搭建Nginx服务器(网站服务 代理服务)

rpm  -q  gcc   gcc-c++

yum  -y  groupinstall  "开发工具"  

useradd  nginx

yum -y  install  pcre-devel  依赖包

yum -y  install  zlib-devel  依赖包

yum -y  install  openssl-devel  安全认证包

tar -zxvf nginx-1.8.0.tar.gz

cd nginx-1.8.0

./configure  --prefix=/usr/local/nginx  --user=nginx  --gourp=nginx 

 \--with-http_stub_status_module --with-http_ssl_module(开启认证)

make && make   install

ls /usr/local/nginx/         成功显示以下文件证明安装成功

conf  html  logs  sbin          

conf  配置文件:  nginx.conf 主配置文件   nginx.conf.default 模版

html  网页目录  

logs  日志文件存放的目录

sbin  存放启动NGINX服务的启动命令  nginx

启动nginx服务(默认监听80)

[root@squid nginx]# netstat -utnalp  | grep :80  有http先停掉

[root@squid nginx]# /usr/local/nginx/sbin/nginx 

[root@squid nginx]# netstat -utnalp  | grep :80

tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      92

[root@squid nginx]# echo 123  > /usr/local/nginx/html/test.html   写网页文件

[root@squid nginx]# elinks  --dump http://localhost/test.html   客户端测试

   123

修改nginx服务端口:

mv nginx.conf nginx.conf.bak  备份配置文件

grep -v '^$\|#' nginx.conf.bak  > nginx.conf   去除空行和注释行后到新配置文件

vim nginx.conf 修改 listen       8080;

/usr/local/nginx/sbin/nginx -s stop  停服务

/usr/local/nginx/sbin/nginx  启动服务

netstat -untlap | grep :8080

elinks  --dump http://localhost:8080/test.html  指定端口测试

常用命令

[root@squid conf]# /usr/local/nginx/sbin/nginx  -v  查看nginx版本

[root@squid conf]# /usr/local/nginx/sbin/nginx  -V 查看nginx版本以及编安装详细信息

[root@squid conf]# /usr/local/nginx/sbin/nginx  -t  测试配置文件是否正常

/usr/local/nginx/sbin/nginx  -c /usr/local/nginx/conf/nginx2.conf  指定配置文件启动服务

 停止服务的方法

/usr/local/nginx/sbin/nginx  -s stop

killall -9 nginx

kill  -信号   pid号

常见信号:

TERM, INT 快速关闭 

QUIT 从容关闭,关闭主进程及子进程

HUP  重载配置文件

USR1 重新打开日志文件 

USR2 平滑升级可执行程序

重启服务很方便

 kill -HUP  `cat /usr/local/nginx/logs/nginx.pid`

++++++++++++++++++++++++++++++++++

平滑升级(在线升级服务软件的版本)

tar -zxvf nginx-1.9.2.tar.gz 

cd nginx-1.9.2

./configure  --prefix=/usr/local/nginx --user=nginx --group=nginx

 \--with-http_stub_status_module --with-http_ssl_module(开启认证)

make

cd /usr/local/nginx/sbin

mv nginx  nginxold   备份旧的执行程序

cd  nginx-1.9.2/objs

cp   nginx  /usr/local/nginx/sbin/   拷贝新版本执行程序

cd  nginx-1.9.2

make  upgrade            执行升级

[root@squid conf]# /usr/local/nginx/sbin/nginx  -v  查看nginx版本 升级完成

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

虚拟主机(一台服务器提高多个网站)  

基于域名虚拟主机(根据客户端访问的主机名区分访问)

基于端口虚拟主机

基于ip地址虚拟主机

++++++++++++++++++++++++++++++++++++++++++++++

基于域名虚拟主机

(服务器)

mkdir   /wwwdir 

mkdir   /bbsdir

echo  www  >  /wwwdir/a.html

echo  bbs  >   /bbsdir/a.html

[root@A conf]# /usr/local/nginx/sbin/nginx -s stop  先停止服务

grep -v '^$' nginx.conf.default | grep -v '#'  > nginx.conf 

vim nginx.conf

worker_processes  1;

events {

    worker_connections  1024;

