文章目录
1. nginx并发优化
- 回到原始的nginx,关闭openresty
[root@server1 conf]# netstat -antuple | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 0 42605 16238/nginx: master
[root@server1 conf]# /usr/local/openresty/nginx/sbin/nginx -s stop
[root@server1 conf]# netstat -antuple | grep nginx
[root@server1 conf]# systemctl start nginx.service
[root@server1 conf]# netstat -antuple | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 0 64614 16370/nginx: master
- 修改主配置文件
最好将nginx的子进程数和cpu核心数做绑定,避免上下文切换
[root@server1 conf]# cd /usr/local/nginx/conf/
[root@server1 conf]# vim nginx.conf
####
user nginx nginx;
worker_processes 2; //工作进程数
worker_cpu_affinity 01 10; //第一个cpu,第二个cpc
events {
use epoll; //linux内核的epoll模型
worker_connections 65535; //65535 x 2,并发量;单个工作进程并发连接数
}
####
[root@server1 conf]# nginx -s reload
- 修改
/etc/security/limits.conf
Linux下高并发socket最大连接数所受的各种限制
比如以下,需要修改用户进程打开的文件数限制
即改即生效
[root@server1 conf]# vim /etc/security/limits.conf
####
在最后一行写入
# End of file
nginx - nofile 65535
####
- 看一看
[root@server1 conf]# sysctl -a | grep file
fs.file-max = 398188
fs.file-nr = 1184 0 398188
fs.xfs.filestream_centisecs = 3000
sysctl: reading key "net.ipv6.conf.all.stable_secret"
sysctl: reading key "net.ipv6.conf.default.stable_secret"
sysctl: reading key "net.ipv6.conf.eth0.stable_secret"
sysctl: reading key "net.ipv6.conf.lo.stable_secret"
- 反向代理
2和3也可以使用nginx,只是nginx还需要编译
server1做负载均衡,反向代理
22222222222222
[root@server2 ~]# yum install -y httpd
[root@server2 ~]# systemctl enable --now httpd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@server2 ~]# echo server2 > /var/www/html/index.html
[root@server2 ~]# curl 172.25.23.2
server2
[root@server2 ~]# systemctl disable --now firewalld
33333333333333
[root@server3 ~]# yum install -y httpd
[root@server3 ~]# systemctl enable --now httpd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@server3 ~]# echo server3 > /var/www/html/index.html
[root@server3 ~]# curl localhost
server3
[root@server3 ~]# systemctl disable --now firewalld
1111111111111111
[root@server1 conf]# vim /usr/local/nginx/conf/nginx.conf
####
http {
upstream westos { //负载均衡
server 172.25.23.2:80;
server 172.25.23.3:80;
}
include mime.types;
default_type application/octet-stream;
#location / {
# root html;
# index index.php index.html index.htm;
#}
location / {
proxy_pass http://westos;
}
####
[root@server1 conf]# nginx -t //检测语法
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload
- 负载均衡,反向代理的测试
观察下面的
netstat
命令,我们可以明白为什么nginx做反向代理时,用户进程要除以2
[root@westos ~]# curl 172.25.23.1
server2
[root@westos ~]# curl 172.25.23.1
server3
[root@westos ~]# curl 172.25.23.1
server2
[root@westos ~]# curl 172.25.23.1
server2
[root@westos ~]# curl 172.25.23.1
server3
[root@westos ~]# netstat -antuple
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 127.0.0.1:5900 0.0.0.0:* LISTEN 107 57789 3474/qemu-kvm
tcp 0 0 127.0.0.1:5901 0.0.0.0:* LISTEN 107 338227 14529/qemu-kvm
tcp 0 0 127.0.0.1:5902 0.0.0.0:* LISTEN 107 343304 14699/qemu-kvm
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 0 15153 1/systemd
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 0 38283 1979/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 26149 1008/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 0 30603 997/cupsd
tcp 0 0 172.25.23.250:36666 172.25.23.1:80 TIME_WAIT 0 0 -
tcp 0 0 172.25.23.250:36668 172.25.23.1:80 TIME_WAIT 0 0 -
tcp 0 0 172.25.23.250:41898 172.25.23.2:22 ESTABLISHED 1000 341545 15090/ssh
tcp 0 0 172.25.23.250:56620 172.25.23.2:80 TIME_WAIT 0 0 -
tcp 0 0 172.25.23.250:33848 172.25.23.3:22 ESTABLISHED 1000 344241 15068/ssh
tcp 0 0 192.168.0.4:34652 44.238.41.205:443 ESTABLISHED 997 355376 2708/geoclue
tcp 0 0 192.168.0.4:34654 44.238.41.205:443 ESTABLISHED 997 356403 2708/geoclue
tcp 0 0 192.168.0.4:33082 219.145.180.9:443 ESTABLISHED 1000 346232 4897/firefox
tcp 0 0 172.25.23.250:36662 172.25.23.1:80 TIME_WAIT 0 0 -
tcp 0 0 172.25.23.250:36658 172.25.23.1:80 TIME_WAIT 0 0 -
tcp 0 0 172.25.23.250:56618 172.25.23.2:80 TIME_WAIT 0 0 -
tcp 0 0 172.25.23.250:36660 172.25.23.1:80 TIME_WAIT 0 0 -
tcp 0 0 172.25.23.250:51398 172.25.23.1:22 ESTABLISHED 1000 173245 6672/ssh
tcp6 0 0 :::111 :::* LISTEN 0 15155 1/systemd
tcp6 0 0 :::80 :::* LISTEN 0 34355 1131/httpd
tcp6 0 0 :::22 :::* LISTEN 0 26151 1008/sshd
tcp6 0 0 ::1:631 :::* LISTEN 0 30602 997/cupsd
udp 0 0 192.168.122.1:53 0.0.0.0:* 0 38282 1979/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:* 0 38279 1979/dnsmasq
udp 0 0 192.168.0.4:68 192.168.0.1:67 ESTABLISHED 0 64589 940/NetworkManager
udp 0 0 0.0.0.0:111 0.0.0.0:* 0 15154 1/systemd
udp 0 0 0.0.0.0:37044 0.0.0.0:* 70 32246 920/avahi-daemon: r
udp 0 0 127.0.0.1:323 0.0.0.0:* 0 32051 937/chronyd
udp 0 0 192.168.0.4:49862 0.0.0.0:* 1000 165875 4897/firefox
udp 0 0 0.0.0.0:5353 0.0.0.0:* 70 32244 920/avahi-daemon: r
udp6 0 0 :::111 :::* 0 15156 1/systemd
udp6 0 0 ::1:323 :::* 0 32052 937/chronyd
udp6 0 0 :::5353 :::* 70 32245 920/avahi-daemon: r
udp6 0 0 :::34847 :::* 70 32247 920/avahi-daemon: r
Q:nginx为什么比apache快?
