系统为centos 8.1
Tengine 2.3.2 编译安装
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 |
# 注意 必需使用openresty提供的luajit # yum remove luajit git clone https://github.com/openresty/luajit2.git cd luajit2/ make make install # 默认安装到/usr/local/lib/ /usr/local/include/luajit-2.1 echo '/usr/local/lib/' > /etc/ld.so.conf.d/luajit.conf ldconfig git clone git://github.com/vozlt/nginx-module-vts.git # 该模块提供非常详细的指标数据,有网页,并支持promethues # ngx_http_lua_module部分功能依赖ngx_devel_kit # 若不安装该模块 set_by_lua* 指令将不可用 wget https://github.com/vision5/ngx_devel_kit/archive/v0.3.1.tar.gz tar zxf v0.3.1.tar.gz wget http://tengine.taobao.org/download/tengine-2.3.2.tar.gz tar zxf tengine-2.3.2.tar.gz cd tengine-2.3.2/ yum install pcre-devel openssl-devel GeoIP-devel # yum 安装的luajit是2.1的 需要使用上面编译安装的 ./configure \ --prefix=/opt/tengine \ --with-http_realip_module \ --with-http_geoip_module \ --with-http_lua_module \ --with-luajit-lib=/usr/local/lib \ --with-luajit-inc=/usr/local/include/luajit-2.1 \ --add-module=../nginx-module-vts \ --add-module=../ngx_devel_kit-0.3.1 \ --add-module=modules/ngx_http_upstream_session_sticky_module \ --add-module=modules/ngx_http_upstream_check_module #make clean make make install ./nginx -Vm #下面这些暂不需要 #--add-module=modules/ngx_http_upstream_vnswrr_module #--add-module=modules/ngx_http_reqstat_module #--add-module=modules/ngx_http_upstream_dynamic_module #--add-module=../nginx-http-echo-module #--add-module=modules/ngx_http_upstream_check_module #--add-module=modules/ngx_http_upstream_consistent_hash_module #--with-stream #git clone https://github.com/wujunze/nginx-http-echo-module.git |
此安装包含的模块如下
/opt/tengine/sbin/nginx -Vm
Tengine version: Tengine/2.3.2
nginx version: nginx/1.17.3
built by gcc 8.3.1 20190507 (Red Hat 8.3.1-4) (GCC)
built with OpenSSL 1.1.1c FIPS 28 May 2019
TLS SNI support enabled
configure arguments: --prefix=/opt/tengine --with-http_realip_module --with-http_geoip_module --with-http_lua_module --with-luajit-lib=/usr/local/lib --with-luajit-inc=/usr/local/include/luajit-2.1 --add-module=../nginx-module-vts --add-module=../ngx_devel_kit-0.3.1 --add-module=modules/ngx_http_upstream_session_sticky_module --add-module=modules/ngx_http_upstream_check_modulenginx: loaded modules:
nginx: ngx_core_module (static)
nginx: ngx_errlog_module (static)
nginx: ngx_conf_module (static)
nginx: ngx_openssl_module (static)
nginx: ngx_regex_module (static)
nginx: ngx_events_module (static)
nginx: ngx_event_core_module (static)
nginx: ngx_epoll_module (static)
nginx: ngx_procs_module (static)
nginx: ngx_proc_core_module (static)
nginx: ngx_http_module (static)
nginx: ngx_http_core_module (static)
nginx: ngx_http_log_module (static)
nginx: ngx_http_upstream_module (static)
nginx: ngx_http_static_module (static)
nginx: ngx_http_autoindex_module (static)
nginx: ngx_http_index_module (static)
nginx: ngx_http_mirror_module (static)
nginx: ngx_http_try_files_module (static)
nginx: ngx_http_auth_request_module (static)
nginx: ngx_http_auth_basic_module (static)
nginx: ngx_http_access_module (static)
nginx: ngx_http_limit_conn_module (static)
nginx: ngx_http_limit_req_module (static)
nginx: ngx_http_realip_module (static)
nginx: ngx_http_geo_module (static)
nginx: ngx_http_geoip_module (static)
nginx: ngx_http_map_module (static)
nginx: ngx_http_split_clients_module (static)
nginx: ngx_http_referer_module (static)
nginx: ngx_http_rewrite_module (static)
nginx: ngx_http_ssl_module (static)
nginx: ngx_http_proxy_module (static)
