12.5 Nginx介绍

官网:nginx.org

因为nginx处理静态文件的能力要比apache好很多,所以很多企业在建站的时候一般都是用java写的,然后会选择tomcat,但是tomcat处理静态文件的能力不是太好就会叠加选择nginx。

nginx特点:

体积小
处理能力强
并发高
可扩展性好
Nginx应用场景:
web服务
反向代理
负载均衡
Nginx著名分支,淘宝基于Nginx开发的Tengine,使用上和Nginx一致,服务名,配置文件名都一样,和Nginx的最大区别在于Tenging增加了一些定制化模块,在安全限速方面表现突出,另外它支持对js,css合并
Nginx核心+lua(开发语言)相关的组件和模块组成了一个支持lua的高性能web容器openresty,参考http://jinnianshilongnian.iteye.com/blog/2280928 

12.6 下载配置安装Nginx

1.下载解压

[root@xavi php-5.6.30]# cd /usr/local/src
[root@xavi src]# wget http://nginx.org/download/nginx-1.12.1.tar.gz
[root@xavi src]# tar zvxf nginx-1.12.1.tar.gz

2.进入安装源码包,配置,make&make install

[root@xavi src]# cd nginx-1.12.1/
[root@xavi nginx-1.12.1]# ./configure --prefix=/usr/local/nginx

Nginx目录,四个目录: conf , html , logs , sbin

  • [ ] conf:nginx配置文件

  • [ ] html:主页样例文件

  • [ ] logs:站点日志

  • [ ] sbin:核心进程文件

[root@xavi nginx-1.12.1]# ls /usr/local/nginx
conf  html  logs  sbin



[root@xavi nginx-1.12.1]# ls /usr/local/nginx/conf
fastcgi.conf            koi-utf             nginx.conf           uwsgi_params
fastcgi.conf.default    koi-win             nginx.conf.default   uwsgi_params.default
fastcgi_params          mime.types          scgi_params          win-utf
fastcgi_params.default  mime.types.default  scgi_params.default

[root@xavi nginx-1.12.1]# ls /usr/local/nginx/html
50x.html  index.html

[root@xavi nginx-1.12.1]# ls /usr/local/nginx/logs/

[root@xavi nginx-1.12.1]# ls /usr/local/nginx/sbin/
nginx
[root@xavi nginx-1.12.1]# ls /usr/local/nginx/sbin/nginx
/usr/local/nginx/sbin/nginx
测试配置语法错误nginx -t
[root@xavi nginx-1.12.1]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

3.Nginx配置

3.1 制作启动脚本
[root@xavi nginx-1.12.1]# vim /etc/init.d/nginx
//增加以下内容:

#!/bin/bash
# chkconfig: - 30 21
# description: http service.
# Source Function Library
. /etc/init.d/functions
# Nginx Settings
NGINX_SBIN="/usr/local/nginx/sbin/nginx"
NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
NGINX_PID="/usr/local/nginx/logs/nginx.pid"
RETVAL=0
prog="Nginx"
start() 
{
    echo -n $"Starting $prog: "
    mkdir -p /dev/shm/nginx_temp
    daemon $NGINX_SBIN -c $NGINX_CONF
    RETVAL=$?
    echo
    return $RETVAL
}
stop() 
{
    echo -n $"Stopping $prog: "
    killproc -p $NGINX_PID $NGINX_SBIN -TERM
    rm -rf /dev/shm/nginx_temp
    RETVAL=$?
    echo
    return $RETVAL
}
reload()
{
    echo -n $"Reloading $prog: "
    killproc -p $NGINX_PID $NGINX_SBIN -HUP
    RETVAL=$?
    echo
    return $RETVAL
}
restart()
{
    stop
    start
}
configtest()
{
    $NGINX_SBIN -c $NGINX_CONF -t
    return 0
}
case "$1" in
  start)
        start
        ;;
  stop)
        stop
        ;;
  reload)
        reload
        ;;
  restart)
        restart
        ;;
  configtest)
        configtest
        ;;
  *)
        echo $"Usage: $0 {start|stop|reload|restart|configtest}"
        RETVAL=1
esac
exit $RETVAL
3.2 更改权限

chmod 755 /etc/init.d/nginx

3.3 配置开机启动

chkconfig --add nginx

chkconfig nginx on

[root@xavi nginx-1.12.1]# chmod 755 /etc/init.d/nginx

[root@xavi nginx-1.12.1]# chkconfig --add nginx

[root@xavi nginx-1.12.1]# chkconfig nginx on
3.4 编辑配置文件

cd /usr/local/nginx/conf/

mv nginx.conf nginx.conf.bak //不使用系统自带的配置模板,把自带的备份下

vim nginx.conf //拷贝如下配置文件:

user nobody nobody;
worker_processes 2;
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
    use epoll;
    worker_connections 6000;
}
http
{
    include mime.types;
    default_type application/octet-stream;
    server_names_hash_bucket_size 3526;
    server_names_hash_max_size 4096;
    log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
    ' $host "$request_uri" $status'
    ' "$http_referer" "$http_user_agent"';
    sendfile on;
    tcp_nopush on;
    keepalive_timeout 30;
    client_header_timeout 3m;
    client_body_timeout 3m;
    send_timeout 3m;
    connection_pool_size 256;
    client_header_buffer_size 1k;
    large_client_header_buffers 8 4k;
    request_pool_size 4k;
    output_buffers 4 32k;
    postpone_output 1460;
    client_max_body_size 10m;
    client_body_buffer_size 256k;
    client_body_temp_path /usr/local/nginx/client_body_temp;
    proxy_temp_path /usr/local/nginx/proxy_temp;
    fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
    fastcgi_intercept_errors on;
    tcp_nodelay on;
    gzip on;
    gzip_min_length 1k;
    gzip_buffers 4 8k;
    gzip_comp_level 5;
    gzip_http_version 1.1;
    gzip_types text/plain application/x-javascript text/css text/htm 
    application/xml;
    server
    {
        listen 80;
        server_name localhost;
        index index.html index.htm index.php;
        root /usr/local/nginx/html;
        location ~ \.php$ 
        {
            include fastcgi_params;
            fastcgi_pass unix:/tmp/php-fcgi.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
        }    
    }
}
3.5 配置详解:

参考文章:http://www.okay686.cn/510.html

user nobody nobody; 运行服务的用户是谁

worker_processes 2;定义子进程的数量

worker_rlimit_nofile 51200;最多可以打开多少个文件

worker_connections 6000;允许最大的连接数

server; 下面对应的就是虚拟主机配置

server_name localhost;定义网站的域名

root /usr/local/nginx/html;定义网站的根目录

location ~ .php$;配置解析PHP

fastcgi_pass unix:/tmp/php-fcgi.sock;监听端口或者监听socket,通过此命令去执行

fastcgi_pass 127.0.0.1:9000;(或者携程这种方式,服务器IP地址+端口)

3.6 启动nginx服务
[root@xavi conf]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@xavi conf]# /etc/init.d/nginx start
Starting nginx (via systemctl):                            [  确定  ]
[root@xavi conf]# ps aux |grep nginx
root     124541  0.0  0.0  20500   628 ?        Ss   00:11   0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody   124542  0.0  0.1  25028  3508 ?        S    00:11   0:00 nginx: worker process
nobody   124543  0.0  0.1  25028  3248 ?        S    00:11   0:00 nginx: worker process
root     124553  0.0  0.0 112680   976 pts/0    S+   00:11   0:00 grep --color=auto nginx
3.7 curl localhost //本地测试 nginx

mark

vim /usr/local/nginx/html/1.php //编辑一个测试php页面

mark

[root@xavi conf]# curl localhost/1.php
this is nginx test page[root@xavi conf]# 

12.7 Nginx默认虚拟主机

在Nginx中也有默认虚拟主机,跟httpd类似,第一个被Nginx加载的虚拟主机就是默认主机,但和httpd不相同的地方是,它还有一个配置用来标记默认虚拟主机,也就是说,如果没有这个标记,第一个虚拟主机为默认虚拟主机。

1.编辑修改配置文件nginx.conf,增加一句: include vhost/*.conf;

[root@xavi ~]# cd /usr/local/nginx/conf/
[root@xavi conf]# vim /usr/local/nginx/conf/nginx.conf
 加入这行:include vhost/*.conf;

加入这行,意思是/usr/local/nginx/conf/vhost/下面所有以.conf结尾的文件都会加载,这样可以把所有虚拟主机配置文件放到vhost目录下面了

2.把server的定义删除,为方便后续实验

mark

mark

3.创建一个vhost的子目录

mark

[root@xavi conf]# pwd
/usr/local/nginx/conf
[root@xavi conf]# mkdir vhost
[root@xavi conf]# cd vhost/
[root@xavi vhost]# ls

[root@xavi vhost]# vim aaa.com.conf

4 创建创建vhost目录及配置文件and虚拟server

有这个default_server标记的就是默认虚拟主机
server
    {
        listen 80 default_server; //有这个default_server标记的就是默认虚拟主机
        server_name aaa.com;
        index index.html index.htm index.php;
        root /data/wwwroot/default;
    }

mark

5. 创建测试页面 index.html

[root@xavi vhost]# cd /data/wwwroot/default/
[root@xavi default]# ls
[root@xavi default]# vim index.html
[root@xavi default]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

mark

6. 重载并测试

[root@xavi default]# /usr/local/nginx/sbin/nginx -s reload
[root@xavi default]# curl localhost
this is the default site.