2. nginx平滑升级
平滑升级:不需要关闭nginx,用户是感觉不到的
- 下载新版本,解压,编译
[root@server1 test]# tar zxf nginx-1.19.1.tar.gz
[root@server1 test]# cd nginx-1.19.1/
[root@server1 nginx-1.19.1]# ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module //保持一致
[root@server1 nginx-1.19.1]# make
[root@server1 nginx-1.19.1]# make install
- nginx脚本有点大,关闭debug
[root@server1 nginx-1.19.1]# cd objs/
[root@server1 objs]# du -sh nginx
5.8M nginx
[root@server1 objs]# cd -
/test/nginx-1.19.1
[root@server1 nginx-1.19.1]# make clean
rm -rf Makefile objs
[root@server1 nginx-1.19.1]# vim auto/cc/gcc
####
注释172行
171 # debug
172 #CFLAGS="$CFLAGS -g"
####
[root@server1 nginx-1.19.1]# ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module
[root@server1 nginx-1.19.1]# make
[root@server1 nginx-1.19.1]# nginx -v //查看版本
nginx version: nginx/1.19.1
- 拷贝原程序
如果/usr/local/nginx/sbin/中已经有2个版本了,就不需要进行改名字的操作
注意注意注意!!!!(
[root@server1 nginx-1.19.1]# mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.old
mv: overwrite ‘/usr/local/nginx/sbin/nginx.old’? y
)
[root@server1 nginx-1.19.1]# cd /usr/local/nginx/sbin/
[root@server1 sbin]# ls
nginx nginx.old
[root@server1 sbin]# ll
total 6760
-rwxr-xr-x 1 root root 5988520 Apr 5 16:00 nginx
-rwxr-xr-x 1 root root 927176 Mar 29 20:41 nginx.old
[root@server1 sbin]# ./nginx -v
nginx version: nginx/1.19.1
[root@server1 sbin]# ./nginx.old -v
nginx version: nginx/1.18.0
[root@server1 sbin]# curl localhost
server3
[root@server1 sbin]# curl localhost
server2
[root@server1 sbin]# curl localhost
server2
[root@server1 sbin]# curl localhost
server3
- 目前还没有升级,需要找到nginx的进程号,对进程号操作
[root@server1 sbin]# curl -I localhost //还没有升级
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Mon, 05 Apr 2021 08:10:43 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 8
Connection: keep-alive
Last-Modified: Mon, 05 Apr 2021 07:48:46 GMT
ETag: "8-5bf34ed74a310"
Accept-Ranges: bytes
[root@server1 sbin]# ps ax | grep nginx
16370 ? Ss 0:00 nginx: master process /usr/local/nginx/sbin/nginx
17555 ? S 0:00 nginx: worker process
17556 ? S 0:00 nginx: worker process
23689 pts/0 S+ 0:00 grep --color=auto nginx
[root@server1 sbin]# kill -USR2 16370 //产生新的进程,它是新版本的进程
[root@server1 sbin]# ps ax | grep nginx
16370 ? Ss 0:00 nginx: master process /usr/local/nginx/sbin/nginx
17555 ? S 0:00 nginx: worker process
17556 ? S 0:00 nginx: worker process
23704 ? S 0:00 nginx: master process /usr/local/nginx/sbin/nginx
23705 ? S 0:00 nginx: worker process
23706 ? S 0:00 nginx: worker process
23709 pts/0 R+ 0:00 grep --color=auto nginx
[root@server1 sbin]# kill -WINCH 16370 //关闭原进程,子进程没有了
[root@server1 sbin]# ps ax | grep nginx
16370 ? Ss 0:00 nginx: master process /usr/local/nginx/sbin/nginx
23704 ? S 0:00 nginx: master process /usr/local/nginx/sbin/nginx
23705 ? S 0:00 nginx: worker process
23706 ? S 0:00 nginx: worker process
23736 pts/0 S+ 0:00 grep --color=auto nginx
[root@server1 sbin]# curl -I localhost //升级成功
HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Mon, 05 Apr 2021 08:15:29 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 8
Connection: keep-alive
Last-Modified: Mon, 05 Apr 2021 07:45:56 GMT
ETag: "8-5bf34e35632b8"
Accept-Ranges: bytes
升级成功
- 版本回退
[root@server1 sbin]# ./nginx -v
nginx version: nginx/1.19.1
[root@server1 sbin]# ./nginx.old -v
nginx version: nginx/1.18.0
[root@server1 sbin]# ls
nginx nginx.old
[root@server1 sbin]# mv nginx nginx.new
[root@server1 sbin]# ls
nginx.new nginx.old
[root@server1 sbin]# mv nginx.old nginx
[root@server1 sbin]# ls
nginx nginx.new
[root@server1 sbin]# ./nginx -v
nginx version: nginx/1.18.0
[root@server1 sbin]# ./nginx.new -v
nginx version: nginx/1.19.1
[root@server1 sbin]# nginx -s reload
[root@server1 sbin]# curl -I localhost //还没有回退版本
HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Mon, 05 Apr 2021 08:15:29 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 8
Connection: keep-alive
Last-Modified: Mon, 05 Apr 2021 07:45:56 GMT
ETag: "8-5bf34e35632b8"
Accept-Ranges: bytes
[root@server1 sbin]# ps ax | grep nginx
16370 ? Ss 0:00 nginx: master process /usr/local/nginx/sbin/nginx
23704 ? S 0:00 nginx: master process /usr/local/nginx/sbin/nginx
24193 ? S 0:00 nginx: worker process
24194 ? S 0:00 nginx: worker process
24237 pts/0 S+ 0:00 grep --color=auto nginx
[root@server1 sbin]# kill -HUP 16370 //唤醒原进程
[root@server1 sbin]# ps ax | grep nginx
16370 ? Ss 0:00 nginx: master process /usr/local/nginx/sbin/nginx //唤醒老进程
23704 ? S 0:00 nginx: master process /usr/local/nginx/sbin/nginx
24193 ? S 0:00 nginx: worker process //这是新版本的进程
24194 ? S 0:00 nginx: worker process
24254 ? S 0:00 nginx: worker process //这是旧的版本的子进程
24255 ? S 0:00 nginx: worker process
24258 pts/0 S+ 0:00 grep --color=auto nginx
[root@server1 sbin]# kill -WINCH 23704 //回收新版本的子进程
[root@server1 sbin]# ps ax | grep nginx
16370 ? Ss 0:00 nginx: master process /usr/local/nginx/sbin/nginx
23704 ? S 0:00 nginx: master process /usr/local/nginx/sbin/nginx
24254 ? S 0:00 nginx: worker process
24255 ? S 0:00 nginx: worker process
24276 pts/0 S+ 0:00 grep --color=auto nginx
