技术交流QQ群:①185473046   ②190706903   ③203744115   网站地图
登录

下次自动登录
现在的位置: 首页Nginx>正文
Linux下Nginx版本平滑升级与回滚
2022年08月03日 Nginx 暂无评论 ⁄ 被围观 4,378次+

操作系统:CentOS 7.x

准备篇

一、防火墙配置

CentOS 7.x默认使用的是firewall作为防火墙,这里改为iptables防火墙。

1、关闭firewall:

systemctl stop firewalld.service #停止firewall

systemctl disable firewalld.service #禁止firewall开机启动

systemctl mask firewalld

systemctl stop firewalld

yum remove firewalld

2、安装iptables防火墙

yum install iptables-services #安装

vi /etc/sysconfig/iptables #编辑防火墙配置文件

# sample configuration for iptables service

# you can edit this manually or use system-config-firewall

# please do not ask us to add additional ports/services to this default configuration

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

:wq! #保存退出

systemctl restart iptables.service #最后重启防火墙使配置生效

systemctl enable iptables.service #设置防火墙开机启动

/usr/libexec/iptables/iptables.init restart #重启防火墙

二、关闭SELINUX

vi /etc/selinux/config

#SELINUX=enforcing #注释掉

#SELINUXTYPE=targeted #注释掉

SELINUX=disabled #增加

:wq! #保存退出

setenforce 0 #使配置立即生效

三 、系统约定

软件源代码包存放位置:/usr/local/src

源码包编译安装位置:/usr/local/软件名字

四、下载软件包

1、下载nginx

http://nginx.org/download/nginx-1.18.0.tar.gz

http://nginx.org/download/nginx-1.22.0.tar.gz

2、下载pcre(支持nginx伪静态)

https://ftp.exim.org/pub/pcre/pcre-8.45.tar.gz

3、下载zlib(nginx扩展)

https://zlib.net/zlib-1.2.12.tar.gz

4、下载openssl(适用于nginx扩展https)

https://www.openssl.org/source/openssl-1.1.1q.tar.gz

5、下载ngx_cache_purge(nginx缓存模块)

http://labs.frickle.com/files/ngx_cache_purge-2.3.tar.gz

以上软件包上传到/usr/local/src目录

五、安装编译工具包

yum install make gcc gcc-c++ perl zlib-devel

安装篇

一、安装Nginx

1、安装pcre

cd /usr/local/src

mkdir /usr/local/pcre

tar zxvf pcre-8.45.tar.gz

cd pcre-8.45

./configure --prefix=/usr/local/pcre

make

make install

2、安装zlib

cd /usr/local/src

mkdir /usr/local/zlib

tar zxvf zlib-1.2.12.tar.gz

cd zlib-1.2.12

./configure --prefix=/usr/local/zlib

make

make install

3、安装openssl

cd /usr/local/src

mkdir /usr/local/openssl

tar zxvf openssl-1.1.1q.tar.gz

cd openssl-1.1.1q

./config -fPIC shared zlib --prefix=/usr/local/openssl

make

make install

4、安装Nginx

groupadd www

useradd -g www www -s /bin/false

cd /usr/local/src

tar zxvf ngx_cache_purge-2.3.tar.gz

tar zxvf nginx-1.18.0.tar.gz

cd nginx-1.18.0

./configure --prefix=/usr/local/nginx --user=www --group=www --without-http_memcached_module --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --with-http_realip_module --with-stream  --with-openssl=/usr/local/src/openssl-1.1.1q --with-zlib=/usr/local/src/zlib-1.2.12 --with-pcre=/usr/local/src/pcre-8.45 --add-module=../ngx_cache_purge-2.3

注意:--with-openssl=/usr/local/src/openssl-1.1.1q --with-zlib=/usr/local/src/zlib-1.2.12 --with-pcre=/usr/local/src/pcre-8.45指向的是源码包解压的路径,而不是安装的路径,否则会报错。

make

make install

/usr/local/nginx/sbin/nginx #启动Nginx

#查看nginx版本和安装模块信息

/usr/local/nginx/sbin/nginx -V

二、平滑升级nginx版本

1、备份旧版nginx

cp -r /usr/local/nginx /usr/local/nginx.bak

2、查看旧版编译信息

/usr/local/nginx/sbin/nginx -V

3、使用新版本安装包进行配置configure和编译make(切记不执行安装操作 make install)

