一.平滑升级
部署nginx
//关闭防火墙和selinux
[root@localhost ~]# systemctl disable --now firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# setenforce 0
[root@localhost ~]# vim /etc/selinux/config
SELINUX=disabled
[root@localhost ~]# reboot
//创建nginx用户以及安装依赖包
[root@localhost ~]# useradd -r -M -s /sbin/nologin nginx
[root@localhost ~]# yum -y install pcre-devel openssl openssl-devel gd-devel gcc gcc-c++ make wget vim
[root@localhost ~]# yum -y groups mark install 'Development Tools'
//创建日志存放目录
[root@localhost ~]# mkdir -p /var/log/nginx
[root@localhost ~]# chown -R nginx.nginx /var/log/nginx
//下载nginx软件包
[root@localhost ~]# cd /usr/src/
[root@localhost src]# wget https://nginx.org/download/nginx-1.20.2.tar.gz
//编译安装
[root@localhost src]# tar xf nginx-1.20.2.tar.gz
[root@localhost src]# cd nginx-1.20.2/
[root@localhost nginx-1.20.2]# ./configure \
> --prefix=/usr/local/nginx \
> --user=nginx \
> --group=nginx \
> --with-debug \
> --with-http_ssl_module \
> --with-http_realip_module \
> --with-http_image_filter_module \
> --with-http_gunzip_module \
> --with-http_gzip_static_module \
> --with-http_stub_status_module \
> --http-log-path=/var/log/nginx/access.log \
> --error-log-path=/var/log/nginx/error.log
[root@localhost src]# make -j $(grep 'processor' /proc/cpuinfo | wc -l) && make install
[root@localhost ~]# cd /usr/local/
[root@localhost local]# ls //安装完成后安装目录下会有nginx目录
bin etc games include lib lib64 libexec nginx sbin share src
//设置环境变量
[root@localhost ~]# echo 'export PATH=/usr/local/nginx/sbin:$PATH' > /etc/profile.d/nginx.sh
[root@localhost ~]# source /etc/profile.d/nginx.sh
[root@localhost ~]# which nginx
/usr/local/nginx/sbin/nginx
升级,并且添加echo功能
//升级,添加echo功能
[root@localhost local]# nginx -V
nginx version: nginx/1.20.2
built by gcc 8.5.0 20210514 (Red Hat 8.5.0-2) (GCC)
built with OpenSSL 1.1.1k FIPS 25 Mar 2021
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-debug --with-http_ssl_module --with-http_realip_module --with-http_image_filter_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_stub_status_module --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log
//下载echo功能的包和nginx的包
[root@localhost ~]# yum -y install git
[root@localhost ~]# wget https://nginx.org/download/nginx-1.20.2.tar.gz
[root@localhost ~]# git clone https://github.com/openresty/echo-nginx-module.git
[root@localhost ~]# tar xf nginx-1.20.2.tar.gz
[root@localhost ~]# ls
anaconda-ks.cfg echo-nginx-module nginx-1.20.2 nginx-1.20.2.tar.gz
//升级
[root@localhost ~]# cp /usr/local/nginx/sbin/nginx{,-bak}
[root@localhost ~]# cd nginx-1.20.2/
[root@localhost nginx-1.20.2]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-debug --with-http_ssl_module --with-http_realip_module --with-http_image_filter_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_stub_status_module --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --add-module=../echo-nginx-module
[root@localhost nginx-1.20.2]# make
[root@localhost nginx-1.20.2]# pkill nginx;\cp objs/nginx /usr/local/nginx/sbin/;nginx
[root@localhost nginx-1.20.2]# nginx -V
nginx version: nginx/1.20.2
built by gcc 8.5.0 20210514 (Red Hat 8.5.0-2) (GCC)
built with OpenSSL 1.1.1k FIPS 25 Mar 2021
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-debug --with-http_ssl_module --with-http_realip_module --with-http_image_filter_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_stub_status_module --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --add-module=../echo-nginx-module
//验证
[root@localhost nginx-1.20.2]# vim /usr/local/nginx/conf/nginx.conf
location /test {
echo "test";
}
