目录
3.5.1 ngx_http_rewrite_module 模块指令:
1、Nginx的源码安装
官方源码包下载地址:
解压二进制源码包:
[root@localhost ~]# tar zxf nginx-1.24.0.tar.gz
安装并解决依赖问题:
[root@localhost ~]# yum install gcc pcre-devel zlib-devel openssl-devel -y
生成文件:
[root@localhost ~]# ./configure --prefix=/usr/local/nginx \
--user=nginx \ # 指定nginx运行用户
--group=nginx \ # 指定nginx运行组
--with-http_ssl_module \ # 支持https://
--with-http_v2_module \ # 支持http版本2
--with-http_realip_module \ # 支持ip透传
--with-http_stub_status_module \ # 支持状态页面
--with-http_gzip_static_module \ # 支持压缩
--with-pcre \ # 支持正则
--with-stream \ # 支持tcp反向代理
--with-stream_ssl_module \ # 支持tcp的ssl加密
--with-stream_realip_module # 支持tcp的透传ip
还原此文件,会自动删除Makefile文件 和 objs目录
[root@localhost nginx-1.24.0]# make clean
cpu是双核心
[root@localhost nginx-1.24.0]# make -j2
cpu是四核心
[root@localhost nginx-1.24.0]# make -j4
[root@localhost nginx-1.24.0]# cd /usr/local/nginx/
[root@localhost nginx]# ls
conf html logs sbin
[root@localhost nginx]# cd sbin/
[root@localhost sbin]# ls
nginx
[root@localhost sbin]# /usr/local/nginx/sbin/nginx 启动nginx
[root@localhost sbin]#
文件的作用:
conf:保存nginx所有的配置文件,其中nginx.conf是nginx服务器的最核心最主要的配置文件,其他的.conf则是用来配置nginx相关的功能的,例如fastcgi功能使用的是fastcgi.conf和fastcgi_params两个文件,配置文件一般都有一个样板配置文件,是以.default为后缀,使用时可将其复制并将default后缀去掉即可。
Html:目录中保存了nginx服务器的web文件,但是可以更改为其他目录保存web文件,另外还有一个50x的web文件是默认的错误页面提示页面。
logs:用来保存nginx服务器的访问日志错误日志等日志,logs目录可以放在其他路径,比
如/var/logs/nginx里面。
sbin:保存nginx二进制启动脚本,可以接受不同的参数以实现不同的功能。
[root@localhost sbin]# ps aux | grep nginx 查看进程
root 39300 0.0 0.0 9864 928 ? Ss 19:19 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 39301 0.0 0.1 13760 4752 ? S 19:19 0:00 nginx: worker process
root 39315 0.0 0.0 221680 2320 pts/0 S+ 19:22 0:00 grep --color=auto nginx
[root@localhost sbin]# netstat -antlupe | grep nginx 检测端口
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 0 66510 39300/nginx: master
查看nginx大小:
[root@localhost sbin]# du -sh nginx
5.5M nginx
nginx文件太大占用内存
关闭nginx
[root@localhost ~]# /usr/local/nginx/sbin/nginx -s stop
删除nginx:
[root@localhost nginx-1.24.0]# rm -rf /usr/local/nginx/
[root@localhost nginx-1.24.0]# make clean
rm -rf Makefile objs
在编译前先关闭debug功能 :
[root@localhost nginx-1.24.0]# vim auto/cc/gcc
# debug
#CFLAGS="$CFLAGS -g" #将这条注释
重新编译:
[root@localhost nginx-1.24.0]# ./configure --prefix=/usr/local/nginx
--user=nginx
--group=nginx
--with-http_ssl_module
--with-http_v2_module
--with-http_realip_module
--with-http_stub_status_module
--with-http_gzip_static_module
--with-pcre
--with-stream
--with-stream_ssl_module
--with-stream_realip_module
[root@localhost nginx-1.24.0]# make && make install
把nginx软件的命令执行路径添加到环境变量中:
[root@localhost nginx-1.24.0]# vim ~/.bash_profile
export PATH=$PATH:/usr/local/nginx/sbin
[root@localhost nginx-1.24.0]# source ~/.bash_profile
[root@localhost nginx-1.24.0]# du -sh /usr/local/nginx/sbin/nginx
1.2M /usr/local/nginx/sbin/nginx
[root@localhost ~]# nginx 重启nginx
2、平滑升级和版本回滚
旧版本不停机运行新的版本,将旧版本的worker回收并让它转化为新的版本
将nginx旧版本升级到最新版本
2.1平滑升级:
[root@localhost ~]# tar zxf echo-nginx-module-0.63.tar.gz
[root@localhost ~]# tar zxf nginx-1.26.1.tar.gz
[root@localhost nginx-1.26.1]# ./configure --prefix=/usr/local/nginx
--user=nginx
--group=nginx
--add-module=/root/echo-nginx-module-0.63 添加额外的模块
--with-http_ssl_module
--with-http_v2_module
--with-http_realip_module
--with-http_stub_status_module
