Nginx的基础配置:
Nginx的基础配置
一、实战案例:
1.Nginx访问统计:
(1)实验前准备:
[root@wang1 opt]# /usr/local/nginx/sbin/nginx -V #查看已安装的nginx是否包含http_stub_status
nginx version: nginx/1.22.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module
[root@wang1 opt]# cat /opt/nginx-1.18.0/auto/options | grep YES #查看已安装的所有模块
(2)修改nginx.conf配置文件,指定访问位置并添加stub_status配置:
[root@wang1 conf]# vim nginx.conf
server {
listen 80;
server_name www.exo.com;
charset utf-8;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm index.php;
}
location /status { #访问位置为/status
stub_status on; #打开状态统计
access_log off; #关闭此位置日志记录
}
[root@wang1 conf]# systemctl restart nginx.service #重启服务
- 连接成功:
- 遇到的问题:
- 排错并解决:
- 已解决:
2.基于授权的访问控制:
(1)生成用户密码认证文件:
[root@wang1 opt]# yum -y install httpd-tools #安装服务
[root@wang1 opt]# htpasswd -c /usr/local/nginx/passwd.db xiumin #添加创建系统用户并设置密码
New password:
Re-type new password:
Adding password for user xiumin
[root@wang1 opt]# chown nginx /usr/local/nginx/passwd.db #修改属主
[root@wang1 opt]# chmod 400 /usr/local/nginx/passwd.db #赋权
(2)修改主配置文件相对应目录,添加认证配置项:
[root@wang1 conf]# vim nginx.conf
location /status {
stub_status on;
access_log off;
auth_basic "secret"; #设置密码提示框信息
auth_basic_user_file /usr/local/nginx/passwd.db;
}
(3)重启服务,并做访问测试:
[root@wang1 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@wang1 conf]# systemctl restart nginx.service
3.基于客户端访问设置(设置黑白名单):
deny拒绝某个IP/IP段客户机访问
allow允许某个IP/IP段客户机访问
规则匹配顺序,从上往下,匹配即停止。
需求:添加一条规则只允许192.168.174.12IP的主机访问
[root@wang1 conf]# vim nginx.conf
location / {
root html;
index index.html index.htm index.php;
allow 192.168.174.12;
deny all;
}
(2)重启服务,并访问测试:
[root@wang1 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@wang1 conf]# systemctl restart nginx.service
4.基于域名的nginx虚拟主机:
(1)修改 /etc/hosts 文件,添加域名与IP的本地映射:
[root@wang1 opt]# echo "192.168.174.12 www.exo.com" >> /etc/hosts
[root@wang1 opt]# echo "192.168.174.12 www.bkpp.com" >> /etc/hosts
(2)创建网页文件:
[root@wang1 opt]# mkdir -p /var/www/html/exo
[root@wang1 opt]# mkdir -p /var/www/html/bkpp
[root@wang1 opt]# echo "<h1> www.exo.com </h1>" >> /var/www/html/exo/index.html
[root@wang1 opt]# echo "<h1> www.bkpp.com </h1>" >> /var/www/html/bkpp/index.html
(3)修改ngxin主配置文件:域名不同,IP地址相同,端口相同
[root@wang1 conf]# vim nginx.conf
server {
listen 192.168.174.12:80;
server_name www.exo.com;
charset utf-8;
access_log logs/exo.access.log;
location / {
root /var/www/html/exo;
index index.html index.htm index.php;
}
location /status {
stub_status on;
access_log off;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name www.bkpp.com;
charset utf-8;
access_log logs/bkpp.access.log;
location / {
root /var/www/html/bkpp;
index index.html index.htm index.php;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
(4)重启服务,并测试:
