返回列表 发帖

CentOS8_lnmp1.7_单独安装Nginx

系统的版本信息:
[root@centos8 ~]# cat /etc/redhat-release
CentOS Linux release 8.2.2004 (Core)
[root@centos8 ~]#
[root@centos8 ~]# uname -r
4.18.0-193.el8.x86_64

服务器的逻辑CPU个数:(CPU核心数)
lscpu
图片1.png
2021-7-11 12:43



这里单独安装Nginx,服务器IP为 192.168.168.154/24

tar -zxvf lnmp1.7-full.tar.gz
cd lnmp1.7-full
CheckMirror=n ./install.sh nginx
注释:CheckMirror=n 使用本地光盘作为Yum源,不需要连公网。

安装或取消安装:
图片2.png
2021-7-11 12:44



下面是全自动安装的^_^ ^_^


安装成功了:(安装好后,最好重启一下服务器)
图片3.png
2021-7-11 12:44



Nginx的安装日志:
[root@centos8 ~]# ls
anaconda-ks.cfg  lnmp1.7-full  lnmp1.7-full.tar.gz  nginx-install.log

[root@centos8 ~]# tail -5 nginx-install.log
Add iptables service at system startup...
Created symlink /etc/systemd/system/basic.target.wants/iptables.service → /usr/lib/systemd/system/iptables.service.
============================== Check install ==============================
Checking ...
Nginx: OK


默认开启SELinux的:
[root@centos8 ~]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted


默认启用防火墙netfilter,禁用防火墙firewalld:
[root@centos8 ~]# systemctl is-enabled iptables
enabled
[root@centos8 ~]# systemctl is-enabled firewalld
disabled


自动修改、保存防火墙规则的:
[root@centos8 ~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.8.4 on Sat Jul 10 09:17:55 2021
*filter
:INPUT ACCEPT [905883:962986120]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [209191:11420121]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 3306 -j DROP
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
COMMIT
# Completed on Sat Jul 10 09:17:55 2021
# Generated by iptables-save v1.8.4 on Sat Jul 10 09:17:55 2021
*security
:INPUT ACCEPT [905890:962986400]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [209191:11420121]
COMMIT
# Completed on Sat Jul 10 09:17:55 2021
# Generated by iptables-save v1.8.4 on Sat Jul 10 09:17:55 2021
*raw
:PREROUTING ACCEPT [905890:962986400]
:OUTPUT ACCEPT [209191:11420121]
COMMIT
# Completed on Sat Jul 10 09:17:55 2021
# Generated by iptables-save v1.8.4 on Sat Jul 10 09:17:55 2021
*mangle
:PREROUTING ACCEPT [905890:962986400]
:INPUT ACCEPT [905890:962986400]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [209191:11420121]
:POSTROUTING ACCEPT [209191:11420121]
COMMIT
# Completed on Sat Jul 10 09:17:55 2021
# Generated by iptables-save v1.8.4 on Sat Jul 10 09:17:55 2021
*nat
:PREROUTING ACCEPT [1:52]
:INPUT ACCEPT [1:52]
:POSTROUTING ACCEPT [142:10018]
:OUTPUT ACCEPT [142:10018]
COMMIT
# Completed on Sat Jul 10 09:17:55 2021


Nginx会随着系统的启动而启动:
[root@centos8 ~]# systemctl is-enabled nginx
enabled


查看Nginx的版本信息:
[root@centos8 ~]# nginx -v
nginx version: nginx/1.18.0
[root@centos8 ~]#
[root@centos8 ~]# nginx -V
nginx version: nginx/1.18.0
built by gcc 8.3.1 20191121 (Red Hat 8.3.1-5) (GCC)
built with OpenSSL 1.1.1g  21 Apr 2020
TLS SNI support enabled
configure arguments: --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --with-http_sub_module --with-stream --with-stream_ssl_module --with-openssl=/root/lnmp1.7-full/src/openssl-1.1.1g --with-openssl-opt='enable-weak-ssl-ciphers' --with-pcre=/root/lnmp1.7-full/src/pcre-8.42


Nginx的主配置文件:
[root@centos8 ~]# find / -name "nginx.conf"
/root/lnmp1.7-full/conf/nginx.conf
/usr/local/nginx/conf/nginx.conf

[root@centos8 ~]# cat /usr/local/nginx/conf/nginx.conf |grep -v "^$"
user  www www;
worker_processes auto;
worker_cpu_affinity auto;
error_log  /home/wwwlogs/nginx_error.log  crit;
pid        /usr/local/nginx/logs/nginx.pid;
#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;
events
    {
        use epoll;
        worker_connections 51200;
        multi_accept off;
        accept_mutex off;
    }
http
    {
        include       mime.types;
        default_type  application/octet-stream;
        server_names_hash_bucket_size 128;
        client_header_buffer_size 32k;
        large_client_header_buffers 4 32k;
        client_max_body_size 50m;
        sendfile on;
        sendfile_max_chunk 512k;
        tcp_nopush on;
        keepalive_timeout 60;
        tcp_nodelay on;
        fastcgi_connect_timeout 300;
        fastcgi_send_timeout 300;
        fastcgi_read_timeout 300;
        fastcgi_buffer_size 64k;
        fastcgi_buffers 4 64k;
        fastcgi_busy_buffers_size 128k;
        fastcgi_temp_file_write_size 256k;
        gzip on;
        gzip_min_length  1k;
        gzip_buffers     4 16k;
        gzip_http_version 1.1;
        gzip_comp_level 2;
        gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss;
        gzip_vary on;
        gzip_proxied   expired no-cache no-store private auth;
        gzip_disable   "MSIE [1-6]\.";
        #limit_conn_zone $binary_remote_addr zone=perip:10m;
        ##If enable limit_conn_zone,add "limit_conn perip 10;" to server section.
        server_tokens off;
        access_log off;
server
    {
        listen 80 default_server reuseport;
        #listen [::]:80 default_server ipv6only=on;
        server_name _;
        index index.html index.htm index.php;
        root  /home/wwwroot/default;
        #error_page   404   /404.html;
        # Deny access to PHP files in specific directory
        #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
        include enable-php.conf;
        location /nginx_status
        {
            stub_status on;
            access_log   off;
        }
        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }
        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }
        location ~ /.well-known {
            allow all;
        }
        location ~ /\.
        {
            deny all;
        }
        access_log  /home/wwwlogs/access.log;
    }
include vhost/*.conf;
}