--with-http_gzip_static_module
--with-pcre
--with-stream
--with-stream_ssl_module
--with-stream_realip_module
[root@localhost nginx-1.26.1]# make
把之前的旧版本的nginx命令备份
并把新版本的nginx命令复制过去
[root@localhost sbin]# cp nginx nginx.old #把旧版本做备份
[root@localhost sbin]# ls
nginx nginx.old
[root@localhost sbin]# cp /root/nginx-1.26.1/objs/
addon/ Makefile nginx.8 ngx_auto_headers.h ngx_modules.o
autoconf.err nginx ngx_auto_config.h ngx_modules.c src/
[root@localhost sbin]# \cp -f /root/nginx-1.26.1/objs/nginx /usr/local/nginx/sbin/nginx
\cp -f 把nginx的新版本强制覆盖到旧版本原来的位置
[root@localhost sbin]# ps -aux | grep nginx
root 46158 0.0 0.0 9864 932 ? Ss 21:33 0:00 nginx: master process ./nginx
nginx 46159 0.0 0.1 13760 4760 ? S 21:33 0:00 nginx: worker process
root 46204 0.0 0.0 221680 2348 pts/0 S+ 21:36 0:00 grep --color=auto nginx
[root@localhost sbin]# kill -USR2 46158 #启动新的nginx版本但不监听端口
[root@localhost sbin]# ps -aux | grep nginx
root 46158 0.0 0.0 9864 2524 ? Ss 21:33 0:00 nginx: master process ./nginx
nginx 46159 0.0 0.1 13760 4760 ? S 21:33 0:00 nginx: worker process
root 46206 0.0 0.1 9772 5892 ? S 21:38 0:00 nginx: master process ./nginx
nginx 46207 0.0 0.1 13800 4812 ? S 21:38 0:00 nginx: worker process
root 46209 0.0 0.0 221680 2364 pts/0 S+ 21:38 0:00 grep --color=auto nginx
[root@localhost sbin]# ps -aux | grep nginx
root 46158 0.0 0.0 9864 2524 ? Ss 21:33 0:00 nginx: master process ./nginx
nginx 46159 0.0 0.1 13760 4760 ? S 21:33 0:00 nginx: worker process
root 46206 0.0 0.1 9772 5892 ? S 21:38 0:00 nginx: master process ./nginx
nginx 46207 0.0 0.1 13800 4812 ? S 21:38 0:00 nginx: worker process
root 46209 0.0 0.0 221680 2364 pts/0 S+ 21:38 0:00 grep --color=auto nginx
[root@localhost sbin]# kill -WINCH 46158 #回收旧的版本的worker进程
[root@localhost sbin]# ps -aux | grep nginx
root 46158 0.0 0.0 9864 2524 ? Ss 21:33 0:00 nginx: master process ./nginx
root 46206 0.0 0.1 9772 5892 ? S 21:38 0:00 nginx: master process ./nginx
nginx 46207 0.0 0.1 13800 4812 ? S 21:38 0:00 nginx: worker process
root 46325 0.0 0.0 221680 2364 pts/0 S+ 21:43 0:00 grep --color=auto nginx
[root@localhost sbin]#
查看:
[root@localhost ~]# curl -I 192.168.182.100
HTTP/1.1 200 OK
Server: nginx/1.26.1
Date: Thu, 15 Aug 2024 13:44:21 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Thu, 15 Aug 2024 13:30:04 GMT
Connection: keep-alive
ETag: "66be02dc-267"
Accept-Ranges: bytes
2.2 回滚到旧的版本:
[root@localhost sbin]# kill -HUP 46158
[root@localhost sbin]# ps -aux | grep nginx
root 46158 0.0 0.0 9864 2524 ? Ss 21:33 0:00 nginx: master process ./nginx
root 46206 0.0 0.1 9772 5892 ? S 21:38 0:00 nginx: master process ./nginx
nginx 46207 0.0 0.1 13800 4812 ? S 21:38 0:00 nginx: worker process
nginx 46453 0.0 0.1 13760 4760 ? S 21:49 0:00 nginx: worker process
root 46455 0.0 0.0 221680 2344 pts/0 S+ 21:49 0:00 grep --color=auto nginx
[root@localhost sbin]# kill -WINCH 46206 #回收新的版本:(注意后面的ID进程号是主进程的)
[root@localhost sbin]# ps -aux | grep nginx
root 46158 0.0 0.0 9864 2524 ? Ss 21:33 0:00 nginx: master process ./nginx
root 46206 0.0 0.1 9772 6384 ? S 21:38 0:00 nginx: master process ./nginx
nginx 46453 0.0 0.1 13760 4760 ? S 21:49 0:00 nginx: worker process
root 46461 0.0 0.0 221680 2360 pts/0 S+ 21:52 0:00 grep --color=auto nginx
[root@localhost sbin]#
查看:
[root@localhost ~]# curl -I 192.168.182.100
