第1章 Ngnix技术介绍 · xx-pay架构技术整理

[TOC] ***** # 1. ngnix安装 ## 1.1 centos 一键安装nginx环境 ```shell $ yum install nginx 根据提示进行确认下一步即可安装完毕；服务器默认根目录为： /usr/share/nginx/html. nginx 配置目录为：/etc/nginx/nginx.conf. nginx操作命令：启动 service nginx start 停止 service nginx stop 重启 service nginx restart ``` ## 1.2 Linux手动安装ngnix ``` 1. 安装ngnix的编译环境. 参考ngnix安装手册.doc 2. 把ngnix的代码上传到linux. 3. 解压代码 tar -zxvf ngnix-1.8.0.tar.gz 4. 注意：上边将临时文件目录指定为/var/temp/nginx,需要在/var下创建temp及nginx目录 5. 配置makefile 参考安装手册 configure 参数设置, 复制执行一遍就会出现makefile 6. 编译执行 make 命令 7. 安装执行 make install ,成功后安装的目录为configure参数设置的--prefix=/usr/local/nginx 下面. 8. 查看 cd /usr/local/nginx/sbin 下是否有可执行文件 ngnix 或者安装nginx [root@localhost]tar zxvf nginx-1.8.0.tar.gz [root@localhost] cd nginx-1.8.0 [root@localhost] ./configure && make && make install ``` ## 1.3 docker 安装 ngnix ``` Dockerfile 文件： FROM nginx:1.15-alpine COPY cms-page.conf /etc/nginx/conf.d/default.conf WORKDIR /app COPY ./dist /app ``` ``` cms-page.conf 文件： server { listen 8080; location ^~/apis { rewrite ^~/apis/(.*)$ /$1 break; proxy_pass https://www.xiangchuxing.cn:8089; } location / { root /app; try_files $uri $uri/ /index.html; index index.html; } location ~ (.*\.json) { root /app; error_page 405 =200 $1; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } ``` ``` docker-compose.yml 文件： version: '3' services: cms-nginx: image: "nginx:1.15-alpine" container_name: cms-nginx networks: - nginx_nw ports: - "8080:8080" cms-page: build: registry.git.brightcns.cn/official-website/cms-page:master-5720 container_name: cms-page depends_on: - cms-nginx networks: nginx_nw: driver: bridge ``` # 2. ngnix应用场景 ``` 1. http服务器.Nginx是一个http服务可以独立提供http服务.可以做网页静态服务器 2. 虚拟主机。可以实现在一台服务器虚拟出多个网站.例如个人网站使用的虚拟主机. 3. 反向代理,负载均衡 ``` ## 2.1 nginx代理浏览 ![](https://img.kancloud.cn/72/2b/722b4174687ae54131f6b45c974ae806_486x234.png) ## 2.2 ngnix实现虚拟主机配置 ``` 可以实现在同一台服务器上实现多个网站,而且网站间互相不干扰. 同一个服务器可能有一个ip,网站需要80端口.网站的域名不同. 区分不同网站有3种方式: 1). ip区分 2). 端口区分 3). 域名区分 ``` ### 2.2.1 基于ip的虚拟主机配置 ``` 1. nginx的配置文件 #user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { #一个Server就是一个虚拟主机 listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / { root html; index index.html index.htm; } } } ``` ``` 2. 基于ip的虚拟主机配置 , 一个server就是一个虚拟主机,在配置文件添加server server { listen 80; server_name 192.168.25.141; #charset koi8-r; #access_log logs/host.access.log main; location / { root html-141; index index.html index.htm; } } server { listen 80; server_name 192.168.25.100; #charset koi8-r; #access_log logs/host.access.log main; location / { root html-100; index index.html index.htm; } } ``` ``` 3. nginx重新加载配置文件 ./ngnix -s reload ``` ### 2.2.2 基于端口的虚拟主机配置 ``` 注: 首先关闭防火墙,原因若81,82 端口不开放会访问不到. server { listen 81; server_name 192.168.25.141; #charset koi8-r; #access_log logs/host.access.log main; location / { root html-81; index index.html index.htm; } } server { listen 82; server_name 192.168.25.141; #charset koi8-r; #access_log logs/host.access.log main; location / { root html-82; index index.html index.htm; } } ``` ### 2.2.3 基于域名的虚拟主机 ``` 注: 都用80端口,即ip相同,端口相同,区分域名(最常用). 一个域名只能绑定一个ip地址，一个ip地址可以被多个域名绑定. ``` ![](https://img.kancloud.cn/9d/3e/9d3e69bf3fa948f1358e12e4ee5038bb_660x583.png) ``` 修改window的hosts文件：（C:\\Windows\\System32\\drivers\\etc） ``` ![](https://img.kancloud.cn/53/0f/530fece8bd81eaa42be41f91716b77d6_521x395.png) ``` 添加基于域名虚拟主机的配置: server { listen 80; server_name www.itheima.com; #charset koi8-r; #access_log logs/host.access.log main; location / { root html-www; index index.html index.htm; } } server { listen 80; server_name hehe.itheima.com; #charset koi8-r; #access_log logs/host.access.log main; location / { root html-hehe; index index.html