LINUX——關於nginx的安裝配置以及如何簡易的使用
阿新 • • 發佈:2018-09-03
art devel ogl 都是 核心 module 基於 fin failed nginx是linux中非常重要的一部分,學會使用將不可少的。
關閉防火墻
//編輯配置文件
關閉防火墻
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld
[root@localhost ~]# sed -ri ‘s/(SELINUX=).*/\1disabled/g‘ /etc/selinux/config
[root@localhost ~]# setenforce 0安裝依賴包
//創建用戶 [root@localhost ~]# useradd -r -M -s /sbin/nologin nginx //安裝編譯環境 [root@localhost ~]# yum -y groups list [root@localhost ~]# yum -y install pcre-devel openssl openssl-devel gd-devel
//創建日誌存放目錄
[root@localhost ~]# mkdir -p /var/log/nginx
[root@localhost ~]# chown -R nginx.nginx /var/log/nginx //下載nginx,編譯安裝 [root@localhost ~]# cd /usr/src/ [root@localhost src]# [root@localhost src]# yum -y install wget [root@localhost src]# wget http://64.123.28.133/files/21490000000827F6/nginx.org/download/nginx-1.14.0.tar.gz
[root@localhost src]# tar xf nginx-1.14.0.tar.gz
[root@localhost src]# cd nginx-1.14.0
[root@localhost nginx-1.14.0]# yum -y install gcc gcc-c++[root@localhost nginx-1.14.0]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-debug --with-http_ssl_module --with-http_realip_module --with-http_image_filter_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_stub_status_module --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log
[root@localhost nginx-1.14.0]# make -j 4 && make install
//設置環境變量
[root@localhost nginx-1.14.0]# echo ‘export PATH=/usr/local/nginx/sbin:$PATH‘ > /etc/profile.d/nginx.sh
[root@localhost nginx-1.14.0]# . /etc/profile.d/nginx.sh
//啟動
[root@localhost nginx-1.14.0]# nginxnginx的配置文件
主配置文件 /usr/local/nginx/conf/nginx.conf
配置指令:
derective value1 [value2 ...]
指令—— 值(可以有多個)——;
列:worker_processes 1;支持使用變量
內置變量:模塊會提供內鍵變量定義,去掉#即可
列: log_format main ‘$remote_addr - $remote_user [$time_local] "$request" ‘
‘$status $body_bytes_sent "$http_referer" ‘
‘"$http_user_agent" "$http_x_forwarded_for"‘;
自定義變量:set var-name value
set 變量名 值
例: set xxx-name tom;daemon {on|off}; //是否以守護進程方式運行nginx,調試時應設置為off
例:沒有則加(可有可無)
daemon on; 調試時: daemon off;
error_log 位置 級別; //配置錯誤日誌,級別可有可無,啟動一個即可
例:error_log logs/error.log;
帶級別的:
例:error_log logs/error.log notice;
例:error_log logs/error.log info;error_logli裏的位置和級別能有以下可選項
位置
file //一般是這個,指定某個文件裏去,相對路徑
stderr
syslog:server=address[,parameter=value]
memory:size級別
debug:若要使用debug級別,需要在編譯nginx時使用--with-debug選項
info
notice
warn
error //一般是這個級別
crit
alert
emerg優化性能的配置參數
worker_processes n; //啟動n個work進程,
查看核心數:grep ‘processor‘ /proc/cpuinfo | wc -l
例:worker_processes 3; //工作過程,數量
worker_cpu_affinity cpumask ...;
例:worker_cpu_affinity 00000001 00000010 00000100..核心數以下以此類推
lock_file logs/nginx.lock;
worker_rlimit_nofile 35000; //設置所有worker進程最大可以打開的文件數列:
events {
worker_connections 35000; //最大倆連接數65000
accept_mutex on; //可以開啟多個任務進程http{...}:配置http相關,由ngx_core_module模塊引入。nginx的HTTP配置主要包括四個區塊,結構如下:
http {//協議級別
include mime.types;
default_type application/octet-stream;
keepalive_timeout 65;
gzipon;
upstream {//負載均衡配置 ...