[root@server1 sbin]# curl -I localhost //回退版本成功
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Mon, 05 Apr 2021 08:22:23 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 8
Connection: keep-alive
Last-Modified: Mon, 05 Apr 2021 07:45:56 GMT
ETag: "8-5bf34e35632b8"
Accept-Ranges: bytes
回退成功
3. nginx的虚拟主机
- nginx的虚拟主机
[root@server1 sbin]# cd /usr/local/nginx/conf/
[root@server1 conf]# vim nginx.conf
####
http {
#upstream westos {
#server 172.25.23.2:80;
#server 172.25.23.3:80;
#}
include mime.types;
default_type application/octet-stream;
server {
listen 80;
server_name www.westos.org;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#location / {
# proxy_pass http://westos;
#}
####
[root@server1 conf]# vim /etc/hosts
172.25.23.1 server1 www.westos.org www.linux.org
[root@server1 conf]# nginx -s reload
[root@server1 conf]# curl localhost
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@server1 conf]# curl www.westos.org
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
- 再来一个虚拟主机
[root@server1 conf]# pwd
/usr/local/nginx/conf
[root@server1 conf]# vim nginx.conf
####
在倒数第二行写入
server {
listen 80;
server_name www.linux.org;
location / {
root /web1;
index index.html;
}
}
####
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload
[root@server1 conf]# mkdir /web1
[root@server1 conf]# echo web1 > /web1/index.html
[root@server1 conf]# vim /etc/hosts
172.25.23.1 server1 www.westos.org www.linux.org
[root@server1 conf]# ping -w 2 www.linux.org
PING westos.westos.org (172.25.23.250) 56(84) bytes of data.
64 bytes from westos.westos.org (172.25.23.250): icmp_seq=1 ttl=64 time=0.085 ms
64 bytes from westos.westos.org (172.25.23.250): icmp_seq=2 ttl=64 time=0.136 ms
--- westos.westos.org ping statistics ---
3 packets transmitted, 2 received, 33% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.085/0.110/0.136/0.027 ms
[root@server1 conf]# curl www.linux.org
web1
[root@server1 conf]# pwd
/usr/local/nginx/conf
[root@server1 conf]# vim nginx.conf
####
http {
upstream westos {
server 172.25.23.2:80;
server 172.25.23.3:80;
}
include mime.types;
default_type application/octet-stream;
#
server {
listen 80;
server_name www.westos.org;
#charset koi8-r;
#access_log logs/host.access.log main;
#location / {
# root html;
# index index.html index.htm;
#}
location / {
proxy_pass http://westos;
}
####
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload
[root@server1 conf]# curl www.linux.org
web1
[root@server1 conf]# curl www.westos.org
server2
[root@server1 conf]# curl www.westos.org
server2
[root@server1 conf]# curl www.westos.org
server3
- https的功能
[root@server1 conf]# vim nginx.conf
####
location / {
root html;
index index.html index.htm;
}
#location / {
# proxy_pass http://westos;
#}
# HTTPS server
#
server {
listen 443 ssl;
server_name localhost;
ssl_certificate cert.pem;
ssl_certificate_key cert.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
生成证书
[root@server1 conf]# cd /etc/pki/tls/certs/
[root@server1 certs]# ls
ca-bundle.crt ca-bundle.trust.crt make-dummy-cert Makefile renew-dummy-cert
[root@server1 certs]# make cert.pem
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -utf8 -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 ; \
cat $PEM1 > cert.pem ; \
echo "" >> cert.pem ; \
cat $PEM2 >> cert.pem ; \
rm -f $PEM1 $PEM2
Generating a 2048 bit RSA private key
......................................................................................................................................................................................................................+++
................................................+++
writing new private key to '/tmp/openssl.0lpRJV'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:shaanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:server1
Email Address []:root@westos.org
[root@server1 certs]# mv /etc/pki/tls/certs/cert.pem /usr/local/nginx/conf/
[root@server1 certs]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server1 certs]# netstat -antuple //找到443,要在reload之后,查看
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 0 33010 3716/php-fpm: maste
tcp 0 0 0.0.0.0:11211 0.0.0.0:* LISTEN 998 38066 7145/memcached
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 0 64614 16370/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 24022 3252/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 24481 3354/master
tcp 0 0 172.25.23.1:22 172.25.23.250:51398 ESTABLISHED 0 28189 3530/sshd: root@pts
tcp6 0 0 :::3306 :::* LISTEN 1001 34477 4131/mysqld
tcp6 0 0 :::11211 :::* LISTEN 998 38067 7145/memcached
tcp6 0 0 :::22 :::* LISTEN 0 24024 3252/sshd
tcp6 0 0 ::1:25 :::* LISTEN 0 24482 3354/master
udp 0 0 0.0.0.0:11211 0.0.0.0:* 998 38070 7145/memcached
udp6 0 0 :::11211 :::* 998 38071 7145/memcached
[root@server1 certs]# nginx -s reload
https测试成功
[root@server1 certs]# curl 172.25.23.1
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@server1 certs]# curl https://172.25.23.1
curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
[root@server1 certs]# curl -k https://172.25.23.1
