功能介绍目录
博客内容 衔接 55-Ubuntu-NGINX 编译安装
root与alias:
root:
- root:指定web的家⽬录,在定义location的时候,⽂件的绝对路径等于 root+location
[root@U8 ~]# vim /apps/nginx/conf/conf.d/pc.conf
server {
listen 80;
server_name dushansao.com;
location / {
root /data/nginx/html/pc;
}
location /about {
root /data/nginx/html/pc;
# alias /data/nginx/html/pc;
index index.html;
}
}
[root@U8 ~]# mkdir /data/nginx/html/pc/about
[root@U8 ~]# echo ‘about’ > /data/nginx/html/pc/about/index.html
[root@U8 ~]# nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
[root@U8 ~]# /apps/nginx/sbin/nginx -s reload
alias:
- alias:定义路径别名,可把访问的路径重新定义到其指定的路径
[root@U8 ~]# vim /apps/nginx/conf/conf.d/pc.conf
server {
listen 80;
server_name dushansao.com;
location / {
root /data/nginx/html/pc;
}
location /about { #使用alias的时候uri后若加了斜杠则之后的路径配置必须加斜杠,否则报错403
# root /data/nginx/html/pc; #在html目录中创建一个about目录才可访问,否则报错
alias /data/nginx/html/pc; #当访问about的时候,会显示alias定义的路径里的内容
index index.html;
}
}
[root@U8 ~]# /apps/nginx/sbin/nginx -s reload
location的使⽤:
在没有使⽤正则表达式的时候,nginx会先在server中的多个location选取匹配度最⾼的⼀个uri,uri是⽤⼾请求的 字符串,即域名后⾯的web⽂件路径,然后使⽤该location模块中的正则url和字符串,如果匹配成功就结束搜索, 并使⽤此location处理此请求
语法规则: location [=|~|~*|^~] /uri/ { … }
= #⽤于标准uri前,需要请求字串与uri精确匹配,如果匹配成功就停⽌向下匹配并⽴即处理请求。
~ #⽤于标准uri前,表⽰包含正则表达式并且区分⼤⼩写,并且匹配
!~ #⽤于标准uri前,表⽰包含正则表达式并且区分⼤⼩写,并且不匹配
~* #⽤于标准uri前,表⽰包含正则表达式并且不区分⼤写,并且匹配
!~* #⽤于标准uri前,表⽰包含正则表达式并且不区分⼤⼩写,并且不匹配
^~ #⽤于标准uri前,表⽰包含正则表达式并且匹配以什么开头
$ #⽤于标准uri前,表⽰包含正则表达式并且匹配以什么结尾
\ #⽤于标准uri前,表⽰包含正则表达式并且转义字符。可以转. * ?等
* #⽤于标准uri前,表⽰包含正则表达式并且代表任意⻓度的任意字符
[root@U8 ~]# vim /apps/nginx/conf/conf.d/pc.conf
server {
listen 80;
server_name dushansao.com;
location / {
root /data/nginx/html/pc;
}
location = /1.jpg {
root /var/www/nginx/images;
index index.html;
}
}
[root@U8 ~]# mkdir -pv /var/www/nginx/images
#上传一张图片至此目录并重命名为1.jpg
[root@U8 ~]# ls /var/www/nginx/images/
1.jpg
[root@U8 ~]# /apps/nginx/sbin/nginx -s reload
⼤⼩写区分
只能访问以大写字符开头的A*.jpg图⽚,不能识别小写字符的a*.JPG结尾的图⽚
[root@U8 ~]# vim /apps/nginx/conf/conf.d/pc.conf
server {
listen 80;
server_name dushansao.com;
location / {
root /data/nginx/html/pc;
}
location ~ /A.?\.jpg {
root /var/www/nginx/images;
index index.html;
}
}
[root@U8 ~]# ls /var/www/nginx/images/
aA.jpg aA.JPG Aa.jpg Aa.JPG
[root@U8 ~]# /apps/nginx/sbin/nginx -s reload
⼤⼩写不区分 :
对⽤⼾请求的uri做模糊匹配,也就是uri中⽆论都是⼤写、都是⼩写或者⼤⼩写混合,此模式也都会匹配,通常使 ⽤此模式匹配⽤⼾request中的静态资源并继续做下⼀步操作
[root@U8 ~]# vim /apps/nginx/conf/conf.d/pc.conf
server {
listen 80;
server_name dushansao.com;
location / {
root /data/nginx/html/pc;
}
location ~* /A.?\.jpg {
root /var/www/nginx/images;
index index.html;
}
}
[root@U8 ~]# /apps/nginx/sbin/nginx -s reload
精确匹配指定名称:
[root@U8 ~]# vim /apps/nginx/conf/conf.d/pc.conf
server {
listen 80;
server_name dushansao.com;
location / {
root /data/nginx/html/pc;
}
location ~* /aa.jpg {
root /var/www/nginx/images;
index index.html;
}
}
对于不区分⼤⼩写的location,则可以访问任意⼤⼩写结尾的图⽚⽂件,如区分⼤⼩写则只能访问aa.jpg,不区分⼤ ⼩写则可以访问aa.jpg以外的资源⽐如Aa.JPG、aA.jPG这样的混合名称⽂件,但是要求nginx服务器的资源⽬录有 相应的⽂件,⽐如有Aa.JPG有aA.jPG
