nginx 后端失效管理
-- 第三方模块测试 yaoweibin-nginx_upstream_check_module-7b0f364
1. 下载 yaoweibin-nginx_upstream_check_module-7b0f364
2. 解压后到nginx源码目录给nginx源码打补丁
cd nginx-0.8.54/
patch -p1 < ../yaoweibin-nginx_upstream_check_module-7b0f364/check.patch
3. 编译nginx
./configure
--prefix=/usr
--sbin-path=/usr/sbin/nginx
--conf-path=/etc/nginx/nginx.conf
--error-log-path=/var/log/nginx/error.log
--http-log-path=/var/log/nginx/access.log
--pid-path=/var/run/nginx/nginx.pid
--lock-path=/var/lock/nginx.lock
--user=nginx
--group=nginx
--with-http_ssl_module
--with-http_flv_module
--with-http_gzip_static_module
--with-http_realip_module
--with-http_stub_status_module
--http-client-body-temp-path=/dev/shm/nginx/client/
--http-proxy-temp-path=/dev/shm/nginx/proxy/
--http-fastcgi-temp-path=/dev/shm/nginx/fcgi/
--with-md5-asm
--with-md5=/usr/include
--with-sha1-asm
--with-sha1=/usr/include
--add-module=../ngx_cache_purge-1.2 --add-module=../yaoweibin-nginx_upstream_check_module-7b0f364/
ngx_cache_purge-1.2 也要将模块下载解压
make
make install
4. 配置 /etc/nginx/nginx.conf
主要几点,
a. timeout设置 前后端相配合
b. 压缩
c. 缓存静态文件缓存于内存
d. log_format 方便被awstat解析的标准日志格式
e. 隐藏版本号
f. access log与cronolog相配合,自动分割每天的日志
参考了网络资料和官方手册以后,我的/etc/nginx/nginx.conf内容:
user nginx nginx;
worker_processes 8;
worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;
error_log /var/log/nginx/error.log;
pid /var/run/nginx/nginx.pid;
worker_rlimit_nofile 65535;
events {
use epoll;
worker_connections 65535;
}
http {
keepalive_timeout 180;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
client_header_buffer_size 4k;
open_file_cache max=102400 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 1;
gzip on;
gzip_min_length 1000;
gzip_buffers 4 8k;
gzip_types text/* text/css application/javascript application/x-javascript;
gzip_comp_level 9;
gzip_vary on;
gzip_http_version 1.1;
include mime.types;
include fastcgi.conf;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] $status '
'"$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
server_names_hash_bucket_size 128;
proxy_cache_path /dev/shm/nginx/proxy_cache levels=1:2 keys_zone=pnc:128m inactive=7d max_size=3m ;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Accept-Encoding "";
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;
proxy_cache_key "$scheme://$host$request_uri";
proxy_cache_valid 200 302 1h;
proxy_cache_valid 301 1d;
proxy_cache_valid any 1m;
upstream one_server {
server 10.0.0.198:80 weight=5;
server 173.6.6.8:80 weight=1 backup;
check interval=30000 rise=2 fall=3 timeout=5000 type=tcp;
}
upstream both_server {
server 10.0.0.194:80 weight=5;
server 10.0.0.198:80 weight=5;
server 173.6.6.6:80 weight=1 backup;
server 173.6.6.8:80 weight=1 backup;
check interval=30000 rise=2 fall=3 timeout=5000 type=tcp;
}
include sites-enabled/*;
}
mime.types配置:基本保持默认设置
fastcgi.conf配置:
fastcgi_connect_timeout 120s;
fastcgi_send_timeout 120s;
fastcgi_read_timeout 120s;
fastcgi_buffer_size 128k;
fastcgi_buffers 8 128k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
#fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param SERVER_SOFTWARE nginx;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_index index.php;
fastcgi_param REDIRECT_STATUS 200;
sites-enabled各个域配置:
# cat sites-enabled/maindomain.com
server {
listen 75.6.6.8:80;
server_name user.maindoamin.com;
access_log /var/log/nginx/access_log_pipe main;
# serve static files
location ~* \.(jpg|png|gif|jpeg|css|js|mp3|wav|swf|mov|doc|pdf|xls|ppt|docx|pptx|xlsx|ico)$ {
proxy_pass
proxy_cache pnc;
proxy_temp_path /dev/shm/nginx/proxy_temp2;
}
location ~.*\.(php|jsp|cgi)?$
{
proxy_pass
}
location ~ /purge(/.*) {
allow 127.0.0.1;
deny all;
proxy_cache_purge pnc $1$is_args$args;
}
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
# pass requests for dynamic content to rails/turbogears/zope, et al
location / {
proxy_pass
}
}
b. 内核网络参数优化
/etc/sysctl.conf
net.ipv4.tcp_max_tw_buckets = 60000
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_syncookies = 1
net.core.somaxconn = 262144
net.core.netdev_max_backlog = 262144
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 30
sysctl -p
5. 启动
mkfifo /var/log/nginx/access_log_pipe
nginx -t #检查语法
adm_nginx_daemon.sh
#!/bin/bash
mkdir -p /dev/shm/nginx/proxy_cache
chown nginx.nginx -R /dev/shm/nginx/ /var/log/nginx/
ulimit -SHn 80000
sleep 1
nohup /usr/sbin/cronolog /var/log/nginx/user.maindomain.com.access_%Y%m%d.log < /var/log/nginx/access_log_pipe &
nohup nginx
重启 nginx -s reload
6. 模块介绍: yaoweibin-nginx_upstream_check_module-7b0f364
新参数:
check interval=30000 rise=2 fall=3 timeout=5000 type=tcp;
每30秒检测一次,超过3次失败则标记服务器状态为down。超过2次成功则将服务器状态为up,检测方式为tcp。
测试结果:
当服务器标记为down以后,所有请求向另一个后端机器转移。
当服务器标记为up以后,服务器回到正常的负载均衡。
nginx性能
静态: httperf 获取1.8KB图片文件, 可达到 1w以上并发数,cpu/mem都非常小,netstat -an占用连接数也非常少。Nginx前端外网网卡发送速度可达到50MB/s
动态: 450~500并发数 ,严重受制于目前的db访问速度
阅读(9588) | 评论(0) | 转发(0) |