NGINX
Nginx 简介
是俄罗斯人编写的十分轻量级的HTPP服务器
是一个高性能的HTTP和反向代理服务器,同时也是一个IMAP/POP3/SMTP代理服务器
官方网站:http://nginx.org
安装与升级
准备源码包nginx-1.16.1.tar.gz
yum -y install gcc make openssl-devel pcre-devel \
mariadb mariadb-devel mariadb-server
php php-mysql php-fpm
源码安装nginx
tar -xf nginx-1.16.1.tar.gz
cd nginx-1.16.1
useradd nginx
./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-
http_ssl_module
make && make install
启动程序:/usr/loca/nginx /sbin/nginx
热升级
1.16–1.17
tar -xf nginx-1.17.6.tar.gz
cd nginx-1.17.6
./configure --with-http_ssl_module
make
mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.old
cp objs/nginx /usr/local/nginx/sbin/
make upgrade或 killall
启动程序: /usr/local/nginx/sbin/nginx
配置文件目录
/usr/local/nginx/ ##安装目录
conf/nginx.conf ##主配置文件
html ##网页目录
logs ##日志文件
sbin/nginx ##启动脚本
进程管理
启动:/usr/local/nginx/sbin/nginx
-V:查看编译参数
-c:指定配置文件,启动服务
-t:测试配置文件语法是否有错误
端口:
ps aux | grep nginx
ss -antulp | grep nginx
用户认证配置
vim /usr/local/nginx/conf/nginx.conf
server {
listen 80;
server_name localhost;
auth_basic "username && password:";
auth_basic_user_file /usr/local/nginx/pass;
location / {
root html;
index index.html index.htm;
}
}
:wq
###登录需要认证
yum -y install httpd-tools
htpasswd -c /usr/local/nginx/pass admin
htpasswd /usr/local/nginx/pass user1
/usr/local/nginx/sbin/nginx -s reload
基于域名的虚拟机配置
vim /usr/local/nginx/conf/nginx.conf
server {
listen 80;
server_name web1.tedu.cn;
auth_basic "username && password:";
auth_basic_user_file /usr/local/nginx/pass;
location / {
root html;
index index.html index.htm;
}
}
server {
listen 80;
server_name web2.zx.cn;
location / {
root web;
index index.html index.htm;
}
}
:wq
mkdir /usr/local/nginx/web
echo web2 > /usr/local/nginx/web/index.html
/usr/local/nginx/sbin/nginx -s reload
http加密配置
1)常见密钥算法
对称加密:AES、DES
非对称加密:RSA、DSA
2)生成密钥
SSL 加密网站的核心技术是非对称生成密钥
公钥、私钥、证书
cd /usr/local/nginx/conf
openssl genrsa > cert.key ##生成私钥
openssl req -new -x509 -key cert.key > cert.pem ##生成证书(公钥)根据提示分别输入:国家、省份、城市、公司名称、部门名称、你的名字或服务器名字、邮箱
req:申请
-new:新建证书
-x509:证书格式
-key:指定私钥,利用私钥生成公钥
3)部署SSL加密网站
vim /usr/local/nginx/conf/nginx.conf
server {
listen 443 ssl;
server_name web3.zx.cn;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
/usr/local/nginx/sbin/nginx -s reload
地址重写配置
1)什么是地址重写:
获得一个来访的URL请求,然后改写成服务器可以处理的另一个URL
语法格式:rewite regex replacement [flag]
2)应用案例:
案例1:当访问web1.zx.cn/a.html 时跳转到 web1.zx.cn/b.html
server {
listen 80;
server_name web1.zx.cn;
rewrite "/a.html" /b.html;
......
案例2:当访问web1.tedu.cn 时跳转到 www.zx.cn
server {
listen 80;
server_name web1.zx.cn;
rewrite ^/ http://www.zx.cn;
......
案例3:当访问web1.zx.cn/任意 时跳转到 www.zx.cn/任意
server {
listen 80;
server_name web1.zx.cn;
rewrite ^/(.*)$ http://www.zx.cn/$1;
LNMP动态网站
部署:
安装Nginx
yum -y install gcc pcre-devel openssl-devel
tar -xf nginx-1.17.6.tar.gz
cd nginx-1.17.6
./configure --with-http_ssl_module
make && make install
安装mariadb
yum -y install mariadb-server mariadb mariadb-devel
安装PHP
yum -y install php php-fpm php-mysql
启动服务
/usr/local/nginx/sbin/nginx
systemctl restart mariadb
systemctl restart php-fpm
ss -antulp | grep -E ":80|:3306|:9000"
配置动静分离
vim /usr/local/nginx/conf/nginx.conf
localtion / {
root html;
index index.php index.html index.htm;
}
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
#fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi.conf;
}
vim /usr/local/nginx/html/test.php
<?php
$i=33;
echo $i;
?>
客户端访问测试:访问 web1.zx.cn/test.php
cp /root/lnmp_soft/php_scripts/mysql.php /usr/local/nginx/html/
客户端访问测试:访问 web1.zx.cn/mysql.php
WordPress案例
1)WrodPress简介
是一款用PHP语言开发的博客平台,可以支持再PHP和MySQL数据库的服务器上架设属于自己的网站
WordPress 功能强大、插件众多、主题丰富
官方网址:https://wordpress.org
2)上线WordPress
创建数据库,添加数据库账户并赋权
mysql
create database wordpress character set utf8mb4;
grant all on wordpress.* to wordpress@'localhost' identified by 'wordpress';
flush privlieges;
exit
上线wordpress代码
yum -y install unzip
cd /root/lnmp_soft
unzip wordpress.zip
cd wordpress
tar -xf wordpress-5.0.3-zh_CN.tar.gz
cp -r wordpress/* /usr/local/nginx/html
chown -R apache:apache /usr/local/nginx/html/
iptables -F
setenforce 0
客户端浏览器访问测试,进行初始化界面:web1.zx.cn
nginx的方向代理
配置 upstream 集群池属性
weight:设置服务器权重值,默认值为1
max_fails:设置最大失败次数
fail_timeout:设置失败超时时间,单位为秒
down:标记服务器已关机,不参与集群调度
vim /usr/local/nginx/conf/nginx.conf
http {
upstream servers {
server 192.168.2.100:80 weight=2 max_fails=1 fail_timeout=20;
server 192.168.2.200:80;
}
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://servers;
root html
index index.html index.htm;
}
}
}
:wq
访问测试:
http://192.168.4.5/test.php
ip_hash ,相同客户端访问相同服务器
vim /usr/local/nginx/conf/nginx.conf
http {
upstream servers {
ip_hash;
server 192.168.2.100:80 weight=2 max_fails=1 fail_timeout=20;
server 192.168.2.200:80;
}
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://servers;
root html
index index.html index.htm;
}
}
}
:wq
nginx实现四层代理
安装 stream 模块(proxy上操作)
/usr/local/nginx/sbin/nginx -s stop
rm -rf /usr/local/nginx
yum -y install gcc pcre-devel openssl-devel
tar -xf nginx-1.17.6.tar.gz
cd nginx-1.17.6
./configure --with-http_ssl_module --with-stream
make && make install
修改Nginx配置,实现ssh四层代理
vim /usr/local/nginx/conf/nginx.conf
stream {
upstream backend {
server 192.168.2.100:22;
server 192.168.2.200:22;
}
server {
listen 12345;
proxy_pass backend;
}
}
http {
... ...
}
:wq
/usr/local/nginx/sbin/nginx
iptables -F
setenforce 0