[root@wang1 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@wang1 conf]# systemctl restart nginx.service
5.基于IP的nginx虚拟主机:
(1)创建虚拟网卡:
[root@wang1 conf]# ifconfig ens33:0 192.168.174.200 netmask 255.255.255.0
(2)修改nginx主配置文件 www.bkpp.com 配置的IP地址为192.168.174.200
[root@wang1 conf]# vim nginx.conf
server {
listen 192.168.174.200:80;
server_name www.bkpp.com;
charset utf-8;
access_log logs/bkpp.access.log;
location / {
root /var/www/html/bkpp;
index index.html index.htm index.php;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
(3)重启服务,访问测试:
[root@wang1 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@wang1 conf]# systemctl restart nginx.service
- 连接成功:
6.基于端口的nginx虚拟主机:
(1)修改nginx主配置文件 www.bkpp.com 配置的IP地址为192.168.174.12端口为8080
[root@wang1 conf]# vim nginx.conf
server {
listen 192.168.174.12:8080;
server_name www.bkpp.com;
charset utf-8;
access_log logs/bkpp.access.log;
location / {
root /var/www/html/bkpp;
index index.html index.htm index.php;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
(2)重启并测试:
[root@wang1 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@wang1 conf]# systemctl restart nginx.service
二、LNMP架构:
1.安装nginx服务:
[root@wang1 ~]# systemctl stop firewalld #关闭防火墙和安全机制
[root@wang1 ~]# systemctl disable firewalld
[root@wang1 ~]# setenforce 0
(1)安装依赖包:
[root@wang1 ~]# yum -y install pcre-devel zlib-devel gcc gcc-c++ make #安装依赖包
[root@wang1 ~]# useradd -M -s /sbin/nologin nginx #创建运行用户
(2)编译安装:
[root@wang1 opt]# tar -zxvf nginx-1.12.2.tar.gz -C /opt/ #解压源码包
[root@wang1 opt]# cd nginx-1.12.2/
[root@wang1 nginx-1.12.2]# ./configure \
> --prefix=/usr/local/nginx \
> --user=nginx \
> --group=nginx \
> --with-http_stub_status_module
[root@wang1 nginx-1.12.2]# make && make install #编译安装
[root@wang1 nginx-1.12.2]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/ #优化路径
(3)添加 Nginx 系统服务:
[root@wang1 nginx-1.12.2]# vim /lib/systemd/system/nginx.service
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
(4)赋权,开启服务:
[root@wang1 nginx-1.12.2]# chmod 754 /lib/systemd/system/nginx.service #赋权
[root@wang1 nginx-1.12.2]# systemctl start nginx.service #开启服务
[root@wang1 nginx-1.12.2]# systemctl enable nginx.service
2.安装MySQL:
(1)安装Mysql环境依赖包:
[root@wang1 opt]# yum -y install \
> ncurses \
> ncurses-devel \
> bison \
> cmake
[root@wang1 opt]# useradd -M -s /sbin/nologin mysql #创建程序用户
(2)编译安装:
[root@wang1 opt]# tar zxvf mysql-boost-5.7.20.tar.gz
[root@wang1 opt]# cd mysql-5.7.20/
[root@wang1 mysql-5.7.20]# cmake \
> -DCMAKE_INSTALL_PREFIX=/usr/local/mysql \
> -DMYSQL_UNIX_ADDR=/usr/local/mysql/mysql.sock \
> -DSYSCONFDIR=/etc \
> -DSYSTEMD_PID_DIR=/usr/local/mysql \
> -DDEFAULT_CHARSET=utf8 \
> -DDEFAULT_COLLATION=utf8_general_ci \
> -DWITH_EXTRA_CHARSETS=all \
> -DWITH_INNOBASE_STORAGE_ENGINE=1 \
