tengine源码部署,
tengine源码部署,
tengine是淘宝基于nginx开发的一款web服务,完全兼容nginx,并增加了部分功能,以下是在centos7.3最小化安装的情况下安装tengine-2.2.0版本。
1、到以下网站下载源码包:http://tengine.taobao.org/download_cn.html 或直接用wget命令下载
wget http://tengine.taobao.org/download/tengine-2.2.0.tar.gz
2、解压下载文件
tar -zxf tengine-2.2.0.tar.gz
3、安装部分模块依赖的软件
yum install -y gcc pcre pcre-devel openssl-devel libxml2-devel libxslt-devel gd-devel perl-devel perl-ExtUtils-Embed GeoIP-devel
4、配置并指定安装目录,为了方便后期使用,我是安装了所有模块,如果明确所需的模块,可以 ./configure —help 查看并自定义指定的模块
./configure --enable-mods-static=all --prefix=/opt/nginx --with-ipv6
make && make install
5、查看安装模块
/opt/nginx/sbin/nginx -V
6、服务控制
/opt/nginx/sbing/nginx
/opt/nginx/sbing/nginx -s stop
/opt/nginx/sbing/nginx -s reload
7、nginx proxy_pass后的url加不加/的区别
在nginx中配置proxy_pass时,当在后面的url加上了/,相当于是绝对根路径,则nginx不会把location中匹配的路径部分代理走;如果没有/,则会把匹配的路径部分也给代理走。
下面四种情况分别用http://192.168.1.4/proxy/test.html 进行访问。
第一种:
location /proxy/ {
proxy_pass http://127.0.0.1:81/;
}
会被代理到http://127.0.0.1:81/test.html 这个url
第二种(相对于第一种,最后少一个 /)
location /proxy/ {
proxy_pass http://127.0.0.1:81;
}
会被代理到http://127.0.0.1:81/proxy/test.html 这个url
第三种:
location /proxy/ {
proxy_pass http://127.0.0.1:81/ftlynx/;
}
会被代理到http://127.0.0.1:81/ftlynx/test.html 这个url。
第四种情况(相对于第三种,最后少一个 / ):
location /proxy/ {
proxy_pass http://127.0.0.1:81/ftlynx;
}
会被代理到http://127.0.0.1:81/ftlynxtest.html 这个url
上面的结果都是本人结合日志文件测试过的。从结果可以看出,应该说分为两种情况才正确。即http://127.0.0.1:81 (上面的第二种) 这种和 http://127.0.0.1:81/…. (上面的第1,3,4种) 这种。
8、配置示例1:
user nobody;
worker_processes 24;
error_log logs/error.log;
pid logs/nginx.pid;
events {
worker_connections 60000;
use epoll;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr $upstream_addr $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for" $upstream_response_time $upstream_status $connection';
#access_log logs/access.log main;
log_format json '{"@timestamp":"$time_iso8601",'
'"host":"$server_addr",'
'"clientip":"$remote_addr",'
'"size":$body_bytes_sent,'
'"responsetime":$request_time,'
'"upstreamtime":"$upstream_response_time",'
'"upstreamhost":"$upstream_addr",'
'"http_host":"$host",'
'"url":"$uri",'
'"xff":"$http_x_forwarded_for",'
'"referer":"$http_referer",'
'"agent":"$http_user_agent",'
'"status":"$status"}';
access_log logs/access.log json;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
gzip on;
gzip_proxied any;
gzip_min_length 1k;
gzip_buffers 8 256k;
gzip_comp_level 9;
gzip_disable "MSIE [1-6]\.";
gzip_types text/css text/xml application/x-javascript application/octet-stream application/javascript image/png image/jpg
gzip_vary on;
client_max_body_size 1000m;
client_body_buffer_size 128k;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache_path /opt/nginx/proxy_cache levels=1:2 keys_zone=cache_one:1000m inactive=1d max_size=30g;
proxy_temp_path /opt/nginx/proxy_temp;
proxy_ignore_client_abort on;
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
upstream app_server {
session_sticky;
server 192.168.12.50:8082;
server 192.168.12.50:8083;
server 192.168.12.50:8084;
server 192.168.12.50:8085;
}
upstream yz_server {
server 192.168.12.50:8081;
server 192.168.12.60:8081 backup;
}
server {
listen 10443 ssl;
server_name app-tst.domain.com;
ssl_certificate /opt/nginx/conf/nginx-ssl/_.domain.com_bundle.crt;
ssl_certificate_key /opt/nginx/conf/nginx-ssl/_.domain.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;
charset utf-8;
location / {
proxy_pass http://app_server;
if ( $request_uri ~* /app/services\?_t=2017(.*)$ ) {
proxy_pass http://yz_server;
}
access_log logs/access-app-server.log json;
}
location ~ (gif|jpg|jpeg|png|bmp|swf|ico|rar|SIS|css|js|zip|java|jar|txt|flv|exe|wav|wma|mp3|xml|gz) {
