编译安装 Tengine 3.1.0

• 安装依赖

  1 2 3 4 5

  # CentOS yum install -y jemalloc jemalloc-devel zlib zlib-devel # Ubuntu apt install -y libjemalloc-dev zlib1g-dev libpcre3 libpcre3-dev

• 编译

  1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30

  ./configure \ --prefix=/usr/local/tengine \ --conf-path=/etc/nginx/nginx.conf \ --error-log-path=/var/log/nginx/error.log \ --http-log-path=/var/log/nginx/access.log \ --pid-path=/run/nginx.pid \ --user=nginx \ --group=nginx \ --with-http_ssl_module \ --with-pcre-jit \ --with-pcre \ --with-http_v2_module \ --with-http_realip_module \ --with-http_stub_status_module \ --with-stream \ --with-stream_ssl_module \ --with-stream_ssl_preread_module \ --with-stream_sni \ --with-jemalloc \ --with-file-aio \ --with-threads \ --with-compat \ --with-ipv6 \ --with-http_auth_request_module \ --with-http_dav_module \ --add-module=./modules/ngx_http_upstream_dynamic_module \ --add-module=./modules/ngx_http_upstream_dyups_module \ --add-module=./modules/ngx_http_upstream_check_module make && make install

动态管理 upstream

• ngx_http_upstream_dynamic_module

  运行期动态探活/权重/下线 upstreab节点（自动）

  1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

  # 配置示例 upstream backend { server 10.0.0.1:8080 weight=5 max_fails=3 fail_timeout=10s; server 10.0.0.2:8080 weight=5 max_fails=3 fail_timeout=10s; server 10.0.0.3:8080 backup; } server { listen 80; location / { proxy_pass http://backend; proxy_connect_timeout 3s; proxy_read_timeout 10s; } } max_fails=3 # 连续失败3次 fail_timeout=10s # 10秒内失败就下线 timeout 过后 # 自动重试上线

• ngx_http_upstream_dyups_module

  通过 http 接口，动态新增 / 修改 upstream 配置

  支持：新增 upstream、修改 server 列表、删除 upstream、查询 upstream

  必须配置共享内存，否则不能使用，如果没有 zone，dyups 直接失效

  1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

  # 示例配置 upstream test_backend { zone backend 64k; server 127.0.0.1:8080 weight=5 max_fails=3 fail_timeout=10s; server 127.0.0.1:8081 weight=5 max_fails=3 fail_timeout=10s; } server { listen 127.0.0.1:9999; location /upstream { dyups_interface; allow 127.0.0.1; deny all; } }

  查看当前 upstream

  curl http://127.0.0.1:9999/upstream/test_backend

  

  新增/修改 upstream（新增upstream时，在执行命令时，一定要添加上旧的节点，否则就是修改节点）

  curl -X POST http://127.0.0.1:9999/upstream/test_backend -d 'server 127.0.0.1:8080; server 127.0.0.1:8081; server 127.0.0.1:8082 weight=10; server 127.0.0.1:8083 weight=10;'

  

  删除 upstream

  curl -X DELETE http://127.0.0.1:9999/upstream/test_backend

健康检查模块

• ngx_http_upstream_check_module

  1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18

  # 示例配置 upstream test_backend { server 127.0.0.1:8080 max_fails=3 fail_timeout=10s; server 127.0.0.1:8081 max_fails=3 fail_timeout=10s; check interval=5000 rise=2 fall=3 timeout=1000 type=http; check_http_send "GET /health HTTP/1.0\r\n\r\n"; check_http_expect_alive http_2xx http_3xx; } interval # 健康检查间隔，单位 ms rise # 节点连续健康检查成功次数达到该值后标记为 UP fall # 节点连续健康检查失败次数达到该值后标记为 DOWN timeout # 每次健康检查的超时时间，单位 ms type # 检测类型，可以是 tcp 或 http check_http_send # 健康检查发送的 HTTP 请求 check_http_expect_alive # 判断节点健康的 HTTP 返回码，支持 http_2xx、http_3xx

  1 2 3 4 5 6 7

  # TCP 健康检查示例，TCP 检查只判断端口是否连通，不关心 http 返回值 upstream tcp_backend { server 127.0.0.1:9000; server 127.0.0.1:9001; check interval=3000 rise=2 fall=2 timeout=1000 type=tcp; }

  1 2 3 4 5 6 7 8 9 10

  server { listen 8080; location /status { check_status; # 启用模块 access_log off; # 不记录日志 allow 192.168.0.0/24; deny all; } }

  http://localhost:8080/status?format=json

  http://localhost:8080/status?format=csv

QUIC/HTTP 3

HTTP/3 必须 TLS 1.3，OpenSSL 版本 >= 1.1.1

提前下载并编译 XQUIC

1
2
3
4
5
6

git clone https://github.com/ngtcp2/ngtcp2.git xquic
cd xquic
mkdir build && cd build
cmake ..
make -j$(nproc)
sudo make install

编译完成后，记住库文件 include 和头文件 lib 路径

编译

1
2
3
4
5
6

./configure \ 
...
--add-module=./modules/ngx_http_xquic_module \  		# 启用 XQUIC 模块
--with-xquic-inc=/usr/local/xquic/include \ 			# XQUIC 头文件路径
--with-xquic-lib=/usr/local/xquic/lib \					# XQUIC 库路径
--with-xquic-link=/usr/local/xquic/lib 					# 链接时使用库路径

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

# 示例配置
server {
    listen 443 ssl http2;  # 保留 TLS/HTTP2
    listen 443 quic reuseport;  # 开启 QUIC/HTTP3

    ssl_certificate     /etc/nginx/ssl/server.crt;
    ssl_certificate_key /etc/nginx/ssl/server.key;

    # QUIC 支持
    ssl_protocols TLSv1.3;
    ssl_prefer_server_ciphers off;
    ssl_session_cache shared:SSL:50m;
	ssl_session_timeout 10m;

    # HTTP3/QUIC 配置
    quic_idle_timeout 600s;
    quic_buffer_size 1452;   # 一般根据 MTU 调整
    quic_max_streams 100; 	 # 最大并发流数，可根据业务调整

    # HTTP3 静态资源目录
    location / {
        root /usr/share/nginx/html;
        index index.html;
    }
}

Brotli 压缩

• 获取 Brotli 模块

  1 2 3 4

  cd /usr/local/src git clone https://github.com/google/ngx_brotli.git cd ngx_brotli git submodule update --init

• 编译 tengine

  1 2 3 4

  ./configure \ --add-dynamic-module=/usr/local/src/ngx_brotli make && make install

• 启用模块

  load_module 必须在最前面

  1 2 3

  # 要加到 user 之前 load_module modules/ngx_http_brotli_filter_module.so; load_module modules/ngx_http_brotli_static_module.so;

  http 块开启 brotli

  1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24

  http { brotli on; brotli_comp_level 6; # 推荐 4~6，生产平衡点 brotli_buffers 16 8k; brotli_types text/plain text/css application/json application/javascript text/javascript text/xml application/xml application/xml+rss image/svg+xml font/ttf font/otf application/vnd.ms-fontobject; # gzip 兜底 gzip on; gzip_comp_level 5; gzip_types text/plain text/css application/json application/javascript; }

• 验证

  1 2 3 4

  curl -I -H "Accept-Encoding: br" https://your.domain 响应应包含 Content-Encoding: br