Table of contents
1. Introduction to the six modules of the global configuration
2. Detailed explanation of Nginx configuration file
1) Global configuration module
4) Web service monitoring settings
Common configuration commands for location: "root, alias, proxy_pass
3. Access status statistics and control
① View related modules of access statistics configuration
②Modify the main configuration file and add the access status statistics module
Example: Use a script to query concurrency with one click
2) Authorization-based access control
① Generate user password authentication file
② Modify the main configuration
③ Restart the service and conduct an access test
3) Client-based access control
Four, Nginx virtual host settings
1) Domain name-based virtual hosting
① Domain name preparation and web page preparation
②Modification of the main configuration file
③Restart the service and access the test
2) IP-based Nginx virtual host
② Modify the main configuration file
③Restart the service and access the test
3) Nginx virtual host based on port
① Modify the main configuration file
②Restart the service, test access test
1. Introduction to the six modules of the global configuration
-
Global block: global configuration, effective for the whole world
-
events block: configuration affects the network connection between the Nginx server and the user
-
http block: configuration of most functions such as proxy, cache, log definition and configuration of third-party modules
-
Server block: configure the relevant parameters of the virtual host, there can be multiple server blocks in one http block
-
location block: used to configure the matching uri
- upstream: Configure the specific address of the backend server, an indispensable part of load balancing configuration
Note: The content source of the location match is the URI from the web page, not the URL (the URL represents the entire link such as: www.baidu.com/images/search, and the URI is /images/search. So the location of nginx matches the URI )
2. Detailed explanation of Nginx configuration file
1) Global configuration module
It is the content from the beginning of the configuration file to the events block, mainly setting configuration instructions that affect the overall operation of the nginx server. For example, worker_process, the larger the value, the more concurrent processing it can support, but it is still related to the hardware of the server
vim /usr/local/nginx/conf/nginx.conf 
2) I/O event configuration
#如提高每个进程的连接数还需执行“ulimit -n 65535”命令临时修改本地每个进程可以同时打开的最大文件数To make permanent changes:
[root@localhost init.d]#vim /etc/security/limits.conf
Note: The event processing of software and hardware must be set to take effect, and after saving and exiting, it will take effect only after reconnecting to view
#在Linux平台上,在进行高并发TCP连接处理时,最高的并发数量都要受到系统对用户单一进程同时可打开文件数量的限制(这是因为系统为每个TCP连接都要创建一个socket句柄,每个socket句柄同时也是一个文件句柄)。
#可使用ulimit -a命令查看系统允许当前用户进程打开的文件数限制。
#epoll是Linux内核为处理大批句柄而作改进的poll,是Linux下多路复用IO接口select/poll的增强版本,它能显著的减少程序在大量并发连接中只有少量活跃的情况下的系统CPU利用率。(实现异步非阻塞)
3) HTTP configuration
4) Web service monitoring settings
5) Other settings
日志格式设定:
$remote_addr与$http_x_forwarded_for用以记录客户端的ip地址
$remote_user:用来记录客户端用户名称
$time_local: 用来记录访问时间与时区
$request: 用来记录请求的url与http协议
$status: 用来记录请求状态;成功是200
$body_bytes_sent :记录发送给客户端文件主体内容大小
$http_referer:用来记录从哪个页面链接访问过来的
$http_user_agent:记录客户浏览器的相关信息Usually the web server is placed behind the reverse proxy, so that the client's IP address cannot be obtained, and the IP address obtained through $remote_add is the IP address of the reverse proxy server. The reverse proxy server can add x_forwarded_for information in the http header information of the forwarding request to record the IP address of the original client and the server address of the original client request
Common configuration commands for location : "root, alias, proxy_pass
- root (root path configuration): root /var/www/html
Requesting www.kgc.com/test/1.html will return the file /var/www/html/test/1.html
- alias (alias configuration): alias /var/www/html
Requesting www.yang.com/test/1.html will return the file /var/www/html/1.html
Compared:
What is the difference between alias /var/www/html and root /var/www/html when setting location /test{ }?
