配置Nginx
系统添加 Nginx 服务
1、以 systemd 形式添加
1)创建 nginx.service 文件
[root@localhost ~]# vim /lib/systemd/system/nginx.service
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
ExecStart=/usr/sbin/nginx
ExecReload=/usr/sbin/nginx -s reload
ExecStop=/usr/sbin/nginx -s quit
PrivateTmp=true
[Install]
WantedBy=multi-user.target
2)以 systemctl 方式启动 Nginx
[root@localhost ~]# pkill nginx
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl start nginx
3)查看 Nginx 服务状态
[root@localhost ~]# systemctl status nginx
● nginx.service - nginx
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor
preset: disabled)
Active: active (running) since Mon 2019-04-29 23:19:39 EDT; 18min ago
Process: 348 ExecStart=/usr/local/nginx/sbin/nginx (code=exited,
status=0/SUCCESS)
Main PID: 349 (nginx)
Tasks: 2
Memory: 976.0K
CGroup: /system.slice/nginx.service
├─349 nginx: master process /usr/local/nginx/sbin/nginx
└─350 nginx: worker process
Apr 29 23:19:39 localhost.localdomain systemd[1]: Starting nginx...
Apr 29 23:19:39 localhost.localdomain systemd[1]: Started nginx.
4)验证 Nginx 服务是否成功启动
[root@localhost ~]# netstat -ntlp | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
349/nginx: master p
5)配置 Nginx 服务自动启动
[root@localhost ~]# systemctl enable nginx
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service
to /usr/lib/systemd/system/nginx.service.
2、以启动脚本的形式添加 Nginx 服务
1)创建 Nginx 启动脚本
[root@localhost ~]# vim /etc/rc.d/init.d/nginx
#!/bin/bash
#
# nginx - this script starts and stops the nginx daemin
#
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /etc/nginx/nginx.conf
# pidfile: /usr/local/nginx/run/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network-scripts
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/usr/sbin/nginx"
prog=$(basename $nginx)
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
lockfile=/usr/local/nginx/lock/nginx
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|tryrestart|reload|force-reload|configtest}"
exit 2
esac
2)Nginx 启动脚本添加执行权限
[root@localhost ~]# chmod +x /etc/rc.d/init.d/nginx
3)Nginx 设置开机启动
[root@localhost ~]# chkconfig --add nginx
[root@localhost ~]# chkconfig nginx on
4)Nginx 服务管理命令
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl restart nginx
[root@localhost ~]# systemctl status nginx.service
[root@localhost ~]# systemctl stop nginx.service
[root@localhost ~]# service nginx start
[root@localhost ~]# service nginx stop
[root@localhost ~]# service nginx reload
5)查看有关参数
[root@localhost ~]# nginx -V
nginx version: nginx/1.16.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --user=nginx --group=nginx --prefix=/usr/local/nginx --conf-path=/etc/nginx/nginx.conf --sbin-path=/usr/sbin/nginx --error-logpath=/var/log/nginx/nginx_error.log --http-logpath=/var/log/nginx/nginx_access.log --pid-path=/usr/local/nginx/run/nginx.pid --lock-path=/usr/local/nginx/lock/nginx --with-http_image_filter_module --withhttp_ssl_module --with-http_realip_module --with-http_addition_module --withhttp_sub_module --with-http_dav_module --with-http_flv_module --withhttp_gzip_static_module --with-http_stub_status_module --with-http_perl_module --with-mail --with-mail_ssl_module --with-pcre --http-client-body-temppath=/var/tmp/nginx/client/ --http-proxy-temp-path=/var/tmp/nginx/proxy --httpfastcgi-temp-path=/var/tmp/nginx/fcgi --http-uwsgi-temppath=/var/tmp/nginx/uwsgi --http-scgi-temp-path=/var/tmp/nginx/scgi
