下载nginx
[root@nginx ~]# wget -c https://nginx.org/download/nginx-1.24.0.tar.gz
[root@nginx ~]# tar zxf nginx-1.24.0.tar.gz
创建nginx用户
[root@nginx nginx-1.24.0]# useradd -s /sbin/nologin -M nginx
先安装依赖
dnf install gcc pcre-devel zlib-devel openssl-devel -y[root@nginx nginx-1.24.0]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module
注意:如果没有提前安装依赖,会报以下错误
./configure: error: the HTTP rewrite module requires the PCRE library.
You can either disable the module by using --without-http_rewrite_module
option, or install the PCRE library into the system, or build the PCRE library
statically from the source with nginx by using --with-pcre=<path> option.
可以先一个个 dnf install pcre-devel -y
安装编译
make && make install[root@nginx nginx-1.24.0]# ll
total 820
drwxr-xr-x 6 nginx nginx 4096 Aug 15 10:56 auto
-rw-r--r-- 1 nginx nginx 323312 Apr 11 2023 CHANGES
-rw-r--r-- 1 nginx nginx 494234 Apr 11 2023 CHANGES.ru
drwxr-xr-x 2 nginx nginx 168 Aug 15 10:56 conf
-rwxr-xr-x 1 nginx nginx 2611 Apr 11 2023 configure
drwxr-xr-x 4 nginx nginx 72 Aug 15 10:56 contrib
drwxr-xr-x 2 nginx nginx 40 Aug 15 10:56 html
-rw-r--r-- 1 nginx nginx 1397 Apr 11 2023 LICENSE
-rw-r--r-- 1 root root 438 Aug 15 11:02 Makefile
drwxr-xr-x 2 nginx nginx 21 Aug 15 10:56 man
drwxr-xr-x 3 root root 174 Aug 15 11:03 objs
-rw-r--r-- 1 nginx nginx 49 Apr 11 2023 README
drwxr-xr-x 9 nginx nginx 91 Aug 15 10:56 src
[root@nginx nginx-1.24.0]# cd objs/
[root@nginx objs]# ls
autoconf.err nginx ngx_auto_config.h ngx_modules.c src
Makefile nginx.8 ngx_auto_headers.h ngx_modules.o
[root@nginx objs]# nginx
bash: nginx: command not found...
Install package 'nginx-core' to provide command 'nginx'? [N/y] n
# 启动nginx
[root@nginx objs]# ./nginx
[root@nginx objs]# ps aux | grep nginx
root 42828 0.0 0.0 9836 928 ? Ss 11:39 0:00 nginx: master process ./nginx
nginx 42829 0.0 0.1 13724 4844 ? S 11:39 0:00 nginx: worker process
root 42834 0.0 0.0 221664 2168 pts/0 S+ 11:40 0:00 grep --color=auto nginx关闭nginx
[root@nginx objs]# /usr/local/nginx/sbin/nginx -s stop
[root@nginx objs]# ps aux | grep nginx
root 42837 0.0 0.0 221664 2352 pts/0 S+ 11:41 0:00 grep --color=auto nginx删除nginx
[root@nginx objs]# rm -rf /usr/local/nginx/
[root@nginx objs]# make clean
不启用debug模块
[root@nginx nginx-1.24.0]# vim auto/cc/gcc
nginx软件的执行路径添加到环境变量中
[root@nginx ~]# vim ~/.bash_profile
export PATH=$PATH:/usr/local/nginx/sbin
[root@nginx ~]# source ~/.bash_profile
[root@nginx ~]# nginx
看nginx软件的大小
[root@nginx ~]# du -sh /usr/local/nginx/sbin/nginx
5.5M /usr/local/nginx/sbin/nginx改变服务版本信息
[root@nginx ~]# cd /usr/local/nginx/conf/
[root@nginx conf]# vim nginx.conf
[root@nginx conf]# curl -I 192.168.136.100
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Thu, 15 Aug 2024 03:52:15 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Thu, 15 Aug 2024 03:03:35 GMT
Connection: keep-alive
ETag: "66bd7007-267"
Accept-Ranges: bytes平滑升级和平滑回滚
下载高版本的
将echo-nginx-module-0.63.tar.gz 上传到本地家目录下
开始编译新版本
