Nginx监控部署笔记

SSL支持

参考文档

https://blog.51cto.com/u_13363488/2350495

安装SSL依赖

# 直接使用yum安装ssl相关devel依赖
yum -y install openssl openssl-devel pcre pcre-devel zlib zlib-devel

编译参数

--with-http_ssl_module \

---

Prometheus监控

参考文档

• https://www.bboy.app/2021/02/03/%E4%BD%BF%E7%94%A8prometheus%E7%9B%91%E6%8E%A7nginx/

下载nginx-module-vts

git clone git://github.com/vozlt/nginx-module-vts.git

编译参数

--with-http_stub_status_module \
--add-module=/data/pkg/nginx-module-vts-master

nginx.conf配置

# http新增
    vhost_traffic_status_zone;

# server新增
        # http_stub_status_module status
        location = /basic_status {
            stub_status on;
        }
        # nginx-module-vts status
        location /status {
            vhost_traffic_status_display;
            vhost_traffic_status_display_format html;
        }

验证

• http://10.193.10.54/basic_status
• http://10.193.10.54/status/format/prometheus

Prometheus

ssh root@10.193.21.4 # yourpass!

vi prometheus.yml

- job_name: 'ES集群'
  static_configs:
  - targets: ['10.193.10.51:9100','10.193.10.52:9100','10.193.10.53:9100']

- job_name: 'Nginx监控'
  metrics_path: '/status/format/prometheus'
  scheme: 'http'
  static_configs:
  - targets: ['10.193.10.54:80']
      labels:
      instance: dev-nginx

Grafana

导入模板: https://grafana.com/grafana/dashboards/13816

---

地址位置限制

参考文档

• https://www.jianshu.com/p/de4749970469
• https://blog.csdn.net/kikajack/article/details/79338965
• http://nginx.org/en/docs/http/ngx_http_geoip_module.html#geoip_city
• https://keeplearn.vip/2018/11/25/Nginx-Module-Geoip/
• https://www.digitalocean.com/community/questions/how-to-use-geoip_city-on-nginx

安装geoip-devel

yum -y install geoip-devel

下载geoip数据库

https://www.miyuru.lk/geoiplegacy
https://mirrors-cdn.liferay.com/geolite.maxmind.com/download/geoip/database/

编译参数

--with-http_geoip_module \

nginx.conf配置

# http新增

    geoip_country /data/geoip/GeoIP.dat;
    geoip_city /data/geoip/GeoLiteCity.dat;

    geo $lan-ip {
        default no;
        10.193.0.0/16 yes;
    }

    map $geoip_country_code $allowed_country {
        default no;
        CN yes;
    }
    
    map $geoip_city $allowed_region {
        default no;
        Jinan yes;
    }

# server新增
        if ($lan-ip = yes) {
            set $allowed_country yes;
        }
        if ($allowed_country = no) {
          return 405;
        }
        if ($allowed_region = no) {
           return 405;
        }

验证

curl http://58.59.15.8:45444
curl http://10.193.10.54:80

---

Nginx编译

# 下载源码包
wget https://nginx.org/download/nginx-1.20.2.tar.gz

# 安装gcc
yum install gcc -y

# 配置
./configure --prefix=/data/nginx \
--with-http_ssl_module \
--with-http_stub_status_module \
--add-module=/data/pkg/nginx-module-vts-master \
--with-http_geoip_module \
--with-stream \
--with-http_v2_module \
--with-http_realip_module


# 编译
make
make install

验证:
http://10.193.10.54:80