今天,产品那边发来需求,说有个 APP 的 IOS 版本下载包需要新增 https 协议,在景安购买了免费的 SSL 证书。当我往 nginx 上新增 ssl 时,发现服务器上的 nginx 居然没编译 SSL 模块!
看了下旧版本 nginx 的 configure 选项:
1 linux-gz215:# /usr/local/sbin/nginx -V
2 nginx version: nginx/1.0.11
3 built by gcc 4.1.2 20070115 (prerelease) (SUSE Linux)
4 configure arguments: --prefix=/usr/local/nginx
可能是出于最小化安装的考虑,就只有一个 prefix 参数,而版本也挺低的,干脆就升级一下好了!由于服务器处于在线服务状态,为了避免升级带来的不良影响,我决定给 nginx 来个平滑升级,结果发现还真是如丝般顺滑。。。
下面记录一下平滑升级和新增模块的过程。
一、半自动平滑升级
所谓半自动,其实就是在最后迁移的时候使用源码自带的升级命令:make upgrade 来自动完成。
①、按需编译新版本的 nginx
根据需求,常规编译新版本 nginx,不过只要执行到 make 就打住,不要 make install!
#下载1.5.7版本,并解压
cd /usr/local/src
wget http://nginx.org/download/nginx-1.6.0.tar.gz
tar zxvf nginx-1.6.0.tar.gz
cd nginx-1.6.0
#根据实际需要新增的模块,先准备所需文件(其实只需要解压即可,全部安装,后面编译就可以不指定路径了):
#1. 安装pcre:
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.34.tar.gz
tar -zxvf pcre-8.34.tar.gz
cd pcre-8.34
./configure && make && make install
#2. 安装zlib:
cd /usr/local/src
wget http://zlib.net/zlib-1.2.8.tar.gz
tar -zxvf zlib-1.2.8.tar.gz
cd zlib-1.2.8
./configure && make && make install
#3. 安装openssl:
cd /usr/local/src
wget http://www.openssl.org/source/openssl-1.0.1c.tar.gz
tar -zxvf openssl-1.0.1c.tar.gz
cd openssl-1.0.1c
./configure && make && make install
#加上所需参数开始编译:
./configure --user=www --group=www \
--prefix=/usr/local/nginx \
--with-http_ssl_module \
--with-openssl=/usr/local/src/openssl-1.0.1c \ #对应openssl源码解压后的路径,下同(pcre,zlib)
--with-http_stub_status_module \
--with-pcre \
--with-pcre=/usr/local/src/pcre-8.21 \
--with-zlib=/usr/local/src/zlib-1.2.8
#执行make编译,但是不要执行make install
make
②、重命名 nginx 旧版本二进制文件,即 sbin 目录下的 nginx(期间 nginx 并不会停止服务!):
linux-gz215:/usr/local/src/nginx-1.6.0 # mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.old
③、然后拷贝一份新编译的二进制文件:
linux-gz215:/usr/local/src/nginx-1.6.0 # cp objs/nginx /usr/local/nginx/sbin/
④、在源码目录执行 make upgrade 开始升级:
linux-gz215:/usr/local/src/nginx-1.6.0 # make upgrade
#下面是make upgrade命令的打印信息:
/usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
kill -USR2 `cat /usr/local/nginx/logs/nginx.pid`
sleep 1
test -f /usr/local/nginx/logs/nginx.pid.oldbin
kill -QUIT `cat /usr/local/nginx/logs/nginx.pid.oldbin`
#最后确认一下nginx进程,可以发现有2个主进程,并且有正在关闭的进程(shutting down):
linux-gz215:/usr/local/src/nginx-1.6.0 # ps aux | grep nginx
root 969 0.0 0.3 8260 1844 ? Ss Dec09 0:01 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
www 4196 0.1 2.5 19112 12872 ? S 14:52 0:00 nginx: worker process is shutting down
www 4260 0.1 2.5 19112 12872 ? S 14:52 0:00 nginx: worker process is shutting down
www 4257 0.1 2.5 19112 12872 ? S 14:52 0:00 nginx: worker process is shutting down
root 4663 0.0 0.3 5488 1900 ? S 14:58 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
#过一段时间后,再次确认nginx进程,可以发现老进程已自动退出了(存在一段时间是因为旧进程还有未结束的服务)
root 969 0.0 0.3 8260 1844 ? Ss Dec09 0:01 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
www 4665 0.1 2.4 16508 12444 ? S 14:58 0:01 nginx: worker process
完成后,最后确认一下 nginx -V :
linux-gz215:~ # /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.6.0
built by gcc 4.1.2 20070115 (prerelease) (SUSE Linux)
TLS SNI support enabled
configure arguments: --user=www --group=www --prefix=/usr/local/nginx --with-http_ssl_module --with-openssl=/usr/local/src/openssl-1.0.1c --with-http_stub_status_module --with-pcre --with-pcre=/usr/local/src/pcre-8.21 --with-zlib=/usr/local/src/zlib-1.2.8
正常了,平滑升级成功!
