[玩转nginx] tengine加入nginx-module

2018-07-27  本文已影响0人  枫叶_huazhe

开启nginx-module-vts功能

默认的tengie不包括nginx-module-vts功能,需要我们自己自定义加入此模块即可,目前我们使用tengine都是基于docker容器,于是笔者自己根据Dockerfile构建了自定义的镜像,Dockerfile见附文

学习nginx-module-vts可参考 vts Github

基于docker启动tengine并开启vts功能

tengine:
    container_name: tengine
    image: docker.today36524.com.cn:5000/basic/tengine:2.0.4
    restart: on-failure:3
    environment:
      - LANG=zh_CN.UTF-8
      - TZ=CST-8
    volumes:
      - /data/config/nginx/conf.d/:/etc/nginx/conf.d/
      - /home/today/tscompose/config/nginx.conf:/etc/nginx/nginx.conf
      - /data/config/nginx/cert/:/etc/nginx/cert/
      - /data/logs/nginx:/var/log/nginx
    ports:
      - "80:80"
      - "443:443"
user  nginx;
worker_processes  8;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

worker_rlimit_nofile 65535;

events {
    worker_connections  10240;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    # 开启 vts 监控功能
    vhost_traffic_status_zone;

    log_format  main  '$remote_addr||$time_local||"$request"||'
                      '$status||$body_bytes_sent||"$http_referer"'
                      '||$http_x_forwarded_for||'
                      '||$upstream_status||$upstream_addr||$request_time||$upstream_respo


    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  120;

    gzip on;
    gzip_buffers 16 8k;
    gzip_comp_level 5;
    gzip_disable "MSIE [4-6]\."
    gzip_min_length 1000;
    gzip_http_version 1.1;
    gzip_proxied any;
    gzip_types text/plain text/css application/xml application/javascript application/jso
    gzip_vary on;

    include /etc/nginx/conf.d/*.conf;
}

只需要在主配置文件中http模块下加入一行配置即可

 vhost_traffic_status_zone;
upstream maple {
    server 192.168.10.8:9101;
    server 192.168.10.8:9102;
    # health check
    check interval=3000 rise=2 fall=3 timeout=1000 type=http;
    check_http_send "HEAD /health/check  HTTP/1.0\r\n\r\n";
    check_http_expect_alive http_2xx http_3xx;
}

server {
    listen 80;
    server_name localhost;

    access_log  /var/log/nginx/gateway.log;
    error_log /var/log/nginx/gateway-error.log;

    keepalive_timeout 300;
    send_timeout 300;
    proxy_read_timeout 300;

    location / {
        proxy_set_header   Host             $host;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;

        proxy_pass http://maple;
    }

    location /ngx_status {
        stub_status on;
        # vts功能
        vhost_traffic_status_display;
        vhost_traffic_status_display_format html;
       # 可以配置权限
        allow 127.0.0.1;
        allow 192.168.9.0/24;
       #配置拒绝所有
       #  deny all;
    }
nginx -V

可以看到有如下模块,说明加入成功ngx_http_vhost_traffic_status_module

附录[自定义tengine Dockerfile]

需要注意与Dockerfile同一目录下需要提前写好一个nginx.conf配置

使用命令

docker build -t your_docker_file  .

Dockerfile

FROM alpine:3.5

ENV TENGINE_VERSION 2.2.0

# Fork of https://github.com/kairyou/alpine-tengine

ENV CONFIG "\
    --prefix=/etc/nginx \
    --sbin-path=/usr/sbin/nginx \
    --conf-path=/etc/nginx/nginx.conf \
    --error-log-path=/var/log/nginx/error.log \
    --http-log-path=/var/log/nginx/access.log \
    --pid-path=/var/run/nginx.pid \
    --lock-path=/var/run/nginx.lock \
    --http-client-body-temp-path=/var/cache/nginx/client_temp \
    --http-proxy-temp-path=/var/cache/nginx/proxy_temp \
    --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
    --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
    --http-scgi-temp-path=/var/cache/nginx/scgi_temp \
    --user=nginx \
    --group=nginx \
    --with-http_ssl_module \
    --with-http_realip_module \
    --with-http_addition_module \
    --with-http_sub_module \
    --with-http_dav_module \
    --with-http_flv_module \
    --with-http_mp4_module \
    --with-http_gunzip_module \
    --with-http_gzip_static_module \
    --with-http_random_index_module \
    --with-http_secure_link_module \
    --with-http_stub_status_module \
    --with-http_auth_request_module \
    --with-http_xslt_module=shared \
    --with-http_image_filter_module=shared \
    --with-http_geoip_module=shared \
    --with-threads \
    --with-http_slice_module \
    --with-mail \
    --with-mail_ssl_module \
    --with-file-aio \
    --with-http_v2_module \
    --with-http_concat_module \
    --with-http_sysguard_module \
    --with-http_dyups_module \
    --add-module=/etc/nginx/3rd-modules/nginx-module-vts-0.1.18 \
    "


