今天,产品那边发来需求,说有个 APP 的 IOS 版本下载包需要新增 https 协议,在景安购买了免费的 SSL 证书。当我往 nginx 上新增 ssl 时,发现服务器上的 nginx 居然没编译 SSL 模块!

看了下旧版本 nginx 的 configure 选项:

1 linux-gz215:# /usr/local/sbin/nginx -V
2 nginx version: nginx/1.0.11
3 built by gcc 4.1.2 20070115 (prerelease) (SUSE Linux)
4 configure arguments: --prefix=/usr/local/nginx

可能是出于最小化安装的考虑,就只有一个 prefix 参数,而版本也挺低的,干脆就升级一下好了!由于服务器处于在线服务状态,为了避免升级带来的不良影响,我决定给 nginx 来个平滑升级,结果发现还真是如丝般顺滑。。。

下面记录一下平滑升级和新增模块的过程。

一、半自动平滑升级

所谓半自动,其实就是在最后迁移的时候使用源码自带的升级命令:make upgrade 来自动完成。

①、按需编译新版本的 nginx

根据需求,常规编译新版本 nginx,不过只要执行到 make 就打住,不要 make install!

#下载1.5.7版本,并解压
cd /usr/local/src
wget http://nginx.org/download/nginx-1.6.0.tar.gz
tar zxvf nginx-1.6.0.tar.gz
cd nginx-1.6.0

#根据实际需要新增的模块,先准备所需文件(其实只需要解压即可,全部安装,后面编译就可以不指定路径了):
#1. 安装pcre:
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.34.tar.gz 
tar -zxvf pcre-8.34.tar.gz
cd pcre-8.34
./configure && make && make install

#2. 安装zlib:
cd /usr/local/src
wget http://zlib.net/zlib-1.2.8.tar.gz
tar -zxvf zlib-1.2.8.tar.gz
cd zlib-1.2.8
./configure && make && make install

#3. 安装openssl:
cd /usr/local/src
wget http://www.openssl.org/source/openssl-1.0.1c.tar.gz
tar -zxvf openssl-1.0.1c.tar.gz
cd openssl-1.0.1c
./configure && make && make install

#加上所需参数开始编译:
./configure --user=www --group=www \
--prefix=/usr/local/nginx \
--with-http_ssl_module \
--with-openssl=/usr/local/src/openssl-1.0.1c \ #对应openssl源码解压后的路径,下同(pcre,zlib)
--with-http_stub_status_module \
--with-pcre \
--with-pcre=/usr/local/src/pcre-8.21 \
--with-zlib=/usr/local/src/zlib-1.2.8

#执行make编译,但是不要执行make install

make

②、重命名 nginx 旧版本二进制文件,即 sbin 目录下的 nginx(期间 nginx 并不会停止服务!):

linux-gz215:/usr/local/src/nginx-1.6.0 # mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.old

③、然后拷贝一份新编译的二进制文件:

linux-gz215:/usr/local/src/nginx-1.6.0 # cp objs/nginx /usr/local/nginx/sbin/

④、在源码目录执行 make upgrade 开始升级:

linux-gz215:/usr/local/src/nginx-1.6.0 # make upgrade
 
#下面是make upgrade命令的打印信息:
/usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
kill -USR2 `cat /usr/local/nginx/logs/nginx.pid`
sleep 1
test -f /usr/local/nginx/logs/nginx.pid.oldbin
kill -QUIT `cat /usr/local/nginx/logs/nginx.pid.oldbin`
 
#最后确认一下nginx进程,可以发现有2个主进程,并且有正在关闭的进程(shutting down):
linux-gz215:/usr/local/src/nginx-1.6.0 # ps aux | grep nginx
root 969 0.0 0.3 8260 1844 ? Ss Dec09 0:01 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
www 4196 0.1 2.5 19112 12872 ? S 14:52 0:00 nginx: worker process is shutting down
www 4260 0.1 2.5 19112 12872 ? S 14:52 0:00 nginx: worker process is shutting down
www 4257 0.1 2.5 19112 12872 ? S 14:52 0:00 nginx: worker process is shutting down
root 4663 0.0 0.3 5488 1900 ? S 14:58 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
 
#过一段时间后,再次确认nginx进程,可以发现老进程已自动退出了(存在一段时间是因为旧进程还有未结束的服务)
root 969 0.0 0.3 8260 1844 ? Ss Dec09 0:01 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
www       4665  0.1  2.4  16508 12444 ?        S    14:58   0:01 nginx: worker process

完成后,最后确认一下 nginx -V :

linux-gz215:~ # /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.6.0
built by gcc 4.1.2 20070115 (prerelease) (SUSE Linux)
TLS SNI support enabled
configure arguments: --user=www --group=www --prefix=/usr/local/nginx --with-http_ssl_module --with-openssl=/usr/local/src/openssl-1.0.1c --with-http_stub_status_module --with-pcre --with-pcre=/usr/local/src/pcre-8.21 --with-zlib=/usr/local/src/zlib-1.2.8

正常了,平滑升级成功!

