nginx 初始编译安装

最新推荐文章于 2022-08-24 01:35:59 发布

xiangzilong

最新推荐文章于 2022-08-24 01:35:59 发布

阅读量222

点赞数

分类专栏： nginx

本文链接：https://blog.csdn.net/qq_36270681/article/details/107871540

版权

nginx 专栏收录该内容

16 篇文章 0 订阅

订阅专栏

nginx 编译安装
yum install -y vim lrzsz tree screen psmisc lsof tcpdump wget \
ntpdate gcc gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel \
systemd-devel net-tools iotop bc zip unzip zlib-devel bash-completion nfs-utils automake libxml2 libxml2-devel libxslt libxslt-devel perl perl-ExtUtils-Embed

cd /usr/local/src/
wget https://nginx.org/download/nginx-1.16.1.tar.gz
tar -xf nginx-1.16.1.tar.gz
cd nginx-1.16.1

./configure --prefix=/apps/nginx \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-pcre \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-file-aio

make && make install

[root@localhost ~]# cat /usr/lib/systemd/system/nginx.service
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/apps/nginx/logs/nginx.pid
# Nginx will fail to start if /run/nginx.pid already exists but has the wrong
# SELinux context. This might happen when running `nginx -t` from the cmdline.
# https://bugzilla.redhat.com/show_bug.cgi?id=1268621
ExecStartPre=/usr/bin/rm -f /apps/nginx/logs/nginx.pid
ExecStartPre=/apps/nginx/sbin/nginx -t
ExecStart=/apps/nginx/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
PrivateTmp=true
[Install]
WantedBy=multi-user.target

useradd nginx -s /sbin/login

sed -i 's@#pid logs/nginx.pid;@pid /apps/nginx/logs/nginx.pid;@' /apps/nginx/conf/nginx.conf

systemctl daemon-reload
systemctl start nginx
systemctl enable nginx

###################################################################################################################
匹配优先级：=, ^~, ～/～*，/
location优先级：(location =) > (location 完整路径) > (location ^~ 路径) >
(location ~,~* 正则顺序) > (location 部分起始路径) > (/)

拒绝访问配置（403）
location /mysql.conf {
deny all;
}

精确匹配 =
location = /ABc.jpg {
root /data/static;
}

匹配大小写 ~
location ~ /A.?\.jpg {
index index.html;
root /opt/nginx/html/image;
}
访问测试：http://www.magedu.net/aA.jpg

不匹配大小写 ~*
location ~* /A.?\.jpg {
index index.html;
root /opt/nginx/html/image;
}
访问测试：http://www.magedu.net/aA.jpg

匹配案例-URI开始
location ^~ /images {
root /data/nginx;
index index.html;
}
location /images1 {
alias /data/nginx/html/pc;
index index.html;
}

匹配案例-文件名后缀
location ~* \.(gif|jpg|jpeg|bmp|png|tiff|tif|ico|wmf|js)$ {
root /data/nginx/images1;
index index.html;
}

Nginx 四层访问控制
location /about {
alias /data/nginx/html/pc;
index index.html;
deny 192.168.1.1;
allow 192.168.1.0/24;
allow 10.1.1.0/16;
allow 2001:0db8::/32;
deny all; #先允许小部分，再拒绝大部分
}

Nginx账户认证功能
yum install httpd-tools -y
htpasswd -cbm /apps/nginx/conf/.htpasswd user1 123456
htpasswd -bm /apps/nginx/conf/.htpasswd user2 123456

[root@s2 ~]# vim /apps/nginx/conf/conf.d/pc.conf
location = /login/ {
root /data/nginx/html/pc;
index index.html;
auth_basic "login password";
auth_basic_user_file /apps/nginx/conf/.htpasswd;
}

检测文件是否存在
location /about {
root /data/nginx/html/pc;
#alias /data/nginx/html/pc;
index index.html;
#try_files $uri /about/default.html;
#try_files $uri $uri/index.html $uri.html /about/default.html;
try_files $uri $uri/index.html $uri.html =489;
}

作为下载服务器配置：
[root@s2 about]# mkdir /data/nginx/html/pc/download
#download不需要index.html
[root@s2 about]# vim /apps/nginx/conf/conf.d/pc.conf
location /download {
autoindex on; #自动索引功能
autoindex_exact_size on; #计算文件确切大小（单位bytes），off只显示大概大小（单位
kb、mb、gb）
autoindex_localtime on; #显示本机时间而非GMT(格林威治)时间
root /data/nginx/html/pc;
}

[root@s2 pc]# cp /root/anaconda-ks.cfg /data/nginx/html/pc/download/

作为上传服务器
client_max_body_size 500m； #设置允许客户端上传单个⽂件的最⼤值，默认值为1m
client_body_buffer_size 1024k; #⽤于接收每个客户端请求报⽂的body部分的缓冲区⼤⼩；默认16k；超出此⼤⼩时，其将被暂存到磁盘上的由下⾯client_body_temp_path指令所定义的位置
client_body_temp_path path [level1 [level2 [level3]]];
#设定存储客户端请求报⽂的body部分的临时存储路径及⼦⽬录结构和数量，⽬录名为16进制的数字，使⽤hash之后的值从后往前截取1位、2位、2位作为⽂件名：

client_max_body_size 500m;
client_body_buffer_size 2048k;
client_body_temp_path /apps/nginx/temp 1 2 2;
#gzip on;
aio on;
directio 2048;
output_buffers 10 128k;