nginx: ngx_http_fastcgi_module (static)
nginx: ngx_http_uwsgi_module (static)
nginx: ngx_http_scgi_module (static)
nginx: ngx_http_memcached_module (static)
nginx: ngx_http_empty_gif_module (static)
nginx: ngx_http_browser_module (static)
nginx: ngx_http_upstream_hash_module (static)
nginx: ngx_http_upstream_ip_hash_module (static)
nginx: ngx_http_upstream_least_conn_module (static)
nginx: ngx_http_upstream_random_module (static)
nginx: ngx_http_upstream_keepalive_module (static)
nginx: ngx_http_upstream_zone_module (static)
nginx: ngx_http_stub_status_module (static)
nginx: ngx_http_vhost_traffic_status_module (static)
nginx: ndk_http_module (static)
nginx: ngx_http_upstream_check_module (static)
nginx: ngx_http_write_filter_module (static)
nginx: ngx_http_header_filter_module (static)
nginx: ngx_http_chunked_filter_module (static)
nginx: ngx_http_range_header_filter_module (static)
nginx: ngx_http_gzip_filter_module (static)
nginx: ngx_http_postpone_filter_module (static)
nginx: ngx_http_ssi_filter_module (static)
nginx: ngx_http_charset_filter_module (static)
nginx: ngx_http_userid_filter_module (static)
nginx: ngx_http_headers_filter_module (static)
nginx: ngx_http_upstream_session_sticky_module (static)
nginx: ngx_http_lua_module (static)
nginx: ngx_http_copy_filter_module (static)
nginx: ngx_http_range_body_filter_module (static)
nginx: ngx_http_not_modified_filter_module (static)
内核参数优化
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 |
# bbr net.core.default_qdisc = fq net.ipv4.tcp_congestion_control = bbr cat /etc/sysctl.conf kernel.core_pattern = /dev/null kernel.core_uses_pid = 1 kernel.ctrl-alt-del = 1 kernel.msgmax = 65535 kernel.msgmnb = 65535 kernel.panic = 10 kernel.panic_on_oops = 10 kernel.printk = 4 4 1 7 kernel.randomize_va_space = 2 kernel.shmall = 4096256 kernel.shmmax = 16778264576 kernel.sysrq = 0 fs.file-max = 819200 vm.dirty_background_ratio = 5 vm.dirty_ratio = 70 vm.max_map_count = 262144 vm.min_free_kbytes = 67584 vm.overcommit_memory = 1 vm.swappiness = 0 vm.zone_reclaim_mode = 0 net.core.netdev_max_backlog = 16384 net.core.optmem_max = 65535 net.core.rmem_default = 131072 net.core.rmem_max = 16777216 net.core.somaxconn = 16384 net.core.wmem_default = 131072 net.core.wmem_max = 16777216 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.all.bootp_relay = 0 net.ipv4.conf.all.forwarding = 1 net.ipv4.conf.all.proxy_arp = 0 net.ipv4.conf.all.rp_filter = 0 net.ipv4.conf.all.secure_redirects = 1 net.ipv4.conf.all.send_redirects = 1 net.ipv4.conf.default.accept_redirects = 1 net.ipv4.conf.default.accept_source_route = 0 net.ipv4.conf.default.forwarding = 1 net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.default.secure_redirects = 1 net.ipv4.conf.default.send_redirects = 1 net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.icmp_ignore_bogus_error_responses = 1 net.ipv4.ip_forward = 1 net.ipv4.ip_local_port_range = 4096 65535 net.ipv4.ip_no_pmtu_disc = 1 net.ipv4.route.flush = 1 net.ipv4.route.max_size = 8388608 net.ipv4.tcp_adv_win_scale = 1 net.ipv4.tcp_congestion_control = bbr net.ipv4.tcp_dsack = 1 net.ipv4.tcp_ecn = 2 net.ipv4.tcp_fack = 1 net.ipv4.tcp_fin_timeout = 10 net.ipv4.tcp_keepalive_intvl = 15 net.ipv4.tcp_keepalive_probes = 5 net.ipv4.tcp_keepalive_time = 300 net.ipv4.tcp_max_orphans = 65535 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.tcp_max_tw_buckets = 20000 net.ipv4.tcp_mem = 262144 1228875 2457750 net.ipv4.tcp_moderate_rcvbuf = 1 net.ipv4.tcp_mtu_probing = 0 