注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

曾国藩的博客

 
 
 

日志

 
 

Nginx+Squid+Apache  

2015-12-15 10:35:22|  分类: JAVA/PHP/Nginx/T |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |
http://blog.csdn.net/deccmtd/article/details/5613513

环境:

OS: RHEL 5.4

Nginx IP: 192.168.128.134

Squid_1 IP: 192.168.128.135

Squid_2 IP: 192.168.128.137

Squid_2 IP: 192.168.128.139

Apache IP: 192.168.128.136

网站域名:pic.123.com

软件版本:Nginx 0.8.15

Squid 3.0.STABLE7

Apache 2.2.14

因我们的架构是做一个漫画网站.全都是静态的页面.所以不需要安装php.

开始安装:

Nginx: (192.168.128.134)

1、安装Nginx所需的pcre库, fair组件

#cd /usr/local/src/tarbag

#tar zxvf pcre-7.9.tar.gz -C ../software

#cd ../software/pcre-7.9/

#./configure

#make && make install

#cd ../../tarbag

#tar xvzf gnosek-nginx-upstream-fair-2131c73.tar.gz -C ../software

 

2、安装Nginx

#tar zxvf nginx-0.8.15.tar.gz -C ../software

#cd ../software/nginx-0.8.15/

#./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --add-module=/usr/local/gnosek-nginx-upstream-fair-2131c73

#make && make install

#cd ../../tarbag

3、创建Nginx日志目录

#mkdir -p /www/nginx/logs

#chmod +w /www/nginx/logs

#chown -R www:www /www/nginx/logs

4、创建Nginx配置文件

①、在/usr/local/nginx/conf/目录中创建nginx.conf文件:

#rm -f /usr/local/nginx/conf/nginx.conf

#vi /usr/local/nginx/conf/nginx.conf

user www www;

worker_processes 8;

error_log /www/nginx/logs/nginx_error.log crit;

pid /usr/local/nginx/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process.worker_rlimit_nofile 65535;

events

{

use epoll;

worker_connections 65535;

}

http

{

include mime.types;

default_type application/octet-stream;

keepalive_timeout 120;

tcp_nodelay on;

fastcgi_connect_timeout 300;

fastcgi_send_timeout 300;

fastcgi_read_timeout 300;

fastcgi_buffer_size 64k;

fastcgi_buffers 4 64k;

fastcgi_busy_buffers_size 128k;

fastcgi_temp_file_write_size 128k;

gzip on;

gzip_min_length 1k;

gzip_buffers 4 16k;

gzip_http_version 1.0;

gzip_comp_level 2;

gzip_types text/plain application/x-javascript text/css application/xml;

gzip_vary on;

upstream pic.123.com {

server 192.168.128.135:80;

server 192.168.128.137:80;

server 192.168.128.139:80;

}

server

{

listen 80;

server_name pic.123.com;

location / {

proxy_pass http://pic.123.com;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

}

location /NginxStatus {

stub_status on;

access_log on;

auth_basic "NginxStatus";

}

log_format www_123_com '$remote_addr - $remote_user [$time_local] $request '

'"$status" $body_bytes_sent "$http_referer" '

'"$http_user_agent" "$http_x_forwarded_for"';

access_log /www/nginx/logs/www.log www_123_com;

}

}

5、优化Linux内核参数

vi /etc/sysctl.conf

在末尾增加以下内容:

引用

# Add

net.ipv4.tcp_max_syn_backlog = 65536

net.core.netdev_max_backlog = 32768

net.core.somaxconn = 32768

net.core.wmem_default = 8388608

net.core.rmem_default = 8388608

net.core.rmem_max = 16777216

net.core.wmem_max = 16777216

net.ipv4.tcp_timestamps = 0

net.ipv4.tcp_synack_retries = 2

net.ipv4.tcp_syn_retries = 2

net.ipv4.tcp_tw_recycle = 1

#net.ipv4.tcp_tw_len = 1

net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_mem = 94500000 915000000 927000000

net.ipv4.tcp_max_orphans = 3276800

#net.ipv4.tcp_fin_timeout = 30

#net.ipv4.tcp_keepalive_time = 120

net.ipv4.ip_local_port_range = 1024 65535

使配置立即生效:

/sbin/sysctl –p

6、nginx开机自动启动的实现:

# vim /etc/init.d/nginx

#!/bin/sh

#chkconfig: 35 85 15

#description: nginx

#function: use this script to stop,start,restart nginx....

