一、安装pcre:
cd /usr/local/src wget http://downloads.sourceforge.net/project/pcre/pcre/8.34/pcre-8.34.tar.gz tar zxvf pcre-8.34.tar.gz cd pcre-8.34 ./configure --prefix=/usr/local/pcre make make install
二、下载proxy_cache插件
cd /usr/local/src wget http://labs.frickle.com/files/ngx_cache_purge-2.1.tar.gz tar zxvf ngx_cache_purge-2.1.tar.gz
三、安装tengine
yum install openssl openssl-devel -y cd /usr/local/src wget http://tengine.taobao.org/download/tengine-2.0.0.tar.gz tar zxvf tengine-.tar.gz cd tengine- ./configure --add-module=/usr/local/src/ngx_cache_purge-2.1 --prefix=/usr/local/nginx --with-http_stub_status_module --with-pcre=/usr/local/src/pcre-8.34 make make install
/usr/local/nginx/sbin/nginx #启动nginx chown nobody.nobody -R /usr/local/nginx/html chmod -R /usr/local/nginx/html
如果编译的问题的话,看看是不是下面的原因:
./configure: error: the HTTP SSL module requires OpenSSL library 原因:安装http_ssl_module模块需要openssl library 解决:yum install openssl-devel ./configure: error: the HTTP rewrite module requires the PCRE library. 原因:安装http_rewrite_module模块需要先安装PCRE开发包 解决:yum install pcre-devel
注意: --with-pcre=/usr/local/src/pcre-.21指向的是源码包解压的路径,而不是安装的路径,否则会报错。 --add-module=/usr/local/src/ngx_cache_purge-2.1 是指加载缓存的插件模块
注意:
--with-pcre=/usr/local/src/pcre-8.21指向的是源码包解压的路径,而不是安装的路径,否则会报错。
--add-module=/usr/local/src/ngx_cache_purge-2.1 是指加载缓存的插件模块
四、设置Tengine开机启动
vi /etc/rc.d/init.d/nginx #编辑启动文件添加下面内容
#!/bin/bash # Tengine Startup script# processname: nginx # chkconfig: - # description: nginx is a World Wide Web server. It is used to serve # pidfile: /var/run/nginx.pid # config: /usr/local/nginx/conf/nginx.conf nginxd=/usr/local/nginx/sbin/nginx nginx_config=/usr/local/nginx/conf/nginx.conf nginx_pid=/usr/local/nginx/logs/nginx.pid RETVAL= prog="nginx" # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ ${NETWORKING} = [ -x $nginxd ] || exit # Start nginx daemons functions. start() { if [ -e $nginx_pid ];then echo "tengine already running...." exit fi echo -n $"Starting $prog: " daemon $nginxd -c ${nginx_config} RETVAL=$? echo [ $RETVAL = ] && touch /var/lock/subsys/nginx return $RETVAL } # Stop nginx daemons functions. stop() { echo -n $"Stopping $prog: " killproc $nginxd RETVAL=$? echo [ $RETVAL = ] && rm -f /var/lock/subsys/nginx /usr/local/nginx/logs/nginx.pid } reload() { echo -n $"Reloading $prog: " #kill -HUP `cat ${nginx_pid}` killproc $nginxd -HUP RETVAL=$? echo } # See how we were called. case "$1" in start) start ;; stop) stop ;; reload) reload ;; restart) stop start ;; status) status $prog RETVAL=$? ;; *) echo $"Usage: $prog {start|stop|restart|reload|status|help}" exit esac exit $RETVAL
保存退出
chmod /etc/rc.d/init.d/nginx #赋予文件执行权限 chkconfig --level nginx on #设置开机启动 /etc/rc.d/init.d/nginx restart
四、配置Tengine
将nginx初始配置文件备份,我们要重新创建配置文件.