> -DWITH_ARCHIVE_STORAGE_ENGINE=1 \
> -DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
> -DWITH_PERFSCHEMA_STORAGE_ENGINE=1 \
> -DMYSQL_DATADIR=/usr/local/mysql/data \
> -DWITH_BOOST=boost \
> -DWITH_SYSTEMD=1
[root@wang1 mysql-5.7.20]# make && make install
(3)修改mysql 配置文件:
[root@wang1 mysql-5.7.20]# vim /etc/my.cnf
[client]
port = 3306
socket=/usr/local/mysql/mysql.sock
[mysqld]
user = mysql
basedir=/usr/local/mysql
datadir=/usr/local/mysql/data
port = 3306
character-set-server=utf8
pid-file = /usr/local/mysql/mysqld.pid
socket=/usr/local/mysql/mysql.sock
bind-address = 0.0.0.0
skip-name-resolve
max_connections=2048
default-storage-engine=INNODB
max_allowed_packet=16M
server-id = 1
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,PIPES_AS_CONCAT,ANSI_QUOTES
(4)更改mysql安装目录和配置文件的属主属组:
[root@wang1 mysql-5.7.20]# chown -R mysql:mysql /usr/local/mysql/
[root@wang1 mysql-5.7.20]# chown mysql:mysql /etc/my.cnf
(5)设置路径环境变量:
[root@wang1 ~]# echo 'export PATH=/usr/local/mysql/bin:/usr/local/mysql/lib:$PATH' >> /etc/profile
[root@wang1 ~]# source /etc/profile
(6)初始化数据库:
[root@wang1 ~]# cd /usr/local/mysql/bin/
[root@wang1 bin]# ./mysqld \
> --initialize-insecure \
> --user=mysql \
> --basedir=/usr/local/mysql \
> --datadir=/usr/local/mysql/data
(7)添加mysqld系统服务:
[root@wang1 bin]# cp /usr/local/mysql/usr/lib/systemd/system/mysqld.service /usr/lib/systemd/system/
[root@wang1 bin]# systemctl daemon-reload
[root@wang1 bin]# systemctl start mysqld.service
[root@wang1 bin]# systemctl enable mysqld
Created symlink from /etc/systemd/system/multi-user.target.wants/mysqld.service to /usr/lib/systemd/system/mysqld.service.
(8)修改mysql 的登录密码,授权远程登陆:
[root@wang1 bin]# mysqladmin -u root -p password "abc123"
Enter password:
mysqladmin: [Warning] Using a password on the command line interface can be insecure.
Warning: Since password will be sent to server in plain text, use ssl connection to ensure password safety.
[root@wang1 bin]# mysql -u root -p #授权远程登录
Enter password:
mysql> use mysql;
date user set host = '%' where user='root';
mysql> exit
Bye
3.安装配置 PHP 解析环境:
(1)安装依赖环境:
[root@wang1 opt]# yum -y install gd \
libjpeg libjpeg-devel \
libpng libpng-devel \
freetype freetype-devel \
libxml2 libxml2-devel \
zlib zlib-devel \
curl curl-devel \
openssl openssl-devel
(2)编译安装:
[root@wang1 php-7.1.10]# ./configure \
> --prefix=/usr/local/php \
> --with-mysql-sock=/usr/local/mysql/mysql.sock \
> --with-mysqli \
> --with-zlib \
> --with-curl \
> --with-gd \
> --with-jpeg-dir \
> --with-png-dir \
> --with-freetype-dir \
> --with-openssl \
> --enable-fpm \
> --enable-mbstring \
> --enable-xml \
> --enable-session \
> --enable-ftp \
> --enable-pdo \
> --enable-tokenizer \
> --enable-zip
[root@wang1 php-7.1.10]# make && make install