}
server {//服務器級別,每個server類似於httpd中的一個<Virtualhost>,可以理解一個server就是一個網站
listen 80; //一個網站監聽那個端口,端口號或ip+端口號
server_name localhost; //域名
root "/xxx/xxx" 網站放置那個位置
location / {//請求級別,類似於httpd中的<location>,用於定義URL於本地文件的映射關系
root html; index index.html index.htm;
}
}
}安裝路徑: conf/nginx.cong //消除註釋及更改
vim /usr/local/nginx/conf/nginx.conf
以下都是可以用到的參數,不可刪除
user nginx; //最大數量65535
worker_processes 1; //工作過程,數量
error_log logs/error.log;
pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main ‘$remote_addr - $remote_user [$time_local] "$request" ‘
‘$status $body_bytes_sent "$http_referer" ‘
‘"$http_user_agent" "$http_x_forwarded_for"‘;
main可改,但要與下方對應
access_log logs/access.log main;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
deny 192.168.56.1;
allow all;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location ~ \.php$ {
root html; //root:網頁放置哪
fastcgi_pass 127.0.0.1:9000; //以下php的反向代理(當接受到php的網頁,就交給本機的9000端口處理)
fastcgi_index index.php; //默認的處理文件叫什麽名字
fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; //腳本執行位置,絕對路徑,也可以寫成SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params; //實例文件
}
}
}
[root@localhost ~]# nginx -t
[root@localhost ~]# nginx -s reload
查看日誌
[root@localhost ~]# cd /usr/local/nginx/conf/
[root@localhost conf]# tail ../logs/error.log
2018/08/31 15:55:39 [error] 69125#0: *161 open() "/usr/local/nginx/html/bjhbb" failed (2: No such file or directory), client: 192.168.56.1, server: localhost, request: "GET /bjhbb HTTP/1.1", host: "192.168.56.138"訪問控制
用於location段
allow:設定允許哪臺或那些主機訪問,多個參數間用空格隔開
deny:設定禁止哪臺或那些主機訪問,多個參數間用空格隔開
實例:
//允許這個IP訪問
location / {
allow 192.168.56.1;
deny all;
}192.168.56.1訪問
其他ip訪問
//禁止這個IP訪問
location / {
root html;
index index.html index.htm;
deny 192.168.56.138;
allow all;
}基於用戶認證
[root@localhost ~]# mkdir /usr/local/nginx/auth
//安裝生成密碼的命令
[root@localhost ~]# yum provides *bin/htpasswd
[root@localhost ~]# yum install -y httpd-tools
//創建登錄nginx的用戶和密碼
[root@localhost ~]# htpasswd -c -m /usr/local/nginx/auth/.user_auth_file zsNew password: //設置密碼
[root@localhost html]# htpasswd -c -m /usr/local/nginx/auth/.user_auth_file tom
New password:123456
Re-type new password:123456
Adding password for user tom
[root@localhost ~]# cat /usr/local/nginx/auth/.user_auth_file
tom:$apr1$UCLi1TyH$7.9FaCaT.FkDYcb3h2bSA0
vim /usr/local/nginx/conf/nginx.conf
location / {
root html;
index index.html index.htm;
auth_basic "123456";
auth_basic_user_file ../auth/.user_auth_file;
}
httod配置
1.生成私鑰
//CA的配置文件:/etc/pki/tls/openssl.cnf
見下方配置
http://blog.51cto.com/13859004/2169654
//編輯配置文件
[root@localhost ssl]# vim /usr/local/nginx/conf/nginx.conf
server {
listen 443 ssl;
server_name www.guohui.com; //修改此處,下方根據上方的配置可不改
ssl_certificate /usr/local/nginx/ssl/nginx.crt;
ssl_certificate_key /usr/local/nginx/ssl/nginx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
[root@localhost ssl]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost ssl]# nginx -s reload在本機加入ip與網站的映射關系
1.修改/etc/hosts文件,添加域名與IP的映射
路徑
windows C:\Windows\System32\drivers\etc
linux etc/host
添加 ip 域名 即可
2.在瀏覽器上使用域名訪問,如圖所示,實驗成功
開啟狀態界面
//編輯配置文件
/修改成如下內容:
location /status {
stub_status on;
allow 192.168.56.1;
deny all;
}
[root@localhost nginx]# cd /usr/local/nginx/html
[root@localhost html]# mkdir bqb
[root@localhost html]# cd bqb圖+1
[root@localhost bqb]# ls
QQ圖片20180710160246.jpg配置添加
location /bqb {
root html;
index index.html;
}[root@localhost bqb]# nginx -t
[root@localhost bqb]# nginx -s reload
反向代理,可以將訪問bqb的直接指向123
[root@localhost bqb]# cd ..