index.htm; } } ``` ## 2.3 ngnix反向代理 ### 2.3.1 正向代理与反向代理对比 ![](https://img.kancloud.cn/6a/0c/6a0c6273dd1db2b3f339e583c5cc6e79_714x392.png) ![](https://img.kancloud.cn/c4/11/c411e25beb188de88a5db9a641d3456d_694x402.png) ### 2.3.2 nginx实现反向代理 ``` nginx只做请求的转发，后台有多个http服务器提供服务， nginx的功能就是把请求转发给后面的服务器，决定把请求转发给谁. ``` ![](https://img.kancloud.cn/37/37/3737641c4dc659c5c448c8ac42d5924b_638x768.png) ``` nginx的反向代理配置: upstream tomcatserver1 { server 192.168.25.141:8080; } upstream tomcatserver2 { server 192.168.25.141:8081; } server { listen 80; server_name 8080.itheima.com; #charset koi8-r; #access_log logs/host.access.log main; location / { proxy_pass http://tomcatserver1; index index.html index.htm; } } server { listen 80; server_name 8081.itheima.com; #charset koi8-r; #access_log logs/host.access.log main; location / { proxy_pass http://tomcatserver2; index index.html index.htm; } } 如果在同一个域名下有多台服务器提供服务，此时需要nginx负载均衡. ``` # 3. nginx负载均衡 ## 3.1 负载均衡原理 ``` 1. 负载均衡建立在现有网络结构之上，它提供了一种廉价有效透明的方法扩展网络设备和服务器的带宽、增加吞吐量、加强网络数据处理能力、提高网络的灵活性和可用性. 2. 负载均衡，英文名称为Load Balance，其意思就是分摊到多个操作单元上进行执行，例如Web服务器、FTP服务器、企业关键应用服务器和其它关键任务服务器等，从而共同完成工作任务. ``` ## 3.2 负载均衡需求 ``` nginx作为负载均衡服务器，用户请求先到达nginx，再由nginx根据负载配置将请求转发至 tomcat服务器。 nginx负载均衡服务器：192.168.25.141 tomcat1服务器：192.168.25.141:8080 tomcat2服务器：192.168.25.141:8081 ``` ## 3.3 负载均衡配置 ![](https://img.kancloud.cn/d8/87/d8875dd3c39c1655d26168c8039474d2_502x274.png)![](https://img.kancloud.cn/09/3e/093ee77adf72530b7a76212c9d61a469_577x763.png) ``` 官网文档： http://nginx.org/en/docs/beginners\_guide.html ``` ``` upstream a.com { server 192.168.5.126:80 weight=1; #权重为1 server 192.168.5.27:80 weight=2; #权重为2 } server{ listen 80; server_name a.com; location / { proxy_pass http://a.com; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } ``` # 4. ngnix高可用 ``` 解决高可用的方案就是添加冗余。(添加备份机) 通过 keepalived 对主备nginx实时心跳检测 (keepalived+nginx) ``` ![](https://img.kancloud.cn/4c/35/4c352e257641f15007391341cde583b6_584x704.png)![](https://img.kancloud.cn/3b/aa/3baa7727acc1b35c50106bd2fcbaefe2_578x573.png)![](https://img.kancloud.cn/bc/c5/bcc507e1b8d5406dc78846556cdebff6_587x737.png) ## 4.1 keepalived安装 ``` 1. 安装环境 ***** su - root yum -y install kernel-devel* yum -y install openssl-* yum -y install popt-devel yum -y install lrzsz yum -y install openssh-clients yum -y install libnl libnl-devel popt ``` ``` 2. 安装keepalived ***** 将keepalived-1.2.15.tar.gz上传到服务器/usr/local/下。 cd /usr/local tar -zxvf keepalived-1.2.15.tar.gz cd keepalived-1.2.15 执行配置命令 ./configure --prefix=/usr/local/keepalived 3、编译 make 4、安装 make install 至此安装成功 5、拷贝执行文件 cp /usr/local/keepalived/sbin/keepalived /usr/sbin/ 6、将init.d文件拷贝到etc下,加入开机启动项 cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/keepalived 7、将keepalived文件拷贝到etc下，加入网卡配置 cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/ 8、创建keepalived文件夹 mkdir -p /etc/keepalived 9、将keepalived配置文件拷贝到etc下 cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf 10、添加可执行权限 chmod +x /etc/init.d/keepalived ``` ``` 3. 加入开机启动 ***** chkconfig --add keepalived #添加时必须保证/etc/init.d/keepalived存在 chkconfig keepalived on 添加完可查询系统服务是否存在：chkconfig --list ``` ``` 4. 启动keepalived ***** 启动：service keepalived start 停止：service keepalived stop 重启：service keepalived restart ``` ``` 5. 配置日志文件 ***** 1.将keepalived日志输出到local0： vi /etc/sysconfig/keepalived KEEPALIVED_OPTIONS="-D -d -S 0" 2.在/etc/rsyslog.conf里添加: local0.* /var/log/keepalived.log 3.重新启动keepalived和rsyslog服务： service rsyslog restart service keepalived restart ``` ``` 6. 打开防火墙的通讯地址 ***** iptables -A INPUT -d 224.0.0.18 -j ACCEPT /etc/rc.d/init.d/iptables save ``` ## 4.2 ngnix负载均衡高可用 [参考文档](http://note.youdao.com/noteshare?id=c12e0e5c1bbd102317dc2370ef3f90b0)