Nginx的架构和安装
Nginx的概述
Nginx : engine X , 2002 年开发,分为社区版和商业版 (nginx plus )
2019 年 3 月 11 日 F5 Networks 6.7 亿美元的价格收购
Nginx 是免费的、开源的、高性能的 HTTP 和反向代理服务器、邮件代理服务器、以及 TCP/UDP 代理服务器
解决C10K 问题( 10K Connections )
Nginx 官网: http://nginx.org
nginx 的其它的二次发行版:
Tengine:由淘宝网发起的Web服务器项目。它在Nginx的基础上,针对大访问量网站的需求,添加 了很多高级功能和特性。Tengine的性能和稳定性已经在大型的网站如淘宝网,天猫商城等得到了 很好的检验。它的最终目标是打造一个高效、稳定、安全、易用的Web平台。从2011年12月开始, Tengine成为一个开源项目官网: http://tengine.taobao.org/
OpenResty:基于 Nginx 与 Lua 语言的高性能 Web 平台, 章亦春团队开发,官网:http://openr esty.org/cn/
Nginx的功能介绍
静态的web资源服务器html,图片,js,css,txt等静态资源
http/https协议的反向代理
结合FastCGI/uWSGI/SCGI等协议反向代理动态资源请求
tcp/udp协议的请求转发(反向代理)
imap4/pop3协议的反向代理
基础特性
模块化设计,较好的扩展性
高可靠性
支持热部署:不停机更新配置文件,升级版本,更换日志文件
低内存消耗:10000个keep-alive连接模式下的非活动连接,仅需2.5M内存
Web 服务相关的功能
虚拟主机(server)
支持 keep-alive 和管道连接(利用一个连接做多次请求)
访问日志(支持基于日志缓冲提高其性能)url rewirte
路径别名
基于IP及用户的访问控制
支持速率限制及并发数限制
重新配置和在线升级而无须中断客户的工作进程
Nginx的架构
主要包括模块化设计和多进程模型,具有高性能、低内存消耗和高可靠性的特点。
Nginx的核心架构设计基于高度的模块化思想,将服务器功能分解成多个模块,每个模块只负责特定的功能,并且严格遵循“高内聚,低耦合”的原则。这种模块化设计使得Nginx能够灵活扩展,适应不同应用场景的需求。核心模块提供服务器运行必需的基础功能,如错误日志记录、配置文件解析及事件驱动机制等。标准HTTP模块则处理与HTTP协议相关的功能设置,而可选HTTP模块进一步扩展了标准的HTTP功能
编译安装Nginx
#在nginx.org选择稳定版下载源码包安装:nginx-1.24.0.tar.gz和nginx-1.26.0.tar.gz
[root@Nginx ~]# dnf install gcc pcre-devel zlib-devel openssl-devel -y
[root@Nginx ~]# tar zxf nginx-1.24.0.tar.gz
[root@Nginx ~]# cd nginx-1.24.0/
[root@Nginx nginx-1.24.0]# useradd -s /sbin/nologin -M nginx
[root@Nginx nginx-1.24.0]# ls
auto CHANGES.ru configure html Makefile objs src
CHANGES conf contrib LICENSE man README
[root@Nginx nginx-1.24.0]# ./configure --prefix=/usr/local/nginx \
--user=nginx \ # 指定nginx运行用户
--group=nginx \ # 指定nginx运行组
--with-http_ssl_module \ # 支持https://
--with-http_v2_module \ # 支持http版本2
--with-http_realip_module \ # 支持ip透传
--with-http_stub_status_module \ # 支持状态页面
--with-http_gzip_static_module \ # 支持压缩
--with-pcre \ # 支持正则
--with-stream \ # 支持tcp反向代理
--with-stream_ssl_module \ # 支持tcp的ssl加密
--with-stream_realip_module # 支持tcp的透传ip
[root@nginx ~]# ./nginx
[root@nginx ~]# ps aux | grep nginx
root 41085 0.0 0.0 9840 924 ? Ss 20:53 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 41086 0.0 0.1 13700 4756 ? S 20:53 0:00 nginx: worker process
root 41146 0.0 0.0 221668 2324 pts/0 S+ 22:09 0:00 grep --color=auto nginx
[root@nginx ~]# netstat -antlupe | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 0 70327 41085/nginx: master
#/usr/local/nginx/sbin/nginx -s stop #关闭nginx
#/usr/local/nginx/sbin/nginx -s restart #开启nginx
[root@Nginx nginx-1.24.0]# vim auto/cc/gcc #关闭debug功能 ....#debug#CFLAGS="$CFLAGS -g".....
