操作系统:CentOS 7.x
准备篇
一、防火墙配置
CentOS 7.x默认使用的是firewall作为防火墙,这里改为iptables防火墙。
1、关闭firewall:
systemctl stop firewalld.service #停止firewall
systemctl disable firewalld.service #禁止firewall开机启动
systemctl mask firewalld
systemctl stop firewalld
yum remove firewalld
2、安装iptables防火墙
yum install iptables-services #安装
vi /etc/sysconfig/iptables #编辑防火墙配置文件
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
:wq! #保存退出
systemctl restart iptables.service #最后重启防火墙使配置生效
systemctl enable iptables.service #设置防火墙开机启动
/usr/libexec/iptables/iptables.init restart #重启防火墙
二、关闭SELINUX
vi /etc/selinux/config
#SELINUX=enforcing #注释掉
#SELINUXTYPE=targeted #注释掉
SELINUX=disabled #增加
:wq! #保存退出
setenforce 0 #使配置立即生效
三 、系统约定
软件源代码包存放位置:/usr/local/src
源码包编译安装位置:/usr/local/软件名字
四、下载软件包
1、下载nginx
http://nginx.org/download/nginx-1.18.0.tar.gz
http://nginx.org/download/nginx-1.22.0.tar.gz
2、下载pcre(支持nginx伪静态)
https://ftp.exim.org/pub/pcre/pcre-8.45.tar.gz
3、下载zlib(nginx扩展)
https://zlib.net/zlib-1.2.12.tar.gz
4、下载openssl(适用于nginx扩展https)
https://www.openssl.org/source/openssl-1.1.1q.tar.gz
5、下载ngx_cache_purge(nginx缓存模块)
http://labs.frickle.com/files/ngx_cache_purge-2.3.tar.gz
以上软件包上传到/usr/local/src目录
五、安装编译工具包
yum install make gcc gcc-c++ perl zlib-devel
安装篇
一、安装Nginx
1、安装pcre
cd /usr/local/src
mkdir /usr/local/pcre
tar zxvf pcre-8.45.tar.gz
cd pcre-8.45
./configure --prefix=/usr/local/pcre
make
make install
2、安装zlib
cd /usr/local/src
mkdir /usr/local/zlib
tar zxvf zlib-1.2.12.tar.gz
cd zlib-1.2.12
./configure --prefix=/usr/local/zlib
make
make install
3、安装openssl
cd /usr/local/src
mkdir /usr/local/openssl
tar zxvf openssl-1.1.1q.tar.gz
cd openssl-1.1.1q
./config -fPIC shared zlib --prefix=/usr/local/openssl
make
make install
4、安装Nginx
groupadd www
useradd -g www www -s /bin/false
cd /usr/local/src
tar zxvf ngx_cache_purge-2.3.tar.gz
tar zxvf nginx-1.18.0.tar.gz
cd nginx-1.18.0
./configure --prefix=/usr/local/nginx --user=www --group=www --without-http_memcached_module --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --with-http_realip_module --with-stream --with-openssl=/usr/local/src/openssl-1.1.1q --with-zlib=/usr/local/src/zlib-1.2.12 --with-pcre=/usr/local/src/pcre-8.45 --add-module=../ngx_cache_purge-2.3
注意:--with-openssl=/usr/local/src/openssl-1.1.1q --with-zlib=/usr/local/src/zlib-1.2.12 --with-pcre=/usr/local/src/pcre-8.45指向的是源码包解压的路径,而不是安装的路径,否则会报错。
make
make install
/usr/local/nginx/sbin/nginx #启动Nginx
#查看nginx版本和安装模块信息
/usr/local/nginx/sbin/nginx -V
二、平滑升级nginx版本
1、备份旧版nginx
cp -r /usr/local/nginx /usr/local/nginx.bak
2、查看旧版编译信息
/usr/local/nginx/sbin/nginx -V
3、使用新版本安装包进行配置configure和编译make(切记不执行安装操作 make install)
cd /usr/local/src
tar zxvf nginx-1.22.0.tar.gz
cd nginx-1.22.0
./configure --prefix=/usr/local/nginx --user=www --group=www --without-http_memcached_module --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --with-http_realip_module --with-stream --with-openssl=/usr/local/src/openssl-1.1.1q --with-zlib=/usr/local/src/zlib-1.2.12 --with-pcre=/usr/local/src/pcre-8.45 --add-module=../ngx_cache_purge-2.3
