nginx配置
1.升级nginx, 加echo模块
[root@localhost ~]# wget https://github.com/openresty/echo-nginx-module/archive/master.zip
[root@localhost ~]# unzip echo-nginx-module-master.zip //解压
[root@localhost ~]# nginx -V //查看原本的编译配置
nginx version: nginx/1.16.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-debug --with-http_ssl_module --with-http_realip_module --with-http_image_filter_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_stub_status_module --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log
[root@localhost ~]# cd /usr/local/nginx/sbin/
[root@localhost sbin]# mv nginx nginx.bakup //备份原文件
[root@localhost ~]# cd /root/nginx-1.16.1
[root@localhost nginx-1.16.1]# ./configuer \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx --with-debug \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_image_filter_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=/var/log/nginx/error.log \
--add-module=../echo-nginx-module-master
[root@localhost nginx-1.16.1]# make
[root@localhost nginx-1.16.1]# ls
auto CHANGES.ru configure html Makefile objs src
CHANGES conf contrib LICENSE man README
[root@localhost nginx-1.16.1]# cd objs/
[root@localhost objs]# ls
addon Makefile nginx.8 ngx_auto_headers.h ngx_modules.o
autoconf.err nginx ngx_auto_config.h ngx_modules.c src
[root@localhost objs]# cp -a nginx /usr/local/nginx/sbin/
[root@localhost objs]# nginx -s stop
[root@localhost objs]# /usr/local/nginx/sbin/nginx
[root@localhost objs]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@localhost ~]# nginx -V
nginx version: nginx/1.16.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --user=nginx --group=nginx --with-debug --with-http_ssl_module --with-http_realip_module --with-http_image_filter_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_stub_status_module --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --add-module=../echo-nginx-module-master
//升级成功!!
2.location
location区段,通过指定模式来与客户端请求的URI相匹配
//功能:允许根据用户请求的URI来匹配定义的各location,匹配到时,此请求将被相应的location配置块中的配置所处理,例如做访问控制等功能
//语法:location [ 修饰符 ] pattern {......}
常用修饰符说明:
| 修饰符 | 功能 |
|---|---|
| = | 精确匹配 |
| ~ | 正则表达式模式匹配,区分大小写 |
| ~* | 正则表达式模式匹配,不区分大小写 |
| ^~ | 前缀匹配,类似于无修饰符的行为,也是以指定模块开始,不同的是,如果模式匹配,那么就停止搜索其他模式了,不支持正则表达式 |
| @ | 定义命名location区段,这些区段客户端不能访问,只可以由内部产生的请求来访问,如try_files或error_page等 |
没有修饰符表示必须以指定模式开始,如:
server {
server_name www.idfsoft.com;
location /abc {
echo 'hehe'
}
}
那么如下内容就可正确匹配:
- http://192.168.73.131/abc
- http://192.168.73.131/abc?a=1
- http://192.168.73.131/abc/
[root@localhost ~]# curl http://192.168.73.131/abc
hehe
[root@localhost ~]# curl http://192.168.73.131/abcd
hehe
[root@localhost ~]# curl http://192.168.73.131/abc/
hehe
=:表示必须与指定的模式精确匹配,如:
server {
server_name www.idfsoft.com;
location = /abc {
echo 'hehe';
}
}
那么如下内容就可正确匹配:
http://192.168.73.131/abc
http://192.168.73.131/abc?a=1
[root@localhost ~]# curl http://192.168.73.131/abc?a=1
hehe
[root@localhost ~]# curl http://192.168.73.131/abc
hehe
如下内容则无法匹配:
http://192.168.73.131/abc/
http://192.168.73.131/abc/abcde
[root@localhost ~]# curl http://192.168.73.131/abc/
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.16.1</center>
</body>
</html>
[root@localhost ~]# curl http://192.168.73.131/abcde
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.16.1</center>
</body>
</html>
~:表示指定的正则表达式要区分大小写,如:
server {
server_name www.idfsoft.com;
location ~ ^/abc$ {
echo 'haha';
}
}
那么如下内容就可正确匹配:
- http://192.168.73.131/abc
- http://192.168.73.131/abc?a=1
[root@localhost ~]# curl http://192.168.73.131/abc
haha
[root@localhost ~]# curl http://192.168.73.131/abc?a=1
haha
如下内容则无法匹配:
- http://192.168.73.131/abc/
- http://192.168.73.131/ABC
- http://192.168.73.131/abcde
