ngxin常用

最新推荐文章于 2024-07-26 09:30:14 发布

懒猫慵阳

最新推荐文章于 2024-07-26 09:30:14 发布

阅读量981

点赞数 1

分类专栏： ngxin

本文链接：https://blog.csdn.net/millions_02/article/details/90263440

版权

ngxin 专栏收录该内容

1 篇文章 0 订阅

订阅专栏

nginx

安装

wget -c https://nginx.org/download/nginx-1.11.6.tar.gz
tar -zxvf nginx-1.11.6.tar.gz
cd nginx-1.11.6
// 安装依赖
yum install gcc-c++
yum install -y pcre pcre-devel
yum install -y zlib zlib-devel
yum install -y openssl openssl-devel
//配置
./configure
//安装
make install
//检测是否成功
whereis nginx

基本操作

./nginx 开启 
./nginx -s stop 先查出nginx进程id再使用kill命令强制杀掉进程
./nginx -s quit 待nginx进程处理任务完毕进行停止
./nginx -s reload 重启
ps aux|grep nginx 查看进程

配置开机自启

vi /etc/rc.local
添加 /usr/local/nginx/sbin/nginx
chmod 755 /etc/rc.local

配置静态目录

1.配置alias目录方式 虚拟方式，暴露出来的并不是服务器上的真实路径
location / {
 alias  /var/www/static/;
 index  index.html index.htm;
}
2.配置root目录方式，暴露出来的是服务器上的真实路径
location / {
root /var/www/static/;
index index.html index.htm;
}
 如果是
location /abc {
 root /var/www/static/;
index index.html index.htm;
}
服务器上必须有对应的/var/www/static/abc

健康检查

check interval=10000 rise=2 fall=5 timeout=1000 type=http;
check\_http\_send "HEAD / HTTP/1.0";
check\_http\_expect\_alive http\_2xx http\_3xx http\_4xx http_5xx;

centos查看 ngxin.config 位置

nginx -t

 ps -ef | grep nginx

配置示例

upstream moiot_b {
     server 10.221.39.144:8011 weight=1;
	  check interval=10000 rise=2 fall=5 timeout=1000 type=http;
     check_http_send "HEAD / HTTP/1.0\r\n\r\n";
     check_http_expect_alive http_2xx http_3xx http_4xx http_5xx;
}
upstream moiot_a {
     server 10.221.39.79:8011 weight=1;
	 check interval=10000 rise=2 fall=5 timeout=1000 type=http;
     check_http_send "HEAD / HTTP/1.0\r\n\r\n";
     check_http_expect_alive http_2xx http_3xx http_4xx http_5xx;
}


server {
    listen       80;
    server_name  moiot.jd.com;
	 access_log         /xxxx main;
    error_log                /xxx warn;
    proxy_intercept_errors off;
    ignore_invalid_headers off;
    client_max_body_size 512M;
    proxy_send_timeout 600s;
    proxy_read_timeout 600s;
    gzip                    on;
    gzip_http_version       1.1;
    gzip_buffers            256 64k;
    gzip_comp_level         5;
    gzip_min_length         1000;
    gzip_types              application/x-javascript text/javascript text/css;
    location /pass/{
		        rewrite  ^/pass/(.*)$ /$1 break;
        proxy_buffering    off;
        proxy_pass  http://moiot_b;
        proxy_set_header  Host             $host:$server_port;
        proxy_set_header  X-Real-IP        $remote_addr;
        proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
    }
    location /pass_a/{
        rewrite  ^/pass_pre/(.*)$ /$1 break;
        proxy_buffering    off;
        proxy_pass  http://moiot_a;
        proxy_set_header  Host             $host:$server_port;
        proxy_set_header  X-Real-IP        $remote_addr;
        proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;

    }

}

白名单

简单方法

location ^~ /test/ {
allow 10.xx.xxx.172;
deny all;

直接用$http_x_forwarded_for

location 内
如果不匹配121.42.0.19 和192.168.0.0/24 则返回403
if $http_x_forwarded_for !~ (121.42.0.19|192.168.0")) {
        return 403;
        break;
}

重新赋值真实ip方法，因为如果没有额外的代理服务器，真实ip是$remote_addr，http_x_forwarded_for 为空，所以此方法兼容用代理和不用代理

写在location 外
map $http_x_forwarded_for  $clientRealIp {
        ""      $remote_addr;
        ~^(?P<firstAddr>[0-9\.]+),?.*$  $firstAddr;
}
location 内
如果不匹配121.42.0.19 和192.168.0.0/24 则返回403
if ($clientRealIp !~ (121.42.0.19|192.168.0")) {
        return 403;
        break;
}