[root@Nginx nginx-1.24.0]# make && make install验证版本及编译参数
[root@nginx ~]# vim ~/.bash_profile #添加环境变量,可以直接用。....export PATH=$PATH:/usr/local/nginx/sbin
[root@nginx ~]# source ~/.bash_profile #生效一下
[root@nginx ~]# nginx
[root@nginx ~]# nginx -V
nginx version: nginx/1.24.0
built by gcc 11.4.1 20231218 (Red Hat 11.4.1-3) (GCC)
built with OpenSSL 3.0.7 1 Nov 2022
TLS SNI support enabled
configure arguments: --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module
[root@nginx ~]# curl -I 172.25.254.100
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Thu, 15 Aug 2024 14:21:03 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Thu, 15 Aug 2024 12:00:45 GMT
Connection: keep-alive
ETag: "66bdeded-267"
Accept-Ranges: bytes使用安装完成的二进制文件nginx
[root@Nginx ~]# nginx -v
nginx version: nginx/1.18.0
-V #显示版本和编译参数
-t #测试配置文件是否异
-T #测试并打印
-q #静默模式
-s stop, quit, reopen, reload #
发送信号,reload信号 会生成新的worker,但master不会重新生成
-p prefix : set prefix path (default: /etc/nginx/) #指定Nginx 目录
-c filename : set configuration file (default: /etc/nginx/nginx.conf) #
配置文件路径[root@Nginx ~]# vim /usr/local/nginx/conf/nginx.conf
nginx: [emerg] "worker_processes" directive is duplicate in
/usr/local/nginx/conf/nginx.conf:3
root@Nginx ~]# nginx -g "worker_processes 6;"
[root@nginx ~]# ps aux | grep nginx
root 41085 0.0 0.0 9840 2672 ? Ss 20:53 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 41172 0.0 0.1 13700 4756 ? S 22:46 0:00 nginx: worker process
root 41181 0.0 0.0 221668 2212 pts/0 S+ 22:50 0:00 grep --color=auto nginx
[root@Nginx ~]# nginx -s quit #如果出现pid后缀的情况报错就reboot
[root@Nginx ~]# ps aux | grep nginx
root 48171 0.0 0.1 221664 2176 pts/0 S+ 14:04 0:00 grep --
color=auto nginx
#前台运行
[root@Nginx ~]# nginx -g "daemon off;"Nginx 启动文件
[root@Nginx ~]# nginx
[root@Nginx ~]# vim /lib/systemd/system/nginx.service
[Unit]
Description=The NGINX HTTP and reverse proxy server After=syslog.target network-online.target remote-fs.target nss-lookup.target Wants=network-online.target [Service]
Type=forking PIDFile=/usr/local/nginx/logs/nginx.pid ExecStartPre=/usr/local/nginx/sbin/nginx -t ExecStart=/usr/local/nginx/sbin/nginx ExecReload=/usr/local/nginx/sbin/nginx -s reload ExecStop=/bin/kill -s QUIT $MAINPID PrivateTmp=true [Install]
WantedBy=multi-user.target
[root@Nginx ~]# systemctl daemon-reload
[root@Nginx ~]# systemctl enable --now nginx
[root@Nginx ~]# ps aux | grep nginx
#如果出现错误查看端口netstat -tunlp | grep 80,把占用的全杀了kill -9 平滑升级和回滚
[root@nginx ~]# ls
anaconda-ks.cfg echo-nginx-module-0.63.tar.gz nginx-1.26.1 Templates
Desktop Music nginx-1.26.1.tar.gz Videos
Documents nginx-1.24.0 Pictures
Downloads nginx-1.24.0.tar.gz Public
[root@nginx ~]# tar zxf echo-nginx-module-0.63.tar.gz
[root@nginx ~]# ls
anaconda-ks.cfg echo-nginx-module-0.63 nginx-1.24.0.tar.gz Public
Desktop echo-nginx-module-0.63.tar.gz nginx-1.26.1 Templates
Documents Music nginx-1.26.1.tar.gz Videos
Downloads nginx-1.24.0 Pictures
[root@nginx ~]# tar zxf nginx-1.26.1.tar.gz
[root@nginx ~]# cd nginx-1.26.1/ #开始编译新版本
[root@Nginx nginx-1.26.1]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --add-module=/root/memc-nginx-module-0.20 --add-module=/root/srcache-nginx-module-0.33 --add-module=/root/echo-nginx-module-0.63 --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module -- with-stream_realip_module #只要make无需要make install
[root@Nginx nginx-1.26.1]# make #查看两个版本
[root@Nginx nginx-1.26.1]# ll objs/nginx /usr/local/nginx/sbin/nginx -rwxr-xr-x 1 root root 1239416 Jul 18 15:08 objs/nginx -rwxr-xr-x 1 root root 5671488 Jul 18 11:41 /usr/local/nginx/sbin/nginx #把之前的旧版的nginx命令备份
[root@Nginx ~]# cd /usr/local/nginx/sbin/
[root@Nginx sbin]# cp nginx nginx.24 #把新版本的nginx命令复制过去
[root@Nginx sbin]# \cp -f /root/nginx/nginx-1.26.1/objs/nginx /usr/local/nginx/sbin #检测一下有没有问题
