Nginx website service (detailed explanation of installation and webpage optimization steps)
Nginx installation package
extraction code: hc5i
table of Contents
- One, Nginx introduction
- Two, Nginx compilation and installation
- Three, the main configuration file nginx.conf of Nginx service
- Four, access status statistics configuration
- Five, authorization-based access control
- Six, client-based access control
- Seven, Nginx virtual host based on domain name
- 8. IP-based Nginx virtual host
- Nine, port-based Nginx virtual host
One, Nginx introduction
(1) A high-performance, lightweight web service software
- High stability
- Low system resource consumption
- High processing capacity for HTTP concurrent connections: a single physical server can support 30 000 to 50 000 concurrent requests
Two, Nginx compilation and installation
1、关闭防火墙,将安装Apache所需软件包传到/opt目录下
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
2.安装依赖包
yum -y install pcre-devel zlib-devel gcc gcc-c++ make
3.创建运行用户、组(Nginx 服务程序默认以 nobody 身份运行,建议为其创建专门的用户账号,以便更准确地控制其访问权限)
useradd -M -s /sbin/nologin nginx
4.编译安装Nginx
安装包:nginx-1.12.0.tar.gz
cd /opt
tar zxvf nginx-1.12.0.tar.gz -C /opt/
cd nginx-1.12.0/
./configure \
--prefix=/usr/local/nginx \ #指定nginx的安装路径
--user=nginx \ #指定用户名
--group=nginx \ #指定组名
--with-http_stub_status_module #启用 http_stub_status_module 模块以支持状态统计
make && make install
ln -s /usr/local/nginx/sbin/* /usr/local/sbin/ #让系统识别nginx的操作命令
5.检查、启动、重启、停止 nginx服务
nginx -t #检查配置文件是否配置正确
#启动
nginx
#停止
cat /usr/local/nginx/logs/nginx.pid #先查看nginx的PID号
kill -3 <PID号>
kill -s QUIT <PID号>
killall -3 nginx
killall -s QUIT nginx
#重载
kill -1 <PID号>
kill -s HUP <PID号>
killall -1 nginx
killall -s HUP nginx
#日志分隔,重新打开日志文件
kill -USR1 <PID号>
#平滑升级
kill -USR2 <PID号>
6. Add Nginx system service
方法一:
vim /etc/init.d/nginx
#!/bin/bash
#chkconfig: - 99 20
#description:Nginx Service Control Script
COM="/usr/local/nginx/sbin/nginx"
PID="/usr/local/nginx/logs/nginx.pid"
case "$1" in
start)
$COM
;;
stop)
kill -s QUIT $(cat $PID)
;;
restart)
$0 stop
$0 start
;;
reload)
kill -s HUP $(cat $PID)
;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac
exit 0
chmod +x /etc/init.d/nginx
chkconfig --add nginx #添加为系统服务
systemctl stop nginx
systemctl start nginx
Method Two:
vim /lib/systemd/system/nginx.service
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStart=/usr/local/nginx/sbin/nginx
ExecrReload=/bin/kill -s HUP $MAINPID
ExecrStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
chmod 754 /lib/systemd/system/nginx.service
systemctl start nginx.service
systemctl enable nginx.service
Three, the main configuration file nginx.conf of Nginx service
vim /usr/local/nginx/conf/nginx.conf
1.全局配置
#user nobody; #运行用户,若编译时未指定则默认为 nobody
worker_processes 1; #工作进程数量,可配置成服务器内核数 * 2
#error_log logs/error.log; #错误日志文件的位置
#pid logs/nginx.pid; #PID 文件的位置
2.I/O 事件配置
events {
use epoll; #使用 epoll 模型,2.6及以上版本的系统内核,建议使用epoll模型以提高性能
worker_connections 4096; #每个进程处理 4096 个连接
}
#如提高每个进程的连接数还需执行“ulimit -n 65535”命令临时修改本地每个进程可以同时打开的最大文件数。
#在Linux平台上,在进行高并发TCP连接处理时,最高的并发数量都要受到系统对用户单一进程同时可打开文件数量的限制(这是因为系统为每个TCP连接都要创建一个socket句柄,每个socket句柄同时也是一个文件句柄)。
#可使用ulimit -a命令查看系统允许当前用户进程打开的文件数限制.