[root@nginx nginx-1.26.2]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --add-module=/root/echo-nginx-module-0.63 --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module
只要make无需要make install
[root@nginx nginx-1.26.2]# make
查看两个版本
[root@nginx nginx-1.26.2]# ll objs/nginx /usr/local/nginx/sbin/nginx
-rwxr-xr-x 1 root root 6177456 Aug 15 13:06 objs/nginx
-rwxr-xr-x 1 root root 5679504 Aug 15 11:03 /usr/local/nginx/sbin/nginx把之前的旧版的nginx命令备份
[root@nginx nginx-1.26.2]# cd /usr/local/nginx/sbin/
[root@nginx sbin]# ll
total 5548
-rwxr-xr-x 1 root root 5679504 Aug 15 11:03 nginx
[root@nginx sbin]# mv nginx nginx.old把新版本的nginx命令复制过去
[root@nginx sbin]# \cp -f /root/nginx-1.26.2/objs/nginx /usr/local/nginx/sbin/
检测一下有没有问题
[root@nginx sbin]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@nginx sbin]# nginx -s restart[root@nginx sbin]# nginx
[root@nginx sbin]# ps aux | grep nginx
root 47861 0.0 0.0 9836 932 ? Ss 13:48 0:00 nginx: master process nginx
nginx 47862 0.0 0.1 13724 4816 ? S 13:48 0:00 nginx: worker process
root 47864 0.0 0.0 221664 2272 pts/0 S+ 13:48 0:00 grep --color=auto nginx
[root@nginx sbin]# kill -USR2 47861
[root@nginx sbin]# ps aux | grep nginx
root 47861 0.0 0.0 9836 3196 ? Ss 13:48 0:00 nginx: master process nginx
nginx 47932 0.0 0.1 13736 4956 ? S 14:05 0:00 nginx: worker process
root 47939 0.0 0.1 9872 5952 ? S 14:06 0:00 nginx: master process nginx
nginx 47940 0.0 0.1 13760 4736 ? S 14:06 0:00 nginx: worker process
root 47942 0.0 0.0 221664 2256 pts/0 S+ 14:06 0:00 grep --color=auto nginx
#回收旧版本
[root@nginx sbin]# kill -WINCH 47861
#检测版本信息
[root@nginx sbin]# curl -I localhost
HTTP/1.1 200 OK
Server: nginx/1.26.2
Date: Thu, 15 Aug 2024 06:07:15 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Thu, 15 Aug 2024 03:03:35 GMT
Connection: keep-alive
ETag: "66bd7007-267"
Accept-Ranges: bytes
#平滑回滚
[root@nginx sbin]# kill -HUP 47861
隐藏
[root@nginx nginx]# vim /root/nginx-1.26.2/src/core/nginx.h
Nginx 核心配置详解
[root@nginx conf]# vim nginx.conf
[root@nginx conf]# nginx -g "worker_processes 6;"
[root@nginx conf]# ps aux | grep nginx
root 48272 0.0 0.0 9872 940 ? Ss 16:10 0:00 nginx: master process nginx -g worker_processes 6;
nginx 48273 0.0 0.1 13772 4864 ? S 16:10 0:00 nginx: worker process
nginx 48274 0.0 0.1 13772 4864 ? S 16:10 0:00 nginx: worker process
nginx 48275 0.0 0.1 13772 4864 ? S 16:10 0:00 nginx: worker process
nginx 48276 0.0 0.1 13772 4864 ? S 16:10 0:00 nginx: worker process
nginx 48277 0.0 0.1 13772 4864 ? S 16:10 0:00 nginx: worker process
nginx 48278 0.0 0.1 13772 4864 ? S 16:10 0:00 nginx: worker process
root 48280 0.0 0.0 221664 2328 pts/0 S+ 16:10 0:00 grep --color=auto nginx
写启动文件
[root@nginx conf]# vim /lib/systemd/system/nginx.service
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
[root@nginx conf]# systemctl daemon-reload
[root@nginx conf]# nginx -s stop
[root@nginx conf]# ps aux | grep nginx
root 48382 0.0 0.0 221664 2268 pts/0 S+ 16:19 0:00 grep --color=auto nginx
[root@nginx conf]# systemctl enable --now nginx
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.
