12.6 Nginx installation
Ready to work
Installation package
[root@1 ~]# cd /usr/local/src/
下载安装包:
[root@1 src]# wget http://nginx.org/download/nginx-1.12.1.tar.gz
解压:
[root@1 src]# tar zxvf nginx-1.12.1.tar.gz
Install
Environment configuration
[root@1 src]# cd nginx-1.12.1/
[root@1 nginx-1.12.1]# ./configure --prefix=/usr/local/nginx
#如果需要支持某模块,可以在此添加,如HTTPS、SSL等
Compile & Install
[root@1 nginx-1.12.1]# make && make install
[root@1 nginx-1.12.1]# echo $?
0
[root@1 nginx-1.12.1]# cd /usr/local/nginx/
[root@1 nginx]# ls
conf html logs sbin
configure
Add & start service
创建启动脚本:
[root@1 nginx]# vim /etc/init.d/nginx
#!/bin/bash
# chkconfig: - 30 21
# description: http service.
# Source Function Library
. /etc/init.d/functions
# Nginx Settings
NGINX_SBIN="/usr/local/nginx/sbin/nginx"
NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
NGINX_PID="/usr/local/nginx/logs/nginx.pid"
RETVAL=0
prog="Nginx"
start()
{
echo -n $"Starting $prog: "
mkdir -p /dev/shm/nginx_temp
daemon $NGINX_SBIN -c $NGINX_CONF
RETVAL=$?
echo
return $RETVAL
}
stop()
{
echo -n $"Stopping $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -TERM
rm -rf /dev/shm/nginx_temp
RETVAL=$?
echo
return $RETVAL
}
reload()
{
echo -n $"Reloading $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -HUP
RETVAL=$?
echo
return $RETVAL
}
restart()
{
stop
start
}
configtest()
{
$NGINX_SBIN -c $NGINX_CONF -t
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
restart
;;
configtest)
configtest
;;
*)
echo $"Usage: $0 {start|stop|reload|restart|configtest}"
RETVAL=1
esac
exit $RETVAL
检查脚本语法:
[root@1 nginx]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
更改权限:
[root@1 nginx]# chmod 755 /etc/init.d/nginx
添加到系统服务:
[root@1 nginx]# chkconfig --add nginx
[root@1 nginx]# chkconfig nginx on
change configuration file
[root@1 nginx]# cd /usr/local/nginx/conf/
注释掉Nginx自带脚本,创建自己的脚本:
[root@1 conf]# mv nginx.conf nginx.conf.bak
[root@1 conf]# vim nginx.conf
user nobody nobody;
#定义启动Nginx的用户
worker_processes 2;
#定义子进程数目
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
#指定Nginx最多可打开的文件数目
events
{
use epoll;
worker_connections 6000;
#进程最大连接数
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 3526;
server_names_hash_max_size 4096;
log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
' $host "$request_uri" $status'
' "$http_referer" "$http_user_agent"';
sendfile on;
tcp_nopush on;
keepalive_timeout 30;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 8 4k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
client_max_body_size 10m;
client_body_buffer_size 256k;
client_body_temp_path /usr/local/nginx/client_body_temp;
proxy_temp_path /usr/local/nginx/proxy_temp;
fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
fastcgi_intercept_errors on;
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css text/htm
application/xml;
server
#虚拟主机
{
listen 80;
server_name localhost;
index index.html index.htm index.php;
root /usr/local/nginx/html;
location ~ \.php$
#配置PHP解析
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
}
}
}
检测语法:
[root@1 conf]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
启动Nginx服务:
[root@1 conf]# /etc/init.d/nginx start
Starting nginx (via systemctl): [ 确定 ]
At this point, the basic configuration of Nginx is complete!
detect
[root@1 conf]# curl localhost
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
Detect PHP parsing
[root@1 conf]# vim /usr/local/nginx/html/1.php
<?php
echo "welcom to 1-nginx text.";
?>
[root@adailinux conf]# curl localhost/1.php
welcom to 1-nginx text.
