Nginx website service-about nginx system installation, access status statistics, access control, virtual host settings

A nginx service foundation

1.1 Overview of nginx

Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server, released under the BSD-like protocol. Its characteristics are that it occupies less memory and has strong concurrency capabilities. In fact, nginx's concurrency capabilities perform better in the same type of web server. Mainland Chinese users of nginx websites include: Baidu, JD, Sina, NetEase, Tencent, Taobao, etc.

advantage

In the case of high concurrency of connections, Nginx is a good alternative to Apache services: Nginx in the United States is one of the software platforms that bosses who do virtual hosting business often choose. It can support responses up to 50,000 concurrent connections. Thank you Nginx for choosing epoll and kqueue as the development model for us.

1.2 nginx installation steps

Turn off and disable the firewall first

systemctl stop firewalld
systemctl disabled firewalld

Copy the nginx software package to the /opt directory,

decompress and install nginx

cd /opt
tar xzvf nginx-1.15.9.tar.gz 
useradd -M -s /bin/nologin nginx			#创建运行用户、组

Install support software, compile and install

yum -y install gcc gcc-c++  make pcre-devel zlib-devel
cd nginx-1.15.9/
./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-http_stub_status_module		#开启stub_status状态统计模块
make && make install

1.3 nginx optimization

Path optimization

ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
ls -l /usr/local/sbin/nginx 

Start, reconfigure, stop nginx

nginx  ## 启动 Nginx
netstat -anpt |grep nginx ## 过滤Nginx的进程
yum -y install psmisc        ###最小安装没有killall令需要安装 
killall -s HUP nginx  ## 重载Nginx配置文件（相当于刷新）
killall -s QUIT nginx  ## 退出 Nginx

Add system service
Method one:

vi /lib/systemd/system/nginx.service
编辑模式
[Unit]
Description=nginx   ###描述
After=network.target    ####描述服务类别
[Service]
Type=forking    ###后台运行形式
PIDFile=/usr/local/nginx/logs/nginx.pid   #PID文件位置  
ExecStart=/usr/local/nginx/sbin/nginx    #启动服务
ExecReload=/usr/bin/kill -s HUP $MAINPID  #根据PID重载配置
ExecStop=/usr/bin/kill -s QUIT $MAINPID  #根据PID终止进程
PrivateTmp=true
[Install]
WantedBy=multi-user.target		#最小安装方式适用
:wq保存退出
chmod 754 /lib/systemd/system/nginx.service 
systemctl enable nginx.service 
systemctl start nginx

Method Two

[root@localhost ~]# cd /etc/inid.d		#添加使用service工具进行管理
[root@localhost init.d]# ls
[root@localhost init.d]# vim nginx
#!/bin/bash
# chkconfig: - 99 20
# description: Nginx Service Control Script
PROG="/usr/local/nginx/sbin/nginx"
PIDF="/usr/local/nginx/logs/nginx.pid"
case "$1" in
  start)
   $PROG
   ;;
  stop)
   kill -s QUIT $(cat $PIDF)
   ;;
  restart)
   $0 stop
   $0 start
   ;;
  reload)
   kill -s HUP $(cat $PIDF)
   ;;
  *)
  		echo "Usage: $0 {start|stop|restart|reload}"
  		exit 1
esac
exit 0
[root@localhost init.d]# chmod +x nginx
[root@localhost init.d]# chkconfig --add nginx
[root@localhost init.d]# chkconfig --level 35 nginx on

At this point, after the firewall is closed and the nginx service is opened, the access is successful

1.4 Access status statistics

Enable HTTP_ STUB_ STATUS status statistics module When
configuring compile parameters, participate in –with-http_stub_status_module
nginx -V to check whether the installed Nginx contains HTTP_STUB_STATUS module

Modify the /usr/local/nginx/conf/nginx.conf configuration file

vi /usr/local/nginx/conf/nginx.conf
编辑模式
location / {
	root    html;
	index  index.html   index.htm;
}
添加如下内容
location /status {
	stub_status on;
	access_log off;
}
:wq保存退出
systemctl restart nginx

Active connections indicate the current number of active connections
server accepts handled requests indicate the connection information that has been processed
1 1 1 indicates:
the number of connections processed 1, the number of successful TCP handshakes 1, the number of requests processed 1

