nginx介绍
nginx官网 :nginx.org
nginx主要应用web服务、反向代理和负载均衡的作用上
nginx分支,淘宝基于nginx开发的Tengine,使用上和nginx一致,服务和配置名一致
nginx比起apache在处理静态页面时更有优势,nginx最大区别在于Tenging支持一些定制化模块,在安全限速方面比较突出,支持js、css合并,优化web的高并发的访问需求
nginx核心+lua相关组件和模块可以组成一个支持lua的高性能web容器openresty,openresty(openr's't)支持更高性能的web访问需求
安装nginx
在官网下载nginx解压,执行默认的编译参数,不加其他的参数选项,后面学习需要模块的话再重新编译
解压nginx编译安装包,并configure执行编译
[root@localhost src]# wget http://nginx.org/download/nginx-1.15.2.tar.gz
--2018-08-10 22:48:38-- http://nginx.org/download/nginx-1.15.2.tar.gz
正在解析主机 nginx.org (nginx.org)... 206.251.255.63, 95.211.80.227, 2606:7100:1:69::3f, ...
正在连接 nginx.org (nginx.org)|206.251.255.63|:80... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:1025746 (1002K) [application/octet-stream]
正在保存至: “nginx-1.15.2.tar.gz”
100%[====================================================>] 1,025,746 3.43KB/s 用时 4m 34s
2018-08-10 22:53:12 (3.66 KB/s) - 已保存 “nginx-1.15.2.tar.gz” [1025746/1025746])
[root@localhost src]# tar zxf nginx-1.15.2.tar.gz -C .
[root@localhost src]# cd nginx-1.15.2/
[root@localhost nginx-1.15.2]# ls
auto CHANGES CHANGES.ru conf configure contrib html LICENSE man README src
[root@localhost nginx-1.15.2]# ./configure --prefix=/usr/local/nginx
checking for OS
+ Linux 3.10.0-514.el7.x86_64 x86_64
checking for C compiler ... found
---------------------------------省略过程
nginx http fastcgi temporary files: "fastcgi_temp"
nginx http uwsgi temporary files: "uwsgi_temp"
nginx http scgi temporary files: "scgi_temp"
[root@localhost nginx-1.15.2]# make
make -f objs/Makefile
make[1]: 进入目录“/usr/local/src/nginx-1.15.2”
[root@localhost nginx-1.15.2]# make install
------------------------------------省略过程
编译安装后编写nginx的启动脚本文件,这个文件存放在/etc/init.d/目录下,给予权限755,我这里想给nginx添加到系统启动中,但是chkconfig提示不支持此操作,这是因为在启动脚本前需要指定配置chkconfig的默认的一个运行级别,否则chkconfig时就会提示不支持此操作
[root@localhost conf]# vim /etc/init.d/nginx
#!/bin/bash
# chkconfig: - 30 21
# description: http service.
# Source Function Library
. /etc/init.d/functions
# Nginx Settings
NGINX_SBIN="/usr/local/nginx/sbin/nginx"
NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
NGINX_PID="/usr/local/nginx/logs/nginx.pid"
RETVAL=0
prog="Nginx"
start()
{
echo -n $"Starting $prog: "
mkdir -p /dev/shm/nginx_temp
daemon $NGINX_SBIN -c $NGINX_CONF
RETVAL=$?
echo
return $RETVAL
}
stop()
{
echo -n $"Stopping $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -TERM
rm -rf /dev/shm/nginx_temp
RETVAL=$?
echo
return $RETVAL
}
reload()
{
echo -n $"Reloading $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -HUP
RETVAL=$?
