Nginx是一个高性能的HTTP和反向代理web服务器,以其低内存占用和高并发能力著称。本文介绍了Nginx的概述、安装(包括Windows和Linux)、配置文件解析及其在反向代理、负载均衡和动静分离等方面的应用。
Nginx
官达者才未必当其位,誉美者实未必副其名
1. 概述
- 定义
Nginx (engine x) 是一个高性能的HTTP和反向代理web服务器 ,同时也提供了IMAP/POP3/SMTP服务。
- 背景
- Nginx是由伊戈尔·赛索耶夫为俄罗斯访问量第二的Rambler.ru站点(俄文:Рамблер)开发的,公开版本1.19.6发布于2020年12月15日
- Nginx 的源代码使用 2-clause BSD-like license。
- 反向代理
代理服务端,正向代理是代理客户端
- 特点
- 内存少
- 并发大
- 作用
- Http代理,反向代理:作为web服务器最常用的功能之一,尤其是反向代理。
- 负载均衡:内置策略(轮询,加权轮询,Ip hash。)和扩展策略。
- 动静分离,配置前端静态资源文件映射
2. 安装
- windows安装
Nginx官网下载解压即可
# 修改了 Nginx 的配置文件后
nginx -s reload
# 快速停止
nginx -s top
# 有序的停止
nginx -s quit
# taskkill 干掉进程
taskkill /f /t /im nginx.exe
- Linux安装
# gcc环境
yum install gcc-c++
# PCRE pcre-devel Perl库安装
yum install -y pcre pcre-devel
# zlib 安装
yum install -y zlib zlib-devel
# OpenSSL 全套接字层密码库安装支持https
yum install -y openssl openssl-devel
# 下载安装包解压
tar -zxvf nginx-1.18.0.tar.gz
cd nginx-1.18.0
# 编译安装
./configure
make
make install
# 查找安装路径
whereis nginx
- 常见命令
cd /usr/local/nginx/sbin/
./nginx 启动
./nginx -s stop 停止
./nginx -s quit 安全退出
./nginx -s reload 重新加载配置文件
ps aux|grep nginx 查看nginx进程
- 连接不上
# 开启
service firewalld start
# 重启
service firewalld restart
# 关闭
service firewalld stop
# 查看防火墙规则
firewall-cmd --list-all
# 查询端口是否开放
firewall-cmd --query-port=8080/tcp
# 开放80端口
firewall-cmd --permanent --add-port=80/tcp
# 移除端口
firewall-cmd --permanent --remove-port=8080/tcp
#重启防火墙(修改配置后要重启防火墙)
firewall-cmd --reload
# 参数解释
1、firwall-cmd:是Linux提供的操作firewall的一个工具;
2、--permanent:表示设置为持久;
3、--add-port:标识添加的端口;
3. 配置文件
- 解释
########### 每个指令必须有分号结束。#################
#user administrator administrators; #配置用户或者组,默认为nobody nobody。
#worker_processes 2; #允许生成的进程数,默认为1
#pid /nginx/pid/nginx.pid; #指定nginx进程运行文件存放地址
error_log log/error.log debug; #制定日志路径,级别。这个设置可以放入全局块,http块,server块,级别以此为:debug|info|notice|warn|error|crit|alert|emerg
events {
accept_mutex on; #设置网路连接序列化,防止惊群现象发生,默认为on
multi_accept on; #设置一个进程是否同时接受多个网络连接,默认为off
#use epoll; #事件驱动模型,select|poll|kqueue|epoll|resig|/dev/poll|eventport
worker_connections 1024; #最大连接数,默认为512
}
http {
include mime.types; #文件扩展名与文件类型映射表
default_type application/octet-stream; #默认文件类型,默认为text/plain
#access_log off; #取消服务日志
log_format myFormat '$remote_addr–$remote_user [$time_local] $request $status $body_bytes_sent $http_referer $http_user_agent $http_x_forwarded_for'; #自定义格式
access_log log/access.log myFormat; #combined为日志格式的默认值
sendfile on; #允许sendfile方式传输文件,默认为off,可以在http块,server块,location块。
sendfile_max_chunk 100k; #每个进程每次调用传输数量不能大于设定的值,默认为0,即不设上限。
keepalive_timeout 65; #连接超时时间,默认为75s,可以在http,server,location块。
upstream xxy {
server 127.0.0.1:8080;
server 192.168.10.121:8081 backup; #热备
}
error_page 404 https://www.baidu.com; #错误页
server {
keepalive_requests 120; #单连接请求上限次数。
listen 4545; #监听端口
server_name 127.0.0.1; #监听地址
location ~*^.+$ { #请求的url过滤,正则匹配,~为区分大小写,~*为不区分大小写。
#root path; #根目录
#index vv.txt; #设置默认页
proxy_pass http://xxy; #请求转向mysvr 定义的服务器列表
deny 127.0.0.1; #拒绝的ip
allow 172.18.5.54; #允许的ip
}
}
}
- 重要
upstream xxy {
server 127.0.0.1:8080;
server 192.168.10.121:8081 backup; #热备
}
server {
..
