实验简介
实验一:Nginx 的源码编译
该实验聚焦于 Nginx 从源码到可运行服务的完整部署流程,核心目标是掌握源码编译的自定义配置与服务化管理,步骤如下:
- 环境准备:下载 Nginx 1.28.1 源码包,安装编译依赖(gcc、openssl-devel、pcre2-devel、zlib-devel 等);
- 自定义编译配置 :通过
./configure指定安装路径(--prefix=/usr/local/nginx)、运行用户 / 组(nginx),并启用 SSL、HTTP/2、实时 IP、状态监控等核心模块; - 编译与安装 :执行
make && make install完成编译安装,创建 nginx 系统用户(无登录权限); - 服务化管理 :编写 systemd 启动文件(
/lib/systemd/system/nginx.service),实现 Nginx 的开机自启、状态监控、平滑重载等标准化运维; - 验证:修改默认首页并通过 curl 测试访问,确认服务正常运行。
核心价值:源码编译可按需定制模块,相比 yum 安装更灵活,满足生产环境的个性化需求;systemd 服务化则符合 Linux 系统的标准化运维规范。
实验二:Nginx 的平滑升级及回滚
该实验解决 Nginx 版本升级的 "无停机" 需求,同时保障回滚能力,核心步骤:
- 平滑升级(以 1.29.4 为例) :
- 下载高版本源码,修改
nginx.h隐藏版本信息(自定义为 TIMINGLEE/),编译(仅make不make install); - 替换旧版 Nginx 二进制文件(
\cp -f 新版objs/nginx /usr/local/nginx/sbin/); - 向旧 master 进程发送
USR2信号:启动新版 master 进程,新旧进程共存,实现无缝升级; - 发送
WINCH信号:回收旧版 worker 进程,仅保留新版进程; - 验证:通过
nginx -V确认版本已更新,服务无中断;
- 下载高版本源码,修改
- 版本回滚 :
- 备份新版二进制文件,恢复旧版文件;
- 向旧 master 进程发送
HUP信号:重启旧版 worker 进程; - 发送
WINCH信号:回收新版 worker 进程,完成回滚; - 验证:
nginx -V确认版本恢复为旧版(1.28.1)。
核心价值:生产环境中版本升级 / 回滚无需停机,避免业务中断,保障服务高可用。
实验三:Nginx 配置文件的管理及优化参数
该实验针对 Nginx 的性能优化,核心是调整进程、连接、系统资源等参数,提升并发处理能力,核心步骤:
- 进程优化 :
- 调整
worker_processes(工作进程数):从固定值(2)改为auto(自动适配 CPU 核心数); - 配置
worker_cpu_affinity:将工作进程绑定到指定 CPU 核心(0001 0010 0100 1000),避免进程切换开销,通过ps axo pid,cmd,psr验证绑定效果;
- 调整
- 事件模型优化 :在
events块中配置:worker_connections 10000:提升单进程最大连接数;use epoll:启用高效的 epoll 事件模型(Linux 下最优);accept_mutex on(连接互斥锁)、multi_accept on(批量接收连接),提升连接处理效率;
- 系统资源限制 :
- 解决 "Too many open files" 问题:修改
/etc/security/limits.conf,提升系统级文件打开数限制(nofile/noproc 设为 100000);
- 解决 "Too many open files" 问题:修改
- 并发测试 :使用 ApacheBench(ab)工具(
ab -n 100000 -c10000 http://IP/index.html)验证优化效果,解决并发访问失败问题。
核心价值:通过进程、事件模型、系统资源的调优,最大化 Nginx 的并发处理能力,适配高流量场景。
Nginx的源码编译
下载软件
[root@nginx ~]# wget https://nginx.org/download/nginx-1.28.1.tar.gz解压
[root@nginx ~]# tar zxf nginx-1.28.1.tar.gz
[root@nginx ~]# cd nginx-1.28.1/
[root@nginx nginx-1.28.1]# ls
auto CODE_OF_CONDUCT.md contrib LICENSE SECURITY.md
CHANGES conf CONTRIBUTING.md man src
CHANGES.ru configure html README.md搭建环境
[root@nginx ~]# dnf install gcc openssl-devel.x86_64 pcre2-devel.x86_64 zlib-devel -y
[root@nginx ~]# cd nginx-1.28.1/
[root@nginx nginx-1.28.1]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module编译
[root@nginx nginx-1.28.1]# make
[root@nginx nginx-1.28.1]# make installnginx启动
#设定环境变量
[root@nginx sbin]# vim ~/.bash_profile
export PATH=$PATH:/usr/local/nginx/sbin
[root@nginx sbin]# source ~/.bash_profile
[root@nginx ~]# cd /usr/local/nginx/logs
[root@nginx logs]# useradd -s /sbin/nologin -M nginx
[root@nginx logs]# nginx
[root@nginx logs]# ps aux | grep nginx
root 3707 0.0 0.2 221300 1920 pts/0 T 14:24 0:00 rm -i -r nginx-1.28.1
root 10459 0.0 0.3 14688 2356 ? Ss 14:36 0:00 nginx: master process nginx
nginx 10460 0.0 0.5 14888 3892 ? S 14:36 0:00 nginx: worker process
root 10466 0.0 0.3 221680 2304 pts/0 S+ 14:36 0:00 grep --color=auto nginx
#测试
[root@nginx logs]# echo timinglee > /usr/local/nginx/html/index.html
[root@nginx logs]# curl 172.25.254.100
timinglee编写启动文件
