listen command can only be used with the server field
If the local call can listen to local Unix socket file, performance is more, because you do not take the core network protocol stack
listen unix:/var/run/nginx.sock;
For added listening port address; represents the matching port 8000 of 127.0.0.1 request
listen 127.0.0.1:8000;
This machine monitor all IP ports
listen 8000;
Or so indicate
listen *:8000;
Listening IPV6 address
listen [::]:8000 ipv6only=on;
Processing the HTTP request header process
After the kernel and the client has established tcp connection, according to the port judges that the access of clients to the system that the system processing, which is the port (448 or 80) our nginx listening, is the port requested by the client, which is a kernel based load balancing algorithm to select a work process in a epoll_wait the established method returns a handle, which is a reading event, read request, according to the request with the call to accept the connection method of allocating memory pool, the next step is to call ngx_http_init_connection http module processing method Add epll_ctl reading event and add a timer, 60 seconds if no request is received, times out; user requests to read data from the kernel and user mode memory allocation in kernel space may be provided default assignment 1k,
Receiving a user request after the line memory pool allocation request, the default 4K can be adjusted, then the state machine to parse the request, if it is found when parsing the url 1k memory fit, Nginx automatically expanded memory, the default maximum expanded to 4 8k indicating that the first data replication 1k 8k years, with the remaining 7k to accept user in the rest of the url, if not enough will be allocated 8k, the default maximum allocation 32k, built by nginx variable that identifies the url, then parse http the header portion, the large memory allocation large memory shared memory and the big idea of the URL, the server determines the block header identifying the processing request, when the header portion identifies the full, it is removed timer 11 starts http request stage deal with
nginx regular
Metacharacters
We can match any character except newline
\w 可以匹配字母或者数字会在下划线或者数字
\s 匹配任意的空白字符
\d 匹配数字
\b 匹配单词开始或结束
^匹配字符串的开始
$匹配字符串的结束
重复
* 重复零次或多次
+ 重复1次或更多次
?重复零次或一次
{n} 重复n次
{n,}重复n次或者更多次
{n,m}重复n到m次
实例
server name 指令
server { server_name chenxi.com www.cx.com; server_name_in_redirect off; return 302 /redirect; } [root@nginx conf]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.10.90 chenxi.com www.cx.com [root@nginx conf]# nginx -s reload [root@nginx conf]# curl http://www.cx.com -I HTTP/1.1 302 Moved Temporarily Server: nginx/1.15.12 Date: Sat, 08 Jun 2019 22:16:19 GMT Content-Type: text/html Content-Length: 146 Location: http://www.cx.com/redirect 默认返回的是你访问的域名加后面的redirect Connection: keep-alive 调整配置文件 server { server_name chenxi.com www.cx.com; server_name_in_redirect on; 改成on return 302 /redirect; } 测试 [root@nginx conf]# nginx -s reload [root@nginx conf]# curl http://www.cx.com -I HTTP/1.1 302 Moved Temporarily Server: nginx/1.15.12 Date: Sat, 08 Jun 2019 22:19:27 GMT Content-Type: text/html Content-Length: 146 Location: http://chenxi.com/redirect 返回的是主域名跳转 Connection: keep-alive
其他用法
.chenxi.com可以匹配chenxi.com和*.chenxi.com
_匹配所有
“”匹配没有传递的Host头部
server匹配顺序
精确匹配
*.在前面的泛域名
*.在后面的泛域名
文件中顺序正则匹配的域名
default server
第一个listen指定的default
http 的11个阶段
realip模块可以获取真实客户端地址
如何拿到用户真实IP
拿到用户IP如何使用
默认不会编译到nginx中的, --with-http_realip_module 将模块编译到nginx中
模块指令的介绍
set_real_ip_from address
| CIDR
| unix:
;
可用范围:http
, server
, location
默认值为空
表示从这个IP发来的请求从头部去取用户的IP;定义的是前端代理或者cdn地址
real_ip_header field
| X-Real-IP
| X-Forwarded-For
| proxy_protocol
; 定义要取得变量默认X-Real-IP
可用范围:http,server,location
real_ip_recursive on | off; 表示如过客户端IP与代理IP相同之间跳过 real_ip_recursive off; 默认 可用范围:http,server,location
修改配置文件查看效果
server{ server_name chenxi.com www.cx.com; error_log logs/myerror.log debug; set_real_ip_from 192.168.10.90; real_ip_recursive off; real_ip_header X-Forwarded-For; location /{ return 200 "Client real ip : $remote_addr\n"; } } nginx -s reload 测试 [root@nginx conf]# curl -H "X-Forwarded-For: 1.1.1.1,192.168.10.90" chenxi.com Client real ip : 192.168.10.90
修改配置文件开启real_ip_recursive on 查看效果
server{ server_name chenxi.com www.cx.com; error_log logs/myerror.log debug; set_real_ip_from 192.168.10.90; real_ip_recursive on; real_ip_header X-Forwarded-For; location /{ return 200 "Client real ip : $remote_addr\n"; } } nginx -s reload [root@nginx conf]# curl -H "X-Forwarded-For: 1.1.1.1,192.168.10.90" chenxi.com Client real ip : 1.1.1.1 触发了动作使用之前的地址
官网介绍http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
http_rewrite_module 模块介绍
return 指令介绍
实例
server { server_name haha.com; listen 8080; root html/; error_page 404 /403.html; #return 405; location /{ #return 404 "find nothing!\n"; } } nginx -s reload 加载测试 [root@nginx html]# echo "sdddf" > 403.html [root@nginx vhost]# curl http://haha.com:8080/aa.html sdddf 修改配置文件 server { server_name haha.com; listen 8080; root html/; error_page 404 /403.html; #return 405; location /{ return 404 "find nothing!\n"; } } nginx -s reload 加载测试 [root@nginx vhost]# curl http://haha.com:8080/aa.html find nothing!
修改配置
[root@nginx vhost]# vim test.conf server { server_name haha.com; listen 8080; root html/; error_page 404 /403.html; return 405; location /{ return 404 "find nothing!\n"; } } [root@nginx conf]# nginx -s reload [root@nginx vhost]# curl http://haha.com:8080/aa.html <html> <head><title>405 Not Allowed</title></head> <body> <center><h1>405 Not Allowed</h1></center> <hr><center>nginx/1.15.12</center> </body> </html>