[root@nginx conf]# ps aux | grep nginx
root 48411 0.0 0.0 9872 944 ? Ss 16:20 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 48412 0.0 0.1 13772 4824 ? S 16:20 0:00 nginx: worker process
root 48414 0.0 0.0 221664 2196 pts/0 S+ 16:20 0:00 grep --color=auto nginx
将Nginx工作进程绑定到指定的CPU核心
worker_cpu_affinity 将Nginx工作进程绑定到指定的CPU核心,默认Nginx是不进行进程绑定的,绑定并不是意味着当前nginx进 程独占以一核心CPU,但是可以保证此进程不运行在其他核心上,这就极大减少了nginx的工作进程在不同的 cpu核心上的来回跳转,减少了CPU对进程的资源分配与回收以及内存管理等,因此可以有效的提升nginx服务 器的性能。
user nginx; #启动Nginx工作进程的用户
worker_processes 4; #启动Nginx工作进程的数量,一般设为和CPU核心数相同
worker_cpu_affinity 0001 0010 0100 1000; [root@nginx ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful实现 nginx 的高并发配置
修改pam限制
查看ulimit
[root@nginx conf]# sudo -u nginx ulimit -n
1024[root@nginx conf]# vim /etc/security/limits.conf
设置单个工作进程的最大并发连接数
测试访问
[root@nginx conf]# ab -n 100 -c 50 http://192.168.136.100/index.html
This is ApacheBench, Version 2.3 <$Revision: 1879490 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking 192.168.136.100 (be patient).....done
Server Software: nginx/1.26.2
Server Hostname: 192.168.136.100
Server Port: 80
Document Path: /index.html
Document Length: 615 bytes
Concurrency Level: 50
Time taken for tests: 0.006 seconds
Complete requests: 100
Failed requests: 0
Total transferred: 84800 bytes
HTML transferred: 61500 bytes
Requests per second: 15444.02 [#/sec] (mean)
Time per request: 3.237 [ms] (mean)
Time per request: 0.065 [ms] (mean, across all concurrent requests)
Transfer rate: 12789.58 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 1 0.4 1 2
Processing: 0 1 1.0 1 4
Waiting: 0 1 1.1 1 4
Total: 1 2 1.3 2 5
Percentage of the requests served within a certain time (ms)
50% 2
66% 2
75% 2
80% 2
90% 5
95% 5
98% 5
99% 5
100% 5 (longest request)
新建一个 PC web 站点
配置子配置文件(可选),在主配置文件添加一行
[root@nginx ~]# vim /usr/local/nginx/conf/nginx.conf
[root@nginx ~]# mkdir -p /usr/local/nginx/conf.d
[root@nginx ~]# vim /usr/local/nginx/conf.d/vhost.conf
server {
listen 80;
server_name www.jieyu.org;
root /data/web/html;
index index.html;
}
[root@nginx ~]# mkdir -p /data/web/html
[root@nginx ~]# echo www.jieyu.org > /data/web/html/index.html
[root@nginx ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
^C
[root@nginx ~]# nginx -s reload
修改C:\Windows\System32\drivers\etc\hosts 添加以下解析
192.168.136.100 www.jieyu.org
测试访问
root 与 alias
root:指定web的家目录,在定义location的时候,文件的绝对路径等于 root+location
root示例:
[root@nginx ~]# vim /usr/local/nginx/conf.d/vhost.conf
server {
listen 80;
server_name www.jieyu.org;
root /data/web/html;
index index.html;
location /test1 {
root /data/web;
}
}
[root@nginx ~]# mkdir -p /data/web/test1
[root@nginx ~]# echo /data/web/test1 > /data/web/test1/index.html
[root@nginx ~]# nginx -s reload测试
alias:定义路径别名,会把访问的路径重新定义到其指定的路径,文档映射的另一种机制;仅能用于 location上下文,此指令使用较少
server {
listen 80;
server_name www.jieyu.org;
root /data/web/html;
index index.html;
location /test1 {
root /data/web;
}
location /test2 {
alias /data/web/test1;
}
}
location 的详细使用
在一个server中location配置段可存在多个,用于实现从uri到文件系统的路径映射;
ngnix会根据用户请求的URI来检查定义的所有location,按一定的优先级找出一个最佳匹配, 而后应用其配置在没有使用正则表达式的时候,nginx会先在server中的多个location选取匹配度最 高的一个uri uri是用户请求的字符串,即域名后面的web文件路径 然后使用该location模块中的正则url和字符串,如果匹配成功就结束搜索,并使用此location处理 此请求。
匹配以html或者yu结尾
location ~ .(html|yu)$ {
root /data/web1;
}[root@nginx test]# pwd
/data/web1/test
[root@nginx web]# mkdir -p /data/web{1..5}/test
[root@nginx web]# echo web1 > /data/web1/test/index.html
[root@nginx web]# echo web2 > /data/web2/test/index.html
[root@nginx web]# echo web3 > /data/web3/test/index.html
[root@nginx web]# echo web4 > /data/web4/test/index.html
[root@nginx web]# echo web5 > /data/web5/test/index.html
文件和目录的优先级不一样
创建默认认证文件
[root@nginx ~]# htpasswd -cm /usr/local/nginx/.htpasswd yujie # -c 会覆盖之前的用户
New password:
Re-type new password:
Adding password for user yujie
[root@nginx ~]# htpasswd -m /usr/local/nginx/.htpasswd admin
[root@nginx ~]# cat /usr/local/nginx/.htpasswd
yujie:$apr1$lqNM/m0v$1E.lLVqwHTc8Ji6UWNfJL.