二、纯手动平滑升级

纯手动模式,指的是在最后做迁移的时候,全部使用手动命令来搞定,避免编译可能存在不一致的参数啥的。

实际上,在 make 之后,我们可以查看 nginx 源码目录下的 Makefile 内容如下:

default:        build

clean:
        rm -rf Makefile objs

build:
        $(MAKE) -f objs/Makefile
        $(MAKE) -f objs/Makefile manpage

install:
        $(MAKE) -f objs/Makefile install

upgrade:
        /usr/local/nginx/sbin/nginx -t

        kill -USR2 `cat /usr/local/nginx/logs/nginx.pid`
        sleep 1
        test -f /usr/local/nginx/logs/nginx.pid.oldbin

        kill -QUIT `cat /usr/local/nginx/logs/nginx.pid.oldbin`

所以,说白了纯手动就是执行 upgrade 标签下的命令行而已,实际上只要确认 Makefile 下的命令路径都是正确的,用命令自动迁移是没有任何问题的。

总是有人会不放心的,喜欢手动一步一步的搞定,我也来整理下纯手动步骤:

①~③和半自动一样,按常规步骤先编译 nginx,不过只执行到 make 就打住,然后将旧的 sbin 下的 nginx 文件移走,再将编译得到的 objs 目录下的 nginx 文件放到原来的 sbin 目录。

④、测试新版本的 nginx 是否正常:

[root@Mars_Server nginx-1.6.0]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok #OK,没有问题!
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

⑤、给旧 nginx 发送平滑迁移信号(若不清楚 pid 路径就用可用命令(2)):

#可用命令(1):
kill -USR2 `cat /usr/local/nginx/logs/nginx.pid`

#可用命令(2):
kill -USR2 `ps aux | grep "nginx: master process" | grep -v grep | awk '{print $2}'`

Ps:后面其实就是旧 nginx 的 pid,所以先用 ps aux 找到正在运行的 nginx 主进程 pid,再执行 kill -USR2 PID 值亦可。

⑥、等待旧版本 Nginx 的 pid 变为 oldbin(执行如下命令查看是否生成)

test -f /usr/local/nginx/logs/nginx.pid.oldbin && echo OK!

⑦、  从容关闭旧版本的 Nginx 进程

kill –WINCH `cat /usr/local/nginx/log/nginx.oldbin`

此时,旧的工作进程就都会慢慢随着任务执行完毕而退出,新版的 Nginx 的工作进程会逐渐取代旧版工作进程。

⑧、此时,不重载配置启动旧工作进程(个人感觉是为了将任务完全切换到新的 nginx 上)

kill –HUP `cat /url/local/nginx/log/nginx.oldbin`

⑨、结束工作进程,完成此次升级操作:

kill –QUIT `cat /usr/local/nginx/log/nginx.oldbin`

⑩、最后,验证 nginx 是否升级成功:

linux-gz215:~ # /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.6.0 #没问题
built by gcc 4.1.2 20070115 (prerelease) (SUSE Linux)
TLS SNI support enabled
configure arguments: --user=www --group=www --prefix=/usr/local/nginx --with-http_ssl_module --with-openssl=/usr/local/src/openssl-1.0.1c --with-http_stub_status_module --with-pcre --with-pcre=/usr/local/src/pcre-8.21 --with-zlib=/usr/local/src/zlib-1.2.8