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Thu, 15 Aug 2024 13:53:58 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Thu, 15 Aug 2024 13:30:04 GMT
Connection: keep-alive
ETag: "66be02dc-267"
Accept-Ranges: bytes
[root@localhost sbin]# ls
nginx nginx.old
[root@localhost sbin]# cp nginx nginx.new #将新的版本nginx做备份
[root@localhost sbin]# ls
nginx nginx.new nginx.old
[root@localhost sbin]# \cp -f nginx.old nginx #将旧的版本nginx还原回去强制覆盖nginx
[root@localhost sbin]# ls
nginx nginx.new nginx.old
[root@localhost sbin]# ps -aux | grep nginx
root 46158 0.0 0.0 9864 2524 ? Ss 21:33 0:00 nginx: master process ./nginx
root 46206 0.0 0.1 9772 6384 ? S 21:38 0:00 nginx: master process ./nginx
nginx 46453 0.0 0.1 13760 4760 ? S 21:49 0:00 nginx: worker process
root 46482 0.0 0.0 221680 2360 pts/0 S+ 21:56 0:00 grep --color=auto nginx
[root@localhost sbin]# kill -9 46206 #杀死新的版本的nginx
[root@localhost sbin]# ps -aux | grep nginx
root 46158 0.0 0.0 9864 2524 ? Ss 21:33 0:00 nginx: master process ./nginx
nginx 46453 0.0 0.1 13760 4760 ? S 21:49 0:00 nginx: worker process
root 46484 0.0 0.0 221680 2360 pts/0 S+ 21:56 0:00 grep --color=auto nginx
[root@localhost sbin]#
3、定义子配置文件路径
[root@Nginx ~]# mkdir /usr/local/nginx/conf.d/
[root@centos8 ~]# vim /usr/local/nginx/conf/nginx.conf
http {
......
include /apps/nginx/conf/conf.d/*.conf; #在配置文件的最后面添加此行 #注意不要放在最前面,会导致前面的命令无法生效
}
3.1 root和alisa的区别
Root:指定web的家目录,在定义location的时候,文件的绝对路径等于 root+location
Alias:定义路径别名,会把访问的路径重新定义到其指定的路径,文档映射的另一种机制; 仅能用于location上下文,此指令使用较少
root #给定的路径对应于location中的/uri左侧的/
alias #给定的路径对应于location中的/uri的完整路径
示例:
[root@localhost conf.d]# vim root_alias.conf
server {
listen 80;
server_name www.lhd.com;
root /data/web/html;
index index.html;
location /html {
root /data/web;
}
}
测试:
[root@localhost conf.d]# echo www.lhd.com > /data/web/html/index.html
[root@localhost conf.d]# curl www.lhd.com/html/
[root@localhost conf.d]# vim root_alias.conf
server {
listen 80;
server_name www.lhd.com;
root /data/web/html;
index index.html;
location /html {
root /data/web;
}
location /test {
alias /data/web/html;
}
}
测试:
[root@localhost conf.d]# curl www.lhd.com/test/
3.2 匹配符号:
=: #用于标准uri前,需要请求字串与uri精确匹配,大小敏感,如果匹配成功就停止向下匹配并立即处理请求
^~: #用于标准uri前,表示包含正则表达式,并且匹配以指定的正则表达式开头 #对uri的最左边部分做匹配检查,不区分字符大小写
~: #用于标准uri前,表示包含正则表达式,并且区分大小写
~*: #用于标准uri前,表示包含正则表达式,并且不区分大写
不带符号: #匹配起始于此uri的所有的uri
对目录匹配:优先级大小:~和~*优先级相等,其次是不带符号,再次是^~,最次是=,= 不支持目录是对文件做匹配的
对文件匹配:= > (~ = ~*) >不带符号 > ^~
示例:
[root@localhost conf.d]# vim location.conf
server {
listen 80;
server_name www.lhd.com;
root /data/web/html;
index index.html;
location /test { 优先级二级
root /data/web1;
}
location = /index.html { 优先级四级
root /data/web2/test;
}
location ~* /test { 先匹配优先级最高
root /data/web4;
}
location ~ /test { 优先级最高
root /data/web3;
}
location ^~ /test { 优先级三级
root /data/web5;
}
}
[root@localhost conf.d]# echo web1 test page > /data/web1/test/index.html
[root@localhost conf.d]# echo web2 test page > /data/web2/test/index.html
[root@localhost conf.d]# echo web3 test page > /data/web3/test/index.html
[root@localhost conf.d]# echo web4 test page > /data/web4/test/index.html
[root@localhost conf.d]# echo web5 test page > /data/web5/test/index.html
测试:
[root@localhost conf.d]# curl www.lhd.com/test/
web4 test page
[root@localhost conf.d]# curl www.lhd.com/test/
web1 test page
3.2.1 Nginx 账户认证功能:
[root@localhost conf.d]# vim err_usr.conf
