nginx日志切割
nginx的access.log日志会保存所有客户端连接信息,普通网站每天请求量很大,所以要每天切割(可以用nginx自带的reopen)
1)先查看nginx的access.log日志大小
[root@server1 logs]# du -sh access.log
20K access.log
2)多次请求页面,再查看日志大小
[kiosk@foundation0 ~]$ ab -c 1 -n 100000 http://www.westos.org/index.html ##1个并发,100000次请求
[root@server1 logs]# du -sh access.log
16M access.log
4)保存之前的日志
#我们可以先实现打出前一天的日期
[root@server1 logs]# date +%F -d -1day 打出前一天的日期信息
2019-02-20
[root@server1 logs]# mv access.log `date +%F -d -1day`_access.log ##因为第二天肯定是备份前一天的日志
[root@server1 logs]# ls
2019-02-20_access.log error.log nginx.pid nginx.pid.oldbin
[root@server1 logs]# /usr/local/nginx/sbin/nginx -s reopen
[root@server1 logs]# ls
2019-02-20_access.log access.log error.log nginx.pid nginx.pid.oldbin
#发现重新生成了一个access.log,新的请求信息会到新日志里
#可以把命令写在crontab里,每天执行一次
systemd方式,nginx启动脚本
1)系统启动脚本都在/usr/lib/systemd/system目录下,但是自己配置的服务官方不建议放在此目录下,放在/etc/systemd/system目录下
2)用httpd服务启动脚本做参考
cp /usr/lib/systemd/system/httpd.service /etc/systemd/system/nginx.service
vim /etc/systemd/system/nginx.service
[Unit]
Description=The Nginx HTTP Server
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s stop
PrivateTmp=true
[Install]
WantedBy=multi-user.target
3)启动nginx
systemctl start nginx
nginx上传压缩图片
不管一个系统或网站的大与小,都存在相应的图片处理,生成缩略图、为图片加水印等等,如果涉及到APP端,这个图片的处理需求变得更加重要了,因为在目前看来,客户端的屏幕大小不一,会导致以下问题:
1、图片过大导致APP加载图片速度慢;
2、消耗用户过多流量。
图片过滤模块(有时一张高清图片太大,页面加载时间太长,需要压缩)
重新编译nginx,添加模块
nginx -s stop
cd nginx-1.14.2
make clean ##重新编译之前要make clean
./configure --prefix=/usr/local/nginx --with-http_realip_module --with-http_image_filter_module=dynamic
编译报错,没有gd-devel包
yum list gd ##看到系统gd版本是2.0.35-26,所以自己下载的gd-devel也得是这个版本
yum install -y gd-devel-2.0.35-26.el7.x86_64.rpm
./configure --prefix=/usr/local/nginx --with-http_realip_module --with-http_image_filter_module=dynamic
make ##不要make install(除了第一次编译)
将新的二进制文件替换原来的nginx二进制文件
[root@server1 nginx-1.14.2]# cd objs/
[root@server1 objs]# cp nginx /usr/local/nginx/sbin/nginx
cp: overwrite ‘/usr/local/nginx/sbin/nginx’? y
静态模块需要手动新建目录,把图像模块放进去
[root@server1 objs]# mkdir /usr/local/nginx/modules
[root@server1 objs]# ls
autoconf.err ngx_http_image_filter_module_modules.c
Makefile ngx_http_image_filter_module_modules.o
nginx ngx_http_image_filter_module.so
nginx.8 ngx_modules.c
ngx_auto_config.h ngx_modules.o
ngx_auto_headers.h src
[root@server1 objs]# cp ngx_http_image_filter_module.so /usr/local/nginx/modules/
修改配置文件
vim /usr/local/nginx/conf/nginx.conf
load_module modules/ngx_http_image_filter_module.so; ##加在最开头
location /download/ {
limit_conn addr 1;
#limit_rate 50k;
#limit_req zone=one burst=5;
image_filter resize 150 100; #重新调整图片的尺寸(像素)
}
开启nginx,并重新加载配置文件
[root@server1 conf]# nginx
[root@server1 conf]# nginx -s reload
然后在浏览器上打开访问,没有变化先清理缓存
http://ip/download/vim.jpg #注意:路径一定要输入全
按F12,点击network->file可以看到图片大小变为不到2k,之前400多k
实现图片共享
接着上述实验,我们发现,客户想下载图片,就需要在浏览器输入的时候加上图片名称,这样显然是不合理的,继续更改配置文件
location /download/ {
limit_conn addr 1;
#limit_rate 50k;
#limit_req zone=one burst=5;
image_filter resize 150 100; #重新调整图片的尺寸(像素)
autoindex on; ##打开
}
在浏览器输入http://172.25.34.2/download/就可以访问的到该目录下的图片,即可下载
nginx访问页面实现加密(ssl)
关掉原来的nginx,重新编译,添加ssl模块
[root@server1 objs]# nginx -s stop
重新编译:
[root@server1 nginx-1.14.2]# make clean
rm -rf Makefile objs
[root@server1 nginx-1.14.2]# yum install -y openssl-devel
[root@server1 nginx-1.14.2]# ./configure --prefix=/usr/local/nginx --with-http_realip_module --with-http_image_filter_module=dynamic --with-http_ssl_module
[root@server1 nginx-1.14.2]# make
将新生的二进制文件替代原来的,并且要再次将图像模块放入modules目录下
[root@server1 objs]# cp nginx /usr/local/nginx/sbin/nginx
cp: overwrite ‘/usr/local/nginx/sbin/nginx’? y
[root@server1 objs]# ls
autoconf.err ngx_http_image_filter_module_modules.c
Makefile ngx_http_image_filter_module_modules.o
nginx ngx_http_image_filter_module.so
nginx.8 ngx_modules.c
ngx_auto_config.h ngx_modules.o
ngx_auto_headers.h src
[root@server1 objs]# cp ngx_http_image_filter_module.so /usr/local/nginx/modules/
cp: overwrite ‘/usr/local/nginx/modules/ngx_http_image_filter_module.so’? y
