Centos7.5部署Nginx1.18实现反向代理和负载均衡

系统做完初始化

ulimit -n
* soft nofile 65536
* hard nofile 65536

一、安装
1.安装编译环境

yum install -y gcc gcc-c++ automake pcre pcre-devel zlip zlib-devel openssl openssl-devel

安装pcre为了让Nginx支持URL重写，让Nginx支持正则表达式，实现匹配地址的功能。

[root@nginx ~]# ls
pcre-8.41.tar.gz
[root@nginx ~]# tar xf pcre-8.41.tar.gz -C /usr/local/src/
[root@nginx ~]# cd /usr/local/src/pcre-8.41/
[root@nginx /usr/local/src/pcre-8.41]# ./configure
[root@nginx /usr/local/src/pcre-8.41]# make && make install

安装Nginx

[root@nginx ~]# useradd -r -s /sbin/nologin nginx
[root@nginx ~]# ls nginx-1.18.0.tar.gz 
nginx-1.18.0.tar.gz
[root@nginx ~]# tar xf nginx-1.18.0.tar.gz -C /usr/local/src/
[root@nginx ~]# cd /usr/local/src/
[root@nginx /usr/local/src]# cd nginx-1.18.0/
[root@nginx /usr/local/src/nginx-1.18.0]# ./configure --user=nginx --group=nginx --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
[root@nginx /usr/local/src/nginx-1.18.0]# make && make install

启动

[root@nginx /usr/local/src/nginx-1.18.0]# ./objs/nginx 
[root@nginx /usr/local/src/nginx-1.18.0]# lsof -i :80
COMMAND  PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nginx   4057  root    6u  IPv4  86688      0t0  TCP *:http (LISTEN)
nginx   4058 nginx    6u  IPv4  86688      0t0  TCP *:http (LISTEN)
[root@nginx /usr/local/src/nginx-1.18.0]# vim /root/.bash_profile 
PATH=/usr/local/src/nginx-1.18.0/objs:$PATH:$HOME/bin
[root@nginx /usr/local/src/nginx-1.18.0]# source /root/.bash_profile

二、负载均衡+反向代理

nginx.conf

复制配置文件的过程中如果代码缩进错乱参考https://blog.csdn.net/weixin_41761542/article/details/112601450

#load_module /usr/local/nginx/modules/ngx_stream_module.so;

worker_processes  4;

error_log  logs/error.log  notice;
#pid        /usr/local/nginx/nginx.pid;
worker_rlimit_nofile 65535;

events {
    use epoll;
        worker_connections 65535;
            multi_accept on;
            }

http {
    include       mime.types;
    server_tokens off;
    tcp_nopush  on;
    tcp_nodelay on;

    #####agent webapps
    include     /usr/local/nginx/conf/proxy.conf;
    default_type  application/octet-stream;
    ######log_format output
    proxy_set_header   Host             $host;
    proxy_set_header   X-Real-IP        $remote_addr;
    proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    log_format  main  '$remote_addr - $remote_user [$time_local] $request' '"$status" $body_bytes_sent"$http_referer"' '"$http_user_agent" "$http_x_forwarded_for"';
    #####open file limit timeout
    open_file_cache max=65535 inactive=30s;
    open_file_cache_valid 30s;
    open_file_cache_min_uses 1;
    open_file_cache_errors on;
    #keepalive_timeout  0;
    ######configure time
    keepalive_timeout 1800;
    client_header_timeout  1800;
    client_body_timeout    1800;
    send_timeout          1800;
    reset_timedout_connection on;

    #####cache
    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 50m;

    #gzip  on;

        server {
        listen       8081;
        server_name  localhost;

        location / {
            root   html;
            index  index.html index.htm;
        }
        #error_page  404              /404.html;
        #
        ## redirect server error pages to the static page /50x.html
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
        root   html;
                                }


        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        # 
        # location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        # }
        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #location ~ \.php$ {
        #root           html;
        #fastcgi_pass   127.0.0.1:9000;
        #fastcgi_index  index.php;
        #fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #include        fastcgi_params;
        #}
        #
        #deny access to .htaccess files, if Apache's document root
        #concurs with nginx's one
        #location ~ /\.ht {
        #deny  all;
        #}
                           }
    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #listen       8000;
    #listen       somename:8080;
    #server_name  somename  alias  another.alias;
    #
    #location / {
    #root   html;
    #index  index.html index.htm;
    #}
    #}

