搭建高性能 tengine

Posted fsckzy

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了搭建高性能 tengine相关的知识,希望对你有一定的参考价值。

简介

Tengine 可以当成 nginx Plus,它的健康检查、会话保持都比 Nginx 社区版做得更好。所以打算把线上的换成 Tengine

特性

继承Nginx-1.17.3的所有特性,兼容Nginx的配置;
支持HTTP的CONNECT方法,可用于正向代理场景;
支持异步OpenSSL,可使用硬件如:QAT进行HTTPS的加速与卸载;
增强相关运维、监控能力,比如异步打印日志及回滚,本地DNS缓存,内存监控等;
Stream模块支持server_name指令;
更加强大的负载均衡能力,包括一致性hash模块、会话保持模块,还可以对后端的服务器进行主动健康检查,根据服务器状态自动上线下线,以及动态解析upstream中出现的域名;
输入过滤器机制支持。通过使用这种机制Web应用防火墙的编写更为方便;
支持设置proxy、memcached、fastcgi、scgi、uwsgi在后端失败时的重试次数
动态脚本语言Lua支持。扩展功能非常高效简单;
支持按指定关键字(域名,url等)收集Tengine运行状态;
组合多个CSS、javascript文件的访问请求变成一个请求;
自动去除空白字符和注释从而减小页面的体积
自动根据CPU数目设置进程个数和绑定CPU亲缘性;
监控系统的负载和资源占用从而对系统进行保护;
显示对运维人员更友好的出错信息,便于定位出错机器;
更强大的防攻击(访问速度限制)模块;
更方便的命令行参数,如列出编译的模块列表、支持的指令等;
可以根据访问文件类型设置过期时间;
......

安装

jemalloc

jemalloc 用于优化 Nginx 内存管理

wget https://github.com/jemalloc/jemalloc/releases/download/5.2.1/jemalloc-5.2.1.tar.bz2
tar jxvf jemalloc-5.2.1.tar.bz2 
cd jemalloc-5.2.1/
./configure --prefix=/usr/local/jemalloc && make && make install
echo "/usr/local/jemalloc/lib" >> /etc/ld.so.conf
ldconfig 

Tengine
wget https://tengine.taobao.org/download/tengine-2.3.2.tar.gz
tar zxvf tengine-2.3.2.tar.gz 
cd tengine-2.3.2/
useradd www -s /sbin/nologin
./configure --prefix=/usr/local/nginx --user=www --group=www --with-jemalloc=/usr/local/jemalloc --with-http_gzip_static_module --with-http_stub_status_module   --with-http_ssl_module  --with-http_v2_module && make && make install

配置

系统配置
> cat /etc/security/limits.conf
root soft nofile 65535
root hard nofile 65535


> cat /etc/sysctl.conf
fs.file-max=102400
net.ipv4.tcp_mem = 3097431 4129911 6194862
net.ipv4.tcp_rmem = 4096 87380 6291456
net.ipv4.tcp_wmem = 4096 65536 4194304
net.ipv4.tcp_max_tw_buckets = 262144
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_tw_reuse  = 1
net.ipv4.tcp_syncookies  = 1
net.ipv4.tcp_fin_timeout = 15
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_max_syn_backlog = 65535
net.core.somaxconn  = 65535
net.core.netdev_max_backlog  = 200000

应用配置
> cat /usr/local/nginx/conf/nginx.conf
user root;
worker_processes  auto;
worker_cpu_affinity auto;
error_log  logs/error.log warn;
pid        /var/run/nginx.pid;
worker_rlimit_nofile 65535;

events {
    use epoll;
    worker_connections  65535;
}


http {
    #include       /etc/nginx/mime.types;
    fastcgi_intercept_errors on;
    proxy_intercept_errors on;
    server_tokens off;
    include       mime.types;
    default_type  application/octet-stream;
    charset     UTF-8;

    client_header_buffer_size 256k;
    client_max_body_size 50m;
    proxy_buffer_size 256k;
    proxy_buffers 64 128k;


log_format access ' $remote_addr; -; $remote_user; [$time_local]; "$request"; $status; $body_bytes_sent; "$http_referer"; "$http_user_agent"; $http_x_forwarded_for; $server_addr; $upstream_addr; $upstream_response_time; $request_time;';

    access_log  logs/access.log access buffer=32k;


    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout  120s 120s;
    keepalive_requests 300;

    gzip  on;
    gzip_min_length 1k;
    gzip_buffers 16 64k;
    gzip_http_version 1.1;
    gzip_comp_level 4;
    #gzip_types image/webp image/apng text/plain application/x-javascript text/css application/xml application/javascript;
    gzip_types text/plain application/x-javascript application/javascript application/css text/css application/xml text/javascript;
    gzip_vary on;



    include   /usr/local/nginx/conf/vhost/*.conf;
}

去掉 ip-hash
    upstream serverLive {
        server 172.18.11.148:182;
        server 172.18.11.149:182;
        server 172.18.11.182:182;
        server 172.18.11.183:182;
        session_sticky;
    }

健康检查
    upstream serverLive {
        server 172.18.11.148:182;
        server 172.18.11.149:182;
        server 172.18.11.182:182;
        server 172.18.11.183:182;
        session_sticky;

        check interval=3000 rise=2 fall=5 timeout=1000 type=http;
        check_http_send "HEAD / HTTP/1.0

";
        check_http_expect_alive http_2xx http_3xx;
    }

其他

日志管理
> # cat /etc/logrotate.d/nginx 
/usr/local/nginx/logs/*.log {
 rotate 5
 copytruncate
 daily
 dateext
 compress
 missingok
}

> # logrotate -vf /etc/logrotate.d/nginx 

输出结果:
> # ll
total 59548
-rw-r--r-- 1 www www 54126422 Feb 27 15:12 access.log
-rw-r--r-- 1 www www   350824 Feb 27 14:21 access.log-20200227.gz
-rw-r--r-- 1 www www   419630 Feb 27 15:12 error.log
-rw-r--r-- 1 www www     1340 Feb 27 14:21 error.log-20200227.gz

以上是关于搭建高性能 tengine的主要内容,如果未能解决你的问题,请参考以下文章

Tengine(nginx) 搭建Tomcat集群

技术干货听阿里云CDN安防技术专家金九讲tengine+lua开发

Nginx和Tengine

老nginx集群向tengine集群的升级改造,性能提升数倍

Tengine/Nginx/Openresty性能优化及杂谈(未完待续)

Linux LNMP 环境的搭建之Nginx的安装