Nginx進(jìn)階之:Tengine

title: Nginx進(jìn)階之:Tengine
categories: Linux
tags:
- Tengine
- Nginx
timezone: Asia/Shanghai
date: 2019-01-08

Tengine簡(jiǎn)介

Tengine是由淘寶網(wǎng)發(fā)起的Web服務(wù)器項(xiàng)目。它在Nginx的基礎(chǔ)上,針對(duì)大訪問(wèn)量網(wǎng)站的需求,添加了很多高級(jí)功能和特性。Tengine的性能和穩(wěn)定性已經(jīng)在大型的網(wǎng)站如淘寶網(wǎng),天貓商城等得到了很好的檢驗(yàn)。它的最終目標(biāo)是打造一個(gè)高效、穩(wěn)定、安全、易用的Web平臺(tái)。

為什么叫他進(jìn)階版?因?yàn)橹霸谝粋€(gè)項(xiàng)目部署的時(shí)候本來(lái)是打算Nginx + 2臺(tái)tomcat做負(fù)載均衡,但是這個(gè)項(xiàng)目是在一個(gè)內(nèi)網(wǎng)環(huán)境。也就是所有需要訪問(wèn)服務(wù)的客戶機(jī)基本都在一個(gè)192.168.0.x子網(wǎng),結(jié)果反復(fù)測(cè)試Nginx的負(fù)載均衡發(fā)現(xiàn)無(wú)論如何都只是轉(zhuǎn)發(fā)到其中一臺(tái)tomcat。經(jīng)過(guò)查資料得知Nginx的輪訓(xùn)算法是根據(jù)IP地址的前3位來(lái)計(jì)算hash。無(wú)意中發(fā)現(xiàn)了Tengine,經(jīng)過(guò)測(cè)試Tengine的一致性hash模塊功能完美的解決了我的問(wèn)題。這部分內(nèi)容的演示會(huì)在后邊文章演示。

另外Tengine的健康檢查模塊功能自帶前臺(tái)查看頁(yè)面,可以方便的看到后端tomcat的健康狀態(tài),雖然很多工具也可以解決這個(gè)問(wèn)題。不過(guò)既然有這個(gè)很輕量并且好用的工具也不錯(cuò)。另外Tengine完全兼容Nginx,因此可以參照Nginx的方式來(lái)配置Tengine。

環(huán)境

REHL7
CentOS7

第一步:關(guān)閉系統(tǒng)默認(rèn)防火墻

setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

systemctl stop firewalld
systemctl disable firewalld
systemctl stop iptables
systemctl disable iptables

systemctl status firewalld
systemctl status iptables

第二步:安裝Tengine(在線yum安裝和離線源碼方式安裝)

安裝方法1:離線安裝

1.配置本地yum并安裝開(kāi)發(fā)工具

mkdir /mnt/cdrom
mount /dev/cdrom /mnt/cdrom

cat <<EOF >/etc/yum.repos.d/local.repo
[local]
name=local
baseurl=file:///mnt/cdrom
gpgcheck=0
enabled=1
EOF

yum clean all       #清理本地緩存
yum clean plugins   #清理插件緩存
yum makecache       #構(gòu)建緩存

yum group install -y "Development Tools"

2.下載安裝PCRE

curl -o /home/pcre-8.42.tar.gz https://ftp.pcre.org/pub/pcre/pcre-8.42.tar.gz
tar vxzf pcre-8.42.tar.gz
cd pcre-8.42
./configure
make
make install

3.下載安裝zlib

wget http://www.zlib.net/zlib-1.2.11.tar.gz
tar vxzf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure
make
make install

4.下載安裝OpenSSL

wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz
tar vxzf openssl-1.1.1a.tar.gz
cd openssl-1.1.1a
./config
make
make install

ln -s /usr/local/lib64/libssl.so.1.1 /usr/lib64/libssl.so.1.1
ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1

openssl version

5.下載并安裝Tengine

curl -o /home/tengine-2.2.3.tar.gz http://tengine.taobao.org/download/tengine-2.2.3.tar.gz
tar -vxf tengine-2.2.3.tar.gz
cd tengine-2.2.3
./configure --with-http_ssl_module
make
make install

6.完成安裝并啟動(dòng)

默認(rèn)安裝路徑:/usr/local/nginx

# 啟動(dòng)Nginx
/usr/local/nginx/sbin/nginx

# 優(yōu)雅的重啟(重載配置文件,如果配置文件有錯(cuò)誤的話,會(huì)繼續(xù)使用之前配置運(yùn)行)
/usr/local/nginx/sbin/nginx -s reload
    -s stop     快速停止
    -s quit     優(yōu)雅的退出
    -s reopen   重新打開(kāi)日志文件
    -s reload   重新加載配置文

# 測(cè)試配置文件是否正確
/usr/local/nginx/sbin/nginx -t

安裝方法2:采用阿里云官方y(tǒng)um源方式安裝

1.設(shè)置Tengine官方Y(jié)UM源:CentOS7

curl -o /etc/yum.repos.d/opsx-centos7.repo https://mirrors.aliyun.com/opensource/149994924900000037/opsx/centos7/opsx-centos7.repo
yum clean all       #清理本地緩存
yum clean plugins   #清理插件緩存
yum makecache       #構(gòu)建緩存