Common 502 Problem Solving
For LNMP, the most common problem is 502. After the LNMP environment is set up, it will prompt "502 Bad Gateway" when visiting the website. There are two main reasons:
(1) Configuration error
There is such a paragraph in the Nginx configuration:
location ~ \.php$
#配置PHP解析
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
}
If the path specified after fastcgi_pass (which is used for communication) is configured incorrectly, then a 502 error will occur, because Nginx cannot find php-fpm, fastcgi_pass can be followed by socket or IP: port, the default The listening address is: 127.0.0.1:9000.
Note: Both forms can be used here, but the forms in the two configuration files (Nginx and php-fpm) must be unified, otherwise it is absolutely 502; if the socket form is used, the path of the socket file must be correct, otherwise Also 502.
(2) Resource exhaustion
When the LNMP architecture processes PHP, Nginx directly calls the back-end php-fpm service. If the request volume of Nginx is too high, and we do not configure enough sub-processes for php-fpm, then php-fpm resources will always be exhausted At this time, once Nginx can't find php-fpm, it will also cause a 502 error. The solution is to adjust the value of pm.max_children in php-fpm.conf to increase it. However, it cannot be increased indefinitely, because the resources of the server are limited. If a machine with 4G memory only runs php-fpm and Nginx, and does not run MySQL service, pm.max _children can be set to 150, try not to exceed this value, 8G memory is set to 300, and so on.
(3)listen.mode
There is a parameter listen.mode in the php-fpm configuration file. This parameter specifies the permission of the socket file listen = /tmp/php-fcgi.sock monitored by php-fpm. If the permission is not specified here, the default permission is 440 ( Only the root user and the root group are allowed to read), and then a 502 error will be prompted when monitoring the file in Nginx. The solution is to give the socket file read and write permission 666.
If we encounter other relatively rare errors, we can modify the level of nginx's error log (/usr/local/nginx/logs/nginx_error.log) in the configuration file /usr/local/nginx/conf/nginx.conf Change crit to debug so that it records the most log content, which is convenient for us to troubleshoot errors, but remember to change the level back to crit after the configuration change is completed to avoid log files occupying too much disk space.
12.7 Nginx default virtual host
Edit the Nginx configuration file, delete the original server content, and add the following:
Create virtual host
Add virtual host directory
[root@1 ~]# cd /usr/local/nginx/conf
[root@1 conf]# vim /usr/local/nginx/conf/nginx.conf
……
include vhost/*.conf;
#创建一个虚拟主机配置文件子目录(相当于增加子虚拟主机)
创建配置文件中的目录文件:
[root@1 conf]# mkdir vhost
Note: The "include" syntax is supported in the "nginx.conf" file.
Add a virtual host:
[root@1 conf]# cd vhost
[root@1 vhost]# vim aaa.com.conf
server
{
listen 80 default_server;
#有'default_server'标记的就是默认虚拟主机
server_name aaa.com;
index index.html index.htm index.php;
root /data/wwwroot/default;
}
创建配置文件中指定的root目录:
[root@1 vhost]# mkdir -p /data/wwwroot/default
Add content to the virtual host
进入目录,添加索引页:
[root@1 vhost]# cd /data/wwwroot/default
[root@1 default]# vim index.html
This is the default directory.
[root@1 default]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
重启或重新加载(二选一):
[root@1 default]# /usr/local/nginx/sbin/nginx -s reload
[root@1 default]# /usr/local/nginx/sbin/nginx restart
detect
[root@1 default]# curl localhost
This is the default directory.
That is: add a virtual host. The so-called default virtual host is the virtual host marked with "default_server" in the virtual host configuration file in the /usr/local/nginx/conf/vhost directory.
12.8 Nginx User Authentication
Create a virtual host:
在vhost目录下操作:
[root@1 vhost]# vim test.com.conf
server
{
listen 80;
server_name test.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
location /
#指定设置用户认证的目录
{
auth_basic "Auth";
#指定用户名
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
#指定用户的密码文件
}
}
Note: The content in the above "location" is to set user authentication. This is the user authentication set for the entire site. If user authentication is only set for a certain directory, just edit the line where the location is located, such as: location /admin directory. It is also possible to set user authentication for some kind of request (ie, for a normal file), such as location ~ admin.php() using ~ for matching).