备注:
worker_process 可以设置为自动(auto) ,Nginx会自动根据逻辑CPU个数生成对应数量的worker进程。

查看服务器的逻辑CPU个数:(CPU核心数)
[root@centos8 ~]# cat /proc/cpuinfo | grep processor | wc -l
2


实验中,使用命令ab进行测试,Nginx作为Web服务器的时候:
Nginx的最大并发连接数 = worker_processes * worker_connections / 2


修改Nginx的worker进程的最大可打开文件数:( worker_rlimit_nofile )
图片4.png
2021-7-11 12:47

注释:还开启了multi_accept


重启Nginx:
[root@centos8 ~]# systemctl restart nginx


查看Nginx的进程:
[root@centos8 ~]# ps -ef |grep nginx |grep -v grep
root        1705       1  0 08:20 ?        00:00:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
www         1706    1705  0 08:20 ?        00:00:00 nginx: worker process
www         1707    1705  0 08:20 ?        00:00:00 nginx: worker process

cat /proc/1705/limits
图片5.png
2021-7-11 12:47



笺注:Nginx的最大并发连接数受限于Max open files,而Max open files受限于操作系统的“进程最大可打开文件数”。

操作系统的“进程最大可打开文件数”的查询方法:
[root@centos8 ~]# ulimit -n
1024

操作系统的“进程最大可打开文件数”的修改方法:
[root@centos8 ~]# tail -5 /etc/security/limits.conf
# End of file
* soft nproc 65535
* hard nproc 65535
* soft nofile 65535
* hard nofile 65535


重启服务器:
[root@centos8 ~]# reboot

服务器重启后,更改生效:
[root@centos8 ~]# ulimit -n
65535


CentOS8/Redhat8还要进行以下操作,查找文件nginx.service:
[root@centos8 ~]# find / -name nginx.service
/sys/fs/cgroup/pids/system.slice/nginx.service
/sys/fs/cgroup/memory/system.slice/nginx.service
/sys/fs/cgroup/devices/system.slice/nginx.service
/sys/fs/cgroup/systemd/system.slice/nginx.service
/etc/systemd/system/multi-user.target.wants/nginx.service
/etc/systemd/system/nginx.service
/root/lnmp1.7-full/init.d/nginx.service


文件nginx.service的初始状态:
[root@centos8 ~]# cat /etc/systemd/system/nginx.service
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=false

[Install]
WantedBy=multi-user.target


修改文件nginx.service:
[root@centos8 ~]# cat /etc/systemd/system/nginx.service
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=false
LimitNOFILE=65535

[Install]
WantedBy=multi-user.target


[root@centos8 ~]# systemctl daemon-reload

[root@centos8 ~]# systemctl restart nginx


再次查看Nginx的进程:
[root@centos8 ~]# ps -ef |grep nginx |grep -v grep
root        1578       1  0 08:25 ?        00:00:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
www         1579    1578  0 08:25 ?        00:00:00 nginx: worker process
www         1580    1578  0 08:25 ?        00:00:00 nginx: worker process

现在Nginx的Max open files的数量限制为65535:(服务器重启后依旧生效)
[root@centos8 ~]# cat /proc/1578/limits |grep "Max open files"
Max open files           65535                65535                files




######

[root@centos8 ~]# cat /usr/local/nginx/conf/nginx.conf |grep -A4 "nginx_status"
        location /nginx_status
        {
            stub_status on;
            access_log   off;
        }


客户端通过浏览器访问
http://192.168.168.154/nginx_status

理应可以看到这个页面:
图片6.png
2021-7-11 12:51






############

Nginx反向代理

配置Nginx代理服务器,修改Nginx的主配置文件:
[root@centos8 ~]# vi /usr/local/nginx/conf/nginx.conf
加上以下代码:
        location / {
           proxy_pass  http://192.168.168.130:80;
        }

如下图:
图片7.png
2021-7-11 12:51



[root@centos8 ~]# systemctl restart nginx


笺注:
实验中,使用命令ab进行测试,Nginx作为反向代理服务器的时候:
Nginx的最大并发连接数 = worker_processes * worker_connections / 4


客户端只访问Nginx代理服务器的IP地址:
http://192.168.168.154/
图片8.png
2021-7-11 12:52






相关文章:
Nginx的并发连接数
CentOS6_Nginx反向代理+负载均衡(轮询)

返回列表