[root@Nginx sbin]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@nginx sbin]# kill -USR2 41085 #nginx worker ID #USR2 平滑升级可执行程序,将存储有旧版本主进程PID的文件重命名为nginx.pid.oldbin,并启动新的 nginx #此时两个master的进程都在运行,只是旧的master不在监听,由新的master监听80 #此时Nginx开启一个新的master进程,这个master进程会生成新的worker进程,这就是升级后的Nginx进 程,此时老的进程不会自动退出,但是当接收到新的请求不作处理而是交给新的进程处理。
[root@nginx sbin]# ps aux | grep nginx
root 41085 0.0 0.0 9840 2672 ? Ss 20:53 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 41086 0.0 0.1 13700 4756 ? S 20:53 0:00 nginx: worker process
root 41163 0.0 0.1 9840 6068 ? S 22:41 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 41164 0.0 0.1 13700 4740 ? S 22:41 0:00 nginx: worker process
root 41166 0.0 0.0 221668 2220 pts/0 S+ 22:41 0:00 grep --color=auto nginx
[root@Nginx sbin]# curl -I localhost HTTP/1.1 200 OK Server: nginx/1.24.0 ##依旧是旧版本生生效 Date: Thu, 18 Jul 2024 07:45:58 GMT Content-Type: text/html Content-Length: 615 Last-Modified: Thu, 18 Jul 2024 03:41:13 GMT Connection: keep-alive ETag: "66988ed9-267" Accept-Ranges: bytes #回收旧版本
[root@nginx ~]# kill -WINCH 41085
[root@nginx ~]# ps aux | grep nginx
root 41085 0.0 0.0 9840 2672 ? Ss 20:53 0:00 nginx: master process /usr/local/nginx/sbin/nginx
root 41163 0.0 0.1 9840 6068 ? S 22:41 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 41164 0.0 0.1 13700 4740 ? S 22:41 0:00 nginx: worker process
root 41169 0.0 0.0 221668 2276 pts/0 S+ 22:44 0:00 grep --color=auto nginx
[root@Nginx sbin]# curl -I 172.25.254.100
HTTP/1.1 200 OK Server: nginx/1.26.1 #新版本生效 Date: Thu, 18 Jul 2024 07:59:45 GMT Content-Type: text/html Content-Length: 615 Last-Modified: Thu, 18 Jul 2024 03:41:13 GMT Connection: keep-alive ETag: "66988ed9-267" Accept-Ranges: bytes #回滚 #如果升级的版本发现问题需要回滚,可以重新拉起旧版本的worker,后续用的是26版本的。
[root@Nginx sbin]# cp nginx nginx.26
[root@Nginx sbin]# ls
nginx nginx.24 nginx.26
[root@Nginx sbin]# \CP -F nginx.24 nginx
[root@nginx sbin]# kill -HUP 41085
[root@nginx sbin]# ps aux | grep nginx
root 41085 0.0 0.0 9840 2672 ? Ss 20:53 0:00 nginx: master process /usr/local/nginx/sbin/nginx
root 41163 0.0 0.1 9840 6068 ? S 22:41 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 41164 0.0 0.1 13700 4740 ? S 22:41 0:00 nginx: worker process
nginx 41172 0.0 0.1 13700 4756 ? S 22:46 0:00 nginx: worker process
root 41174 0.0 0.0 221668 2420 pts/0 S+ 22:46 0:00 grep --color=auto nginx
[root@nginx sbin]# kill -WINCH 41163
[root@nginx sbin]# ps aux | grep nginx
root 41085 0.0 0.0 9840 2672 ? Ss 20:53 0:00 nginx: master process /usr/local/nginx/sbin/nginx
root 41163 0.0 0.1 9840 6068 ? S 22:41 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 41172 0.0 0.1 13700 4756 ? S 22:46 0:00 nginx: worker process
root 41176 0.0 0.0 221668 2360 pts/0 S+ 22:47 0:00 grep --color=auto nginx
[root@nginx sbin]# curl -I 172.25.254.100
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Thu, 15 Aug 2024 14:48:30 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Thu, 15 Aug 2024 12:00:45 GMT
Connection: keep-alive
ETag: "66bdeded-267"
Accept-Ranges: bytes
[root@nginx sbin]# kill -9 41163
[root@nginx sbin]# ps aux | grep nginx
root 41085 0.0 0.0 9840 2672 ? Ss 20:53 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 41172 0.0 0.1 13700 4756 ? S 22:46 0:00 nginx: worker process
root 41181 0.0 0.0 221668 2212 pts/0 S+ 22:50 0:00 grep --color=auto nginx全局配置 实现 nginx 的高并发配置
[root@nginx ~]# vim /usr/local/nginx/conf/nginx.conf
user nginx;
worker_processes auto;
worker_cpu_affinity 0001 0010; #cpu核心绑定,双核。#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;#pid logs/nginx.pid;events {worker_connections 100000; #压力测试之前可以先不改。
}
.....
[root@nginx ~]# nginx -s reload[root@nginx ~]# sudo -u nginx ulimit -n
1024
[root@nginx ~]# vim /etc/security/limits.conf
.....
# End of file
nginx - nofile 100000
[root@nginx ~]# sudo -u nginx ulimit -n
100000
[root@nginx ~]# vim /etc/security/limits.conf
....