二、纯手动平滑升级
纯手动模式,指的是在最后做迁移的时候,全部使用手动命令来搞定,避免编译可能存在不一致的参数啥的。
实际上,在 make 之后,我们可以查看 nginx 源码目录下的 Makefile 内容如下:
default: build
clean:
rm -rf Makefile objs
build:
$(MAKE) -f objs/Makefile
$(MAKE) -f objs/Makefile manpage
install:
$(MAKE) -f objs/Makefile install
upgrade:
/usr/local/nginx/sbin/nginx -t
kill -USR2 `cat /usr/local/nginx/logs/nginx.pid`
sleep 1
test -f /usr/local/nginx/logs/nginx.pid.oldbin
kill -QUIT `cat /usr/local/nginx/logs/nginx.pid.oldbin`
所以,说白了纯手动就是执行 upgrade 标签下的命令行而已,实际上只要确认 Makefile 下的命令路径都是正确的,用命令自动迁移是没有任何问题的。
总是有人会不放心的,喜欢手动一步一步的搞定,我也来整理下纯手动步骤:
①~③和半自动一样,按常规步骤先编译 nginx,不过只执行到 make 就打住,然后将旧的 sbin 下的 nginx 文件移走,再将编译得到的 objs 目录下的 nginx 文件放到原来的 sbin 目录。
④、测试新版本的 nginx 是否正常:
[root@Mars_Server nginx-1.6.0]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok #OK,没有问题!
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
⑤、给旧 nginx 发送平滑迁移信号(若不清楚 pid 路径就用可用命令(2)):
#可用命令(1):
kill -USR2 `cat /usr/local/nginx/logs/nginx.pid`
#可用命令(2):
kill -USR2 `ps aux | grep "nginx: master process" | grep -v grep | awk '{print $2}'`
Ps:后面其实就是旧 nginx 的 pid,所以先用 ps aux 找到正在运行的 nginx 主进程 pid,再执行 kill -USR2 PID 值亦可。
⑥、等待旧版本 Nginx 的 pid 变为 oldbin(执行如下命令查看是否生成)
test -f /usr/local/nginx/logs/nginx.pid.oldbin && echo OK!
⑦、 从容关闭旧版本的 Nginx 进程
kill –WINCH `cat /usr/local/nginx/log/nginx.oldbin`
此时,旧的工作进程就都会慢慢随着任务执行完毕而退出,新版的 Nginx 的工作进程会逐渐取代旧版工作进程。
⑧、此时,不重载配置启动旧工作进程(个人感觉是为了将任务完全切换到新的 nginx 上)
kill –HUP `cat /url/local/nginx/log/nginx.oldbin`
⑨、结束工作进程,完成此次升级操作:
kill –QUIT `cat /usr/local/nginx/log/nginx.oldbin`
⑩、最后,验证 nginx 是否升级成功:
linux-gz215:~ # /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.6.0 #没问题
built by gcc 4.1.2 20070115 (prerelease) (SUSE Linux)
TLS SNI support enabled
configure arguments: --user=www --group=www --prefix=/usr/local/nginx --with-http_ssl_module --with-openssl=/usr/local/src/openssl-1.0.1c --with-http_stub_status_module --with-pcre --with-pcre=/usr/local/src/pcre-8.21 --with-zlib=/usr/local/src/zlib-1.2.8
特意测试了下纯手动的做法,下面是我的操作记录,仅供参考:
linux-gz215:/usr/local/nginx # cd sbin/
linux-gz215:/usr/local/nginx/sbin # ll
总计 6828
-rwxr-xr-x 1 root root 6975582 2014-12-23 16:44 nginx
linux-gz215:/usr/local/nginx/sbin # mv nginx nginx.old
linux-gz215:/usr/local/nginx/sbin #
linux-gz215:/usr/local/nginx/sbin # cp /usr/local/src/nginx-1.5.7/objs/
autoconf.err nginx ngx_auto_config.h ngx_modules.c src/
Makefile nginx.8 ngx_auto_headers.h ngx_modules.o
linux-gz215:/usr/local/nginx/sbin # cp /usr/local/src/nginx-1.5.7/objs/nginx .