3.安裝Tengine并啟動(dòng)

yum install -y tengine
/opt/tengine/sbin/nginx

4.配置文件路徑

默認(rèn)安裝路徑在:/opt/tengine

# 測(cè)試配置文件是否正確
/opt/tengine/sbin/nginx -t

# 優(yōu)雅的重啟(重載配置文件,如果配置文件有錯(cuò)誤的話,會(huì)繼續(xù)使用之前配置運(yùn)行)
/opt/tengine/sbin/nginx -s reload
    -s stop     快速停止
    -s quit     優(yōu)雅的退出
    -s reopen   重新打開(kāi)日志文件
    -s reload   重新加載配置文

注意:在CentOS7下只配置Tengine官方y(tǒng)um源可以安裝成功,REHL7下提示缺少依賴,所以這里同時(shí)配置了163的yum源。

cat <<EOF >/etc/yum.repos.d/163.repo
[163]
name=163
baseurl=http://mirrors.163.com/centos/7/os/x86_64/
gpgcheck=0
enabled=1
EOF

附錄:Tengine & Nginx性能測(cè)試

http://tengine.taobao.org/document_cn/benchmark_cn.html

# 結(jié)論:
    Tengine相比Nginx默認(rèn)配置,提升200%的處理能力。
    Tengine相比Nginx優(yōu)化配置,提升60%的處理能力。

附錄:Tengine建立虛擬目錄

# 訪問(wèn):http://10.0.1.131的時(shí)候訪問(wèn)的是html目錄
# 訪問(wèn):http://10.0.1.131/111的時(shí)候訪問(wèn)的是/opt/tengine/111目錄
location / {
    root   html;
    index  index.html index.htm;
}

location /111 {
    alias   /opt/tengine/111;
    index  index.html index.htm;
}

附錄:Tengine一臺(tái)服務(wù)器建立多個(gè)虛擬主機(jī)(通過(guò)域名區(qū)分)

1./opt/tengine/的根目錄下建立111和222兩個(gè)文件夾并分別建立index.html主頁(yè)文件

mkdir -p /opt/tengine/111
mkdir -p /opt/tengine/222
echo "111" > /opt/tengine/111/index.html
echo "222" > /opt/tengine/222/index.html

2.http下增加如下內(nèi)容

server {
    listen       80;
    server_name  111.com;

    location / {
        root   111;
        index  index.html index.htm;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   html;
    }

}


server {
    listen       80;
    server_name  222.com;

    location / {
        root   222;
        index  index.html index.htm;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   html;
    }

}

3.重啟Tengine服務(wù)生效

/opt/tengine/sbin/nginx -s reload

附錄:Tengine一臺(tái)服務(wù)器建立多個(gè)虛擬主機(jī)(通過(guò)端口區(qū)分)

只需要將以上listen       80;修改為自己想要的端口即可。

附錄:Tengine一臺(tái)服務(wù)器建立多個(gè)虛擬主機(jī)(綁定IP)

server_name  222.com;   將其中的222.com換成想要綁定的IP即可

附錄:Tengine配置文件詳解

/opt/tengine/sbin/nginx
/opt/tengine/sbin/nginx -s reload
/opt/tengine/sbin/nginx -t
vim /opt/tengine/conf/nginx.conf

[root@redhat73 conf]# cat nginx.conf

#user  nobody;          # 指定 Nginx Worker 進(jìn)程運(yùn)行用戶以及用戶組。
worker_processes  1;

# 在這里,很多人會(huì)誤解worker_connections這個(gè)參數(shù)的意思,認(rèn)為這個(gè)值就是nginx所能建立連接的最大值。
# 其實(shí)不然,這個(gè)值是表示每個(gè)worker進(jìn)程所能建立連接的最大值
# 所以,一個(gè)nginx能建立的最大連接數(shù),應(yīng)該是worker_connections * worker_processes。
# 當(dāng)然,這里說(shuō)的是最大連接數(shù),對(duì)于HTTP請(qǐng)求本地資源來(lái)說(shuō)
# 能夠支持的最大并發(fā)數(shù)量是worker_connections * worker_processes
# 而如果是HTTP作為反向代理來(lái)說(shuō),最大并發(fā)數(shù)量應(yīng)該是worker_connections * worker_processes/2。
# 因?yàn)樽鳛榉聪虼矸?wù)器,每個(gè)并發(fā)會(huì)建立與客戶端的連接和與后端服務(wù)的連接,會(huì)占用兩個(gè)連接。

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;
#error_log  "pipe:rollback logs/error_log interval=1d baknum=7 maxsize=2G";

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}

# load modules compiled as Dynamic Shared Object (DSO)
#
#dso {
#    load ngx_http_fastcgi_module.so;
#    load ngx_http_rewrite_module.so;
#}

http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;
    #access_log  "pipe:rollback logs/access_log interval=1d baknum=7 maxsize=2G"  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;
        #access_log  "pipe:rollback logs/host.access_log interval=1d baknum=7 maxsize=2G"  main;

        location / {
            root   html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}

附錄:以上所用到的安裝包下載地址

pcre-8.42.tar.gz:https://pan.baidu.com/s/1qQge_iblLfHADBpB_mRp1A

zlib-1.2.11.tar.gz:https://pan.baidu.com/s/1Wf0CxcCQiM0-fhG7qiWhEQ

openssl-1.1.1a.tar.gz:https://pan.baidu.com/s/1sdKp4xrPG5T_TmoFXF040w

nginx-1.14.2.tar.gz:https://pan.baidu.com/s/1ehbcLctFso6VyL4UmSHUcg

附錄:

Tengine官網(wǎng):http://tengine.taobao.org/

PCRE官網(wǎng):http://www.pcre.org/

zile官網(wǎng):http://www.zlib.net/

OpenSSL官網(wǎng):https://www.openssl.org/

?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書(shū)系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容