Centos7-64bit-编译安装配置Nginx stream四层负载均衡 动态加载

yum install screen -y && screen -S nginx
sudo yum -y groupinstall "Development Tools" && yum -y epel-release wget gc autoconf automake pcre-devel zlib-devel openssl-devel

----------------------yum安装nginx(默认未编译stream模块,如果需要用按下面方法编译)------------------------------
安装nginx

sudo yum install nginx -y

设置nginx开机启动

sudo systemctl enable nginx

-----------------------通过编译安装nginx(开启stream模块 动态加载方式)-----------------------------
编译安装nginx

sudo yum check-update || sudo yum update -y
yum groupinstall -y 'Development Tools'
yum install -y epel-release
yum install -y wget perl perl-devel perl-ExtUtils-Embed libxslt libxslt-devel libxml2 libxml2-devel gd gd-devel GeoIP GeoIP-devel
wget https://nginx.org/download/nginx-1.13.2.tar.gz && tar zxvf nginx-1.13.2.tar.gz
wget https://ftp.pcre.org/pub/pcre/pcre-8.40.tar.gz && tar xzvf pcre-8.40.tar.gz
wget https://www.zlib.net/zlib-1.2.11.tar.gz && tar xzvf zlib-1.2.11.tar.gz
wget https://www.openssl.org/source/openssl-1.1.0f.tar.gz && tar xzvf openssl-1.1.0f.tar.gz
rm -rf *.tar.gz
cd ~/nginx-1.13.2
cp ~/nginx-1.13.2/man/nginx.8 /usr/share/man/man8
gzip /usr/share/man/man8/nginx.8
man nginx
./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --user=nginx --group=nginx --build=CentOS --builddir=nginx-1.13.2 --with-select_module --with-poll_module --with-threads --with-file-aio --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module --with-stream_realip_module --with-stream_geoip_module=dynamic --with-stream_ssl_preread_module --with-compat --with-pcre=../pcre-8.40 --with-pcre-jit --with-zlib=../zlib-1.2.11 --with-openssl=../openssl-1.1.0f --with-openssl-opt=no-nextprotoneg --with-debug
make
make install
ln -s /usr/lib64/nginx/modules /etc/nginx/modules
nginx -V

useradd --system --home /var/cache/nginx --shell /sbin/nologin --comment "nginx user" --user-group nginx

nginx -t
mkdir -p /var/cache/nginx && sudo nginx -t
vi /usr/lib/systemd/system/nginx.service

写入以下内容

[Unit]
Description=nginx - high performance web server
Documentation=https://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target

[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.conf
ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID

[Install]
WantedBy=multi-user.target

启动nginx 设置开机启动nginx

systemctl start nginx.service && sudo systemctl enable nginx.service

检查nginx是否开机启动

systemctl is-enabled nginx.service

检查nginx是否正常运行

sudo systemctl status nginx.service
ps aux | grep nginx
curl -I 127.0.0.1

重启服务器

shutdown -r now
rm /etc/nginx/koi-utf /etc/nginx/koi-win /etc/nginx/win-utf
mkdir ~/.vim/
cp -r ~/nginx-1.13.2/contrib/vim/* ~/.vim/
rm /etc/nginx/*.default

-------------------------------nginx编译安装完毕------------------------------------------

-----------------------防火墙管理(未设置nginx 80端口可能无法访问)-----------------------------
启动防火墙

systemctl start firewalld.service

添加防火墙规则(添加80 443端口)--刚编译的 若未添加 可能无法访问

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload

如需要可关闭防火墙

systemctl stop firewalld.service

关闭防火墙开机启动

systemctl disable firewalld.service

设置防火墙开机启动

systemctl enable firewalld.service

Centos7 防火墙 相关控制命令

systemctl is-enabled nginx.service #查询nginx是否开机启动
systemctl enable nginx.service #开机运行nginx
systemctl disable nginx.service #取消开机运行nginx
systemctl start nginx.service #启动nginx
systemctl stop nginx.service #停止nginx
systemctl restart nginx.service #重启nginx
systemctl reload nginx.service #重新加载nginx配置文件
systemctl status nginx.service #查询nginx运行状态
systemctl --failed #显示启动失败的服务

#查看端口监听情况

ss -tlnp|grep :80

nginx服务器默认root路径

/usr/share/nginx/html

nginx服务器默认配置文件

/etc/nginx/nginx.conf

追加配置文件路径(会自动加载.conf结尾的文件)

/etc/nginx/conf.d

---------------------------负载均衡配置------------------------------
清空nginx配置

cp /etc/nginx/nginx.conf /etc/nginx/nginx.confbackup
cat /dev/null > /etc/nginx/nginx.conf
vi /etc/nginx/nginx.conf

根据实际情况添加负载均衡配置

worker_processes 1;
load_module  "modules/ngx_stream_module.so";
events {
worker_connections  1024;
   }

stream {
    upstream backend {
        hash $remote_addr consistent;
        server 176.58.111.12:80 weight=5 max_fails=3 fail_timeout=30s;
        server 178.79.163.35:80 weight=5  max_fails=3 fail_timeout=30s;
    }
    server {
        listen 80;
        proxy_connect_timeout 1s;
        proxy_timeout 3s;
        proxy_pass backend;
    }
}