Tengine derleme
Gerekli paketler
apt install git build-essential libjemalloc-dev libatomic-ops-dev libpcre3 libpcre3-dev zlib1g zlib1g-dev libssl-dev libgd-dev libgeoip-dev
https://github.com/vozlt/nginx-module-vts.git
https://github.com/FRiCKLE/ngx_cache_purge.git
https://github.com/yaoweibin/nginx_upstream_check_module.git
https://github.com/GetPageSpeed/ngx_security_headers.git
https://github.com/openresty/headers-more-nginx-module.git
Compile
#!/bin/bash
./configure \
--with-poll_module \
--with-threads \
--with-file-aio \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_image_filter_module \
--with-jemalloc \
--with-libatomic \
--with-http_sub_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_stub_status_module \
--with-mail_ssl_module \
--with-debug \
--with-stream \
--without-http_fastcgi_module \
--without-http_uwsgi_module \
--without-http_scgi_module \
--add-module=/var/nginx-module-vts \
--add-module=/var/ngx_cache_purge \
--add-module=/var/nginx_upstream_check_module \
--add-module=/var/ngx_security_headers \
--add-module=/var/headers-more-nginx-module \
--add-module=/var/tengine-2.3.2/modules/ngx_http_upstream_vnswrr_module \
--add-module=/var/tengine-2.3.2/modules/ngx_http_upstream_session_sticky_module \
--user=nginx \
--prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--pid-path=/var/run/nginx.pid \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=/var/log/nginx/error.log \
--with-http_image_filter_module=dynamic \
--with-http_geoip_module=dynamic \
--with-mail=dynamic \
--http-client-body-temp-path=/tmp/client-body-temp \
--http-proxy-temp-path=/tmp/proxy-temp \
make && make install
unit file
[Unit]
Description=A high performance web server and a reverse proxy server
After=network.target
[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t -q -g 'daemon on; master_process on;'
ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on;'
ExecReload=/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload
ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /var/run/nginx.pid
TimeoutStopSec=5
KillMode=mixed
LimitNOFILE=1048576
LimitNPROC=1048576
Restart=on-failure
RestartSec=10s
[Install]
WantedBy=multi-user.target[Unit]
Description=A high performance web server and a reverse proxy server
After=network.target
[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t -q -g 'daemon on; master_process on;'
ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on;'
ExecReload=/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload
ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /var/run/nginx.pid
TimeoutStopSec=5
KillMode=mixed
LimitNOFILE=1048576
LimitNPROC=1048576
Restart=on-failure
RestartSec=10s
[Install]
WantedBy=multi-user.target
Tengine Conf
worker_processes 15;
worker_cpu_affinity auto 1111111111111110;
worker_rlimit_nofile 1048576;
user nginx;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1048576;
use epoll;
multi_accept on;
accept_mutex on;
}
#don't need stream conf
worker_shutdown_timeout 300;
http {
#access_log on;
gzip_clear_etag off;
vhost_traffic_status_zone shared:vhost_traffic_status:128m;
map_hash_max_size 20480;
map_hash_bucket_size 20480;
map $status $loggable {
~^[23] 0;
default 1;
}
sendfile on;
tcp_nopush on;
tcp_nodelay on;
client_header_timeout 1m;
client_body_timeout 1m;
client_header_buffer_size 2k;
client_body_buffer_size 512k;
client_max_body_size 500m;
large_client_header_buffers 8 16k;
send_timeout 30;
keepalive_timeout 60;
keepalive_requests 100000;
reset_timedout_connection on;
server_tokens off;
server_name_in_redirect off;
server_names_hash_max_size 1024;
server_names_hash_bucket_size 1024;
check_shm_size 2000m;
proxy_buffer_size 16k;
proxy_buffers 4 16k;
proxy_busy_buffers_size 16k;
proxy_next_upstream off;
more_clear_headers Server;
more_clear_headers server;
log_format secops 'default TENGINE Message 0 0 : "WEBLOG:~'
'$time_local~'
'$remote_addr~'
'$http_x_client_ip~'
'$http_True_Client_IP~'
'$request_method~'
'$upstream_http_X_Proxy_Cache~'
'$uri~'
'$query_string~'
'$bytes_sent~'
'$http_user_agent~'
'$host~'
'$server_port~'
'$status~'
'$http_referer'
'"';
log_format main 'default TENGINE Message 0 0 : "WEBLOG:~'
'$time_local~'
'$remote_addr~'
'$http_x_client_ip~'
'$http_True_Client_IP~'
'$request_method~'
'$upstream_http_X_Proxy_Cache~'
'$uri~'
'$query_string~'
'$bytes_sent~'
'$http_user_agent~'
'$host~'
'$server_port~'
'$status~'
'$http_referer~'
'$upstream_addr~'
'$upstream_status~'
'$upstream_response_time~'
'$request~'
'$request_time';
access_log syslog:server=10.84.82.30:5555 main if=$loggable;
error_log syslog:server=10.84.82.30:5556 warn;
# Mime settings
include mime.types;
default_type application/octet-stream;
# Compression settings - aggressively cache text file types
gzip off;
#gzip_comp_level 1;
#gzip_min_length 10240;
#gzip_vary on;
#gzip_buffers 8 64k;
#gzip_types text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype;
#gzip_proxied any;
#gzip_disable "MSIE [1-6]\.";
# SSL PCI Compliance
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_prefer_server_ciphers on;
# Error pages
error_page 403 /403.html;
#error_page 404 /error/404.html;
#error_page 502 503 504 /error/50x.html;
# Cache bypass
map $http_cookie $no_cache {
default 0;
~SESS 1;
~wordpress_logged_in 1;
}
# File cache settings
open_file_cache max=200000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
# Other settings
log_subrequest on;
rewrite_log on;
include /etc/nginx/sites-enabled/*.conf;
include /etc/nginx/conf.d/*.conf;
}
No Comments