Nginx
Nginx1.1.6.0 安装
1# 下载
2[root@localhost software]# wget https://nginx.org/download/nginx-1.16.0.tar.gz
3
4# 依赖
5[root@localhost software]# yum install -y pcre pcre-devel openssl openssl-devel gcc gcc-c++ autoconf automake make
6
7# 编译安装步骤
8[root@localhost software]# tar xf nginx-1.16.0.tar.gz
9[root@localhost software]# cd nginx-1.16.0
10
11[root@localhost nginx-1.16.0]# useradd -s /sbin/nologin www -M
12[root@localhost ~]# mkdir /application
13
14[root@localhost nginx-1.16.0]# ./configure --user=www --group=www --prefix=/application/nginx-1.16.0 --with-http_stub_status_module --with-http_ssl_module --with-pcre
15[root@localhost nginx-1.16.0]# make
16[root@localhost nginx-1.16.0]# make install
17[root@localhost nginx-1.16.0]# ln -s /application/nginx-1.16.0/ /application/nginx
18
19# 启动服务
20[root@localhost nginx-1.16.0]# /application/nginx/sbin/nginx
21
22# 发现nginx监听在80端口上
23[root@localhost nginx-1.16.0]# netstat -tnlp | grep nginx
24tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 31813/nginx: master
25
26# 访问nginx
27http://192.168.31.212/
目录结构
| 目录名 | 功能 |
|---|---|
| sbin | 启动命令 |
| logs | 日志和进程号对应文件 |
| HTML | 默认站点目录 |
| nginx.conf | 主配置文件 |
| fastcgi.conf | 动态服务接口配置参数,配合 PHP |
命令添加到环境变量中
1[root@localhost ~]# echo 'PATH="/application/nginx/sbin:$PATH"' >>/etc/profile
2[root@localhost ~]# . /etc/profile
3[root@localhost ~]# echo $PATH
4/application/nginx/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
Nginx 常用命令
1# 检查配置文件语法是否正确
2[root@localhost ~]# nginx -t
3nginx: the configuration file /application/nginx-1.16.0/conf/nginx.conf syntax is ok
4nginx: configuration file /application/nginx-1.16.0/conf/nginx.conf test is successful
5
6# 重新加载配置文件
7[root@localhost ~]# nginx -s reload
8
9
主配置文件
1# 生成没有注解的主配置文件
2[root@localhost nginx-1.16.0]# egrep -v "^$|#" /application/nginx/conf/nginx.conf.default > /application/nginx/conf/nginx.conf
3
4[root@localhost nginx-1.16.0]# cat /application/nginx/conf/nginx.conf
5worker_processes 1;
6events {
7 worker_connections 1024;
8}
9http {
10 include mime.types;
11 default_type application/octet-stream;
12 sendfile on;
13 keepalive_timeout 65;
14 server {
15 listen 80;
16 server_name localhost;
17 location / {
18 root html;
19 index index.html index.htm;
20 }
21 error_page 500 502 503 504 /50x.html;
22 location = /50x.html {
23 root html;
24 }
25 }
26}
27
28# 删除17行到20行之后的内容
29[root@localhost ~]# cat /application/nginx/conf/nginx.conf
30worker_processes 1;
31events {
32 worker_connections 1024;
33}
34http {
35 include mime.types;
36 default_type application/octet-stream;
37 sendfile on;
38 keepalive_timeout 65;
39 server {
40 listen 80;
41 server_name localhost;
42 location / {
43 root html;
44 index index.html index.htm;
45 }
46 }
47}
虚拟主机
基于域名的虚拟主机
1[root@localhost ~]# cat /application/nginx/conf/nginx.conf
2worker_processes 1;
3events {
4 worker_connections 1024;
5}
6http {
7 include mime.types;
8 default_type application/octet-stream;
9 sendfile on;
10 keepalive_timeout 65;
11 server {