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
测试:firefox:http://172.25.23.1和https://172.25.23.1
4. nginx限流
- 将server2的权重升高
[root@server1 conf]# pwd
/usr/local/nginx/conf
[root@server1 conf]# vim nginx.conf
####
http {
upstream westos {
server 172.25.23.2:80 weight=2;
server 172.25.23.3:80;
}
include mime.types;
default_type application/octet-stream;
#location / {
# root html;
# index index.html index.htm;
#}
location / {
proxy_pass http://westos;
}
####
[root@server1 conf]# nginx -s reload
[root@server1 conf]# curl 172.25.23.1 //server2接收的会比server3要多
server2
[root@server1 conf]# curl 172.25.23.1
server3
[root@server1 conf]# curl 172.25.23.1
server2
[root@server1 conf]# curl 172.25.23.1
server2
- nginx的健康检查
server2挂掉,还剩下server3
[root@server2 ~]# systemctl stop httpd.service
[root@server1 conf]# curl 172.25.23.1
server3
[root@server1 conf]# curl 172.25.23.1
server3
如果server3也挂掉
[root@server3 ~]# systemctl stop httpd.service
[root@server1 conf]# curl -I 172.25.23.1
HTTP/1.1 502 Bad Gateway
Server: nginx/1.18.0
Date: Mon, 05 Apr 2021 09:18:14 GMT
Content-Type: text/html
Content-Length: 494
Connection: keep-alive
ETag: "6061cb10-1ee"
[root@server1 conf]# curl 172.25.23.1
<!DOCTYPE html>
<html>
<head>
<title>Error</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>An error occurred.</h1>
<p>Sorry, the page you are looking for is currently unavailable.<br/>
Please try again later.</p>
<p>If you are the system administrator of this resource then you should check
the error log for details.</p>
<p><em>Faithfully yours, nginx.</em></p>
</body>
</html>
[root@server1 conf]# curl -k www.westos.org
<!DOCTYPE html>
<html>
<head>
<title>Error</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>An error occurred.</h1>
<p>Sorry, the page you are looking for is currently unavailable.<br/>
Please try again later.</p>
<p>If you are the system administrator of this resource then you should check
the error log for details.</p>
<p><em>Faithfully yours, nginx.</em></p>
</body>
</html>
- 加上语句backup后,即使server2和3都挂掉了,也不会报错,会提供测试页。
但只要server2或者3恢复了,nginx都会检测到,恢复之前的数据
[root@server1 conf]# pwd
/usr/local/nginx/conf
[root@server1 conf]# vim nginx.conf
####
http {
upstream westos {
server 172.25.23.2:80 weight=3;
server 172.25.23.3:80;
server 127.0.0.1:80 backup;
}
include mime.types;
default_type application/octet-stream;
####
[root@server1 conf]# nginx -s reload
[root@server1 certs]# curl localhost
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
server2或者server3恢复后,
[root@server3 ~]# systemctl enable --now httpd.service
[root@server2 ~]# systemctl enable --now httpd.service
[root@server1 conf]# curl www.westos.org
server2
[root@server1 conf]# curl www.westos.org
server2
[root@server1 conf]# curl www.westos.org
server2
[root@server1 conf]# curl www.westos.org
server2
[root@server1 conf]# curl www.westos.org
server3
5. nginx算法
- 如果更改算法
ip_hash
要注释掉之前的backup,因为backup不适用于ip_hash算法
- 如果更改算法
cookie
make
nginx
要用浏览器查看
6. 用户反馈慢
多看官方文档
核心源代码(.c结尾)
PLUS:商业版本
做限流动作
- 编辑主配置文件
[root@server1 ~]# cd /usr/local/nginx/conf/
[root@server1 conf]# ls
fastcgi.conf koi-win scgi_params
fastcgi.conf.default mime.types scgi_params.default
fastcgi_params mime.types.default uwsgi_params
fastcgi_params.default nginx.conf uwsgi_params.default
koi-utf nginx.conf.default win-utf
[root@server1 conf]# vim nginx.conf
####
#gzip on;
limit_conn_zone $binary_remote_addr zone=addr:10m;
location / {
root html;
index index.html index.htm;
}
location /download/ {
limit_conn addr 1;
}
####
- 在默认发布目录
/usr/local/nginx/html
里建立子发布目录download
,再放个图片
[root@server1 conf]# cd /usr/local/nginx/html/
[root@server1 html]# mkdir download
[root@server1 html]# cp /root/vim.jpg /usr/local/nginx/html/download/
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server1 html]# nginx -s reload
- 压测
压力测试
-n :请求量
-c :并发量
会出现有错误
[root@foundation21 ~]# ab -c 10 -n 10 http://172.25.21.2/download/vim.jpg
This is ApacheBench, Version 2.3 <$Revision: 1843412 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking 172.25.21.2 (be patient).....done
Server Software: nginx/1.19.1
Server Hostname: 172.25.21.2
Server Port: 80
Document Path: /download/vim.jpg
Document Length: 494 bytes
Concurrency Level: 10
Time taken for tests: 0.002 seconds
Complete requests: 10
Failed requests: 1
(Connect: 0, Receive: 0, Length: 1, Exceptions: 0)
Non-2xx responses: 9
Total transferred: 460006 bytes
HTML transferred: 458021 bytes
Requests per second: 5076.14 [#/sec] (mean)
Time per request: 1.970 [ms] (mean)
Time per request: 0.197 [ms] (mean, across all concurrent requests)
Transfer rate: 228032.80 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 0 0.1 0 0
Processing: 0 1 0.4 1 2
Waiting: 0 0 0.1 0 1
Total: 1 1 0.4 1 2
Percentage of the requests served within a certain time (ms)
50% 1
66% 1
75% 1
80% 1
90% 2
95% 2
98% 2
99% 2
100% 2 (longest request)
- 如果测试1个并发
[root@foundation21 ~]# ab -c 1 -n 10 http://172.25.21.2/download/vim.jpg
This is ApacheBench, Version 2.3 <$Revision: 1843412 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking 172.25.21.2 (be patient).....done