6)验证 Nginx 服务是否成功启动
[root@localhost ~]# netstat -ntlp | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
349/nginx: master p
Nginx 配置文件解读
user nginx; # 运行用户
worker_processes 1; # 启动进程,通常设置成和cpu的数量相等
error_log /var/log/nginx/error.log; # 全局错误日志
pid /usr/local/nginx/run/nginx.pid; # pid文件
log_format access '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" $http_x_forwarded_for';
# 日志格式,以下具体介绍变量
$remote_addr 与$http_x_forwarded_for # 用以记录客户端的 ip 地址;
$remote_user # 用来记录客户端用户名称;
$time_local # 用来记录访问时间与时区;
$request # 用来记录请求的 url 与 http 协议;
$status # 用来记录请求状态;成功是 200;
$body_bytes_s ent # 记录发送给客户端文件主体内容大小;
$http_referer # 用来记录从那个页面链接访问过来的;
# 工作模式及连接数上限
events {
use epoll; # epoll 是多路复用 IO(I/O Multiplexing)中的一种方式,但是仅用于 linux2.6以上内核,可以大大提高 nginx 的性能
worker_connections 1024; # 单个后台 worker process 进程的最大并发链接数
# multi_accept on;
}
# 设定 http 服务器,利用它的反向代理功能提供负载均衡支持
http {
# 设定 mime 类型,类型由 mime.type 文件定义
include /etc/nginx/mime.types;
default_type application/octet-stream;
# 设定日志格式
access_log /usr/local/nginx/logs/access.log;
# sendfile 指令指定 nginx 是否调用 sendfile 函数(zero copy 方式)来输出文件,对于普通应用,
# 必须设为 on,如果用来进行下载等应用磁盘 IO 重负载应用,可设置为 off,以平衡磁盘与网络I/O 处理速度,降低系统的 uptime.
sendfile on;
#tcp_nopush on;
# 连接超时时间
#keepalive_timeout 0;
keepalive_timeout 65;
tcp_nodelay on;
# 开启 gzip 压缩
gzip on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
# 设定请求缓冲
client_header_buffer_size 1k;
large_client_header_buffers 4 4k;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
# 设定负载均衡的服务器列表
upstream mysvr {
# weigth 参数表示权值,权值越高被分配到的几率越大
server 192.168.8.1:3128 weight=5;
server 192.168.8.2:80 weight=1;
server 192.168.8.3:80 weight=6;
}
server {
# 侦听 80 端口
listen 80;
# 定义使用 nginx.xx.com 访问
server_name nginx.xxx.com;
# 设定本虚拟主机的访问日志
access_log /var/log/nginx/nginx.xxx.com_access.log access;
# 默认请求
location / {
root /var/nginx/html/; #定义服务器的默认网站根目录位置
index index.php index.html index.htm; #定义首页索引文件的名称
}
# 定义错误提示页面
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /root;
}
# 静态文件,nginx 自己处理
location ~ ^/(images|javascript|js|css|flash|media|static)/ {
root /var/nginx/virtual/htdocs;
#过期 30 天,静态文件不怎么更新,过期可以设大一点,如果频繁更新,则可以设置得小一点。
expires 30d;
}
# PHP 脚本请求全部转发到 FastCGI 处理. 使用 FastCGI 默认配置.
location ~ \.php$ {
root /root;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME/home/nginx/nginx$fastcgi_script_name;
include fastcgi_params;
}
# 设定查看 Nginx 状态的地址
location /NginxStatus {
stub_status on;
access_log on;
auth_basic "NginxStatus";
auth_basic_user_file conf/htpasswd;
}
# 禁止访问 .htxxx 文件
location ~ /\.ht {
allow host;
deny all;
}
}
}
Nginx 基本配置使用
1、Nginx 基于域名的虚拟主机
server {
listen 80;
server_name nginx.qf.edu qf.edu;
access_log /var/log/nginx/Daniel/Daniel_access.log main;
error_log /var/log/nginx/Daniel/Daniel_error.log crit;
location / {
root html/nginx;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
- 多域名就多个server段
- 基于端口的只需要将listen修改端口即可,server_name也要修改成IP
- 别名:server_name 中有两个域名,这个就是别名
2、Nginx 状态信息配置
server{
listen 80;
server_name status.qf.edu;
location / {
stub_status on;
access_log off;
}
}
浏览器访问 status.qf.edu
- Active connections: 3 :正在处理的活动连接数
- server accepts handled requests :server表示nginx启动到现在共处理了几个连接, accepts表示nginx启动到现在共成功创建了几次连接,请求丢失数据=(握手数-连接数), 可以看出,本次状态显示没有丢失请求,handled requests表示总共处理了几次请求 9 9 192
