Nginx的部署和虚拟主机配置

一、nginx简介

• 一款高性能、轻量级Web服务软件， 稳定性高，系统资源消耗低
• 对HTTP并发连接的处理能力高（能够处理高并发），单台物理服务器可支持30000~50000个并发请求

二、编译安装nginx

[root@localhost ~]# yum -y install pcre-devel zlib-devel
[root@localhost ~]# tar zxf nginx-1.12.2.tar.gz
[root@localhost ~]# cd nginx-1.12.2/
[root@localhost nginx-1.12.2]# ./configure \
> --prefix=/usr/local/nginx \
> --user=nginx \
> --group=nginx \
> --with-http_stub_status_module ###统计状态模块
[root@localhost nginx-1.12.2]# make && make install
[root@localhost ~]# useradd -M -s /sbin/nologin nginx  ###创建一个不可登录的程序用户
[root@localhost ~]# ln -s /usr/local/nginx/sbin/nginx /usr/bin ###优化执行路径
[root@localhost ~]# nginx ###启动服务
[root@localhost ~]# netstat -anpt | grep nginx ###查看nginx服务是否开启
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      16429/nginx: master
[root@localhost ~]# killall -s QUIT nginx ###选项-s QUIT等于-3 停止服务
[root@localhost ~]# netstat -anpt | grep nginx
[root@localhost ~]# killall -s HUP nginx ###选项-s HUP等于-1 重新加载
[root@localhost ~]# netstat -anpt | grep nginx
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      16488/nginx: master
[root@localhost ~]# vi /etc/init.d/nginx ###制作管理脚本
#!/bin/bash
#chkconfig: 35 20 80
#description: nginx server
PROG="/usr/local/nginx/sbin/nginx"
PIDF="/usr/local/nginx/logs/nginx.pid"
case "$1" in
    start)
       $PROG
       ;;
    stop)
       killall -3 $PROG
       ;;
    restart)
       $0 stop
       $0 start
       ;;
    reload)
       killall -1 $PROG
       ;;
    *)
       echo "Usage: $0 {start|stop|reload|status}"
       exit 1
esac
exit 0
[root@localhost ~]# chmod +x /etc/init.d/nginx
[root@localhost ~]# chkconfig --add nginx
[root@localhost ~]# systemctl start nginx

三、主配置文件分析

全局配置

#user nobody;           ##指定用户，默认是匿名用户
worker_processes 1;   ##工作进程，实现高并发可以增加值
#error_log logs/error.log;  ##错误日志文件
#pid     logs/nginx.pid;      ##pid文件

I/O事件配置

events {           ##一个进程包含多个线程
    use epoll; #能显著提高程序在大量并发连接中只有少量活跃的情况下的系统CPU利用率
    worker_connections 4096;
}

http配置

http{}：协议层面；server{}：服务层面；location{}：网页站点目录层面
http {
     access_log logs/access.log main;
     sendfile     on;        ##发送邮件
     keepalive timeout 65;  ##连接超时时间
     server {
         listen  80;
         server_name localhost;    ##域名
         charset utf-8;       ##字符集
         location  / {
               root  html;     ##网页站点目录名称
               index index.html index.php; }    ##主页的相对路径
         error_page  500 502 503 504 /50x.html;    ##提示错误页面（500是服务器出错）
         location = /50x.html {  
            root  html; }                
    }
}

四、Nginx的访问状态统计

[root@localhost ~]# vi /usr/local/nginx/conf/nginx.conf
user  nginx nginx ###修改#user  nobody为user  nginx nginx
error_log  logs/error.log  info ###去除#号
events {
        use epoll; ###新增此行，默认使用select/poll
    worker_connections  1024; ###表示一个工作进程允许1024个连接
}
 location ~ /status {  ###配置统计功能
             stub_status  on;
             access_log  off;
             } ###在server模块里的error_page上面增加
[root@localhost ~]# nginx -t ###检查一下配置文件
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost ~]# nginx -V ###查看版本号及开启的模块
nginx version: nginx/1.12.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC)
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module 
[root@localhost ~]# systemctl start nginx ###开启nginx服务
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0 ###关闭防火墙和核心防护