Server Software: nginx/1.19.1
Server Hostname: 172.25.21.2
Server Port: 80
Document Path: /download/vim.jpg
Document Length: 453575 bytes
Concurrency Level: 1
Time taken for tests: 0.012 seconds
Complete requests: 10
Failed requests: 0
Total transferred: 4538140 bytes
HTML transferred: 4535750 bytes
Requests per second: 817.93 [#/sec] (mean)
Time per request: 1.223 [ms] (mean)
Time per request: 1.223 [ms] (mean, across all concurrent requests)
Transfer rate: 362487.92 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 0 0.0 0 0
Processing: 1 1 0.3 1 2
Waiting: 0 0 0.1 0 0
Total: 1 1 0.3 1 2
Percentage of the requests served within a certain time (ms)
50% 1
66% 1
75% 1
80% 1
90% 2
95% 2
98% 2
99% 2
100% 2 (longest request)
7. 流量控制
7.1 单位时间内的限制请求个数
- 编辑主配置文件
在http语句块里写入,每秒一个请求数
[root@server1 conf]# pwd
/usr/local/nginx/conf
[root@server1 conf]# vim nginx.conf
####
location /download/ {
limit_conn addr 1;
limit_rate 50k;
}
####
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload
- 压测
一秒内只放行一个请求数
这里速度明显慢了很多
[root@foundation21 ~]# ab -c 1 -n 10 http://172.25.21.2/download/vim.jpg
This is ApacheBench, Version 2.3 <$Revision: 1843412 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking 172.25.21.2 (be patient)...done
Server Software: nginx/1.19.1
Server Hostname: 172.25.21.2
Server Port: 80
Document Path: /download/vim.jpg
Document Length: 453575 bytes
Concurrency Level: 1
Time taken for tests: 80.147 seconds
Complete requests: 10
Failed requests: 0
Total transferred: 4538140 bytes
HTML transferred: 4535750 bytes
Requests per second: 0.12 [#/sec] (mean)
Time per request: 8014.705 [ms] (mean)
Time per request: 8014.705 [ms] (mean, across all concurrent requests)
Transfer rate: 55.30 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 0 0.0 0 0
Processing: 8013 8014 0.6 8015 8015
Waiting: 0 0 0.1 0 0
Total: 8013 8015 0.6 8015 8015
WARNING: The median and mean for the processing time are not within a normal deviation
These results are probably not that reliable.
Percentage of the requests served within a certain time (ms)
50% 8015
66% 8015
75% 8015
80% 8015
90% 8015
95% 8015
98% 8015
99% 8015
100% 8015 (longest request)
[root@foundation21 ~]# ab -c 1 -n 1 http://172.25.21.2/download/vim.jpg
This is ApacheBench, Version 2.3 <$Revision: 1843412 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking 172.25.21.2 (be patient)...done
Server Software: nginx/1.19.1
Server Hostname: 172.25.21.2
Server Port: 80
Document Path: /download/vim.jpg
Document Length: 453575 bytes
Concurrency Level: 1
Time taken for tests: 8.015 seconds
Complete requests: 1
Failed requests: 0
Total transferred: 453814 bytes
HTML transferred: 453575 bytes
Requests per second: 0.12 [#/sec] (mean)
Time per request: 8015.415 [ms] (mean)
Time per request: 8015.415 [ms] (mean, across all concurrent requests)
Transfer rate: 55.29 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 0 0.0 0 0
Processing: 8015 8015 0.0 8015 8015
Waiting: 0 0 0.0 0 0
Total: 8015 8015 0.0 8015 8015
- 9个全部报错,要求设置排队,进行等待
[root@server1 conf]# pwd
/usr/local/nginx/conf
[root@server1 conf]# vim nginx.conf
####
#gzip on;
limit_conn_zone $binary_remote_addr zone=addr:10m;
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
location /download/ {
limit_conn addr 1;
#limit_rate 50k;
limit_req zone=one;
}
####
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload
- 压测
单位时间内请求的数量有限,要做到保护的措施
防止丢失数据,将完不成的数据放到消息队列中(先进先出)
如果消息队列越来越大,需要做过渡
[root@foundation21 ~]# ab -c 1 -n 1 http://172.25.21.2/download/vim.jpg
This is ApacheBench, Version 2.3 <$Revision: 1843412 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking 172.25.21.2 (be patient).....done
Server Software: nginx/1.19.1
Server Hostname: 172.25.21.2
Server Port: 80
Document Path: /download/vim.jpg
Document Length: 453575 bytes
Concurrency Level: 1
Time taken for tests: 0.002 seconds
Complete requests: 1
Failed requests: 0
Total transferred: 453814 bytes
HTML transferred: 453575 bytes
Requests per second: 615.01 [#/sec] (mean)
Time per request: 1.626 [ms] (mean)
Time per request: 1.626 [ms] (mean, across all concurrent requests)
Transfer rate: 272557.03 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 0 0.0 0 0
Processing: 1 1 0.0 1 1
Waiting: 0 0 0.0 0 0
Total: 2 2 0.0 2 2
- 不要延迟
nodelay
[root@server1 conf]# pwd
/usr/local/nginx/conf
[root@server1 conf]# vim nginx.conf
####
location /download/ {
limit_conn addr 1;
#limit_rate 50k;
limit_req zone=one burst=5 nodelay;
}
####
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload
- 压测
有4个失败,只处理队列中的前5个请求
[root@foundation21 ~]# ab -c 1 -n 10 http://172.25.21.2/download/vim.jpg
This is ApacheBench, Version 2.3 <$Revision: 1843412 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking 172.25.21.2 (be patient).....done
Server Software: nginx/1.19.1
Server Hostname: 172.25.21.2
Server Port: 80
Document Path: /download/vim.jpg
Document Length: 453575 bytes
Concurrency Level: 1
Time taken for tests: 0.009 seconds
Complete requests: 10
Failed requests: 4