- Reading: 0 Writing: 1 Waiting: 2
Reading:nginx 读取客户端的Header信息数
Writing:nginx 返回给客户端的Header信息数
Waiting:nginx 已经处理完正在等候下一次请求指令的驻留连接,开启keep-alive的情况下,这个值等于active-(reading + writing)
3、Nginx 访问控制权限
server {
listen 80;
server_name nginx.etiantian.org etiantian.org;
access_log /var/log/nginx/etiantian/etiantian_access.log main;
error_log /var/log/nginx/etiantian/etiantian_error.log crit;
location / {
root html/nginx;
index index.html index.htm;
deny 172.16.50.173; # 拒绝172.16.50.173
allow all; # 允许全部,意思就是允许除了172.16.50.173的其他全部IP访问
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
server{
listen 80;
server_name status.qf.edu;
location / {
stub_status on;
access_log off;
allow 172.16.50.173; # 只允许172.16.50.173,其他全部拒绝,也可以用网段表示:172.16.50.0/24
deny all;
}
}
Nginx 编译添加新的模块
- 已经安装好的nginx,需要添加一个未被编译安装的模块,以安装第三方ngx_http_google_filter_module 模块为例
1、下载第三方扩展模块
[root@localhost ~]# git clone https://github.com/cuber/ngx_http_google_filter_module # 先安装git
2、查看 nginx 编译安装已安装模块
[root@localhost ~]# nginx -V
nginx version: nginx/1.16.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --user=nginx --group=nginx --prefix=/usr/local/nginx --
conf-path=/etc/nginx/nginx.conf --sbin-path=/usr/sbin/nginx --error-logpath=/var/log/nginx/nginx_error.log --http-logpath=/var/log/nginx/nginx_access.log --pid-path=/usr/local/nginx/run/nginx.pid --lock-path=/usr/local/nginx/lock/nginx --with-http_image_filter_module --withhttp_ssl_module --with-http_realip_module --with-http_addition_module --withhttp_sub_module --with-http_dav_module --with-http_flv_module --withhttp_gzip_static_module --with-http_stub_status_module --with-http_perl_module --with-mail --with-mail_ssl_module --with-pcre --http-client-body-temppath=/var/tmp/nginx/client/ --http-proxy-temp-path=/var/tmp/nginx/proxy --httpfastcgi-temp-path=/var/tmp/nginx/fcgi --http-uwsgi-temppath=/var/tmp/nginx/uwsgi --http-scgi-temp-path=/var/tmp/nginx/scgi
3、添加模块重新编译配置
- 加入需要安装的模块,重新编译,如这里添加 –addmodule=/data/software/ngx_http_google_filter_module
[root@localhost nginx-1.16.0]# ./configure \
--user=nginx \
--group=nginx \
--prefix=/usr/local/nginx \
--conf-path=/etc/nginx/nginx.conf \
--sbin-path=/usr/sbin/nginx \
--error-log-path=/var/log/nginx/nginx_error.log \
--http-log-path=/var/log/nginx/nginx_access.log \
--pid-path=/usr/local/nginx/run/nginx.pid \
--lock-path=/usr/local/nginx/lock/nginx \
--with-http_image_filter_module \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--with-http_perl_module \
--with-mail \
--with-mail_ssl_module \
--with-pcre \
--http-client-body-temp-path=/var/tmp/nginx/client/ \
--http-proxy-temp-path=/var/tmp/nginx/proxy \
--http-fastcgi-temp-path=/var/tmp/nginx/fcgi \
--http-uwsgi-temp-path=/var/tmp/nginx/uwsgi \
--http-scgi-temp-path=/var/tmp/nginx/scgi \
–-add-module=/data/software/ngx_http_google_filter_
4、重新编译 Nginx
- 只需要 make ,不需要 make install
[root@localhost nginx-1.16.0]# make
5、替换 Nginx 二进制文件
1)备份原来的 Nginx 二进制文件
[root@localhost nginx-1.16.0]# cp /usr/sbin/nginx /usr/sbin/nginx.bak
2)移动编译好的新的 Nginx
[root@localhost nginx-1.16.0]# cp ./nginx /usr/sbin/
6、重载 Nginx 服务
[root@localhost ~]# systemctl reload nginx
7、验证 Nginx 服务是否启动成功
[root@localhost ~]# netstat -ntlp | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
349/nginx: master
8、测试 Nginx 新模块是否安装成功
[root@localhost ~]# nginx -V