linux-gz215:/usr/local/nginx/sbin # ll
总计 13656
-rwxr-xr-x 1 root root 6975582 2014-12-23 16:57 nginx
-rwxr-xr-x 1 root root 6975582 2014-12-23 16:44 nginx.old
linux-gz215:/usr/local/nginx/sbin # /usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
linux-gz215:/usr/local/nginx/sbin # ps aux | grep nginx
root 18152 0.0 0.0 9264 2588 ? S 16:45 0:00 nginx: master process ./nginx
nobody 18331 1.0 0.0 13360 5488 ? S 16:52 0:04 nginx: worker process
nobody 18332 1.2 0.0 13360 5488 ? S 16:52 0:05 nginx: worker process
nobody 18333 0.6 0.0 13360 5488 ? S 16:52 0:02 nginx: worker process
nobody 18334 0.8 0.0 13360 5488 ? S 16:52 0:03 nginx: worker process
nobody 18335 0.4 0.0 13360 5488 ? S 16:52 0:01 nginx: worker process
nobody 18336 0.1 0.0 13360 5488 ? S 16:52 0:00 nginx: worker process
nobody 18337 0.3 0.0 13828 5844 ? S 16:52 0:01 nginx: worker process
nobody 18338 0.2 0.0 13360 5488 ? S 16:52 0:01 nginx: worker process
root 18473 0.0 0.0 4952 796 pts/1 S+ 16:58 0:00 grep nginx
linux-gz215:/usr/local/nginx/sbin # kill -USR2 18152
linux-gz215:/usr/local/nginx/sbin # ps aux | grep nginx
root 18152 0.0 0.0 9264 2588 ? S 16:45 0:00 nginx: master process ./nginx
nobody 18331 0.9 0.0 13360 5488 ? S 16:52 0:04 nginx: worker process
nobody 18332 1.2 0.0 13360 5488 ? S 16:52 0:05 nginx: worker process
nobody 18333 0.5 0.0 13360 5488 ? S 16:52 0:02 nginx: worker process
nobody 18334 0.8 0.0 13360 5488 ? S 16:52 0:03 nginx: worker process
nobody 18335 0.4 0.0 13360 5488 ? S 16:52 0:01 nginx: worker process
nobody 18336 0.2 0.0 13792 5840 ? S 16:52 0:01 nginx: worker process
nobody 18337 0.5 0.0 13464 5504 ? S 16:52 0:02 nginx: worker process
nobody 18338 0.2 0.0 13360 5488 ? S 16:52 0:01 nginx: worker process
root 18474 0.0 0.0 9124 2460 ? S 16:59 0:00 nginx: master process ./nginx
nobody 18475 5.0 0.0 13364 5424 ? S 16:59 0:00 nginx: worker process
nobody 18476 0.0 0.0 13136 5040 ? S 16:59 0:00 nginx: worker process
nobody 18477 0.0 0.0 13136 5040 ? S 16:59 0:00 nginx: worker process
nobody 18478 0.0 0.0 13136 5040 ? S 16:59 0:00 nginx: worker process
nobody 18479 0.0 0.0 13136 5040 ? S 16:59 0:00 nginx: worker process
nobody 18480 0.0 0.0 13136 5040 ? S 16:59 0:00 nginx: worker process
nobody 18481 0.0 0.0 13136 5040 ? S 16:59 0:00 nginx: worker process
nobody 18482 0.0 0.0 13136 5032 ? S 16:59 0:00 nginx: worker process
root 18484 0.0 0.0 4960 812 pts/1 S+ 16:59 0:00 grep nginx
linux-gz215:/usr/local/nginx/sbin # kill -WINCH 18152
linux-gz215:/usr/local/nginx/sbin # ps aux | grep nginx
root 18152 0.0 0.0 9264 2588 ? S 16:45 0:00 nginx: master process ./nginx
nobody 18334 0.7 0.0 13360 5488 ? S 16:52 0:03 nginx: worker process is shutting down
nobody 18337 0.5 0.0 13360 5488 ? S 16:52 0:02 nginx: worker process is shutting down
root 18474 0.0 0.0 9124 2460 ? S 16:59 0:00 nginx: master process ./nginx
