2. 技术
    3. centos7安装nginx

    centos7安装nginx

    技术2022-07-12  84

    centos7安装nginx

    下载安装包安装依赖包创建用户及相关目录编译安装nginx配置文件修改目录属主nginx操作脚本添加开机启动日志切割

    下载安装包

    cd /usr/local/src wget http://nginx.org/download/nginx-1.14.2.tar.gz git clone https://github.com/vozlt/nginx-module-vts #下载nginx vts模块用于普罗米修斯监控

    安装依赖包

    yum install -y gcc gcc-c++ libtool make libtool zlib zlib-devel openssl openssl-devel pcre pcre-devel

    创建用户及相关目录

    groupadd bravo useradd -g bravo -d /apps bravo passwd bravo #修改sudoers文件增加bravo用户的高级权限及sudo免密码(该用户顺便是用来替代root做日常使用) vi /etc/sudoers 加入 bravo ALL=(ALL) ALL %bravo ALL=(ALL) NOPASSWD:ALL 用wq! 保存 #创建目录 mkdir -p /apps/svr/nginx #nginx安装目录 mkdir -p /apps/conf/nginx #nginx配置文件目录 mkdir -p / apps/logs/nginx #nginx日志文件目录 mkdir -p /var/run/nginx #nginx pid目录 mkdir -p /var/tmp/nginx/client/ #nginx client目录

    编译安装nginx

    cd /usr/local/src tar -zxvf nginx-1.14.2.tar.gz cd nginx-1.14.2/ ./configure --add-module=/usr/local/src/nginx-module-vts --prefix=/apps/svr/nginx --user=bravo --group=bravo --with-stream --with-http_flv_module --with-http_realip_module --sbin-path=/apps/svr/nginx/sbin/nginx --conf-path=/apps/conf/nginx/nginx.conf --error-log-path=/apps/logs/nginx/error.log --http-log-path=/apps/logs/nginx/access.log --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/lock/nginx.lock --with-http_ssl_module --with-http_stub_status_module --with-http_gzip_static_module --http-client-body-temp-path=/var/tmp/nginx/client/ --http-proxy-temp-path=/apps/svr/nginx/proxy/ --http-fastcgi-temp-path=/apps/svr/nginx/fcgi/ --http-uwsgi-temp-path=/apps/svr/nginx/uwsgi --http-scgi-temp-path=/apps/svr/nginx/scgi --with-pcre --with-stream make && make install

    配置文件

    nginx.conf user bravo bravo; worker_processes 1; events { use epoll; worker_connections 51200; multi_accept on; } http { include mime.types; default_type application/octet-stream; sendfile on; tcp_nopush on; keepalive_timeout 60; client_max_body_size 1024M; proxy_read_timeout 1200; fastcgi_connect_timeout 300; fastcgi_send_timeout 300; fastcgi_read_timeout 300; fastcgi_buffer_size 64k; fastcgi_buffers 4 64k; fastcgi_busy_buffers_size 128k; fastcgi_temp_file_write_size 256k; limit_req_zone $binary_remote_addr zone=one:10m rate=3r/s; client_header_buffer_size 16k; large_client_header_buffers 4 64k; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.1; gzip_comp_level 2; gzip_types text/css text/xml text/plain text/mathml application/javascript application/x-javascript application/xml application/xml+rss application/json; gzip_vary on; gzip_proxied expired no-cache no-store private auth; gzip_disable "MSIE [1-6]\."; #配置nginx-vts监控模块==start== vhost_traffic_status_zone; server { listen 8011; location /status { vhost_traffic_status_display; vhost_traffic_status_display_format html; } } #配置nginx-vts监控模块==end== log_format f_access_log '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" "$upstream_response_time" "$request_time" "$http_host" "$upstream_addr"'; log_format logstash_json '{ "@timestamp": "$time_iso8601", ' '"remote_addr": "$remote_addr", ' '"http_x_forwarded_for": "$http_x_forwarded_for", ' '"remote_user": "$remote_user", ' '"request": "$request", ' '"request_method": "$request_method", ' '"http_referrer": "$http_referer", ' '"body_bytes_sent":"$body_bytes_sent", ' '"status":"$status", ' '"upstream_status":"$upstream_status", ' '"request_time": "$request_time", ' '"upstream_response_time": "$upstream_response_time", ' '"http_user_agent": "$http_user_agent", ' '"host": "$host" } '; log_format aka_logs '{"@timestamp":"$time_iso8601",' '"host":"$hostname",' '"server_ip":"$server_addr",' '"client_ip":"$remote_addr",' '"xff":"$http_x_forwarded_for",' '"domain":"$host",' '"url":"$uri",' '"referer":"$http_referer",' '"args":"$args",' '"upstreamtime":"$upstream_response_time",' '"responsetime":"$request_time",' '"request_method":"$request_method",' '"status":"$status",' '"size":"$body_bytes_sent",' '"request_body":"$request_body",' '"request_length":"$request_length",' '"protocol":"$server_protocol",' '"upstreamhost":"$upstream_addr",' '"file_dir":"$request_filename",' '"http_user_agent":"$http_user_agent"' '}'; include vhost/*.conf; } vhost/kibana.conf upstream kibanacom{ server 192.168.254.130:5601; } server { listen 80; server_name kibana.liumaster.com; access_log /apps/logs/nginx/kibana-access.log logstash_json; error_log /apps/logs/nginx/kibana-error.log; client_max_body_size 20m; location / { fastcgi_connect_timeout 1200s; fastcgi_send_timeout 1200s; fastcgi_read_timeout 1200s; proxy_connect_timeout 600; proxy_send_timeout 600; proxy_read_timeout 600; send_timeout 600; proxy_pass http://kibanacom; proxy_redirect off; proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Is_EDU 0; } }

