目录
一、Nginx编译安装脚本
适用于ubuntu的Nginx编译安装脚本
#!/bin/bash
version=1.22.1
dir=/root
azdir=/home/app/nginx
user=nginx
cd $dir
wget https://nginx.org/download/nginx-$version.tar.gz
groupadd -g 88 $user
useradd -M -u 88 -g 88 -s /bin/bash $user
mkdir -p $azdir
tar xf nginx-$version.tar.gz
apt update && apt -y install gcc make libpcre3 libpcre2-dev openssl libssl-dev zlib1g-dev zlib1g
cd $dir/nginx-$version/
./configure --prefix=$azdir --user=$user --group=$user --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module
make -j2 && make install
ln -s $azdir/sbin/nginx /usr/sbin
touch /lib/systemd/system/nginx.service
cat > /lib/systemd/system/nginx.service <<EOF
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/home/app/nginx/logs/nginx.pid
ExecStartPre=/bin/rm -f /home/app/nginx/logs/nginx.pid
ExecStartPre=/home/app/nginx/sbin/nginx -t
ExecStart=/home/app/nginx/sbin/nginx
ExecReload=/bin/kill -s HUP \$MAINPID
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
PrivateTmp=true
LimitNOFILE=100000
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable --now nginx
二、Nginx平滑升级总结
#备份旧版Nginx
root@ubuntu-test:~# nginx -v #查看Nginx版本
nginx version: nginx/1.22.1
root@ubuntu-test:~# nginx -V #查看Nginx编译选项
nginx version: nginx/1.22.1
built by gcc 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.2)
built with OpenSSL 1.1.1f 31 Mar 2020
TLS SNI support enabled
configure arguments: --prefix=/home/app/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_moduleroot@ubuntu-test:~# wget http://nginx.org/download/nginx-1.24.0.tar.gz #下载软件包
root@ubuntu-test:~# tar xvf nginx-1.24.0.tar.gz
root@ubuntu-test:~# cp -a /home/app/nginx/sbin/nginx /opt/nginx.old #备份旧版本 root@ubuntu-test:~# dd if=/dev/zero of=/home/app/nginx/html/test.img bs=1M count=10
root@ubuntu-test2:~# wget --limit-rate=10K http://10.0.0.161/test.img #模拟用户访问
#编译新版安装包
root@ubuntu-test:~# cd nginx-1.24.0/
root@ubuntu-test:~/nginx-1.24.0# ./configure --prefix=/home/app/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module
root@ubuntu-test:~/nginx-1.24.0# make -j2
root@ubuntu-test:~/nginx-1.24.0# objs/nginx -v #查看编译是否成功
nginx version: nginx/1.24.0#关闭旧版worker进程
root@ubuntu-test:~/nginx-1.24.0# cp -f ./objs/nginx /home/app/nginx/sbin/ #替换原Nginx文件
root@ubuntu-test:~/nginx-1.24.0# /home/app/nginx/sbin/nginx -t
nginx: the configuration file /home/app/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /home/app/nginx/conf/nginx.conf test is successful
root@ubuntu-test:~/nginx-1.24.0# ps auxf|grep nginx #此时只有旧Nginx启动
root 115943 0.0 0.0 6300 660 pts/0 S+ 17:38 0:00 | \_ grep --color=auto nginx
root 62726 0.0 0.0 8732 820 ? Ss Jul01 0:00 nginx: master process /home/app/nginx/sbin/nginx
nginx 62727 0.0 0.1 9424 3580 ? S Jul01 0:00 \_ nginx: worker process
root@ubuntu-test:~/nginx-1.24.0# kill -USR2 `cat /home/app/nginx/logs/nginx.pid` #发送信号启动新版Nginx
root@ubuntu-test:~/nginx-1.24.0# ps auxf|grep nginx #此时新旧Nginx同时启动但是只有旧版提供服务
root 116003 0.0 0.0 6300 656 pts/0 S+ 17:40 0:00 | \_ grep --color=auto nginx
root 62726 0.0 0.0 8732 820 ? Ss Jul01 0:00 nginx: master process /home/app/nginx/sbin/nginx
nginx 62727 0.0 0.2 9424 4392 ? S Jul01 0:00 \_ nginx: worker process
root 115994 0.0 0.3 8728 6076 ? S 17:40 0:00 \_ nginx: master process /home/app/nginx/sbin/nginx
nginx 115995 0.0 0.1 9336 3556 ? S 17:40 0:00 \_ nginx: worker process
root@ubuntu-test:~/nginx-1.24.0# curl -I 10.0.0.161
HTTP/1.1 200 OK
Server: nginx/1.22.1#关闭旧版主进程