(Connect: 0, Receive: 0, Length: 4, Exceptions: 0)
Non-2xx responses: 4
Total transferred: 2725636 bytes
HTML transferred: 2723426 bytes
Requests per second: 1074.11 [#/sec] (mean)
Time per request: 0.931 [ms] (mean)
Time per request: 0.931 [ms] (mean, across all concurrent requests)
Transfer rate: 285902.68 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 0 0.2 0 1
Processing: 0 1 0.4 1 1
Waiting: 0 0 0.1 0 0
Total: 0 1 0.4 1 2
Percentage of the requests served within a certain time (ms)
50% 1
66% 1
75% 1
80% 1
90% 2
95% 2
98% 2
99% 2
100% 2 (longest request)
8. nginx配置管理
8.1 自动索引功能:下载更方便
- 编辑主配置文件
[root@server1 conf]# pwd
/usr/local/nginx/conf
[root@server1 conf]# vim nginx.conf
####
location /download/ {
limit_conn addr 1;
#limit_rate 50k;
limit_req zone=one burst=5 nodelay;
autoindex on;
}
####
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload
- 压测
火狐测试:http://172.25.21.2/download/
[root@foundation21 ~]# curl 172.25.21.2/download/
<html>
<head><title>Index of /download/</title></head>
<body>
<h1>Index of /download/</h1><hr><pre><a href="../">../</a>
<a href="vim.jpg">vim.jpg</a> 04-Apr-2021 02:37 453575
</pre><hr></body>
</html>
[root@server1 conf]# vim nginx.conf
####
location ~ .*\.(gif|jpg|png)$ {
expires 365d;
root html;
}
####
[root@server1 conf]# nginx -s reload
[root@foundation21 ~]# curl -I http://172.25.21.2/download/vim.jpg
HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Tue, 06 Apr 2021 02:45:24 GMT
Content-Type: image/jpeg
Content-Length: 453575
Last-Modified: Sun, 04 Apr 2021 02:37:25 GMT
Connection: keep-alive
ETag: "60692665-6ebc7"
Expires: Wed, 06 Apr 2022 02:45:24 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
8.2 日志轮询
- 查看日至量
[root@server1 conf]# pwd
/usr/local/nginx/conf
[root@server1 conf]# ls /usr/local/nginx/logs/
access.log error.log nginx.pid nginx.pid.oldbin
[root@server1 conf]# wc -l /usr/local/nginx/logs/access.log
11789 /usr/local/nginx/logs/access.log
[root@server1 conf]# date +%F -d 1day
2021-04-07
[root@server1 conf]# date +%F -d -1day
2021-04-05
[root@server1 conf]# date +%F
2021-04-06
- 写脚本
只针对accesss.log
kill:重载,进行日志重载
写到crontab
新来的日志进到access.log
[root@server1 conf]# pwd
/usr/local/nginx/conf
[root@server1 conf]# cd /opt/
[root@server1 opt]# ls
[root@server1 opt]# vim nginx_log.sh
####
#!/bin/bash
cd /usr/local/nginx/logs && mv access.log access_$(date %F -d -1day).log
kill -USR1 `cat /usr/local/nginx/logs/nginx.pid`
####
[root@server1 opt]# chmod +x /opt/nginx_log.sh
[root@server1 opt]# ./nginx_log.sh
[root@server1 opt]# cd /usr/local/nginx/logs/
[root@server1 logs]# ll
total 5616
-rw-r--r-- 1 nginx root 0 Apr 6 10:55 access_2021-04-05.log //新生成的日志
-rw-r--r-- 1 nginx root 0 Apr 6 10:54 access_.log
-rw-r--r-- 1 nginx root 0 Apr 6 10:56 access.log
-rw-r--r-- 1 nginx root 5739961 Apr 6 10:44 error.log
-rw-r--r-- 1 root root 5 Apr 6 09:55 nginx.pid
-rw-r--r-- 1 root root 5 Apr 4 09:09 nginx.pid.oldbin
[root@server1 logs]# ls -l /usr/local/nginx/logs/access_2021-04-05.log
-rw-r--r-- 1 nginx root 0 Apr 6 10:55 /usr/local/nginx/logs/access_2021-04-05.log
[root@foundation21 ~]# curl -I http://172.25.21.2/download/vim.jpg
HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Tue, 06 Apr 2021 03:03:17 GMT
Content-Type: image/jpeg
Content-Length: 453575
Last-Modified: Sun, 04 Apr 2021 02:37:25 GMT
Connection: keep-alive
ETag: "60692665-6ebc7"
Expires: Wed, 06 Apr 2022 03:03:17 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
8.3 禁用不要的日志记录
要求不写入日至
写到gif位置
[root@server1 conf]# > /usr/local/nginx/logs/access.log
[root@server1 conf]# cat /usr/local/nginx/logs/access.log
[root@server1 conf]# ls -l /usr/local/nginx/logs/access.log
-rw-r--r-- 1 nginx root 0 Apr 6 11:09 /usr/local/nginx/logs/access.log
[root@server1 logs]# cd /usr/local/nginx/conf/
[root@server1 conf]# vim nginx.conf
####
location ~ .*\.(gif|jpg|png)$ {
expires 365d;
root html;
access_log off;
}
####
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload
2。 reload
3。 真机curl -I
server1cat access.log
访问图片,access大小不变,访问页面,access改变
[root@foundation21 ~]# curl -I http://172.25.21.2/download/vim.jpg
[root@server1 conf]# cat /usr/local/nginx/logs/access.log //访问图片,不会记录日志
[root@server1 conf]#
测试页面的访问,火狐:172。25。21。2
[root@server1 conf]# cat /usr/local/nginx/logs/access.log
172.25.21.250 - - [06/Apr/2021:11:15:18 +0800] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0"
8.4 限制文件和目录访问
1。 vim
写到gif
deny all
默认禁用所有用户
[root@server1 conf]# pwd
/usr/local/nginx/conf
[root@server1 conf]# vim nginx.conf
####
location ~ .*\.(gif|jpg|png)$ {
deny all;
expires 365d;
root html;
access_log off;
}
####
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload
2。 reload
3。 测试:wget
火狐测试
[root@foundation21 mnt]# curl http://172.25.21.2/download/vim.jpg
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.19.1</center>
</body>
</html>
[root@foundation21 mnt]# wget http://172.25.21.2/download/vim.jpg
--2021-04-06 11:22:54-- http://172.25.21.2/download/vim.jpg
Connecting to 172.25.21.2:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2021-04-06 11:22:54 ERROR 403: Forbidden.