12 listen 80;
13 server_name www.soulboy.com;
14 location / {
15 root html/www;
16 index index.html index.htm;
17 }
18 }
19 server {
20 listen 80;
21 server_name www.blog.com;
22 location / {
23 root html/blog;
24 index index.html index.htm;
25 }
26 }
27
28}
29
30[root@localhost ~]# mkdir /application/nginx/html/www
31[root@localhost ~]# mkdir /application/nginx/html/blog
32[root@localhost ~]# echo "www.soulboy.com" > /application/nginx/html/www/index.html
33[root@localhost ~]# echo "www.blog.com" > /application/nginx/html/blog/index.html
34[root@localhost ~]# echo "192.168.31.212 www.soulboy.com" >>/etc/hosts
35[root@localhost ~]# echo "192.168.31.212 www.blog.com" >>/etc/hosts
36
37# 测试
38[root@localhost ~]# curl www.soulboy.com
39www.soulboy.com
40[root@localhost ~]# curl www.blog.com
41www.blog.com
基于端口的虚拟主机
1[root@localhost conf]# cat /application/nginx/conf/nginx.conf
2worker_processes 1;
3events {
4 worker_connections 1024;
5}
6http {
7 include mime.types;
8 default_type application/octet-stream;
9 sendfile on;
10 keepalive_timeout 65;
11 server {
12 listen 80;
13 server_name www.soulboy.com;
14 location / {
15 root html/www;
16 index index.html index.htm;
17 }
18 }
19 server {
20 listen 81;
21 server_name www.blog.com;
22 location / {
23 root html/blog;
24 index index.html index.htm;
25 }
26 }
27}
28
29# 测试,如果能解析到ip,但是匹配不到FQDN名,Nginx默认会选择第一个server为请求提供服务
30[root@localhost conf]# curl www.blog.com
31www.soulboy.com
32[root@localhost conf]# curl www.blog.com:81
33www.blog.com
基于 IP 的虚拟主机
1# 添加辅助ip
2[root@localhost conf]# ip addr add 192.168.31.250/24 dev enp0s3 label enp0s3:10
3
4# 查看配置文件
5[root@localhost conf]# cat nginx.conf
6worker_processes 1;
7events {
8 worker_connections 1024;
9}
10http {
11 include mime.types;
12 default_type application/octet-stream;
13 sendfile on;
14 keepalive_timeout 65;
15 server {
16 listen 192.168.31.212:80;
17 server_name www.soulboy.com;
18 location / {
19 root html/www;
20 index index.html index.htm;
21 }
22 }
23 server {
24 listen 192.168.31.250:80;
25 server_name www.blog.com;
26 location / {
27 root html/blog;
28 index index.html index.htm;
29 }
30 }
31}
32
33# 测试(必须stop,reload没有用)
34[root@localhost conf]# nginx -s stop
35[root@localhost conf]# nginx
36[root@localhost conf]# netstat -tnlp | grep nginx
37tcp 0 0 192.168.31.250:80 0.0.0.0:* LISTEN 19346/nginx: master
38tcp 0 0 192.168.31.212:80 0.0.0.0:* LISTEN 19346/nginx: master
39[root@localhost conf]# curl 192.168.31.250
40www.blog.com
41[root@localhost conf]# curl 192.168.31.212
42www.soulboy.com
返回状态码
防止恶意解析,如果解析不到对应的 server,则默认走第一个 server,返回 500
1[root@localhost conf]# echo "192.168.31.212 www.oldboy.com" >>/etc/hosts
2
3[root@localhost conf]# cat /application/nginx/conf/nginx.conf
4worker_processes 1;
5events {
6 worker_connections 1024;
7}
8http {
9 include mime.types;
10 default_type application/octet-stream;
11 sendfile on;
12 keepalive_timeout 65;
13 server{
14 listen 80;
15 server_name _default;
16 return 500;
17 }
18 server {
