Nginx website service
A nginx service foundation
1.1 Overview of nginx
Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server, released under the BSD-like protocol. Its characteristics are that it occupies less memory and has strong concurrency capabilities. In fact, nginx's concurrency capabilities perform better in the same type of web server. Mainland Chinese users of nginx websites include: Baidu, JD, Sina, NetEase, Tencent, Taobao, etc.
advantage
In the case of high concurrency of connections, Nginx is a good alternative to Apache services: Nginx in the United States is one of the software platforms that bosses who do virtual hosting business often choose. It can support responses up to 50,000 concurrent connections. Thank you Nginx for choosing epoll and kqueue as the development model for us.
1.2 nginx installation steps
Turn off and disable the firewall first
systemctl stop firewalld
systemctl disabled firewalld
Copy the nginx software package to the /opt directory,
decompress and install nginx
cd /opt
tar xzvf nginx-1.15.9.tar.gz
useradd -M -s /bin/nologin nginx #创建运行用户、组
Install support software, compile and install
yum -y install gcc gcc-c++ make pcre-devel zlib-devel
cd nginx-1.15.9/
./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-http_stub_status_module #开启stub_status状态统计模块
make && make install
1.3 nginx optimization
Path optimization
ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
ls -l /usr/local/sbin/nginx
Start, reconfigure, stop nginx
nginx ## 启动 Nginx
netstat -anpt |grep nginx ## 过滤Nginx的进程
yum -y install psmisc ###最小安装没有killall令需要安装
killall -s HUP nginx ## 重载Nginx配置文件(相当于刷新)
killall -s QUIT nginx ## 退出 Nginx
Add system service
Method one:
vi /lib/systemd/system/nginx.service
编辑模式
[Unit]
Description=nginx ###描述
After=network.target ####描述服务类别
[Service]
Type=forking ###后台运行形式
PIDFile=/usr/local/nginx/logs/nginx.pid #PID文件位置
ExecStart=/usr/local/nginx/sbin/nginx #启动服务
ExecReload=/usr/bin/kill -s HUP $MAINPID #根据PID重载配置
ExecStop=/usr/bin/kill -s QUIT $MAINPID #根据PID终止进程
PrivateTmp=true
[Install]
WantedBy=multi-user.target #最小安装方式适用
:wq保存退出
chmod 754 /lib/systemd/system/nginx.service
systemctl enable nginx.service
systemctl start nginx
Method Two
[root@localhost ~]# cd /etc/inid.d #添加使用service工具进行管理
[root@localhost init.d]# ls
[root@localhost init.d]# vim nginx
#!/bin/bash
# chkconfig: - 99 20
# description: Nginx Service Control Script
PROG="/usr/local/nginx/sbin/nginx"
PIDF="/usr/local/nginx/logs/nginx.pid"
case "$1" in
start)
$PROG
;;
stop)
kill -s QUIT $(cat $PIDF)
;;
restart)
$0 stop
$0 start
;;
reload)
kill -s HUP $(cat $PIDF)
;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac
exit 0
[root@localhost init.d]# chmod +x nginx
[root@localhost init.d]# chkconfig --add nginx
[root@localhost init.d]# chkconfig --level 35 nginx on
At this point, after the firewall is closed and the nginx service is opened, the access is successful
1.4 Access status statistics
Enable HTTP_ STUB_ STATUS status statistics module When
configuring compile parameters, participate in –with-http_stub_status_module
nginx -V to check whether the installed Nginx contains HTTP_STUB_STATUS module
Modify the /usr/local/nginx/conf/nginx.conf configuration file
vi /usr/local/nginx/conf/nginx.conf
编辑模式
location / {
root html;
index index.html index.htm;
}
添加如下内容
location /status {
stub_status on;
access_log off;
}
:wq保存退出
systemctl restart nginx
Active connections indicate the current number of active connections
