Nginx服務器

時間 2020-04-12

標籤 nginx 服務器欄目 Nginx 简体版

原文原文鏈接

搭建Nginx服務器（網站服務代理服務）php

rpm -q gcc gcc-c++html

yum -y groupinstall "開發工具" nginx

useradd nginxc++

yum -y install pcre-devel 依賴包web

yum -y install zlib-devel 依賴包vim

yum -y install openssl-devel 安全認證包後端

tar -zxvf nginx-1.8.0.tar.gz安全

cd nginx-1.8.0服務器

./configure --prefix=/usr/local/nginx --user=nginx --gourp=nginx session

\--with-http_stub_status_module --with-http_ssl_module（開啓認證）

make && make install

ls /usr/local/nginx/ 成功顯示如下文件證實安裝成功

conf html logs sbin

conf 配置文件： nginx.conf 主配置文件 nginx.conf.default 模版

html 網頁目錄

logs 日誌文件存放的目錄

sbin 存放啓動NGINX服務的啓動命令 nginx

啓動nginx服務(默認監聽80)

[root@squid nginx]# netstat -utnalp | grep :80 有http先停掉

[root@squid nginx]# /usr/local/nginx/sbin/nginx

[root@squid nginx]# netstat -utnalp | grep :80

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 92

[root@squid nginx]# echo 123 > /usr/local/nginx/html/test.html 寫網頁文件

[root@squid nginx]# elinks --dump http://localhost/test.html 客戶端測試

123

修改nginx服務端口：

mv nginx.conf nginx.conf.bak 備份配置文件

grep -v '^$\|#' nginx.conf.bak > nginx.conf 去除空行和註釋行後到新配置文件

vim nginx.conf 修改 listen 8080;

/usr/local/nginx/sbin/nginx -s stop 停服務

/usr/local/nginx/sbin/nginx 啓動服務

netstat -untlap | grep :8080

elinks --dump http://localhost:8080/test.html 指定端口測試

經常使用命令

[root@squid conf]# /usr/local/nginx/sbin/nginx -v 查看nginx版本

[root@squid conf]# /usr/local/nginx/sbin/nginx -V 查看nginx版本以及編安裝詳細信息

[root@squid conf]# /usr/local/nginx/sbin/nginx -t 測試配置文件是否正常

/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx2.conf 指定配置文件啓動服務

中止服務的方法

/usr/local/nginx/sbin/nginx -s stop

killall -9 nginx

kill -信號 pid號

常見信號：

TERM, INT 快速關閉

QUIT 從容關閉，關閉主進程及子進程

HUP 重載配置文件

USR1 從新打開日誌文件

USR2 平滑升級可執行程序

重啓服務很方便

kill -HUP `cat /usr/local/nginx/logs/nginx.pid`

++++++++++++++++++++++++++++++++++

平滑升級（在線升級服務軟件的版本）

tar -zxvf nginx-1.9.2.tar.gz

cd nginx-1.9.2

./configure --prefix=/usr/local/nginx --user=nginx --group=nginx

\--with-http_stub_status_module --with-http_ssl_module（開啓認證）

make

cd /usr/local/nginx/sbin

mv nginx nginxold 備份舊的執行程序

cd nginx-1.9.2/objs

cp nginx /usr/local/nginx/sbin/ 拷貝新版本執行程序

cd nginx-1.9.2

make upgrade 執行升級

[root@squid conf]# /usr/local/nginx/sbin/nginx -v 查看nginx版本升級完成

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

虛擬主機（一臺服務器提升多個網站）

基於域名虛擬主機（根據客戶端訪問的主機名區分訪問）

基於端口虛擬主機

基於ip地址虛擬主機

++++++++++++++++++++++++++++++++++++++++++++++

基於域名虛擬主機

(服務器)

mkdir /wwwdir

mkdir /bbsdir

echo www > /wwwdir/a.html

echo bbs > /bbsdir/a.html

[root@A conf]# /usr/local/nginx/sbin/nginx -s stop 先中止服務

grep -v '^$' nginx.conf.default | grep -v '#' > nginx.conf

vim nginx.conf

worker_processes 1;

events {

worker_connections 1024;

