刘琛运的技术文档

Appearance

0.3nginx设置

宿主机安装

下载

nginx-1.20.2

安装

解压

tar -zxvf nginx-1.20.2.tar.gz

进入nginx-1.20.2

cd nginx-1.20.2

执行配置脚本,--prefix是指定安装目录

./configure --prefix=/etc/nginx --with-http_ssl_module

#后面加上了nginx_limit_speed_module 模块
./configure --prefix=/etc/nginx --with-http_ssl_module --add-module=/home/nginx_limit_speed_module

安装

make & make install

命令

sbin下的nginx命令默认是指定/etc/nginx/conf/nginx.conf,我的nginx.conf路径不同需要单独指定

#启动
./nginx -c /etc/nginx/nginx.conf
#重载
./nginx -s reload
./nginx -c /etc/nginx/nginx.conf -s reload
#杀掉nginx
./nginx -s quit 
./nginx -c /etc/nginx/nginx.conf -s quit

开机自启

vi /usr/lib/systemd/system/nginx.service

脚本内容

[Unit]
Description=Nginx HTTP Server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/etc/nginx/nginx.pid
ExecStartPre=/etc/nginx/sbin/nginx -t -c /etc/nginx/nginx.conf
ExecStart=/etc/nginx/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/etc/nginx/sbin/nginx -s reload -c /etc/nginx/nginx.conf
ExecStop=/etc/nginx/sbin/nginx -s stop
ExecQuit=/etc/nginx/sbin/nginx -s quit
PrivateTmp=true

[Install]
WantedBy=multi-user.target

重新加载 systemd 配置文件

systemctl daemon-reload

设置开机自启动

systemctl start nginx.service
systemctl enable nginx.service

错误

/configure: error: C compiler cc is not found

yum -y install gcc gcc-c++ autoconf automake make

./configure: error: the HTTP rewrite module requires the PCRE library. You can either disable the module by using --without-http_rewrite_module option, or install the PCRE library into the system, or build the PCRE library statically from the source with nginx by using --with-pcre=option.

sudo yum install pcre pcre-devel

./configure: error: the HTTP gzip module requires the zlib library. You can either disable the module by using --without-http_gzip_module option, or install the zlib library into the system, or build the zlib library statically from the source with nginx by using --with-zlib=option.

sudo yum install zlib-devel

./configure: error: SSL modules require the OpenSSL library. You can either do not enable the modules, or install the OpenSSL library into the system, or build the OpenSSL library statically from the source with nginx by using --with-openssl= option

sudo yum install openssl-devel

nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in /etc/nginx/cert/cert.conf:1

sudo yum install openssl openssl-devel pcre pcre-devel zlib zlib-devel gcc gcc-c++

用yum安装

配置调整 

nginx: [emerg] getpwnam("nginx") failed in /etc/nginx/nginx.conf:2
注释我的nginx.conf 第二行#user  nginx;
nginx: [emerg] unknown directive "limit_speed" in /etc/nginx/conf.d/cdtest.conf:308
缺少三方模块,需要额外安装:

git clone https://github.com/yaoweibin/nginx_limit_speed_module.git

cd /home/nginx-1.20.2   #进nginx目录
./configure --prefix=/etc/nginx --add-module=/home/nginx_limit_speed_module  #添加模块(废弃)

./configure --prefix=/etc/nginx --with-http_ssl_module --add-module=/home/nginx_limit_speed_module  # 把前面需要的ssl加上

make & make install

_____________________________________________
安装git
yum install git
nginx: [emerg] open() "/var/log/nginx/error.log" failed (2: No such file or directory)
修改etc/nginx/nginx.conf

error_log  /var/log/nginx/error.log notice; =>  error_log  /etc/nginx/logs/error.log notice;


pid        /var/run/nginx.pid; => pid        /etc/nginx/nginx.pid;


access_log  /var/log/nginx/access.log  main; =>  access_log  /etc/nginx/logs/access.log main;

ip调整

因为公司测试站点的域名解析已经指向公司测试机ip 172.16.14.227

  • 把自己电脑修改为172.16.14.227

  • 用自己的域名

    我选择第二种用自己的域名,在阿里云dns解析中添加自己需要记录

192.168.11.188 => 192.168.31.157
cdtest.supermapol.com => cdtest.liuchenyun.com

ci.supermapol.cn => ci.liuchenyun.com
wiki.supermapol.cn => wiki.liuchenyun.com
yt.supermapol.cn => yt.liuchenyun.com
sonar.supermapol.cn => sonar.liuchenyun.com
nc.supermapol.cn => nc.liuchenyun.com
jenkins.supermapol.cn => jenkins.liuchenyun.com
nas.supermapol.cn => nas.liuchenyun.com
gitlab.supermapol.cn => gitlab.liuchenyun.com
tools.supermapol.cn => tools.liuchenyun.com
matomotest.supermapol.com => matomotest.liuchenyun.com
monitoring.supermapol.cn => monitoring.liuchenyun.com

ssocdtest.supermap.com => ssocdtest.liuchenyun.com
uk.supermapol.cn => uk.liuchenyun.com

没有ssl,修改

cdtest.conf
    #include /etc/nginx/cert/cert.conf;  #注释掉ssl
    listen 80;  #添加80

sso.conf
    #include /etc/nginx/cert/ssocert.conf;
    listen 80;
    
https => http

iportal不走ssl

第一种:
k8s的iportal-service
删除了
    - name: http
      protocol: TCP
      port: 8090
      targetPort: 8090
      nodePort: 30003
改:
    - name: https
      protocol: TCP
      port: 5101
      targetPort: 5101
      nodePort: 30443
      
      =>
      
    - name: http
      protocol: TCP
      port: 8090
      targetPort: 8090
      nodePort: 30443
      
第二种:
改nginx的cdtest.conf
把30003都改成30003