⽂件名后缀匹配 :
[root@U8 ~]# vim /apps/nginx/conf/conf.d/pc.conf
server {
listen 80;
server_name dushansao.com;
location / {
root /data/nginx/html/pc;
}
location ~* \.(gif|jpg|jpeg|bmp|png|tiff|tif|ico|wmf|js)$ {
root /data/nginx/images;
index index.html;
}
}
[root@U8 ~]# /data/nginx/images
#上传一张图片至该目录并重命名为1.j
[root@U8 ~]# ls /data/nginx/images/
1.j
[root@U8 ~]# /apps/nginx/sbin/nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
[root@U8 ~]# /apps/nginx/sbin/nginx -s reload
[root@U8 ~]# mv /data/nginx/images/1.j /data/nginx/images/1.jpg
匹配URL :
[root@U8 ~]# vim /apps/nginx/conf/conf.d/pc.conf
server {
listen 80;
server_name dushansao.com;
location / {
root /data/nginx/html/pc;
}
location ^~ /images {
root /data/nginx;
index index.html;
}
location /images1 {
alias /data/nginx/html/pc;
index index.html;
}
}
[root@U8 ~]# echo ‘images’ > /data/nginx/images/index.html
[root@U8 ~]# /apps/nginx/sbin/nginx -s reload
[root@U8 ~]# curl http://dushansao.com/images/
images
[root@U8 ~]# curl http://dushansao.com/images1/
dushansao PC web
匹配优先级
[root@U8 ~]# vim /apps/nginx/conf/conf.d/pc.conf
server {
listen 80;
server_name dushansao.com;
location / {
root /data/nginx/html/pc;
}
location ~* /1.jpg {
index index.html;
root /data/nginx/images;
}
location = /1.jpg {
index index.html;
root /var/www/nginx/images;
}
}
[root@U8 ~]# ls /data/nginx/images
1.jpg index.html
[root@U8 ~]# ls /var/www/nginx/images
1.jpg index.html
[root@U8 ~]# /apps/nginx/sbin/nginx -s reload
[root@U8 ~]# vim /apps/nginx/conf/conf.d/pc.conf
server {
listen 80;
server_name dushansao.com;
location / {
root /data/nginx/html/pc;
}
# location ~* /1.jpg {
# index index.html;
# root /data/nginx/images;
# }
location = /1.jpg {
index index.html;
root /var/www/nginx/images;
}
}
[root@U8 ~]# /apps/nginx/sbin/nginx -s reload
匹配优先级:=, ^~, 〜/〜*,/
location优先级:(location =) > (location 完整路径) > (location ^~ 路径) > (location ,* 正 则顺序) > (location 部分起始路径) > (/)
Nginx 四层访问控制:
访问控制基于模块ngx_http_access_module实现,可以通过匹配客⼾端源IP地址进⾏限制
[root@U8 ~]# vim /apps/nginx/conf/conf.d/pc.conf
server {
listen 80;
server_name dushansao.com;
location / {
root /data/nginx/html/pc;
}
location /about {
alias /data/nginx/html/pc;
index index.html;
deny 192.168.124.31; #限制
allow 192.168.124.32; #允许
}
}
[root@U8 ~]# /apps/nginx/sbin/nginx -s reload
#启动两台新虚拟机
# U8-1 :192.168.124.31/24
# U8-2 :192.168.124.32/24
[root@U8-1 ~]# cat /etc/hosts
192.168.124.30 dushansao.com
[root@U8-1 ~]# curl http://dushansao.com/about/
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.16.1</center>
</body>
</html>
[root@U8-2 ~]# cat /etc/hosts
192.168.124.30 dushansao.com
[root@U8-2 ~]# curl http://dushansao.com/about/
dushansao PC web
Nginx账⼾认证功能:
[root@U8 ~]# htpasswd -cbm /apps/nginx/conf/.htpasswd user1 123456
[root@U8 ~]# htpasswd -bm /apps/nginx/conf/.htpasswd user2 123456
[root@U8 ~]# cat /apps/nginx/conf/.htpasswd
user1:$apr1$k7kVzJgV$YeUeRC7jOapTrPfD63qO1.