Nginx 状态页面
location /nginx_status {
stub_status;
allow 192.168.0.0/16;
allow 127.0.0.1;
deny all;
}

Active connections：当前处于活动状态的客户端连接数，包括连接等待空闲连接数。
accepts：统计总值，Nginx⾃启动后已经接受的客户端请求的总数。
handled：统计总值，Nginx⾃启动后已经处理完成的客户端请求的总数，通常等于accepts，除⾮有因
worker_connections限制等被拒绝的连接。
requests：统计总值，Nginx⾃启动后客户端发来的总的请求数。
Reading：当前状态，正在读取客户端请求报⽂⾸部的连接的连接数。
Writing：当前状态，正在向客户端发送响应报⽂过程中的连接数。
Waiting：当前状态，正在等待客户端发出请求的空闲连接数，开启 keep-alive的情况下,这个值等于
active – (reading+writing),

#################################################
Nginx 反向代理功能

location /web {
index index.html;
proxy_pass http://192.168.7.103:80;
#不带斜线将访问的/web,等于访问后端服务器
http://192.168.7.103:80/web/index.html，即后端服务器配置的站点根⽬录要有web⽬录才可以
被访问，这是⼀个追加/web到后端服务器 http://servername:port/WEB/INDEX.HTML的操作
proxy_pass http://192.168.7.103:80/;
#带斜线，等于访问后端服务器的http://192.168.7.103:80/index.html 内容返回给客户端
}

总结：
server {
listen 80;
server_name test.jenkins.rpdns.com;
root /usr/local/nginx/html;

location /jenkins/ {
index index.html;
proxy_pass http://10.1.1.249:8080;
}
访问：(localtion /jenkins 加/ 和不加结果一样 )http://test.jenkins.rpdns.com/jenkins = http://10.1.1.249:8080/jenkins

location /jenkins {
index index.html;
proxy_pass http://10.1.1.249:8080/;
}
访问:http://test.jenkins.rpdns.com/jenkins = http://10.1.1.249:8080 (返回的是tomcat首页)

带斜线，等于访问后端服务器内容给客户端如：http://test.jenkins.rpdns.com/jenkins = http://10.1.1.249:8080
不带斜线等于访问后端服务器地址的基础上加上localtion的方法：如 http://test.jenkins.rpdns.com/jenkins = http://10.1.1.249:8080/jenkins

proxy_hide_header ETag;
nginx作为反向代理的时候，在返回给客户端http响应的时候，隐藏后端服务版本相应头部的信息

proxy_pass_request_body on | off；
#是否向后端服务器发送HTTP包体部分,可以设置在http/server或location块，默认即为开启

proxy_pass_request_headers on | off；
#是否将客户端的请求头部转发给后端服务器，可以设置在http/server或location块，默认即为开启

proxy_set_header X-Forwarded-For $remote_addr;
#添加HOST到报文头部，如果客户端为NAT上那么其值为客户端的共用的公网IP地址，常用于在记录客户端的真实IP地址

proxy_connect_timeout 60s；
#60s为⾃定义nginx与后端服务器建立连接的超时时间，配置nginx服务器与后端服务器尝试建立连接的超时时间，默认为60秒

proxy_read_timeout 60s；
#配置nginx服务器向后端服务器或服务器组发起read请求后，等待的超时时间，默认60s

proxy_send_timeout 60s；
#配置nginx项后端服务器或服务器组发起write请求后，等待的超时时间，默认60s

proxy_http_version 1.0；
#⽤于设置nginx提供代理服务的HTTP协议的版本，默认http 1.0

proxy_ignore_client_abort off；
#当客户端⽹络中断请求时，nginx服务器中断其对后端服务器的请求。即如果此项设置为on开启，则服务
器会忽略客户端中断并⼀直等着代理服务执⾏返回，如果设置为off，则客户端中断后Nginx也会中断客户
端请求并⽴即记录499⽇志，默认为off。

缓存配置
proxy_cache_path /apps/nginx/proxycache levels=1:1:1 keys_zone=proxycache:20m inactive=120s max_size=1g;

location /web {
proxy_pass http://10.1.1.103/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_hide_header ETag;

proxy_set_header clientip $remote_addr;
   proxy_cache proxycache;
   proxy_cache_key $request_uri;
   proxy_cache_valid 200 302 301 1h;
   proxy_cache_valid any 1m;

add_header X-Via $server_addr;
add_header X-Cache $upstream_cache_status;
add_header X-Accel $server_name;
}