特意测试了下纯手动的做法,下面是我的操作记录,仅供参考:

linux-gz215:/usr/local/nginx # cd sbin/
linux-gz215:/usr/local/nginx/sbin # ll
总计 6828
-rwxr-xr-x 1 root root 6975582 2014-12-23 16:44 nginx
linux-gz215:/usr/local/nginx/sbin # mv nginx nginx.old
linux-gz215:/usr/local/nginx/sbin # 
linux-gz215:/usr/local/nginx/sbin # cp /usr/local/src/nginx-1.5.7/objs/
autoconf.err        nginx               ngx_auto_config.h   ngx_modules.c       src/              
Makefile            nginx.8             ngx_auto_headers.h  ngx_modules.o       
linux-gz215:/usr/local/nginx/sbin # cp /usr/local/src/nginx-1.5.7/objs/nginx .
linux-gz215:/usr/local/nginx/sbin # ll
总计 13656
-rwxr-xr-x 1 root root 6975582 2014-12-23 16:57 nginx
-rwxr-xr-x 1 root root 6975582 2014-12-23 16:44 nginx.old
linux-gz215:/usr/local/nginx/sbin # /usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
linux-gz215:/usr/local/nginx/sbin # ps aux | grep nginx 
root     18152  0.0  0.0   9264  2588 ?        S    16:45   0:00 nginx: master process ./nginx
nobody   18331  1.0  0.0  13360  5488 ?        S    16:52   0:04 nginx: worker process
nobody   18332  1.2  0.0  13360  5488 ?        S    16:52   0:05 nginx: worker process
nobody   18333  0.6  0.0  13360  5488 ?        S    16:52   0:02 nginx: worker process
nobody   18334  0.8  0.0  13360  5488 ?        S    16:52   0:03 nginx: worker process
nobody   18335  0.4  0.0  13360  5488 ?        S    16:52   0:01 nginx: worker process
nobody   18336  0.1  0.0  13360  5488 ?        S    16:52   0:00 nginx: worker process
nobody   18337  0.3  0.0  13828  5844 ?        S    16:52   0:01 nginx: worker process
nobody   18338  0.2  0.0  13360  5488 ?        S    16:52   0:01 nginx: worker process
root     18473  0.0  0.0   4952   796 pts/1    S+   16:58   0:00 grep nginx
linux-gz215:/usr/local/nginx/sbin # kill -USR2 18152
linux-gz215:/usr/local/nginx/sbin # ps aux | grep nginx
root     18152  0.0  0.0   9264  2588 ?        S    16:45   0:00 nginx: master process ./nginx
nobody   18331  0.9  0.0  13360  5488 ?        S    16:52   0:04 nginx: worker process
nobody   18332  1.2  0.0  13360  5488 ?        S    16:52   0:05 nginx: worker process
nobody   18333  0.5  0.0  13360  5488 ?        S    16:52   0:02 nginx: worker process
nobody   18334  0.8  0.0  13360  5488 ?        S    16:52   0:03 nginx: worker process
nobody   18335  0.4  0.0  13360  5488 ?        S    16:52   0:01 nginx: worker process
nobody   18336  0.2  0.0  13792  5840 ?        S    16:52   0:01 nginx: worker process
nobody   18337  0.5  0.0  13464  5504 ?        S    16:52   0:02 nginx: worker process
nobody   18338  0.2  0.0  13360  5488 ?        S    16:52   0:01 nginx: worker process
root     18474  0.0  0.0   9124  2460 ?        S    16:59   0:00 nginx: master process ./nginx
nobody   18475  5.0  0.0  13364  5424 ?        S    16:59   0:00 nginx: worker process
nobody   18476  0.0  0.0  13136  5040 ?        S    16:59   0:00 nginx: worker process
nobody   18477  0.0  0.0  13136  5040 ?        S    16:59   0:00 nginx: worker process
nobody   18478  0.0  0.0  13136  5040 ?        S    16:59   0:00 nginx: worker process
nobody   18479  0.0  0.0  13136  5040 ?        S    16:59   0:00 nginx: worker process
nobody   18480  0.0  0.0  13136  5040 ?        S    16:59   0:00 nginx: worker process
nobody   18481  0.0  0.0  13136  5040 ?        S    16:59   0:00 nginx: worker process
nobody   18482  0.0  0.0  13136  5032 ?        S    16:59   0:00 nginx: worker process
root     18484  0.0  0.0   4960   812 pts/1    S+   16:59   0:00 grep nginx
linux-gz215:/usr/local/nginx/sbin # kill -WINCH 18152
linux-gz215:/usr/local/nginx/sbin # ps aux | grep nginx
root     18152  0.0  0.0   9264  2588 ?        S    16:45   0:00 nginx: master process ./nginx