在cd /etc/pki/tls/cd cert目录下,生成ssl证书
[root@server1 certs]# cd /etc/pki/tls/certs/
[root@server1 certs]# make cert.pem
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -utf8 -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
cat $PEM1 > cert.pem ; \
echo "" >> cert.pem ; \
cat $PEM2 >> cert.pem ; \
rm -f $PEM1 $PEM2
Generating a 2048 bit RSA private key
..................................+++
..........................+++
writing new private key to '/tmp/openssl.1V00AV'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn ##国家
State or Province Name (full name) []:shannxi ##省份
Locality Name (eg, city) [Default City]:xi'an ##城市
Organization Name (eg, company) [Default Company Ltd]:westos ##公司
Organizational Unit Name (eg, section) []:linux ##
Common Name (eg, your name or your server's hostname) []:server1 ##主机名
Email Address []:root@localhost ##邮箱
[root@server1 certs]# ll cert.pem
-rw------- 1 root root 3088 Aug 7 08:14 cert.pem
将锁子和钥匙放在nginx的配置文件目录下
[root@server1 certs]# cp cert.pem /usr/local/nginx/conf/
创建/web,并编写测试页
[root@server1 /]# cd
[root@server1 ~]# mkdir /web
[root@server1 ~]# cd /web/
[root@server1 web]# vim index.html
www.westos.org
添加域名解析
[root@server1 conf]# vim /etc/hosts
172.25.34.2 www.westos.org
添加加密认证:
[root@server1 ~]# vim /usr/local/nginx/conf/nginx.conf
开启nginx
[root@server1 conf]# nginx
[root@server1 conf]# nginx -s reload
测试:
进入浏览器输入www.wetsos.org,第一次进入,浏览器会让你添加证书
添加之后,在做尝试,输入 www.westos.org,就会自动转到https加密模式
http到https实现网页重定向
301 | 永久重定向,rewrite重写,可以被缓存,pcre库 |
302 | 临时重定向,盗链,不能被缓存 |
访问淘宝,发现淘宝做了重定向,那如何自动实现https加密呢?
访问www.westos.org(实质:http://www.westos.org) 自动跳转到 https://www.westos.org 即:http —> https
每次在编辑文件之后都要重新加载配置文件,不再赘述
server1上:
[root@server1 ~]# cd /usr/local/lnmp/nginx/conf/
[root@server1 conf]# vi nginx.conf ##编辑配置文件
server {
listen 80;
server_name www.westos.org;
rewrite ^/(.*)$ https://www.westos.org/$1; ##$1表示用户在这里输入的内容保留,只会重定向$1前面的
rewrite ^/(.*)$ https://www.westos.org/$1 permanent; # 永久重定向(可以缓存,临时的不允许缓存)
rewrite ^/bbs$ https://bbs.westos.org/index.html permanent; #表示访问www.westos.org并且以bbs结尾的,都定向到https://bbs.westos.org
location / {
root /web;
index index.html index.htm;
}
}
创建发布目录
[root@server1 conf]# mkdir /web
[root@server1 conf]# cd /web
[root@server1 conf]# vi index.html
编写域名解析
[root@server1 conf]# vi /etc/hosts
172.25.34.2 www.westos.org
加载配置文件
[root@server1 conf]# nginx -s reload
测试:
rewrite第一行开启,其他关闭
[root@server1 conf]# curl -I www.westos.org
HTTP/1.1 302 Moved Temporarily ##302临时重定向
Server: nginx/1.10.1
Date: Sat, 19 Oct 2019 03:47:26 GMT
Content-Type: text/html
Content-Length: 161
Connection: keep-alive
Location: https://www.westos.org/
rewrite第二行开启,其他关闭
[kiosk@foundation0 Packages]$ curl -I www.westos.org
HTTP/1.1 301 Moved Permanently ##r添加参数permenent,永久重定向
Server: nginx/1.15.9
Date: Sat, 13 Apr 2019 06:13:13 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://www.westos.org/
[kiosk@foundation0 Packages]$ curl -I www.westos.org/index.html #$1
HTTP/1.1 301 Moved Permanently
Server: nginx/1.15.9
Date: Sat, 13 Apr 2019 06:16:02 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://www.westos.org/index.html
第三行开启,其他关闭
[root@foundation0 ~]# curl -I www.westos.org/bbs
HTTP/1.1 301 Moved Permanently
Server: nginx/1.15.9
Date: Sat, 13 Apr 2019 06:32:00 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: http://bbs.westos.org/index.html
[root@foundation0 ~]# curl -I www.westos.org/bbs/index.html
HTTP/1.1 404 Not Found
Server: nginx/1.15.9
Date: Sat, 13 Apr 2019 06:32:05 GMT
Content-Type: text/html
Content-Length: 153
Connection: keep-alive
实现整合:
整合
server {
listen 80;
server_name www.westos.org bbs.westos.org;
#rewrite ^/(.*)$ https://www.westos.org/$1 permanent;
#rewrite ^/bbs$ http://bbs.westos.org permanent;
#rewrite ^/bbs/(.*)$ http://bbs.westos.org/$1 permanent;
if ($host = "bbs.westos.org") { #$host : 请求主机头字段,否则为服务器名称
rewrite ^/(.*)$ http://www.westos.org/bbs/$1 permanent;
}
location / {
root /web;
index index.html;
}
}