2 fall=5 timeout=1000 type=http;

check_http_send "GET / HTTP/1.0\r\n\r\n";

check_http_expect_alive http_2xx http_3xx;

}


# mkdir -p /data/logs/web/test.qq.com


# vim /data/web/conf/test.qq.com.conf

server {

listen 80;

server_name test.qq.com;

index index.html index.htm index.php;

root /data/nginx_temp/nginx_cache;

access_log on;

trim on;

trim_jscss on;

location / {

proxy_next_upstream http_500 http_502 http_503 http_504 error timeout invalid_header;

proxy_pass ;

#存在静态首页时,才需添加此规则

if (-d $request_filename) {

rewrite ^/(.*)$ $host/index.html break;

}

}

location ~ .*\. (php)?$ {

proxy_next_upstream http_500 http_502 http_503 http_504 error timeout invalid_header;

proxy_pass ;

}

location ~ /purge(/.*) {

allow 127.0.0.1;

allow 192.168.1.0/24;

deny all;

proxy_cache_purge cache_one $host$1$is_args$args;

}

location ~ .*\.(htm|html|js|css|gif|jpg|jpeg|png|bmp|ico|swf|flv)$ {

proxy_next_upstream http_500 http_502 http_503 http_504 error timeout invalid_header;

proxy_cache cache_one;

proxy_cache_valid 200 304 15m;

proxy_cache_valid 301 302 10m;

proxy_cache_valid any 1m;

proxy_cache_key $host$uri$is_args$args;

add_header Ten-webcache '$upstream_cache_status from $host';

proxy_pass ;

expires 30m;

}

location ~ /\.ht {

deny all;

}

access_log /data/logs/web/test.qq.com/access.log access;

}


#---------------------------------------------------------------------------------------------------------------------------------------------


9、Tengine启动脚本

# vim /etc/init.d/nginx

#!/bin/sh

#

# nginx - this script start and stop the nginx daemon

#

# chkconfig: 2345 55 25

# description: Startup script for nginx

# processname: nginx

# config: /usr/local/nginx/conf/nginx.conf

# pidfile: /var/run/nginx.pid

#

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

DAEMON=/usr/local/nginx/sbin/nginx

CONFIGFILE=/usr/local/nginx/conf/nginx.conf

PIDFILE=/var/run/nginx.pid

SCRIPTNAME=/etc/init.d/nginx

LOCKFILE=/var/lock/nginx.lock

set -e

[ -x "$DAEMON" ] || exit 0

start() {

echo "Startting Nginx......"

[ -x $DAEMON ] || exit 5

[ -f $CONFIGFILE ] || exit 6

$DAEMON -c $CONFIGFILE || echo -n "Nginx already running!"

[ $? -eq 0 ] && touch $LOCKFILE

}

stop() {

echo "Stopping Nginx......"

MPID=`ps aux | grep nginx | awk '/master/{print $2}'`

if [ "${MPID}X" != "X" ]; then

kill -QUIT $MPID

[ $? -eq 0 ] && rm -f $LOCKFILE

else

echo "Nginx server is not running!"

fi

}

reload() {

echo "Reloading Nginx......"

MPID=`ps aux | grep nginx | awk '/master/{print $2}'`

if [ "${MPID}X" != "X" ]; then

kill -HUP $MPID

else

echo "Nginx can't reload!"

fi

}

case "$1" in

start)

start

;;

stop)

stop

;;

reload)

reload

;;

restart)

stop

sleep 1

start

;;

*)

echo "Usage: $SCRIPTNAME {start|stop|reload|restart}"

exit 3

;;

esac

exit 0


# chmod +x /etc/init.d/nginx


# chkconfig --add nginx

# service nginx start


#---------------------------------------------------------------------------------------------------------------------------------------------

10、Tengine健康检测

# mkdir -p /data/web/data/mycheckweb.act.qq.com

# echo "OK" > /data/web/data/mycheckweb.act.qq.com/index.html

# echo "你的内网IP    mycheckweb.act.qq.com" >> /etc/hosts

# touch /var/lock/check_web.lock


#vim /data/web/conf/checkweb_for_nginx.conf

server {

listen 80;

server_name mycheckweb.act.qq.com;

access_log off;

location / {

root /data/web/data/mycheckweb.act.qq.com;

index index.html;

