平滑升级、location、访问控制
nginx
平滑升级
1.获取老版本的编译参数-V
[root@localhost ~]# nginx -V
nginx version: nginx/1.21.3
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-debug --with-http_ssl_module --with-http_realip_module --with-http_image_filter_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_stub_status_module --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log
2.获取新版本或新功能的软件包
下载地址 github.com
[root@localhost ~]# cd /usr/src/
[root@localhost src]# ls
debug echo-nginx-module-master.tar kernels nginx-1.21.3
[root@localhost src]# tar xf echo-nginx-module-master.tar
[root@localhost src]# ls
debug echo-nginx-module-master echo-nginx-module-master.tar kernels nginx-1.21.3
3.对新功能或新版本的软件包进行编译
[root@localhost src]# cd nginx-1.21.3/
[root@nginx nginx-1.21.3]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-debug --with-http_ssl_module --with-http_realip_module --with-http_image_filter_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_stub_status_module --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --add-module=../echo-nginx-module-master
[root@nginx nginx-1.21.3]# make
4.备份老程序
[root@localhost nginx-1.21.3]# ll objs/nginx /usr/local/nginx/sbin/nginx
-rwxr-xr-x. 1 root root 7069888 10月 27 23:55 objs/nginx
-rwxr-xr-x. 1 root root 6452216 10月 25 16:25 /usr/local/nginx/sbin/nginx
[root@localhost nginx-1.21.3]# cp /usr/local/nginx/sbin/nginx /opt/
[root@localhost nginx-1.21.3]# ls /opt/
mime.types nginx nginx.conf
5.停掉老程序并用新程序使用老程序的配置文件进行启动
[root@localhost nginx-1.21.3]# nginx -s stop;objs/nginx -c /usr/local/nginx/conf/nginx.conf
[root@localhost nginx-1.21.3]# ps -ef|grep nginx
root 62044 1487 0 00:00 pts/0 00:00:00 grep --color=auto nginx
6.检验功能,若无问题即用新程序替换老程序
[root@localhost nginx-1.21.3]# objs/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost nginx-1.21.3]# objs/nginx -s reload
7.测试
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
location / {
root html;
index index.html index.htm;
}
location /test {
echo "test";
}
[root@localhost nginx-1.21.3]# objs/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost nginx-1.21.3]# objs/nginx -s reload
[root@localhost ~]# curl http://192.168.129.33/test
test
[root@localhost nginx-1.21.3]# \cp objs/nginx /usr/local/nginx/sbin/nginx
[root@localhost nginx-1.21.3]# ll objs/nginx /usr/local/nginx/sbin/nginx
-rwxr-xr-x. 1 root root 7069888 10月 27 23:55 objs/nginx
-rwxr-xr-x. 1 root root 7069888 10月 28 00:12 /usr/local/nginx/sbin/nginx
[root@localhost nginx-1.21.3]# objs/nginx -s stop;nginx
[root@localhost nginx-1.21.3]# ps -ef | grep nginx
root 48446 1 0 00:50 ? 00:00:00 nginx: master process nginx
nginx 48447 48446 0 00:50 ? 00:00:00 nginx: worker process
root 48938 1494 0 00:50 pts/0 00:00:00 grep --color=auto nginx
location配置
location区段,通过指定模式来与客户端请求的URI相匹配
//功能:允许根据用户请求的URI来匹配定义的各location,匹配到时,此请求将被相应的location配置块中的配置所处理,例如做访问控制等功能
//语法:location [ 修饰符 ] pattern {......}
常用修饰符说明:
修饰符 | 功能 |
---|---|
= | 精确匹配 |
~ | 正则表达式模式匹配,区分大小写 |
~* | 正则表达式模式匹配,不区分大小写 |
^~ | 前缀匹配,类似于无修饰符的行为,也是以指定模块开始,不同的是,如果模式匹配,那么就停止搜索其他模式了,不支持正则表达式 |
@ | 定义命名location区段,这些区段客户端不能访问,只可以由内部产生的请求来访问,如try_files或error_page等 |
没有修饰符表示必须以指定模式开始,如:
[root@localhost local]# vim nginx/conf/nginx.conf
location / {
root html;
index index.html index.htm;
}
location /test {
echo "test";
}
[root@localhost ~]# nginx -s reload
那么如下内容就可正确匹配:
[root@localhost ~]# curl http://192.168.129.33/test
test
[root@localhost ~]# curl http://192.168.129.33/test/
test
[root@localhost ~]# curl http://192.168.129.33/test?test
test
=:表示必须与指定的模式精确匹配,如:
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
......
