三、配置 nginx
1、备份原 nginx.conf 配置文件
[root@RicenOS conf]# mv nginx.conf nginx.conf_bak
2、创建 nginx 的配置文件
内容如下:
user daemon daemon;
worker_processes auto;
error_log logs/error.log crit;
pid logs/nginx.pid;
worker_rlimit_nofile 51200;
events {
use epoll;
multi_accept on;
accept_mutex on;
worker_connections 51200;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '[$time_local] - $remote_addr $http_host $http_x_forwarded_for '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" $request_time';
access_log off;
#server_tokens off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 15;
client_header_timeout 15;
client_body_timeout 15;
reset_timedout_connection on;
send_timeout 15;
server_names_hash_bucket_size 512;
client_header_buffer_size 128k;
large_client_header_buffers 4 128k;
client_max_body_size 2000M;
client_body_buffer_size 128K;
types_hash_max_size 2048;
fastcgi_intercept_errors on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 128k;
fastcgi_buffers 8 128k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
include vhosts/*.conf;
gzip on;
gzip_disable "msie6";
gzip_proxied any;
gzip_min_length 1k;
gzip_buffers 16 64k;
gzip_http_version 1.1;
gzip_comp_level 6;
gzip_types text/plain text/css application/javascript text/javascript application/json application/x-javascript text/xml application/xml application/xml+rss;
gzip_vary on;
server {
listen 80 default;
server_name _;
return 444;
}
}
3、创建 proxy.conf 文件
内容如下:
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_hide_header Vary;
proxy_set_header Accept-Encoding '';
proxy_set_header Host $host:$proxy_port;
proxy_set_header Referer $http_referer;
proxy_set_header Cookie $http_cookie;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
proxy_buffer_size 64k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 1024M;
[root@RicenOS conf]# vi fastcgi.conf
修改以下一处为:
4、创建虚拟主机配置文件存放目录
5、配置虚拟主机
[root@RicenOS vhosts]# vi www.ricen.net.conf
内容如下:
sticky;
server 10.18.16.101:8080;
server 10.18.16.102:8080;
# 每 3 秒检测 1 次,2 次请求正常,则 realserver 为 up
# 如果请求 5 次都失败,则 realserver 为 down
check interval=3000 rise=2 fall=5 timeout=1000;
}
server{
listen 80;
server_name www.ricen.net;
rewrite ^(.*) https://$server_name$1 permanent;
}
server {
listen 443 ssl;
ssl_certificate /opt/webca/ca.crt;
ssl_certificate_key /opt/webca/ca_nopass.key;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE:!3DES;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
server_name www.ricen.net;
charset utf-8;
access_log logs/www.ricen.net_access.log main;
error_log logs/www.ricen.net_error.log crit;
error_page 403 = /403.html;
error_page 404 = /404.html;
location / {
index index.htm index.html;
root /opt/website/;
}
location /403.html {
root /opt/website/;
allow all;
}
location /404.html {
root /opt/website/;
}
location /bbs/ {
proxy_pass http://bbscluster;
include proxy.conf;
}
# 查看负载均衡状态
location /web_status {
check_status;
access_log off;
}
location ~ [^/].php(/|$) {
root /opt/websites/default/;
try_files $uri =404;
fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
}
6、配置系统服务
内容如下:
#! /bin/sh
# chkconfig: 35 78 32
# Description: Startup script for nginx webserver on Debian. Place in /etc/init.d and
# run 'update-rc.d -f nginx defaults', or use the appropriate command on your
# distro. For CentOS/Redhat run: 'chkconfig --add nginx'
### BEGIN INIT INFO
# Provides: nginx
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: starts the nginx web server
# Description: starts nginx using start-stop-daemon
### END INIT INFO
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
NAME=nginx
NGINX_BIN=/opt/nginx/sbin/$NAME
CONFIGFILE=/opt/nginx/conf/$NAME.conf
PIDFILE=/opt/nginx/logs/$NAME.pid
case "$1" in
start)
echo -n "Starting $NAME... "
if netstat -tnpl | grep -q nginx;then
echo "$NAME (pid `pidof $NAME`) already running."
exit 1
fi
$NGINX_BIN -c $CONFIGFILE
if [ "$?" != 0 ] ; then
echo " failed"
exit 1
else
echo " done"
fi
;;
stop)
echo -n "Stoping $NAME... "
if ! netstat -tnpl | grep -q nginx; then
echo "$NAME is not running."
exit 1
fi
$NGINX_BIN -s stop
if [ "$?" != 0 ] ; then
echo " failed. Use force-quit"
exit 1
else
echo " done"
fi
;;
status)
if netstat -tnpl | grep -q nginx; then
PID=`pidof nginx`
echo "$NAME (pid $PID) is running..."
else
echo "$NAME is stopped"
exit 0
fi
;;
restart)
$0 stop
sleep 1
$0 start
;;
reload)
echo -n "Reload service $NAME... "
if netstat -tnpl | grep -q nginx; then
$NGINX_BIN -s reload
echo " done"
else
echo "$NAME is not running, can't reload."
exit 1
fi
;;
configtest)
echo -n "Test $NAME configure files... "
$NGINX_BIN -t
;;
*)
echo "Usage: $0 {start|stop|restart|reload|status|configtest}"
exit 1
;;
esac
配置开机启动:
[root@RicenOS vhosts]# chkconfig --level 35 nginx on
7、配置日志切割
内容如下:
daily
rotate 180
missingok
notifempty
dateext
compress
olddir /opt/nginx/logs/history
sharedscripts
postrotate
if [ -f /opt/nginx/logs/nginx.pid ];then
kill -USR1 `cat /opt/nginx/logs/nginx.pid`
fi
endscript
}
创建保存历史日志的目录:
创建计划任务:
添加如下内容:
运行结果:
Copyright © 2005-2023 by www.ricensoftwares.com.cn All Rights Reserved.