【原創】運維基礎之Nginx（1）簡介、安裝、使用

官方：http://nginx.org

nginx [engine x] is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP/UDP proxy server, originally written by Igor Sysoev. For a long time, it has been running on many heavily loaded Russian sites including Yandex, Mail.Ru, VK, and Rambler. According to Netcraft, nginx served or proxied 25.89% busiest sites in December 2018. Here are some of the success stories: Dropbox, Netflix, Wordpress.com, FastMail.FM.

Nginx是一個Http服務器、反向代理服務器、郵件代理服務器、通用TCP/UDP代理服務器，目前已經佔據25%的市場份額。

nginx has one master process and several worker processes. The main purpose of the master process is to read and evaluate configuration, and maintain worker processes. Worker processes do actual processing of requests. nginx employs event-based model and OS-dependent mechanisms to efficiently distribute requests among worker processes. The number of worker processes is defined in the configuration file and may be fixed for a given configuration or automatically adjusted to the number of available CPU cores.

nginx有一個master進程和多個worker進程，maste進程負責讀取配置和管理worker進程，worker進程負責實際的請求處理；nginx使用事件模型和操做系統特有的機制來高效在worker進程中轉發請求；

一 安裝

官方下載頁面：http://nginx.org/en/download.html

下載編譯過程以下：

# wget http://nginx.org/download/nginx-1.14.2.tar.gz
# tar xvf nginx-1.14.2.tar.gz
# cd nginx-1.14.2

# ./configure --prefix=/data/nginx-1.14.2 --with-http_ssl_module --with-stream
# make
# make install

# ls /data/nginx-1.14.2/
conf html logs sbin
# ls /data/nginx-1.14.2/sbin
nginx
# ls /data/nginx-1.14.2/conf
fastcgi.conf fastcgi_params koi-utf mime.types nginx.conf scgi_params uwsgi_params win-utf
fastcgi.conf.default fastcgi_params.default koi-win mime.types.default nginx.conf.default scgi_params.default uwsgi_params.default

configure詳細參數詳見官方文檔：http://nginx.org/en/docs/configure.html

configure過程可能報錯：

1）./configure: error: C compiler cc is not found

yum install gcc

2）./configure: error: the HTTP rewrite module requires the PCRE library.
You can either disable the module by using --without-http_rewrite_module
option, or install the PCRE library into the system, or build the PCRE library
statically from the source with nginx by using --with-pcre=<path> option.

yum install pcre-devel

3）./configure: error: the HTTP gzip module requires the zlib library.
You can either disable the module by using --without-http_gzip_module
option, or install the zlib library into the system, or build the zlib library
statically from the source with nginx by using --with-zlib=<path> option.

yum install zlib-devel

4）./configure: error: SSL modules require the OpenSSL library.
You can either do not enable the modules, or install the OpenSSL library
into the system, or build the OpenSSL library statically from the source
with nginx by using --with-openssl=<path> option.

yum install openssl-devel

二 使用

1 配置

 默認配置：$NGINX_HOME/conf/nginx.conf

若是改成其餘名字，須要在啓動時經過-c制定

nginx能夠用做http代理（http module），也能夠用做長鏈接代理（stream module）

1）端口

    server {

        listen       80;

        server_name  localhost;

能夠修改端口，若是是80端口，必須使用root啓動，由於只有root才能使用1024如下端口；

2）反向代理--負載均衡

　　upstream test_backend {
　　　　ip_hash;
　　　　server 192.168.0.54:8080;
　　　　server 192.168.0.55:8080;
　　 }

    location / {
        proxy_pass   http://test_backend; 

能夠配置多個upstream，每一個upstream指向一組後端服務器，好比一組tomcat，而後在server中制定哪些location的請求轉發給哪些upstream，實現負載均衡；

2 命令

# sbin/nginx -h

nginx version: nginx/1.14.2

Usage: nginx [-?hvVtTq] [-s signal] [-c filename] [-p prefix] [-g directives]

 

Options:

  -?,-h         : this help

  -v            : show version and exit

  -V            : show version and configure options then exit

  -t            : test configuration and exit

  -T            : test configuration, dump it and exit

  -q            : suppress non-error messages during configuration testing

  -s signal     : send signal to a master process: stop, quit, reopen, reload

  -p prefix     : set prefix path (default: /data/nginx-1.14.2/)

  -c filename   : set configuration file (default: conf/nginx.conf)

  -g directives : set global directives out of configuration file

2.1 啓動

# nginx

or

# nginx -c conf/nginx.conf

啓動以後進程以下：

# ps aux|grep nginx
root 3072 0.0 0.0 45852 1956 ? Ss 20:11 0:00 nginx: master process sbin/nginx -c conf/nginx.conf
nobody 3218 0.0 0.0 48396 2552 ? S 20:14 0:00 nginx: worker process

2.2 中止

# nginx -c conf/nginx.conf -s stop

2.3 刷新配置

# nginx -c conf/nginx.conf -s reload

三 登錄驗證

1 安裝htpasswd

# yum install httpd-tools

2 添加用戶密碼

# htpasswd -c /data/nginx-1.14.2/passwd test
New password:
Re-type new password:
Adding password for user test

3 添加配置在server下

        auth_basic "Please input user&password";

        auth_basic_user_file /data/nginx-1.14.2/passwd;

4 刷新配置

# nginx -c conf/nginx.conf -s reload

效果以下：

 

http代理完整配置以下：

http {

    include       mime.types;

    default_type  application/octet-stream;

    sendfile        on;

    keepalive_timeout  65;

 

    upstream test_backend {

         ip_hash;

         server 192.168.0.54:8080;

         server 192.168.0.55:8080;

    }

 

    server {

        listen       80;

        server_name  localhost;

 

        auth_basic "Please input user&password";

        auth_basic_user_file /data/nginx-1.14.2/passwd;

 

         location / {

             proxy_pass http://test_backend;

         }       

    }

}

stream代理完整配置以下：

stream {

    upstream test_backend {

        server $server1:21000;

        server $server2:21000;

    }

    server {

        listen 21000;

        proxy_pass test_backend;

    }

}

四 限制ip訪問

    server {

        listen       80;

        server_name  test.com.internal;

        location / {

            allow 192.168.0.0/24;

            deny all;

            proxy_pass http://test_backend;

        }

    }

限制只有192.168.0.*網段能夠訪問該接口

五 以目錄形式訪問

    location ^~ /dir {
        root   /dir;
        autoindex  on;
    }

使用module：ngx_http_autoindex_module