nobody   18334  0.7  0.0  13360  5488 ?        S    16:52   0:03 nginx: worker process is shutting down
nobody   18337  0.5  0.0  13360  5488 ?        S    16:52   0:02 nginx: worker process is shutting down
root     18474  0.0  0.0   9124  2460 ?        S    16:59   0:00 nginx: master process ./nginx
nobody   18475  2.3  0.0  13672  5724 ?        S    16:59   0:01 nginx: worker process
nobody   18476  0.0  0.0  13136  5240 ?        S    16:59   0:00 nginx: worker process
nobody   18477  0.0  0.0  13136  5040 ?        S    16:59   0:00 nginx: worker process
nobody   18478  0.0  0.0  13136  5040 ?        S    16:59   0:00 nginx: worker process
nobody   18479  0.0  0.0  13136  5040 ?        S    16:59   0:00 nginx: worker process
nobody   18480  0.0  0.0  13136  5040 ?        S    16:59   0:00 nginx: worker process
nobody   18481  0.0  0.0  13136  5240 ?        S    16:59   0:00 nginx: worker process
nobody   18482  0.0  0.0  13136  5240 ?        S    16:59   0:00 nginx: worker process
root     18486  0.0  0.0   4956   796 pts/1    S+   16:59   0:00 grep nginx
linux-gz215:/usr/local/nginx/sbin # ps aux | grep nginx
root     18152  0.0  0.0   9264  2588 ?        S    16:45   0:00 nginx: master process ./nginx
root     18474  0.0  0.0   9124  2460 ?        S    16:59   0:00 nginx: master process ./nginx
nobody   18475  2.8  0.0  13792  5908 ?        S    16:59   0:01 nginx: worker process
nobody   18476  0.0  0.0  13136  5240 ?        S    16:59   0:00 nginx: worker process
nobody   18477  0.0  0.0  13136  5040 ?        S    16:59   0:00 nginx: worker process
nobody   18478  0.0  0.0  13136  5040 ?        S    16:59   0:00 nginx: worker process
nobody   18479  0.0  0.0  13136  5040 ?        S    16:59   0:00 nginx: worker process
nobody   18480  0.0  0.0  13136  5040 ?        S    16:59   0:00 nginx: worker process
nobody   18481  0.0  0.0  13136  5240 ?        S    16:59   0:00 nginx: worker process
nobody   18482  0.0  0.0  13136  5240 ?        S    16:59   0:00 nginx: worker process
root     18488  0.0  0.0   4956   796 pts/1    S+   16:59   0:00 grep nginx
linux-gz215:/usr/local/nginx/sbin # kill -HUP 18152
linux-gz215:/usr/local/nginx/sbin # ps aux | grep nginx
root     18152  0.0  0.0   9264  2588 ?        S    16:45   0:00 nginx: master process ./nginx
root     18474  0.0  0.0   9124  2460 ?        S    16:59   0:00 nginx: master process ./nginx
nobody   18475  3.1  0.0  13256  5376 ?        S    16:59   0:02 nginx: worker process
nobody   18476  0.0  0.0  13256  5336 ?        S    16:59   0:00 nginx: worker process
nobody   18477  0.8  0.0  13420  5532 ?        S    16:59   0:00 nginx: worker process
nobody   18478  0.2  0.0  13256  5376 ?        S    16:59   0:00 nginx: worker process
nobody   18479  0.2  0.0  13580  5656 ?        S    16:59   0:00 nginx: worker process
nobody   18480  0.0  0.0  13256  5376 ?        S    16:59   0:00 nginx: worker process
nobody   18481  0.3  0.0  13412  5532 ?        S    16:59   0:00 nginx: worker process
nobody   18482  0.0  0.0  13256  5320 ?        S    16:59   0:00 nginx: worker process
nobody   18570  2.0  0.0  13276  5380 ?        S    17:00   0:00 nginx: worker process
nobody   18571  0.0  0.0  13276  5172 ?        S    17:00   0:00 nginx: worker process
nobody   18572  0.0  0.0  13276  5172 ?        S    17:00   0:00 nginx: worker process
nobody   18573  0.0  0.0  13276  5172 ?        S    17:00   0:00 nginx: worker process
nobody   18574  0.0  0.0  13276  5172 ?        S    17:00   0:00 nginx: worker process
nobody   18575  0.0  0.0  13276  5172 ?        S    17:00   0:00 nginx: worker process
nobody   18576  0.0  0.0  13276  5172 ?        S    17:00   0:00 nginx: worker process
