Nginx
nginx 代理部署
-
下载 nginx 安装包
wget https://pdpublic.mingdao.com/private-deployment/offline/common/nginx-1.26.2-glibc2.17-amd64.tar.gz -
解压 nginx 安装包至安装目录
tar xf nginx-1.26.2-glibc2.17-amd64.tar.gz -C /usr/local/ -
创建配置与日志存储目录
mkdir -p /usr/local/nginx/conf/conf.d /data/logs/weblogs/ -
写入 nginx 主配置文件
cat > /usr/local/nginx/conf/nginx.conf <<\EOF
user nobody;
worker_processes auto;
worker_cpu_affinity auto;
worker_rlimit_nofile 204800;
pid nginx.pid;
events {
use epoll;
worker_connections 20480;
}
http {
include mime.types;
default_type application/octet-stream;
server_tokens off;
log_format main "$http_x_forwarded_for | $time_local | $request | $status | $body_bytes_sent | "
"$request_body | $content_length | $http_referer | $http_user_agent | "
"$http_cookie | $remote_addr | $hostname | $upstream_addr | $upstream_response_time | $request_time";
server_names_hash_bucket_size 128;
client_header_buffer_size 8k;
client_max_body_size 10M;
large_client_header_buffers 4 32k;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
proxy_buffer_size 64k;
proxy_buffers 4 128k;
keepalive_timeout 10;
open_file_cache max=102400 inactive=60s;
open_file_cache_valid 30s;
open_file_cache_min_uses 1;
resolver_timeout 10s;
underscores_in_headers on;
gzip on;
gzip_proxied any;
gzip_disable "msie6";
gzip_vary on;
gzip_min_length 1024;
gzip_comp_level 8;
gzip_buffers 16 8k;
gzip_types text/plain text/css application/json application/x-javascript application/javascript text/xml application/xml application/xml+rss text/javascript image/jpeg image/gif image/png;
proxy_http_version 1.1;
include conf.d/*.conf;
}
EOF -
配置主机代理文件
cat > /usr/local/nginx/conf/conf.d/mdy.conf <<\EOF
upstream mdy {
server 192.168.10.20:8880;
server 192.168.10.21:8880;
server 192.168.10.22:8880;
}
server {
listen 80;
server_name mdy.domain.com;
access_log /data/logs/weblogs/mdy.domain.com.log main;
error_log /data/logs/weblogs/mdy.domain.com.error.log;
underscores_in_headers on;
client_max_body_size 2048m;
gzip on;
gzip_proxied any;
gzip_disable "msie6";
gzip_vary on;
gzip_min_length 512;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_types text/plain text/css application/json application/x-javascript application/javascript application/octet-stream text/xml application/xml application/xml+rss text/javascript image/jpeg image/gif image/png;
location / {
set $real_ip '';
if ($http_x_real_ip) {
set $real_ip $http_x_real_ip;
}
if ($http_x_real_ip = '') {
set $real_ip $remote_addr;
}
proxy_set_header X-Real-IP $real_ip;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://mdy;
}
# IM 需要
location ~ /mds2 {
proxy_set_header Host $http_host;
proxy_hide_header X-Powered-By;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://mdy;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
}
}
EOF -
启动 nginx
检查 nginx 配置文件格式
/usr/local/nginx/sbin/nginx -t启动 nginx
/usr/local/nginx/sbin/nginx -
加入开机自启动
echo "/usr/local/nginx/sbin/nginx" >> /etc/rc.local
chmod +x /etc/rc.d/rc.local
nginx 日志定时切割
-
创建存放配置文件与存放旧日志的目录
mkdir -p /usr/local/logrotate-config
mkdir -p /data/logs/weblogs/oldlogs -
创建配置文件
cat > /usr/local/logrotate-config/nginx <<\EOF
/data/logs/weblogs/*.log {
create 0664 nobody root
daily
dateext
dateformat -%Y-%m-%d
dateyesterday
rotate 180
missingok
ifempty
compress
delaycompress
olddir /data/logs/weblogs/oldlogs
sharedscripts
postrotate
/bin/kill -USR1 `cat /usr/local/nginx/nginx.pid 2>/dev/null` 2>/dev/null || true
endscript
}
EOF -
检查配置文件
logrotate -d -f /usr/local/logrotate-config/nginx- 注意查看 debug 输出,如遇到 error 则需要进一步处理
-
执行
crontab -e将以下定时任务写入配置# Use Logrotate Cut Nginx Logs
0 0 * * * /usr/sbin/logrotate -f /usr/local/logrotate-config/nginx >/dev/null 2>&1