nobody 18475 2.3 0.0 13672 5724 ? S 16:59 0:01 nginx: worker process
nobody 18476 0.0 0.0 13136 5240 ? S 16:59 0:00 nginx: worker process
nobody 18477 0.0 0.0 13136 5040 ? S 16:59 0:00 nginx: worker process
nobody 18478 0.0 0.0 13136 5040 ? S 16:59 0:00 nginx: worker process
nobody 18479 0.0 0.0 13136 5040 ? S 16:59 0:00 nginx: worker process
nobody 18480 0.0 0.0 13136 5040 ? S 16:59 0:00 nginx: worker process
nobody 18481 0.0 0.0 13136 5240 ? S 16:59 0:00 nginx: worker process
nobody 18482 0.0 0.0 13136 5240 ? S 16:59 0:00 nginx: worker process
root 18486 0.0 0.0 4956 796 pts/1 S+ 16:59 0:00 grep nginx
linux-gz215:/usr/local/nginx/sbin # ps aux | grep nginx
root 18152 0.0 0.0 9264 2588 ? S 16:45 0:00 nginx: master process ./nginx
root 18474 0.0 0.0 9124 2460 ? S 16:59 0:00 nginx: master process ./nginx
nobody 18475 2.8 0.0 13792 5908 ? S 16:59 0:01 nginx: worker process
nobody 18476 0.0 0.0 13136 5240 ? S 16:59 0:00 nginx: worker process
nobody 18477 0.0 0.0 13136 5040 ? S 16:59 0:00 nginx: worker process
nobody 18478 0.0 0.0 13136 5040 ? S 16:59 0:00 nginx: worker process
nobody 18479 0.0 0.0 13136 5040 ? S 16:59 0:00 nginx: worker process
nobody 18480 0.0 0.0 13136 5040 ? S 16:59 0:00 nginx: worker process
nobody 18481 0.0 0.0 13136 5240 ? S 16:59 0:00 nginx: worker process
nobody 18482 0.0 0.0 13136 5240 ? S 16:59 0:00 nginx: worker process
root 18488 0.0 0.0 4956 796 pts/1 S+ 16:59 0:00 grep nginx
linux-gz215:/usr/local/nginx/sbin # kill -HUP 18152
linux-gz215:/usr/local/nginx/sbin # ps aux | grep nginx
root 18152 0.0 0.0 9264 2588 ? S 16:45 0:00 nginx: master process ./nginx
root 18474 0.0 0.0 9124 2460 ? S 16:59 0:00 nginx: master process ./nginx
nobody 18475 3.1 0.0 13256 5376 ? S 16:59 0:02 nginx: worker process
nobody 18476 0.0 0.0 13256 5336 ? S 16:59 0:00 nginx: worker process
nobody 18477 0.8 0.0 13420 5532 ? S 16:59 0:00 nginx: worker process
nobody 18478 0.2 0.0 13256 5376 ? S 16:59 0:00 nginx: worker process
nobody 18479 0.2 0.0 13580 5656 ? S 16:59 0:00 nginx: worker process
nobody 18480 0.0 0.0 13256 5376 ? S 16:59 0:00 nginx: worker process
nobody 18481 0.3 0.0 13412 5532 ? S 16:59 0:00 nginx: worker process
nobody 18482 0.0 0.0 13256 5320 ? S 16:59 0:00 nginx: worker process
nobody 18570 2.0 0.0 13276 5380 ? S 17:00 0:00 nginx: worker process
nobody 18571 0.0 0.0 13276 5172 ? S 17:00 0:00 nginx: worker process
nobody 18572 0.0 0.0 13276 5172 ? S 17:00 0:00 nginx: worker process
nobody 18573 0.0 0.0 13276 5172 ? S 17:00 0:00 nginx: worker process
nobody 18574 0.0 0.0 13276 5172 ? S 17:00 0:00 nginx: worker process
nobody 18575 0.0 0.0 13276 5172 ? S 17:00 0:00 nginx: worker process
nobody 18576 0.0 0.0 13276 5172 ? S 17:00 0:00 nginx: worker process
nobody 18577 0.0 0.0 13276 5164 ? S 17:00 0:00 nginx: worker process
root 18579 0.0 0.0 4960 812 pts/1 S+ 17:00 0:00 grep nginx