server {
listen 80;
server_name www.lhd.com;
root /data/web/html;
index index.html;
location /lhd {
root /data/web;
auth_basic "login password !!";
auth_basic_user_file "/usr/local/nginx/.htpasswd";
}
}
[root@localhost conf.d]# nginx -s reload
[root@localhost conf.d]# mkdir -p /data/web/lhd
[root@localhost conf.d]# echo user test page > /data/web/lhd/index.html
[root@localhost conf.d]# htpasswd -cm /usr/local/nginx/.htpasswd admin
[root@localhost conf.d]# htpasswd -m /usr/local/nginx/.htpasswd lhd
[root@localhost conf.d]# cat /usr/local/nginx/.htpasswd
admin:$apr1$5B96zBuh$A1VNGumRtbdJxC6b8wuHi.
lhd:$apr1$8HB3aW0Z$39w1Lw8UPRSgiagTMNr1r/
测试:
[root@localhost conf.d]# curl www.lhd.com/lhd/ -u admin:123
user test page
3.2.2 自定义错误页面:
[root@localhost conf.d]# vim err_usr.conf
server {
listen 80;
server_name www.lhd.com;
root /data/web/html;
index index.html;
error_page 404 /40x.html
location = /40x.html {
root /data/web/errorpage;
}
}
[root@localhost conf.d]# nginx -s reload
[root@localhost conf.d]# mkdir -p /data/web/errorpage
[root@localhost conf.d]# echo error page > /data/web/errorpage/40x.html
测试:
[root@localhost conf.d]# curl www.lhd.com/efq
error page
3.2.3 自定义错误日志:
[root@localhost conf.d]# vim err_usr.conf
server {
listen 80;
server_name www.lhd.com;
root /data/web/html;
index index.html;
error_page 404 /40x.html;
error_log /var/log/lhd.com/error.log;
access_log /var/log/lhd.com/access.log;
location = /40x.html {
root /data/web/errorpage;
}
location /lhd {
root /data/web;
auth_basic "login password !!";
auth_basic_user_file "/usr/local/nginx/.htpasswd";
}
}
[root@localhost conf.d]# mkdir -p /var/log/lhd.com
[root@localhost conf.d]# nginx -s reload
测试:
[root@localhost conf.d]# ll /var/log/lhd.com/
总用量 0
-rw-r--r-- 1 root root 0 8月 16 14:50 access.log
-rw-r--r-- 1 root root 0 8月 16 14:50 error.log
[root@localhost conf.d]# curl www.lhd.com
[root@localhost conf.d]# cat /var/log/lhd.com/access.log
192.168.182.100 - - [16/Aug/2024:14:51:46 +0800] "GET / HTTP/1.1" 200 12 "-" "curl/7.76.1"
[root@localhost conf.d]# curl www.lhd.com/ll
error page
[root@localhost conf.d]# cat /var/log/lhd.com/error.log
2024/08/16 14:52:06 [error] 3873#3873: *14 open() "/data/web/html/ll" failed (2: No such file or directory), client: 192.168.182.100, server: www.lhd.com, request: "GET /ll HTTP/1.1", host: "www.lhd.com"
3.2.4 检测文件是否存在:
[root@localhost conf.d]# vim err_usr.conf
server {
listen 80;
server_name www.lhd.com;
root /data/web/html;
index index.html;
error_page 404 /40x.html;
error_log /var/log/lhd.com/error.log;
access_log /var/log/lhd.com/access.log;
try_files $uri $uri.html $uri/index.html /error/default.html
location = /40x.html {
root /data/web/errorpage;
}
location /lhd {
root /data/web;
auth_basic "login password !!";
auth_basic_user_file "/usr/local/nginx/.htpasswd";
}
}
测试:
[root@localhost conf.d]# mkdir /data/web/html/error
[root@localhost conf.d]# echo error default > /data/web/html/error/default.html
[root@localhost conf.d]# curl www.lhd.com/lsdq
error page
[root@localhost conf.d]# curl www.lhd.com/error/default.html
error default
3.2.5 长连接配置:
[root@localhost conf]# vim /usr/local/nginx/conf/nginx.conf
keepalive_timeout 65 60; 客户连接的最长时长为65秒,但显示为60秒
keepalive_requests 3; 客户最多连接3次就自动断开连接
[root@localhost conf.d]# telnet www.lhd.com 80
Trying 192.168.182.100...