#nginx nofile 100000 #先注释掉用测试工具试一下。有没有出错的。
[root@nginx ~]# dnf install httpd-tools -y #压力测试工具
[root@nginx ~]# ab -n 10000 -c 5000 http://172.25.254.100/index.htmlroot 与 alias
root:指定web的家目录,在定义location的时候,文件的绝对路径等于 root+location3.2
[root@nginx ~]# mkdir /data/web/test1 -p#当你去访问/test1的时候 我带你访问 /detaweb/test1
[root@nginx ~]# vi /usr/local/nginx/conf.d/vhost.conf
server {listen 80;server_name www.jingwen.org;root /data/web/html;index index.html;location /test1/ {root /data/web;}
}
[root@nginx ~]# echo /data/web/test1 > /data/web/test1/index.html
[root@nginx ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@nginx ~]# nginx -s reload
alias:定义路径别名,会把访问的路径重新定义到其指定的路径,文档映射的另一种机制;仅能用于 location上下文,此指令使用较少。
[root@nginx ~]# cat /usr/local/nginx/conf.d/vhost.conf
server {listen 80;server_name www.jingwen.org;root /data/web/html;index index.html;location /test1/ {root /data/web;}location /test2 {alias /data/web/test1;}
}
[root@nginx ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@nginx ~]# nginx -s reload
location
语法规则:
location [ = | ~ | ~* | ^~ ] uri { ... }
= #用于标准uri前,需要请求字串与uri精确匹配,大小敏感,如果匹配成功就停止向下匹配并立即处理请求
^~ #用于标准uri前,表示包含正则表达式,并且匹配以指定的正则表达式开头, #对uri的最左边部分做匹配检查,不区分字符大小写
~ #用于标准uri前,表示包含正则表达式,并且区分大小写
~* #用于标准uri前,表示包含正则表达式,并且不区分大写
不带符号 #匹配起始于此uri的所有的uri
\ #用于标准uri前,表示包含正则表达式并且转义字符。可以将 . * ?等转义为普通符号
新版本:1.26
#匹配目录优先级从高到低:
(~* = ~)> 不带符号 > ^~ > =
#匹配文件优先级从高到低:
= > (~* = ~) > 不带符号 > ^~
#测试简单目录优先级,精确匹配
[root@nginx ~]# mkdir /data/web{1,2}
[root@nginx ~]# mkdir /data/web{1,2}/test
[root@nginx ~]# echo web1 test > /data/web1/test/index.html
[root@nginx ~]# echo web2 test > /data/web2/test/index.html
[root@nginx ~]# vim /usr/local/nginx/conf.d/vhost.conf
server {listen 80;server_name www.jingwen.org;root /data/web/html;index index.html;location /test {root /data/web1;}location = /test {root /data/web2;}
}[root@nginx ~]# nginx -s reload#测试
访问http://172.25.254.100/test/
出现web1 test
#测试模糊匹配
[root@nginx ~]# mkdir -p /data/web1/{test1,tee}
[root@nginx ~]# echo test1 > /data/web1/test1/index.html
[root@nginx ~]# echo tee > /data/web1/tee/index.html
[root@nginx ~]# mkdir -p /data/web1/lee
[root@nginx ~]# echo lee > /data/web1/lee/index.html
[root@nginx ~]# vim /usr/local/nginx/conf.d/vhost.conf
server {listen 80;server_name www.jingwen.org;root /data/web/html;index index.html;location ^~ /t {root /data/web1;}
}[root@nginx ~]# nginx -s reload#测试
访问http://172.25.254.100/tee/
显示tee
访问http://172.25.254.100/lee/
显示404
nginx的用户认证
# 创建默认认证文件
[root@nginx ~]#htpasswd -cm /usr/local/nginx/.htpasswd admin
redhat
[root@nginx ~]#htpasswd -m /usr/local/nginx/.htpasswd lee #有这个文件去掉c选项
redhat[root@nginx ~]# mkdir /data/web/lee
[root@nginx ~]# echo lee > /data/web/lee/index.html
[root@nginx ~]# vim /usr/local/nginx/conf.d/vhost.conf
server {listen 80;server_name www.jingwen.org;root /data/web/html;index index.html;location /lee {root /data/web;auth_basic "login password !!";auth_basic_user_file "/usr/local/nginx/.htpasswd";}
}
[root@nginx ~]# nginx -s reload#测试
访问172.25.254.100/lee
输入用户名和密码,显示lee
自定义错误页面
[root@nginx ~]# mkdir /data/web/errorpage -p
[root@nginx ~]# echo error page > /data/web/errorpage/40x.html
[root@nginx ~]# vim /usr/local/nginx/conf.d/vhost.conf
server {error_page 404 /40x.html;location = /40x.html {root /data/web/errorpage;}
}
[root@nginx ~]# nginx -s reload测试:
[root@node100 ~]# curl www.timinglee.org/testa
error page
或者在浏览器访问www.timinglee.org/testa
出现error page
自定义错误日志
[root@nginx ~]# mkdir /var/log/timinglee.org
[root@nginx ~]# vim /usr/local/nginx/conf.d/vhost.conf
server {error_log /var/log/timinglee.org/error.log;access_log /var/log/timinglee.org/access.log;
}[root@nginx ~]# nginx -s reload#测试
[root@nginx ~]# curl www.timinglee.org
[root@nginx ~]# cat /var/log/timinglee.org/access.log
[root@nginx ~]# curl www.timinglee.org/aaa
[root@nginx ~]# cat /var/log/timinglee.org/error.log
检测文件是否存在
[root@nginx ~]# rm -rf /data/web/html/index.html
[root@nginx ~]# rm -rf /data/web/html/error/
[root@nginx ~]# vim /usr/local/nginx/conf.d/vhost.conf
server {error_log /var/log/timinglee.org/error.log;access_log /var/log/timinglee.org/access.log;try_files $uri $uri.html $uri/index.html /error/default.html;}
[root@nginx ~]# nginx -s reload;#测试
[root@nginx ~]# curl www.timinglee.org
500[root@nginx ~]# mkdir /data/web/html/error
[root@nginx ~]# echo error default > /data/web/html/error/default.html#测试
[root@nginx ~]# curl www.timinglee.org
error default
长连接配置
[root@nginx ~]# yum install telnet -y #长链接测试工具
[root@nginx ~]# curl -v nginx.timinglee.org
* Trying 172.25.254.100:80...