[root@wang1 php-7.1.10]# ln -s /usr/local/php/bin/* /usr/local/bin/ #路径优化
[root@wang1 php-7.1.10]# ln -s /usr/local/php/sbin/* /usr/local/sbin
(3)调整配置文件:
[root@wang1 php-7.1.10]# cp /opt/php-7.1.10/php.ini-development /usr/local/php/lib/php.ini #备份
[root@wang1 lib]# vim php.ini
--1170行--修改
mysqli.default_socket = /usr/local/mysql/mysql.sock
--939行--取消注释,修改
date.timezone = Asia/Shanghai
[root@wang1 lib]# php -m #检查已安装模块
[root@wang1 etc]# vim php-fpm.conf
--17行--去掉";"注释
pid = run/php-fpm.pid
[root@wang1 php-fpm.d]# cp www.conf.default www.conf #备份
[root@wang1 php-fpm.d]# ls
www.conf www.conf.default
(4)启动php-fpm:
[root@wang1 php-fpm.d]# /usr/local/php/sbin/php-fpm -c /usr/local/php/lib/php.ini
[root@wang1 php-fpm.d]# netstat -anpt | grep 9000
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 72739/php-fpm: mast
[root@wang1 php-fpm.d]# cd /opt/php-7.1.10/sapi/fpm
[root@wang1 fpm]# cp php-fpm.service /usr/lib/systemd/system/php-fpm.service
[root@wang1 fpm]# systemctl restart php-fpm.service
(5)配置 Nginx 支持 PHP 解析:
[root@wang1 fpm]# vim /usr/local/nginx/conf/nginx.conf
--65行--取消注释,修改
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name; #将 /scripts 修改为nginx的工作目录
#fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; #$document_root 代表当前请求在root指令中指定的值
include fastcgi_params;
}
[root@wang1 fpm]# systemctl restart nginx.service #重启
(6)验证PHP 测试页:
[root@wang1 html]# vim index.php
<?php
phpinfo();
?>
~
- 连接成功:
- 遇到的问题:PHP服务起不来
- 解决方案:关闭防火墙,更换网络后,防火墙需再次关闭
(7)验证数据库工作是否正常:
[root@wang1 html]# mysql -u root -p
CREATE DATABASE bbs;
GRANT all ON bbs.* TO 'bbsuser'@'%' IDENTIFIED BY 'admin123';
GRANT all ON bbs.* TO 'bbsuser'@'localhost' IDENTIFIED BY 'admin123';
flush privileges;
- 验证成功:
4.部署 Discuz!社区论坛 Web 应用:
(1)安装环境:
[root@wang1 opt]# unzip Discuz_X3.4_SC_UTF8.zip -d /opt/dis #解压源码包
[root@wang1 opt]# cd /opt/dis/dir_SC_UTF8/
[root@wang1 dir_SC_UTF8]# cp -r upload/ /usr/local/nginx/html/bbs/
(2)调整权限:
[root@wang1 bbs]# chmod -R 777 ./config/ #赋权
[root@wang1 bbs]# chmod -R 777 ./data/
[root@wang1 bbs]# chmod -R 777 ./uc_client/
[root@wang1 bbs]# chmod -R 777 ./uc_server/
(3)页面访问:
三、总结:
1.在Nginx基础实验过程中,遇到的问题包括:
(1)配置文件语法错误:这可能导致 Nginx 无法启动或虚拟主机配置无效。可以使用 nginx -t 命令检查配置文件语法,并使用 systemctl reload nginx 命令重新加载配置文件。
(2)开启 HTTPS 访问时证书配置和安装错误:这可能导致 HTTPS 访问失败或警告。可以先查看日志文件,并在 Nginx 配置文件中配置和启用 HTTPS 访问。
2.在搭建LNMP平台实验过程中,遇到的问题包括:
(1)安装软件包时出现依赖问题:这可能导致软件包无法安装或启动。可以使用 yum 或其他软件包管理器来解决这些问题,并确保安装了所有必需的依赖项。
(2)系统配置错误:这可能导致性能低下或安全漏洞。可以使用适当的配置和调优来优化性能,并采取安全措施来防止攻击和数据泄露。可以使用防火墙、反向代理、SSL、安全策略和其他技术来增强系统安全性。
(3) 服务如果不能正常开启,检查防火墙是否关闭,查看日志语法是否正确。
(4) 总之,在使用 Nginx 构建 Web 系统或平台时,我们需要仔细规划和调整系统配置,以满足应用程序的需要,并在出现问题时通过合适的手段进行解决。对于初学者,建议从简单的配置和实验开始,并逐渐掌握更高阶的技术和工具,以提高技能和经验。
1152
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