Two Nginx access control

2.1 Authorization-based access control

yum -y install httpd-tools
创建用户test并设置密码
htpasswd -c /usr/local/nginx/passwd.db test
New password: 
Re-type new password:
查看密码（已加密）
cat /usr/local/nginx/passwd.db

修改文件权限为只读

chmod 400 /usr/local/nginx/passwd.db

将所有者修改为 nginx ，设置nginx的运行用户能够读取

chown nginx /usr/local/nginx/passwd.db
ll -d /usr/local/nginx/passwd.db

修改主配置文件nginx.conf,对相应目录添加认证配置项

vi /usr/local/nginx/conf/nginx.conf
编辑模式
location / {
	root    html;
	index  index.html   index.htm;
	#添加如下两行
	auth_basic "secret";
	auth_basic_user_file /usr/local/nginx/passwd.db;
}
[root@localhost ~]# nginx -t  #检测语法
[root@localhost ~]# systemctl restart nginx

Enter the username and password to log in successfully

2.2 Client-based access control

Configuration rules

deny IP/IP segment: deny client access to a certain IP or IP segment

allow IP/IP segment: Allow client access of a certain IP or IP segment

The rule is executed from top to bottom, if it matches, it will stop and no longer match

note
Both deny and allow are only deny/allow relationships

配置步骤
修改主配置文件nginx.conf,添加相应配置项，除主机20.0.0.1之外允许其他客户端访问
vi /usr/local/nginx/conf/nginx.conf
编辑模式
location / {
	root    html;
	index  index.html   index.htm;
	auth_basic "secret";
	auth_basic_user_file /usr/local/nginx/passwd.db;

	deny 20.0.0.1;
	allow all;
}
[root@localhost ~]# systemctl restart nginx

Three nginx virtual host

With virtual hosting, there is no need to provide a separate Nginx server or run a group of Nginx processes separately for each running website. Virtual hosting provides the function of running multiple websites on the same server and the same group of Nginx processes.

3.1 Virtual hosting based on domain name

1.修改Windows客户机的C:\Windows\System32\drivers\etc/hosts文件
20.0.0.11	www.61ser.top	www.51ser.top
2.准备各个网站的目录和测试首页
mkdir -p /var/www/html/61ser/
mkdir -p /var/www/html/51ser/
echo "www.61ser.top" >> /var/www/html/61ser/index.html
echo "www.51ser.top" >> /var/www/html/51ser/index.html
3.修改配置文件，把配置文件中的server{}代码段全部去掉，加入2个新的server{}段，对应2个域名
vi /usr/local/nginx/conf/nginx.conf
server {
listen 80;
server_name www.61ser.top;
charset utf-8;
access_log logs/www.61ser.top.access.log;
location / {
	root /var/www/html/61ser;
	index index.html index.htm;
	}
error_page 500 502 503 504 /50x.html;
location = 50x.html{
	root html;
	}
}
server {
listen 80;
server_name www.51ser.top;
charset utf-8;
access_log logs/www.51ser.top.access.log;
location / {
	root /var/www/html/51ser;
	index index.html index.htm;
	}
error_page 500 502 503 504 /50x.html;
location = 50x.html{
	root html;
	}
}
systemctl restart nginx
测试
www.61ser.top
www.51ser.top

3.2 IP-based virtual hosting

Add virtual network card
Modify UUID
Modify IP address: 192.168.100.11
Modify gateway: 192.168.100.1

For the specific operation of adding a network card, please refer to this blog: Portal: Linux network card basic settings and common commands for network testing

主机配置两个IP地址
vim /usr/local/nginx/conf/nginx.conf
server {
    listen    20.0.0.11:80;
    server_name 20.0.0.11:80;
}
server {
    listen    192.168.100.11:80;
    server_name 192.168.100.11:80;
}
[root@localhost ~]# systemctl restart nginx

3.3 Port-based virtual web hosting

vim /usr/local/nginx/conf/nginx.conf
server {
    listen    20.0.0.11:666;
    server_name 20.0.0.11:666;
}
server {
    listen    20.0.0.11:888;
    server_name 20.0.0.11:888;
}
[root@localhost ~]# systemctl restart nginx