admin:$apr1$OaJ1Hrgx$kRH2x6iOMt.DN97QrgQYd0
[root@nginx ~]# mkdir /data/web/yu
[root@nginx ~]# echo yu > /data/web/yu/index.html
加用户认证
server {
listen 80;
server_name www.jieyu.org;
root /data/web/html;
index index.html;
location /yu {
root /data/web;
auth_basic "login password !!";
auth_basic_user_file "/usr/local/nginx/.htpasswd";
}
}用户认证
自定义错误页
server {
listen 80;
server_name www.jieyu.org;
root /data/web/html;
index index.html;
error_page 404 /40x.html;
location /yu {
root /data/web;
auth_basic "login password !!";
auth_basic_user_file "/usr/local/nginx/.htpasswd";
}
location = /40x.html {
root /data/web/errorpage;
}
}
[root@nginx ~]# mkdir -p /data/web/errorpage
[root@nginx ~]# echo error page > /data/web/errorpage/40x.html
[root@nginx ~]# nginx -s reload
自定义错误日志与访问日志
[root@nginx ~]# mkdir /var/log/jieyu.org/
[root@nginx ~]# nginx -s reload 
[root@nginx ~]# cat /var/log/jieyu.org/access.log
192.168.136.1 - admin [16/Aug/2024:14:33:02 +0800] "GET /yu/ HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0" 
[root@nginx ~]# cat /var/log/jieyu.org/error.log
2024/08/16 14:34:13 [error] 2019#0: *19 open() "/data/web/yua" failed (2: No such file or directory), client: 192.168.136.1, server: www.jieyu.org, request: "GET /yua HTTP/1.1", host: "www.jieyu.org"检测文件是否存在
try_files会按顺序检查文件是否存在,返回第一个找到的文件或文件夹(结尾加斜线表示为文件夹),如果所有文件或文件夹都找不到,会进行一个内部重定向到最后一个参数。只有最后一个参数可以引起一 个内部重定向,之前的参数只设置内部URI的指向。最后一个参数是回退URI且必须存在,否则会出现内部500错误。
示例: 如果不存在页面, 就转到default.html页面
[root@nginx ~]# rm -rf /data/web/html/index.html
[root@nginx ~]# mkdir /data/web/html/error
[root@nginx ~]# echo error default > /data/web/html/error/default.html
长连接配置
长连接的测试工具
[root@nginx ~]# dnf install telnet -y
设定保持连接超时时长,0表示禁止长连接
让客户看到60s 实际65s
作为下载服务器配置
[root@nginx ~]# mkdir /data/web/download
[root@nginx ~]# dd if=/dev/zero of=/data/web/download/yufile bs=1M count=100
100+0 records in
100+0 records out
104857600 bytes (105 MB, 100 MiB) copied, 0.0395786 s, 2.6 GB/s
测试
nginx的状态页面
server {
listen 80;
server_name status.jieyu.org;
root /data/web/html;
index index.html;
location /status {
stub_status;
allow 192.168.136.1; #指定让谁看
deny all;
}
}更改 C:\Windows\System32\drivers\etc\hosts 文件
192.168.136.100 status.jieyu.org
因为指定了让192.168.136.1看 所以只能浏览器看
Nginx 压缩功能
Nginx支持对指定类型的文件进行压缩然后再传输给客户端,而且压缩还可以设置压缩比例,压缩后的文 件大小将比源文件显著变小,样有助于降低出口带宽的利用率,降低企业的IT支出,不过会占用相 应的CPU资源。
[root@nginx ~]# vim /usr/local/nginx/conf/nginx.conf
gzip on; #启用或禁用gzip压缩,默认关闭
gzip_comp_level 4; #压缩比由低到高从1到9,默认为1,值越高压缩后文件越小
gzip_min_length 1k; #gzip压缩的最小文件,小于设置值的文件将不会压缩
gzip_http_version 1.1; #启用压缩功能时,协议的最小版本,默认HTTP/1.1
gzip_vary on; #如果启用压缩,是否在响应报文首部插入“Vary: Accept-Encoding”,一般建议打开
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/gif image/png; #指明仅对哪些类型的资源执行压缩操作;默认为gzip_types text/html,不用显示指定,
制作大文件,小文件
[root@nginx ~]# echo hello jieyu > /data/web/html/small.html
[root@nginx ~]# du -sh /usr/local/nginx/logs/access.log
24K /usr/local/nginx/logs/access.log
[root@nginx ~]# cat /usr/local/nginx/logs/access.log > /data/web/html/big.html
Nginx Rewrite 相关功能
[root@nginx ~]# vim /etc/hosts
192.168.136.100 vars.jieyu.org
server {
listen 80;
server_name var.jieyu.org;
root /data/web/html;
index index.html;
location /var {
default_type text/html;
echo $remote_addr;
echo $args;
echo $is_args;
echo $document_root;
echo $document_uri;
echo $host;
echo $remote_port;
echo $remote_user;
echo $request_method;
echo $request_filename;
echo $request_uri;
echo $scheme;
echo $server_protocol;
echo $server_addr;
echo $server_name;
echo $server_port;
echo $http_user_agent;
echo $http_cookie;
echo $cookie_key2;
}
}
测试:
[root@nginx ~]# curl -b "key1=yu,key2=yu1" -u yu:123 var.jieyu.org/var?name=lee&&id=6666
192.168.136.100
name=lee
?