RUN addgroup -S nginx \
    && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \
    && apk add --no-cache --virtual .build-deps \
        gcc \
        libc-dev \
        make \
        openssl-dev \
        pcre-dev \
        zlib-dev \
        linux-headers \
        curl \
        gnupg \
        libxslt-dev \
        gd-dev \
        geoip-dev;
RUN curl -L "http://tengine.taobao.org/download/tengine-$TENGINE_VERSION.tar.gz" -o tengine.tar.gz \
    && curl -L "https://github.com/vozlt/nginx-module-vts/archive/v0.1.18.tar.gz" -o vtx.tar.gz \
    && mkdir -p /usr/src \
    # add nginx-module-vts
    && mkdir -p /etc/nginx/3rd-modules \
  && tar -zxC /usr/src -f tengine.tar.gz \
  && tar -zxC /etc/nginx/3rd-modules -f vtx.tar.gz \
  && rm tengine.tar.gz \
  && rm vtx.tar.gz \
  && cd /usr/src/tengine-$TENGINE_VERSION/ \
    && ./configure $CONFIG --with-debug \
  && make -j$(getconf _NPROCESSORS_ONLN) \
    && mv objs/nginx objs/nginx-debug \
    && ./configure $CONFIG \
    && make -j$(getconf _NPROCESSORS_ONLN) \
    && make install \
    && rm -rf /etc/nginx/html/ \
    && mkdir /etc/nginx/conf.d/ \
    && mkdir -p /usr/share/nginx/html/ \
    && install -m644 html/index.html /usr/share/nginx/html/ \
    && install -m644 html/50x.html /usr/share/nginx/html/ \
    && install -m755 objs/nginx-debug /usr/sbin/nginx-debug \
    && strip /usr/sbin/nginx* \
    && strip /etc/nginx/modules/*.so \
    && rm -rf /usr/src/tengine-$TENGINE_VERSION \
    \
    # Bring in gettext so we can get `envsubst`, then throw
    # the rest away. To do this, we need to install `gettext`
    # then move `envsubst` out of the way so `gettext` can
    # be deleted completely, then move `envsubst` back.
    && apk add --no-cache --virtual .gettext gettext \
    && mv /usr/bin/envsubst /tmp/ \
    \
    && runDeps="$( \
        scanelf --needed --nobanner /usr/sbin/nginx /etc/nginx/modules/*.so /tmp/envsubst \
            | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
            | sort -u \
            | xargs -r apk info --installed \
            | sort -u \
    )" \
    && apk add --no-cache --virtual .nginx-rundeps $runDeps \
    && apk del .build-deps \
    && apk del .gettext \
    && mv /tmp/envsubst /usr/local/bin/ \
    \
    # forward request and error logs to docker log collector
    && ln -sf /dev/stdout /var/log/nginx/access.log \
    && ln -sf /dev/stderr /var/log/nginx/error.log  

COPY nginx.conf /etc/nginx/nginx.conf

EXPOSE 80 443

CMD ["nginx", "-g", "daemon off;"]

nginx.conf(仅供参考)

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log error;
pid        /var/run/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;

events {
  use epoll;
  worker_connections 51200;
  multi_accept on;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                     '$status $body_bytes_sent "$http_referer" '
                     '"$http_user_agent" "$http_x_forwarded_for"';

    # access_log  /var/log/nginx/access.log  main;
    access_log off;

    # Hide nginx version information
    server_tokens off;
    server_info off;

 ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;

    sendfile on;
    tcp_nopush on;

    keepalive_timeout 65;

    server_names_hash_bucket_size 128;
    client_body_buffer_size 128k;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 50m;

    client_header_timeout  15;
    client_body_timeout    15;
    send_timeout           12;

    tcp_nodelay on;

    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 256k;

    gzip on;
    gzip_min_length  1k;
    gzip_buffers 4 16k;
    gzip_http_version 1.1;
    gzip_comp_level 2;
    gzip_vary on;
    gzip_proxied expired no-cache no-store private auth;
    gzip_disable "MSIE [1-6]\.";
    gzip_types
      application/atom+xml
      application/javascript
      application/x-javascript
      application/json
      application/rss+xml
      application/stylesheet
      application/vnd.ms-fontobject
      application/x-font-ttf
      application/x-web-app-manifest+json
      application/xhtml+xml
      application/xml
      font/opentype
      font/ttf
      font/otf
      image/svg+xml
      image/x-icon
      text/css
      text/javascript
      text/plain
      text/xml
      text/x-component;

    include conf.d/*.conf;
}
上一篇 下一篇

猜你喜欢

热点阅读