Connected to www.lhd.com.
Escape character is '^]'.
GET / HTTP/1.1
HOST: www.lhd.com
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 16 Aug 2024 06:43:34 GMT
Content-Type: text/html
Content-Length: 12
Last-Modified: Fri, 16 Aug 2024 06:39:31 GMT
Connection: keep-alive
Keep-Alive: timeout=60
ETag: "66bef423-c"
Accept-Ranges: bytes
GET / HTTP/1.1
HOST: www.lhd.com
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 16 Aug 2024 06:44:02 GMT
Content-Type: text/html
Content-Length: 12
Last-Modified: Fri, 16 Aug 2024 06:39:31 GMT
Connection: keep-alive
Keep-Alive: timeout=60
ETag: "66bef423-c"
Accept-Ranges: bytes
GET / HTTP/1.1
HOST: www.lhd.com
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 16 Aug 2024 06:44:19 GMT
Content-Type: text/html
Content-Length: 12
Last-Modified: Fri, 16 Aug 2024 06:39:31 GMT
Connection: close
ETag: "66bef423-c"
Accept-Ranges: bytes
Connection closed by foreign host.
[root@localhost conf.d]#
3.2.6 作为下载服务器配置:
[root@localhost ~]# mkdir /data/web/download -p
[root@localhost ~]# dd if=/dev/zero of=/data/web/download/leefile bs=1M count=100
记录了100+0 的读入
记录了100+0 的写出
104857600字节(105 MB,100 MiB)已复制,0.0743818 s,1.4 GB/s
[root@localhost ~]# vim /usr/local/nginx/conf.d/err_usr.conf
server {
listen 80;
server_name www.lhd.com;
root /data/web/html;
index index.html;
location /download {
root /data/web;
autoindex on; #自动索引功能
autoindex_localtime on; #显示本机时间而非格林威治时间
autoindex_exact_size off; #计算文件确切大小,单位字节,off只显示大小,单位kb、mb、gb
limit_rate 2048k; #限速2M
}
}
[root@localhost ~]# nginx -s reload
测试:
[root@localhost ~]# wget www.lhd.com/download/leefile
--2024-08-17 00:53:59-- http://www.lhd.com/download/leefile
正在解析主机 www.lhd.com (www.lhd.com)... 192.168.182.100
正在连接 www.lhd.com (www.lhd.com)|192.168.182.100|:80... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:104857600 (100M) [application/octet-stream]
正在保存至: “leefile”
leefile 100%[====================>] 100.00M 2.09MB/s 用时 49s
2024-08-17 00:54:48 (2.03 MB/s) - 已保存 “leefile” [104857600/104857600])
3.3 nginx高级用法:
3.3.1 Nginx 状态页:
[root@localhost conf.d]# vim status.conf
server {
listen 80;
server_name status.lhd.com;
root /data/web/html;
index index.html;
location /status {
stub_status;
allow 192.168.182.1; #允许windows主机访问
deny all; #拒绝所有主机
}
}
[root@localhost conf.d]# nginx -s reload
测试:
[root@localhost conf.d]# curl status.lhd.com/status/
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.24.0</center>
</body>
</html>
3.3.2 Nginx 的数据压缩功能:
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
添加以下几行:
gzip on;
gzip_comp_level 5;
gzip_min_length 4k; #文件小于4k就不进行压缩
gzip_types text/plain application/javascript application/x-javascript text/css
application/xml text/javascript application/x-httpd-php image/gif image/png;
gzip_vary on; #若启用压缩,是否响应报文首部插入"…"
gzip_http_version 1.1; #最小版本
[root@localhost ~]# echo hello > /data/web/html/small.html
[root@localhost ~]# du -sh /usr/local/nginx/logs/access.log
28K /usr/local/nginx/logs/access.log
[root@localhost ~]# du -sh /data/web/html/small.html
4.0K /data/web/html/small.html
[root@localhost ~]# cat /usr/local/nginx/logs/access.log > /data/web/html/big.html
测试:
[root@localhost ~]# curl --head --compressed www.lhd.com/small.html
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Fri, 16 Aug 2024 17:04:34 GMT
Content-Type: text/html
Content-Length: 6