[root@nginx ~]# vim /lib/systemd/system/nginx.service
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
[root@nginx ~]# systemctl daemon-reload
#验证
[root@nginx ~]# systemctl status nginx.service
○ nginx.service - The NGINX HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; preset: d>
Active: inactive (dead)
[root@nginx ~]# systemctl enable --now nginx
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xeu nginx.service" for details.
[root@nginx ~]# reboot
[root@nginx ~]# systemctl status nginx.service
● nginx.service - The NGINX HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; preset: di>
Active: active (running) since Tue 2026-02-10 14:40:35 CST; 30s ago
Process: 1019 ExecStartPre=/usr/local/nginx/sbin/nginx -t (code=exited, sta>
Process: 1035 ExecStart=/usr/local/nginx/sbin/nginx (code=exited, status=0/>
Main PID: 1046 (nginx)
Tasks: 2 (limit: 4269)
Memory: 324.0K
CPU: 12ms
CGroup: /system.slice/nginx.service
├─1046 "nginx: master process /usr/local/nginx/sbin/nginx"
└─1047 "nginx: worker process"
2月 10 14:40:35 nginx systemd[1]: Starting The NGINX HTTP and reverse proxy ser>
2月 10 14:40:35 nginx nginx[1019]: nginx: the configuration file /usr/local/ngi>
2月 10 14:40:35 nginx nginx[1019]: nginx: configuration file /usr/local/nginx/c>
2月 10 14:40:35 nginx systemd[1]: Started The NGINX HTTP and reverse proxy serv>
lines 1-17/17 (END)Nginx的平滑升级及回滚
下载高版本的软件
[root@nginx ~]# wget https://nginx.org/download/nginx-1.29.4.tar.gz对于新版本的软件进行源码编译并进行平滑升级
#编译nginx隐藏版本
[root@nginx ~]# tar zxf nginx-1.29.4.tar.gz
[root@nginx ~]# cd nginx-1.29.4/src/core/
[root@nginx core]# vim nginx.h
#define nginx_version 1029004
#define NGINX_VERSION "yxs"
#define NGINX_VER "TIMINGLEE/" NGINX_VERSION
#文件编辑完成后进行源码编译即可
[root@nginx core]# cd ../../
[root@nginx nginx-1.29.4]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module
[root@nginx nginx-1.29.4]# make
[root@nginx nginx-1.29.4]# cd objs/
[root@nginx objs]# ls
autoconf.err nginx ngx_auto_config.h ngx_modules.c src
Makefile nginx.8 ngx_auto_headers.h ngx_modules.o
[root@nginx objs]# cd /usr/local/nginx/sbin/
[root@nginx sbin]# ls
nginx
[root@nginx sbin]# \cp -f /root/nginx-1.29.4/objs/nginx /usr/local/nginx/sbin/nginx
[root@nginx sbin]# ls /usr/local/nginx/logs/
access.log error.log nginx.pid
[root@nginx sbin]# ps aux | grep nginx
avahi 893 0.0 0.3 16656 2560 ? Ss 14:40 0:00 avahi-daemon: running [nginx.local]
root 1046 0.0 0.1 14688 824 ? Ss 14:40 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 1047 0.0 0.2 14888 1720 ? S 14:40 0:00 nginx: worker process
root 2909 0.0 1.0 237632 7872 pts/0 T 14:41 0:00 systemctl status nginx.service
root 6022 0.0 0.3 221812 2432 pts/0 S+ 14:49 0:00 grep --color=auto nginx
[root@nginx sbin]# kill -USR2 1046 #nginx master进程id
[root@nginx sbin]# ps aux | grep nginx
avahi 893 0.0 0.3 16656 2560 ? Ss 14:40 0:00 avahi-daemon: running [nginx.local]
root 1046 0.0 0.2 14688 1848 ? Ss 14:40 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 1047 0.0 0.2 14888 1720 ? S 14:40 0:00 nginx: worker process
root 2909 0.0 1.0 237632 7872 pts/0 T 14:41 0:00 systemctl status nginx.service