make
4、备份二进制文件,用新版替换旧版
#备份旧文件
mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.old
#使用新文件替换旧文件
cp /usr/local/src/nginx-1.22.0/objs/nginx /usr/local/nginx/sbin/nginx
5、检查nginx配置文件是否正常运行
/usr/local/nginx/sbin/nginx -t
[root@localhost sbin]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
6、查找nginx主进程,向master进程发送USER2信号,使新旧进程同时存在
ps -ef|grep nginx
[root@localhost sbin]# ps -ef|grep nginx
root 80739 1 0 05:15 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx
www 80740 80739 0 05:15 ? 00:00:00 nginx: worker process
root 80758 7675 0 05:17 pts/0 00:00:00 grep --color=auto nginx
#查看nginx进程状态
systemctl status 80739
#执行下面的操作,向master进程发送USER2信号
kill -USR2 80739
说明:
#旧版nginx的master进程将/usr/local/nginx/logs/nginx.pid重命名为/usr/local/nginx/logs/nginx.pid.oldbin
#新版nginx启动新的master进程,重新生成新的nginx.pid文件,此时新的nginx进程和旧的nginx进程同时存在,之前旧的请求继续在旧版本运行,新的请求在新版本运行
[root@localhost sbin]# ps -ef|grep nginx
root 80739 1 0 05:15 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx
www 80740 80739 0 05:15 ? 00:00:00 nginx: worker process
root 80761 80739 0 05:18 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx
www 80762 80761 0 05:18 ? 00:00:00 nginx: worker process
root 80764 7675 0 05:18 pts/0 00:00:00 grep --color=auto nginx
7、平滑升级和回退操作
7.1平滑升级
#验证新版本是否正常运行,如果运行正常就向旧的worker进程发送平滑停止的信号,停止旧的worker进程
kill -WINCH 80739
[root@localhost sbin]# ps -ef|grep nginx
root 80739 1 0 05:15 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx
root 80761 80739 0 05:18 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx
www 80762 80761 0 05:18 ? 00:00:00 nginx: worker process
root 80766 7675 0 05:20 pts/0 00:00:00 grep --color=auto nginx
#退出旧版master进程,旧版文件/usr/local/nginx/logs/nginx.pid.oldbin自动删除
kill -QUIT 80739
[root@localhost sbin]# ps -ef|grep nginx
root 80761 1 0 05:18 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx
www 80762 80761 0 05:18 ? 00:00:00 nginx: worker process
root 80768 7675 0 05:22 pts/0 00:00:00 grep --color=auto nginx
#查看版本,nginx已经平滑升级到新版本
/usr/local/nginx/sbin/nginx -V
7.2回退到旧版本
#如果新版本有问题,同样可以平滑回退到旧版本
ps -ef|grep nginx
[root@localhost sbin]# ps -ef|grep nginx
root 80841 1 0 05:37 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx
www 80842 80841 0 05:37 ? 00:00:00 nginx: worker process
root 80850 80841 0 05:38 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx
www 80851 80850 0 05:38 ? 00:00:00 nginx: worker process
root 80856 7675 0 05:39 pts/0 00:00:00 grep --color=auto nginx
#查看旧版本的/usr/local/nginx/logs/nginx.pid.oldbin
cat /usr/local/nginx/logs/nginx.pid.oldbin
[root@localhost sbin]# cat /usr/local/nginx/logs/nginx.pid.oldbin
80841
#启动旧版worker进程
kill -s HUP 80841
[root@localhost sbin]# ps -ef|grep nginx
root 80841 1 0 05:37 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx
www 80842 80841 0 05:37 ? 00:00:00 nginx: worker process
root 80850 80841 0 05:38 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx
www 80851 80850 0 05:38 ? 00:00:00 nginx: worker process
www 80858 80841 0 05:40 ? 00:00:00 nginx: worker process