/data/web/html
/var
var.jieyu.org
48482
yu
GET
/data/web/html/var
/var?name=lee
http
HTTP/1.1
192.168.136.100
var.jieyu.org
80
curl/7.76.1
key1=yu,key2=yu1
yu1
nginx自定义变量
server {
listen 80;
server_name var.jieyu.org;
root /data/web/html;
index index.html;
location /var {
default_type text/html;
set $jieyu jie;
echo $jieyu;
}
}测试
[root@nginx ~]# curl var.jieyu.org/var
jieif 判定指令
测试文件是否存在
[root@nginx test2]# cat /usr/local/nginx/conf.d/yu.conf
server {
listen 80;
server_name var.jieyu.org;
root /data/web/html;
index index.html;
location /test2 {
if ( !-e $request_filename ) {
echo "$request_filename is not exist";
}
}
}测试
#没文件
[root@nginx test2]# nginx -s reload
[root@nginx test2]# curl var.jieyu.org/test2/index.html
/data/web/html/test2/index.html is not exist
#有文件
[root@nginx test2]# echo test2 > /data/web/html/test2/index.html
[root@nginx test2]# curl var.jieyu.org/test2/index.html
test2break指令
location /break {
default_type text/html;
set $name yu;
echo $name;
if ( $http_user_agent = "curl/7.76.1" ){
break;
}
set $id 666;
echo $id;
}测试
[root@nginx test2]# nginx -s reload
[root@nginx test2]# curl var.jieyu.org/break
yu
[root@nginx test2]# curl -A "firefox" var.jieyu.org/break
yu
666return指令
location /return {
default_type text/html;
if ( !-e $request_filename){
return 301 http://www.baidu.com;
}
echo "$request_filename is exist";
}测试
[root@nginx test2]# nginx -s reload
[root@nginx test2]# curl -I var.jieyu.org/return
HTTP/1.1 301 Moved Permanently
Server: nginx/1.26.2
Date: Sun, 18 Aug 2024 03:55:35 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Keep-Alive: timeout=60
Location: http://www.baidu.com
[root@nginx test2]# mkdir -p /data/web/html/return
[root@nginx test2]# curl -I var.jieyu.org/return
HTTP/1.1 200 OK
Server: nginx/1.26.2
Date: Sun, 18 Aug 2024 03:56:26 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
rewrite 临时和永久
永久重定向301:域名永久型调整,即域名永远跳转至另外一个新的域名,之前的域名再也不使用,跳转记录可以缓存到客户端浏览器
永久重定向会缓存DNS解析记录, 浏览器中有 from disk cache 信息,即使nginx服务器无法访问,浏览器也会利用缓存进行重定向
location /rewrite {
root /data/web/var;
index index.html;
rewrite / http://www.jieyu.com permanent;
}测试
临时重定向302:域名临时重定向,告诉浏览器域名不是固定重定向到当前目标域名,后期可能随时会更改,因此浏览器 不会缓存当前域名的解析记录,而浏览器会缓存永久重定向的DNS解析记录,这也是临时重定向与永久重定向最大的本质区别。
即当nginx服务器无法访问时,浏览器不能利用缓存,而导致重定向失败
location /rewrite {
root /data/web/var;
index index.html;
rewrite / http://www.jieyu.com redirect;
}
测试
rewrite 案例: break 与 last
创建html文件
[root@nginx ~]# mkdir /data/web/html/{test1,test2,break,last} -p
[root@nginx ~]# echo test1 > /data/web/html/test1/index.html
[root@nginx ~]# echo test2 > /data/web/html/test2/index.html
[root@nginx ~]# echo last > /data/web/html/last/index.html
[root@nginx ~]# echo break > /data/web/html/break/index.htmlserver {
listen 80;
server_name var.jieyu.org;
root /data/web/html;
index index.html;
location /break {
rewrite ^/break/(.*) /test1/$1;
rewrite ^/test1/(.*) /test2/$1;
}
location /last {
rewrite ^/last/(.*) /test1/$1;
rewrite ^/test1/(.*) /test2/$1;
}
location /test1 {
default_type test/html;
echo "jieyu hahahahahha";
}
location /test2 {
root /data/web/html;
}
}测试
当加入break之后
当加入last之后
rewrite案例: 自动跳转 https
案例:基于通信安全考虑公司网站要求全站 https,因此要求将在不影响用户请求的情况下将http请求全 部自动跳转至 https,另外也可以实现部分 location 跳转
[root@nginx ~]# mkdir -p /usr/local/nginx/certs
[root@nginx ~]# openssl req -newkey rsa:2048 -nodes -sha256 -keyout /usr/local/nginx/certs/jieyu.org.key -x509 -days 365 -out /usr/local/nginx/certs/jieyu.org.crt
.+.....+....+.....+.+...+........+....+....................+.+.....+...+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+.....+....+........+...+.+...+...............+...+...+..............+.+......+.........+............+..+.+......+.....+...+.........................................................+...+.+..+.......+...+.....+...+.+...+...+..+............+.+.........+........+...+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
