目录
■ 在各种网站服务器软件中,除了Apache HTTP Server外,还有一款轻量级的HTTP服务器软件–Nginx,其稳定,高效的特性逐渐被越来越多的用户认可
■ 其将源代码以类BSD许可证的形式发布,因它的稳定性、丰富的功能集、示例配置文件和低系统资源的消耗而闻名
■ 特点:占有内存少,并发能力强
一、Nginx服务基础
1.1 Nginx概述
●稳定性高
●系统资源消耗低
●对HTTP并发连接的处理能力高
●单台物理服务器可支持3万~ 5万个并发请求
●占用内存少,并发能力强
1.2 Nginx编译安装
[root@localhost ~]# yum -y install gcc gcc-c++ make pcre-devel zlib-devel
[root@localhost ~]# useradd -M -s /sbin/nologin nginx
[root@localhost ~]# tar xf nginx-1.15.9.tar.gz
[root@localhost ~]# cd nginx-1.15.9/
[root@localhost nginx-1.15.9]# ./configure \
> --prefix=/usr/local/nginx \
> --user=nginx \
> --group=nginx \
> --with-http_stub_status_module
[root@localhost nginx-1.15.9]# make -j3
[root@localhost nginx-1.15.9]# make install
[root@localhost nginx-1.15.9]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin
[root@localhost nginx-1.15.9]# ls -l /usr/local/sbin/nginx
lrwxrwxrwx 1 root root 27 Sep 3 02:59 /usr/local/sbin/nginx -> /usr/local/nginx/sbin/nginx
[root@localhost nginx-1.15.9]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost nginx-1.15.9]# nginx
[root@localhost nginx-1.15.9]# netstat -anpt | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 78877/nginx: master
[root@localhost ~]# yum -y install elinks
■或者可以安装lynx进行测试
[root@localhost nginx-1.15.9]# yum -y install lynx
■在windows里输入此网址20.0.0.11,显示如下
■还可以在windows中通过输入域名的方式进行登录。需要在windows中的hosts中添加映射关系即可验证。
■启动、重载配置、停止Nginx
[root@localhost nginx-1.15.9]# killall -s HUP nginx
##-S选项指定信号种类,HUP信号表示重载配置##
[root@localhost nginx-1.15.9]# killall -s QUIT nginx
##QUIT信号表示退出进程##
■为Nginx添加系统服务
[root@localhost ~]# vim /lib/systemd/system/nginx.service '//添加使用systemctl工具进行管理'
[Unit]
Description=nginx ##描述##
After=network.target ##描述服务类别##
[Service]
Type=forking ##后台运行形势##
PIDFile =/usr/local/nginx/logs/nginx.pid ##PID文件位置##
ExecStart=/usr/local/nginx/sbin/nginx ##启动服务##
ExecReload=/usr/bin/kill -S HUP $MAINPID ##根据PID重载配置##
ExecStop=/usr/bin/kill -S QUIT $MAINPID ##根据PID终止进程##
PrivateTmp=true
[Install]
WantedBy=multi-user.target
[root@localhost ~]# chmod 754 /lib/systemd/system/nginx.service
[root@localhost nginx-1.15.9]# killall -s HUP nginx #重启
[root@localhost nginx-1.15.9]# netstat -ntap | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 79014/nginx: master
■全局配置
[root@localhost nginx-1.15.9]# vi /usr/local/nginx/conf/nginx.conf
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#pid logs/nginx.pid;
■I/O时间配置
[root@localhost nginx-1.15.9]# vi /usr/local/nginx/conf/nginx.conf
events {
use epoll;
worker_connections 4096;
}
■HTTP配置
http {
. . . . . . . . . . . .
access_log logs/access.log main;
sendfile on;
. . . . . . . .
keepalive_timeout 65;
. . . . . . . .
server {
listen 80;
server_name www.51xit.top;
charset utf-8;
. . . . . . . .
location / {
root html;
index index.html index.php;
}
. . . . . . . .