Last-Modified: Fri, 16 Aug 2024 08:22:51 GMT
Connection: keep-alive
Keep-Alive: timeout=60
ETag: "66bf0c5b-6"
Accept-Ranges: bytes
[root@localhost ~]# curl --head --compressed www.lhd.com/big.html
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Fri, 16 Aug 2024 17:04:43 GMT
Content-Type: text/html
Last-Modified: Fri, 16 Aug 2024 08:34:43 GMT
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"66bf0f23-3850"
Content-Encoding: gzip
3.3.3 nginx的版本隐藏
3.4 Nginx 的变量使用:
3.4.1 内置变量:
[root@localhost conf.d]# vim /usr/local/nginx/conf.d/test.conf
server {
listen 80;
server_name var.lhd.com;
root /data/web/html;
index index.html;
location /var {
default_type text/html;
echo $remote_addr; #存放了客户端的地址,注意是客户端的公网IP
echo $args; #变量中存放了URL中的所有参数 #例如:https://search.jd.com/Search?keyword=手机&enc=utf-8 #返回结果为: keyword=手机&enc=utf-8
echo $is_args; #如果有参数为? 否则为空
echo $document_root; #保存了针对当前资源的请求的系统根目录,例如:/webdata/nginx/timinglee.org/lee。
echo $document_uri; #保存了当前请求中不包含参数的URI,注意是不包含请求的指令 #比如:http://lee.timinglee.org/var?\id=11111会被定义为/var #返回结果为:/var
echo $host; #存放了请求的host名称
echo $remote_port; #客户端请求Nginx服务器时随机打开的端口,这是每个客户端自己的端口
echo $remote_user; #已经经过Auth Basic Module验证的用户名
echo $request_method; #请求资源的方式,GET/PUT/DELETE等
echo $request_filename; #当前请求的资源文件的磁盘路径,由root或alias指令与URI请求生成的文件绝对路径, #如:webdata/nginx/timinglee.org/lee/var/index.html
echo $request_uri; #包含请求参数的原始URI,不包含主机名,相当于:$document_uri?$args, #例如:/main/index.do?id=20190221&partner=search
echo $scheme; #请求的协议,例如:http,https,ftp等
echo $server_protocol; #保存了客户端请求资源使用的协议的版本,例如:HTTP/1.0,HTTP/1.1,HTTP/2.0等
echo $server_addr; #保存了服务器的IP地址
echo $server_name; #虚拟主机的主机名
echo $server_port; #虚拟主机的端口号
echo $http_user_agent; #客户端浏览器的详细信息
echo $http_cookie; #客户端的所有cookie信息
echo $cookie_key2; #name为任意请求报文首部字部cookie的key名
}
}
[root@localhost conf.d]# nginx -s reload
[root@localhost conf.d]# curl -b "key1=lhd,key2=lhd2" -u lhd:123 var.lhd.com/var?name=lhd&&id=666
192.168.182.100
name=lhd
?
/data/web/html
/var
var.lhd.com
49028
lhd
GET
/data/web/html/var
/var?name=lhd
http
HTTP/1.1
192.168.182.100
var.lhd.com
80
curl/7.76.1
key1=lhd,key2=lhd2
lhd2
3.4.2 自定义变量:
[root@localhost conf.d]# vim test3.conf
server {
listen 80;
server_name var.lhd.com;
index index.html;
location /var {
default_type text/html;
set $lhd lhd;
echo $lhd;
}
}
[root@localhost conf.d]# curl var.lhd.com/var/
lhd
3.5 Nginx rewrite的相关功能
3.5.1 ngx_http_rewrite_module 模块指令:
使用正则表达式对变量进行匹配,匹配成功时if指令认为条件为true,否则认为false,变量与表达式之间
使用以下符号链接:
= #比较变量和字符串是否相等,相等时if指令认为该条件为true,反之为false
!= #比较变量和字符串是否不相等,不相等时if指令认为条件为true,反之为false
~ #区分大小写字符,可以通过正则表达式匹配,满足匹配条件为真,不满足匹配条件为假
!~ #区分大小写字符,判断是否匹配,不满足匹配条件为真,满足匹配条件为假
~* #不区分大小写字符,可以通过正则表达式匹配,满足匹配条件为真,不满足匹配条件为假
!~* #不区分大小字符,判断是否匹配,满足匹配条件为假,不满足匹配条件为真
-f 和 !-f #判断请求的文件是否存在和是否不存在
-d 和 !-d #判断请求的目录是否存在和是否不存在
-x 和 !-x #判断文件是否可执行和是否不可执行
-e 和 !-e #判断请求的文件或目录是否存在和是否不存在(包括文件,目录,软链接)
#注意:
#如果$变量的值为空字符串或0,则if指令认为该条件为false,其他条件为true。
#nginx 1.0.1之前$变量的值如果以0开头的任意字符串会返回false
3.5.2 if判定
[root@localhost conf.d]# vim test2.conf
server {
listen 80;
server_name var.lhd.com;
root /data/web/html;
location /test2 {
if ( !-e $request_filename ) { #由root指令与uri请求生成的文件路径
echo "$request_filename is not exist!";
}
}
[root@localhost conf.d]# nginx -s reload
测试:
[root@localhost conf.d]# curl var.lhd.com/test2/index.html
/data/web/html/test2/index.html is not exist!