Create password file
Here you need to use Apache's /usr/local/apache/bin/htpasswd command. If Apache already exists in the machine, you can use it directly. If not, you need to use yum to install the httpd command:
[root@1 vhost]# yum install -y httpd
Create password file:
[root@1 vhost]# htpasswd -c /usr/local/nginx/conf/htpasswd adai
New password:
Re-type new password:
Adding password for user adai
That is, create a password file htpasswd and specify the user as adai. '-c'=create, create the password file, if it is the second time to add a user, do not add this option, the added user name and password will be saved to the file.
Overload:
[root@1 vhost]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@1 vhost]# /usr/local/nginx/sbin/nginx -s reload
Note: The advantage of using reload instead of restart is to avoid failure to start normally due to errors in the configuration file! Reload will not destroy the original operating environment.
Add specified directory
添加虚拟主机配置文件指定的根目录:
[root@1 vhost]# mkdir /data/wwwroot/test.com
添加索引页:
[root@1 vhost]# echo "This is test.com" >/data/wwwroot/test.com/index.html
detect
[root@1 vhost]# curl -x127.0.0.1:80 test.com -uadai:123456
This is test.com
Note: If the user name and password are not specified, an error 401 (user authentication is required) will be reported; if the virtual host root directory is created, an error 404 (the specified directory cannot be found) will be reported; if no index page (.html or .php is added to the specified directory) file) will report an error 404 (There is an error in the file).
Configure virtual host PHP resolution:
Edit the configuration file and add the following location content:
[root@1 vhost]# vim /usr/local/nginx/conf/vhost/test.com.conf
location ~ \.php$
#配置PHP解析
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/test.com$fastcgi_script_name;
}
}
Note: The path of "fastcgi_param SCRIPT_FILENAME" should be the same as the root directory path of the site, as shown in the figure:
Detection:
[root@1 vhost]# curl -x127.0.0.1:80 test.com/index.php
This is a test of .php
Note: For the convenience of detection, user authentication has been turned off.
12.9 Nginx domain name redirection
Edit the virtual host configuration file:
[root@1 vhost]# vim test.com.conf
server
{
listen 80;
server_name test.com test2.com test3.com;
#为一个IP配置多个域名,此时权重会改变,所以需要使用户访问其他域名时全部跳转到第一个域名
index index.html index.htm index.php;
root /data/wwwroot/test.com;
if ($host != 'test.com' ) {
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
#使用rewrite模块
}
[root@1 vhost]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@1 vhost]# /usr/local/nginx/sbin/nginx -s reload
Description: Use the rewrite module to redirect the domain name to realize the domain name jump function.
detect
[root@1 vhost]# curl -x127.0.0.1:80 test2.com -I
HTTP/1.1 301 Moved Permanently
Server: nginx/1.12.1
Date: Thu, 10 Aug 2017 10:41:30 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: http://test.com/
That is, 301: Permanent domain name redirection, and the address after the redirection is: Location: http://test.com/.
Extension: Detailed explanation of Nginx configuration file
#定义Nginx运行的用户和用户组
user www www;
#nginx进程数,建议设置为等于CPU总核心数。
worker_processes 8;
#全局错误日志定义类型,[ debug | info | notice | warn | error | crit ]
error_log /var/log/nginx/error.log info;