- alias is an alias setting, put the set web page under /var/www/html, visit
- root is the root directory setting, put the set web page under /var/www/html/test, visit
proxy_pass (reverse proxy configuration)
3. Access status statistics and control
1) Access status statistics
① View related modules of access statistics configuration
cat /opt/nginx-1.22.0/auto/options | grep YES #可查看 nginx 已安装的所有模块
[root@localhost ~]#/usr/local/nginx/sbin/nginx -V
查看已安装的 Nginx 是否包含 HTTP_STUB_STATUS 模块
②Modify the main configuration file and add the access status statistics module
#主配置备份,防止设置错误,无法还原
cd /usr/local/nginx/conf
cp nginx.conf nginx.conf.bak
Modify the master configuration operation:
vim /usr/local/nginx/conf/nginx.conf
server {
listen 80;
server_name www.yang.com;
charset utf-8;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
location /status {
stub_status on;
access_log off;
}
Restart the nginx service and access the test:
In addition: you can also curl -Ls http://192.168.73.105/status combined with awk and if statement for performance monitoring
Example: Use a script to query concurrency with one click
Requirement: When the concurrency is greater than 2 every 10 seconds, an early warning is sent
[root@bogon ~]# vim a.sh
#!/bin/bash
while true
do
#筛选静态状态的第三部分
a=$(curl -Ls 192.168.231.102/status | awk '/Active connections/{print $3}')
if [ $a -gt 2 ];then
echo "警报!当前并发连续过高!当前并发数为:$a"
fi
sleep 10 #睡眠10秒
done
~ 
Log in and access with another virtual machine, and then run the script
#查看并发连接数的另一种方法
netstat/ss -natp | grep nginx | grep -c ESTABLISHED2) Authorization-based access control
① Generate user password authentication file
yum install -y httpd-tools
htpasswd -c /usr/local/nginx/passwd.db zhangsan
chown nginx /usr/local/nginx/passwd.db
chmod 400 /usr/local/nginx/passwd.db
② Modify the main configuration
vim /usr/local/nginx/conf/nginx.conf
server {
location / {
......
##添加认证配置##
auth_basic "secret"; #设置密码提示框文字信息
auth_basic_user_file /usr/local/nginx/passwd.db;
}
}
③ Restart the service and conduct an access test
3) Client-based access control
The setting method is similar to the black and white list
Access before setting, other host access test:
The access control rules are as follows:
deny IP/IP 段:拒绝某个 IP 或 IP 段的客户端访问
allow IP/IP 段:允许某个 IP 或 IP 段的客户端访问
规则从上往下执行,如匹配则停止,不再往下匹配vim /usr/local/nginx/conf/nginx.conf
......
server {
location / {
......
##添加控制规则##
allow 192.168.73.105; #允许访问的客户端 IP
deny all; #拒绝其它IP客户端访问
}
}
Access test after setup:
Four, Nginx virtual host settings
Compared with Apache's virtual host settings, Nginx's settings are very simple, only need to modify the relevant configuration in the main configuration to achieve the virtual host effect
1) Domain name-based virtual hosting
① Domain name preparation and web page preparation
[root@localhost conf]#echo "192.168.73.105 www.test1.com www.test2.com" >> /etc/hosts
[root@localhost conf]#mkdir -p /var/www/html/test1
[root@localhost conf]#mkdir -p /var/www/html/test2
[root@localhost conf]#echo "<h1>this is test1</h1>" > /var/www/html/test1/index.html
[root@localhost conf]#echo "<h1>this is test2</h1>" > /var/www/html/test2/index.html
②Modification of the main configuration file
vim /usr/local/nginx/conf/nginx.conf
http {
......
server {
listen 80;
server_name www.test1.com;
charset utf-8;
access_log logs/www.test1.access.log;
location / {
root /var/www/html/test1;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name www.test2.com;
charset utf-8;
access_log logs/www.test2.access.log;
location / {
root /var/www/html/test2;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
..............
}
}
③Restart the service and access the test
2) IP-based Nginx virtual host
①Set the virtual host IP
[root@localhost conf]#ifconfig ens33:0 192.168.73.200/24
[root@localhost conf]#ifconfig ens33:0 
② Modify the main configuration file
vim /usr/local/nginx/conf/nginx.conf
......
http {
......
server {
listen 192.168.73.105:80;
server_name www.test1.com;
charset utf-8;
access_log logs/www.test1.access.log;
location / {
root /var/www/html/test1;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 192.168.73.200:80;
server_name www.test2.com;
charset utf-8;
access_log logs/www.test2.access.log;
location / {
root /var/www/html/test2;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
..........
}
③Restart the service and access the test
3) Nginx virtual host based on port
① Modify the main configuration file
[root@localhost conf]#vim /usr/local/nginx/conf/nginx.conf
......
http {
......
server {
listen 192.168.73.105:666;
server_name www.test1.com;
charset utf-8;
access_log logs/www.test1.access.log;
location / {
root /var/www/html/test1;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 192.168.73.105:888;
server_name www.test2.com;
charset utf-8;
access_log logs/www.test2.access.log;
location / {
root /var/www/html/test2;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
..........
}
②Restart the service, test access test