19 listen 80;
20 server_name www.soulboy.com;
21 location / {
22 root html/www;
23 index index.html index.htm;
24 }
25 }
26 server {
27 listen 80;
28 server_name www.blog.com;
29 location / {
30 root html/blog;
31 index index.html index.htm;
32 }
33 }
34}
35
36# 测试
37[root@localhost conf]# curl www.soulboy.com
38www.soulboy.com
39[root@localhost conf]# curl www.blog.com
40www.blog.com
41[root@localhost conf]# curl www.oldboy.com
42<html>
43<head><title>500 Internal Server Error</title></head>
44<body>
45<center><h1>500 Internal Server Error</h1></center>
46<hr><center>nginx/1.16.0</center>
47</body>
48</html>
配置文件拆分
1# 主配置文件
2[root@localhost conf]# cat nginx.conf
3worker_processes 1;
4events {
5 worker_connections 1024;
6}
7http {
8 include mime.types;
9 default_type application/octet-stream;
10 sendfile on;
11 keepalive_timeout 65;
12# include extra/01.soulboy.conf;
13# include extra/02.blog.conf;
14 include extra/*.conf;
15
16}
17
18
19# 01.soulboy.conf
20[root@localhost conf]# sed -n '10,17p' nginx.conf >/application/nginx/conf/extra/01.soulboy.conf
21[root@localhost conf]# cat extra/01.soulboy.conf
22 server {
23 listen 80;
24 server_name www.soulboy.com;
25 location / {
26 root html/www;
27 index index.html index.htm;
28 }
29 }
30
31# 02.blog.conf
32[root@localhost conf]# sed -n '18,25p' nginx.conf >/application/nginx/conf/extra/02.blog.conf
33[root@localhost conf]# cat extra/02.blog.conf
34 server {
35 listen 80;
36 server_name www.blog.com;
37 location / {
38 root html/blog;
39 index index.html index.htm;
40 }
41 }
别名
1[root@localhost conf]# cat extra/02.blog.conf
2 server {
3 listen 80;
4 server_name www.blog.com blog.com;
5 location / {
6 root html/blog;
7 index index.html index.htm;
8 }
9 }
10
11[root@localhost conf]# cat /etc/hosts
12127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
13::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
14192.168.31.212 www.soulboy.com soulboy.com
15192.168.31.212 www.blog.com blog.com
16192.168.31.212 www.oldboy.com
17
18[root@localhost conf]# curl blog.com
19www.blog.com
20
Nginx status
1# 查看是否安装 status模块
2[root@localhost conf]# nginx -V
3nginx version: nginx/1.16.0
4built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
5built with OpenSSL 1.0.2k-fips 26 Jan 2017
6TLS SNI support enabled
7configure arguments: --user=www --group=www --prefix=/application/nginx-1.16.0 --with-http_stub_status_module --with-http_ssl_module --with-pcre
8
9# 配置文件
10[root@localhost conf]# cat extra/04_status.conf
11#status
12server{
13 listen 80;
14 server_name status.soulboy.com;
15 location / {
16 stub_status on;
17 access_log off;
18 }
19}
20
21# 测试
22## server 表示nginx启动到现在共处理了多少个连接
23## accepts 表示nginx启动到现在共成功创建多少次握手
24## handle requests 表示总共处理了多少次请求
25## Reading 为Nginx读取到客户端的 Header 信息数
26## Writing 为Nginx返回给客户端的 Header 信息数
27## Waiting 为Nginx已经处理完正在等候下一次请求指令的驻留连接。在开启keep-alive的情况下,这个值等于active-(reading +writing)
28[root@localhost conf]# curl status.soulboy.com
29Active connections: 1