[root@localhost nginx-1.20.2]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost nginx-1.20.2]# nginx -s reload
[root@localhost nginx-1.20.2]# curl 192.168.80.130/test
test
二.访问控制、用户认证、https
1.访问控制
//拒绝192.168.136.134访问
[root@192 nginx-1.20.2]# cd /usr/local/nginx/conf/
[root@192 conf]# vim nginx.conf
location /test {
deny 192.168.80.130;
echo "test";
}
[root@localhost conf]# nginx -s reload
[root@localhost ~]# curl 192.168.136.134/test
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.20.1</center>
</body>
</html>
//禁止除了192.168.80.130之外的所有ip访问
[root@localhost conf]# vim nginx.conf
location /test {
allow 192.168.80.130;
deny all;
echo "test";
}
[root@localhost conf]# nginx -s reload
[root@localhost ~]# curl 192.168.80.130/test
test
2.用户认证
[root@192 conf]# yum -y install httpd-tools
[root@192 conf]# htpasswd -c -m /usr/local/nginx/conf/.user_auth teng
New password:
Re-type new password:
Adding password for user teng
[root@192 conf]# vim nginx.conf
location /test {
auth_basic "test";
auth_basic_user_file ../conf/.user_auth;
echo "test";
}
[root@192 conf]# nginx -s reload
换到http中
[root@192 conf]# vim nginx.conf
http {
auth_basic "test";
auth_basic_user_file .user_auth;
[root@192 conf]# nginx -s reload
3.https配置
生成私钥,生成证书签署请求并获得证书,然后在nginx.conf中配置如下内容
server {
listen 80;
server_name www.teng.shop teng.shop;
listen 443 ssl;
ssl_certificate 1_teng.shop_bundle.crt;
ssl_certificate_key 2_teng.shop.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
proxy_set_header HOST $host;
}
三.location应用
//没有修饰符
[root@localhost ~]# cd /usr/local/nginx/conf/
[root@localhost conf]# vim nginx.conf
location /abc {
echo "abc";
}
[root@localhost conf]# nginx -s reload
[root@localhost ~]# curl 192.168.80.130/abc
abc
[root@localhost ~]# curl 192.168.80.130/abc\?p1\=11\&p2\=22
abc
[root@localhost ~]# curl 192.168.80.130/abc/
abc
[root@localhost ~]# curl 192.168.80.130/abcde
abc
//必须与指定的模式准确匹配
比如:
location = /abc {
echo "abc";
}
location /abcde {
echo "abcde";
}
[root@localhost ~]# curl 192.168.80.130/abc
abc
[root@localhost ~]# curl 192.168.80.130/abcd
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.20.2</center>
</body>
</html>
[root@localhost ~]# curl 192.168.80.130/abcde
abcde
[root@localhost ~]# curl 192.168.80.130/abcda
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.20.2</center>
</body>
</html>
[root@localhost ~]# curl 192.168.80.130/abcdedas
abcde
[root@localhost ~]# curl 192.168.80.130/abc\?p1\=11\&p2\=22
abc
//指定的正则表达式要区分大小写
比如:
location ~ ^/abcde$ {
echo "abcde";
}
[root@localhost ~]# curl 192.168.80.130/abcde
abcde
[root@localhost ~]# curl 192.168.80.130/abcdE
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.20.2</center>
</body>
</html>
[root@localhost ~]# curl 192.168.80.130/ABCDE
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.20.2</center>
</body>
</html>
[root@localhost ~]# curl 192.168.80.130/abcde\?p1\=11\&p2\=22
abcde
//指定的正则表达式不区分大小写
比如:
location ~* ^/abcde$ {
echo "abcde";
}
[root@localhost ~]# curl 192.168.80.130/abcde
abcde
[root@localhost ~]# curl 192.168.80.130/abcdE
abcde
[root@localhost ~]# curl 192.168.80.130/ABCDE
abcde
查找顺序和优先级:由高到底依次为
带有
=的精确匹配优先
正则表达式按照他们在配置文件中定义的顺序
带有
^~修饰符的,开头匹配
带有
~或
~*修饰符的,如果正则表达式与URI匹配
没有修饰符的精确匹配
[root@localhost ~]# curl 192.168.80.130/abcde
abcde
[root@localhost ~]# curl 192.168.80.130/abcd
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.20.2</center>
</body>
</html>
[root@localhost ~]# curl 192.168.80.130/abcde
abcde
[root@localhost ~]# curl 192.168.80.130/abcdes
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.20.2</center>
</body>
</html>
优先级顺序:
( location = 路径 ) --> ( location ^~ 路径 ) --> ( location ~ 正则 ) --> ( location ~* 正则 ) --> ( location 路径 )