location / {
root html;
index index.html index.htm;
}
location /test { #匹配/test下的所有
echo "test";
}
location =/test {
echo "111";
}
[root@localhost ~]# nginx -s reload
那么如下内容就可正确匹配:
[root@localhost ~]# curl http://192.168.129.33/test
111
如下内容则无法匹配:
[root@localhost ~]# curl http://192.168.129.33/test/
test
[root@localhost ~]# curl http://192.168.129.33/test/hh
test
[root@localhost ~]# curl http://192.168.129.33/testtest
test
~:表示指定的正则表达式要区分大小写,如:
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
......
location / {
root html;
index index.html index.htm;
}
location /test {
echo "test";
}
location ~ ^/test$ {
echo "大小写";
}
[root@localhost ~]# nginx -s reload
那么如下内容就可正确匹配:
[root@localhost ~]# curl http://192.168.129.33/test
大小写
如下内容则无法匹配:
[root@localhost ~]# curl http://192.168.129.33/test/
test
[root@localhost ~]# curl http://192.168.129.33/testkllk
test
~*:表示指定的正则表达式不区分大小写,如:
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
......
location ~ ^/test$ {
echo "大小写";
}
[root@localhost ~]# nginx -s reload
那么如下内容就可正确匹配:
[root@localhost ~]# curl http://192.168.129.33/test
不分大小写
[root@localhost ~]# curl http://192.168.129.33/TEST
不分大小写
[root@localhost ~]# curl http://192.168.129.33/TEst
不分大小写
如下内容则无法匹配:
[root@localhost ~]# curl http://192.168.129.33/TEst/
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.21.3</center>
</body>
</html>
[root@localhost ~]# curl http://192.168.129.33/testas
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.21.3</center>
</body>
</html>
~:类似于无修饰符的行为,也是以指定模式开始,不同的是,如果模式匹配,则停止搜索其他模式
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
......
location / {
root html;
index index.html index.htm;
}
location /test {
echo "无";
}
location ~ ^/test$ {
echo "分大小写";
}
location ~* ^/test$ {
echo "不分大小写";
}
[root@localhost ~]# nginx -s reload
那么如下内容就可正确匹配:
[root@localhost ~]# curl http://192.168.129.33/test
分大小写
[root@localhost ~]# curl http://192.168.129.33/tesT
不分大小写
[root@localhost ~]# curl http://192.168.129.33/test/
无
[root@localhost ~]# curl http://192.168.129.33/test/asda
无
[root@localhost ~]# curl http://192.168.129.33/testasda
无
查找顺序和优先级:由高到底依次为
- 带有
=
的精确匹配优先 - 正则表达式按照他们在配置文件中定义的顺序
- 带有
^~
修饰符的,开头匹配 - 带有
~
或~*
修饰符的,如果正则表达式与URI匹配 - 没有修饰符的精确匹配
优先级次序如下:
( location = 路径 ) --> ( location ^~ 路径 ) --> ( location ~ 正则 ) --> ( location ~* 正则 ) --> ( locatio
访问控制
用于location段
allow:设定允许哪台或哪些主机访问,多个参数间则换行
deny:设定禁止哪台或哪些主机访问,多个参数间则换行
示例:
allow 192.168.1.1/32 ;
allow 192.168.2.1/32 ;
deny all;
示例:
[root@localhost ~]# mkdir /usr/local/nginx/html/test -p
[root@localhost ~]# cat > /usr/local/nginx/html/test/index.html >>EOF
<html>
<head>
<title>test page</title>
</head>
<body>
<a href="http://www.baidu.com">baidu</a>
</body>
</html>
EOF
[root@localhost ~]# nginx -s reload
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
......
location / {
root html;
index index.html index.htm;
}
location /test {
deny 192.168.129.1; ## 黑名单(除了自己谁都能访问)
root html;
index index.html;
}
.....
[root@localhost ~]# curl http://192.168.129.33/test/index.html
<html>
<head>
<title>test page</title>
</head>
<body>
<a href="http://www.baidu.com">baidu</a>
</body>
</html>
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
......
location / {
root html;
index index.html index.htm;
}
location /test {
allow 192.168.129.1; #白名单(除了自己谁都不能访问)
deny all;
root html;
index index.html;
}
.....
[root@localhost ~]# curl http://192.168.129.33/test/index.html
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.21.3</center>
</body>
</html>