server accepts handled requests indicate the connection information that has been processed
1 1 1 indicates:
the number of connections processed 1, the number of successful TCP handshakes 1, the number of requests processed 1
Two Nginx access control
2.1 Authorization-based access control
yum -y install httpd-tools
创建用户test并设置密码
htpasswd -c /usr/local/nginx/passwd.db test
New password:
Re-type new password:
查看密码(已加密)
cat /usr/local/nginx/passwd.db
修改文件权限为只读
chmod 400 /usr/local/nginx/passwd.db
将所有者修改为 nginx ,设置nginx的运行用户能够读取
chown nginx /usr/local/nginx/passwd.db
ll -d /usr/local/nginx/passwd.db
修改主配置文件nginx.conf,对相应目录添加认证配置项
vi /usr/local/nginx/conf/nginx.conf
编辑模式
location / {
root html;
index index.html index.htm;
#添加如下两行
auth_basic "secret";
auth_basic_user_file /usr/local/nginx/passwd.db;
}
[root@localhost ~]# nginx -t #检测语法
[root@localhost ~]# systemctl restart nginx
Enter the username and password to log in successfully
2.2 Client-based access control
Configuration rules
deny IP/IP segment: deny client access to a certain IP or IP segment
allow IP/IP segment: Allow client access of a certain IP or IP segment
The rule is executed from top to bottom, if it matches, it will stop and no longer match
note
Both deny and allow are only deny/allow relationships
配置步骤
修改主配置文件nginx.conf,添加相应配置项,除主机20.0.0.1之外允许其他客户端访问
vi /usr/local/nginx/conf/nginx.conf
编辑模式
location / {
root html;
index index.html index.htm;
auth_basic "secret";
auth_basic_user_file /usr/local/nginx/passwd.db;
deny 20.0.0.1;
allow all;
}
[root@localhost ~]# systemctl restart nginx
Three nginx virtual host
With virtual hosting, there is no need to provide a separate Nginx server or run a group of Nginx processes separately for each running website. Virtual hosting provides the function of running multiple websites on the same server and the same group of Nginx processes.
3.1 Virtual hosting based on domain name
1.修改Windows客户机的C:\Windows\System32\drivers\etc/hosts文件
20.0.0.11 www.61ser.top www.51ser.top
2.准备各个网站的目录和测试首页
mkdir -p /var/www/html/61ser/
mkdir -p /var/www/html/51ser/
echo "www.61ser.top" >> /var/www/html/61ser/index.html
echo "www.51ser.top" >> /var/www/html/51ser/index.html
3.修改配置文件,把配置文件中的server{}代码段全部去掉,加入2个新的server{}段,对应2个域名
vi /usr/local/nginx/conf/nginx.conf
server {
listen 80;
server_name www.61ser.top;
charset utf-8;
access_log logs/www.61ser.top.access.log;
location / {
root /var/www/html/61ser;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = 50x.html{
root html;
}
}
server {
listen 80;
server_name www.51ser.top;
charset utf-8;
access_log logs/www.51ser.top.access.log;
location / {
root /var/www/html/51ser;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = 50x.html{
root html;
}
}
systemctl restart nginx
测试
www.61ser.top
www.51ser.top
3.2 IP-based virtual hosting
Add virtual network card
Modify UUID
Modify IP address: 192.168.100.11
Modify gateway: 192.168.100.1
For the specific operation of adding a network card, please refer to this blog: Portal: Linux network card basic settings and common commands for network testing
主机配置两个IP地址
vim /usr/local/nginx/conf/nginx.conf
server {
listen 20.0.0.11:80;
server_name 20.0.0.11:80;
}
server {
listen 192.168.100.11:80;
server_name 192.168.100.11:80;
}
[root@localhost ~]# systemctl restart nginx
3.3 Port-based virtual web hosting
vim /usr/local/nginx/conf/nginx.conf
server {
listen 20.0.0.11:666;
server_name 20.0.0.11:666;
}
server {
listen 20.0.0.11:888;
server_name 20.0.0.11:888;
}
[root@localhost ~]# systemctl restart nginx