gif后面的$是通配
也可以允许allow 172。25。0。250
[root@server1 conf]# pwd
/usr/local/nginx/conf
[root@server1 conf]# vim nginx.conf
####
location /download/ {
allow 172.25.254.21;
deny all;
limit_conn addr 1;
#limit_rate 50k;
limit_req zone=one burst=5 nodelay;
autoindex on;
}
location ~ .*\.(gif|jpg|png)$ {
expires 365d;
root html;
access_log off;
}
####
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload
火狐测试
8.5 中文乱码
[root@server1 conf]# vim /usr/local/nginx/html/index.html
####
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!中文乱码</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
####
1。 ivm
写到http的字符集
[root@server1 ~]# cd /usr/local/nginx/conf/
[root@server1 conf]# vim nginx.conf
####
没有找到要写的位置
回放查看视频
#keepalive_timeout 0;
keepalive_timeout 65;
charset utf-8;
#gzip on;
####
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload
火狐测试成功
2。 reload
3。 测试
8.6 限制IP
之前的练习里有这部分
一般不写到跟(网站首页)
返回错误之
remote_addr
9. nginx 重定向
防止域名恶意解析到服务器IP
存在恶意解析,作重定向
1。
server
[root@server1 conf]# pwd
/usr/local/nginx/conf
[root@server1 conf]# vim nginx.conf
####
server {
listen 80;
server_name localhost;
return 500;
####
先测试以下
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload
2。 reload
3。返回500
[root@foundation21 ~]# curl 172.25.21.2
<html>
<head><title>500 Internal Server Error</title></head>
<body>
<center><h1>500 Internal Server Error</h1></center>
<hr><center>nginx/1.19.1</center>
</body>
</html>
优化:
重定向到别的地方
1。 永久重定向
[root@server1 conf]# pwd
/usr/local/nginx/conf
[root@server1 conf]# vim nginx.conf
####
server {
listen 80;
server_name localhost;
#return 500;
rewrite ^(.*) http://www.westos.org permanent;
#charset koi8-r;
####
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload
2。 relaod
3。 curl 172。252。0。1
查看重定向
502:没有网页
开启apache
[root@foundation21 ~]# curl 172.25.21.2
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.19.1</center>
</body>
</html>
[root@foundation21 ~]# curl -I 172.25.21.2
HTTP/1.1 301 Moved Permanently
Server: nginx/1.19.1
Date: Tue, 06 Apr 2021 04:14:43 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: http://www.westos.org
火狐测试,显示没有网页
9.1 80重定向到443
1。 vim
加密的域名改称www。westos。org
[root@server1 conf]# pwd
/usr/local/nginx/conf
[root@server1 conf]# vim nginx.conf
####
写到最后一行,虚拟主机那里
server {
listen 80;
server_name www.westos.org;
rewrite ^/(.*)$ https://www.westos.org/$1 permanent;
#location / {
#proxy_pass http://westos;
#}
}
server {
listen 80;
server_name www.linux.org;
location / {
root /web1;
index index.html;
}
}
####
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[roo[root@server1 conf]# netstat -antuple | grep 443
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 0 23898 3231/nginx: mastert@server1 conf]# nginx -s reload
2。 relaod
3。火狐测试
集图
9.2 www.westos.org/bbs 重定向 bbs.westos.org
网站的扩容,站点太大,分出很多的模块
每个模块有自己的指定域名,
1。 vim
[root@server1 conf]# pwd
/usr/local/nginx/conf
[root@server1 conf]# vim nginx.conf
####
server {
listen 80;
server_name www.linux.org;
rewrite ^/(.*)$ https://bbs.linux.org/$1 permanent;
location / {
root /web1;
index index.html;
}
#location / {
#proxy_pass http://westos;
#}
}
server {
listen 80;
server_name bbs.linux.org;
location / {
root /bbs;
index index.html;
}
}
####
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload
2。 relaod
3。 mkdir /bbs
echo
[root@server1 conf]# mkdir /bbs
[root@server1 conf]# echo bbs.linux.org > /bbs/index.html
[root@server1 conf]# cat /web1/index.html
web1
[root@server1 conf]# echo www.linux.org > /web1/index.html
cd /web1
ehco
作解析
[root@foundation21 ~]# vim /etc/hosts
172.25.21.2 server1 www.westos.org www.linux.org bbs.linux.org
访问www,重定向到bbs:curl
[root@foundation21 ~]# curl -I www.linux.org/bbs
HTTP/1.1 301 Moved Permanently
Server: nginx/1.19.1
Date: Tue, 06 Apr 2021 04:39:30 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://bbs.linux.org/bbs
vim
[root@server1 conf]# pwd
/usr/local/nginx/conf
[root@server1 conf]# vim nginx.conf
####
server {
listen 80;
server_name www.linux.org;
rewrite ^/bbs$ http://bbs.linux.org permanent;
rewrite ^/bbs/(.*)$ http://bbs.linux.org/$1 permanent;
location / {
root /web1;
index index.html;
}
#location / {
#proxy_pass http://westos;
#}
}
server {
listen 80;
server_name bbs.linux.org;
location / {
root /bbs;
index index.html;
}
}
####
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload
reload
curl
[root@foundation21 ~]# curl -I www.linux.org/bbs
HTTP/1.1 301 Moved Permanently
Server: nginx/1.19.1
Date: Tue, 06 Apr 2021 04:45:21 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: http://bbs.linux.org
[root@foundation21 ~]# curl -I www.linux.org/bbs/index.html
HTTP/1.1 301 Moved Permanently
Server: nginx/1.19.1
Date: Tue, 06 Apr 2021 04:46:09 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: http://bbs.linux.org/index.html
如果访问的是index,灭月定向到
重定向匹配没有定向到页面
9.3 bbs.linux.org 重点向到 www.linux.org
如果反过来
1。 web1
mkdir bbs
cd bbs
mv /bbs /web1
[root@server1 web1]# pwd
/web1
[root@server1 web1]# mv /bbs/ .
