Article Directory
1. Nginx service basics
1.1, Nginx overview
Nginx is a high-performance HTTP and reverse proxy server, as well as an IMAP/POP3/SMTP proxy server.
Nginx is a lightweight web server/reverse proxy server and email proxy server, and is distributed under a BSD-like protocol. Developed by Russian programmer lgor Sysoev, it is used by Russia's large portal and search engine Rambler. Its characteristic is that it occupies less memory and has strong concurrency. In fact, the concurrency of nginx does perform better in the same type of web server.
Compared with Apache\lighttpd, Nginx has the advantages of less memory and higher stability, and is known for its strong concurrency, rich module library and friendly and flexible configuration. Under the Linux operating system, nginx uses the epoll event model. Thanks to this, nginx is very efficient under the Linux operating system. At the same time, Nginx uses an efficient event model kqueue similar to Epoll on the OpenBSD or FreeBSD operating system. A
high-performance, lightweight web service software,
high stability, low
system resource consumption, high
processing capacity for HTTP concurrent connections, and a
single physical server Support 30 000~50 000 concurrent requests
1.2. Compile and install Nginx
1.2.1, compile and install steps
1. Mount the shared folder of the host and read the downloaded source file
2. Unzip the cross-platform component package and source code package
Move the cross-platform component package to the source package directory
3. Install the compiler and other tools
yum -y install gcc \
gcc-c++ \
make \
pcre-devel \
expat-devel \
perl \
zlib-devel \
pcre
4.configure configuration
./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-http_stub_status_module
5.make compile and make install
6. Path optimization
ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin '//nginx命令执行路径优化'
useradd -M -s /sbin/nologin nginx
1.2.2, use systemctl control
vim /lib/systemd/system/nginx.service '//添加使用systemctl工具进行管理'
[Unit]
Description=nginx '//描述'
After=network.target '//描述服务类别'
[Service]
Type=forking '//后台运行形势'
PIDFile =/usr/local/nginx/logs/nginx.pid '//PID文件位置'
ExecStart=/usr/local/nginx/sbin/nginx '//启动服务'
ExecReload=/usr/bin/kill -S HUP $MAINPID '//根据PID重载配置'
ExecStop=/usr/bin/kill -S QUIT $MAINPID '//根据PID终止进程'
PrivateTmp=true
[Install]
WantedBy=multi-user.target
chmod 754 /lib/systemd/system/nginx.service
1.2.3, open nginx, close the firewall
[root@localhost system]# chmod +754 nginx.service
[root@localhost system]# systemctl start nginx.service
[root@localhost system]# netstat -ntap |grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 5396/nginx: master
tcp 0 0 192.168.197.192:56680 192.168.100.3:445 ESTABLISHED -
[root@localhost system]# systemctl stop firewalld.service
[root@localhost system]# setenforce 0
After the installation is complete, start the service, enter the IP in the browser, this screen appears, and the service starts successfully
1.3, Nginx access status statistics
Ginx has a built-in http_stub_status status statistics module, which is used to feed back the current Web access. When configuring compilation parameters, you can add
–with-http_stub_status_module to enable this module support. You can use the command /usr/local/nginx/sbin/nginx -V to view Does the installed nginx include the http_stub_status module?
To use nginx's status statistics function, in addition to enabling the built-in module, you also need to modify the nginx.conf configuration file, specify the access location and add the stub_status configuration code
1.3.1, statistical experiment
Modify the nginx.conf configuration file
[root@localhost ~]# vi /usr/local/nginx/conf/nginx.conf
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
http{
server {
listen 80;
server name localhost;
charset utf-8;
location / {
root html;
index index.html index.php;
}
location ~/status {
'//添加此段'
stub_ status on;
access_ log off;
}
}
}
After the modification, save wq, and then use Nginx -t to check whether there are any errors in the syntax. If there is no error, refresh the configuration file
. Enter 20.0.0.25 on the real machine
Two, Nginx access control
2.1, authorization-based access control
Generate user password authentication file
[root@localhost ~]# yum install -y httpd-tools ##因为没有htpasswd工具,所以需要安装##
[root@localhost ~]# htpasswd -c /usr/local/nginx/.passwd.db test
New password:
Re-type new password:
Adding password for user test
root@localhost ~]# cat /usr/local/nginx/.passwd.db
test:$apr1$x.UaSXIM$RRLa2KJcKwsGBVsikGcrR/
Modify the main configuration file to the corresponding directory, add authentication configuration items
root@localhost ~]# chmod 400 /usr/local/nginx/.passwd.db
[root@localhost ~]# chown nginx /usr/local/nginx/.passwd.db
Restart service, access test
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
server {
location / {
auth_basic "secret";
auth_basic_user_file /usr/local/nginx/.passwd.db;
}
[root@localhost ~]# killall -s HUP nginx
Enter 20.0.0.25 in the browser of the real machine, and prompt to enter the account password. After
clicking login, the welcome to nginx appears
2.2. Client-based access control
Determine whether to allow access to the page through the client IP address
Configuration rules:
deny IP/IP segment: deny client access to a certain IP or IP segment
allow IP/IP segment: allow client access of a certain IP or IP segment
The rule is executed from top to bottom, if it matches, it stops and no longer matches
Configuration steps:
modify the main configuration file nginx.conf, add the corresponding configuration items
except the host 20.0.0.1 to allow other clients to access
[root@localhost ~]# vi /usr/local/nginx/conf/nginx.conf
location / {
Order deny,allow;
Deny from 20.0.0.1;
}
[root@localhost ~]# killall -s HUP nginx
Three, Nginx virtual host
3.1, virtual host based on domain name
Prepare website directory and test files
[root@localhost ~]# mkdir -p /var/www/html/51xit/
[root@localhost ~]# mkdir -p /var/www/html/52xit/
[root@localhost ~]# echo "www.51xit.top" >> /var/www/html/51xit/index.html
[root@localhost ~]# echo "www.52xit.top" >> /var/www/html/52xit/index.html
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
server {
listen 80;
server_name www.51xit.top;
charset utf-8;
access_log logs/www.51xit.top.access.log;
location / {
root /var/www/html/51xit;
index index.html index.htm;
}
location /status {
stub_status on;
access_log off;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
server {
listen 80;
server_name www.52xit.top;
charset utf-8;
access_log logs/www.52xit.top.access.log;
location / {
root /var/www/html/52xit;
index index.html index.htm;
}
location /status {
stub_status on;
access_log off;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
[root@localhost ~]# killall -s HUP nginx
3.2. IP-based virtual host
The host is configured with two IP addresses
Modify the configuration file
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
server {
listen 20.0.0.25:80;
server name 20.0.0.25:80;
....}
server {
listen 192.168.100.25:80;
server name 192.168.100.25:80;
....}
[root@localhost ~]# killall -s HUP nginx
3.3, port-based virtual host
Modify the configuration file
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
server {
listen 20.0.0.25:6666;
server name 20.0.0.25:6666;
......}
server {
listen 20.0.0.25:8888;
server name 20.0.0.25:8888;
......}
[root@localhost ~]# killall -s HUP nginx