user2:$apr1$MI14fnbq$DGEMXHRbtZAh8d7ZVZqTN/
[root@U8 ~]# vim /apps/nginx/conf/conf.d/pc.conf
server {
listen 80;
server_name dushansao.com;
location / {
root /data/nginx/html/pc;
}
location /login/ {
alias /data/nginx/html/pc;
index index.html;
auth_basic "login password";
auth_basic_user_file /apps/nginx/conf/.htpasswd;
}
}
[root@U8 ~]# /apps/nginx/sbin/nginx -s reload
⾃定义错误⻚⾯:
[root@U8 ~]# vim /apps/nginx/conf/conf.d/pc.conf
server {
listen 80;
server_name dushansao.com;
error_page 500 502 503 504 404 /error.html;
location = /error.html {
root html;
}
}
[root@U8 ~]# /apps/nginx/sbin/nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
#这里操作时出现报错了
[root@U8 ~]# /apps/nginx/sbin/nginx -s reload
nginx: [error] invalid PID number “” in “/apps/nginx/logs/nginx.pid”
[root@U8 ~]# ls /apps/nginx/logs
access.log error.log nginx.pid
解决方案
[root@U8 ~]# nginx -h
nginx version: nginx/1.16.1
Usage: nginx [-?hvVtTq] [-s signal] [-c filename] [-p prefix] [-g directives]
Options:
-?,-h : this help
-v : show version and exit
-V : show version and configure options then exit
-t : test configuration and exit
-T : test configuration, dump it and exit
-q : suppress non-error messages during configuration testing
-s signal : send signal to a master process: stop, quit, reopen, reload
-p prefix : set prefix path (default: /apps/nginx/)
-c filename : set configuration file (default: conf/nginx.conf)
-g directives : set global directives out of configuration file
[root@U8 ~]# /apps/nginx/sbin/nginx -c /apps/nginx/conf/nginx.conf
[root@U8 ~]# /apps/nginx/sbin/nginx -s reload
[root@U8 ~]# ls /apps/nginx/html/
50x.html index.html
[root@U8 ~]# > /apps/nginx/html/error.html
[root@U8 ~]# ls /apps/nginx/html/
50x.html error.html index.html
#访问不存在的⻚⾯进⾏测试
自定义访问日志:
[root@U8 ~]# vim /apps/nginx/conf/conf.d/pc.conf
server {
listen 80;
server_name dushansao.com;
error_page 500 502 503 504 404 /error.html;
access_log /data/nginx/logs/dss_access.log;
error_log /data/nginx/logs/dss_error.log;
location = /error.html {
root html;
}
}
[root@U8 ~]# mkdir /data/nginx/logs
[root@U8 ~]# /apps/nginx/sbin/nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
[root@U8 ~]# /apps/nginx/sbin/nginx -s reload
[root@U8 ~]# ls /data/nginx/logs/
#访问不存在的页面
[root@U8 ~]# ls /data/nginx/logs/*
/data/nginx/logs/dss_access.log /data/nginx/logs/dss_error.log
检测文件是否存在:
try_files会按顺序检查文件是否存在,返回第一个找到的文件或文件夹(结尾加斜线表示为文件夹),如果所有文件或文件夹都找不到,会进行一个内部重定向到最后一个参数。只有最后一个参数可以引起一个内部重定向,之前的参数只设置内部URI的指向。最后一个参数是回退URI且必须存在,否则会出现内部500错误
[root@U8: ~]# vim /apps/nginx/conf/conf.d/pc.conf
server {
listen 80;
server_name dushansao.com;
location /about {
root /data/nginx/html/pc;
index index.html;
try_files $uri $uri/index.html $uri.html =489;
}
}
[root@U8: ~]# ls /data/nginx/html/pc/about/
index.html
[root@U8: ~]# cd /data/nginx/html/pc/about/
[root@U8: /data/nginx/html/pc/about]# echo default > default.html
[root@U8: /data/nginx/html/pc/about]# ls
default.html index.html
[root@U8: /data/nginx/html/pc/about]# /apps/nginx/sbin/nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
[root@U8: /data/nginx/html/pc/about]# /apps/nginx/sbin/nginx -s reload
[root@U8: /data/nginx/html/pc/about]# curl --head http://dushansao.com/about/xx.html
HTTP/1.1 489 #489为自定义的状态返回码
Server: nginx/1.16.1
Date: Tue, 07 Jan 2020 09:05:40 GMT
Content-Length: 0
Connection: keep-alive
[root@U8: /data/nginx/html/pc/about]# curl --head http://dushansao.com/about/index.html