}

http {

    include       mime.types;

    default_type  application/octet-stream;

    sendfile        on; 

    keepalive_timeout  65; 

    server {

        listen       80; 

        server_name  www.tarena.com;    修改为指定域名

        location / { 

            root   /wwwdir;            指定网页目录

            index  a.html;            指定默认首页文件

        }   

     }

        server {

        listen       80; 

        server_name  bbs.tarena.com;

        location / { 

            root   /bbsdir;

            index  a.html;

         }

      }

    }

}

./nginx  -t    测试配置文件配置正确     

 ./nginx    启动服务

(客户端)测试

vim /etc/hosts

172.25.254.151(服务端IP)    www.tarena.com   www

172.25.254.151(服务端IP)    bbs.tarena.com   bbs

:wq

ping  www.tarena.com

ping  bbs.tarena.com

elinks --dump ghtp://www.tarena.com  

elinks --dump http://bbs.tarena.com  

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

基于端口的虚拟主机(服务器根据客户端访问的端口区分访问)

实验需求

http://www.tarena.com       -> /usr/local/nginx/html

http://www.tarena.com:8080  -> /wwwdir

http://www.tarena.com:8090  -> /bbsdir

vim nginx.conf

worker_processes  1;

events {

    worker_connections  1024;

}

http {

    include       mime.types;

    default_type  application/octet-stream;

    sendfile        on; 

    keepalive_timeout  65; 

server {

          listen       80;

          server_name  www.tarena.com;

          location / {

              root   html;  

              index  index.html;

          }

 }

    server {

        listen       8080;      指定不同端口 

        #server_name  www.tarena.com;    注销掉域名

        location / { 

            root   /wwwdir;            

            index  a.html;           

        }   

     }

        server {

        listen       8090; 

        #server_name  bbs.tarena.com;

        location / { 

            root   /bbsdir;

            index  a.html;

         }

      }

    }

}

[root@A conf]# ../sbin/nginx -s stop

[root@A conf]# ../sbin/nginx 

[root@A conf]# netstat -anptu |grep nginx

tcp        0      0 0.0.0.0:8080                0.0.0.0:*                   LISTEN      51193/nginx         

tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      51193/nginx         

tcp        0      0 0.0.0.0:8090                0.0.0.0:*                   LISTEN      51193/nginx   

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

基于ip地址的虚拟主机

ifconfig  eth0:1  1.0.0.200

vim nginx.conf

worker_processes  1;

events {

    worker_connections  1024;

}

http {

    include       mime.types;

    default_type  application/octet-stream;

    sendfile        on;

    keepalive_timeout  65;

       server  {

       listen  1.0.0.100:8090;

       #server_name  www.tarena.com;

       location  / {

             root  /wwwdir;

             index a.html;

       }

    }

    server {

        listen      1.0.0.200:80;

        #server_name  bbs.tarena.com;

        location / {

            root   /bbsdir;

            index  a.html;

        }

    }

}

[root@A conf]# ../sbin/nginx -s stop

[root@A conf]# ../sbin/nginx

[root@A conf]# netstat -anptu |grep nginx

tcp        0      0 1.0.0.200:80                0.0.0.0:*                   LISTEN      60910/nginx         

tcp        0      0 1.0.0.100:8090              0.0.0.0:*                   LISTEN      60910/nginx 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

访问控制

访问控制  (默认允许所有客户端访问)

location  / {

   ....

   allow  ip地址1; 允许的访问

   allow  ip地址2;

   #allow  172.40.1.0/14;

   deny  all;拒绝所有访问

}

elinks  http://172.25.254.151:8090 客户端测试

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

用户验证(访问网站页面时,要提交正确用户和密码才可以访问)

location  / {

   .....

auth_basic  "please input username and password";

auth_basic_user_file "/usr/local/nginx/conf/authuser.txt";

}

[root@squid conf]# kill -HUP `cat /usr/local/nginx/logs/nginx.pid`  重启nginx服务

rpm  -q  httpd-tools     查询有包没

[root@squid conf]# htpasswd -c /usr/local/nginx/conf/user.txt tom 生成验证文件,用户名为tom

New password:                                 #输入密码

Re-type new password:                     #再次输入密码

Adding password for user webadmin           #OK

[root@squid conf]# cat /usr/local/nginx/conf/user.txt

tom:VziCsLM3LWwXY

[root@squid conf]# htpasswd  /usr/local/nginx/conf/user.txt tom2  创建第二个账号为tom2

New password: 