7.访问aaa.com,访问没有定义过的域名,也会访问到aaa.com

[root@xavi default]# curl -x127.0.0.1:80 aaa.com
this is the default site.
[root@xavi default]# curl -x127.0.0.1:80 bbb.com
this is the default site.
[root@xavi default]# curl -x127.0.0.1:80 bbcb.com
this is the default site.
[root@xavi default]# tail /usr/local/nginx/conf/nginx.conf
    tcp_nodelay on;
    gzip on;
    gzip_min_length 1k;
    gzip_buffers 4 8k;
    gzip_comp_level 5;
    gzip_http_version 1.1;
    gzip_types text/plain application/x-javascript text/css text/htm 
    application/xml;
    include vhost/*.conf;
}

12.8 Nginx用户认证

1. 再创建一个新的虚拟主机

[root@xavi default]# cd /usr/local/nginx/conf/vhost/
[root@xavi vhost]# vim test.com.conf

server
{
   listen 80;                  
   server_name test.com;
   index index.html index.htm index.php;
   root /data/nginx/test.com;

   location /     //用户认证等信息
     {
       auth_basic         "Auth";
       auth_basic_user_file /usr/local/nginx/conf/htpasswd;  //密码文件
     }
}

2. yum install -y httpd //安装httpd,也可以使用之前编译安装的apache2.4

[root@xavi vhost]# htpasswd -c /usr/local/nginx/conf/htpasswd xavi //创建xavi用户
New password: 
Re-type new password: 
Adding password for user xavi
Apache方法:# /usr/local/apache2.4/bin/htpasswd -c /usr/local/nginx/conf/htpasswd xavi
再次创建一个新用户,不用再用-c了
[root@xavi vhost]# htpasswd /usr/local/nginx/conf/htpasswd user1
New password:
  • 查看密码文件
[root@xavi vhost]# cat /usr/local/nginx/conf/htpasswd
xavi:$apr1$mzzjFU/B$/il2XbQfytr2RPw/LuRdH0
user1:$apr1$2tDxaHTk$Imu4zmH68YrUtK0h7l2.p.

3.测试并重载配置

/usr/local/nginx/sbin/nginx -t

/usr/local/nginx/sbin/nginx -s reload

[root@xavi vhost]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@xavi vhost]# /usr/local/nginx/sbin/nginx -s reload

4.总结:两句核心配置语句,auth_basic打开认证,auth_basic_user_file指定用户密码文件。生成密码工具需要借助apache的htpasswd。Nginx不自带这个工具。

5.使用curl命令来验证

[root@xavi vhost]# curl -x127.0.0.1:80 test.com -I
HTTP/1.1 401 Unauthorized
Server: nginx/1.12.1
Date: Wed, 14 Mar 2018 13:47:04 GMT
Content-Type: text/html
Content-Length: 195
Connection: keep-alive
WWW-Authenticate: Basic realm="Auth"
//401状态码,说明访问需要验证

6.用户认证测试主机

[root@xavi vhost]# curl -uxavi:xavi2018 -x127.0.0.1:80 test.com
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center>404 Not Found</center>
<hr><center>nginx/1.12.1</center>
</body>
</html>

报错404,找到原料文件路径并未创建

[root@xavi vhost]# ls /data/nginx/test.com/
ls: 无法访问/data/nginx/test.com/: 没有那个文件或目录
[root@xavi vhost]# mkdir -p /data/nginx/test.com
[root@xavi vhost]# echo "test.com" > /data/nginx/test.com/index.html
[root@xavi vhost]# curl -uxavi:xavi2018 -x127.0.0.1:80 test.com
test.com

7.针对某个目录做用户认证,比如/admin,需要修改location后面的路径

有时候我们需要对某个访问目录或者页面进行认证,而不是全站。所以我们需要对配置文件进行更改:
[root@xavi vhost]# vim test.com.conf

server
{
   listen 80;
   server_name test.com;
   index index.html index.htm index.php;
   root /data/nginx/test.com;

   location /admin/
     {
       auth_basic         "Auth";
       auth_basic_user_file /usr/local/nginx/conf/htpasswd;
     }
}

mark

[root@xavi vhost]# vim test.com.conf
[root@xavi vhost]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@xavi vhost]# /usr/local/nginx/sbin/nginx -s reload