30server accepts handled requests
31 12 12 12
32Reading: 0 Writing: 1 Waiting: 0
错误日志
1[root@localhost conf]# cat nginx.conf
2worker_processes 1;
3error_log logs/error.log error; #配置错误日志
4events {
5 worker_connections 1024;
6}
7http {
8 include mime.types;
9 default_type application/octet-stream;
10 sendfile on;
11 keepalive_timeout 65;
12# include extra/01.soulboy.conf;
13# include extra/02.blog.conf;
14 include extra/*.conf;
15}
16
访问日志
1# 配置日志格式 main
2[root@localhost conf]# cat nginx.conf
3worker_processes 1;
4error_log logs/error.log error;
5events {
6 worker_connections 1024;
7}
8http {
9 include mime.types;
10 default_type application/octet-stream;
11 sendfile on;
12 keepalive_timeout 65;
13
14 log_format main '$remote_addr - $remote_user [$time_local] "$request" '
15 '$status $body_bytes_sent "$http_referer" '
16 '"$http_user_agent" "$http_x_forwarded_for"';
17
18# include extra/01.soulboy.conf;
19# include extra/02.blog.conf;
20 include extra/*.conf;
21
22
23# 在server中开启访问日志,并且引用核心区域的日志格式main
24[root@localhost conf]# cat extra/01.soulboy.conf
25 server {
26 listen 80;
27 server_name www.soulboy.com soulboy.com;
28 location / {
29 root html/www;
30 index index.html index.htm;
31 }
32 access_log logs/access_soulboy.log main buffer=32k flush=5s;
33 }
34
35# 测试
36[root@localhost conf]# curl www.soulboy.com
37www.soulboy.com
38[root@localhost logs]# cat access_soulboy.log
39192.168.31.212 - - [04/May/2021:01:20:21 +0800] "GET / HTTP/1.1" 200 16 "-" "curl/7.29.0" "-"
40
41
42
| col1 | col2 |
|---|---|
| $remote_addr | 来访者的 ip 地址 |
| $remote_user | 来访者用户名 |
| $time_local | 访问时间、时区 |
| $request | 用户的 http 请求起始行信息 |
| $status | http 状态码,记录请求返回的状态:200、404、301 等 |
| $body_bytes_sent | 服务器发送给客户端的响应 body 字节数 |
| $http_referer | 记录此次请求是从哪个链接访问过来的,可以根据 referer 进行防盗链设置 |
| $http_user_agent | 记录客户端的访问信息:浏览器、手机客户端等 |
| $http_x_forwarded_for | 当前段有代理服务器时,设置 Web 节点记录地址的配置,此参数生效的前提是代理服务器上也要进行相关的 x_forwarded_for 设置。 |
访问日志切割
1# 编写日志切割脚本
2[root@localhost conf]# cat /software/script/cut_nginx_log.sh
3#!/bin/sh
4Dateformat=`date +%Y%m%d -d -1day`
5Basedir="/application/nginx"
6Nginxlogdir="$Basedir/logs"
7Logname="access_soulboy"
8[ -d $Nginxlogdir ] && cd $Nginxlogdir || exit 1
9[ -f ${Logname}.log ] || exit
10/bin/mv ${Logname}.log ${Dateformat}_${Logname}.log
11$Basedir/sbin/nginx -s reload
12
13# 测试
14[root@localhost logs]# sh /software/script/cut_nginx_log.sh
15[root@localhost logs]# ls
1620210503_access_soulboy.log access.log access_soulboy.log error.log nginx.pid
17
18# 添加到计划任务,每天凌晨零点执行一次
19[root@localhost logs]# crontab -e
20#cut log by soulboy at 20210504
2100 00 * * * /bin/sh /software/script/cut_nginx_log.sh >/dev/null 2>&1
location
location [= | ~ | ~* | ^ ~ | @] uri {...}
uri 是关键,可以是普通的字符串地址路径或者是正则表达式。
~:用于区分大小写的匹配
~*:用于不区分大小写的匹配
!:取反,!~和! ~*
^~:作用是在常规的字符串匹配检查之后,不做正则表达式的检查,即如果最明确的那个字符串匹配的 Location 配置中有此前缀,那么不做正则表达式的检查。
1[root@localhost extra]# cat 01.soulboy.conf
2 server {
3 listen 80;
4 server_name www.soulboy.com soulboy.com;
5 root html/www;
