nginx的安装
# 下载Nginx wget http://nginx.org/download/nginx-1.16.1.tar.gz # 解压Nginx tar xf nginx-1.16.1.tar.gz # 安装gcc模块 C语言编译需要 yum install gcc zlib2-devel pcre-devel openssl-devel # 进入到解压目录下面 进行编译 ./configure --prefix=/opt/nginx --with-http_ssl_module --with-http_stub_status_module # 安装 make && make install
Nginx目录结构
conf 配置文件
html 存放静态文件 index.html 是默认的欢迎页面 logs 日志文件 sbin 二进制文件 Nginx支持的命令格式 ./sbin/nginx -h
[root@localhost nginx]# ./sbin/nginx -h nginx version: nginx/1.16.1 Usage: nginx [-?hvVtTq] [-s signal] [-c filename] [-p prefix] [-g directives] Options: -?,-h : this help -v : show version and exit 显示版本号 -V : show version and configure options then exit 显示版本+编译时选项 -t : test configuration and exit 测试配置文件 -T : test configuration, dump it and exit -q : suppress non-error messages during configuration testing -s signal : send signal to a master process: stop, quit, reopen, reload # 发送信号指令 -p prefix : set prefix path (default: /opt/nginx/) -c filename : set configuration file (default: conf/nginx.conf) -g directives : set global directives out of configuration file
启动Nginx ./sbin/nginx # 关闭防火墙 iptables -F
Nginx配置详解 ./config/nginx.conf
# nginx启动后会生成一个主进程,根据配置文件的选项生成子进程(工作进程),主进程不负责处理用户的请求,用来转发用户的请求(分给子进程) #user nobody; # 使用哪个用户来启动子进程 worker_processes 1; # 工作进程的个数 ,一般配置成CPU核心的个数-1或者-2 # cpu亲缘性绑定,让nginx的子进程工作在哪个核心上 #error_log logs/error.log; # 错误日志 #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { # use [epoll|select|poll]; # cpu算法,默认无 worker_connections 1024; # 没一个子进程可以处理的连接数,默认1024 } http { include mime.types; # 导入 default_type application/octet-stream; # 默认的请求方式 # 定义日志格式 #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; # 定义日志存放位置 #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; # 保持长连接的超时时间 秒 #gzip on; server { listen 80; # 监听端口 server_name localhost; # 域名 #charset koi8-r; #access_log logs/host.access.log main; location / { root html; # 指定静态文件地址 index index.html index.htm; # 指定默认的index页面 } # 网页出错显示的页面 /根目录 #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # # 错误页面 服务端错误 error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} }
配置简单实例
# 修改 conf目录下的nginx.conf配置 [root@localhost nginx]# vim ./conf/nginx.conf location / { root /data/html; # 根路径 这里地址为手动创建 index index.html; } location /img { root /data/img; # 文件存放为 mkdir /data/img/img # alias /data/img; } root /data/html; error_page 404 /404.html;
# 修改完毕后检查是否有问题 [root@localhost nginx]# ./sbin/nginx -t # 没有问题的话重启nginx服务 [root@localhost nginx]# ./sbin/nginx -s reload
root和alias的区别
location /img { root /data/img; } root /data/img 存放路径里面必须有/img (/data/img/img) location /img { alias /data/img; } alias /data/img 存放路径里面不需要有 /img (/data/img)
域名操作
listen 80; # 监听端口 server_name www.catdexin.com catdexin.com; # 域名 server_name www.catdexin.com www.baidu.com www.taobao.com; # 可以设置多个域名 # 输入域名先去dns缓存和dns服务器寻找域名 # 我们可以在host文件中设置一个作为测试用
可以配置多个server
server{ listen 80 default_server; # 默认server server_name www.baidu.com baidu.com; location / { root /data/baidu; index index.html; } } server{ listen 80; server_name www.baidu.com baidu.com; location / { root /data/baidu; index index.html; } }
nginx中的日志
# 定义日志格式 #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; remote_addr 请求ip地址 remote_user 请求的用户 time_local 本地时间 request 包括请求方式 请求地址 请求协议版本 status 状态码 body_bytes_sent 发送的大小 http_user_agent 用户请求头 http_x_forwarded_for 真实IP
为每个server配置自己的日志
server { listen 80 default_server; server_name www.catdexin.com catdexin.com; access_log logs/catdexin.com main; # 路径 location / { root /data/catdexin; index index.html; } } server { listen 80; server_name www.nayue.com nayue.com; access_log logs/nayue.com main; # 路径 location / { root /data/nayue; index index.html; } }
禁止访问(黑名单)
可以写在server或者location里面 deny 192.168.21.1; # 黑名单 单IP allow 192.168.21.131; # 白名单 deny 192.168.21.0/24; # 黑名单 整个网段
server{ listen 80; server_name www.baidu.com baidu.com; location / { deny 192.168.21.1; root /data/baidu; index index.html; } }