Nginx static proxy
From Help system
Везде ставить только из репозитариев дистрибутива. Собирать самим только если нужны специфические опции.
Contents |
nginx как прокси статики
wget http://nginx.org/download/nginx-1.1.15.tar.gz tar -zxf nginx-1.1.15.tar.gz cd nginx-1.1.15 wget http://switch.dl.sourceforge.net/project/pcre/pcre/8.12/pcre-8.12.tar.gz tar -xzf pcre-8.12.tar.gz ./configure --sbin-path=/usr/local/nginx/nginx --conf-path=/usr/local/nginx/nginx.conf --pid-path=/usr/local/nginx/nginx.pid --with-pcre=pcre-8.12 --with-http_addition_module --with-http_stub_status_module make make install
/etc/init.d/nginx
#!/bin/sh
# nginx - this script starts and stops the nginx daemin
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /usr/local/nginx/nginx.conf
# pidfile: /var/run/nginx.pid
. /etc/rc.d/init.d/functions
. /etc/sysconfig/network
[ "$NETWORKING" = "no" ] && exit 0
nginx="/usr/local/nginx/nginx"
prog=$(basename $nginx)
[ -e /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
lockfile=/var/lock/subsys/nginx
start() {
echo -n $"Starting $prog: "
daemon $nginx -c /usr/local/nginx/nginx.conf
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
stop
start
}
reload() {
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
fdr_status() {
status $prog
}
case "$1" in
start|stop|restart|reload)
$1
;;
force-reload)
force_reload
;;
status)
fdr_status
;;
condrestart|try-restart)
[ ! -f $lockfile ] || restart
;;
*)
echo $"Usage: $0 {start|stop|status|restart|try-restart|reload|force-reload}"
exit 2
esac
/usr/local/nginx/nginx.conf
user nobody;
worker_processes 4;
error_log logs/error.log;
pid logs/nginx.pid;
events {
worker_connections 2048;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] $status '
'"$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
limit_zone one $binary_remote_addr 10m;
server {
listen _nginx_IP_:80;
server_name example.com;
access_log /usr/local/apache/domlogs/example.com main;
location /nginx_status {
stub_status on;
access_log off;
allow all;
# deny all;
}
# Main location
location / {
proxy_pass http://_apache_IP_:80/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
# Static files location
location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|avi|swf)$ {
root /home/example/public_html/;
}
}
server {
...
}
}
chkconfig --add nginx chkconfig --level 3 nginx on
Apache модуль
Теперь надо поставить модуль mod_realip для apache 1.x и mod_rpaf для 2.x
mod_realip
например
cd /usr/local/src wget http://sysoev.ru/mod_realip/mod_realip-2.0.tar.gz tar zxf mod_realip-2.0.tar.gz && cd mod_realip-2.0 /usr/local/apache/bin/apxs -iac mod_realip.c strip /usr/local/apache/libexec/mod_realip.so /etc/init.d/httpd restart
Прописываем в конфиге апача жестко все IP на которые слушать кроме того выделенного, который указан в nginx конфиге.
Listen 127.0.0.1:80
Listen 111.111.111.112:80
...
<IfModule mod_realip.c>
RealIP on
</IfModule>
mod_rpaf
wget http://stderr.net/apache/rpaf/download/mod_rpaf-0.6.tar.gz tar -zxf mod_rpaf-0.6.tar.gz cd mod_rpaf-0.6 apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c
в httpd.conf
LoadModule rpaf_module modules/mod_rpaf-2.0.so RPAFenable On RPAFsethostname On RPAFproxy_ips _nginx_IP_ _apache_IP_
nginx.conf
ifconfig | grep inet | awk -F ":" '{print $2}' | awk '{print $1}' | grep -v 127.0.0.1 | grep -v fe80 > ip.list
Убрать в ip.list лишние IP если есть.
wget http://tools.dnska.com/conf/make_conf.sh chmod +x make_conf.sh ./make_conf.sh cp 1.txt /usr/local/nginx/nginx.conf wget http://tools.dnska.com/conf/make_csfpre.sh chmod +x make_csfpre.sh ./make_csfpre.sh cp 2.txt /etc/csf/csfpre.sh cat /usr/local/src/nginx-0.7.61/ip.list | xargs
Добавить последнее в RPAFproxy_ips
Исправление директивы limit_zone для новых версий Nginx
Если копировать конфиг со старых версий Nginx на новый могут полезть ошибки типа:
Starting nginx: nginx: [warn] the "limit_zone" directive is deprecated
Лекарство:
в секции "http {" меняем
limit_zone one $binary_remote_addr 10m;
на
limit_req_zone $binary_remote_addr zone=one:10m rate=4r/s;
в секции "server {" в поле "location / {" дописываем
limit_req zone=one burst=6;
при этом удаляем старое значение
limit_conn one 15;