    修改目录属主

    [root@master2 vhost]# chown -R bravo:bravo /apps/svr/nginx [root@master2 vhost]# chown -R bravo:bravo /apps/conf/nginx [root@master2 vhost]# chown -R bravo:bravo /var/run/nginx

    nginx操作脚本

    **nginx.sh** #!/bin/sh nginx_home=/apps/svr/nginx/ nginx_pid=`ps -ef |grep nginx | grep master | grep "\/apps\/svr\/nginx" | awk '{print $2}'` start() { if [ ! -d /var/run/nginx ]; then mkdir /var/run/nginx fi echo "Start Nginx ..." check_config if [ $? -gt 0 ]; then echo "Config error, stop failed!" exit fi sudo ${nginx_home}/sbin/nginx echo "Started!" } stop() { echo "Stop Nginx ..." check_config if [ $? -gt 0 ]; then echo "Config error, stop failed!" exit fi sudo ${nginx_home}/sbin/nginx -s quit while [ ! -z "${nginx_pid}" -a `ps -ef |grep nginx | grep "${nginx_pid}" | grep -E "master|worker" | grep -v grep | wc -l` -gt 0 ] do sleep 2 done echo "Stoped!" } restart() { stop start } check_config() { sudo ${nginx_home}/sbin/nginx -t > /dev/null } reload() { echo "Config reload" sudo ${nginx_home}/sbin/nginx -s reload } case "$1" in start) start ;; stop) stop ;; restart) restart ;; check) check_config ;; reload) reload ;; *) echo $"Usage: $0 {start|stop|restart|check|reload}" ;; esac

    添加开机启动

    因为在centos7中/etc/rc.d/rc.local的权限被降低了,所以需要赋予其可执行权

    chmod +x /etc/rc.d/rc.local

    打开/etc/rc.d/rc.local文件,在末尾增加如下内容

    /apps/sh/nginx.sh start

    日志切割

    修改/apps/sh/logrotatenginx文件,如下:

    /apps/logs/nginx/*.log { su root root nocompress daily copytruncate create notifempty rotate 7 olddir /apps/logs/old_nginx missingok dateext postrotate if [ -f /var/run/nginx/nginx.pid ]; then kill -USR1 `cat /var/run/nginx/nginx.pid` fi endscript }

    创建旧日志存放目录并加入计划任务

    mkdir -p /apps/logs/old_nginx crontab -e 59 23 * * * /usr/sbin/logrotate -f /apps/sh/logrotatenginx
    Processed: 0.009, SQL: 9