nginx不停服务平滑升级和反向代理

1.平滑升级(热升级)

# 查看当前 nginx 的版本以及安装了哪些功能模块
[root@node1 ~]# nginx -V
nginx version: nginx/1.22.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 1.0.2k-fips  26 Jan 2017
TLS SNI support enabled
configure arguments: --user=nginx --group=nginx --with-http_ssl_module

# 进入 nginx 启动目录备份二进制文件
[root@node1 ~]# cd /usr/local/nginx/sbin/
[root@node1 sbin]# ls
nginx
[root@node1 sbin]# cp nginx nginx.bak
[root@node1 sbin]# ls
nginx  nginx.bak
[root@node1 sbin]#

# 下载新的源码包，开始编译，此处从1.22升级至1.23，只能 make ，千万不能执行 make install
[root@node1 ~]# cd /usr/src/
[root@node1 src]# ls
debug  kernels  nginx-1.22.0  nginx-1.22.0.tar.gz  nginx-1.23.1.tar.gz
[root@node1 src]# tar xf nginx-1.23.1.tar.gz
[root@node1 src]# cd nginx-1.23.1
[root@node1 nginx-1.23.1]# ls
auto  CHANGES  CHANGES.ru  conf  configure  contrib  html  LICENSE  man  README  src
[root@node1 nginx-1.23.1]# ./configure --user=nginx --group=nginx --with-http_ssl_module
[root@node1 nginx-1.23.1]# make
[root@node1 nginx-1.23.1]# cd objs/
[root@node1 objs]# ls     # 编译过后，objs 目录下会生成二进制启动文件
autoconf.err  Makefile  nginx  nginx.8  ngx_auto_config.h  ngx_auto_headers.h  ngx_modules.c  ngx_modules.o  src
[root@node1 objs]# ./nginx -V   # 可以看到这里的二进制文件是1.23版本
nginx version: nginx/1.23.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 1.0.2k-fips  26 Jan 2017
TLS SNI support enabled
configure arguments: --user=nginx --group=nginx --with-http_ssl_module


## 开始进行平滑升级，首先替换二进制启动文件
[root@node1 objs]# cp nginx /usr/local/nginx/sbin/
cp: overwrite ‘/usr/local/nginx/sbin/nginx’?

## 向旧的 master 进程发送 USR2 信号
[root@node1 objs]# ps -ef|grep nginx
root      19458      1  0 22:09 ?        00:00:00 nginx: master process nginx
nginx     19459  19458  0 22:09 ?        00:00:00 nginx: worker process
root      22131   3673  0 22:31 pts/0    00:00:00 grep --color=auto nginx
[root@node1 objs]# kill -USR2 19458
[root@node1 objs]# ps -ef|grep nginx  # 此时可以看到生成了新的 master 和 worker 进程，老的还没退出，但是不会再接收新的请求
root      19458      1  0 22:09 ?        00:00:00 nginx: master process nginx
nginx     19459  19458  0 22:09 ?        00:00:00 nginx: worker process
root      22132  19458  0 22:31 ?        00:00:00 nginx: master process nginx
nginx     22133  22132  0 22:31 ?        00:00:00 nginx: worker process
root      22135   3673  0 22:31 pts/0    00:00:00 grep --color=auto nginx

## 向老的master进程发信号，告诉它关闭其worker进程，实现优雅地退出
[root@node1 objs]# kill -WINCH 19458
[root@node1 objs]# ps -ef|grep nginx  # 可以看到老的master进程还在但是没有worker进程了，用于出现问题时回滚老版本，并不会自动退出。
root      19458      1  0 22:09 ?        00:00:00 nginx: master process nginx
root      22132  19458  0 22:31 ?        00:00:00 nginx: master process nginx
nginx     22133  22132  0 22:31 ?        00:00:00 nginx: worker process
root      22140   3673  0 22:47 pts/0    00:00:00 grep --color=auto nginx

## 升级完成，运行一段时间后，觉得没有问题，直接退出老的 master 进程
[root@node1 objs]# kill -QUIT 19458
[root@node1 objs]# ps -ef|grep nginx
root      22132      1  0 22:31 ?        00:00:00 nginx: master process nginx
nginx     22133  22132  0 22:31 ?        00:00:00 nginx: worker process
root      22151   3673  0 22:52 pts/0    00:00:00 grep --color=auto nginx


