[root@localhost ~]# yum -y install gcc wget pcre-devel openssl-devel
# sticky 第三方扩展的模块用于 session 绑定, 比 nginx 默认实现的 session 绑定模块更加强大
[root@localhost ~]# wget https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/master.tar.gz
[root@localhost ~]# wget http://nginx.org/download/nginx-1.14.2.tar.gz
[root@localhost ~]# tar xvf nginx-1.14.2.tar.gz
[root@localhost ~]# tar xvf master.tar.gz
[root@localhost ~]# cd nginx-1.14.2
[root@localhost ~]# ./configure --prefix=/opt/nginx-1.14.2 --user=nginx --group=nginx --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module \
--add-module=../nginx-goodies-nginx-sticky-module-ng-08a395c66e42/
[root@localhost ~]# make -j $(cat /proc/cpuinfo | grep -c processor) && make install
[root@localhost ~]# ln -s /opt/nginx-1.14.2/ /opt/nginx
[root@localhost ~]# echo 'PATH=${PATH}:/opt/nginx/sbin/' > /etc/profile.d/nginx.sh
[root@localhost ~]# useradd -M -s /sbin/nologin nginx
user nginx;
worker_processes 6;
worker_cpu_affinity 000001 000010 000100 001000 010000 100000;
pid logs/nginx.pid;
events {
worker_connections 10240;
}
http {
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 512;
server_names_hash_max_size 512 ;
log_format main '$http_x_real_ip $remote_addr $http_host - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"';
sendfile on;
keepalive_timeout 120;
client_max_body_size 15m;
proxy_store off;
proxy_redirect off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $http_x_real_ip;
proxy_set_header Host $http_host;
proxy_connect_timeout 120;
proxy_read_timeout 120;
proxy_send_timeout 120;
upstream test {
sticky expires=30d name=test1;
server 192.168.1.1:80;
server 192.168.1.2:80;
server 192.168.1.3:80;
}
# 强制 http 跳转到 https
# if ($server_port = 80) {
# return 301 https://$host$request_uri;
# }
server {
listen 80;
server_name http.test.com;
access_log logs/access.log main;
location / {
proxy_pass https://test;
}
}
server {
listen 443 ssl;
server_name https.test.com;
access_log logs/access.log main;
ssl_certificate "/PATH/xxxxx.crt";
ssl_certificate_key "/PATH/xxxxx.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://test;
}
}
}
[root@localhost ~]# cat > /usr/lib/systemd/system/nginx.service << EOF
[unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
ExecStart=/opt/nginx/sbin/nginx
ExecReload=/opt/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
EOF
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl start nginx