mv /usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.conf.bak 创建nginx用户www groupadd www useradd -g www www
编辑主配置文件:
vi /usr/local/nginx/conf/nginx.conf
内容如下:
user www www; worker_processes ; # 工作进程数,为CPU的核心数或者两倍 error_log logs/error.log crit; # debug|info|notice|warn|error|crit pid logs/nginx.pid; #Specifies the value for maximum file descriptors that can be opened by this process. worker_rlimit_nofile ; events { use epoll; #Linux最常用支持大并发的事件触发机制 worker_connections ; } http { include mime.types; #设定mime类型,类型由mime.type文件定义 default_type application/octet-stream; charset utf-; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log logs/access.log main; #设定请求缓冲 server_names_hash_bucket_size ; #增加,原为128 client_header_buffer_size 256k; #增加,原为32k large_client_header_buffers 256k; #增加,原为32k #size limits client_max_body_size 50m; #允许客户端请求的最大的单个文件字节数 client_header_timeout 3m; client_body_timeout 3m; send_timeout 3m; sendfile on; tcp_nopush on; keepalive_timeout ; tcp_nodelay on; server_tokens on; #不显示nginx版本信息 limit_conn_zone $binary_remote_addr zone=perip:10m; #添加limit_zone,限制同一IP并发数 #fastcgi_intercept_errors on; #开启错误页面跳转 include gzip.conf; #压缩配置文件 include proxy.conf; #proxy_cache参数配置文件 include vhost/*.conf; #nginx虚拟主机包含文件目录 include mysvrhost.conf; #后端WEB服务器列表文件 }
编辑代理配置文件:
cd /usr/local/nginx/conf/ mkdir vhost vi /usr/local/nginx/conf/proxy.conf
内容如下:
#注:proxy_temp_path和proxy_cache_path指定的路径必须在同一分区 proxy_temp_path /tmp/proxy_temp; #设置Web缓存区名称为cache_one,内存缓存空间大小为500MB,1天没有被访问的内容自动清除,硬盘缓存空间大小为30GB。 proxy_cache_path /tmp/proxy_cache levels=: keys_zone=cache_one:500m inactive=1d max_size=30g; client_body_buffer_size 512k; #原为512k proxy_connect_timeout ; #代理连接超时 proxy_read_timeout ; #代理发送超时 proxy_send_timeout ; #代理接收超时 proxy_buffer_size 128k; #代理缓冲大小,原为32k proxy_buffers 256k; #代理缓冲,原为4 64k proxy_busy_buffers_size 512k; #高负荷下缓冲大小,原为128k proxy_temp_file_write_size 1024m; #proxy缓存临时文件的大小原为128k #proxy_ignore_client_abort on; #不允许代理端主动关闭连接 proxy_next_upstream error timeout invalid_header http_500 http_503 http_404 http_502 http_504;
编辑主机配置文件:
vi /usr/local/nginx/conf/mysvrhost.conf
内容如下:
upstream cn100 { ip_hash; #会话保持 server max_fails= fail_timeout=60s; server max_fails= fail_timeout=60s; }
编辑压缩配置文件:
vi /usr/local/nginx/conf/gzip.conf
内容如下:
#网页GZIP压缩设置 # #可通过http://tool.chinaz.com/Gzips/检测压缩情况 # #启动预压缩功能,对所有类型的文件都有效 #gzip_static on; #开启nginx_static后,对于任何文件都会先查找是否有对应的gz文件 #找不到预压缩文件,进行动态压缩 gzip on; gzip_min_length 1k; #设置最小的压缩值,单位为bytes.超过设置的min_length的值会进行压缩,小于的不压缩. gzip_comp_level ; #压缩等级设置,-,1是最小压缩,速度也是最快的;9刚好相反,最大的压缩,速度是最慢的,消耗的CPU资源也多 gzip_buffers 64k; #设置系统的缓存大小,以存储GZIP压缩结果的数据流,它可以避免nginx频烦向系统申请压缩空间大小 gzip_types text/plain application/x-javascript text/css text/javascript; #关于gzip_types,如果你想让图片也开启gzip压缩,那么用以下这段吧: #gzip_types text/plain application/x-javascript text/css text/javascript application/x-httpd-php image/jpeg image/gif image/png; #gzip公共配置 gzip_http_version 1.1; #识别http的协议版本(1.0/1.1) gzip_proxied any; #设置使用代理时是否进行压缩,默认是off的 gzip_vary on; #和http头有关系,加个vary头,代理判断是否需要压缩 gzip_disable "MSIE [1-6]."; #禁用IE6的gzip压缩