### 回退，使用命令 kill -HUP PID，但是前提是老的 master 进程还没有退出，才能发送 HUP 信号

2.反向代理

使用 nginx 作为反向代理服务器，将流量转发到后端的 tomcat 服务器。
实验环境如下：

[root@node1 conf]# pwd
/usr/local/nginx/conf
[root@node1 conf]# vi nginx.conf
http {
.......  
    upstream tomcatserver {     # 在 http 此段中加入 upstream字段用来实现反向代理，转发tomcat，示例中的 “tomcatserver”不能带有下划线，否则会报错
        server 192.168.40.130:8080;
        server 192.168.40.130:8088;
    }

    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
        proxy_pass http://tomcatserver;   # 此处加入 proxy_pass 字段，用来将流量转发到后端
            root   html;
            index  index.html index.htm;
        }
}
.......

实际访问效果


看一下 tomcat 访问日志

[root@node2 logs]# pwd
/usr/local/apache-tomcat-9.0.54/logs
[root@node2 logs]# tail -f localhost_access_log.2022-10-06.txt
192.168.40.1 - - [06/Oct/2022:22:26:44 +0800] "GET / HTTP/1.1" 200 11156
192.168.40.129 - - [06/Oct/2022:22:28:24 +0800] "GET / HTTP/1.0" 400 2190
192.168.40.1 - - [06/Oct/2022:22:28:42 +0800] "GET / HTTP/1.1" 200 11156
192.168.40.1 - - [06/Oct/2022:22:28:42 +0800] "GET /favicon.ico HTTP/1.1" 200 21630
192.168.40.129 - - [06/Oct/2022:22:34:06 +0800] "GET / HTTP/1.0" 200 11136
192.168.40.129 - - [06/Oct/2022:22:34:07 +0800] "GET / HTTP/1.0" 200 11136
192.168.40.129 - - [06/Oct/2022:22:34:10 +0800] "GET / HTTP/1.0" 200 11136
192.168.40.129 - - [06/Oct/2022:22:34:12 +0800] "GET / HTTP/1.0" 200 11136
192.168.40.129 - - [06/Oct/2022:22:35:20 +0800] "GET / HTTP/1.0" 200 11136
192.168.40.129 - - [06/Oct/2022:23:00:50 +0800] "GET / HTTP/1.0" 200 11136






192.168.40.129 - - [06/Oct/2022:23:05:18 +0800] "GET / HTTP/1.0" 200 11136


[root@node2 logs]# pwd
/usr/local/apache-tomcat-8.5.9/logs
[root@node2 logs]# tail -f localhost_access_log.2022-10-06.txt
192.168.40.129 - - [06/Oct/2022:22:24:22 +0800] "GET / HTTP/1.0" 200 11228
192.168.40.129 - - [06/Oct/2022:22:24:23 +0800] "GET / HTTP/1.0" 200 11228
192.168.40.129 - - [06/Oct/2022:22:24:33 +0800] "GET / HTTP/1.0" 200 11228
192.168.40.129 - - [06/Oct/2022:22:25:59 +0800] "GET / HTTP/1.0" 200 11228
192.168.40.129 - - [06/Oct/2022:22:34:03 +0800] "GET / HTTP/1.0" 200 11228
192.168.40.129 - - [06/Oct/2022:22:34:06 +0800] "GET /tomcat.svg HTTP/1.0" 200 67198
192.168.40.129 - - [06/Oct/2022:22:34:09 +0800] "GET / HTTP/1.0" 200 11228
192.168.40.129 - - [06/Oct/2022:22:34:11 +0800] "GET / HTTP/1.0" 200 11228
192.168.40.129 - - [06/Oct/2022:22:35:05 +0800] "GET / HTTP/1.0" 200 11228
192.168.40.129 - - [06/Oct/2022:22:47:34 +0800] "GET / HTTP/1.0" 200 11228






192.168.40.129 - - [06/Oct/2022:23:05:16 +0800] "GET / HTTP/1.0" 200 11228