root 6033 0.0 1.0 14716 7808 ? S 14:50 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 6034 0.0 0.5 14916 4156 ? S 14:50 0:00 nginx: worker process
root 6038 0.0 0.3 221812 2560 pts/0 S+ 14:50 0:00 grep --color=auto nginx
#测试效果
[root@nginx sbin]# nginx -V
nginx version: yxs/
built by gcc 11.5.0 20240719 (Red Hat 11.5.0-5) (GCC)
built with OpenSSL 3.2.2 4 Jun 2024
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module
#回收旧版本子进程
[root@nginx sbin]# ps aux | grep nginx
avahi 893 0.0 0.3 16656 2560 ? Ss 14:40 0:00 avahi-daemon: running [nginx.local]
root 2909 0.0 0.7 237632 5952 pts/0 T 14:41 0:00 systemctl status nginx.service
root 6153 0.0 0.3 14728 2368 ? Ss 14:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 6154 0.0 0.5 14928 4160 ? S 14:55 0:00 nginx: worker process
root 6168 0.0 0.3 221812 2304 pts/0 S+ 14:57 0:00 grep --color=auto nginx
[root@nginx sbin]# kill -WINCH 6153
[root@nginx sbin]# ps aux | grep nginx
avahi 893 0.0 0.3 16656 2560 ? Ss 14:40 0:00 avahi-daemon: running [nginx.local]
root 2909 0.0 0.7 237632 5952 pts/0 T 14:41 0:00 systemctl status nginx.service
root 6153 0.0 0.3 14728 2880 ? Ss 14:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx
root 6179 0.0 0.3 221812 2432 pts/0 S+ 14:58 0:00 grep --color=auto nginx版本回退|版本回滚
[root@nginx sbin]# cd /usr/local/nginx/sbin/
[root@nginx sbin]# cp nginx nginx.new -p
[root@nginx sbin]# \cp nginx.old nginx -pf
[root@nginx sbin]# ps aux | grep nginx
root 1643 0.0 0.1 14688 2744 ? Ss 09:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx
root 4919 0.0 0.4 14716 7936 ? S 10:24 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 4921 0.0 0.2 14916 4156 ? S 10:24 0:00 nginx: worker process
[root@nginx sbin]# kill -HUP 1643
[root@nginx sbin]# ps aux | grep nginx
root 1643 0.0 0.1 14688 2744 ? Ss 09:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx
root 4919 0.0 0.4 14716 7936 ? S 10:24 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 4921 0.0 0.2 14916 4156 ? S 10:24 0:00 nginx: worker process
nginx 4963 0.0 0.2 14888 3896 ? S 10:32 0:00 nginx: worker process
root 4965 0.0 0.1 6636 2176 pts/0 S+ 10:32 0:00 grep --color=auto nginx
[root@nginx sbin]# nginx -V
nginx version: nginx/1.28.1
built by gcc 11.5.0 20240719 (Red Hat 11.5.0-5) (GCC)
built with OpenSSL 3.2.2 4 Jun 2024
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module
#回收新版本进程
[root@nginx sbin]# kill -WINCH 4919
[root@nginx sbin]# ps aux | grep nginx
root 1643 0.0 0.1 14688 2744 ? Ss 09:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx
root 4919 0.0 0.4 14716 7936 ? S 10:24 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 4963 0.0 0.2 14888 3896 ? S 10:32 0:00 nginx: worker process
root 4969 0.0 0.1 6636 2176 pts/0 S+ 10:34 0:00 grep --color=auto nginxNginx配置文件的管理及优化参数
[root@Nginx ~]# vim /usr/local/nginx/conf/nginx.conf
user nginx;
[root@nginx ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@nginx ~]# nginx -s reload
[root@nginx ~]# ps aux | grep nginx
avahi 867 0.0 0.2 16656 2176 ? Ss 15:09 0:00 avahi-daemon: running [nginx.local]
