一般编译nginx时,都要先安装pcre、zlib等外部支持程序,然后编译安装nginx时指定这些外部支持程序的位置,
这样nginx在每次启动的时候,就会去动态加载这些东西了。编译时可以将这些程序编译到nginx里面去,
这样nginx启动时就不会采用动态加载的方式去load、这种方式会比动态加载有更高的效率(其实鬼知道效率高多少)
一:jemalloc优化MySQL、Nginx内存管理
内存优化常见软件:ptmalloc、tcmalloc和jemalloc
系统的物理内存是有限的,而对内存的需求是变化的, 程序的动态性越强,内存管理就越重要,选择合适的内存管理算法会带来明显的性能提升。
软件github地址: https://github.com/jemalloc/jemalloc/tags
安装步骤:
yum -y install bzip2 wget
yum -y install gcc gcc-c++
wget https://mirrors.linyaohong.com/src/jemalloc/jemalloc-5.1.0.tar.bz2
tar xjf jemalloc-5.1.0.tar.bz2
cd jemalloc-5.1.0
./configure
make && make install
ln -s /usr/local/lib/libjemalloc.so.2 /usr/lib64/libjemalloc.so.1
[ -z "`grep /usr/local/lib /etc/ld.so.conf.d/*.conf`" -a -z "`grep /usr/local/lib /etc/ld.so.conf`" ] && echo '/usr/local/lib' > /etc/ld.so.conf.d/local.conf
ldconfig
如果安装完Nginx效果如下:
[root@web ~]# lsof -n | grep jemalloc
nginx 3900 www mem REG 253,1 3429728 1067019 /usr/local/lib/libjemalloc.so.2
nginx 3901 www mem REG 253,1 3429728 1067019 /usr/local/lib/libjemalloc.so.2
nginx 3902 www mem REG 253,1 3429728 1067019 /usr/local/lib/libjemalloc.so.2
nginx 32376 root mem REG 253,1 3429728 1067019 /usr/local/lib/libjemalloc.so.2
安装脚本: https://mirrors.linyaohong.com/scripts/jemalloc/jemalloc_install.sh
说明:
CFLAGS 表示用于C编译器的选项
CXXFLAGS 表示用于C++编译器的选项
二:安装Nginx
yum install zlib zlib-devel openssl openssl-devel pcre pcre-devel gcc gcc-c++ glibc autoconf automake make unzip lua-devel -y
mkdir /server/tools -p
mkdir /server/application -p
mkdir /server/data
mkdir /server/logs
chown www:www /server/logs
cd /server/tools/
wget https://mirrors.linyaohong.com/src/nginx/nginx-1.14.2.tar.gz
wget https://mirrors.linyaohong.com/src/openssl/openssl-1.0.2q.tar.gz
wget https://mirrors.linyaohong.com/src/pcre/pcre-8.42.tar.gz
wget https://mirrors.linyaohong.com/src/zlib/zlib-1.2.11.tar.gz
tar zxf nginx-1.14.2.tar.gz
tar zxf openssl-1.0.2q.tar.gz
tar zxf pcre-8.42.tar.gz
tar zxf zlib-1.2.11.tar.gz
wget https://mirrors.linyaohong.com/src/nginx/nginx_waf/lua-nginx-module.tar.gz
tar zxf lua-nginx-module.tar.gz
#可以换成:wget https://mirrors.linyaohong.com/src/nginx/nginx_waf/lua-nginx-module-0.10.15.tar.gz
#tar zxf lua-nginx-module-0.10.15.tar.gz
#---------------------------------------------------------------------------
wget https://mirrors.linyaohong.com/src/nginx/nginx_waf/ngx_devel_kit.tar.gz
tar zxf ngx_devel_kit.tar.gz
#---------------------------------------------------------------------------
[ -e "/usr/local/lib/libluajit-5.1.so.2.0.5" ] && find /usr/local -name “*luajit*”| xargs rm -rf
wget https://mirrors.linyaohong.com/src/nginx/nginx_waf/luajit2-2.1-20190507.tar.gz
tar zxf luajit2-2.1-20190507.tar.gz
cd luajit2-2.1-20190507
make && make install
[ -e "/usr/local/lib/libluajit-5.1.so.2.1.0" ] && echo “LuaJIT install Successful”
cd ..