root@ubuntu-test:~/nginx-1.24.0# kill -QUIT `cat /home/app/nginx/logs/nginx.pid.oldbin` #发送信号关闭旧版Nginx进程,运行中的worker子进程会在请求完成后自动关闭
root@ubuntu-test:~/nginx-1.24.0# curl -I 10.0.0.161
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Tue, 02 Jul 2024 09:41:56 GMTroot@ubuntu-test:~/nginx-1.24.0# ps auxf|grep nginx
root 116042 0.0 0.0 6300 724 pts/0 S+ 17:42 0:00 | \_ grep --color=auto nginx
root 62726 0.0 0.1 8732 2268 ? Ss Jul01 0:00 nginx: master process /home/app/nginx/sbin/nginx
nginx 62727 0.0 0.2 9424 4392 ? S Jul01 0:00 \_ nginx: worker process is shutting down
root 115994 0.0 0.3 8728 6076 ? S 17:40 0:00 \_ nginx: master process /home/app/nginx/sbin/nginx
nginx 115995 0.0 0.1 9336 3556 ? S 17:40 0:00 \_ nginx: worker process#待ubuntu-test2下载完成后,查询旧Nginx的worker进程已自动退出
root@ubuntu-test:~/nginx-1.24.0# ps auxf|grep nginx
root 116074 0.0 0.0 6300 660 pts/0 S+ 17:43 0:00 | \_ grep --color=auto nginx
root 115994 0.0 0.3 8728 6076 ? S 17:40 0:00 nginx: master process /home/app/nginx/sbin/nginx
nginx 115995 0.0 0.1 9336 3556 ? S 17:40 0:00 \_ nginx: worker process
三、Nginx配置总结并实现多虚拟主机
3.1,配置优化总结
root@ubuntu-test:/home/app/nginx/conf# vim nginx.conf
worker_processes auto; #工作进程数量,配置为与CPU核数相同
worker_cpu_affinity auto; #工作进程绑定CPU核心,性能更佳
events {
worker_connections 65535; #提高单个进程最大并发
accept_mutex on; #工作进程轮流接受请求,避免多余睡眠进程被唤醒
multi_accept on; #使每个工作进程可同时接受多个新的网络连接
}http {
include mime.types;
default_type application/octet-stream;sendfile on;
keepalive_timeout 65;server {
listen 80;
server_name localhost;location / {
root html;
index index.html index.htm;
}
location = /50x.html {
root html;}
}
include ./conf.d/*.conf; #设定子配置文件路径}
root@ubuntu-test:/home/app/nginx/conf# mkdir conf.d
root@ubuntu-test:/home/app/nginx/conf# systemctl reload nginxroot@ubuntu-test:/home/app/nginx/conf# nginx -t
nginx: the configuration file /home/app/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /home/app/nginx/conf/nginx.conf test is successful
3.2,多虚拟主机实现
#创建Nginx子配置实现多主机
root@ubuntu-test:# mkdir -p /home/app/nginx/html/{1a,2b,3c}
root@ubuntu-test:# touch /home/app/nginx/html/{1a,2b,3c}/index.html
root@ubuntu-test:#echo www.wlm.com > /home/app/nginx/html/1a/index.html
root@ubuntu-test:#echo www.wlm.org > /home/app/nginx/html/2b/index.html
root@ubuntu-test:#echo www.wlm.net > /home/app/nginx/html/3c/index.html
root@ubuntu-test:#cd /home/app/nginx/conf/conf.d
root@ubuntu-test:/home/app/nginx/conf/conf.d# vim 1a.conf
server
{
listen 80;
server_name www.wlm.com;
root /home/app/nginx/html/1a;
}
root@ubuntu-test:/home/app/nginx/conf/conf.d# vim 2b.confserver
{
listen 80;
server_name www.wlm.org;
root /home/app/nginx/html/2b;
}
root@ubuntu-test:/home/app/nginx/conf/conf.d# vim 3c.confserver
{
listen 80;
server_name www.wlm.net;
root /home/app/nginx/html/3c;
}
root@ubuntu-test:/home/app/nginx/conf/conf.d# systemctl reload nginx.service
root@ubuntu-test:/home/app/nginx/conf/conf.d# nginx -t#测试多主机配置
root@ubuntu-test2:~# vim /etc/hosts
10.0.0.161 www.wlm.com www.wlm.org www.wlm.net
root@ubuntu-test2:~# curl http://www.wlm.com
www.wlm.com
root@ubuntu-test2:~# curl http://www.wlm.org
www.wlm.org
root@ubuntu-test2:~# curl http://www.wlm.net
www.wlm.net#Nginx配置进阶配置
#实例一:实现错误搜索信息返回
buntu-test2:~# curl http://www.wlm.com/xxxx.html #用户访问网址错误时无明确提示
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.24.0</center>
</body>
</html>root@ubuntu-test:/home/app/nginx/conf/conf.d# mkdir /home/app/nginx/html/1a/about