[root@localhost ~]# curl http://192.168.73.131/abc/
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.16.1</center>
</body>
</html>
[root@localhost ~]# curl http://192.168.73.131/ABC
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.16.1</center>
</body>
</html>
~*:表示指定的正则表达式不区分大小写,如:
server {
server_name www.idfsoft.com;
location ~* ^/abc$ {
echo 'xixi';
}
}
那么如下内容就可正确匹配:
- http://192.168.73.131/abc
- http://192.168.73.131/abc?a=1
- http://192.168.73.131/ABC
[root@localhost ~]# curl http://192.168.73.131/abc
xixi
[root@localhost ~]# curl http://192.168.73.131/abc?a=1
xixi
[root@localhost ~]# curl http://192.168.73.131/ABC
xixi
如下内容则无法匹配:
- http://192.168.73.131/abc/
- http://192.168.73.131/abcde
[root@localhost ~]# curl http://192.168.73.131/abc/
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.16.1</center>
</body>
</html>
[root@localhost ~]# curl http://192.168.73.131/abcde
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.16.1</center>
</body>
</html>
~:类似于无修饰符的行为,也是以指定模式开始,不同的是,如果模式匹配,则停止搜索其他模式
查找顺序和优先级:由高到底依次为
- 带有
=的精确匹配优先 - 正则表达式按照他们在配置文件中定义的顺序
- 带有
^~修饰符的,开头匹配 - 带有
~或~*修饰符的,如果正则表达式与URI匹配 - 没有修饰符的精确匹配
优先级次序如下:
( location = 路径 ) --> ( location ^~ 路径 ) --> ( location ~ 正则 ) --> ( location ~* 正则 ) --> ( location 路径 )
2.1访问控制
用于location段
allow:设定允许哪台或哪些主机访问,多个参数间用空格隔开
deny:设定禁止哪台或哪些主机访问,多个参数间用空格隔开
示例:
allow 192.168.1.1/32 172.16.0.0/16;
deny all;
2.2基于用户认证
auth_basic "欢迎信息";
auth_basic_user_file "/path/to/user_auth_file"
user_auth_file内容格式为:
username:password
这里的密码为加密后的密码串,建议用htpasswd来创建此文件:
htpasswd -c -m /path/to/.user_auth_file USERNAME
//将下列配置加入nginx.conf中
location / {
auth_basic ""
auth_basic_user_file "/usr/local/nginx/conf/.htpass"
root html
index index.html
}
[root@localhost ~]# yum -y install httpd-tools
htpasswd -c -m /usr/local/nginx/conf/.pass lengyan
New password: //设置密码
Re-type new password:
Adding password for user tianxiadiyi
[root@localhost ~]# nginx -s reload
2.3开启状态界面
开启status:
location /status {
stub_status {on | off};
allow 192.168.0.0/16;
deny all;
}
访问状态页面的方式:http://server_ip/status
状态页面信息详解:
| 状态码 | 表示的意义 |
|---|---|
| Active connections 2 | 当前所有处于打开状态的连接数 |
| accepts | 总共处理了多少个连接 |
| handled | 成功创建多少握手 |
| requests | 总共处理了多少个请求 |
| Reading | nginx读取到客户端的Header信息数,表示正处于接收请求状态的连接数 |
| Writing | nginx返回给客户端的Header信息数,表示请求已经接收完成, 且正处于处理请求或发送响应的过程中的连接数 |
| Waiting | 开启keep-alive的情况下,这个值等于active - (reading + writing), 意思就是Nginx已处理完正在等候下一次请求指令的驻留连接 |
3.zabbix监控
- nginx配置
location /status {
stub_status on;
}
//配置zabbix自定义监控accepts
[root@localhost ~]# tail -1 /usr/local/etc/zabbix_agentd.conf
UserParameter=check_nginx_accepts,/bin/bash /scripts/accepts.sh
[root@localhost ~]# cat /scripts/accepts.sh
#!/bin/bash
accepts=$(/usr/bin/curl http://192.168.73.133/status 2>/dev/null | awk NR==3'{print $1}')
echo ${accepts}
[root@localhost ~]# ll -d /scripts/accepts.sh
-rwxr-xr-x 1 zabbix zabbix 120 Jan 1 23:26 /scripts/accepts.sh
4.rewrite
用rewrite模块执行URL的重定向
1.修改配置文件,在官网上搜索images时会重定向到imgs里去访问1.jpg
``
location / {
root html;
index index.html index.htm;
}
location /images {
rewrite ^/images/(.*\.jpg)$ /imgs/$1 break;
}
location /imgs {
root html;
}
[root@localhost html]# ls
50x.html imgs index.html
[root@localhost html]# ls imgs/
1.jpg
基于浏览器实现分离案例
if ($http_user_agent ~ Firefox) {
rewrite ^(.*)$ /firefox/$1 break;
}
if ($http_user_agent ~ MSIE) {
rewrite ^(.*)$ /msie/$1 break;
}
if ($http_user_agent ~ Chrome) {
rewrite ^(.*)$ /chrome/$1 break;
}
防盗链案例
location ~* \.(jpg|gif|jpeg|png)$ {
valid_referers none blocked www.idfsoft.com;
if ($invalid_referer) {
rewrite ^/ http://www.idfsoft.com/403.html;
}
}
392
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