#进程文件
pid /var/run/nginx.pid;
#一个nginx进程打开的最多文件描述符数目,理论值应该是最多打开文件数(系统的值ulimit -n)与nginx进程数相除,但是nginx分配请求并不均匀,所以建议与ulimit -n的值保持一致。
worker_rlimit_nofile 65535;
#工作模式与连接数上限
events
{
#参考事件模型,use [ kqueue | rtsig | epoll | /dev/poll | select | poll ]; epoll模型是Linux 2.6以上版本内核中的高性能网络I/O模型,如果跑在FreeBSD上面,就用kqueue模型。
use epoll;
#单个进程最大连接数(最大连接数=连接数*进程数)
worker_connections 65535;
}
#设定http服务器
http
{
include mime.types; #文件扩展名与文件类型映射表
default_type application/octet-stream; #默认文件类型
#charset utf-8; #默认编码
server_names_hash_bucket_size 128; #服务器名字的hash表大小
client_header_buffer_size 32k; #上传文件大小限制
large_client_header_buffers 4 64k; #设定请求缓
client_max_body_size 8m; #设定请求缓
sendfile on; #开启高效文件传输模式,sendfile指令指定nginx是否调用sendfile函数来输出文件,对于普通应用设为 on,如果用来进行下载等应用磁盘IO重负载应用,可设置为off,以平衡磁盘与网络I/O处理速度,降低系统的负载。注意:如果图片显示不正常把这个改成off。
autoindex on; #开启目录列表访问,合适下载服务器,默认关闭。
tcp_nopush on; #防止网络阻塞
tcp_nodelay on; #防止网络阻塞
keepalive_timeout 120; #长连接超时时间,单位是秒
#FastCGI相关参数是为了改善网站的性能:减少资源占用,提高访问速度。下面参数看字面意思都能理解。
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
#gzip模块设置
gzip on; #开启gzip压缩输出
gzip_min_length 1k; #最小压缩文件大小
gzip_buffers 4 16k; #压缩缓冲区
gzip_http_version 1.0; #压缩版本(默认1.1,前端如果是squid2.5请使用1.0)
gzip_comp_level 2; #压缩等级
gzip_types text/plain application/x-javascript text/css application/xml;
#压缩类型,默认就已经包含text/html,所以下面就不用再写了,写上去也不会有问题,但是会有一个warn。
gzip_vary on;
#limit_zone crawler $binary_remote_addr 10m; #开启限制IP连接数的时候需要使用
upstream blog.ha97.com {
#upstream的负载均衡,weight是权重,可以根据机器配置定义权重。weigth参数表示权值,权值越高被分配到的几率越大。
server 192.168.80.121:80 weight=3;
server 192.168.80.122:80 weight=2;
server 192.168.80.123:80 weight=3;
}
#虚拟主机的配置
server
{
#监听端口
listen 80;
#域名可以有多个,用空格隔开
server_name www.ha97.com ha97.com;
index index.html index.htm index.php;
root /data/www/ha97;
location ~ .*\.(php|php5)?$
{
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
#图片缓存时间设置
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 10d;
}
#JS和CSS缓存时间设置
location ~ .*\.(js|css)?$
{
expires 1h;
}
#日志格式设定
log_format access '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';
#定义本虚拟主机的访问日志
access_log /var/log/nginx/ha97access.log access;
#对 "/" 启用反向代理
location / {
proxy_pass http://127.0.0.1:88;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
#后端的Web服务器可以通过X-Forwarded-For获取用户真实IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#以下是一些反向代理的配置,可选。
proxy_set_header Host $host;
client_max_body_size 10m; #允许客户端请求的最大单文件字节数
client_body_buffer_size 128k; #缓冲区代理缓冲用户端请求的最大字节数,
proxy_connect_timeout 90; #nginx跟后端服务器连接超时时间(代理连接超时)
proxy_send_timeout 90; #后端服务器数据回传时间(代理发送超时)
proxy_read_timeout 90; #连接成功后,后端服务器响应时间(代理接收超时)
proxy_buffer_size 4k; #设置代理服务器(nginx)保存用户头信息的缓冲区大小
proxy_buffers 4 32k; #proxy_buffers缓冲区,网页平均在32k以下的设置
proxy_busy_buffers_size 64k; #高负荷下缓冲大小(proxy_buffers*2)
proxy_temp_file_write_size 64k;
#设定缓存文件夹大小,大于这个值,将从upstream服务器传
}
#设定查看Nginx状态的地址
location /NginxStatus {
stub_status on;
access_log on;
auth_basic "NginxStatus";
auth_basic_user_file conf/htpasswd;
#htpasswd文件的内容可以用apache提供的htpasswd工具来产生。
}
#本地动静分离反向代理配置
#所有jsp的页面均交由tomcat或resin处理
location ~ .(jsp|jspx|do)?$ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080;
}
#所有静态文件由nginx直接读取不经过tomcat或resin
location ~ .*.(htm|html|gif|jpg|jpeg|png|bmp|swf|ioc|rar|zip|txt|flv|mid|doc|ppt|pdf|xls|mp3|wma)$
{ expires 15d; }
location ~ .*.(js|css)?$
{ expires 1h; }
}
}