#---------------------------------------------------------------------------
wget https://mirrors.linyaohong.com/src/nginx/nginx_waf/lua-cjson-2.1.0.7.tar.gz
tar xzf lua-cjson-2.1.0.7.tar.gz
cd lua-cjson-2.1.0.7
sed -i 's@^LUA_INCLUDE_DIR.*@&/luajit-2.1@' Makefile
make && make install
cd ..
[ -e "/usr/local/lib/lua/5.1/cjson.so" ] && echo “cjson install Successful”
cd nginx-1.14.2
make clean
sed -i 's@CFLAGS="$CFLAGS -g"@#CFLAGS="$CFLAGS -g"@' auto/cc/gcc
export LUAJIT_LIB=/usr/local/lib
export LUAJIT_INC=/usr/local/include/luajit-2.1
#说明:如果上文换成了lua-nginx-module-0.10.15.tar.gz
#则 :--add-module=../lua-nginx-module/ 换成 --add-module=../lua-nginx-module-0.10.15/
./configure --prefix=/server/application/nginx-1.14.2 --user=www --group=www --with-http_stub_status_module --with-http_v2_module --with-http_ssl_module --with-http_gzip_static_module --with-http_realip_module --with-http_flv_module --with-http_mp4_module --with-openssl=../openssl-1.0.2q --with-pcre=../pcre-8.42 --with-pcre-jit --with-zlib=../zlib-1.2.11 --with-ld-opt='-ljemalloc' --with-file-aio --with-ld-opt="-Wl,-rpath,/usr/local/lib" --add-module=../ngx_devel_kit/ --add-module=../lua-nginx-module/
make && make install
ln -s /server/application/nginx-1.14.2/ /server/application/nginx
wget -O /etc/init.d/nginx https://mirrors.linyaohong.com/scripts/init.d/nginx
wget -O /server/application/nginx/conf/nginx.conf https://mirrors.linyaohong.com/conf/nginx-php/nginx.conf
chmod +x /etc/init.d/nginx
#---------------------------------------------------------------------------
wget https://mirrors.linyaohong.com/src/nginx/nginx_waf/ngx_lua_waf.tar.gz
tar zxf ngx_lua_waf.tar.gz -C /server/application/nginx/conf/
sed -i "s@/usr/local/nginx@/server/application/nginx@g" /server/application/nginx/conf/waf.conf
sed -i "s@/usr/local/nginx@/server/application/nginx@" /server/application/nginx/conf/waf/config.lua
sed -i "s@/data/wwwlogs@/server/logs@" /server/application/nginx/conf/waf/config.lua
[ -z "`grep 'include waf.conf;' /server/application/nginx/conf/nginx.conf`" ] && sed -i "s@ vhost/\*.conf;@&\n include waf.conf;@" /server/application/nginx/conf/nginx.conf
/etc/init.d/nginx start
/etc/init.d/nginx -t
/etc/init.d/nginx -s
#启动报错在nginx.conf的http段 加入 lua_load_resty_core off;
测试代码:
server {
location /waftest {
default_type text/html;
content_by_lua_block {
ngx.say("HelloWord")
}
}
}
#代表安装成功
[root@test01 /server/application/nginx/conf]# curl 10.10.10.190/waftest
HelloWord
#或者使劲狂刷域名/日志里会出现CC攻击
安装Nginx参数补充:
--with-stream #模块可以把内网ip端口映射到外网地址
upstream mysql_3306 {
server 192.168.1.5:3306;
}
server {
listen 3306;
proxy_connect_timeout 20s;
proxy_pass mysql_3306;
}
--add-module=../ngx_cache_purge-2.3 #Nginx fastcgi_cache缓存加速
wget http://labs.frickle.com/files/ngx_cache_purge-2.3.tar.gz
建议将fastcgi_cache_path设置tmpfs内存中,操作系统不同tmpfs路径也不同,如下:
CentOS:/dev/shm
缓存参考配置文件 https://mirrors.linyaohong.com/conf/nginx-php/nginx_cache_test.conf安装Nginx配置文件补充说明
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
#nginx server配置HTTPS 的时候可以选加次参数