echo
return $RETVAL
}
restart()
{
stop
start
}
configtest()
{
$NGINX_SBIN -c $NGINX_CONF -t
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
restart
;;
configtest)
configtest
;;
*)
echo $"Usage: $0 {start|stop|reload|restart|configtest}"
RETVAL=1
esac
exit $RETVAL
[root@localhost nginx-1.15.2]# chkconfig --add nginx
服务 nginx 不支持 chkconfig ---------错误提示,需要在启动配置文件前添加chkconfig运行级别配置
[root@localhost nginx-1.15.2]# chmod 755 /etc/init.d/nginx
[root@localhost conf]# chkconfig --add nginx
[root@localhost conf]# chkconfig nginx on
[root@localhost conf]# chkconfig --list
mysqld 0:关 1:关 2:开 3:开 4:开 5:开 6:关
netconsole 0:关 1:关 2:关 3:关 4:关 5:关 6:关
network 0:关 1:关 2:开 3:开 4:开 5:开 6:关
nginx 0:关 1:关 2:开 3:开 4:开 5:开 6:关
php-fpm 0:关 1:关 2:开 3:开 4:开 5:开 6:关
chkconfig添加系统自启动后无报错,再配置nginx.conf的配置文件,这里简单描述下其参数功能,其功能如下:
[root@localhost conf]# vim nginx.conf
user nobody nobody;
worker_processes 2;
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 6000;
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 3526;
server_names_hash_max_size 4096;
log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
' $host "$request_uri" $status'
' "$http_referer" "$http_user_agent"';
sendfile on;
tcp_nopush on;
keepalive_timeout 30;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 8 4k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
client_max_body_size 10m;
client_body_buffer_size 256k;
client_body_temp_path /usr/local/nginx/client_body_temp;
proxy_temp_path /usr/local/nginx/proxy_temp;
fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
fastcgi_intercept_errors on;
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css text/htm
application/xml;
server
{
listen 80;
server_name localhost;
index index.html index.htm index.php;
root /usr/local/nginx/html;
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
}
}
}
nginx的全局配置
user nobody nobody; 指定nginx进程的运行用户
worker_processes 2; 一个父进程开启的子进程
error_log /usr/local/nginx/logs/nginx_error.log crit; 日志存放的目录
pid /usr/local/nginx/logs/nginx.pid; 启动停止时更新的pid文件
worker_rlimit_nofile 51200; 每个进程最大打开文件的数量
使用ps -aux查看nginx进程时会看到一个Ss的父进程,父进程是由root用户运行,其子进程是由服务的服务用户运行的,如nobody用户
server部分配置
server
{
listen 80; nginx的启动端口
server_name localhost; nginx本地解析名称,这里填写网站域名
index index.html index.htm index.php; 指定默认的网站页面
root /usr/local/nginx/html; 指定网站根目录
location ~ \.php$ php解析模块配置
{
include fastcgi_params; php的工作模式
fastcgi_pass unix:/tmp/php-fcgi.sock; nginx的通信类型,另一种类型是127.0.0.1:9000;的回环地址解析的方式
fastcgi_index index.php; php解析的首页
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
}
}
}
nginx默认虚拟主机
nginx配置默认虚拟主机除了server模块方式,还有指定虚拟主机配置文件这个方式,指定单独的虚拟主机配置文件,一个配置文件就是一个虚拟主机,这里只简单配置一个虚拟主机,不涉及域名和其他配置
在nginx.conf配置文件中加入指定虚拟主机配置文件的配置路径,这里只需要打开虚拟主机配置文件即可,添加虚拟主机配置文件必须把nginx.conf配置文件中的server配置模块删除掉,否则虚拟主机配置文件则不会生效
[root@localhost conf]# vim nginx.conf
application/xml;
include vhost/*.conf;
server
配置默认虚拟主机文件,默认虚拟主机文件是保存在vhost目录下的。vhost在conf目录下,默认是不存在的,需要手动创建,默认虚拟主机的根网站路径也是不存在的,需要手动创建
[root@localhost conf]# ls
fastcgi.conf fastcgi_params.default mime.types nginx.conf.1 scgi_params.default win-utf
fastcgi.conf.default koi-utf mime.types.default nginx.conf.default uwsgi_params
fastcgi_params koi-win nginx.conf scgi_params uwsgi_params.default
[root@localhost conf]# mkdir vhost
[root@localhost conf]# cd vhost/
[root@localhost vhost]# vim a.nginx.conf
server
{
listen 80 default_server;
server_name aaa.com;
index index.html index.htm index.php;
root /data/wwwroot/aaa;
}
编辑虚拟主机配置文件中指定的网站根目录的页面进行测试,-s reload是重新加载配置文件,不用重启nginx服务,这里没有域名,所以测试访问是在本机访问回环地址进行测试的,配置域名解析后即可公网测试访问
[root@localhost vhost]# mkdir -p /data/wwwroot/aaa
[root@localhost vhost]# vim /data/wwwroot/aaa/index.php
<?php
phpinfo();
[root@localhost vhost]# /usr/local/nginx/sbin/nginx -s reload
-------------------------测试url访问
[root@localhost conf]# curl localhost
This is the default site.