root 80860 7675 0 05:40 pts/0 00:00:00 grep --color=auto nginx
#查看新版本的/usr/local/nginx/logs/nginx.pid
cat /usr/local/nginx/logs/nginx.pid
[root@localhost logs]# cat /usr/local/nginx/logs/nginx.pid
80850
#关闭新版本worker进程
kill -WINCH 80850
[root@localhost sbin]# ps -ef|grep nginx
root 80841 1 0 05:37 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx
www 80842 80841 0 05:37 ? 00:00:00 nginx: worker process
root 80850 80841 0 05:38 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx
www 80858 80841 0 05:40 ? 00:00:00 nginx: worker process
root 80863 7675 0 05:41 pts/0 00:00:00 grep --color=auto nginx
#关闭新版master进程,旧版文件/usr/local/nginx/logs/nginx.pid.oldbin自动覆盖新版文件nginx.pid
kill -QUIT 80850
[root@localhost sbin]# ps -ef|grep nginx
root 80841 1 0 05:37 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx
www 80842 80841 0 05:37 ? 00:00:00 nginx: worker process
www 80858 80841 0 05:40 ? 00:00:00 nginx: worker process
root 80866 7675 0 05:41 pts/0 00:00:00 grep --color=auto nginx
#删除新版本二进制文件
rm -rf /usr/local/nginx/sbin/nginx
#恢复旧版本二进制文件
mv /usr/local/nginx/sbin/nginx.old /usr/local/nginx/sbin/nginx
#查看版本,nginx已经平滑回退到旧版本
/usr/local/nginx/sbin/nginx -V
附件:nginx启动|关闭脚本
vi /usr/local/nginx/nginx.sh
#!/bin/bash
#应用名称
APP_NAME=nginx
#nginx安装目录
DIR=/usr/local/nginx
#nginx进程文件
PIDFILE=$DIR/logs/nginx.pid
#nginx配置文件
CONF=$DIR/conf/nginx.conf
#使用说明,用来提示输入参数
usage() {
echo "Usage: ./nginx.sh [start|stop|restart|status]"
exit 1
}
#检查程序是否在运行
is_exist() {
if [ -f $PIDFILE ]
then
pid=$(cat $PIDFILE)
else pid=
fi
#如果不存在返回1,存在返回0
if [ -z "${pid}" ]; then
return 1
else
return 0
fi
}
#启动方法
start() {
is_exist
if [ $? -eq "0" ]; then
echo "${APP_NAME} is already running pid=${pid}"
else
echo "nginx service start success"
$DIR/sbin/nginx -c $CONF
fi
}
#停止方法
stop() {
is_exist
if [ $? -eq "0" ]; then
kill -s QUIT $(cat $PIDFILE)
sleep 2
while [ -x $PIDFILE ]
do
echo "Waiting for nginx to shutdown..."
sleep 1
done
echo "nginx service stop success"
else
echo "${APP_NAME} is not running"
fi
}
#输出运行状态
status() {
is_exist
if [ $? -eq "0" ]; then
echo "${APP_NAME} is running Pid is ${pid}"
else
echo "${APP_NAME} is not running"
fi
}
#重启
restart() {
is_exist
if [ $? -eq "0" ]; then
kill -s QUIT $(cat $PIDFILE)
sleep 2
while [ -x $PIDFILE ]
do
echo "Waiting for nginx to shutdown..."
sleep 1
done
echo "nginx service stop success"
else
echo "${APP_NAME} is not running"
fi
$DIR/sbin/nginx -c $CONF
echo "Starting nginx server..."
sleep 1
echo "nginx service start success"
}
#根据输入参数,选择执行对应方法,不输入则执行使用说明
case "$1" in
"start")
start
;;
"stop")
stop
;;
"status")
status
;;
"restart")
restart
;;
*)
usage
;;
esac
:wq! #保存退出
#添加执行权限
chmod +x /usr/local/nginx/nginx.sh
#添加开机启动
vi /etc/rc.d/rc.local
/bin/sh /usr/local/nginx/nginx.sh start
:wq! #保存退出
#默认/etc/rc.local没有执行权限,需要手动添加执行权限
chmod +x /etc/rc.d/rc.local
#解决普通用户启动nginx不能使用80端口的问题
setcap cap_net_bind_service=+eip [nginx命令路径]
setcap cap_net_bind_service=+eip /data/server/nginx/sbin/nginx
#取消普通用户使用1024以下端口方式
setcap -r [nginx命令路径]
setcap -r /data/server/nginx/sbin/nginx
至此,Linux下Nginx 版本平滑升级与回滚教程完成。