搭建高性能 tengine
Posted fsckzy
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了搭建高性能 tengine相关的知识,希望对你有一定的参考价值。
简介
Tengine
可以当成 nginx Plus
,它的健康检查、会话保持都比 Nginx
社区版做得更好。所以打算把线上的换成 Tengine
特性
继承Nginx-1.17.3的所有特性,兼容Nginx的配置;
支持HTTP的CONNECT方法,可用于正向代理场景;
支持异步OpenSSL,可使用硬件如:QAT进行HTTPS的加速与卸载;
增强相关运维、监控能力,比如异步打印日志及回滚,本地DNS缓存,内存监控等;
Stream模块支持server_name指令;
更加强大的负载均衡能力,包括一致性hash模块、会话保持模块,还可以对后端的服务器进行主动健康检查,根据服务器状态自动上线下线,以及动态解析upstream中出现的域名;
输入过滤器机制支持。通过使用这种机制Web应用防火墙的编写更为方便;
支持设置proxy、memcached、fastcgi、scgi、uwsgi在后端失败时的重试次数
动态脚本语言Lua支持。扩展功能非常高效简单;
支持按指定关键字(域名,url等)收集Tengine运行状态;
组合多个CSS、javascript文件的访问请求变成一个请求;
自动去除空白字符和注释从而减小页面的体积
自动根据CPU数目设置进程个数和绑定CPU亲缘性;
监控系统的负载和资源占用从而对系统进行保护;
显示对运维人员更友好的出错信息,便于定位出错机器;
更强大的防攻击(访问速度限制)模块;
更方便的命令行参数,如列出编译的模块列表、支持的指令等;
可以根据访问文件类型设置过期时间;
......
安装
jemalloc
jemalloc
用于优化 Nginx
内存管理
wget https://github.com/jemalloc/jemalloc/releases/download/5.2.1/jemalloc-5.2.1.tar.bz2
tar jxvf jemalloc-5.2.1.tar.bz2
cd jemalloc-5.2.1/
./configure --prefix=/usr/local/jemalloc && make && make install
echo "/usr/local/jemalloc/lib" >> /etc/ld.so.conf
ldconfig
Tengine
wget https://tengine.taobao.org/download/tengine-2.3.2.tar.gz
tar zxvf tengine-2.3.2.tar.gz
cd tengine-2.3.2/
useradd www -s /sbin/nologin
./configure --prefix=/usr/local/nginx --user=www --group=www --with-jemalloc=/usr/local/jemalloc --with-http_gzip_static_module --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module && make && make install
配置
系统配置
> cat /etc/security/limits.conf
root soft nofile 65535
root hard nofile 65535
> cat /etc/sysctl.conf
fs.file-max=102400
net.ipv4.tcp_mem = 3097431 4129911 6194862
net.ipv4.tcp_rmem = 4096 87380 6291456
net.ipv4.tcp_wmem = 4096 65536 4194304
net.ipv4.tcp_max_tw_buckets = 262144
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_fin_timeout = 15
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_max_syn_backlog = 65535
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 200000
应用配置
> cat /usr/local/nginx/conf/nginx.conf
user root;
worker_processes auto;
worker_cpu_affinity auto;
error_log logs/error.log warn;
pid /var/run/nginx.pid;
worker_rlimit_nofile 65535;
events {
use epoll;
worker_connections 65535;
}
http {
#include /etc/nginx/mime.types;
fastcgi_intercept_errors on;
proxy_intercept_errors on;
server_tokens off;
include mime.types;
default_type application/octet-stream;
charset UTF-8;
client_header_buffer_size 256k;
client_max_body_size 50m;
proxy_buffer_size 256k;
proxy_buffers 64 128k;
log_format access ' $remote_addr; -; $remote_user; [$time_local]; "$request"; $status; $body_bytes_sent; "$http_referer"; "$http_user_agent"; $http_x_forwarded_for; $server_addr; $upstream_addr; $upstream_response_time; $request_time;';
access_log logs/access.log access buffer=32k;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 120s 120s;
keepalive_requests 300;
gzip on;
gzip_min_length 1k;
gzip_buffers 16 64k;
gzip_http_version 1.1;
gzip_comp_level 4;
#gzip_types image/webp image/apng text/plain application/x-javascript text/css application/xml application/javascript;
gzip_types text/plain application/x-javascript application/javascript application/css text/css application/xml text/javascript;
gzip_vary on;
include /usr/local/nginx/conf/vhost/*.conf;
}
去掉 ip-hash
upstream serverLive {
server 172.18.11.148:182;
server 172.18.11.149:182;
server 172.18.11.182:182;
server 172.18.11.183:182;
session_sticky;
}
健康检查
upstream serverLive {
server 172.18.11.148:182;
server 172.18.11.149:182;
server 172.18.11.182:182;
server 172.18.11.183:182;
session_sticky;
check interval=3000 rise=2 fall=5 timeout=1000 type=http;
check_http_send "HEAD / HTTP/1.0
";
check_http_expect_alive http_2xx http_3xx;
}
其他
日志管理
> # cat /etc/logrotate.d/nginx
/usr/local/nginx/logs/*.log {
rotate 5
copytruncate
daily
dateext
compress
missingok
}
> # logrotate -vf /etc/logrotate.d/nginx
输出结果:
> # ll
total 59548
-rw-r--r-- 1 www www 54126422 Feb 27 15:12 access.log
-rw-r--r-- 1 www www 350824 Feb 27 14:21 access.log-20200227.gz
-rw-r--r-- 1 www www 419630 Feb 27 15:12 error.log
-rw-r--r-- 1 www www 1340 Feb 27 14:21 error.log-20200227.gz
以上是关于搭建高性能 tengine的主要内容,如果未能解决你的问题,请参考以下文章
技术干货听阿里云CDN安防技术专家金九讲tengine+lua开发
老nginx集群向tengine集群的升级改造,性能提升数倍