验证，访问192.168.247.160/status

nginx status 详解

active connections：活跃的连接数量；
server accepts handled requests：总共处理n个连接，成功创建n次握手，共处理n个请求；
reading：读取客户端的连接数；
writing：响应数据到客户端的数量；
waiting：开启keep-alive的情况下，这个值等于active-（reading+writing），意思就是Nginx已经处理完正在等候下一次指令的驻留地址。

五、nginx设置访问用户功能

修改配置文件

[root@localhost ~]# yum -y install httpd-tools  ###安装需要的工具
[root@localhost ~]# htpasswd -c /usr/local/nginx/passwd.db lili ###创建访问用户
New password:
Re-type new password:
Adding password for user lili
[root@localhost ~]# vi /usr/local/nginx/conf/nginx.conf
  location / {
            root   html;
            index  index.html index.htm;
            allow 192.168.247.160/24; ###允许本机访问
            #deny all; ###拒绝所有，会导致全部无法访问
            auth_basic "secret"; ###验证方式为密码验证
            auth_basic_user_file /usr/local/nginx/passwd.db; ###密码所在文件
        }
[root@localhost ~]# nginx -t ###验证配置文件是否有错
nginx: [warn] low address bits of 192.168.247.160/24 are meaningless in /usr/local/nginx/conf/nginx.conf:48
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost ~]# systemctl restart nginx ###重启服务

验证，访问本地
输入lili和密码

进入网页

六、虚拟主机配置

6.1 基于域名

建立网页测试文件

[root@client1 ~]# mkdir -p /var/www/web1/index.html
[root@client1 ~]# mkdir -p /var/www/web2/index.html
[root@client1 ~]# echo "web1" > /var/www/web1/index.html
[root@client1 ~]# echo "web2" > /var/www/web2/index.html

修改配置文件

vi /usr/local/nginx/conf/nginx.conf
 server {
        listen       80;
        server_name  www.aa.com;
        charset utf-8；        
        location / {
            root   /var/www/web1;
            index  index.html index.htm;
            }
        }      
     server {   #添加一个server模块
        listen       80;
        server_name  www.ab.com;
        charset utf-8;
        location / {
            root   /var/www/web2;
            index  index.html index.htm;
            }
        }
[root@localhost ~]# nginx -t ###检查语法
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost ~]# systemctl restart nginx ###重启nginx服务
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0
[root@localhost ~]# vi /etc/hosts ###增加映射
192.168.247.160 www.aa.com www.ab.com

验证（可能需要重启主机）
分别访问www.aa.com、www.ab.com

4.2 基于IP

新增一张网卡，添加网卡配置文件
修改配置文件

[root@www ~]# vi /usr/local/nginx/conf/nginx.conf
 server {
        listen       192.168.247.160:80; ###修改IP地址
        server_name  www.aa.com;
        charset utf-8;
        #access_log  logs/aa.access.log  main;
        location / {
            root   /var/www/web1;
            index  index.html index.htm;
            }
        }
     server {
        listen       192.168.247.166:80; ###修改IP地址
        server_name  www.aa.com;
        charset utf-8;
        #access_log  logs/aa.access.log  main;
        location / {
            root   /var/www/web2;
            index  index.html index.htm;
            }
         }
[root@www ~]# nginx -t ###检查语法
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@www ~]# systemctl restart nginx
[root@www ~]# vi /etc/hosts
192.168.73.40 www.aa.com
192.168.73.134 www.aa.com

验证，分别访问192.168.247.160，192.168.247.166

4.3 基于端口

[root@www ~]# vi /usr/local/nginx/conf/nginx.conf
server {
        listen       192.168.247.160:80; ###更改端口号
        server_name  www.aa.com;
        charset utf-8;
        #access_log  logs/aa.access.log  main;
        location / {
            root   /var/www/web1;
            index  index.html index.htm;
            }
        }
     server {
        listen       192.168.247.160:8080; ###更改端口号
        server_name  www.aa.com;
        charset utf-8;
        #access_log  logs/aa.access.log  main;
        location / {
            root   /var/www/web2;
            index  index.html index.htm;
            }
         }
[root@www ~]# systemctl restart nginx

验证，分别访问192.168.247.160、192.168.247.160：8080