root@ubuntu-test:/home/app/nginx/conf/conf.d# echo hello > /home/app/nginx/html/1a/about/a.text
root@ubuntu-test:/home/app/nginx/conf/conf.d# echo world > /home/app/nginx/html/2b/about.htmlroot@ubuntu-test:/home/app/nginx/conf/conf.d# vim 1a.conf
server
{
listen 80;
server_name www.wlm.com;
location / {
root /home/app/nginx/html/1a;
}location /about { #使用root定义时,访问地址为/home/
root /home/app/nginx/html/1a; #app/nginx/html/1a/about/
}error_page 404 @aaa; #定义错误页面返回结果
location @aaa {
default_type text/html;
charset utf8;
return 200 'search page is not exit\n';
}}
root@ubuntu-test:/home/app/nginx/conf/conf.d# vim 2b.conf
server
{
listen 80;
server_name www.wlm.org;
location /
{
root /home/app/nginx/html/2b;
}
location /about
{ #使用alias定义时,定义地址
alias /home/app/nginx/html/2b/about.html; #即访问地址
}
}root@ubuntu-test:/home/app/nginx/conf/conf.d# systemctl reload nginx.service
root@ubuntu-test:/home/app/nginx/conf/conf.d# nginx -t
#实例一测试
root@ubuntu-test2:~# curl http://www.wlm.com/xxxxx.html
search page is not exit
root@ubuntu-test2:~# curl http://www.wlm.com/about/a.html
hello
root@ubuntu-test2:~# curl http://www.wlm.org/about
world#实例二:安全加固--网络权限控制+账户认证
root@ubuntu-test:~# vim /etc/hosts
10.0.0.161 www.wlm.net
root@ubuntu-test:~# curl http://www.wlm.net
www.wlm.netroot@ubuntu-test:~# vim /home/app/nginx/conf/conf.d/3c.conf
server
{
listen 80;
server_name www.wlm.net;
location / {
root /home/app/nginx/html/3c;
allow 10.0.0.162; #网络权限控制,小范围在前
deny all;
auth_basic "login password"; #配置账号登录模块
auth_basic_user_file /home/app/nginx/conf/.htpasswd;
}
}
root@ubuntu-test:~# htpasswd -bc /home/app/nginx/conf/.htpasswd user1 123456 #创建密码存储文件,选项b为添加密码,c为初次创建新文件
Adding password for user user1
root@ubuntu-test:~# cat /home/app/nginx/conf/.htpasswd
user1:$apr1$G0T6xlfC$5B/E1A.HNIP5va.eRK8me1
root@ubuntu-test:~# chown nginx.nginx /home/app/nginx/conf/.htpasswd
root@ubuntu-test:~# chmod 600 /home/app/nginx/conf/.htpasswd
root@ubuntu-test:~# systemctl reload nginx.service
root@ubuntu-test:~# nginx -t#实例二测试
root@ubuntu-test:~# curl http://www.wlm.net/ -u user1:123456 #10.0.0.161无法访问
3<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.24.0</center>
</body>
</html>root@ubuntu-test2:~# curl http://www.wlm.net/
<html>
<head><title>401 Authorization Required</title></head>
<body>
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.24.0</center>
</body>
</html>root@ubuntu-test2:~# curl http://www.wlm.net/ -u user1:123456
www.wlm.net#实例三:实现下载服务器,限速1M/s
root@ubuntu-test:~# mkdir /home/app/nginx/html/1a/download
root@ubuntu-test:~# vim /home/app/nginx/conf/conf.d/1a.confserver
{
listen 80;
server_name www.wlm.com;
location / {
root /home/app/nginx/html/1a;
}location /about {
root /home/app/nginx/html/1a;
}location /download {
autoindex on; #开启自动索引
autoindex_exact_size off; #不计算文件确切大小
autoindex_localtime on; #显示本机时间
charset utf8; #指定字符集
limit_rate 1024K; #限速1024K
root /home/app/nginx/html/1a;
}
error_page 404 @aaa;
location @aaa {
default_type text/html;
charset utf8;
return 200 'search page is not exit\n';
}}
root@ubuntu-test:~# systemctl reload nginx.service
root@ubuntu-test:~# nginx -t
root@ubuntu-test:~# dd if=/dev/zero of=/home/app/nginx/html/1a/download/a.text bs=1M count=1#实例二测试
root@ubuntu-test2:~# wget http://www.wlm.com/download/a.text
--2024-07-08 16:07:37-- http://www.wlm.com/download/a.text
Resolving www.wlm.com (www.wlm.com)... 10.0.0.161