编辑配置文件:
vi /usr/local/nginx/conf/vhost/cn100.conf
内容如下:
server { listen ; server_name localhost; #默认启动文件 index index.html index.htm; #配置发布目录为/usr/local/tomcat1/webapps/ROOT root /usr/local/tomcat1/webapps/ROOT; location / { #如果后端的服务器返回502、、执行超时等错误,自动将请求转发到upstream负载均衡池中的另一台服务器,实现故障转移。 proxy_next_upstream http_502 http_504 error timeout invalid_header; proxy_cache cache_one; #对不同的HTTP状态码设置不同的缓存时间 proxy_cache_valid 12h; #以域名、URI、参数组合成Web缓存的Key值,Nginx根据Key值哈希,存储缓存内容到二级缓存目录内 proxy_cache_key $host$uri$is_args$args; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://cn100; proxy_pass_header Set-Cookie; #对用户传输Set-Cookie的http头,不然无法支持一些包含cookie的应用,比如我的typecho #过期时间3天 expires 3d; } #用于清除缓存,假设一个URL为http://192.168.8.42/test.txt,通过访问http://192.168.8.42/purge/test.txt就可以清除该URL的缓存。 location ~ /purge(/.*) { #设置只允许指定的IP或IP段才可以清除URL缓存。 allow 127.0.0.1; allow ; deny all; proxy_cache_purge cache_one $host$$is_args$args; } # 查看nginx的并发连接数配置 location /NginxStatus { stub_status on; access_log off; auth_basic "NginxStatus"; } #定义Nginx输出日志的路径 #access_log /data/logs/nginx_wugk/access.log main; #error_log /data/logs/nginx_wugk/error.log crit; #access_log off; #根据自己的需要选择是否启用access日志,注释掉代表启用 error_page /.html; error_page /.html; location = /.html { root html; } limit_conn perip ; #同一ip并发数为50,超过会返回503 }
为Tengine配置一下系统的TCP设置,优化一下:
vi /etc/sysctl.conf
内容如下:
net.ipv4.ip_forward = net.ipv4.conf. net.ipv4.conf. kernel.sysrq = kernel.core_uses_pid = net.ipv4.tcp_syncookies = kernel.msgmnb = kernel.msgmax = kernel.shmmax = kernel.shmall = net.ipv4.tcp_max_tw_buckets = net.ipv4.tcp_sack = net.ipv4.tcp_window_scaling = net.ipv4.tcp_rmem = net.ipv4.tcp_wmem = net.core.wmem_default = net.core.rmem_default = net.core.rmem_max = net.core.wmem_max = net.core.netdev_max_backlog = net.core.somaxconn = net.ipv4.tcp_max_orphans = net.ipv4.tcp_max_syn_backlog = net.ipv4.tcp_timestamps = net.ipv4.tcp_synack_retries = net.ipv4.tcp_syn_retries = net.ipv4.tcp_tw_recycle = net.ipv4.tcp_tw_reuse = net.ipv4.tcp_mem = net.ipv4.tcp_fin_timeout = net.ipv4.tcp_keepalive_time = net.ipv4.ip_local_port_range = #允许系统打开的端口范围
使配置立即生效
/sbin/sysctl -p
制作一个重启全部的脚本
vi /root/restartall
#!/bin/sh # #重启memcached进程 service memcached restart #清空日志 rm -f /usr/local/tomcat1/logs/* rm -f /usr/local/tomcat2/logs/* #清空缓存 rm -rf /tmp/proxy_cache #重启动tomcat /usr/local/tomcat1/bin/shutdown.sh /usr/local/tomcat2/bin/shutdown.sh /usr/local/tomcat1/bin/startup.sh /usr/local/tomcat2/bin/startup.sh #重启nginx service nginx restart
给运行权限
chmod /root/restartall
以后重启服务只需要:
/root/restartall