3. HTTP configuration
http {
##文件扩展名与文件类型映射表
include mime.types;
##默认文件类型
default_type application/octet-stream;
##日志格式设定
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
##访问日志位置
#access_log logs/access.log main;
##支持文件发送(下载)
sendfile on;
##此选项允许或禁止使用socke的TCP_CORK的选项(发送数据包前先缓存数据),此选项仅在使用sendfile的时候使用
#tcp_nopush on;
##连接保持超时时间,单位是秒
#keepalive_timeout 0;
keepalive_timeout 65;
##gzip模块设置,设置是否开启gzip压缩输出
#gzip on;
##Web 服务的监听配置
server {
##监听地址及端口
listen 80;
##站点域名,可以有多个,用空格隔开
server_name www.kgc.com;
##网页的默认字符集
charset utf-8;
##根目录配置
location / {
##网站根目录的位置/usr/local/nginx/html
root html;
##默认首页文件名
index index.html index.php;
}
##内部错误的反馈页面
error_page 500 502 503 504 /50x.html;
##错误页面配置
location = /50x.html {
root html;
}
}
日志格式设定:
$remote_addr与$http_x_forwarded_for用以记录客户端的ip地址;
$remote_user:用来记录客户端用户名称;
$time_local: 用来记录访问时间与时区;
$request: 用来记录请求的url与http协议;
$status: 用来记录请求状态;成功是200,
$body_bytes_sent :记录发送给客户端文件主体内容大小;
$http_referer:用来记录从那个页面链接访问过来的;
$http_user_agent:记录客户浏览器的相关信息;
通常web服务器放在反向代理的后面,这样就不能获取到客户的IP地址了,通过$remote_add拿到的IP地址是反向代理服务器的iP地址。反向代理服务器在转发请求的http头信息中,可以增加x_forwarded_for信息,用以记录原有客户端的IP地址和原来客户端的请求的服务器地址。
location常见配置指令,root、alias、proxy_pass
root(根路径配置):请求www.kgc.com/test/1.jpg,会返回文件/usr/local/nginx/html/test/1.jpg
alias(别名配置):请求www.kgc.com/test/1.jpg,会返回文件/usr/local/nginx/html/1.jpg
proxy_pass(反向代理配置):
proxy_pass http://127.0.0.1:8080/; 会转发请求到http://127.0.0.1:8080/1.jpg
proxy_pass http://127.0.0.1:8080; 会转发请求到http://127.0.0.1:8080/test/1.jpg
Four, access status statistics configuration
1.先使用命令/usr/local/nginx/sbin/nginx -V 查看已安装的 Nginx 是否包含 HTTP_STUB_STATUS 模块
2.修改 nginx.conf 配置文件,指定访问位置并添加 stub_status 配置
cd /usr/local/nginx/conf
cp nginx.conf nginx.conf.bak
vim /usr/local/nginx/conf/nginx.conf
......
http {
......
server {
listen 80;
server_name www.chenwei.com;
charset utf-8;
location / {
root html;
index index.html index.php;
}
##添加 stub_status 配置##
location /status {
#访问位置为/status
stub_status on; #打开状态统计功能
access_log off; #关闭此位置的日志记录
}
3. Restart the service, access the test
systemctl restart nginx
浏览器访问:www.chenwei.com
或192.168.126.10
server {
listen 80;
server_name www.chenwei.com;
charset utf-8;
location / {
root html;
index index.html index.php;
}
location / test{
root html;
index index.html index.php;
}
Browser visit http://192.168.126.10/status
Active connections: indicates the current number of active connections;
server accepts handled requests: indicates the connection information that has been processed, the three numbers in turn indicate the number of connections processed, the number of successful TCP handshakes, and the number of requests processed.
Five, authorization-based access control
1.生成用户密码认证文件
yum install -y httpd-tools #安装httpd-tools工具,nginx默认不自带,需要单独安装
htpasswd -c /usr/local/nginx/passwd.db zhangsan ##-c选项表示新建用户数据文件,缺省时则表示指定的用户数据文件已经存在,用于添加新的用户或修改现有用户的密码。
chown nginx /usr/local/nginx/passwd.db #给ngnix用户赋权,允许ngnix用户访问
chmod 400 /usr/local/nginx/passwd.db #允许root和nginx有权限读取这个文件内容
2.修改主配置文件相对应目录,添加认证配置项
vim /usr/local/nginx/conf/nginx.conf
......
server {
location / {
......