nobody   18577  0.0  0.0  13276  5164 ?        S    17:00   0:00 nginx: worker process
root     18579  0.0  0.0   4960   812 pts/1    S+   17:00   0:00 grep nginx
linux-gz215:/usr/local/nginx/sbin # kill -QUIT 18152
linux-gz215:/usr/local/nginx/sbin # ps aux | grep nginx
root     18474  0.0  0.0   9124  2460 ?        S    16:59   0:00 nginx: master process ./nginx
nobody   18475  2.2  0.0  13256  5376 ?        S    16:59   0:02 nginx: worker process
nobody   18476  0.0  0.0  13280  5400 ?        S    16:59   0:00 nginx: worker process
nobody   18477  1.5  0.0  13256  5376 ?        S    16:59   0:01 nginx: worker process
nobody   18478  0.1  0.0  13256  5376 ?        S    16:59   0:00 nginx: worker process
nobody   18479  0.2  0.0  13256  5376 ?        S    16:59   0:00 nginx: worker process
nobody   18480  0.0  0.0  13256  5376 ?        S    16:59   0:00 nginx: worker process
nobody   18481  0.2  0.0  13256  5376 ?        S    16:59   0:00 nginx: worker process
nobody   18482  0.0  0.0  13256  5320 ?        S    16:59   0:00 nginx: worker process
nobody   18570  3.2  0.0  13644  5672 ?        S    17:00   0:00 nginx: worker process
nobody   18571  0.0  0.0  13276  5172 ?        S    17:00   0:00 nginx: worker process
nobody   18572  0.0  0.0  13276  5172 ?        S    17:00   0:00 nginx: worker process
nobody   18573  0.0  0.0  13276  5172 ?        S    17:00   0:00 nginx: worker process
nobody   18574  0.0  0.0  13276  5172 ?        S    17:00   0:00 nginx: worker process
nobody   18575  0.0  0.0  13276  5172 ?        S    17:00   0:00 nginx: worker process
nobody   18576  0.0  0.0  13276  5172 ?        S    17:00   0:00 nginx: worker process
nobody   18577  0.6  0.0  13360  5412 ?        S    17:00   0:00 nginx: worker process
root     18582  0.0  0.0   4956   804 pts/1    R+   17:00   0:00 grep nginx
linux-gz215:/usr/local/nginx/sbin # ps aux | grep nginx
root     18474  0.0  0.0   9124  2460 ?        S    16:59   0:00 nginx: master process ./nginx
nobody   18475  2.2  0.0  13256  5376 ?        S    16:59   0:02 nginx: worker process
nobody   18476  0.2  0.0  13452  5520 ?        S    16:59   0:00 nginx: worker process
nobody   18477  1.5  0.0  13256  5376 ?        S    16:59   0:01 nginx: worker process
nobody   18478  0.1  0.0  13256  5376 ?        S    16:59   0:00 nginx: worker process
nobody   18479  0.2  0.0  13256  5376 ?        S    16:59   0:00 nginx: worker process
nobody   18480  0.0  0.0  13256  5376 ?        S    16:59   0:00 nginx: worker process
nobody   18481  0.2  0.0  13256  5376 ?        S    16:59   0:00 nginx: worker process
nobody   18482  0.0  0.0  13256  5320 ?        S    16:59   0:00 nginx: worker process
nobody   18570  3.2  0.0  13644  5672 ?        S    17:00   0:01 nginx: worker process
nobody   18571  0.0  0.0  13276  5172 ?        S    17:00   0:00 nginx: worker process
nobody   18572  0.0  0.0  13276  5172 ?        S    17:00   0:00 nginx: worker process
nobody   18573  0.0  0.0  13276  5172 ?        S    17:00   0:00 nginx: worker process
nobody   18574  0.0  0.0  13276  5172 ?        S    17:00   0:00 nginx: worker process
nobody   18575  0.0  0.0  13276  5172 ?        S    17:00   0:00 nginx: worker process
nobody   18576  0.0  0.0  13276  5172 ?        S    17:00   0:00 nginx: worker process
nobody   18577  0.5  0.0  13360  5412 ?        S    17:00   0:00 nginx: worker process
root     18584  0.0  0.0   4956   812 pts/1    S+   17:00   0:00 grep nginx
linux-gz215:/usr/local/nginx/sbin #

为了验证平滑升级确实不影响在线业务,我特意在升级的时候,利用 ab 命令一直在发送请求:

ab -n1000000 -c10 http://domain.com/

直到升级完成,使用 ctrl +C 终止并查看 ab 结果,可以发现几十万次的请求全部成功,没有失败!证明平滑升级的可行性!

centos nginx 升级到制定版本 nginx在线升级_旧版