#author:lw.yang

nginx_BIN=/usr/local/nginx/sbin/nginx

nginx_CONF=/usr/local/nginx/conf/nginx.conf

nginx_PID=/usr/local/nginx/logs/nginx.pid

nginx_PORT=`/bin/netstat -ntpl |grep nginx |grep 80 |wc -l`

case $1 in

start)

if [ $nginx_PORT = 0 ];then

echo "staring nginx..."

$nginx_BIN

else echo "starting naginx failed,Address already in use..."

exit 2

fi

;;

stop)

echo "stoping nginx..."

if [ -f $nginx_PID ];then

kill -QUIT `cat $nginx_PID`

else echo "nginx is no running...."

fi

;;

status)

if [ -f $nginx_PID ];then

echo "nginx is running..."

else echo "nginx is stop..."

fi

;;

restart)

if [ -f $nginx_PID ];then

kill -HUP `cat $nginx_PID`

else echo "nginx is no running...."

fi

;;

*)

echo "Usage: $0 {start|stop|status|restart}"

exit 1

;;

esac

# chmod +x /etc/init.d/nginx

# chkconfig --add nginx

# chkconfig nginx on

# service nginx start

staring nginx...

Squid安装 (192.168.128.135-137-139)

#cd /usr/local/src/tarbag

#wget http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE7.tar.gz

# groupadd squid

# useradd -g squid -s /sbin/nologin squid

# tar -zxvf squid-3.0.STABLE7.tar.gz –C ../software/

#cd /usr/local/src/software/squid-3.0.STABLE7/

# ./configure --prefix=/usr/local/squid --enable-gnuregex --enable-arp-acl --enable-auth="basic" --enable-basic-auth-helpers="NCSA" --enable-async-io=80 --enable-storeio=ufs --enable-icmp --enable-kill-parent-hack --enable-snmp --disable-ident-lookups --enable-cache-digests --enable-ssl --enable-delay-pools --enable-poll --enable-linux-netfilter --enable-underscore --enable-err-language="Simplify_Chinese" --enable-default-err-languages="Simplify_Chinese"

解释说明:

--prefix=/usr/local/squid //指定安装路径

--enable-arp-acl //这样可以在规则设置中直接通过客户端的MAC地址进行管理,防止客户使用IP欺骗

--enable-async-io=80 //这个主要是设置async模式来运行squid,我的理解是设置用线程来运行squid,如果服务器配置很不错,有1G以上内存,cpu使用SMP的方式的话可以考虑设成160或者更高。如果服务器比较糟糕就根据实际情况设了。另外此项还另cache文件支持aufs

--enable-auth-modules //此编译选项启用认证模块,可以对访问代理用户进行授权。

--enable-cache-digests //使能缓存摘要,本来此项目的是为了在Squid集群服务之间迅速发现缓存对象,这里在本地使用,可以加快请求时,检索缓存内容的速度。

--enable-err-language="Simplify_Chinese" 和--enable-default-err-languages="Simplify_Chinese" //指定出错是显示的错误页面为简体中文

--enable-delay-pools //此选项使能一个延时池,这样能对某些特定的请求限制额定带宽。

--enable-gnuregex //由于Squid大量使用字符串处理做各种判断,加此项能更好处理。

--enable-icmp //加入icmp支持

--disable-ident-lookups //防止系统使用RFC931规定的身份识别方法。

--enable-kill-parent-hack //关掉suqid的时候,要不要连同父进程一起关掉,这个当然要啦

--enable-linux-netfilter //允许使用Linux的透明代理功能。

--enable-poll //应启用Poll()函数而不是select()函数,通常而言poll(轮询)比select要好,但configure(脚本程序)已知Poll在某些平台下失效, 若你认为你比configure编译配置脚本程序要聪明的话,可以用这个选项启用Poll。总之就是用这个可以提升性能就是啦。

--enable-snmp //此选项可以让MRTG使用SNMP协议对服务器的流量状态进行监测,因此必须选择此项,使Squid支持SNMP接口。

--enable-storeio=ufs,null //使用的文件系统通常是默认的ufs,不过如果想要做一个不缓存任何文件的代理服务器,就需要加上null文件系统。