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Tue, 07 Jan 2020 09:05:52 GMT
Content-Type: text/html
Content-Length: 6
Last-Modified: Tue, 31 Dec 2019 03:39:50 GMT
Connection: keep-alive
ETag: "5e0ac306-6"
Accept-Ranges: bytes
[root@U8: /data/nginx/html/pc/about]# curl --head http://dushansao.com/about/default.html
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Tue, 07 Jan 2020 09:06:04 GMT
Content-Type: text/html
Content-Length: 8
Last-Modified: Tue, 07 Jan 2020 09:04:09 GMT
Connection: keep-alive
ETag: "5e144989-8"
Accept-Ranges: bytes
当访问到http://dushansao.com/about/*.html等不存在的uri会显示default,如果是自定义的状态码则会显示在返回数据的状态码中
长连接配置:
keepalive_timeout number;
#设定保持连接超时时长,0表示禁止长连接,默认为75s,通常配置在http字段作为站点全局配置
keepalive_requests number;
#在一次长连接上所允许请求的资源的最大数量,默认为100次
keepalive_requests 3;
keepalive_timeout 65;
开启长连接后,返回客户端的会话保持时间为60s,单次长连接累计请求达到指定次数请求或65秒就会被断开,后面的60为发送给客户端应答报文头部中显示的超时时间设置为60s:如不设置客户端将不显示超时时间。
Keep-Alive:timeout=60
#浏览器收到的服务器返回的报文
如果设置为0表示关闭会话保持功能,将如下显示:
Connection:close #浏览器收到的服务器返回的报文
使用命令测试:
[root@s3 apps]# telnet dushansao.com 80
Trying 192.168.124.30...
Connected to dushansao.com.
Escape character is '^]'.
GET / HTTP/1.1
HOST: dushansao.com
#Response Headers(响应头信息):
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 14 Mar 2019 17:23:46 GMT
Content-Type: text/html
Content-Length: 7
Last-Modified: Thu, 14 Mar 2019 14:54:50 GMT
Connection: keep-alive
Keep-Alive: timeout=60
ETag: "5c8a6b3a-7"
Accept-Ranges: bytes
#页面内容
pc web
作为下载服务器配置:
[root@U8: ~]# vim /apps/nginx/conf/conf.d/pc.conf
server {
listen 80;
server_name dushansao.com;
location /download {
autoindex on; #自动索引功能
autoindex_exact_size on; #计算文件确切大小
autoindex_localtime on; #显示本机时间而非GMT时间
root /data/nginx/html/pc;
}
}
[root@U8: ~]# mkdir /data/nginx/html/pc/download
[root@U8: ~]# mount /dev/sr0 /data/nginx/html/pc/download/
mount: /data/nginx/html/pc/download: WARNING: device write-protected, mounted read-only.
[root@U8: ~]# /apps/nginx/sbin/nginx -s reload
limit_rate rate; #限制响应给客户端的传输速率,单位是bytes/second,默认值0表示无限制
限速与不限速的对比:
limit_rate 1k;l
不限速
[root@U8: ~]# cd /data/scripts/
[root@U8: /data/scripts]# wget http://dushansao.com/download/md5sum.txt
--2020-01-07 21:13:51-- http://dushansao.com/download/md5sum.txt
Resolving dushansao.com (dushansao.com)... 192.168.124.30
Connecting to dushansao.com (dushansao.com)|192.168.124.30|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 183442 (179K) [application/octet-stream]
Saving to: ‘md5sum.txt’
md5sum.txt 100%[===================>] 179.14K --.-KB/s in 0.002s
2020-01-07 21:13:51 (98.5 MB/s) - ‘md5sum.txt’ saved [183442/183442]
[root@U8: /data/scripts]# ls -lh
total 180K
-rw-r–r-- 1 root root 180K Aug 6 02:43 md5sum.txt
限速
[root@U8: /data/scripts]# \rm md5sum.txt
[root@U8: /data/scripts]# vim /apps/nginx/conf/conf.d/pc.conf
server {
listen 80;
server_name dushansao.com;
location /download {
autoindex on;
autoindex_exact_size on;
autoindex_localtime on;
limit_rate 1k; #添加此行
root /data/nginx/html/pc;
}
}
[root@U8: /data/scripts]# /apps/nginx/sbin/nginx -s reload
[root@U8: /data/scripts]# wget http://dushansao.com/download/md5sum.txt
--2020-01-07 21:21:48-- http://dushansao.com/download/md5sum.txt
Resolving dushansao.com (dushansao.com)... 192.168.124.30
Connecting to dushansao.com (dushansao.com)|192.168.124.30|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 183442 (179K) [application/octet-stream]
Saving to: ‘md5sum.txt’
md5sum.txt 13%[=> ] 24.00K 1.08KB/s eta 2m 17s