[root@server1 web1]# ls
bbs index.html
2。 vim
一个server中可以接受多个域名
粘贴
[root@server1 web1]# cd /usr/local/nginx/conf/
[root@server1 conf]# vim nginx.conf
####
server {
listen 80;
server_name www.linux.org bbs.linux.org;
#rewrite ^/bbs$ http://bbs.linux.org permanent;
#rewrite ^/bbs/(.*)$ http://bbs.linux.org/$1 permanent;
if ($host = "bbs.linux.org"){
rewrite ^/(.*)$ http://www.linux.org/bbs/$1 permanent;
}
location / {
root /web1;
index index.html;
}
#location / {
#proxy_pass http://westos;
#}
}
#server {
# listen 80;
# server_name bbs.linux.org;
#
# location / {
# root /bbs;
# index index.html;
# }
#}
####
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload
[root@foundation21 ~]# curl -I bbs.linux.org
HTTP/1.1 301 Moved Permanently
Server: nginx/1.19.1
Date: Tue, 06 Apr 2021 04:57:22 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: http://www.linux.org/bbs/
[root@foundation21 ~]# curl -I bbs.linux.org/bbs/index.html
HTTP/1.1 301 Moved Permanently
Server: nginx/1.19.1
Date: Tue, 06 Apr 2021 04:57:47 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: http://www.linux.org/bbs/bbs/index.html
10. nginx 防盗链
1。 vim
开启一个网页
[root@server1 conf]# pwd
/usr/local/nginx/conf
[root@server1 conf]# vim nginx.conf
####
server {
listen 80;
server_name www.westos.org;
location / {
root html;
index index.html;
}
}
####
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload
2。 reload
3。 测试www。westos。org/downloda/vim.jpg
访问的是server2,但是不消耗server2的流量
因为他是盗链
[root@server2 ~]# cd /var/www/html/
[root@server2 html]# vim index.html
####
<body>
<img src="http://www.westos.org/download/vim.jpg">
</body>
####
这个是盗链,server2访问的server1的数据,但是,消耗的是server1的流量
需要禁止
屏蔽
针对jpg图片
1。 vim
返回403错误
也可以重定向到另外的站点
可以自己先写一个站点,重定向到这里
[root@server3 ~]# cd /var/www/html/
[root@server3 html]# vim index.html
####
<!DOCTYPE html>
<html>
<head>
<title>It's a daolian!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Dao Lian!</h1>
####
[root@server1 conf]# pwd
/usr/local/nginx/conf
[root@server1 conf]# vim nginx.conf
####
server {
listen 80;
server_name www.westos.org;
location / {
root html;
index index.html;
}
location ~ \.(jpg|png)$ {
valid_referers none blocked www.westos.org;
if ($invalid_referer) {
rewrite ^\ http://www.daolian.org;
}
}
}
####
[root@server1 conf]# nginx -s reload
2。
-t reload
3。 测试
[root@server1 conf]# vim /etc/hosts
[root@foundation21 ~]# vim /etc/hosts
172.25.21.4 server3 www.daolian.org
我没有重定向到server3的网站上
11. goaccess 日志可视化
1。 解压
[root@server1 ~]# tar zxf goaccess-1.4.tar.gz
[root@server1 ~]# cd goaccess-1.4/
[root@server1 goaccess-1.4]# ls
ABOUT-NLS config configure.ac install-sh NEWS TODO
aclocal.m4 config.guess COPYING m4 po
AUTHORS config.rpath depcomp Makefile.am README
ChangeLog config.sub goaccess.1 Makefile.in resources
compile configure INSTALL missing src
2。 缺少devel
在lamp下载,安装
[root@server1 ~]# rpm -ivh GeoIP-devel-1.5.0-13.el7.x86_64.rpm
3。 configure
[root@server1 goaccess-1.4]# ./configure --enable-utf8 --enable-geoip=legacy
4。 gmake gmake install
[root@server1 goaccess-1.4]# gmake
[root@server1 goaccess-1.4]# gmake install
[root@server1 logs]# goaccess access.log -o /usr/local/nginx/html/report.html --log-format=COMBINED --real-time-html
-log-format=COMBINED --real-time-html
Parsing... [0] [0/s]
WebSocket server ready to accept new client connections
[root@server1 html]# cd /usr/local/nginx/html/
[root@server1 html]# ll report.html
-rw-r--r-- 1 root root 343132 Apr 6 13:50 report.html
[root@server1 html]# cd /usr/local/nginx/conf/
[root@server1 conf]# vim nginx.conf
####
server {
listen 80;
server_name localhost;
#return 500;
#rewrite ^(.*) http://www.westos.org permanent;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
####
[root@server1 conf]# nginx -s reload
5。 测试172。25。21。2/report。html
http://172.25.21.2/report.html
[root@foundation21 ~]# curl -I http://172.25.21.2/report.html
HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Tue, 06 Apr 2021 05:59:38 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 343132
Last-Modified: Tue, 06 Apr 2021 05:50:06 GMT
Connection: keep-alive
ETag: "606bf68e-53c5c"
Accept-Ranges: bytes