net.ipv4.tcp_no_metrics_save = 1 net.ipv4.tcp_reordering = 3 net.ipv4.tcp_retries1 = 3 net.ipv4.tcp_retries2 = 8 net.ipv4.tcp_rfc1337 = 1 net.ipv4.tcp_rmem = 4096 131072 16777216 net.ipv4.tcp_sack = 1 net.ipv4.tcp_slow_start_after_idle = 0 net.ipv4.tcp_syn_retries = 2 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_timestamps = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_window_scaling = 1 net.ipv4.tcp_wmem = 4096 131072 16777216 net.ipv4.udp_mem = 262144 1228875 2457750 net.ipv4.udp_rmem_min = 4096 net.ipv4.udp_wmem_min = 4096 #net.netfilter.nf_conntrack_max = 1024064 #net.netfilter.nf_conntrack_buckets = 128008 net.netfilter.nf_conntrack_max = 1000000 net.netfilter.nf_conntrack_tcp_loose = 0 net.netfilter.nf_conntrack_tcp_timeout_close = 10 net.netfilter.nf_conntrack_tcp_timeout_close_wait = 10 net.netfilter.nf_conntrack_tcp_timeout_established = 360 net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 20 net.netfilter.nf_conntrack_tcp_timeout_last_ack = 20 net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 20 net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 20 ============================== sysctl -p |
注意 某些情况下 net.ipv4.ip_no_pmtu_disc 不能设置为 1 这会会导致ssh连接的时候不稳定 需设置为 0
其他相关优化
bcc 工具安装
yum update kernel
yum install bcc
安装完成后工具目录 /usr/share/bcc/tools
echo 'export PATH=$PATH:/usr/share/bcc/tools' >> /etc/profile
echo 'export PATH=$PATH:/usr/share/bcc/tools' >> /etc/bashrc
示例:
cd /usr/share/bcc/tools && ./tcpconnlat -t 1000
~/.bashrc 文件,追加
export PS1='\033[36m[\u@\h\033[0m \033[37m$(/sbin/ip a|grep inet|grep -v 127.0.0.1|cut -c 10-|cut -f 1 -d /|grep -v :|head -n 1)\033[0m \033[36m \t \w]\033[0m \n\$'
/etc/profile 追加
alias ll='ls -l --color=auto'
alias ls='ls --color=auto'
alias mv='mv -i'
alias rm='rm -i'
常用工具
cd /usr/bin && ln -s python2 python
创建用户
chown -R nginx:nginx /opt/tengine/
设置worker_processes worker_cpu_affinity 参数
启动nginx
添加开机启动
chmod +x /etc/rc.d/rc.local
日志轮换
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
cat /etc/logrotate.d/nginx /opt/tengine/logs/*.log { daily missingok rotate 3 dateext compress notifempty create 644 root root sharedscripts postrotate [ -f /opt/tengine/logs/nginx.pid ] && kill -USR1 `cat /opt/tengine/logs/nginx.pid` endscript } |
nginx配置高亮
编辑/usr/share/vim/vim80/filetype.vim 添加
au BufRead,BufNewFile /opt/tengine/conf/*.conf,/opt/tengine/conf/*/*.conf if &ft == '' | setfiletype nginx | endif
vim出现兼容问题的解决(刚打开文件时光标处显示一个字符p)
yum install ncurses-devel
cd vim/src
make
make install
cd /usr/bin/ && ln -s /usr/local/bin/vim vim
cd /usr/bin/ && ln -s /usr/local/bin/vim vi
cd /usr/local/share/vim/vim82/syntax && wget http://www.vim.org/scripts/download_script.php?src_id=19394 -O nginx.vim
vi ../filetype.vim
au BufRead,BufNewFile /opt/tengine/conf/*.conf,/opt/tengine/conf/*/*.conf if &ft == '' | setfiletype nginx | endif
vts配置
1 2 3 4 5 6 7 8 9 10 |
vhost_traffic_status_zone shared:vhost_traffic_status:64m; server { listen 80; server_name _; location /status { vhost_traffic_status_display; vhost_traffic_status_display_format html; } } |
全局添加header头
access_by_lua 'ngx.req.set_header("Time", "t=" .. ngx.now())';
其他相关
1 2 |
# 更新帐号有效期 1 1 1 * * /usr/bin/chage root -d `date +\%Y-\%m-\%d` |
Tengine添加响应头 指示后端服务名称
add_header Tengine-Ups-Id $proxy_host always;
前一级代理删除响应头
proxy_hide_header Tengine-Ups-Id;
坑:
nginx的语法检查不能检查lua代码块,如果lua中有语法错误,nginx -t 是不能识别到的
解决方法可参考:https://gist.github.com/cwarden/1207556
另,nginx中注释为 # 而lua中注释为 -- 错用会出现语法错误
-- 以上为部署概要,备查
转载请注明:轻风博客 » Tengine2.3.2编译/内核参数优化/其他相关优化