6 location / {
7 return 401;
8 }
9 location = / {
10 return 402;
11 }
12 location /documents/ {
13 return 403;
14 }
15 location ^~ /images/ {
16 return 404;
17 }
18 location ~* \.(gif|jpg|jpeg)$ {
19 return 500;
20 }
21 access_log logs/access_soulboy.log main buffer=32k flush=5s;
22 }
23
24# 测试
25[root@localhost extra]# curl -s -o /dev/null -I -w "%{http_code}\n" http://www.soulboy.com
26402
27[root@localhost extra]# curl -s -o /dev/null -I -w "%{http_code}\n" http://www.soulboy.com/
28402
29
30[root@localhost extra]# curl -s -o /dev/null -I -w "%{http_code}\n" http://www.soulboy.com/index.html
31401
32
33[root@localhost extra]# curl -s -o /dev/null -I -w "%{http_code}\n" http://www.soulboy.com/documents/document.html
34403
35
36[root@localhost extra]# curl -s -o /dev/null -I -w "%{http_code}\n" http://www.soulboy.com/images/1.gif404
37404
38
39[root@localhost extra]# curl -s -o /dev/null -I -w "%{http_code}\n" http://www.soulboy.com/documents/1.jpg
40500
41
42[root@localhost extra]# curl -s -o /dev/null -I -w "%{http_code}\n" http://www.soulboy.com/oldboy/
43401
rewrite
1[root@localhost extra]# cat 01.soulboy.conf
2 server {
3 listen 80;
4 server_name soulboy.com;
5 rewrite ^/(.*) http://www.soulboy.com/$1 permanent;
6 }
7 server {
8 listen 80;
9 server_name www.soulboy.com;
10 root html/www;
11 location / {
12 root html/www;
13 index index.html index.htm;
14 }
15 access_log logs/access_soulboy.log main buffer=32k flush=5s;
16 }
17
18# 测试
19[root@localhost extra]# nginx -t
20nginx: the configuration file /application/nginx-1.16.0/conf/nginx.conf syntax is ok
21nginx: configuration file /application/nginx-1.16.0/conf/nginx.conf test is successful
22[root@localhost extra]# nginx -s reload
23[root@localhost extra]# curl -I soulboy.com # 发现301跳转
24HTTP/1.1 301 Moved Permanently
25Server: nginx/1.16.0
26Date: Mon, 03 May 2021 19:06:08 GMT
27Content-Type: text/html
28Content-Length: 169
29Connection: keep-alive
30Location: http://www.soulboy.com/
31
32[root@localhost extra]# curl -I soulboy.com/oldboy/abc/
33HTTP/1.1 301 Moved Permanently
34Server: nginx/1.16.0
35Date: Mon, 03 May 2021 19:07:44 GMT
36Content-Type: text/html
37Content-Length: 169
38Connection: keep-alive
39Location: http://www.soulboy.com/oldboy/abc/
负载均衡
1[root@localhost conf]# cat nginx.conf
2worker_processes 1;
3error_log logs/error.log error;
4events {
5 worker_connections 1024;
6}
7http {
8 include mime.types;
9 default_type application/octet-stream;
10 sendfile on;
11 keepalive_timeout 65;
12
13 upstream backend {
14 server 192.168.31.210:80 weight=1;
15 server 192.168.31.211:80 weight=1 max_fails=1 fail_timeout=10s;# 和上面一样,默认就是1,10s
16 }
17
18 server {
19 listen 80;
20 server_name www.soulboy.com;
21 location / {
22 proxy_pass http://backend;
23 proxy_set_header Host $host; # 用户后端的realserver中有多态虚拟主机的时候,根据转发过来的Host 字段判断是哪个虚拟主机。
24 proxy_set_header X-Forwarded-For $remote_addr; # realserver 中日志需要配置 "$http_x_forwarded_for" ,可以记录用户的真实IP,否则记录的是负载均衡器的IP
25 }
26 }
27
28}
29