Nginx website service
- A high-performance, lightweight web service software
- High stability
- Low system resource consumption
- High processing capacity for HTTP concurrent connections
- A single physical server can support 30,000~50,000 concurrent requests
One, compile and install Nginx service
Nginx installation package download
(1) Turn off the firewall and put the software packages required by nginx to the /opt directory
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
nginx-1.18.0.tar.gz
(2) Installation environment dependent packages
Note: You need to configure the yum library in advance
yum -y install pcre pcre-devel zlib zlib-devel openssl openssl-develgcc gcc-c++ make
Complete the picture:
(3) Create and run users and groups
(Nginx service program runs as nobody by default, it is recommended to create a special user account for it to control its access permissions more accurately)
useradd -M -s /sbin/nologin nginx
(4) Compile and install Nginx
cd /opt
tar zxvf nginx-1.18.0.tar.gz -C /opt/
cd nginx-1.18.0/
./configure \
--prefix=/usr/local/nginx \ #指定nginx的安装路径
--user=nginx \ #指定用户名
--group=nginx \ #指定组名
--with-http_stub_status_module #启用 http_stub_status_module 模块以支持状态统计
make && make install
ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/ #让系统识别nginx的操作命令
Complete picture:
(5) Check, start, restart, and stop the nginx service
nginx -t #检查配置文件是否配置正确
nginx #启动
cat /usr/local/nginx/logs/nginx.pid #先查看nginx的PID号
kill -3 <PID号>
kill -s QUIT <PID号> #停止
killall -3 nginx
killall -s QUIT nginx
kill -1 <PID号> #重载
kill -s HUP <PID号>
killall -1 nginx
killall -s HUP nginx
#日志分隔,重新打开日志文件
kill -USR1 <PID号>
#平滑升级
kill -USR2 <PID号>
(6) Add Nginx system service
Divided into two methods to use according to personal habits
1. Configuration file operation method:
If an error is reported when starting the service, it is recommended to kill the nginx process before starting
vim /lib/systemd/system/nginx.service
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStart=/usr/local/nginx/sbin/nginx
ExecrReload=/bin/kill -s HUP $MAINPID
ExecrStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
chmod 754 /lib/systemd/system/nginx.service
systemctl start nginx.service
systemctl enable nginx.service
2. Shell script running method:
vim /etc/init.d/nginx
#!/bin/bash
#chkconfig: - 99 20
#description:Nginx Service Control Script
COM="/usr/local/nginx/sbin/nginx"
PID="/usr/local/nginx/logs/nginx.pid"
case "$1" in
start)
$COM
;;
stop)
kill -s QUIT $(cat $PID)
;;
restart)
$0 stop
$0 start
;;
reload)
kill -s HUP $(cat $PID)
;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac
exit 0
chmod +x /etc/init.d/nginx
chkconfig --add nginx #添加为系统服务
systemctl stop nginx
systemctl start nginx
2. The main configuration file nginx.conf of Nginx service
(1) Basic configuration
#user nobody; #运行用户,若编译时未指定则默认为 nobody
worker_processes 1; #工作进程数量,可配置成服务器内核数 * 2
#error_log logs/error.log; #错误日志文件的位置
#pid logs/nginx.pid; #PID 文件的位置
(2) I/O event configuration
events {
use epoll; #使用 epoll 模型,2.6及以上版本的系统内核,建议使用epoll模型以提高性能
worker_connections 4096; #每个进程处理 4096 个连接
}
#如提高每个进程的连接数还需执行“ulimit -n 65535”命令临时修改本地每个进程可以同时打开的最大文件数。
#在Linux平台上,在进行高并发TCP连接处理时,最高的并发数量都要受到系统对用户单一进程同时可打开文件数量的限制(这是因为系统为每个TCP连接都要创建一个socket句柄,每个socket句柄同时也是一个文件句柄)。
#可使用ulimit -a命令查看系统允许当前用户进程打开的文件数限制.
Don’t forget to map domain name and IP or do DNS resolution after configuration
临时映射:
echo"IP 域名" >> /etc/hosts
Three, access status statistics configuration
(1) First use the command /usr/local/nginx/sbin/nginx -V to check whether the installed Nginx contains the HTTP_STUB_STATUS module
/usr/local/nginx/sbin/nginx -V
(2) Modify the nginx.conf configuration file, specify the access location and add the stub_status configuration
cd /usr/local/nginx/conf
cp nginx.conf nginx.conf.bak
vim /usr/local/nginx/conf/nginx.conf
http {
server {
listen 80;
server_name www.lic.com;
charset utf-8;
location / {
root html;
index index.html index.php;
}
##添加 stub_status 配置##
location /status { #访问位置为/status
stub_status on; #打开状态统计功能
access_log off; #关闭此位置的日志记录
}
}
}
Access: domain name/status
Active connections: indicates the current number of active connections;
server accepts handled requests: indicates the connection information that has been processed. The
three numbers in turn indicate the number of connections processed, the number of successful TCP handshakes, and the number of requests processed.
Four, authorization-based access control
(1) Basic configuration
yum install -y httpd-tools
htpasswd -c /usr/local/nginx/passwd.db 用户名 ##创建一个用户并用passwd.db储存用户信息
以下是文件赋权操作
chown nginx /usr/local/nginx/passwd.db
chmod 400 /usr/local/nginx/passwd.db
(2) Modify the corresponding directory of the main configuration file and add authentication configuration items
vim /usr/local/nginx/conf/nginx.conf
......
server {
location / {
......
##添加认证配置##
auth_basic "secret";
auth_basic_user_file /usr/local/nginx/passwd.db;
}
}
Visit: domain name