一.页面压缩
以下实验都是在redhat7.3下进行
Nginx作为web服务器的时候,为了节省存储资源通常要开启页面压缩。
1.查看默认发布页的大小
[root@server1 html]# du -sh index.html
2.3M index.html ##可以看到默认发布页大小为2.3M
[root@server1 html]# ls
50x.html index.html
[root@server1 html]# du -sh index.html
2.3M index.html
[root@server1 html]# pwd
/usr/local/nginx/html
2.修改配置文件,打开页面压缩模块
vim /usr/local/nginx/conf/nginx.conf
gzip on;
gzip_min_length 1;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css/ application/xml text/javascript application/x-httpd/php image/jpeg image/gif image/png;
3.重启Nginx服务,浏览器上测试
systemctl reload nginx
nginx没有设置到系统服务中,不能使用此命令,可以编写/etc/systemd/system/nginx.server文件,不写可以通过安装脚本路径/usr/local/nginx/sbin/nginx -s reload 重启
4.浏览器输入装有nginx的服务器ip
在这里我们可以看到原始大小和压缩后的大小,还有压缩的格式
二.限速,压力测试
vim /usr/local/nginx/conf/nginx.conf
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
set $limit_rate 1k; ##访问默认发布页限速为1k
index index.html index.htm;
}
location /search/ {
limit_rate 50k;
limit_req zone=one burst=5;##每次接受一个,并发为5
}
压力测试,在设置带宽rate访问时间对比
该目录下有一张大小为116k的图片,用以访问
[root@server1 search]# du -sh red.jpg
116K red.jpg
请求了5次,时间接近5s
由于设置了限速为1k,所以在访问的时候会很慢!!
三.realip获取真实ip
1.server2安装nginx用作负载均衡
yum install -y gd-devel-2.0.35-26.el7.x86_64.rpm ##安装编译所需要的软件
yum install openssl-devel pcre-devel gcc -y
tar zxf nginx-1.16.0.tar.gz
cd nginx-1.16.0
./configure --prefix=/usr/local/nginx/ --with-file-aio --with-http_realip_module --with-http_image_filter_module --with-http_ssl_module
make && make install
2.修改作为web服务器的nginx配置文件
vim /usr/local/nginx/conf/nginx.conf
添加
server {
listen 80;
server_name localhost;
set_real_ip_from 172.25.61.2; ##serve2的ip
real_ip_header X-Forwarded-For;
real_ip_recursive on;
}
systemctl reload nginx ##重启服务
3.修改用作反向代理server2的配置文件
vim /usr/local/nginx/conf/nginx.conf
修改以下内容
user nginx nginx;
worker_processes 2;
http {
include mime.types;
default_type application/octet-stream;
upstream redhat {
server 172.25.61.1:80;
}
server {
listen 80;
server_name www.redhat.org;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://redhat;
}
}
3.测试
在客户端写入server2的解析,用curl www.redhat.org访问的代理服务器server2,但真实内容来自与server1的nginx服务器
四.SSL加密设置
–with-http_ssl_module ##编译时需要添加此模块
1.修改配置文件
server {
listen 443 ssl;
server_name www.westos.com;
ssl_certificate cert.pem;
ssl_certificate_key cert.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /web;
index index.html index.htm;
}
}
cd /usr/local/nginx/conf/
[root@server1 conf]# vim /web/index.html
[root@server1 conf]# cat /web/index.html
<h1>www.westos.com</h1
2.制作ssl证书
[root@server1 conf]# cd /etc/pki/tls/certs/
[root@server1 certs]# ls
ca-bundle.crt ca-bundle.trust.crt make-dummy-cert Makefile renew-dummy-cert
[root@server1 certs]# make cert.pem
umask 77 ;
PEM1=/bin/mktemp /tmp/openssl.XXXXXX
;
PEM2=/bin/mktemp /tmp/openssl.XXXXXX
;
/usr/bin/openssl req -utf8 -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ;
cat $PEM1 > cert.pem ;
echo “” >> cert.pem ;
cat $PEM2 >> cert.pem ;
rm -f $PEM1 $PEM2
Generating a 2048 bit RSA private key
…+++
…+++
writing new private key to ‘/tmp/openssl.pN360W’
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:shaanxi
Locality Name (eg, city) [Default City]:xi’an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:xin
Common Name (eg, your name or your server’s hostname) []:server1
Email Address []:kiosk@westos.com
[root@server1 certs]# ls
ca-bundle.crt ca-bundle.trust.crt cert.pem make-dummy-cert Makefile renew-dummy-cert
[root@server1 certs]# cp cert.pem /usr/local/nginx/conf/ ##将生成的证书拷贝到nginx目录下
3.测试
客户机上做好地址解析
172.25.61.1 www.westos.com
172.25.61.2 www.redhat.org
在浏览器上输入
https://www.westos.com