目录
一、关于Nginx
- 一款高性能、轻量级Web服务软件
- 稳定性高
- 系统资源消耗低
- 对HTTP并发连接的处理能力高
- 单台物理服务器可支持30000~50000个并发请求
二、Nginx的优化服务
2.1编译安装
[root@server1 ~]# yum -y install pcre-devel zlib-devel gcc gcc-c++ make
[root@server1 ~]# tar zxf nginx-1.12.2.tar.gz
[root@server1 ~]# cd nginx-1.12.2/
[root@server1 nginx-1.12.2]# ./configure \
> --prefix=/usr/local/nginx \
> --user=nginx \
> --group=nginx \
> --with-http_stub_status_module #统计状态模块
[root@server1 nginx-1.12.2]# make && make install
[root@server1 ~]# useradd -M -s /sbin/nologin nginx #创建一个不可登录的程序用户
[root@server1 ~]# ln -s /usr/local/nginx/conf/nginx.conf /etc/nginx
[root@server1 ~]# ln -s /usr/local/nginx/sbin/nginx /usr/bin #优化执行路径
[root@server1 ~]# nginx #启动服务
[root@server1 ~]# netstat -anpt | grep ngin
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3580/nginx: master
[root@server1 ~]# killall -s QUIT nginx #选项-s QUIT等于-3 停止服务
[root@server1 ~]# vi /etc/init.d/nginx
#!/bin/bash
# chkconfig: - 99 20
# description: Nginx Service Control Script
PROG="/usr/local/nginx/sbin/nginx"
PIDF="/usr/local/nginx/logs/nginx.pid"
case "$1" in
start)
$PROG
;;
stop)
kill -s QUIT $(cat $PIDF)
;;
restart)
$0 stop
$0 start
;;
reload)
kill -s HUP $(cat $PIDF)
;;
*)
echo "Usage:$0 {start|stop|restart|reload}"
exit 1
esac
exit 0
[root@server1 ~]# chmod +x /etc/init.d/nginx
[root@server1 ~]# chkconfig --add nginx
2.2 Nginx主配置文件剖析
- 全局配置
#user nobody; ##指定用户,默认是匿名用户
worker_processes 1; ##工作进程,实现高并发可以增加值
#error_log logs/error.log; ##错误日志文件
#pid logs/nginx.pid; ##pid文件
- I/O事件配置
events { ##一个进程包含多个线程
use epoll; #能显著提高程序在大量并发连接中只有少量活跃的情况下的系统CPU利用率
worker_connections 1024; ##连接数是4096,基于上面的进程数
}
- http配置
http{}:协议层面;server{}:服务层面;location{}:网页站点目录层面
http {
access_log logs/access.log main;
sendfile on; ##发送邮件
keepalive timeout 65; ##连接超时时间
server {
listen 80;
server_name localhost; ##域名
charset utf-8; ##字符集
location / {
root html; ##网页站点目录名称
index index.html index.php; } ##主页的相对路径
error_page 500 502 503 504 /50x.html; ##提示错误页面(500是服务器出错)
location = /50x.html {
root html; }
}
}
2.3 Nginx访问状态的统计
配置文件修改
[root@server1 ~]# vi /usr/local/nginx/conf/nginx.conf
user nginx nginx #修改并删掉"#"号
error_log logs/error.log info #删掉"#"号
events {
use epoll; #新增此行,默认使用select/poll
worker_connections 1024; #表示一个工作进程允许1024个连接
}
location ~ /status {
stub_status on; ##统计模块开启
access_log off; ##访问日志关闭
} #在配置统计功能
[root@server1 ~]# nginx -t #检查语法
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server1 ~]# nginx -V #检查开启的模块
nginx version: nginx/1.12.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC)
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module
[root@server1 ~]# systemctl restart nginx
客户机输入10.0.0.10/status验证
2.3 Nginx身份验证访问
创建能够访问web网站的用户
[root@server1 ~]# yum -y install httpd-tools
[root@server1 ~]# which htpasswd
/usr/bin/htpasswd #htpasswd命令需要先安装httpd-tools
[root@server1 ~]# htpasswd -c /usr/local/nginx/passwd.db tom
New password:
Re-type new password:
Adding password for user tom
[root@server1 ~]# ll /usr/local/nginx/ | grep passwd.db
-rw-r--r--. 1 root root 42 Nov 16 11:22 passwd.db
[root@server1 ~]# chown nginx.nginx /usr/local/nginx/passwd.db
[root@server1 ~]# chmod 400 /usr/local/nginx/passwd.db
[root@server1 ~]# vi /etc/nginx
location / {
auth_basic "secret";
auth_basic_user_file /usr/local/nginx/passwd.db;
root html;
index index.html index.htm;
}
[root@server1 ~]# systemctl restart nginx
输入10.0.0.10验证
输入账户tom,密码123456
- 拒绝访问
deny lP/IP段:拒绝某个IP或IP段的客户端访问
allow lP/IP段:允许某个IP或IP段的客户端访问
规则从上往下执行,如匹配则停止,不再往下匹配
[root@server1 ~]# vi /etc/nginx
location / {
auth_basic "secret";
auth_basic_user_file /usr/local/nginx/passwd.db;
deny all;
root html;
index index.html index.htm;
}
[root@server1 ~]# systemctl restart nginx
验证
三、配置Nginx虚拟主机
3.1基于域名
修改配置文件
[root@server1 ~]# vi /etc/nginx
server {
listen 80;
server_name www.test01.com; #localhost修改成www.test01.com
charset utf-8;
#access_log logs/host.access.log main;
location / {
root html/test01/;
index index.html index.htm;
}
}
server {
listen 80;
server_name www.test02.com; #localhost修改成www.test02.com
charset utf-8;
#access_log logs/host.access.log main;
location / {
root html/test02/;
index index.html index.htm;
}
}
[root@server1 ~]# systemctl restart nginx
在Windows 10的hosts里添加
10.0.0.10 www.test01.com www.test02.com
验证
3.2 基于IP
修改配置文件
[root@server1 ~]# vi /etc/nginx
server {
listen 10.0.0.10:80;
server_name www.test01.com;
charset utf-8;
#access_log logs/host.access.log main;
location / {
root /var/www/test01/;
index index.html index.htm;
}
}
server {
listen 10.0.0.15:80; #修改成另一个IP地址
server_name www.test02.com;
charset utf-8;
#access_log logs/host.access.log main;
location / {
root /var/www/test02/;
index index.html index.htm;
}
}
[root@server1 ~]# systemctl restart nginx
[root@server1 ~]# netstat -anpt | grep nginx
tcp 0 0 10.0.0.15:80 0.0.0.0:* LISTEN 2844/nginx: master
tcp 0 0 10.0.0.10:80 0.0.0.0:* LISTEN 2844/nginx: master
3.3 基于端口
修改配置文件
[root@server1 ~]# vi /etc/nginx
server {
listen 10.0.0.10:80;
server_name www.test01.com;
charset utf-8;
#access_log logs/host.access.log main;
location / {
root html/test01/;
index index.html index.htm;
}
}
server {
listen 10.0.0.10:8008; #开放8008端口
server_name www.test02.com;
charset utf-8;
#access_log logs/host.access.log main;
location / {
root html/test02/;
index index.html index.htm;
}
}
[root@server1 ~]# systemctl restart nginx
[root@server1 ~]# netstat -anpt | grep nginx
tcp 0 0 10.0.0.10:8080 0.0.0.0:* LISTEN 2925/nginx: master
tcp 0 0 10.0.0.10:80 0.0.0.0:* LISTEN 2925/nginx: master