table of Contents
Nginx is an open source, high-performance, reliable http web service, proxy service, load balancing
- Open source: get the source code directly
- High reliability: support massive concurrency
- High performance: stable service
- Lightweight: takes up less resources
1. Common http web services
- Http by the apache foundation
- IIS Microsoft Service Edition
- GWS Google Development
- Openrestry is based on nginx+lua
- Tengline Taobao is developed based on Nginx
2. Why choose Nginx
Nginx is very lightweight and has few functional modules (the source code only retains the http and core module code, and the rest of the core code is not enough to be installed as a plug-in)
Modular code (easy to read, easy for secondary development, very friendly to developers)
-
Nginx technology is mature, and domestic companies basically use it on a large scale
Applicable to the current mainstream architecture trends, microservices, cloud architecture, interlayer
Unify technology, reduce maintenance costs, and reduce technology update costs
-
Nginx adopts Epoll network model, Apache adopts Select model
Select: When the user initiates a request, the select model will perform a traversal scan, resulting in performance degradation
Epoll: When a user initiates a request, the epoll model will process it directly, which is efficient and efficient, and there is no connection limit
Nginx application scenarios
-
Static service: html | jgp | png…
Nginx cache
-
Agency service:
Forward agent: internal visits and external visits
Reverse proxy: The effect of external visits and load balancing is the same, but the working methods are different.
-
Load balancing:
-
Cache
-
Security Service:
Access control: based on ip address, based on identity authentication
WAF: DDOS attack, CC attack, SQL injection
-
Architecture
LNMP (linux、nginx、mysql、php)
LNMT(linux、ngxin、mysql、tomcat)
3.Nginx deployment
3.1. Nginx installation method:
- epel source: low version, few features
- Official source: Officially compiled, packaged into rpm package, and provide yum source, (recommended)
- Source code: download the source code yourself, use .configure/make/make install (complex and time-consuming installation)
3.2. Install Nginx 1.16.1 (yum)
3.2.1 Configure official Nginx official yum source
vim /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
3.2.2 View the installation source
[root@nginx_web1 yum.repos.d]# yum list nginx
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
base: mirrors.aliyun.com
extras: mirrors.aliyun.com
updates: mirrors.aliyun.com
可安装的软件包
nginx.x86_64 1:1.16.1-1.el7.ngx nginx-stabl
3.2.3 Install Nginx
[root@nginx_web1 yum.repos.d]# yum -y install nginx
[root@nginx_web1 yum.repos.d]# nginx -v //小v查看版本号
nginx version: nginx/1.16.1
[root@nginx_web1 yum.repos.d]# nginx -V //大V查看版本号及安装选项
nginx version: nginx/1.16.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie'
[root@nginx_web1 yum.repos.d]# cd /usr/lib64/nginx/modules/
3.2.4 Nginx configuration file
**Nginx主配置文件**
/etc/nginx
/etc/nginx/nginx.conf
/etc/nginx/conf.d
/etc/nginx/conf.d/default.conf
**cgi、Fastcgi、Uwcgi配置文件**
/etc/nginx/fastcgi_params
/etc/nginx/fastcgi_params
/etc/nginx/scgi_params
/etc/nginx/uwsgi_params
**Nginx编码编码转换映射文件**
/etc/nginx/win-utf
/etc/nginx/koi-utf
/etc/nginx/koi-win
**http协议得Content-Type与扩展名**
/etc/nginx/mime.types
**配置系统守护进程管理器**
/usr/lib/systemd/system/nginx.service
**Nginx日志轮询,日志切割** ******
/etc/logrotate.d/nginx
**Nginx终端管理命令**
/usr/sbin/nginx
/usr/sbin/nginx-debug
**Nginx模块目录**
/usr/lib64/nginx
/usr/lib64/nginx/modules
**Nginx默认站点目录**
/usr/share/nginx
/usr/share/nginx/html
/usr/share/nginx/html/50x.html
/usr/share/nginx/html/index.html
**Nginx帮助手册**
/usr/share/man/man8/nginx.8.gz
/usr/share/doc/nginx-1.16.1
**Nginx的缓存目录**
/var/cache/nginx
**Nginx的日志目录**
Nginx/log/nginx
3.3 Problem: Installation problem
Question 1: If the company’s previous Nginx was installed through source code, this requires us to deploy a new Nginx server, how to achieve it
Solution: obtain the version through Nginx -v, and obtain configuration options through nginx -V
Question 2: There are so many options, do you have to match it? The blog post options found online are not that long
Solution: The options are specified according to the needs of the enterprise, and it is best to be implemented by the official
3.4. Install nginx 1.16.0 (source code)
3.4.1 Official download tar package: http://nginx.org/
