Nginx
The concept: Nginx ( "the X-Engine") is a by Russian designer Igor Sysoev procedures developed high-performance Web server and reverse proxy, also a IMAP / POP3 / SMTP proxy server.
In the case of high concurrent connections, Nginx Apache server is a good substitute.
N What ginx do ? : Reverse proxy , forward proxy , load balancing , HTTP server (containing static and dynamic separation)
Forward proxy: for the client, the proxy server proxy client, forward the request to obtain the contents and returned to the client.
Reverse Proxy: For the client, the proxy server is like the original server , web server proxy cluster node returns the result.
Load balancing : its meaning is assessed to be executed on multiple operating units, such as Web servers, FTP servers, business-critical application servers and other mission-critical servers, so as to work together to complete the task.
And Nginx comes currently supports three kinds of load balancing strategy, there are two commonly used third-party policy :
the RR : polling according to load (default) mode, each request individually assigned to a different time order back-end server, if back-end server is down, automatically excluded. Although simple this way, low cost. But the disadvantage is: reliability, low and uneven load distribution.
Weight : polling a chance proportional to weight ratio and access, for the case where unevenness backend server performance.
upstream test{
server localhost:8080 weight=9;
server localhost:8081 weight=1;
} # Case 8080 and 8081 90% and 10%, respectively.
ip_hash : The above two kinds of methods have a problem that the next time a request to the request may be distributed to another server, when our program is not stateless (using the session save data), this time there is a very big problem, such as to save the login information to the session, then jump to another server when you need to log in again, so many times we only need a client access to a server, then you need to use the iphash , iphash each request assigned by hash result access ip so that each visitor to access a fixed back-end server, can solve the problem of session.
upstream test {
ip_hash;
server localhost:8080;
server localhost:8081;
}
Fair (third party) : according to the response time of the allocation request to the backend server, a short response time priority allocation.
upstream backend {
fair;
server localhost:8080;
server localhost:8081;
}
url_hash (third party) : Access hash results to allocation request url, each url directed to the same back-end server, the back end server is effective when the cache. Hash join statement in the upstream, server statement can not be written other parameters such as weight, hash_method hash algorithm is used.
upstream backend {
hash $request_uri;
hash_method crc32;
server localhost:8080;
server localhost:8081;
}
HTTP Server : Nginx itself is a static resource server, when only static resources, you can use the server Nginx to do, but now also popular movement separation can be achieved by Nginx, static and dynamic separation is to make dynamic websites where dynamic pages according to certain rules to distinguish the same resources and often becomes a resource area, static and dynamic resource well after the split, we can according to the characteristics of static resources to do the cache operation, which is the site of the core static treatment ideas.
installation:
1. Download Nginx , Download: http://nginx.org/download/nginx-1.6.2.tar.gz
2, extract the installation package
[root@proxy lnmp_soft]# tar -xf nginx-1.12.2.tar.gz
3, enter the installation package directory
[root@proxy lnmp_soft]# cd nginx-1.12.2/
4, compile and install
(1) First, a package is mounted reliance
[root @ proxy nginx-1.12.2] # yum -y install gcc pcre-devel openssl-devel
(2) Create a user ()
[root @ Proxy nginx-1.12.2] # useradd -s / sbin / nologin nginx
(3) compile and install
[root @ proxy nginx-1.12.2] # ./configure \
--prefix = / usr / local / nginx \ # specify the installation path
--user = nginx \ # specify the user
--group = nginx \ # specified group
--with-http_ssl_module # turn on SSL encryption
[Root @ proxy nginx-1.12.2] # make && make install # compile and install
This, nginx installation is complete.
5, use the command nginx
[Root @ proxy ~] # / usr / local / nginx / sbin / nginx # Start Service
[Root @ proxy ~] # / usr / local / nginx / sbin / nginx -s stop # service shut down
[Root @ proxy ~] # / usr / local / nginx / sbin / nginx -s reload # Restart
[Root @ proxy ~] # / usr / local / nginx / sbin / nginx -V # View software information
6, see the port, check for a successful start
[root@proxy ~]# netstat -anptu | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 10441/nginx
7, the client test access:
[root @ Client ~] # Firefox http://192.168.4.5
8, page-user authentication: through the realization of certification of Nginx Web page, you need to modify Nginx configuration file, add the auth user authentication statement in the configuration file. Finally, create a user and password to use the htpasswd command
① modify the configuration file:
[root @ Proxy ~] # vim /usr/local/nginx/conf/nginx.conf
.. ..
server {
listen 80;
server_name localhost;
auth_basic "Input Password:"; # authentication prompt information
auth_basic_user_file "/ usr / local / nginx / pass"; # authentication password file
location / {
root html;
index index.html index.htm;
}
}
② generate a password file, create a user ID and password, use the create account command htpasswd file, you need to make sure that the system has been installed httpd-tools.
[root @ proxy ~] # yum -y install httpd-tools
[Root @ proxy ~] # htpasswd -c / usr / local / nginx / pass tom # create the password file
New password:
Re-type new password:
Adding password for user tom
[root @ proxy ~] # htpasswd / usr / local / nginx / pass jerry # additional users, do not use the -c option
New password:
Re-type new password:
Adding password for user jerry
③ [root @ proxy ~] # / usr / local / nginx / sbin / nginx -s reload # reload the configuration file
④ Test Access
[root @ client ~] # firefox http://192.168.4.5 # After entering the password can access
9, extension, the configuration of other types of hosts:
10, host-based encryption site , source installation must be used when Nginx --with-http_ssl_module parameters, enable encryption module for the site needs to add ssl SSL encryption processing related instructions (set site requires private key and certificate).
1) generating a private key and certificate
[root@proxy ~]# cd /usr/local/nginx/conf
[Root @ proxy ~] # openssl genrsa> cert.key # generates a secret key
[Root @ proxy ~] # openssl req -new -x509 -key cert.key> cert.pem # generate a certificate
2) modify the Nginx configuration file, encrypted Web site set up virtual hosts
[root@proxy ~]# vim /usr/local/nginx/conf/nginx.conf
… …
server {
listen 443 ssl;
server_name www.c.com;
ssl_certificate cert.pem; # This is the certificate file
ssl_certificate_key cert.key; # This is the private key file
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
3) reload the configuration
[root@proxy ~]# /usr/local/nginx/sbin/nginx -s reload
# Make sure nginx is a start state, or run the command error, the error message is as follows:
#[error] open() "/usr/local/nginx/logs/nginx.pid" failed (2: No such file or directory)
Step Two: Verify client
1) modify the client host / etc / hosts file 192.168.4.10, the domain name resolution
[root@client ~]# vim /etc/hosts
192.168.4.5 www.c.com www.a.com www.b.com
2) Log 192.168.4.10 client host test
[Root @ client ~] # after firefox https://www.c.com # trust certificates can be accessed