[root@xavi vhost]# curl -x127.0.0.1:80 test.com
test.com
[root@xavi vhost]# curl -x127.0.0.1:80 test.com/admin/
<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center>401 Authorization Required</center>
<hr><center>nginx/1.12.1</center>
</body>
</html>
排故过程:对摸个目录做用户认证,该目录是有效的路径,实际存在,且目录下的测试文档index.html下需要编辑一定内容,方便查看测试结果
[root@xavi vhost]# curl -x127.0.0.1:80 test.com
test.com
[root@xavi vhost]# curl -x127.0.0.1:80 test.com/admin/
<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center>401 Authorization Required</center>
<hr><center>nginx/1.12.1</center>
</body>
</html>
[root@xavi vhost]# curl -uxavi:xavi2018 -x127.0.0.1:80 test.com/admin/
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center>404 Not Found</center>
<hr><center>nginx/1.12.1</center>
</body>
</html>
[root@xavi vhost]# curl -uxavi:xavi2018 -x127.0.0.1:80 test.com
test.com
[root@xavi vhost]# mkdir /data/nginx/test.com/admin
[root@xavi vhost]# curl -uxavi:xavi2018 -x127.0.0.1:80 test.com
test.com
[root@xavi vhost]# curl -uxavi:xavi2018 -x127.0.0.1:80 test.com/admin/
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center>403 Forbidden</center>
<hr><center>nginx/1.12.1</center>
</body>
</html>
[root@xavi vhost]# echo "test admin dir" > /data/nginx/test.com/admin/index.html
[root@xavi vhost]# curl -uxavi:xavi2018 -x127.0.0.1:80 test.com/admin/
test admin dir

8. 针对某个特殊页面进行认证:


   location ~ admin.php
     {
       auth_basic         "Auth";
       auth_basic_user_file /usr/local/nginx/conf/htpasswd;
     }
}

mark

* 重载配置文件 -t&-reload
[root@xavi vhost]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@xavi vhost]# /usr/local/nginx/sbin/nginx -s reload
测试
[root@xavi vhost]# curl -x127.0.0.1:80 test.com/admin/
test admin dir
排查错误:找到原因是没有创建admin.php文件
[root@xavi vhost]# curl -x127.0.0.1:80 test.com/admin.php
<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center>401 Authorization Required</center>
<hr><center>nginx/1.12.1</center>
</body>
</html>
[root@xavi vhost]# curl -uxavi:xavi2018 -x127.0.0.1:80 test.com/admin.php
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center>404 Not Found</center>
<hr><center>nginx/1.12.1</center>
</body>
</html>
[root@xavi vhost]# curl -uxavi:xavi2018 -x127.0.0.1:80 test.com/admin.php
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center>404 Not Found</center>
<hr><center>nginx/1.12.1</center>
</body>
</html>
[root@xavi vhost]# vim /data/nginx/test.com/admin.php
[root@xavi vhost]# curl -uxavi:xavi2018 -x127.0.0.1:80 test.com/admin.php
<?php
echo "this is a test for admin.php";

12.9 Nginx域名重定向

Nginx的域名重定向与httpd类似,但更容易理解 只要Apache能实现的功能,Nginx也全部可以实现。不然也不会有那么多企业使用nginx服务。

当我们站点有多个域名的时候,权重降低了,但是之前的域名已经被一部分人所依赖了,也不可能去通知大家新的站点,所以我们就会选择一个主域名其它的均302跳转过来!

1. 配置atorreid.com.conf

vim atorreid.com.conf

server
{
    listen 80 default_server;
    server_name atorreid.com xavi.com abc.com;
    index index.html index.htm index.php;
    root /data/nginx/www.torreid.com;
    if ($host != 'torreid.com' ) {
        rewrite  ^/(.*)$  http://torreid.com/$1  permanent;

    
     location /
     {
       auth_basic         "Auth";
       auth_basic_user_file /usr/local/nginx/conf/htpasswd;
     }
}

在Nginx配置在,server_name后面可以跟多个域名,permanent为永久重定向,相当于httpd的R=301.另外还有一个常用的redirect,相当于httpd的R=302.

-t && -s reload 测试并重载配置

[root@xavi vhost]# curl -x127.0.0.1:80 www.atorreid.com/index.html -I
HTTP/1.1 301 Moved Permanently
Server: nginx/1.12.1
Date: Wed, 14 Mar 2018 15:03:15 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: http://torreid.com/index.html