* Versões utilizada: Debian 8.5(Jessie) NGINX-1.6.2
# apt-get update
# apt-get install nginx-extras -> Existem os pacotes nginx-full ou nginx-light para instalação
* Versões mais recente do NGINX: Debian 8.5(Jessie) NGINX-1.10.1
* Ajustar o repositório do Debian e baixar a versão mais recente do NGINX
# vi /etc/apt/sources.list
deb http://ftp.debian.org/debian testing main
# apt-get update
# apt-get install -t testing nginx-extras
* Proxy reverso
# vi /etc/nginx/sites-available/site1.conf
server {
listen 80;
server_name www.dominio.com.br;
location / {
include /etc/nginx/proxy_params;
proxy_pass http://www.dominio.com.br:8080/;
}
}
* Balanceamento + Proxy reverso
# vi /etc/nginx/sites-available/site1.conf
upstream LBSERVER {
zone LBSERVER 64k;
ip_hash;
server 10.0.0.10:80 weight=1;
server 10.0.0.20:80 weight=2;
keepalive 20;
}
server {
listen 80;
server_name www.dominio.com.br;
location / {
include /etc/nginx/proxy_params;
proxy_pass http://www.dominio.com.br:8080/;
}
}
* Websoket
# vi /etc/nginx/nginx.conf
http {
.....
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
.....
}
# vi /etc/nginx/sites-available/site1.conf
server {
listen 80;
server_name www.dominio.com.br;
location / {
include /etc/nginx/proxy_params;
proxy_pass http://www.dominio.com.br:8080/;
}
location /chat {
proxy_pass http://10.0.0.57:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
* GeoIP
* Baixar os pacotes geodata via APT (geoip-bin geoip-database geoip-database-extra)
# vi /etc/nginx/nginx.conf
http {
.....
##
# GeoIP
##
geoip_country /usr/share/GeoIP/GeoIP.dat;
geoip_city /usr/share/GeoIP/GeoIPCity.dat;
geoip_org /usr/share/GeoIP/GeoIPASNum.dat;
geoip_proxy_recursive on;
map $geoip_country_code $allowed_country {
default yes;
#FK no;
}
map $geoip_city $allowed_city {
default yes;
}
include /etc/nginx/fastcgi_params;
.....
}
* STREAMING
server {
listen 80 default_server;
server_name str.dominio.com.br;
root /home/video;
access_log /var/log/nginx/video_access.log;
error_log /var/log/nginx/video_error.log;
location ~ ^/mp4/ {
secure_link $arg_md5,$arg_expires;
secure_link_md5 "$secure_link_expires$uri$remote_addr word";
if ($secure_link = "") { return 403; }
if ($secure_link = "0") { return 410; }
mp4;
mp4_buffer_size 1m;
mp4_max_buffer_size 5m;
##mp4_limit_rate on;
##mp4_limit_rate_after 30s;
client_max_body_size 80m;
aio threads;
}
location ~ ^/flv/ {
flv;
}
location ~ ^/simple/ {
secure_link_secret word;
if ($secure_link = "") { return 403; }
if ($secure_link = "0") { return 410; }
rewrite ^ /mp4/$secure_link.mp4;
}
location ~ ^/complex/ {
secure_link $arg_md5,$arg_expires;
secure_link_md5 "$secure_link_expires$uri$remote_addr word";
if ($secure_link = "") { return 403; }
if ($secure_link = "0") { return 410; }
rewrite ^ /mp4/$secure_link.mp4;
}
}
* Instalando dependência para o nginx e php
# apt-get install php5-fpm
* Ajustar a configuração do nginx para executar php
# vi /etc/nginx/sites-available/default
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html index.php; <- Adicionado index.php
...
location ~ \.php$ { <- descomentar as linhas da seção
include snippets/fastcgi-php.conf;
# # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
* Ajustar o arquivo php fpm <- Validar
# vi /etc/php5/fpm/php.ini
cgi.fix_pathinfo=0
* Reiniciado o serviço nginx e php
# nginx -t
# /etc/init.d/nginx restart
# /etc/init.d/php5-fpm restart
DICA.: Na versão Debian 9(Stretch) e possível utilizar o php7, basta alterar o nome do pacote para php7.0.
* NGINX-1.9.10 + VTS + PAGESPEED-1.10.33.5 + Debian 8.5(Jessie)
* Gerar os passos de compilação no desktop e após instalar no servidor
* Baixar pacote e dependências iniciais
# mkdir /home/install
# apt-get install git build-essential zlib1g-dev libpcre3 libpcre3-dev unzip
# apt-get build-dep nginx
* Baixar o codigo fonte do nginx
# apt-get source nginx <-pode apresentar erro executar denovo
# apt-get source nginx
Ou versão desenvolvimento abaixo:
# git clone git://anonscm.debian.org/collab-maint/nginx.git
* Baixar os modulos para serem compilados com nginx
# cd nginx-1.9.10/debian/modules/
# git clone git://github.com/vozlt/nginx-module-vts.git
# git clone https://github.com/pagespeed/ngx_pagespeed.git
# cd ngx_pagespeed
# wget https://dl.google.com/dl/page-speed/psol/1.10.33.5.tar.gz
# tar zvxf 1.10.33.5.tar.gz
# rm 1.10.33.5.tar.gz
* Adicione a referencia dos modulos para serem instalados
# cd ../..
# vi rules e adicione em full e extra a linha abaixo
--add-module=$(MODULESDIR)/nginx-module-vts \
--add-module=$(MODULESDIR)/ngx_pagespeed
* Compilar
# cd ..
# dpkg-buildpackage -uc -b
# cd ..
# ls
* No servidor
# apt-get install fontconfig-config fonts-dejavu-core libfontconfig1 libgd3 libjbig0 libjpeg62-turbo libtiff5 libvpx3 libxpm4 libxslt1.1 nginx-extras nginx-common geoip-database geoip-database-extra geoip-bin
* Baixar o arquivo .deb
# sftp nome@ip
sftp> get install/nginx/nginx-extras_1.9.10-1_amd64.deb
sftp> quit
* Caso houver instalado remover
# /etc/init.d/nginx stop
# apt-get remove nginx-extras
* Instalar a nova versão do nginx
# dpkg -i nginx-extras_1.9.10-1_amd64.deb
* Iniciar o nginx
# /etc/init.d/nginx restart
* Visualize a versão instalada
# nginx -v
* Testa se as configurações estão ok.
# nginx -t
* Visualize os módulos instalados
# nginx -V
* Editar o arquivo /etc/nginx/nginx.conf e adicionar no final da function http
##
# Virtual Host Trffic Status
##
vhost_traffic_status_zone;
vhost_traffic_status_filter_by_set_key $geoip_country_code country::*;
vhost_traffic_status_filter_by_set_key $geoip_city city::*;
vhost_traffic_status_filter_by_set_key $geoip_region region::*;
vhost_traffic_status_filter_by_set_key $geoip_region_name region_name::*;
#vhost_traffic_status_filter_by_set_key $filter_user_agent agent::*;
map $http_user_agent $filter_user_agent {
default 'unknown';
~iPhone ios;
~Android android;
~(MSIE|Mozilla) windows;
~Linux linux;
}
##
# GeoIP
##
geoip_country /usr/share/GeoIP/GeoIP.dat;
geoip_city /usr/share/GeoIP/GeoIPCity.dat;
geoip_org /usr/share/GeoIP/GeoIPASNum.dat;
geoip_proxy_recursive on;
map $geoip_country_code $allowed_country {
default yes;
#FK no;
}
map $geoip_city $allowed_city {
default yes;
}
##
##
pagespeed on;
pagespeed FileCachePath "/tmp"; #OU "/var/ngx_pagespeed_cache"; <-para este caso deve criar o diretório
#pagespeed RewriteLevel OptimizeForBandwidth; #PassThrough, CoreFilters, and OptimizeForBandwidth
#pagespeed EnableFilters combine_css,combine_javascript;
* Iniciar o nginx
# /etc/init.d/nginx restart
* Visualize os modulos instalados
# nginx -V
* Bloquar a atualização via apt-get
# apt-mark hold nginx-full
* LOAD BALANCER
upstream LBSERVER {
zone LBSERVER 64k;
ip_hash;
server 10.0.0.10:80 weight=1;
server 10.0.0.20:80 weight=2;
keepalive 20;
}
* VIRTUAL HOST + PROXY REVERSO
server {
listen 80;
server_name www.dominio.com.br;
access_log /var/log/nginx/www.dominio_access.log;
error_log /var/log/nginx/www.dominio_error.log;
location / {
include /etc/nginx/proxy_params;
proxy_pass http://www.dominio.com.br:8080/;
}
}
* Virtual Host com Agent, VTS e GeoIP
vhost_traffic_status_filter_by_set_key $filter_user_agent agent::$server_name;
vhost_traffic_status_filter_by_set_key $geoip_country_code country::$server_name;
vhost_traffic_status_filter_by_set_key $geoip_city city::$server_name;
vhost_traffic_status_filter_by_set_key $geoip_region region::$server_name;
vhost_traffic_status_filter_by_set_key $geoip_region_name region_name::$server_name;
location /status {
# stub_status;
# access_log off;
# allow 10.0.0.0/24;
# deny all;
vhost_traffic_status_display;
vhost_traffic_status_display_format html;
}
Configurar worker_processes antes da tag events
# grep processor /proc/cpuinfo | wc -l
4
# vi /etc/nginx/nginx.conf
user www-data;
worker_processes auto;
...
Ou
worker_processes 4;
Configurar worker_connections
# vi /etc/nginx/nginx.conf
events {
use epoll; <- Avaliar
worker_connections 1024; <- Para cada core serão abertas 1024 conexões
multi_accept on; <- Avaliar off também
}
# vi /etc/nginx/nginx.conf
http {
...
server_tokens off;
...
##
# Logging Settings
##
access_log off;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
gzip_min_length 1000;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
...
}
* AVALIAR SE FUNCIONA
open_file_cache max=1000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 5;
open_file_cache_errors off;