3.5.3 break和set指令
[root@localhost conf.d]# vim test2.conf
server {
listen 80;
server_name var.lhd.com;
root /data/web/html;
location /break {
default_type test/html;
set $name lhd;
echo $name;
if ( $http_user_agent = "curl/7.76.1" ) { #如果客户端浏览器的详细信息是"curl/7.76.1"
break;
}
set $id 0;
echo $id;
}
[root@localhost conf.d]# nginx -s reload
测试:
[root@localhost conf.d]# curl var.lhd.com/break/
lhd
[root@localhost conf.d]# curl -A "firefox" var.lhd.com/break #给user-agent发送一个firefox,则不执行if语句输出id号
lhd
0
3.5.4 return指令
[root@localhost conf.d]# vim test2.conf
server {
listen 80;
server_name var.lhd.com;
root /data/web/html;
location /return {
default_type test/html;
if ( !-e $request_filename ) {
return 301 百度一下,你就知道;
}
echo "$request_filename is exist";
}
[root@localhost conf.d]# nginx -s reload
测试:
[root@localhost conf.d]# curl -I var.lhd.com/return
HTTP/1.1 301 Moved Permanently
Server: nginx/1.26.1
Date: Sun, 18 Aug 2024 12:51:56 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Keep-Alive: timeout=60
Location: 百度一下,你就知道
3.5.5 rewrite指令
案例1:域名永久与临时重定向
[root@localhost conf.d]# vim test2.conf
server {
listen 80;
server_name var.lhd.com;
root /data/web/html;
location / {
root /data/web/var;
index index.html;
rewrite / Lewis, Hooper & Dick, LLC permanent; #永久重定向到www.lhd.com
#rewrite / Lewis, Hooper & Dick, LLC redirect; #临时重定向
}
[root@localhost conf.d]# nginx -s reload
测试:
[root@localhost conf.d]# curl -I var.lhd.com
HTTP/1.1 301 Moved Permanently
Server: nginx/1.26.1
Date: Sun, 18 Aug 2024 12:55:24 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Keep-Alive: timeout=60
Location: Lewis, Hooper & Dick, LLC
案例2:自动跳转https
[root@localhost conf.d]# cd /usr/local/nginx/
[root@localhost conf.d]# mkdir certs
[root@localhost conf.d]# openssl req -newkey rsa:2048 -nodes -sha256 -keyout /usr/local/nginx/certs/lhd.key \
-x509 -days 365 -out /usr/local/nginx/certs/lhd.crt
[root@localhost conf.d]# vim /usr/local/nginx/conf.d/vhost.conf
[root@localhost conf.d]# vim vhost.conf
server {
listen 80;
listen 443 ssl;
server_name www.lhd.com;
root /data/web/html;
index index.html;
ssl_certificate /usr/local/nginx/certs/lhd.crt;
ssl_certificate_key /usr/local/nginx/certs/lhd.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
location / { #针对全站跳转
if ( $scheme = http ) { #$scheme支持的协议
rewrite /(.*) https://$host/$1 redirect; #http协议重定向到https
}
if ( !-e $request_filename ) { #如果uri请求生成的文件不存在,则重定向到主站上
rewrite /(.*) https://$host/index.html redirect;
}
}
}
测试:
[root@localhost conf.d]# curl www.lhd.com/index.html -I
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.26.1
Date: Sun, 18 Aug 2024 13:50:17 GMT
Content-Type: text/html
Content-Length: 145
Connection: keep-alive
Keep-Alive: timeout=60
Location: https://www.lhd.com/index.html
[root@localhost conf.d]# curl -kL www.lhd.com/error
error default
[root@localhost conf.d]# curl -kL www.lhd.com/index.html
3.5.6 break和last区别
[root@localhost conf.d]# mkdir /data/web/html/{test1,test2,break,last} -p
[root@localhost conf.d]# echo test1 > /data/web/html/test1/index.html
[root@localhost conf.d]# echo test2 > /data/web/html/test2/index.html