* Connected to nginx.timinglee.org (172.25.254.100) port 80 (#0)
> GET / HTTP/1.1
> Host: nginx.timinglee.org
> User-Agent: curl/7.76.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.24.0
< Date: Fri, 16 Aug 2024 06:55:58 GMT
< Content-Type: text/html
< Content-Length: 37
< Last-Modified: Fri, 16 Aug 2024 06:45:28 GMT
< Connection: keep-alive
< Keep-Alive: timeout=60
< ETag: "66bef588-25"
< Accept-Ranges: bytes
<
nginx.timinglee.org - 172.25.254.100
* Connection #0 to host nginx.timinglee.org left intact
[root@nginx ~]# vim /usr/local/nginx/conf/nginx.conf
...sendfile on;#tcp_nopush on;#keepalive_timeout 0;keepalive_timeout 65 60;keepalive_requests 500;
...
[root@nginx ~]# nginx -s reload
[root@nginx ~]# telnet nginx.timinglee.org 80
Trying 172.25.254.100...
Connected to nginx.timinglee.org.
Escape character is '^]'.
GET / HTTP/1.1 ##输入动作
Host: nginx.timinglee.org #输入访问HOST,回车HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Fri, 16 Aug 2024 07:13:29 GMT
Content-Type: text/html
Content-Length: 37
Last-Modified: Fri, 16 Aug 2024 06:45:28 GMT
Connection: keep-alive
Keep-Alive: timeout=60
ETag: "66bef588-25"
Accept-Ranges: bytesnginx.timinglee.org - 172.25.254.100
GET / HTTP/1.1 ##第二次操作
Host: nginx.timinglee.org #第二次操作HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Fri, 16 Aug 2024 07:13:37 GMT
Content-Type: text/html
Content-Length: 37
Last-Modified: Fri, 16 Aug 2024 06:45:28 GMT
Connection: keep-alive
Keep-Alive: timeout=60
ETag: "66bef588-25"
Accept-Ranges: bytesnginx.timinglee.org - 172.25.254.100
Connection closed by foreign host. #自动断开链接作为下载服务器配置
[root@Nginx ~]# mkdir -p /data/web/download
[root@Nginx ~]# dd if=/dev/zero of=/data/web/download/leefile bs=1M count=100
[root@Nginx ~]# vim /usr/local/nginx/conf.d/vhost.conf
....location /download {root /data/web;autoindex on; #自动索引功能autoindex_exact_size off; #计算文件确切大小(单位bytes),此为默认值,off只显示
大概大小(单位kb、mb、gb)autoindex_localtime on; #on表示显示本机时间而非GMT(格林威治)时间,默为为off显
示GMT时间limit_rate 1024k;#限速,默认不限速}
...
