一,背景
近期不少俄罗斯用户反馈网络异常。
计划新增两台欧洲代理服务器,将俄罗斯地区的流量通过代理转到国内。
二,TOA模块安装
2.1,检查是否有已安装TOA模块
lsmod |grep toa
已安装则跳过
2.2,查看当前内核版本号,确认依赖kernel-devel、kernel-headers是否安装以及版本号是否与内核一致
uname -r && rpm -qa |egrep 'kernel-devel|kernel-headers'
如果缺少这两个包,执行下面命令补全
安装内核开发包
sudo yum -y install kernel-devel-`uname -r`
|
2.3,下载并编译安装
wget http://pathx.cn-bj.ufileos.com/linux_toa.tar.gz
tar -zxvf linux_toa.tar.gz
cd linux_toa
安装gcc
sudo yum -y install gcc
make
(切记切换到root权限)
cp toa.ko /lib/modules/3.10.0-1160.11.1.el7.x86_64/kernel/net/netfilter/ipvs/toa.ko
insmod /lib/modules/3.10.0-1160.11.1.el7.x86_64/kernel/net/netfilter/ipvs/toa.ko
设置开机启动
vim /etc/rc.local
insmod /lib/modules/3.10.0-1160.11.1.el7.x86_64/kernel/net/netfilter/ipvs/toa.ko
检查是否成功启动
lsmod |grep toa
验证
nginx环境下,直接在nginx 日志中查看真实访问者地址的ip,日志路径: /var/log/nginx/access.log
|
三,如何su到root
1),
输入命令:su root,回车提示输入密码,怎么输入都不对
2),
给root用户设置密码:
命令:sudo passwd root
输入密码,并确认密码
3),
重新输入命令:su root
然后输入密码:
|
四,安装nginx
安装
yum -y install nginx
启动
service nginx start
停止
service nginx stop
重启
service nginx restart
|
五,修改nginx配置及代理转发
5.1 修改event参数。默认的 worker_connections 1024太小了
vim /etc/nginx/nginx.conf
events {
use epoll;
worker_connections 40960;
}
#新增include
include include/*.conf;
include include/*/vhost.conf;
|
5.2 新增 include/proxy.conf
#!nginx (-)
# proxy.conf
proxy_redirect off;
#proxy_set_header X-QIHOO-IP $remote_addr;
proxy_set_header Host "$http_host";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
|
5.3, 新增 include/smart.360.cn.conf
#
#
#
upstream q_smart_ssl{
server xxx:443;
keepalive 300;
}
server {
listen 443 ssl;
# ssl on;
server_name xxx;
location / {
proxy_set_header Host "$http_host";
include include/proxy.conf;
proxy_pass https://xxx_ssl;
access_log /etc/nginx/logs/xxx_ssl-access.log;
error_log /etc/nginx/logs/xxx_ssl-error.log;
}
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 300;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE+ECDSA:ECDHE:AESGCM:AES:HIGH:MEDIUM:!kDH:!kECDH:!aNULL:!eNULL:!LOW:!MD5:!EXP:!DSS:!PSK:!SRP:!CAMELLIA:!IDEA:!SEED:!RC4:!3DES;
ssl_prefer_server_ciphers on;
ssl_certificate /etc/nginx/ssl/mult.xxx.cn.crt;
ssl_certificate_key /etc/nginx/ssl/mult.xxx.cn.key;
}
|
六,参数调优
client_max_body_size 64m; //限制请求体的大小. nginx对上传文件大小有限制,而且默认是1M.
client_body_buffer_size 256k; //小于client_body_buffer_size直接在内存中高效存储。如果大于client_body_buffer_size小于client_max_body_size会存储临时文件
worker_rlimit_nofile 40960; //进程最大打开文件数
|