    #HTTPS server
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;
    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;
    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

        }

如果nginx.conf与proxy.conf中的server_name相同，那listen就不能相同
使用同一个端口号代理不同的URL并且这两个URL一个有后缀一个没有后缀用下面的文件

proxy.conf

upstream webservers {
   #ip_hash;
        server 10.107.174.99:8080 weight=5;
        server 10.107.174.100:8080 weight=5;
			}
upstream lwservers {
        server 10.107.174.215:82;
                    }

server {
        listen       8082;
        server_name  localhost;

        server_tokens off;
            add_header X-Frame-Options SAMEORIGIN;

##webserversURL是有/lw后缀的
        location /lw/ {
            proxy_pass   http://webservers;
            index  index.html index.htm;
					}
        location / {
            proxy_pass   http://lwservers;
            index  index.html index.htm;
					}

        }

如果要代理多个不同的地址但是都没有/phisba这样的后缀的，就要写几段server，然后端口号要不相同，用下面的文件

proxy.conf

upstream webservers {
    #ip_hash;
	server 10.107.174.99:8080 weight=5;
	server 10.107.174.100:8080 weight=5;
    }
upstream lwservers {
	server 10.107.174.215:82;
			}

####如果要代理多个不同的地址但是都没有/phisba这样的后缀的，就要写几段server，然后端口号要不相同	
server {
        listen       8082;
        server_name  localhost;
 
        server_tokens off;
	    add_header X-Frame-Options SAMEORIGIN;
 
        location / {
            proxy_pass   http://webservers;
            index  index.html index.htm;
					}
		
	}	
server {
        listen       8083;
        server_name  localhost;

        server_tokens off;
            add_header X-Frame-Options SAMEORIGIN;


        location / {
            proxy_pass   http://lwservers;
            index  index.html index.htm;
					}
		}

三、日志轮滚
方式：轮滚配置文件 + 计划任务

[root@nginx ~]# ls /etc/logrotate.d
bootlog  chrony  cups  iscsiuiolog  libvirtd  libvirtd.qemu  numad  ppp  psacct  samba  syslog  wpa_supplicant  yum

cp /etc/logrotate.d/yum /usr/local/nginx/conf/nginx_logrotate.conf

vim nginx_logrotate.conf
/usr/local/nginx/logs/*.log {
			daily
			create 0600 root root
			missingok
			notifempty
			dateext
			rotate 30
			postrotate
			   /usr/bin/kill -HUP `cat /usr/local/nginx/logs/nginx.pid 2> /dev/null` 2> /dev/null || true
			endscript
		}

手动测试轮滚的配置文件是否可用

[root@nginx /usr/local/nginx/logs]# ll
total 180
-rw-r--r-- 1 root root 101371 Mar 11 11:02 access.log
-rw-r--r-- 1 root root  75191 Mar 11 11:02 error.log
-rw-r--r-- 1 root root      6 Mar 10 09:26 nginx.pid

[root@nginx /usr/local/nginx/logs]#logrotate -f /usr/local/nginx/conf/nginx_logrotate.conf

[root@nginx /usr/local/nginx/logs]# ll
total 188
-rw------- 1 root root   1320 Mar 11 11:36 access.log
-rw-r--r-- 1 root root 101371 Mar 11 11:02 access.log-20210311
-rw------- 1 root root   2727 Mar 11 11:35 error.log
-rw-r--r-- 1 root root  75942 Mar 11 11:35 error.log-20210311
-rw-r--r-- 1 root root      6 Mar 10 09:26 nginx.pid

[root@nginx ~]# vim /usr/local/nginx/logs/clean_nginx.sh

#!/bin/bash
/usr/sbin/logrotate -f /usr/local/nginx/conf/nginx_logrotate.conf
find /usr/local/nginx/logs -mtime +6 -name "*.log-*" -exec rm -rf {} \;

最后把clean.sh写到计划任务就ok了