######################################################################
nginx TCP代理
#server⽀持的parameters如下：
weight=number #设置权重，默认为1。
max_conns=number #给当前server设置最⼤活动链接数，默认为0表示没有限制。
max_fails=number #对后端服务器连续监测失败多少次就标记为不可⽤。
fail_timeout=time #对后端服务器的单次监测超时时间，默认为10秒。
backup #设置为备份服务器，当所有服务器不可⽤时将重新启⽤次服务器。
down #标记为down状态。
resolve #当server定义的是主机名的时候，当A记录发⽣变化会⾃动应⽤新IP⽽不⽤重启Nginx。

upstream webserver {
#hash $request_uri consistent;（首选）
#ip_hash；
#least_conn;
server 192.168.7.103:80 weight=1 fail_timeout=15s max_fails=3; #后端服务器状态监测
server 192.168.7.104:80 weight=1 fail_timeout=15s max_fails=3;
server 192.168.7.101:80 weight=1 fail_timeout=15s max_fails=3 backup;
hash $request_uri consistent;
}

server {
listen 80;
server_name www.magedu.net;
location / { # 关闭192.168.7.103和192.168.7.104，测试nginx backup服务器可⽤性：
index index.html index.php;
root /data/nginx/html/pc;
}
location /web {
index index.html;
proxy_pass http://webserver/;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
[root@s4 ~]# while true;do curl http://www.magedu.net/web;sleep 1;done

例子代理mysql redis
[root@s2 ~]# cat /apps/nginx/conf/tcp/tcp.conf
stream {
upstream redis_server {
server 192.168.7.104:6379 max_fails=3 fail_timeout=30s;
}
upstream mysql_server {
least_conn;
server 192.168.7.104:3306 max_fails=3 fail_timeout=30s;
}

server {
listen 192.168.7.102:3306;
proxy_connect_timeout 6s;
proxy_timeout 15s;
proxy_pass mysql_server;
}
server {
listen 192.168.7.102:6379;
proxy_connect_timeout 3s;
proxy_timeout 3s;
proxy_pass redis_server;
}
}

##############################################################
https 配置
server {
listen 443 ssl;
server_name www.upetmart.com;
#ssl on;
root /wwwroothtml/wwwroot/www.upetmart.com;
index index.html index.htm index.php;
ssl_certificate cert/3281594_www.upetmart.com.pem;
ssl_certificate_key cert/3281594_www.upetmart.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

location /web {
index index.html;
proxy_pass http://webserver/;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

#########################################################
nginx 配置实例
user nginx;
worker_processes auto;
worker_cpu_affinity 00000001 00000010 00000100 00001000;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

pid /apps/nginx/logs/nginx.pid;
worker_rlimit_nofile 65536;

events {
worker_connections 65535;
accept_mutex on;
multi_accept on;
}

http {
include mime.types;
default_type application/octet-stream;

#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';

#access_log logs/access.log main;
log_format access_json '{"@timestamp":"$time_iso8601",'
'"host":"$server_addr",'
'"clientip":"$remote_addr",'
'"size":$body_bytes_sent,'
'"responsetime":$request_time,'
'"upstreamtime":"$upstream_response_time",'
'"upstreamhost":"$upstream_addr",'
'"http_host":"$host",'
'"url":"$uri",'
'"domain":"$host",'
'"xff":"$http_x_forwarded_for",'
'"referer":"$http_referer",'
'"status":"$status"}';
access_log /apps/nginx/logs/access.log access_json;

sendfile on;
tcp_nopush on;
tcp_nodelay off;
#keepalive_timeout 0;
keepalive_timeout 65 65;
keepalive_requests 5;
client_max_body_size 500m;
client_body_buffer_size 2048k;
client_body_temp_path /apps/nginx/temp 1 2 2;
proxy_cache_path /apps/nginx/proxycache levels=1:1:1 keys_zone=proxycache:20m inactive=120s max_size=1g;
#gzip on;
aio on;
directio 2048;
output_buffers 10 128k;
server_tokens off;

server {
listen 80;
server_name localhost;

charset utf-8;

#access_log logs/host.access.log main;

location / {
root html;
index index.html index.htm;
}

location /web {
proxy_pass http://10.1.1.103/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_hide_header ETag;

proxy_set_header clientip $remote_addr;
   proxy_cache proxycache;
   proxy_cache_key $request_uri;
   proxy_cache_valid 200 302 301 1h;
   proxy_cache_valid any 1m;

add_header X-Via $server_addr;
add_header X-Cache $upstream_cache_status;
add_header X-Accel $server_name;
}
#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html
#
error_page 404 /z4y06on3mm.png;
location = /z4y06on3mm.png {
root html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}

# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}

# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;

# location / {
# root html;
# index index.html index.htm;
# }
#}

# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;

# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;

# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;

# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;

# location / {
# root html;
# index index.html index.htm;
# }
#}

}

xiangzilong

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
nginx 初始编译安装

nginx 编译安装yum install -y vim lrzsz tree screen psmisc lsof tcpdump wget \ntpdate gcc gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel \systemd-devel net-tools iotop bc zip unzip zlib-devel bash-completion nfs-utils automake libxml2 libxm.
复制链接

扫一扫

专栏目录