Re-type new password: 

Adding password for user tom2

[root@squid conf]# cat /usr/local/nginx/conf/user.txt 查看账号文件 加密文件

tom:VziCsLM3LWwXY

tom2:gw4brc6MjcAqA

改成基于域名的服务 客户端测试firefox http://www.tarena.com 提示输入用户名密码,配置成功

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

配置SSL,安全认证 

(支持客户端使用https协议访问)https 数据加密传输

80  http://         443https://

服务器配置

1生成私钥

2生成证书文件

3在服务的主配置文件里调用私钥 和证书

cd /usr/local/nginx/conf/

[root@squid conf]#openssl genrsa -out cert.key 2048   //生成私钥

[root@squid conf]# openssl req -new -x509 -key cert.key -out cert.pem   //生成证书

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN                   中国代码

State or Province Name (full name) []:beijing             州或者省

Locality Name (eg, city) [Default City]:beijing          城市

Organization Name (eg, company) [Default Company Ltd]:tarena    公司名

Organizational Unit Name (eg, section) []:mis              部门

Common Name (eg, your name or your server's hostname) []:www.tarena.com    域名

Email Address []:plj@tarena.com     邮箱

[root@squid conf]# 

server  {

  ......


        #listen       80;

        listen       443 ssl;

          server_name www.tarena.com;

        ssl_certificate      cert.pem;

        ssl_certificate_key  cert.key;

       ssl_session_cache    shared:SSL:1m;

       ssl_session_timeout  5m;

       ssl_ciphers  HIGH:!aNULL:!MD5;

       ssl_prefer_server_ciphers  on;


    ......

}

重启nginx服务

客户端配置firefox   https://tarena.com   注意http后面加s

+++++++++++++++++++++++++++++++++++++++++++++++++++++

反向代理

worker_processes  1;

events {

    worker_connections  1024;

}

http {

    include       mime.types;

    default_type  application/octet-stream;

    sendfile        on;

    keepalive_timeout  65;


    upstream  "webgroup" {                        #定义源服务组

       server  192.168.1.1:80 ;

       server  192.168.1.2:8080 ;

    }


    server {

        listen       80;

        server_name  localhost;

        location / {

            proxy_pass  http://webgroup;                 调用服务组

            #proxy_pass  http://192.168.1.1;

            #root   html;

            #index  index.html index.htm;

        }

        error_page   500 502 503 504  /50x.html;

        location = /50x.html {

            root   html;

        }

    }

}

客户端测试.....................

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

nginx目前支持4种分配方式

轮询(默认的): 逐一循环调度 (weight=1)

Weight:指定轮询几率,权重值和访问比率成正比

ip_hash:根据客户端IP分配固定的后端服务器

Fair:按后端服务器响应时间短的优先分配


设置服务器组中服务器的状态

down:表示当前server暂时不参与负载

max_fails:允许请求失败的次数(默认为1)

fail_timeout :max_fails次失败后,暂停提供服务的时间

backup:备份服务器

举例:

.............

upstream   sergrp {

 #ip_hash;

 serer 1.0.0.100:80  weight=2;         轮训权重为2,不设默认为1

 server 1.0.0.200:80     down;             200不参与负载

 server 1.0.0.201:80;

 server 1.0.0.202:80 backup;               202为备份服务器

 server 1.0.0.203:80 max_fails=2 fail_timeout=30;  允许失败2次,失败后暂停服务时间30秒

}

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

访问不同网页格式

 upstream  "webgroup" {

       server  192.168.1.1:80 max_fails=3 fail_timeout=30s;

       server  192.168.1.2:8080;

    }

upstream "htmlweb" {

   server  192.168.1.1:80;

   server  192.168.1.2:80;

}

upstream "phpweb" {

   server  192.168.1.30:80;

   server  192.168.1.40:80;

}

server {

   listen  80;   

   location  ~ \.html$ {

     proxy_pass http://htmlweb;

   }

   location  ~ \.php$ {

     proxy_pass http://phpweb;

   }

}


http://nginx_ip/a.html

http://nginx_ip/a.php