[root@localhost conf.d]# echo last > /data/web/html/last/index.html
[root@localhost conf.d]# echo break > /data/web/html/break/index.html
[root@localhost conf.d]# vim test2.conf
server {
listen 80;
server_name var.lhd.com;
root /data/web/html;
location /break {
rewrite ^/break/(.*) /test1/$1 break; #当执行到这里就终断,不执行后面的语句
rewrite ^/test1/(.*) /test2/$1;
}
location /last {
rewrite ^/last/(.*) /test1/$1 last; #当执行到这里会继续往下执行,一直到/test1
rewrite ^/test1/(.*) /test2/$1;
}
location /test1 {
default_type text/html;
return 666 "lhd hehehehheeee";
}
location /test2 {
root /data/web/html;
}
}
[root@localhost conf.d]# nginx -s reload
测试:
[root@localhost conf.d]# curl var.lhd.com/break/
test2
[root@localhost conf.d]# curl var.lhd.com/last/
test2
[root@localhost conf.d]# curl var.lhd.com/test1/
lhd hehehehheeee
[root@localhost conf.d]# curl var.lhd.com/test2/
test2
区别测试:
[root@localhost conf.d]# curl var.lhd.com/break/index.html
test1
[root@localhost conf.d]# curl var.lhd.com/last/index.html
lhd hehehehheeee
4、防盗链:
防盗链基于客户端携带的referer实现,referer是记录打开一个页面之前记录是从哪个页面跳转过来的标
记信息,如果别人只链接了自己网站图片或某个单独的资源,而不是打开了网站的整个页面,这就是盗
链,referer就是之前的那个网站域名
none: #请求报文首部没有referer首部,
#比如用户直接在浏览器输入域名访问web网站,就没有referer信息。
blocked: #请求报文有referer首部,但无有效值,比如为空。
server_names: #referer首部中包含本主机名及即nginx 监听的server_name。
arbitrary_string: #自定义指定字符串,但可使用*作通配符。示例: *.timinglee.org
regular expression: #被指定的正则表达式模式匹配到的字符串,要使用~开头,例如:
~.*\.timinglee\.com
上传两张图片并分别放在不同目录下
[root@localhost conf.d]# ll /data/web/html/
总用量 48
-rw-r--r-- 1 root root 14416 8月 16 16:34 big.html
drwxr-xr-x 2 root root 24 8月 18 13:57 break
-rw-r--r-- 1 root root 23521 4月 26 15:13 daolian.png
drwxr-xr-x 2 root root 44 8月 16 15:01 error
drwxr-xr-x 2 root root 21 8月 18 22:30 images
-rw-r--r--. 1 root root 12 8月 16 14:39 index.html
drwxr-xr-x 2 root root 24 8月 18 13:57 last
-rw-r--r-- 1 root root 6 8月 16 16:22 small.html
drwxr-xr-x 2 root root 24 8月 18 13:57 test1
drwxr-xr-x 2 root root 24 8月 18 21:25 test2
[root@localhost conf.d]# ll /data/web/html/images/
总用量 748
-rw-r--r-- 1 root root 763321 4月 13 18:28 lhd.png
[root@localhost conf.d]# mkdir -p /data/web/html/images
[root@localhost conf.d]# vim vhost2.conf
server {
listen 80;
listen 443 ssl;
server_name www.timinglee.org;
root /data/web/html;
index index.html;
ssl_certificate /usr/local/nginx/certs/timinglee.org.crt;
ssl_certificate_key /usr/local/nginx/certs/timinglee.org.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
location /images {
valid_referers none blocked server_names *.lhd.com ~/.baidu/.; 让它访问到其他的站点
if ( $invalid_referer ) {
rewrite ^/ http://www.lhd.com/daolian.png;
}
}
}
[root@localhost conf.d]# nginx -s reload
盗链网页:
[root@localhost ~]# vim /var/www/html/index.html
<html>
<head>
<meta http-equiv=Content-Type content="text/html;charset=utf-8">
<title>盗链</title>
</head>
<body>
<img src="http://www.lhd.com/images/lhd.png" >
<h1 style="color:red">欢迎大家</h1>
<p><a href=http://www.lhd.com>狂点老梁</a>出门见喜</p>
</body>
</html>
[root@localhost ~]# systemctl restart httpd.service
4
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