root 2848 0.0 0.7 237632 5760 pts/0 T 15:09 0:00 systemctl status nginx.service
root 2994 0.0 1.1 237632 8960 pts/0 T 15:14 0:00 systemctl status nginx
root 3065 0.0 0.5 15344 3808 ? Ss 15:16 0:00 nginx: master process nginx -c /etc/nginx/nginx.conf
nginx 3093 0.0 0.4 15812 3436 ? S 15:16 0:00 nginx: worker process
nginx 3094 0.0 0.4 15812 3436 ? S 15:16 0:00 nginx: worker process
root 3097 0.0 0.3 221812 2432 pts/0 S+ 15:16 0:00 grep --color=auto nginx
[root@nginx ~]# vim /usr/local/nginx/conf/nginx.conf
worker_processes 2;
[root@nginx ~]# nginx -s reload
[root@nginx ~]# ps aux | grep nginx
avahi 894 0.0 0.3 16656 2816 ? Ss 15:17 0:00 avahi-daemon: running [nginx.local]
root 3042 0.0 0.5 15344 3932 ? Ss 15:19 0:00 nginx: master process nginx -c /etc/nginx/nginx.conf
nginx 3066 0.0 0.4 15812 3560 ? S 15:20 0:00 nginx: worker process
nginx 3067 0.0 0.4 15812 3560 ? S 15:20 0:00 nginx: worker process
nginx 3068 0.0 0.4 15812 3560 ? S 15:20 0:00 nginx: worker process
nginx 3069 0.0 0.4 15812 3560 ? S 15:20 0:00 nginx: worker process
root 3073 0.0 0.3 221812 2560 pts/0 S+ 15:20 0:00 grep --color=auto nginx
[root@nginx ~]# vim /usr/local/nginx/conf/nginx.conf
worker_processes auto;
worker_cpu_affinity 0001 0010 0100 1000;
[root@nginx ~]# ps aux | grep nginx
avahi 894 0.0 0.3 16656 2816 ? Ss 15:17 0:00 avahi-daemon: running [nginx.local]
root 3042 0.0 0.5 15344 3932 ? Ss 15:19 0:00 nginx: master process nginx -c /etc/nginx/nginx.conf
nginx 3066 0.0 0.4 15812 3560 ? S 15:20 0:00 nginx: worker process
nginx 3067 0.0 0.4 15812 3560 ? S 15:20 0:00 nginx: worker process
nginx 3068 0.0 0.4 15812 3560 ? S 15:20 0:00 nginx: worker process
nginx 3069 0.0 0.4 15812 3560 ? S 15:20 0:00 nginx: worker process
root 3086 0.0 0.3 221812 2560 pts/0 S+ 15:21 0:00 grep --color=auto nginx
[root@nginx ~]# ps axo pid,cmd,psr | grep nginx
3042 nginx: master process nginx 1
3066 nginx: worker process 0
3067 nginx: worker process 3
3068 nginx: worker process 3
3069 nginx: worker process 2
3093 grep --color=auto nginx 0
[root@nginx ~]# vim /usr/local/nginx/conf/nginx.conf
events {
worker_connections 10000;
use epoll;
accept_mutex on;
multi_accept on;
}
[root@nginx ~]# nginx -s reload
#测试并发
[root@nginx ~]# dnf install httpd-tools -y
[root@nginx ~]# ab -n 100000 -c5000 http://172.25.254.100/index.html
This is ApacheBench, Version 2.3 <$Revision: 1913912 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking 172.25.254.100 (be patient)
socket: Too many open files (24)
#处理本地文件系统的并发文件数量
[root@nginx ~]# vim /etc/security/limits.conf
* - nofile 100000
* - noproc 100000
root - nofile 100000
[root@nginx ~]# sudo -u nginx ulimit -n
100000
[root@nginx ~]# ulimit -n
10000
#测试
[root@nginx ~]# ab -n 100000 -c 2000 http://172.25.254.100/index.html
This is ApacheBench, Version 2.3 <$Revision: 1913912 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking 172.25.254.100 (be patient)
Completed 10000 requests
Completed 20000 requests
Completed 30000 requests
Completed 40000 requests
Completed 50000 requests
Completed 60000 requests
Completed 70000 requests