nginx从入门到实战(二)
-
动静分离
server { listen 80; server_name localhost; #charset koi8-r; access_log /var/log/nginx/log/host.access.log main; root /opt/app/code; location ~ \.jsp$ { #动态请求转发给tomcat proxy_pass http://127.0.0.1:8080; index index.html index.htm; } location ~ \.(jpg|png|gif)$ { expires 1h; gzip on; } }
-
rewrite规则
location ~ ^/break { #break,匹配到后会在root目录中找/test/路径,然后直接终止。 #如果root目录没有/test/路径会返回404 rewrite ^/break /test/ break; } location ~ ^/last { #先在root目录中找/test/路径,没找到还会以/test/重新匹配一次rewrite规则。 #所以会返回200和json数据 rewrite ^/last /test/ last; } location /test/ { default_type application/json; return 200 '{"status":"success"}'; }
-
安全下载链接
location / { secure_link $arg_md5,$arg_expires; secure_link_md5 "$secure_link_expires$uri key"; if ($secure_link = "") { return 403; } if ($secure_link = "0") { return 410; } }
#!/bin/sh servername="abc.com" download_file="/download/file.img" time_num=$(date -d "2020-10-18 00:00:00" +%s) secret_num="key" res=$(echo -n "${time_num}${download_file} ${secret_num}"|openssl md5 -binary | openssl base64 | tr +/ -_ | tr -d =) echo "http://${servername}${download_file}?md5=${res}&expires=${time_num}"
-
geoip
yum install nginx-module-geoip #在nginx.conf的开头加载: load_module "modules/ngx_http_geoip_module.so"; load_module "modules/ngx_stream_geoip_module.so"; --------download----------------------- wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz gunzip *.gz
geoip_country /etc/nginx/geoip/GeoIP.dat; geoip_city /etc/nginx/geoip/GeoLiteCity.dat; server { listen 80; server_name localhost; location / { if ($geoip_country_code != CN) { return 403; } root /usr/share/nginx/html; index index.html index.htm; } location /myip { default_type text/plain; return 200 "$remote_addr $geoip_country_name $geoip_country_code $geoip_city"; } }
-
https
#生成密钥 openssl genrsa -idea -out jesonc.key 1024 openssl req -new -key jesonc.key -out jesonc.csr openssl x509 -req -days 3650 -in jesonc.csr -signkey jesonc.key -out jesonc.crt
server { listen 443; server_name jeson.t.imooc.io; ssl on; ssl_certificate /etc/nginx/ssl_key/jesonc.crt; ssl_certificate_key /etc/nginx/ssl_key/jesonc.key; #ssl_certificate_key /etc/nginx/ssl_key/jesonc_nopass.key; index index.html index.htm; location / { root /opt/app/code; } }
#查看证书详情 openssl x509 -noout -text -in ./jesonc.crt #生成符合苹果要求的证书 openssl req -days 3650 -x509 -sha256 -nodes -newkey rsa:2048 -keyout jesonc.key -out jesonc_apple.crt #生成nopass key openssl rsa -in ./jesoncold.key -out ./jesonc_nopass.key
server { listen 443; server_name 116.62.103.228 jeson.t.imooc.io; keepalive_timeout 100; ssl on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; #ssl_certificate /etc/nginx/ssl_key/jesonc.crt; ssl_certificate /etc/nginx/ssl_key/jesonc_apple.crt; ssl_certificate_key /etc/nginx/ssl_key/jesonc.key; #ssl_certificate_key /etc/nginx/ssl_key/jesonc_nopass.key; index index.html index.htm; location / { root /opt/app/code; } }
-
Lua
yum install lua 官方网站:https://github.com/openresty/lua-nginx-module wget http://luajit.org/download/LuaJIT-2.0.5.tar.gz tar -zxvf LuaJIT-2.0.5.tar.gz cd LuaJIT-2.0.5/ make install PREFIX=/usr/local/LuaJIT export LUAJIT_LIB=/usr/local/LuaJIT/lib export LUAJIT_INC=/usr/local/LuaJIT/include/luajit-2.0 wget https://github.com/simplresty/ngx_devel_kit/archive/v0.3.0.tar.gz wget https://github.com/openresty/lua-nginx-module/archive/v0.10.11.tar.gz tar zxvf *.tar.gz wget http://nginx.org/download/nginx-1.16.0.tar.gz tar -zxvf cd nginx-1.16.0/ #查看原来的编译参数,把它复制好!!! nginx -V ./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie' --add-module=/opt/download/ngx_devel_kit-0.3.0 --add-module=/opt/download/lua-nginx-module-0.10.11 make -j 4 && make install #加载lua库 echo "/usr/local/LuaJIT/lib" >> /etc/ld.so.conf ldconfig
Lua实战场景:灰度发布
#准备两台tomcat,一个用8080端口,一个用9090端口,8080做正式服务器,9090做测试服务器 vim /etc/profile #在文件最后新增两个环境变量,并source生效 ###tomcat2########### export CATALINA_HOME2=/opt/app/tomcat8080 export CATALINA_BASE2=/opt/app/tomcat8080 ###tomcat 3############ export CATALINA_HOME3=/opt/app/tomcat9090 export CATALINA_BASE3=/opt/app/tomcat9090 ###修改为9090端口 vim conf/server.xml ####修改catalina.sh,把CATALINA_HOME和CATALINA_BASE全部替换为CATALINA_HOME2和BASE2 vim catalina.sh :1,$s/CATALINA_HOME/CATALINA_HOME2/g :1,$s/CATALINA_BASE/CATALINA_BASE2/g
#install memcached yum install memcached memcached -p11211 -u nobody -d wget https://github.com/agentzh/lua-resty-memcached/archive/v0.11.tar.gz tar -zxvf v0.11.tar.gz cp -r lua-resty-memcached-0.11/lib/resty /usr/local/share/lua/5.1/ #连接并set telnet 127.0.0.1 11211 >set 192.168.32.1 0 0 1 >1
server { listen 80; server_name localhost; #charset koi8-r; access_log /var/log/nginx/log/host.access.log main; location /hello { default_type 'text/plain'; content_by_lua 'ngx.say("hello, lua")'; } location /myip { default_type 'text/plain'; content_by_lua ' clientIP = ngx.req.get_headers()["x_forwarded_for"] ngx.say("IP:",clientIP) '; } location / { default_type "text/html"; content_by_lua_file /opt/app/lua/dep.lua; #add_after_body "$http_x_forwarded_for"; } location @server{ proxy_pass http://127.0.0.1:9090; } location @server_test{ proxy_pass http://127.0.0.1:8080; } error_page 500 502 503 504 404 /50x.html; location = /50x.html { root /usr/share/nginx/html; } }
#######dep.lua################# clientIP = ngx.req.get_headers()["X-Real-IP"] if clientIP == nil then clientIP = ngx.req.get_headers()["x_forwarded_for"] end if clientIP == nil then clientIP = ngx.var.remote_addr end local memcached = require "resty.memcached" local memc, err = memcached:new() if not memc then ngx.say("failed to instantiate memc: ", err) return end local ok, err = memc:connect("127.0.0.1", 11211) if not ok then ngx.say("failed to connect: ", err) return end local res, flags, err = memc:get(clientIP) if err then ngx.say("failed to get clientIP ", err) return end if res == "1" then ngx.exec("@server_test") return end ngx.exec("@server")
经过实测,当在192.168.32.1机器上访问时,看到的是@server_test也就是8080tomcat的页面。在其它ip地址上则看到的是@server,9090tomcat的页面,说明灰度发布成功。