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
■Nginx的访问状态统计
●启用HTTP_ STUB_ STATUS状态统计模块
●配置编译参数时添加–with-http stub status module
●nginx -V查看已安装的Nginx是否包含HTTP_ STUB _STATUS模块
[root@localhost nginx-1.15.9]# nginx -V
nginx version: nginx/1.15.9
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC)
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module
■修改nginx.conf配置文件
http{
server {
listen 80;
server name localhost;
charset utf-8;
location / {
root html;
index index.html index.htm;
}
location ~/status { ##添加此段##
stub_status on;
access_log off;}
■在windows中输入20.0.0.11/status即可查看当前的状态统计信息
二、Nginx访问控制
2.1 基于授权的访问控制
●生成用户密码认证文件
[root@localhost ~]# yum install -y httpd-tools ##因为没有htpasswd工具,所以需要安装##
[root@localhost ~]# htpasswd -c /usr/local/nginx/.passwd.db test
New password:
Re-type new password:
Adding password for user test
root@localhost ~]# cat /usr/local/nginx/.passwd.db
test:$apr1$x.UaSXIM$RRLa2KJcKwsGBVsikGcrR/
●修改主配置文件对相应目录,添加认证配置项
[root@localhost ~]# chmod 400 /usr/local/nginx/.passwd.db
[root@localhost ~]# chown nginx /usr/local/nginx/.passwd.db
[root@localhost ~]# ll -d /usr/local/nginx/.passwd.db
-r------- 1 nginx root43 5月16 22:26
/usr/local/nginx/.passwd.db
●重启服务,访问测试
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
server {
location / {
auth_basic "secret";
auth_basic_user_file /usr/local/nginx/.passwd.db;
}
[root@localhost ~]# killall -s HUP nginx
■在windows系统的浏览器中输入20.0.0.11,提示输入账户密码
2.2 基于客户端的访问控制
■通过客户端IP地址,决定是否允许对页面访问
■配置规则
●deny IP/IP段:拒绝某个IP或IP段的客户端访问
●allow IP/IP段:允许某个IP或IP段的客户端访问
■规则从上往下执行,如匹配则停止,不再往下匹配
■配置步骤
●修改主配置文件nginx.conf,添加相应配置项
●除主机20.0.0.1之外允许其他客户端访问
[root@localhost ~]# vi /usr/local/nginx/conf/nginx.conf
location / {
Order deny,allow;
Deny from 20.0.0.1;
}
[root@localhost ~]# killall -s HUP nginx
2.3 基于域名的虚拟Web主机
[root@localhost ~]# mkdir -p /var/www/html/51xit/
[root@localhost ~]# mkdir -p /var/www/html/52xit/
[root@localhost ~]# echo "www.51xit.top" >> /var/www/html/51xit/index.html
[root@localhost ~]# echo "www.52xit.top" >> /var/www/html/52xit/index.html
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
server {
listen 80;
server_name www.51xit.top;
charset utf-8;
access_log logs/www.51xit.top.access.log;
location / {
root /var/www/html/51xit;
index index.html index.htm;
}
location /status {
stub_status on;
access_log off;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
server {
listen 80;
server_name www.52xit.top;
charset utf-8;
access_log logs/www.52xit.top.access.log;
location / {
root /var/www/html/52xit;
index index.html index.htm;
}
location /status {
stub_status on;
access_log off;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
[root@localhost ~]# killall -s HUP nginx
2.4 基于端口的虚拟web主机
##修改配置文件##
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
server {
listen 20.0.0.11:6666;
server name 20.0.0.11:6666;
......}
server {
listen 20.0.0.11:8888;
server name 20.0.0.11:8888;
......}
[root@localhost ~]# killall -s HUP nginx
2.5 基于IP的虚拟web主机
##在此之前,需要在虚拟机里再添加一块网卡,这里采用vmnet1网段192.168.100.0,具体步骤省略##
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
server {
listen 20.0.0.11:80;
server name 20.0.0.11:80;
....}
server {
listen 192.168.100.10:80;
server name 192.168.100.10:80;
....}
[root@localhost ~]# killall -s HUP nginx