linux-gz215:/usr/local/nginx/sbin # kill -QUIT 18152
linux-gz215:/usr/local/nginx/sbin # ps aux | grep nginx
root 18474 0.0 0.0 9124 2460 ? S 16:59 0:00 nginx: master process ./nginx
nobody 18475 2.2 0.0 13256 5376 ? S 16:59 0:02 nginx: worker process
nobody 18476 0.0 0.0 13280 5400 ? S 16:59 0:00 nginx: worker process
nobody 18477 1.5 0.0 13256 5376 ? S 16:59 0:01 nginx: worker process
nobody 18478 0.1 0.0 13256 5376 ? S 16:59 0:00 nginx: worker process
nobody 18479 0.2 0.0 13256 5376 ? S 16:59 0:00 nginx: worker process
nobody 18480 0.0 0.0 13256 5376 ? S 16:59 0:00 nginx: worker process
nobody 18481 0.2 0.0 13256 5376 ? S 16:59 0:00 nginx: worker process
nobody 18482 0.0 0.0 13256 5320 ? S 16:59 0:00 nginx: worker process
nobody 18570 3.2 0.0 13644 5672 ? S 17:00 0:00 nginx: worker process
nobody 18571 0.0 0.0 13276 5172 ? S 17:00 0:00 nginx: worker process
nobody 18572 0.0 0.0 13276 5172 ? S 17:00 0:00 nginx: worker process
nobody 18573 0.0 0.0 13276 5172 ? S 17:00 0:00 nginx: worker process
nobody 18574 0.0 0.0 13276 5172 ? S 17:00 0:00 nginx: worker process
nobody 18575 0.0 0.0 13276 5172 ? S 17:00 0:00 nginx: worker process
nobody 18576 0.0 0.0 13276 5172 ? S 17:00 0:00 nginx: worker process
nobody 18577 0.6 0.0 13360 5412 ? S 17:00 0:00 nginx: worker process
root 18582 0.0 0.0 4956 804 pts/1 R+ 17:00 0:00 grep nginx
linux-gz215:/usr/local/nginx/sbin # ps aux | grep nginx
root 18474 0.0 0.0 9124 2460 ? S 16:59 0:00 nginx: master process ./nginx
nobody 18475 2.2 0.0 13256 5376 ? S 16:59 0:02 nginx: worker process
nobody 18476 0.2 0.0 13452 5520 ? S 16:59 0:00 nginx: worker process
nobody 18477 1.5 0.0 13256 5376 ? S 16:59 0:01 nginx: worker process
nobody 18478 0.1 0.0 13256 5376 ? S 16:59 0:00 nginx: worker process
nobody 18479 0.2 0.0 13256 5376 ? S 16:59 0:00 nginx: worker process
nobody 18480 0.0 0.0 13256 5376 ? S 16:59 0:00 nginx: worker process
nobody 18481 0.2 0.0 13256 5376 ? S 16:59 0:00 nginx: worker process
nobody 18482 0.0 0.0 13256 5320 ? S 16:59 0:00 nginx: worker process
nobody 18570 3.2 0.0 13644 5672 ? S 17:00 0:01 nginx: worker process
nobody 18571 0.0 0.0 13276 5172 ? S 17:00 0:00 nginx: worker process
nobody 18572 0.0 0.0 13276 5172 ? S 17:00 0:00 nginx: worker process
nobody 18573 0.0 0.0 13276 5172 ? S 17:00 0:00 nginx: worker process
nobody 18574 0.0 0.0 13276 5172 ? S 17:00 0:00 nginx: worker process
nobody 18575 0.0 0.0 13276 5172 ? S 17:00 0:00 nginx: worker process
nobody 18576 0.0 0.0 13276 5172 ? S 17:00 0:00 nginx: worker process
nobody 18577 0.5 0.0 13360 5412 ? S 17:00 0:00 nginx: worker process
root 18584 0.0 0.0 4956 812 pts/1 S+ 17:00 0:00 grep nginx
linux-gz215:/usr/local/nginx/sbin #
为了验证平滑升级确实不影响在线业务,我特意在升级的时候,利用 ab 命令一直在发送请求:
ab -n1000000 -c10 http://domain.com/
直到升级完成,使用 ctrl +C 终止并查看 ab 结果,可以发现几十万次的请求全部成功,没有失败!证明平滑升级的可行性!