cd /usr/local/src

tar zxvf nginx-1.22.0.tar.gz

cd nginx-1.22.0

./configure --prefix=/usr/local/nginx --user=www --group=www --without-http_memcached_module --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --with-http_realip_module --with-stream  --with-openssl=/usr/local/src/openssl-1.1.1q --with-zlib=/usr/local/src/zlib-1.2.12 --with-pcre=/usr/local/src/pcre-8.45 --add-module=../ngx_cache_purge-2.3

make

4、备份二进制文件,用新版替换旧版

#备份旧文件

mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.old

#使用新文件替换旧文件

cp /usr/local/src/nginx-1.22.0/objs/nginx /usr/local/nginx/sbin/nginx

5、检查nginx配置文件是否正常运行

/usr/local/nginx/sbin/nginx -t

[root@localhost sbin]# /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

6、查找nginx主进程,向master进程发送USER2信号,使新旧进程同时存在

ps -ef|grep nginx

[root@localhost sbin]# ps -ef|grep nginx

root 80739 1 0 05:15 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx

www 80740 80739 0 05:15 ? 00:00:00 nginx: worker process

root 80758 7675 0 05:17 pts/0 00:00:00 grep --color=auto nginx

#查看nginx进程状态

systemctl status 80739

#执行下面的操作,向master进程发送USER2信号

kill -USR2 80739

说明:

#旧版nginx的master进程将/usr/local/nginx/logs/nginx.pid重命名为/usr/local/nginx/logs/nginx.pid.oldbin

#新版nginx启动新的master进程,重新生成新的nginx.pid文件,此时新的nginx进程和旧的nginx进程同时存在,之前旧的请求继续在旧版本运行,新的请求在新版本运行