}

http {

include mime.types;

default_type application/octet-stream;

sendfile on;

keepalive_timeout 65;

server {

listen 80;

server_name www.tarena.com; 修改成指定域名

location / {

root /wwwdir; 指定網頁目錄

index a.html; 指定默認首頁文件

}

server {

listen 80;

server_name bbs.tarena.com;

location / {

root /bbsdir;

index a.html;

}

./nginx -t 測試配置文件配置正確

./nginx 啓動服務

(客戶端)測試

vim /etc/hosts

172.25.254.151（服務端IP） www.tarena.com www

172.25.254.151（服務端IP） bbs.tarena.com bbs

:wq

ping www.tarena.com

ping bbs.tarena.com

elinks --dump ghtp://www.tarena.com

elinks --dump http://bbs.tarena.com

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

基於端口的虛擬主機（服務器根據客戶端訪問的端口區分訪問）

實驗需求

http://www.tarena.com -> /usr/local/nginx/html

http://www.tarena.com:8080 -> /wwwdir

http://www.tarena.com:8090 -> /bbsdir

vim nginx.conf

worker_processes 1;

events {

worker_connections 1024;

}

http {

include mime.types;

default_type application/octet-stream;

sendfile on;

keepalive_timeout 65;

server {

listen 80;

server_name www.tarena.com;

location / {

root html;

index index.html;

}

server {

listen 8080; 指定不一樣端口

#server_name www.tarena.com; 註銷掉域名

location / {

root /wwwdir;

index a.html;

}

server {

listen 8090;

#server_name bbs.tarena.com;

location / {

root /bbsdir;

index a.html;

}

[root@A conf]# ../sbin/nginx -s stop

[root@A conf]# ../sbin/nginx

[root@A conf]# netstat -anptu |grep nginx

tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 51193/nginx

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 51193/nginx

tcp 0 0 0.0.0.0:8090 0.0.0.0:* LISTEN 51193/nginx

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

基於ip地址的虛擬主機

ifconfig eth0:1 1.0.0.200

vim nginx.conf

worker_processes 1;

events {

worker_connections 1024;

}

http {

include mime.types;

default_type application/octet-stream;

sendfile on;

keepalive_timeout 65;

server {

listen 1.0.0.100:8090;

#server_name www.tarena.com;

location / {

root /wwwdir;

index a.html;

}

server {

listen 1.0.0.200:80;

#server_name bbs.tarena.com;

location / {

root /bbsdir;

index a.html;

}

[root@A conf]# ../sbin/nginx -s stop

[root@A conf]# ../sbin/nginx

[root@A conf]# netstat -anptu |grep nginx

tcp 0 0 1.0.0.200:80 0.0.0.0:* LISTEN 60910/nginx

tcp 0 0 1.0.0.100:8090 0.0.0.0:* LISTEN 60910/nginx

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

訪問控制

訪問控制 (默認容許全部客戶端訪問)

location / {

....

allow ip地址1；容許的訪問

allow ip地址2；

#allow 172.40.1.0/14;

deny all;拒絕全部訪問

}

elinks http://172.25.254.151:8090 客戶端測試

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

用戶驗證(訪問網站頁面時，要提交正確用戶和密碼才能夠訪問)

location / {

.....

auth_basic "please input username and password";

auth_basic_user_file "/usr/local/nginx/conf/authuser.txt";

}

[root@squid conf]# kill -HUP `cat /usr/local/nginx/logs/nginx.pid` 重啓nginx服務

rpm -q httpd-tools 查詢有包沒

[root@squid conf]# htpasswd -c /usr/local/nginx/conf/user.txt tom 生成驗證文件，用戶名爲tom

New password: #輸入密碼

Re-type new password: #再次輸入密碼

Adding password for user webadmin #OK

[root@squid conf]# cat /usr/local/nginx/conf/user.txt

tom:VziCsLM3LWwXY

[root@squid conf]# htpasswd /usr/local/nginx/conf/user.txt tom2 建立第二個帳號爲tom2

New password:

Re-type new password:

Adding password for user tom2

[root@squid conf]# cat /usr/local/nginx/conf/user.txt 查看帳號文件加密文件

tom:VziCsLM3LWwXY

tom2:gw4brc6MjcAqA

改爲基於域名的服務客戶端測試firefox http://www.tarena.com 提示輸入用戶名密碼，配置成功

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

配置SSL，安全認證

（支持客戶端使用https協議訪問）https 數據加密傳輸

80 http:// 443https://

服務器配置

1生成私鑰

2生成證書文件

3在服務的主配置文件裏調用私鑰和證書

cd /usr/local/nginx/conf/

[root@squid conf]#openssl genrsa -out cert.key 2048 //生成私鑰

[root@squid conf]# openssl req -new -x509 -key cert.key -out cert.pem //生成證書

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN 中國代碼

State or Province Name (full name) []:beijing 州或者省

Locality Name (eg, city) [Default City]:beijing 城市

Organization Name (eg, company) [Default Company Ltd]:tarena 公司名

Organizational Unit Name (eg, section) []:mis 部門

Common Name (eg, your name or your server's hostname) []:www.tarena.com 域名

Email Address []:plj@tarena.com 郵箱

[root@squid conf]#

server {

......

#listen 80;

listen 443 ssl;

server_name www.tarena.com;

ssl_certificate cert.pem;

ssl_certificate_key cert.key;

ssl_session_cache shared:SSL:1m;

ssl_session_timeout 5m;

ssl_ciphers HIGH:!aNULL:!MD5;

ssl_prefer_server_ciphers on;

......

}

重啓nginx服務

客戶端配置firefox https://tarena.com 注意http後面加s

+++++++++++++++++++++++++++++++++++++++++++++++++++++

反向代理

worker_processes 1;

events {

worker_connections 1024;

}

http {

include mime.types;

default_type application/octet-stream;

sendfile on;

keepalive_timeout 65;

upstream "webgroup" { #定義源服務組

server 192.168.1.1:80 ;

server 192.168.1.2:8080 ;

}

server {

listen 80;

server_name localhost;

location / {

proxy_pass http://webgroup; 調用服務組

#proxy_pass http://192.168.1.1;

#root html;

#index index.html index.htm;

}

error_page 500 502 503 504 /50x.html;

location = /50x.html {

root html;

}

客戶端測試.....................

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

nginx目前支持4種分配方式

輪詢（默認的）：逐一循環調度（weight=1）

Weight：指定輪詢概率，權重值和訪問比率成正比

ip_hash：根據客戶端IP分配固定的後端服務器

Fair：按後端服務器響應時間短的優先分配

設置服務器組中服務器的狀態

down：表示當前server暫時不參與負載

max_fails：容許請求失敗的次數（默認爲1）

fail_timeout ：max_fails次失敗後，暫停提供服務的時間

backup：備份服務器

舉例：

.............

upstream sergrp {

#ip_hash;

serer 1.0.0.100:80 weight=2; 輪訓權重爲2，不設默認爲1

server 1.0.0.200:80 down; 200不參與負載

server 1.0.0.201:80;

server 1.0.0.202:80 backup; 202爲備份服務器

server 1.0.0.203:80 max_fails=2 fail_timeout=30; 容許失敗2次，失敗後暫停服務時間30秒

}

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

訪問不一樣網頁格式

upstream "webgroup" {

server 192.168.1.1:80 max_fails=3 fail_timeout=30s;

server 192.168.1.2:8080;

}

upstream "htmlweb" {

server 192.168.1.1:80;

server 192.168.1.2:80;

}

upstream "phpweb" {

server 192.168.1.30:80;

server 192.168.1.40:80;

}

server {

listen 80;

location ~ \.html$ {

proxy_pass http://htmlweb;

}

location ~ \.php$ {

proxy_pass http://phpweb;

}

http://nginx_ip/a.html

http://nginx_ip/a.php

相關標籤/搜索

每日一句

每一个你不满意的现在，都有一个你没有努力的曾经。