...+........+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..........+.....+...+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.........+...+...+.+...+..........................+.......+..............+....+............+............+...........+.+........+.+...........+.+..+...+...+..........+..+.........+......+....+...+........+...+.+......+.....+....+...+......+...........+.+...+......+......+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Jiangsu
Locality Name (eg, city) [Default City]:nanjing
Organization Name (eg, company) [Default Company Ltd]:jieyu
Organizational Unit Name (eg, section) []:webserver
Common Name (eg, your name or your server's hostname) []:www.jieyu.org
Email Address []:admin@jieyu.com
编辑配置
vim /usr/local/nginx/conf.d/vhosts.conf
server {
listen 80;
listen 443 ssl;
server_name www.jieyu.org;
root /data/web/html;
index index.html;
ssl_certificate /usr/local/nginx/certs/jieyu.org.crt;
ssl_certificate_key /usr/local/nginx/certs/jieyu.org.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
location / {
if ( $scheme = http ){
rewrite / https://$host redirect;
}
}
} 测试: 输入http://www.jieyu.org
案例:防盗链
放图片
[root@nginx html]# mkdir /data/web/html/images
[root@nginx images]# ls
123.jpg
将盗链图片放在/data/web/html下 实现盗链
在一个web 站点盗链另一个站点的资源信息,比如:图片、视频等
假设有个192.168.136.128的web服务器偷图
[root@client ~]# cat /var/www/html/index.html
<html>
<head>
<meta http-equiv=Content-Type content="text/html;charset=utf-8">
<title>盗链</title>
</head>
<body>
<img src="http://www.jieyu.org/images/nginx.jpg" >
<h1 style="color:red">欢迎大家</h1>
<p><a href=http://www.jieyu.org>狂点老鱼</a>出门见喜</p>
</body>
</html>
location /images {
valid_referers none blocked server_names *.jieyu.org ~/.baidu/.;
if ( $invalid_referer ){
rewrite ^/ http://www.jieyu.org/daolian.png;
}
}如果从百度转过去 会有referer信息
验证两个域名的日志,是否会在被盗连的web站点的日志中出现以下盗链日志信息:
实现防盗链
全站限制
发现图片裂了,网址也访问不了
location /images {
valid_referers none blocked server_names *.jieyu.org ~/.baidu/.;
if ( $invalid_referer ){
rewrite ^/ http://www.jieyu.org/daolian.png;
}
}再次访问
NGINX 反向代理
ngx_http_proxy_module: #将客户端的请求以http协议转发至指定服务器进行处理 ngx_http_upstream_module #用于定义为proxy_pass,fastcgi_pass,uwsgi_pass
#等指令引用的后端服务器分组
ngx_stream_proxy_module: #将客户端的请求以tcp协议转发至指定服务器处理 ngx_http_fastcgi_module: #将客户端对php的请求以fastcgi协议转发至指定服务器助理 ngx_http_uwsgi_module: #将客户端对Python的请求以uwsgi协议转发至指定服务器处理
动静分离
准备两台web服务器
在nginx主机上测试访问两台web主机
一台主机装php
[root@web1 ~]# yum install php -y
[root@web1 ~]# yum install httpd -y
[root@web1 ~]# cat /var/www/html/index.php
<?php
phpinfo();
?>
一台配置一个html页面
[root@nginx images]# cat /usr/local/nginx/conf.d/vhosts.conf
server {
listen 80;
server_name www.jieyu.org;
location ~ \.php$ {
proxy_pass http://192.168.136.128:80;
}
location /static {
proxy_pass http://192.168.136.129:90;
}
}测试:
反向代理示例: 缓存功能
cache is king
压测
[root@nginx nginx]# ab -n1000 -c100 http://www.jieyu.org/static/index.html
每秒处理的请求量
开始缓存配置 (缓存功能默认关闭状态,需要先动配置才能启用)
[root@nginx images]# vim /usr/local/nginx/conf/nginx.conf
在http模块添加以下语句:
proxy_cache_path /usr/local/nginx/proxy_cache levels=1:2:2 keys_zone=proxycache:20m inactive=120s max_size=1g;
server {
listen 80;
server_name www.jieyu.org;
location ~ \.php$ {
proxy_pass http://192.168.136.128:80;
}
location /static {
proxy_pass http://192.168.136.129:80;
proxy_cache proxycache;
proxy_cache_key $request_uri;
proxy_cache_valid 200 302 301 10m;
proxy_cache_valid any 1m;
}
}再次压测
刚刚配置生成的文件
http 反向代理负载均衡
需要有这些模块
upstream webcluster {
server 192.168.136.128:80 fail_timeout=15s max_fails=3;
server 192.168.136.129:80 fail_timeout=15s max_fails=3;
server 192.168.136.100:80 backup;
}
server {
listen 80;
server_name www.jieyu.org;
location / {
proxy_pass http://webcluster;
}
}测试
ip_hash
源地址hash调度方法,基于的客户端的remote_addr(源地址IPv4的前24位或整个IPv6地址)做hash计 算,以实现会话保持
加入ip_hash后
测试
hash $request_uri consistent; #基于用户请求的uri做hash
测试
对cookie进行hash
基于cookie中的sessionid这个key进行hash调度,实现会话绑定
测试
down 标记为down状态,可以平滑下线后端服务
测试
实现 Nginx 四层负载均衡
域名解析负载均衡
两台主机安装bind服务,并编辑配置文件
[root@web1 ~]# vim /etc/named.rfc1912.zones
...