##添加认证配置##
auth_basic "secret"; #设置密码提示框信息
auth_basic_user_file /usr/local/nginx/passwd.db;
}
}
3.重启服务,访问测试
nginx -t
systemctl restart nginx
浏览器访问 http://192.168.126.10
Six, client-based access control
访问控制规则如下:
deny IP/IP 段:拒绝某个 IP 或 IP 段的客户端访问。
allow IP/IP 段:允许某个 IP 或 IP 段的客户端访问。
规则从上往下执行,如匹配则停止,不再往下匹配。
vim /usr/local/nginx/conf/nginx.conf
......
server {
location / {
......
##添加控制规则##
deny 192.168.126.100; #拒绝访问的客户端 IP
allow all; #允许其它IP客户端访问
}
}
systemctl restart nginx
We use windos10 virtual machine for simulation experiment, first set the ip setting and dns mapping setting of win10 virtual machine
Seven, Nginx virtual host based on domain name
1.为虚拟主机提供域名解析
echo "192.168.126.10 www.chenwei.com www.mm.com" >> /etc/hosts
2.为虚拟主机准备网页文档
mkdir -p /var/www/html/chenwei
mkdir -p /var/www/html/mm
echo "<h1>chenwei is ok </h1>" > /var/www/html/chenwei/index.html
echo "<h1>mm is ok </h1>" > /var/www/html/mm/index.html
```bash
3.修改Nginx的配置文件
vim /usr/local/nginx/conf/nginx.conf
......
http {
......
server {
listen 80;
server_name www.mm.com; #设置域名www.mm.com
charset utf-8;
access_log logs/www.mm.access.log;
location / {
root /var/www/html/mm; #设置www.mm.com 的工作目录
index index.html index.php;
}
error_page 500 502 503 504 /50x.html;
location = 50x.html{
root html;
}
}
server {
listen 80;
server_name www.chenwei.com; #设置域名www.chenwei.com
charset utf-8;
access_log logs/www.chenwei.access.log;
location / {
root /var/www/html/chenwei;
index index.html index.php;
}
error_page 500 502 503 504 /50x.html;
location = 50x.html{
root html;
}
}
}
4.重启服务,访问测试
systemctl restart nginx
浏览器访问
http://www.mm.com
http://www.chenwei.com
8. IP-based Nginx virtual host
```bash
ifconfig ens33:0 192.168.126.110 netmask 255.255.255.0
vim /usr/local/nginx/conf/nginx.conf
......
http {
......
server {
listen 192.168.126.10:80; #设置监听地址192.168.80.10
server_name www.chenwei.com;
charset utf-8;
access_log logs/www.chenwei.access.log;
location / {
root /var/www/html/chenwei;
index index.html index.php;
}
error_page 500 502 503 504 /50x.html;
location = 50x.html{
root html;
}
}
server {
listen 192.168.126.110:80; #设置监听地址192.168.80.11
server_name www.mm.com;
charset utf-8;
access_log logs/www.mm.access.log;
location / {
root /var/www/html/mm;
index index.html index.php;
}
error_page 500 502 503 504 /50x.html;
location = 50x.html{
root html;
}
}
}
systemctl restart nginx
浏览器访问
http://192.168.126.10
http://192.168.126.110
Nine, port-based Nginx virtual host
vim /usr/local/nginx/conf/nginx.conf
......
http {
......
server {
listen 192.168.126.10:80; #设置监听端口80端口
server_name www.chenwei.com;
charset utf-8;
access_log logs/www.chenwei.access.log;
location / {
root /var/www/html/chenwei;
index index.html index.php;
}
error_page 500 502 503 504 /50x.html;
location = 50x.html{
root html;
}
}
server {
listen 192.168.126.10:888; 设置监听端口888
server_name www.mm.com;
charset utf-8;
access_log logs/www.mm.access.log;
location / {
root /var/www/html/mm;
index index.html index.php;
}
error_page 500 502 503 504 /50x.html;
location = 50x.html{
root html;
}
}
}
systemctl restart nginx
浏览器访问
http://192.168.126.10:80
http://192.168.126.110:888
