```shell
wget -P /usr/local/src https://tengine.taobao.org/download/tengine-2.3.3.tar.gz
wget -P /usr/local/src https://www.openssl.org/source/old/1.1.1/openssl-1.1.1j.tar.gz --no-check-certificate
wget -P /usr/local/src https://github.com/openresty/headers-more-nginx-module/archive/refs/tags/v0.25.tar.gz
wget -P /usr/local/src http://luajit.org/download/LuaJIT-2.0.5.tar.gz
wget -P /usr/local/src https://osdn.net/projects/sfnet_pcre/downloads/pcre/8.32/pcre-8.32.tar.gz
tar xf openssl-1.1.1j.tar.gz && tar xf pcre-8.32.tar.gz && tar xf LuaJIT-2.0.5.tar.gz && tar xf v0.25.tar.gz && tar xf tengine-2.3.3.tar.gz
yum install -y gcc gcc-c++ zlib-devel
cd pcre-8.32
./configure && make && make install
cd LuaJIT-2.0.5
make install PREFIX=/usr/local/LuaJIT
#出现==== Successfully installed LuaJIT 2.0.5 to /usr/local/LuaJIT ==== 就是成功了
echo "export LUAJIT_LIB=/usr/local/LuaJIT/lib" >> /etc/profile
echo "export LUAJIT_INC=/usr/local/LuaJIT/include/luajit-2.0" >> /etc/profile
source /etc/profile
cp /usr/local/LuaJIT/lib/libluajit-5.1.so.2.0.5 /usr/local/lib/
cd /usr/local/lib/
ln -s libluajit-5.1.so.2.0.5 libluajit-5.1.so
ln -s libluajit-5.1.so.2.0.5 libluajit-5.1.so.2
echo "/usr/local/lib" >>/etc/ld.so.conf
/sbin/ldconfig
cd tengine-2.3.3/
./configure --prefix=/home/nginx --with-compat --with-http_ssl_module --with-openssl=/usr/local/src/openssl-1.1.1j --with-stream --with-stream=dynamic --with-stream_ssl_module --with-stream_realip_module --with-http_lua_module --with-http_stub_status_module --with-luajit-inc=/usr/local/LuaJIT/include/luajit-2.0/ --with-luajit-lib=/usr/local/LuaJIT/lib --add-module=/usr/local/src/headers-more-nginx-module-0.25 --add-module=/usr/local/src/tengine-2.3.3/modules/ngx_http_upstream_consistent_hash_module --add-module=/usr/local/src/tengine-2.3.3/modules/ngx_http_upstream_check_module --add-module=/usr/local/src/tengine-2.3.3/modules/ngx_http_upstream_dynamic_module --add-module=/usr/local/src/tengine-2.3.3/modules/ngx_http_upstream_session_sticky_module --add-module=/usr/local/src/tengine-2.3.3/modules/ngx_http_upstream_dyups_module --with-pcre=/usr/local/src/pcre-8.32 --with-http_v2_module
make && make install
# nginx.conf 第一行加入
$ vi /home/nginx/conf/nginx.conf
load_module /home/nginx/modules/ngx_stream_module.so;
```
```
一、nginx.conf结构
events{} #nginx性能
stream{
upstream{
}
server{
location{
}
}
} #四层转发
http{
upstream{
}
server{
location{
}
}
} #七层转发
http {
include /usr/local/nginx/conf.d/*.conf; #调用/usr/local/nginx/conf.d/下的配置文件
}
二三使用的upstream模块
upstream tomcat {
server X.X.X.X:443 weight=100;
}
upstream raptor_tomcat {
server X.X.X.X:8081 weight=100;
}
二、server http代理http
server {
listen 18001;
access_log /var/log/nginx/bl_http.log ngx_accss_json;
location /status {
stub_status on;
access_log off;
allow 127.0.0.1;
allow 10.0.17.27;
allow 10.0.1.142;
deny all;
}
location / {
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_pass http://bl_tomcat;
#Proxy Settings
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_ignore_client_abort on;
proxy_max_temp_file_size 0;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}
#####http代理https
如果代理的后端是https服务,需要把黄色的代码改为https://bl_tomcat;
三、server https代理https
server {
listen 8443 ssl;
server_name *.intellicredit.cn;
root html;
ssl on;
ssl_certificate /usr/local/nginx/certs/intellicre.crt;
ssl_certificate_key /usr/local/nginx/certs/intellicredit.cn.key;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 20m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
access_log /var/log/nginx/bl_https.log;
location / {
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_pass https://tomcat;
#Proxy Settings
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_max_temp_file_size 0;
proxy_ignore_client_abort on;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}
#####
如果代理的后端是http服务,需要把黄色的代码改为http://tomcat;
四、四层TCP代理TCP,使用stream模块,nginx -V查看是否支持stream模块
stream {
upstream test {
hash $remote_addr consistent;
server 1.1.1.1:80 weight=100;
}
server {
listen 8080;
proxy_connect_timeout 5s;
proxy_timeout 5s;
proxy_pass test;
}
}
```
nginx部署