[root@localhost conf]# curl -x127.0.0.1:80 aaa.com
This is the default site.
nginx用户认证
在conf/vhost/目录下编辑一个虚拟主机配置文件,这里定义新虚拟主机配置文件为b.conf
[root@localhost vhost]# vim b.conf
server
{
listen 80 ;
server_name b.com;
index index.html index.htm index.php;
root /data/wwwroot/b;
location /
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
}
指定用户认证需要使用到apache的htpasswd的密码生成工具,这里可以使用yum安装httpd,在使用完成后也可删除,建议保留,方便日后再次添加认证用户
[root@localhost vhost]# htpasswd -c /usr/local/nginx/conf/htpasswd user
New password:
Re-type new password:
Adding password for user user
[root@localhost vhost]# htpasswd /usr/local/nginx/conf/htpasswd user1 再次添加一个用户
New password:
Re-type new password:
Adding password for user user1
[root@localhost vhost]# cat /usr/local/nginx/conf/htpasswd
user:$apr1$AUrl5dQq$GpglCih5wADphsN7KJ0LQ1
user1:$apr1$Nfc9PosN$OHQFumTtuYxb3.LR4v72J1
测试下访问用户认证,401错误码表示页面限制访问,curl -u指定用户认证访问测试
[root@localhost vhost]# curl -x127.0.0.1:80 b.com
<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.15.2</center>
</body>
</html>
[root@localhost vhost]# curl -uuser1:pwd@321 -x127.0.0.1:80 b.com
bbb
设置页面、目录用户认证访问,location(lou;'k;'sèng)模块后配置匹配限制访问的目录或页面
[root@localhost vhost]# vim b.conf
server
{
listen 80;
server_name b.com;
index index.html index.htm index.php;
root /data/wwwroot/b;
location ~ admin.php 匹配规则: ~ admin.php 或者匹配目录 /admin/
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
}
nginx域名重定向
nginx域名重定向比httpd域名重定向配置起来要简单很多,其匹配域名也能写多个,httpd中配置域名跳转只能匹配一个域名,针对一个域名进行跳转,nginx的server_name后可以跟多个域名进行匹配,当有访问到匹配的域名时,nginx就会把访问跳转至rewrite指定跳转的域名上,配置及测试如下
[root@localhost vhost]# vim aaa.conf
server
{
listen 80 default_server;
server_name ddd.com ccc.com;
server_name aaa.com;
index index.html index.htm index.php;
root /data/wwwroot/aaa;
if ($host != 'test.com') {
rewrite ^/(.*)$ http://aaa.com/$1 permanent;
}
}
重新加载配置文件并测试ccc.com域名跳转
[root@localhost vhost]# /usr/local/nginx/sbin/nginx -s reload
[root@localhost vhost]# curl -x127.0.0.1:80 ccc.com/index.php -I
HTTP/1.1 301 Moved Permanently
Server: nginx/1.15.2
Date: Fri, 10 Aug 2018 19:03:20 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: http://aaa.com/index.php
测试ddd.com域名跳转
[root@localhost vhost]# curl -x127.0.0.1:80 ddd.com/index.php -I
HTTP/1.1 301 Moved Permanently
Server: nginx/1.15.2
Date: Fri, 10 Aug 2018 19:03:43 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: http://aaa.com/index.php
转载于:https://blog.51cto.com/8844414/2159225