[root@nginx ~]# nginx -s reload
测试:
发我浏览器:curl nginx.timing.org/download/
[root@nginx ~]# wget nginx.timinglee.org/download/
--2024-08-16 16:43:46-- http://nginx.timinglee.org/download/
Resolving nginx.timinglee.org (nginx.timinglee.org)... 172.25.254.100
Connecting to nginx.timinglee.org (nginx.timinglee.org)|172.25.254.100|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘index.html.3’index.html.3 [ <=> ] 253 --.-KB/s in 0s 2024-08-16 16:43:46 (38.2 MB/s) - ‘index.html.3’ saved [253]
#重启Nginx并访问测试下载页面Nginx 状态页
[root@nginx ~]# cat /usr/local/nginx/conf.d/zhuzhuxia.conf
server {listen 80;server_name status.timinglee.org;root /data/web/html;index index.html;location /status {stub_status;allow 172.25.254.1;deny all;}
}
[root@nginx ~]# nginx -s reload
测试:在浏览器输入status.timinglee.org/status/会出现以下内容
Active connections: 2 #当前处于活动状态的客户端连接数#包括连接等待空闲连接数=reading+writing+waiting
server accepts handled requests #accepts:统计总值,Nginx自启动后已经接受的客户端请求连接的总数。
#handled统计总值,Nginx自启动后已经处理完成的客户端请求连接总数#handled通常等于accepts,除非有因worker_connections限制等被拒绝的连接
#requests统计总值,Nginx自启动后客户端发来的总的请求数67 67 76
Reading: 0 Writing: 1 Waiting: 1 #当前状态,正在读取客户端请求报文首部的连接的连接数
#数值越大,说明排队现象严重,性能不足Nginx 压缩功能
Nginx支持对指定类型的文件进行压缩然后再传输给客户端,而且压缩还可以设置压缩比例,压缩后的文 件大小将比源文件显著变小,样有助于降低出口带宽的利用率,降低企业的IT支出,不过会占用相应的CPU资源。
[root@nginx ~]# echo small - 172.25.254.100 > /data/web/html/small.html
[root@nginx ~]# du -sh /usr/local/nginx/logs/access.log 12K /usr/local/nginx/logs/access.log
[root@nginx ~]# cat /usr/local/nginx/logs/access.log > /data/web/html/big.html
[root@nginx ~]# vim /usr/local/nginx/conf/nginx.conf
....keepalive_requests 500;gzip on; #启用或禁用gzip压缩,默认关闭gzip_comp_level 5; #压缩比由低到高从1到9,默认为1,值越高压缩后文件越小,但是消耗cpu比较高。基本设定未4或者5gzip_min_length 1k; #gzip压缩的最小文件,小于设置值的文件将不会压缩gzip_http_version 1.1; #启用压缩功能时,协议的最小版本,默认HTTP/1.1gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/gif image/png; #指明仅对哪些类型的资源执行压缩操作;默认为gzip_types text/html,不用显示指定,否则出错
gzip_vary on; #如果启用压缩,是否在响应报文首部插入“Vary: Accept-Encoding”,一般打开include "/usr/local/nginx/conf.d/*.conf";
....
[root@nginx ~]# nginx -s reload
测试:
[root@nginx ~]# curl --head --compressed 172.25.254.100/small.html
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Fri, 16 Aug 2024 08:31:06 GMT
Content-Type: text/html
Content-Length: 23
Last-Modified: Fri, 16 Aug 2024 08:30:58 GMT
Connection: keep-alive
Keep-Alive: timeout=60
ETag: "66bf0e42-17"
Accept-Ranges: bytes
[root@nginx ~]# curl --head --compressed 172.25.254.100/big.html
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Fri, 16 Aug 2024 08:31:09 GMT
Content-Type: text/html
Last-Modified: Fri, 16 Aug 2024 08:30:44 GMT
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"66bf0e34-2948"
Content-Encoding: gzipNginx 变量使用
nginx的变量可以在配置文件中引用,作为功能判断或者日志等场景使用;变量可以分为内置变量和自定义变量;内置变量是由nginx模块自带,通过变量可以获取到众多的与客户端访问相关的值。
内置变量
[root@Nginx ~]# vim /usr/local/nginx/conf.d/xiaofeifei.conf
server {listen 80;server_name var.timinglee.org;root /data/web/html;index index.html;location /var {default_type text/html;echo $remote_addr; #存放客户端的地址,是客户端的公网IPecho $args; #变量中存放了URL中的所有参数.echo $document_root; #保存了针对当前资源的请求的系统根目录,例如:/data/web/html.echo $document_uri; #保存了当前请求中不包含参数的URI,注意是不包含请求的指令.echo $host; #存放了请求的host名称.echo $remote_port; #客户端请求Nginx服务器时随机打开的端口,这是每个客户端自己的端口echo $remote_user; #已经经过Auth Basic Module验证的用户名echo $request_method; #请求资源的方式,GET/PUT/DELETE等echo $request_filename; #当前请求的资源文件的磁盘路径,由root或alias指令与URI请求生成的文件绝对路径,echo $request_uri; #包含请求参数的原始URI,不包含主机名,相当于:$document_uri?$argsecho $scheme;echo $server_protocol; #保存了客户端请求资源使用的协议的版本,例如:HTTP/1.0,HTTP/1.1,HTTP/2.0等echo $server_addr; #保存了服务器的IP地址echo $server_name; #虚拟主机的主机名echo $server_port; #虚拟主机的端口号echo $http_user_agent; #客户端浏览器的详细信息echo $http_cookie; #客户端的所有cookie信息echo $cookie_key2; #name为任意请求报文首部字部cookie的key名}
}
[root@nginx ~]# nginx -s reload
nginx: [emerg] unknown directive "echo" in /usr/local/nginx/conf.d/xiaofeifei.conf:9
#出现问题是在源码安装时没有加echo模块
[root@nginx ~]# vi /etc/hosts
#添加本地解析var.timinglee.org 172.25.254.100
测试:
[root@nginx ~]# curl var.timinglee.org/var #$remote_addr;
[root@nginx ~]# curl var.timinglee.org/var?name=lee&&id=6666 #echo $args; $document_root; $document_uri; echo $host; $remote_port;
[root@nginx ~]# curl -u lee:lee var.timinglee.org/var?name=lee&&id=6666 #$remote_user; $request_method; $request_filename; $document_uri; $scheme; $server_protocol; $server_addr; $server_name; $server_port; $http_user_agent;
看浏览器版本:rpm -qa | grep curl
[root@nginx ~]# curl -b "key1=lee,key2=timinglee" -u lee:lee var.timinglee.org/var?name=lee&&id=6666 ##$http_cookie; $cookie_key2;
172.25.254.100
name=lee
?