proxy_pass http://xxy; #请求转向mysvr 定义的服务器列表
}
- 实际项目开发
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
stream {
upstream pg-server{
server 47.99.104.62:5432;
}
server {
listen 5433;
proxy_pass pg-server;
}
}
http {
include mime.types;
default_type application/octet-stream;
client_max_body_size 100m;
access_log off;
sendfile on;
keepalive_timeout 100;
fastcgi_connect_timeout 75;
fastcgi_read_timeout 600;
fastcgi_send_timeout 600;
gzip on;
gzip_min_length 1k;
gzip_comp_level 4;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/xml text/css;
gzip_disable "MSIE [1-6]\.";
gzip_vary on;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream msc {
server 47.99.104.62:18010;
}
upstream nacos-server {
server 47.99.104.62:8848;
}
upstream graphs {
server 47.99.104.62:8000;
}
upstream websocket-server {
server 47.99.104.62:2014;
}
server {
listen 18001;
location / {
proxy_pass http://nacos-server;
}
}
server {
listen 80 default;
server_name localhost;
#ssl on;
#root ../webapps;
#location / {
# rewrite ^/$ /fusionsite-are-basic-web last;
# add_header 'Cache-Control' 'no-cache';
#}
root ../../Oceansite/webapps/oceansite-basic-web;
location = / {
#root ../../Oceansite/webapps/oceansite-basic-web;
#index index.html index.htm;
rewrite ^/$ /index last;
}
location /index {
alias ../../Oceansite/webapps/oceansite-basic-web;
}
location /login {
alias ../../Oceansite/webapps/oceansite-basic-web;
}
location /system/menu {
alias ../../Oceansite/webapps/oceansite-basic-web/;
}
location /RTData/navigation {
alias ../../Oceansite/webapps/oceansite-basic-web/;
}
location /RTData/flowChart {
alias ../../Oceansite/webapps/oceansite-basic-web/;
}
location /RTData/47.99.104.62/oceansite-conduction-web {
alias ../../Oceansite/webapps/oceansite-basic-web/;
}
location /RTData/47.99.104.62/oceansite-video-monitor-web {
alias ../../Oceansite/webapps/oceansite-basic-web/;
}
location /47.99.104.62/oceansite-ship-record-web {
alias ../../Oceansite/webapps/oceansite-basic-web/;
}
#记录簿网页资源
location /oceansite-ship-record-web {
root ../../Oceansite/webapps;
index index.html index.htm;
}
#通导系统网页资源
location /oceansite-conduction-web {
root ../../Oceansite/webapps;
index index.html index.htm;
}
#视频监控网页资源
location /oceansite-video-monitor-web {
root ../../Oceansite/webapps;
index index.html index.htm;
}
#视频监控报警照片和视频
location /alarmimgdata {
root ../../;
}
#流程图网页资源
location /flowchart {
root ../webapps;
index index.html index.htm;
}
location /fusionsite-are-basic-web {
root ../webapps;
index index.html index.htm;
}
location /common {
root ../webapps;
index index.html index.htm;
}
#OceanSite 数据接口跳转
location /prod-api/ {
proxy_read_timeout 86400;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Origin' *;
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE';
add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,Keep-Alive,User-Agent,X-Mx-ReqToken,X-Data-Type,X-Auth-Token,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
proxy_pass http://47.99.104.62:8080/;
}
location /msc {
proxy_pass http://msc;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /fusionsite-are-h5-flowchart-web/graph {
root ../webapps;
}
location ~* /fusionsite-are-h5-flowchart-web/graph/.*/Resource/.*\.(jpg|png|jpeg|gif)$ {
rewrite ^/fusionsite-are-h5-flowchart-web/graph/(.*)$ /mare-graph/$1 last;
}
location ~* /mare-graph {
root ../App_Server/fusionsite-are-minio-server/data;
}
location /zrender/src/core/util.js {
root ../webapps/fusionsite-are-h5-flowchart-web/graph;
}
location /graphs/ {
proxy_pass http://graphs;
proxy_set_header Host 47.99.104.62:8000;
}
location /msc/fusionsite-are-basic/minIO/fileUpload {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'POST';
add_header 'Access-Control-Allow-Headers' 'lastoperatime,token,DNT,web-token,app-token,Authorization,Accept,Origin,Keep-Alive,User-Agent,X-Mx-ReqToken,X-Data-Type,X-Auth-Token,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
proxy_pass http://47.99.104.62:18110/minIO/fileUpload;
}
location /msc/fusionsite-are-basic/minIO/file/fileUpload {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'POST';
add_header 'Access-Control-Allow-Headers' 'lastoperatime,token,DNT,web-token,app-token,Authorization,Accept,Origin,Keep-Alive,User-Agent,X-Mx-ReqToken,X-Data-Type,X-Auth-Token,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
proxy_pass http://47.99.104.62:18110/minIO/file/fileUpload;
}
location /msc/fusionsite-are-basic/minIO/fileDownload {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'POST';
add_header 'Access-Control-Allow-Headers' 'lastoperatime,token,DNT,web-token,app-token,Authorization,Accept,Origin,Keep-Alive,User-Agent,X-Mx-ReqToken,X-Data-Type,X-Auth-Token,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
proxy_pass http://47.99.104.62:18110/minIO/fileDownload;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
server {
listen 8000;
server_name localhost;
client_max_body_size 100m;
location /
{
root ../webapps/fusionsite-are-h5-flowchart-web/graph;
index index.html index.htm;
}
location ~* .*/Resource/.*\.(jpg|png|jpeg|gif)$ {
rewrite ^.*/Resource/(.*)$ /resources/$1 last;
}
location ~* .*/Flows/.*\.(jpg|png|jpeg|gif)$ {
rewrite ^.*/Flows/(.*)$ /resources/$1 last;
}
location /resources {
alias ../webapps/fusionsite-are-h5-flowchart-web/resources;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html
{
root html;
}
location /flowchart
{
proxy_read_timeout 86400;
proxy_pass http://websocket-server;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
location /graphs/rest {
rewrite ^/graphs/(.*)$ /$1 last;
}
location /rest
{
proxy_pass http://47.99.104.62:8689/rest;
#proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
expires off;
}
}
}
4. 总结
知道了Nginx反向代理,对服务器加深了理解
扫一扫
1532
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