[root@localhost sbin]# ps -ef|grep nginx

root 80739 1 0 05:15 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx

www 80740 80739 0 05:15 ? 00:00:00 nginx: worker process

root 80761 80739 0 05:18 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx

www 80762 80761 0 05:18 ? 00:00:00 nginx: worker process

root 80764 7675 0 05:18 pts/0 00:00:00 grep --color=auto nginx

7、平滑升级和回退操作

7.1平滑升级

#验证新版本是否正常运行,如果运行正常就向旧的worker进程发送平滑停止的信号,停止旧的worker进程

kill -WINCH 80739

[root@localhost sbin]# ps -ef|grep nginx

root 80739 1 0 05:15 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx

root 80761 80739 0 05:18 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx

www 80762 80761 0 05:18 ? 00:00:00 nginx: worker process

root 80766 7675 0 05:20 pts/0 00:00:00 grep --color=auto nginx

#退出旧版master进程,旧版文件/usr/local/nginx/logs/nginx.pid.oldbin自动删除

kill -QUIT 80739

[root@localhost sbin]# ps -ef|grep nginx

root 80761 1 0 05:18 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx

www 80762 80761 0 05:18 ? 00:00:00 nginx: worker process

root 80768 7675 0 05:22 pts/0 00:00:00 grep --color=auto nginx

#查看版本,nginx已经平滑升级到新版本

/usr/local/nginx/sbin/nginx -V

7.2回退到旧版本

#如果新版本有问题,同样可以平滑回退到旧版本

ps -ef|grep nginx

[root@localhost sbin]# ps -ef|grep nginx

root 80841 1 0 05:37 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx

www 80842 80841 0 05:37 ? 00:00:00 nginx: worker process

root 80850 80841 0 05:38 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx

www 80851 80850 0 05:38 ? 00:00:00 nginx: worker process

root 80856 7675 0 05:39 pts/0 00:00:00 grep --color=auto nginx

#查看旧版本的/usr/local/nginx/logs/nginx.pid.oldbin

cat /usr/local/nginx/logs/nginx.pid.oldbin

[root@localhost sbin]# cat /usr/local/nginx/logs/nginx.pid.oldbin

80841

#启动旧版worker进程

kill -s HUP 80841

[root@localhost sbin]# ps -ef|grep nginx

root 80841 1 0 05:37 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx

www 80842 80841 0 05:37 ? 00:00:00 nginx: worker process

root 80850 80841 0 05:38 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx

www 80851 80850 0 05:38 ? 00:00:00 nginx: worker process

www 80858 80841 0 05:40 ? 00:00:00 nginx: worker process

root 80860 7675 0 05:40 pts/0 00:00:00 grep --color=auto nginx

#查看新版本的/usr/local/nginx/logs/nginx.pid

cat /usr/local/nginx/logs/nginx.pid

[root@localhost logs]# cat /usr/local/nginx/logs/nginx.pid

80850

#关闭新版本worker进程

kill -WINCH 80850

[root@localhost sbin]# ps -ef|grep nginx

root 80841 1 0 05:37 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx

www 80842 80841 0 05:37 ? 00:00:00 nginx: worker process

root 80850 80841 0 05:38 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx

www 80858 80841 0 05:40 ? 00:00:00 nginx: worker process

root 80863 7675 0 05:41 pts/0 00:00:00 grep --color=auto nginx

#关闭新版master进程,旧版文件/usr/local/nginx/logs/nginx.pid.oldbin自动覆盖新版文件nginx.pid

kill -QUIT 80850

[root@localhost sbin]# ps -ef|grep nginx

root 80841 1 0 05:37 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx

www 80842 80841 0 05:37 ? 00:00:00 nginx: worker process

www 80858 80841 0 05:40 ? 00:00:00 nginx: worker process

root 80866 7675 0 05:41 pts/0 00:00:00 grep --color=auto nginx

#删除新版本二进制文件

rm -rf /usr/local/nginx/sbin/nginx

#恢复旧版本二进制文件

mv /usr/local/nginx/sbin/nginx.old /usr/local/nginx/sbin/nginx

#查看版本,nginx已经平滑回退到旧版本

/usr/local/nginx/sbin/nginx -V

附件:nginx启动|关闭脚本

vi  /usr/local/nginx/nginx.sh

#!/bin/bash

#应用名称

APP_NAME=nginx

#nginx安装目录

DIR=/usr/local/nginx

#nginx进程文件

PIDFILE=$DIR/logs/nginx.pid

#nginx配置文件

CONF=$DIR/conf/nginx.conf

#使用说明,用来提示输入参数

usage() {

echo "Usage: ./nginx.sh [start|stop|restart|status]"

exit 1

}

#检查程序是否在运行

is_exist() {

if [ -f $PIDFILE ]

then

pid=$(cat $PIDFILE)

else pid=

fi

#如果不存在返回1,存在返回0

if [ -z "${pid}" ]; then

return 1

else

return 0

fi

}

#启动方法

start() {

is_exist

if [ $? -eq "0" ]; then

echo "${APP_NAME} is already running pid=${pid}"

else

echo "nginx service start success"

$DIR/sbin/nginx -c $CONF

fi

}

#停止方法

stop() {

is_exist

if [ $? -eq "0" ]; then

kill -s QUIT $(cat $PIDFILE)

sleep 2

while [ -x $PIDFILE ]

do

echo "Waiting for nginx to shutdown..."

sleep 1

done

echo "nginx service stop success"

else

echo "${APP_NAME} is not running"

fi

}

#输出运行状态

status() {

is_exist

if [ $? -eq "0" ]; then

echo "${APP_NAME} is running Pid is ${pid}"

else

echo "${APP_NAME} is not running"

fi

}

#重启

restart() {

is_exist

if [ $? -eq "0" ]; then

kill -s QUIT $(cat $PIDFILE)

sleep 2

while [ -x $PIDFILE ]

do

echo "Waiting for nginx to shutdown..."

sleep 1

done

echo "nginx service stop success"

else

echo "${APP_NAME} is not running"

fi

$DIR/sbin/nginx -c $CONF

echo "Starting nginx server..."

sleep 1

echo "nginx service start success"

}

#根据输入参数,选择执行对应方法,不输入则执行使用说明

case "$1" in

"start")

start

;;

"stop")

stop

;;

"status")

status

;;

"restart")

restart

;;

*)

usage

;;

esac

:wq! #保存退出

#添加执行权限

chmod  +x  /usr/local/nginx/nginx.sh

#添加开机启动

vi /etc/rc.d/rc.local

/bin/sh  /usr/local/nginx/nginx.sh  start

:wq! #保存退出

#默认/etc/rc.local没有执行权限,需要手动添加执行权限

chmod +x /etc/rc.d/rc.local

#解决普通用户启动nginx不能使用80端口的问题

setcap cap_net_bind_service=+eip  [nginx命令路径]

setcap cap_net_bind_service=+eip /data/server/nginx/sbin/nginx

#取消普通用户使用1024以下端口方式

setcap -r [nginx命令路径]

setcap -r /data/server/nginx/sbin/nginx

至此,Linux下Nginx 版本平滑升级与回滚教程完成。

     

  系统运维技术交流QQ群:①185473046 系统运维技术交流□Ⅰ ②190706903 系统运维技术交流™Ⅱ ③203744115 系统运维技术交流™Ⅲ

给我留言

您必须 [ 登录 ] 才能发表留言!



Copyright© 2011-2024 系统运维 All rights reserved
版权声明:本站所有文章均为作者原创内容,如需转载,请注明出处及原文链接
陕ICP备11001040号-3