--enable-underscore //允许解析的URL中出现下划先,因为默认squid会认为带下划线的URL地址是非法的,并拒绝访问该地址。

#make && make install

# /usr/local/squid/sbin/squid -z //测试Squid运行状况

# chown -R squid.squid /usr/local/squid/var/

修改squid配置文件

#vim /usr/local/squid/etc/squid.conf

#########一些访问控制的设置##############

acl manager proto cache_object

acl localhost src 127.0.0.1/32

acl to_localhost dst 127.0.0.0/8

acl localnet src 10.0.0.0/8 # RFC1918 possible internal network

acl localnet src 172.16.0.0/12 # RFC1918 possible internal network

acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

acl SSL_ports port 443

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

http_access allow all

http_access allow localnet

http_access allow manager localhost

http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

icp_access allow localnet

icp_access deny all

htcp_access allow localnet

htcp_access deny all

##### 配置 squid2、squid3 为其邻居,当 squid1 在其缓存中没有找到请求的资源时,通过 ICP 查询去其邻居中取得缓存############

cache_peer s2.766.com sibling 80 3130

cache_peer s3.766.com sibling 80 3130

#### 将pic.123.com 域的请求通过 RR 轮询方式转发到apache节点############

squid1 的父节点,originserver 参数指明是源服务器, round-robin 参数指明 squid 通过轮询方式将请求分发到其中一台父节点; squid 同时会对这些父节点的健康状态进行检查,如果父节点 down 了,那么 squid 会从剩余的 origin 服务器中抓取数据.我们这里只有一个节点.

cache_peer 192.168.128.136 parent 80 0 no-query originserver round-robin name=web1

cache_peer_domain web1 pic.123.com

hierarchy_stoplist cgi-bin

####### 对 squid 的一些优化 ###############

maximum_object_size_in_memory 1024 KB //内存中缓存的最大对象 1024KB

maximum_object_size 10240 KB // 能缓存的最大对象为 10M

cache_mem 64 MB //squid 用于缓存的内存量

#####日志和缓存目录的设置###########

access_log /usr/local/squid/var/logs/access.log squid

cache_log /usr/local/squid/var/logs/cache.log

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern (cgi-bin|/?) 0 0% 0

refresh_pattern . 0 20% 4320

cache_effective_user squid

cache_effective_group squid

######### 设定 squid 的主机名 , 如无此项 squid 将无法启动

visible_hostname s1.766.com

############# 配置 squid 为加速模式 #################

http_port 80 accel vhost vport

icp_port 3130

coredump_dir /usr/local/squid/var/cache

在hosts添加如下行.让squid能找到其邻居.

#cat /etc/hosts

# Do not remove the following line, or various programs

# that require network functionality will fail.

127.0.0.1 localhost.localdomain localhost

::1 localhost6.localdomain6 localhost6

192.168.128.137 s2.766.com

192.168.128.139 s3.766.com

其他两台squid配置跟其一致.只要修改上面标明颜色的地方和/etc/hosts文件即可.

Squid开机自动启动的实现:

# vim /etc/init.d/squid

#!/bin/sh

#chkconfig: 35 85 15

#description: squid

#function: use this script to stop,start,restart squid....

#author:hsf

squid_BIN=/usr/local/squid/sbin/squid

squid_CONF=/usr/local/squid/etc/squid.conf

squid_PID=/usr/local/squid/var/logs/squid.pid

squid_PORT=`/bin/netstat -ntpl |grep squid |grep 80 |wc -l`

case $1 in

start)

if [ $squid_PORT = 0 ];then

echo "staring squid..."

$squid_BIN

else echo "starting squid failed,Address already in use..."

exit 2

fi

;;

stop)

echo "stoping squid..."

if [ -f $squid_PID ];then

kill -QUIT `cat $squid_PID`

else echo "squid is no running...."

fi

;;

status)

if [ -f $squid_PID ];then

echo "squid is running..."

else echo "squid is stop..."

fi

;;

restart)

if [ -f $squid_PID ];then

kill -HUP `cat $squid_PID`

else echo "squid is no running...."

fi

;;

*)

echo "Usage: $0 {start|stop|status|restart}"

exit 1

;;

esac

Apache安装(192.168.128.136)

见apache安装配置文档.

  评论这张
 
阅读(437)| 评论(0)
推荐 转载

历史上的今天

在LOFTER的更多文章

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2018