3.4.2 Unzip the package
tar xf nginx-1.16.0.tar.gz -C /usr/src/
cd /usr/src/nginx-1.16.0/
useradd -s /sbin/nologin nginx -M id nginx
3.4.3 https depends on the encryption pool
#安装依赖。
yum install pcre pcre-devel -y
yum install openssl openssl-devel -y #https加密用他。
3.4.4 Compile and install
–prefix=/etc/nginx –sbin-path=/usr/sbin/nginx –modules-path=/usr/lib64/nginx/modules –conf-path=/etc/nginx/nginx.conf –error-log-path=/var/log/nginx/error.log –http-log-path=/var/log/nginx/access.log –pid-path=/var/run/nginx.pid –lock-path=/var/run/nginx.lock |
Program installation directory and path |
---|---|
–http-client-body-temp-path=/var/cache/nginx/client_temp –http-proxy-temp-path=/var/cache/nginx/proxy_temp –http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp –http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp –http-scgi-temp-path=/var/cache/nginx/scgi_temp |
Temporary cache directory |
–user=nginx –group=nginx |
Set the Nginx process to start the user and group (security) |
–with-cc-opt | Set additional parameters will be added to the CFLAGS variable |
–with-ld-opt | Set additional parameters, link system library |
./configure --prefix=/application/nginx-1.16.0/ user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie' //模块可以查看yum安装 nginx -V
make
make install
ln -s /application/nginx-1.16.0/ /application/nginx
/application/nginx/sbin/nginx
netstat -lntup|grep nginx
默认启动
cd /application/nginx-1.16.0/sbin/
./nginx 启动
./nginx -s stop 关闭
./nginx -s quit 退出
./nginx -s reload 重新加载
systemctl启动文件
cat > /lib/systemd/system/nginx.service <<-EOF
添加内容如下:
[Unit]
Description=nginx service
After=network.target
[Service]
Type=forking
ExecStart=/application/nginx-1.16.0/sbin/nginx
ExecReload=/application/nginx-1.16.0/sbin/nginx -s reload
ExecStop=/application/nginx-1.16.0/sbin/nginx -s quit
PrivateTmp=true
[Install]
WantedBy=multi-user.target
EOF
systemctl enable nginx
systemctl disable nginx
4. Nginx configuration file .conf
The Nginx main configuration file /etc/nginx/nginx.conf is a plain text file, and the entire configuration file is composed of blocks. Generally, each block uses a pair of curly braces {} to indicate the beginning and the end
- CoreModule core module global configuration
- EventModule event-driven module
- httpCoreModule http kernel module part
4.1 Need to understand extensions
- There can be Event and HTTP under the CoreModule layer
- The HTTP module layer allows multiple server layers, and the server is mainly used to configure multiple websites
- Server layer allows multiple Locations, Location is mainly used to define the website access path
4.2 CoreModule core module
user nginx; #Nginx进程所使用的用户
worker_processes 1; #Nginx运行的worker进程数量(建议与cpu数量一致或auto)
error_log /log/nginx/error.log #Nginx错误日志存放的路径
pid /var/run/nginx.pid #Nginx服务运行后产生的pid进程号
4.3 events event module
events {
worker_connectios 1024; #每个worker进程支持最大连接数量默认1024
use opool; #事件驱动模块,epoll默认
}
4.4 http kernel module
vim /etc/nginx/nginx.conf
http {
include /etc/nginx/mime.types; //支持的文件类型路径
default_type application/octet-stream; //默认类型
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'; //日志文件格式
access_log /var/log/nginx/access.log main; //访问日志
keepalive_timeout 65; //长连接 超时间65秒
include /etc/nginx/conf.d/*.conf; //所有配置文件路径
}
[root@nginx_web1 html]# egrep -v '^$|^.*#' /etc/nginx/conf.d/default.conf //过滤注释信息
vim /etc/nginx/nginx/conf.d/default.conf
server {
listen 80; //监听端口号80
server_name localhost; //提供服务的域名或主机名
#access_log /var/log/nginx/host.access.log //访问日志
location / {
root /usr/share/nginx/html; //访问网站代码路径
index index.html index.htm; //服务器返回的默认页面文件
}
//指定代码,统一定义错误页面,错误代码重定向到新的Location
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
[root@nginx_web1 conf.d]# vim oldboy.conf //多站点可以分不同文件编写。前提主机名、端口、ip不能冲突
server {
listen 80
server_name www.oldboy.com
location / {
root /oldboy/www
index.php
}
}
5.Nginx configuration website
[root@nginx_web1 conf.d]# mv default.conf default.conf.bak
[root@nginx_web1 conf.d]# vim oldboy.conf
server {
listen 80;
server_name localhost;
location / {
root /html;
index index.html;
}
}
[root@nginx_web1 conf.d]# mkdir /html
[root@nginx_web1 conf.d]# echo "nihao123456778" > /html/index.html
[root@nginx_web1 conf.d]# nginx -t //检测配置文件
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
systemctl restart nginx
[root@nginx_web1 conf.d]# tail /var/log/nginx/access.log //访问日志
[root@nginx_web1 conf.d]# tail /var/log/nginx/error.log //错误日志信息