用 Prometheus
来监控Nginx的状态,所以看了一下有个module可以支持。项目地址在:https://github.com/vozlt/nginx-module-vts.git
参考 下载 nginx 源码和模块 如果已经安装了,首先执行 nginx -V
查看编译参数,记录一下, 比如
1 --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -ffile-prefix-map=/data/builder/debuild/nginx-1.22.1/debian/debuild-base/nginx-1.22.1=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'
nginx 源码下载地址 。目前最新的Stable版为1.22
1 2 3 4 wget http://nginx.org/download/nginx-1.22.1.tar.gz tar -zxvf nginx-1.22.1.tar.gz git clone https://github.com/vozlt/nginx-module-vts.gitcd nginx-1.22.1
开始编译 配置参数 开始编译,编译时增加一条参数
1 --add-module=../nginx-module-vts
结合上面记录的编译参数,完整的编译参数是:
1 ./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -ffile-prefix-map=/data/builder/debuild/nginx-1.22.1/debian/debuild-base/nginx-1.22.1=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie' --add-module=../nginx-module-vts
如果遇到问题:
1 2 3 4 ./configure: error: the HTTP rewrite module requires the PCRE library. You can either disable the module by using --without-http_rewrite_module option, or install the PCRE library into the system, or build the PCRE library statically from the source with nginx by using --with-pcre=<path> option.
下载安装 libpcre 和 libpcre-dev 包
1 2 3 4 sudo apt-get install libpcre3-dev sudo yum install pcre-devel
如果遇到:
1 2 3 4 ./configure: error: SSL modules require the OpenSSL library. You can either do not enable the modules, or install the OpenSSL library into the system, or build the OpenSSL library statically from the source with nginx by using --with-openssl=<path> option.
1 2 3 4 sudo apt-get install libssl-dev yum -y install openssl openssl-devel
可能的报错: 如果报错:
1 2 3 checking for C compiler ... not found ./configure: error: C compiler cc is not found
如果遇到:
1 2 3 4 ./configure: error: the HTTP gzip module requires the zlib library. You can either disable the module by using --without-http_gzip_module option, or install the zlib library into the system, or build the zlib library statically from the source with nginx by using --with-zlib=<path> option.
安装zlib
1 2 3 4 sudo apt-get install zlib1g-dev sudo yum install zlib-devel
正确输出 直到出现类似下面的输出:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 Configuration summary + using threads + using system PCRE library + using system OpenSSL library + using system zlib library nginx path prefix: "/etc/nginx" nginx binary file: "/usr/sbin/nginx" nginx modules path: "/usr/lib/nginx/modules" nginx configuration prefix: "/etc/nginx" nginx configuration file: "/etc/nginx/nginx.conf" nginx pid file: "/var/run/nginx.pid" nginx error log file: "/var/log/nginx/error.log" nginx http access log file: "/var/log/nginx/access.log" nginx http client request body temporary files: "/var/cache/nginx/client_temp" nginx http proxy temporary files: "/var/cache/nginx/proxy_temp" nginx http fastcgi temporary files: "/var/cache/nginx/fastcgi_temp" nginx http uwsgi temporary files: "/var/cache/nginx/uwsgi_temp" nginx http scgi temporary files: "/var/cache/nginx/scgi_temp"
编译 如果报错
1 -bash: make: command not found
对于 Ubuntu:
1 apt-get update && apt-get install -y make
如果在 Debian 上安装make失败,运行:
1 apt install -y build-essential
完成 如果之前安装过 nginx:
然后将编译好的二进制文件替换现有的nginx
1 mv objs/nginx /usr/sbin/nginx
之前没安装过nginx的可以直接 make && make install
nginx-module-vts
模块从0.1.17+版本之后原生支持 prometheus 数据格式,可跳过 nginx-vts-exporter 的安装。
开启监控 1 2 3 4 5 6 7 8 9 10 11 12 # 在 http 和 server 块中加入如下信息 http { vhost_traffic_status_zone; ... server { ... location /metrics { vhost_traffic_status_display; vhost_traffic_status_display_format prometheus; } } }
比如,编辑conf文件:
1 vim /etc/nginx/conf.d/vhost_traffic_status_zone.conf
添加:
1 2 3 4 5 6 7 8 9 10 11 12 vhost_traffic_status_zone; vhost_traffic_status_filter_by_host on; vhost_traffic_status_filter on; vhost_traffic_status_filter_by_set_key $status $server_name; server { listen 80; server_name localhost; location /status { vhost_traffic_status_display; vhost_traffic_status_display_format html; } }
如果你想用域名访问:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 vhost_traffic_status_zone; vhost_traffic_status_filter_by_host on; vhost_traffic_status_filter on; vhost_traffic_status_filter_by_set_key $status $server_name; server { listen 80; server_name www.pawswrite.xyz; return 301 https://$host$request_uri; } server { listen 443; server_name www.pawswrite.xyz; #allow 你的IP; #deny all; location /status { vhost_traffic_status_display; vhost_traffic_status_display_format html; } }
监控接口为:
1 2 3 4 5 支持的输出格式有json html和 Prometheus localhost/metrics localhost/metrics/format/json localhost/metrics/format/prometheus
acme申请证书 安装 acme.sh
1 curl https://get.acme.sh | sh -s email=你的邮箱
申请证书:
1 acme.sh --issue -d 你的域名 --nginx
之后修改配置,修改下面几处:
1 2 3 4 listen 443 ssl; server_name your.example.com; ssl_certificate /root/.acme.sh/your.example.com/your.example.com.cer; ssl_certificate_key /root/.acme.sh/your.example.com/your.example.com.key;
配置 添加在nginx.conf中的http段落下。
功能 配置 开启基础监控 vhost_traffic_status_zone;
开启详细状态码统计 vhost_traffic_status_filter on;
开启详细状态码统计 vhost_traffic_status_filter_by_set_key $status $server_name;
开启URL统计 vhost_traffic_status_filter on;
开启URL统计 vhost_traffic_status_filter_by_set_key $uri uris::$server_name;
打开vhost过滤,开启此功能,在Nginx配置有多个server_name的情况下,会根据不同的server_name进行流量的统计,否则默认会把流量全部计算到第一个server_name上。在不想统计流量的server区域禁用vhost_traffic_status,配置示例:
1 2 3 4 5 server { ... vhost_traffic_status off; ... }