/data/web/html
/var
var.timinglee.org
47264
lee
GET
/data/web/html/var
/var?name=lee
http
HTTP/1.1
172.25.254.100
var.timinglee.org
80
curl/7.76.1
key1=lee,key2=timinglee
timinglee
lee自定义变量
[root@Nginx ~]# vim /usr/local/nginx/conf.d/xiaofeifei.conf
server {listen 80;server_name var.timinglee.org;root /data/web/html;index index.html;location /var {default_type text/html;set $timinglee lee;echo $timinglee;}
}
测试:[root@nginx~]# curl var.timinglee.org/varNginx Rewrite 相关功能
if指令
示例:
[root@nginx conf.d]# vim /usr/local/nginx/conf.d/vars.conf
server {listen 80;server_name var.timingding.org;root /data/web/html;index index.html;location /test2 {if ( !-e $request_filename ){echo "$request_filename is not exist";}}
}测试:
此时不存在test2的目录
[root@nginx conf.d]# curl var.timingding.org/test2/index.html
/data/web/html/test2/index.html is not exist
[root@nginx conf.d]# 测试:
存在test2的目录,有的话就直接显示内容
创建一个:
[root@nginx conf.d]# mkdir -p /data/web/html/test2/
[root@nginx conf.d]# echo test2 > /data/web/html/test2/index.html
[root@nginx conf.d]# curl var.timingding.org/test2/index.html
test2
set 指令
[root@nginx ~]# vim /usr/local/nginx/conf.d/vhosts.conf
server {
listen 80;
server_name www.timingding.org;
root /data/nginx/timingding.org/ding;
location /test2{
set $name ding;
echo $name;
}
}
测试:
[root@nginx ~]# curl lee.timingding.org/test2
dingbreak指令
示例:
[root@nginx conf.d]# vim /usr/local/nginx/conf.d/vars.conf
server {listen 80;server_name var.timingding.org;root /data/web/html;index index.html;location /test2 {if ( !-e $request_filename ){ echo "$request_filename is not exist";#return 409;}}location /break {default_type text/html;set $name ding;echo $name;set $id 203621;echo $id;}}
[root@nginx conf.d]# nginx -s reload
[root@nginx conf.d]# curl var.timingding.org/break
ding
203621
[root@nginx conf.d]# 配合if再加上break:
location /break {default_type text/html;set $name ding;echo $name;if ( $http_user_agent = "curl/7.76.1"){break;}set $id 203621;echo $id;}
[root@nginx conf.d]# nginx -s reload
[root@nginx conf.d]# curl var.timingding.org/break
ding[root@nginx conf.d]# 指定下别的浏览器,break就不生效:
[root@nginx conf.d]# curl -A "fileding" var.timingding.org/break
ding
203621
return指令
根据上面的实验接着往下面加,示例:
[root@nginx conf.d]# vim /usr/local/nginx/conf.d/vars.conflocation /return {default_type text/html;if ( !-e $request_filename ){echo "$request_filename is not exist";return 301 http://www.baidu.com;}echo "$request_filename is not exist";}
}现在没有return的目录,会定向到www.baidu.com,并且会报301
测试:
[root@nginx conf.d]# curl -I var.timingding.org/return
HTTP/1.1 301 Moved Permanently
Server: xiaoding/1.1
Date: Sun, 18 Aug 2024 11:12:55 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Keep-Alive: timeout=60
Location: http://www.baidu.com存在return目录
测试:
[root@nginx conf.d]# mkdir -p /data/web/html/return/
[root@nginx conf.d]#
[root@nginx conf.d]# curl -I var.timingding.org/return
HTTP/1.1 200 OK
Server: xiaoding/1.1
Date: Sun, 18 Aug 2024 11:15:25 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encodingrewrite案例:域名永久与临时重定向
永久:
示例:
[root@nginx conf.d]# vim /usr/local/nginx/conf.d/vars.conflocation / {root /data/web/var;index index.html;rewrite / http://www.timingding.com permanent; --- 永久重定向 301 两个不能同时启用#rewrite / http://www.timingding.com redirext; --- 临时重定向 302}[root@nginx conf.d]# mkdir -p /data/web/var
[root@nginx conf.d]# echo var page > /data/web/var/index.html
[root@nginx conf.d]# nginx -s reload测试:
curl 不支持重定向
永久的301:
[root@nginx conf.d]# curl -I var.timingding.org
HTTP/1.1 301 Moved Permanently
Server: xiaoding/1.1
Date: Sun, 18 Aug 2024 11:40:30 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Keep-Alive: timeout=60
Location: http://www.timingding.com
[root@nginx conf.d]# 临时:
换成临时的302:
[root@nginx conf.d]# vim /usr/local/nginx/conf.d/vars.conflocation / {root /data/web/var;index index.html;#rewrite / http://www.timingding.com permanent; rewrite / http://www.timingding.com redirext; }break和last
示例:
创建目录:
[root@nginx conf.d]# mkdir /data/web/html/{test1,test2,break,last} -p
[root@nginx conf.d]# echo test1 > /data/web/html/test1/index.html
[root@nginx conf.d]# echo test2 > /data/web/html/test2/index.html
[root@nginx conf.d]# echo break > /data/web/html/break/index.html
[root@nginx conf.d]# echo last > /data/web/html/last/index.html[root@nginx conf.d]# vim /usr/local/nginx/conf.d/vars.conf
server {listen 80;server_name var.timingding.org;root /data/web/html;index index.html;location /break {rewrite ^/break/(.*) /test1/$1;rewrite ^/test1/(.*) /test2/$1;}location /last {rewrite ^/last/(.*) /test1/$1;rewrite ^/test1/(.*) /test2/$1;}location /test1 {default_type text/html;return 203 "xiaoding hahahahaha";}location /test2 {root /data/web/html;}
}访问:
[root@nginx conf.d]# curl var.timingding.org/break/
test2
[root@nginx conf.d]# curl var.timingding.org/last/
test2
[root@nginx conf.d]# curl var.timingding.org/test1/
xiaoding hahahahaha
[root@nginx conf.d]# curl var.timingding.org/test2/
test2break和last效果示例:
[root@nginx conf.d]# vim /usr/local/nginx/conf.d/vars.conf
server {listen 80;server_name var.timingding.org;root /data/web/html;index index.html;location /break {root /data/web/html;rewrite ^/break/(.*) /test1/$1 break; ----- 加上break,执行到这里就不访问下面的了,看的是test1里面的内容rewrite ^/test1/(.*) /test2/$1;}location /last {root /data/web/html;rewrite ^/last/(.*) /test1/$1 last;rewrite ^/test1/(.*) /test2/$1;}location /test1 {default_type text/html;return 203 "hahahahaha";}location /test2 {root /data/web/html;}
}测试
[root@nginx ~]# nginx -s reload
[root@nginx ~]# curl var.timingding.org/break/index.html #访问break时,会终止,但不会跳出当前的location
test1
[root@nginx ~]#
[root@nginx~]# curl var.timingding.org/last/index.html #访问last时,也会终止,但是会跳出当前的location,继续寻找路径
hahahahaha自动跳转 https
制作证书:
[root@nginx ~]# cd /usr/local/nginx/certs/
[root@nginx certs]#openssl req -newkey rsa:2048 -nodes -sha256 -keyout /usr/local/nginx/certs/timinglee.org.key
-x509 -days 365 -out /usr/local/nginx/certs/timinglee.org.crt[root@nginx certs]# ls
timingding.org.crt timinglee.org.key
[root@nginx certs]# 写配置:
[root@nginx conf.d]# vim /usr/local/nginx/conf.d/vhost.conf
server {listen 80;listen 443 ssl;server_name www.timinglee.org;root /data/web/html;index index.html;ssl_certificate /usr/local/nginx/certs/timinglee.org.crt;ssl_certificate_key /usr/local/nginx/certs/timinglee.org.key;ssl_session_cache shared:SSL:1m;ssl_session_timeout 5m;location / {if ( $scheme = http ) {rewrite /(.*) https://$host/$1 redirect;}
}[root@nginx conf.d]# echo www.timinglee.org > /data/web/html/index.html 网页访问www.timinglee.org
盗链
盗链(Hotlinking或Direct Linking)是指其他网站直接链接到你网站上的资源(如图片、视频等),导致这些资源在不经过你网站的情况下被直接加载到其他网站上。这不仅会消耗你的带宽资源,还可能影响你的网站性能和用户访问速度。Nginx通过配置可以有效地防止盗链.
防止盗链对网站运营者有以下几个重要作用:
节省带宽:避免不必要的资源消耗,减少带宽成本。
提高性能:减少外部请求对服务器的负担,提升网站的响应速度和稳定性。
保护版权:防止他人未经许可使用你的资源,保护内容版权。
维护品牌形象:避免你的资源在不合适的网站上展示,维护品牌形象和网站的信誉。
通过合理配置Nginx的防盗链规则,网站运营者可以有效地控制资源的使用,确保资源被正当利用,同时保护自身的利益。
[root@nginx-node1 ~]# dnf install httpd -y
[root@nginx-node1 ~]# cd /var/www/html/
[root@nginx-node1 html]# ls
daolian.png
[root@nginx-node1 html]# mv daolian.png /var/www/html/index.html
[root@nginx-node1 html]# ls
index.html
[root@nginx-node1 html]# cat index.html
<html><head><meta http-equiv=Content-Type content="text/html;charset=utf-8"><title>盗链</title>
</head><body><img src="http://www.timinglee.org/images/wx.jpg" ><h1 style="color:red">欢迎大家</h1></body></html>[root@nginx-node1 html]# systemctl start httpd去网页访问172.25.254.10 