}

location ~ health_status {

check_status;

allow 127.0.0.1;

allow 192.168.1.0/24;

deny all;

}

}


# vim /usr/local/nginx/sbin/check_web.sh

#!/bin/bash

PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin

retval=`ping -c 3 mycheckweb.act.qq.com | awk '/received/ {print $4}'`

[[ ${retval} -eq 0 ]] && exit 1

retval=`curl -I -s "http://mycheckweb.act.qq.com" | grep "200 OK"`

if [[ "${retval}x" = "x" ]]; then

[[ -e /usr/local/nginx ]] && /sbin/service nginx restart >/dev/null 2>&1

fi


#chmod +x /usr/local/nginx/sbin/check_web.sh

# crontab -e

*/5 * * * * (flock --timeout=0 /var/lock/check_web.lock /usr/local/nginx/sbin/check_web.sh >/dev/null 2>&1)


#---------------------------------------------------------------------------------------------------------------------------------------------

11、Tengine访问日志切割与清理

# vim /usr/local/nginx/sbin/cut_nginx_log.sh

#!/bin/bash

PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin

## the nginx access logs base path

WEBLOG_PATH="/data/logs/web"

retval=`ps aux | grep ngin[x] | wc -l`

if [ ${retval} -eq 0 ]; then

echo "The daemon process for nginx has no found."

exit 1

fi

## avoid errors for USR1 signal, and modify 750 privilege

chown -R nobody:nogroup /data/logs/{nginx,web}

chmod -R 750 /data/logs/{nginx,web}

## cut nginx access logs

for LOGFILE in `find ${WEBLOG_PATH} -type f -name access.log`

do

LOGPATH=`dirname ${LOGFILE}`

mv ${LOGPATH}/access.log ${LOGPATH}/access_$(date -d "yesterday" +"%Y-%m-%d").log

done

kill -USR1 `ps aux | grep nginx | awk '/master/{print $2}'`

## and then modify original privileges

chown -R nobody:nogroup /data/logs/{nginx,web}

chmod -R 640 /data/logs/{nginx,web}

## clear 10 days ago's nginx access logs

LOGFILE=access_$(date -d "10 days ago" +"%Y-%m-%d").log

find ${WEBLOG_PATH} -type f -name ${LOGFILE} -exec rm -f {} \;


# crontab -e


00 00 * * * /bin/bash /usr/local/nginx/sbin/cut_nginx_log.sh >/dev/null 2>&1


#---------------------------------------------------------------------------------------------------------------------------------------------

12、系统优化

##网络参数设置

# vim /etc/sysctl.conf

net.ipv4.tcp_syncookies = 1

net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_tw_recycle = 1

net.ipv4.tcp_fin_timeout = 30

net.ipv4.tcp_keepalive_time = 1200

net.ipv4.ip_local_port_range = 1024 65000

net.ipv4.tcp_max_syn_backlog = 8192

net.ipv4.tcp_max_tw_buckets = 80000

net.core.somaxconn = 32768

net.ipv4.tcp_keepalive_probes = 5

net.ipv4.tcp_keepalive_intvl = 20

net.core.wmem_default = 8388608

net.core.rmem_default = 8388608

net.core.rmem_max = 16777216

net.core.wmem_max = 16777216

net.ipv4.tcp_rmem = 4096 87380 16777216

net.ipv4.tcp_wmem = 4096 65536 16777216

net.core.netdev_max_backlog = 32768

net.ipv4.tcp_timestamps = 0

net.ipv4.tcp_synack_retries = 2

net.ipv4.tcp_syn_retries = 2

net.ipv4.tcp_retries2 = 5

net.ipv4.tcp_mem = 41943040 73400320 94371840

net.ipv4.tcp_max_orphans = 3276800

fs.file-max = 1300000


# sysctl -p

## 文件描述符设置

# echo "ulimit -SHn 65535" >> /etc/profile

# source /etc/profile

#---------------------------------------------------------------------------------------------------------------------------------------------

13、测试

本地HOSTS绑定访问

相关阅读

CentOS 6.4制作Tengine的rpm包

Tengine动态开启模块试用

CentOS 6.3用ICC编译PHP5.4.8+Percona5.5.27+Tengine1.4.1

基于淘宝Tengine和Scribe的WEB日志收集方案

基于Tengine部署LNMP环境

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/024600d94fbb62d5103443724c025fbb.html