proxy_pass http://app_server;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
proxy_cache cache_one;
proxy_cache_valid 200 301 302 304 1d;
proxy_cache_valid 404 7d;
proxy_cache_valid any 1d;
proxy_cache_use_stale http_502 http_504 error timeout invalid_header;
proxy_cache_key $host:$server_port$request_uri$is_args$args;
add_header X-Cache $upstream_cache_status;
expires 1d;
access_log logs/access-app-tst.log json;
}
location /nginx_status {
stub_status on;
access_log off;
}
}
}
9、配置示例2:
user root;
worker_processes auto;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
log_format json '{"@timestamp":"$time_iso8601",'
'"host":"$server_addr",'
'"clientip":"$remote_addr",'
'"size":$body_bytes_sent,'
'"responsetime":$request_time,'
'"upstreamtime":"$upstream_response_time",'
'"upstreamhost":"$upstream_addr",'
'"http_host":"$host",'
'"url":"$uri",'
'"xff":"$http_x_forwarded_for",'
'"referer":"$http_referer",'
'"agent":"$http_user_agent",'
'"status":"$status"}';
access_log logs/access.log json;
sendfile on;
#tcp_nopush on;
client_max_body_size 1000m;
keepalive_timeout 65;
gzip on;
#视酷图片上传负载
upstream up-tomcat {
session_sticky;
server 192.168.12.10:8085;
server 192.168.12.10:8084;
}
server {
listen 80;
server_name dev.domain.com;
location /upload {
proxy_pass http://up-tomcat;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect default;
proxy_connect_timeout 60s;
proxy_read_timeout 60s;
proxy_send_timeout 60s;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
add_header X-Cache-Status $upstream_cache_status;
access_log logs/access-upload.log json;
}
location /download {
root html;
index index.html;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
charset utf-8,gbk;
access_log logs/access-download.log;
}
location /zabbix {
proxy_pass http://192.168.12.41/zabbix;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect default;
proxy_connect_timeout 60s;
proxy_read_timeout 60s;
proxy_send_timeout 60s;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
add_header X-Cache-Status $upstream_cache_status;
access_log logs/access-zabbix.log json;
}
location /fxj/ {
root /var/www/html; #php-fpm基于docker运行,指定目录为docker中的目录,启动docker时用-v参数来指定本机挂载目录。
fastcgi_pass 192.168.12.43:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
access_log logs/access-fxj.log json;
}
location /nginx_status {
stub_status on;
access_log off;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name doc.domain.com;
location / {
proxy_pass http://showdoc;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect default;
proxy_connect_timeout 60s;
proxy_read_timeout 60s;
proxy_send_timeout 60s;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
add_header X-Cache-Status $upstream_cache_status;
access_log logs/access-showdoc.log json;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
10、Nginx配置访问用户名、密码
nginx可以配置用户名和密码来限制对某些站点进行访问,不过保存的密码并不是明文的,而时进行了crypt(3)加密后的字符串。加密可以用htpasswd来实现。
yum install -y httpd-tools
htpasswd -c /opt/nginx/passwd user //-c指定密码文件路径,user表示密码对应的用户名称,可自定义
New password: //输入密码
Re-type new password: //重复密码
如果后续还要添加用户,不能使用 -c参数,否则会将之前的内容删除,直接密码文件 加用户名即可
htpasswd /opt/nginx/passwd newuser
修改nginx配置;
在server 或 location 下加入以下两行内容
auth_basic “Restricted”; //提示内容
auth_basic_user_file /opt/nginx/passwd; //密码文件路径
注:加在server中,server下所有目录均需要密码;加在指定location,该location访问需要密码
11、nginx禁止IP、非指定域名访问,在nginx.conf中的所有server前增加以一个server。后面每个server块中必须设置server_name 指定域名,否则不能访问。
###禁止IP以及非server_name 域名访问配置开始####
server {
listen 80 default_server;
server_name _;
return 444;
}
###禁止IP以及非server_name 域名访问配置结束####
评论暂时关闭