[root@localhost html]# mv bqb 123
編輯
location /bqb {
root html;
index index.html;
rewrite ^/bqb/(.*\.jpg)$ /123/$1 break;
也可以映射到百度
bqb雖然已經不存在,但是可以用來直接指向需要的地方。
location /bqb {
root html;
index index.html;
rewrite ^/bqb/(.*\.jpg)$ https://www.baidu.com/;
{
nginx-upstream
先配置出2個httpd用來做實驗
防火墻
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld
[root@localhost ~]# sed -ri ‘s/(SELINUX=).*/\1disabled/g‘ /etc/selinux/config
[root@localhost ~]# setenforce 02,3http設置,先配置一個倉庫
[root@localhost ~]# mount /dev/cdrom /mnt
mount: /dev/sr0 寫保護,將以只讀方式掛載
[root@localhost ~]# vim /etc/yum.repos.d/123.repo配置出兩個網頁
1,2配置一樣
[root@localhost yum.repos.d]# yum -y install httpd
[root@localhost yum.repos.d]# cd /var/www/html/
[root@localhost html]# echo "123" > index.html //192.168.56.138
[root@localhost html]# systemctl start httpd
[root@localhost yum.repos.d]# yum -y install httpd
[root@localhost yum.repos.d]# cd /var/www/html/
[root@localhost html]# echo "456" > index.html //192.168.56.123
[root@localhost html]# systemctl start httpd配置nginx ,配置upstream web,實現負載均衡
[root@localhost nginx-1.14.0]# cd /usr/local/nginx/
[root@localhost nginx]# vim conf/nginx.conf
keepalive_timeout 65;
upstream web {
server 192.168.56.138; //設置web設置集群,實行負載均衡,server網站192.168.56.138和serwer192.168.56.123
server 192.168.56.123;
}
server {
listen 80;
server_name localhost;
access_log logs/host.access.log main;
location / {
proxy_pass http://web; //proxy_pass的web對應的是web
}
//測試
[root@localhost nginx]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost nginx]# nginx -s reload
刷新
2.設置 ip_hash,可以讓一個訪問者的請求由同一個後端來處理
添加 ip_hash;
[root@localhost nginx]# vim conf/nginx.conf
upstream web {
ip_hash; //在原來的添加ip_hash就可以了,其他不改
server 192.168.56.138; //設置web設置集群,實行負載均衡,server網站192.168.56.138和serwer192.168.56.123
server 192.168.56.123;
}
已經固定為內容123
瀏覽器實現分離
如果訪問bqb的瀏覽器是Firefox則訪問(.*)$指向的/firefox/$1
location /bqb {
if ($http_user_agent ~ Firefox) {
rewrite ^(.*)$ /firefox/$1 break;
}
}
如果訪問bqb的瀏覽器是MSIE則訪問(.*)$指向的/msie/$1
location /bqb {
if ($http_user_agent ~ MSIE) {
rewrite ^(.*)$ /msie/$1 break;
}
}
如果訪問bqb的瀏覽器是Chrome則訪問(.*)$指向的/chrome/$1
location /bqb {
if ($http_user_agent ~ Chrome) {
rewrite ^/(.*)$ /chrome/$1 break;
}
}例:谷歌瀏覽器轉到百度
location /123 {
if ($http_user_agent ~ Chrome) {
rewrite ^/(.*)$ https://www.baidu.com/ break;
}
}1.360訪問不到
2.谷歌可以
其他站點無法超鏈接本站圖片等
防盜鏈案例
,如果由人通過其他路徑訪問本站的圖片,則交給403
*location ~ .(jpg|gif|jpeg|png)$ { //不分大小寫匹配
valid_referer none clocked www.idfsoft.com; //所有鎖定到域名下
if ($invalid_referer) { //如果是無效的連接
rewrite ^/ http://www.idfsoft.com/403.html; 則轉到403
}**
LINUX——關於nginx的安裝配置以及如何簡易的使用