zone "jieyu.org" IN {
type master;
file "jieyu.org.zone";
allow-update { none; };
};
...[root@web1 named]# cat /var/named/jieyu.org.zone
$TTL 1D
@ IN SOA ns.jieyu.org. root.jieyu.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.jieyu.org.
ns A 192.168.136.128
www A 192.168.136.128
传给另一台服务器
[root@web1 named]# scp -p /etc/named.{conf,rfc1912.zones} root@192.168.136.129:/etc/
root@192.168.136.129's password:
named.conf 100% 1712 1.3MB/s 00:00
named.rfc1912.zones 100% 1115 2.0MB/s 00:00
[root@web1 named]# scp -p /var/named/jieyu.org.zone root@192.168.136.129:/var/named/jieyu.org.zone
[root@web2 named]# chgrp named /var/named/jieyu.org.zone
实现 FastCGI
二进制下载nginx
[root@nginx nginx-1.24.0]# ./configure --prefix=/usr/local/nginx --add-module=/root/echo-nginx-module-0.63 --add-module=/root/memc-nginx-module-0.20 --add-module=/root/srcache-nginx-module-0.33 --user=nginx --group=nginx --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-stream --with-stream_ssl_module --with-stream_realip_module --with-pcre
[root@nginx nginx-1.24.0]# make && make install
二进制下载php
利用yum解决php依赖
[root@Nginx ~]# yum install -y bzip2 systemd-devel libxml2-devel sqlite-devel
libpng-devel libcurl-devel oniguruma-develoniguruma-devel 可能安装不了 去阿里下
[root@nginx php-8.3.9]# ./configure --prefix=/usr/local/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd
[root@nginx php-8.3.9]# make && make installmake && make install
php相关配置优化
[root@nginx php-8.3.9]# cd /usr/local/php/etc/
[root@nginx etc]# ls
php-fpm.conf.default php-fpm.d
[root@nginx etc]# cp -p php-fpm.conf.default php-fpm.conf
去掉注释
[root@nginx etc]# vim php-fpm.conf
pid = run/php-fpm.pid #指定pid文件存放位置
[root@nginx etc]# cd php-fpm.d/
[root@nginx php-fpm.d]# ls
www.conf.default
[root@nginx php-fpm.d]# cp www.conf.default www.conf -p
[root@nginx php-fpm.d]# vim www.conf
生成主配置文件
[root@nginx php-8.3.9]# cp php.ini-production /usr/local/php/etc/php.ini
[root@nginx ~]# cd /usr/local/php/etc/
[root@nginx etc]# vim php.ini 修改时区
生成启动文件
[root@nginx php-8.3.9]# cp sapi/fpm/php-fpm.service /lib/systemd/system注释该内容
[root@nginx php-8.3.9]# systemctl daemon-reload
[root@nginx php-8.3.9]# systemctl start php-fpm.service
[root@nginx php-8.3.9]# netstat -launpt | grep php
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 147532/php-fpm: mas
添加php环境变量
[root@nginx php-8.3.9]# vim ~/.bash_profile 
[root@nginx php-8.3.9]# source ~/.bash_profile 准备php测试页面
[root@nginx php-8.3.9]# mkdir /data/web/php -p
[root@nginx php-8.3.9]# cd /data/web/php
[root@nginx php]# vim index.php
<?php
phpinfo();
?>Nginx配置转发
Nginx安装完成之后默认生成了与fastcgi的相关配置文件,一般保存在nginx的安装路径的conf目录当 中,比如/apps/nginx/conf/fastcgi.conf、/apps/nginx/conf/fastcgi_params。
在主配置文件添加子配置文件
[root@nginx php]# vim /usr/local/nginx/conf/nginx.conf
写nginx文件
[root@nginx ~]# mkdir /usr/local/nginx/conf.d
[root@nginx ~]# cd /usr/local/nginx/conf.d/
[root@nginx conf.d]# vim vhosts.conf
server {
listen 80;
server_name www.jieyu.org;
root /data/web/html;
index index.html;
location ~ \.php$ {
root /data/web/php;
fastcgi_pass 127.0.0.1:9000
fastcgi_index index.php;
include fastcgi.conf;
}
}测试访问
php高速缓存
php的动态扩展模块(php的缓存模块)
安装memcache模块
[root@Nginx ~]# tar zxf memcache-8.2.tgz
[root@Nginx ~]# cd memcache-8.2/
[root@Nginx memcache-8.2]# yum install autoconf
[root@Nginx memcache-8.2]# phpize
Configuring for:
PHP Api Version: 20200930
Zend Module Api No: 20200930
Zend Extension Api No: 420200930
[root@Nginx memcache-8.2]# ./configure && make && make install
Installing shared extensions: /usr/local/php/lib/php/extensions/no-debug-nonzts-20230831/
[root@Nginx memcache-8.2]# ls /usr/local/php/lib/php/extensions/no-debug-non-zts20230831/
memcache.so opcache.so复制测试文件到nginx发布目录中
[root@Nginx ~]# cd memcache-8.2/
[root@Nginx memcache-8.2]# ls
autom4te.cache config.log configure.ac example.php Makefile.fragments
README
build config.m4 config.w32 include Makefile.objects runtests.php
config9.m4 config.nice CREDITS libtool memcache.la src
config.h config.status docker LICENSE memcache.php
tests
config.h.in configure Dockerfile Makefile modules
[root@Nginx memcache-8.2]# cp example.php memcache.php /data/web/php
[root@Nginx ~]# vim /data/php/memcache.php
配置php加载memcache模块
[root@Nginx ~]# vim /usr/local/php/etc/php.ini
[root@Nginx ~]# systemctl reload php-fpm
[root@Nginx no-debug-non-zts-20230831]# php -m | grep mem
memcache部署memcached
[root@Nginx ~]# yum install memcached -y
[root@Nginx ~]# systemctl enable --now memcached.service
[root@Nginx ~]# netstat -antlupe | grep memcache
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN
976 1037243 186762/memcached
[root@Nginx ~]# cat /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 127.0.0.1,::1"
测试:
输入用户和密码
访问 http://php.timinglee.org/memcache.php 查看命中效果
性能对比
[root@apache20 ~]# ab -n500 -c10 http://www.jieyu.org/index.php
@@@内容忽略@@@
Concurrency Level: 10
Time taken for tests: 0.514 seconds
Complete requests: 500
Failed requests: 44
(Connect: 0, Receive: 0, Length: 44, Exceptions: 0)
[root@apache20 ~]# ab -n500 -c10 http://www.jieyu.org/example.php
@@@内容忽略@@@
Concurrency Level: 10
Time taken for tests: 0.452 seconds
Complete requests: 500
Failed requests: 0部署方法
在我们安装的nginx中默认不支持memc和srcache功能,需要借助第三方模块来让nginx支持此功能,所以nginx需要重新编译
[root@Nginx ~]# vim /usr/local/nginx/conf.d/vhosts.conf
upstream memcache {
server 127.0.0.1:11211;
keepalive 512;
}
server {
listen 80;
server_name www.jieyu.org;
root /data/web/php;
location /memc {
internal;
memc_connect_timeout 100ms;
memc_send_timeout 100ms;
memc_read_timeout 100ms;
set $memc_key $query_string; #使用内置变量$query_string来作为key
set $memc_exptime 300; #缓存失效时间300秒
memc_pass memcache;
}
location ~ \.php$ {
root /data/web/php;
set $key $uri$args; #设定key的值
srcache_fetch GET /memc $key; #检测mem中是否有要访问的php
srcache_store PUT /memc $key; #缓存为加载的php数据
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
}[root@nginx memcache-8.2]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
测压
[root@nginx ~ ]# ab -n500 -c10 http://www.jieyu.org/index.php
nginx 二次开发版本
openresty
二进制安装
[root@nginx openresty]# ./configure --prefix=/usr/local/openresty --with-http_stub_status_module --with-http_gzip_static_module --with-http_sub_module --with-stream_ssl_module --with-stream_realip_module --with-pcre --with-stream --with-http_ssl_module \
# make && make install[root@nginx bin]# vim ~/.bash_profile
[root@nginx bin]# source ~/.bash_profile[root@nginx bin]# openresty
[root@nginx bin]# netstat -launpt | grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 166940/nginx: maste
[root@nginx ~]# cd /usr/local/openresty/
[root@nginx openresty]# ls
bin COPYRIGHT luajit lualib nginx pod resty.index site可以在里面进行开发