Connecting to www.wlm.com (www.wlm.com)|10.0.0.161|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1048576 (1.0M) [application/octet-stream]
Saving to: ‘a.text’a.text 100%[=================================================>] 1.00M 1.05MB/s in 1.0s
2024-07-08 16:07:38 (1.05 MB/s) - ‘a.text’ saved [1048576/1048576]
四、Nginx日志格式定制
4.1,自定义错误日志
root@ubuntu-test:~# vim /home/app/nginx/conf/conf.d/3c.conf
server
{
listen 80;
server_name www.wlm.net;
location / {
root /home/app/nginx/html/3c;
}
error_log /home/app/nginx/logs/wlm.net_error.log;
location /login {
error_log /dev/null;
}
}
root@ubuntu-test:~# systemctl reload nginx.service
root@ubuntu-test:~# nginx -t
root@ubuntu-test:~# ls /home/app/nginx/logs/
access.log error.log nginx.pid wlm.net_error.log
4.2,自定义访问日志
root@ubuntu-test:~# vim /home/app/nginx/conf/conf.d/3c.conf
log_format main ' $remote_addr - $remote_user [$time_local] "$request" '
'"$http_user_agent" "$http_x_forwarded_for"'
'$server_name:$server_port';
server
{
listen 80;
server_name www.wlm.net;
location / {
root /home/app/nginx/html/3c;
}
access_log /home/app/nginx/logs/net_access.log main;
}
root@ubuntu-test:~# systemctl reload nginx.service
root@ubuntu-test:~# nginx -troot@ubuntu-test:~# tail -f /home/app/nginx/logs/net_access.log
10.0.0.162 - - [08/Jul/2024:17:46:49 +0800] "GET / HTTP/1.1" "curl/7.68.0" "-" www.wlm.net:80
五、Nginx反向代理和HTTPS安全加密总结
5.1,HTTPS安全加密
WEB网站的登录页面通常都会使用HTTPS加密传输的,以免敏感信息被第三方获取;HTTPS由两部分组成:HTTP + SSL / TLS,也就是在HTTP上加一层处理加密信息的模块。服务端和客户端的信息传输都会通过TLS进行加密,所以传输的数据都是加密后的数据
#证书配置
root@ubuntu-test:~# cd /home/app/nginx/
root@ubuntu-test:/home/app/nginx# mkdir certs
root@ubuntu-test:/home/app/nginx# cd certs/
root@ubuntu-test:/home/app/nginx/certs# openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 3650 -out ca.crt #建立CA证书
root@ubuntu-test:/home/app/nginx/certs# ls
ca.crt ca.keyroot@ubuntu-test:/home/app/nginx/certs# openssl req -newkey rsa:4096 -nodes -sha256 -keyout www.wlm.com.key -out www.wlm.com.csr #为com网站创建私钥
root@ubuntu-test:/home/app/nginx/certs# openssl x509 -req -days 365 -in www.wlm.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out www.wlm.com.crt #为com网站签发证书
root@ubuntu-test:/home/app/nginx/certs# cat www.wlm.com.crt ca.crt > www.wlm.com.pem #生成PEM文件,服务器证书在前,ca证书在后#配置HTTPS
root@ubuntu-test:~# vim /home/app/nginx/conf/conf.d/1a.conf
server
{
listen 80;
listen 443 ssl http2;
server_name www.wlm.com;
location / {
root /home/app/nginx/html/1a;
}location /about {
root /home/app/nginx/html/1a;
}
ssl_certificate /home/app/nginx/certs/www.wlm.com.pem;
ssl_certificate_key /home/app/nginx/certs/www.wlm.com.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
error_page 404 @aaa;
location @aaa {
default_type text/html;
charset utf8;
return 200 'search page is not exit\n';
}}
root@ubuntu-test:~# systemctl reload nginx.service
root@ubuntu-test2:~# curl www.wlm.com:80
www.wlm.com
root@ubuntu-test2:~# curl -k https://www.wlm.com #需要加k选项跳过安全提示(根证书下无ubuntu-test创建的自签名证书)
www.wlm.com#实现http跳转https
root@ubuntu-test:~# vim /home/app/nginx/conf/conf.d/1a.conf
server
{
listen 80;
listen 443 ssl http2;
server_name www.wlm.com;
location / {
root /home/app/nginx/html/1a;
}location /about {
root /home/app/nginx/html/1a;
}
ssl_certificate /home/app/nginx/certs/www.wlm.com.pem;
ssl_certificate_key /home/app/nginx/certs/www.wlm.com.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
if ( $scheme = http ) {
rewrite ^(.*) https://$server_name/$1 redirect;
}
error_page 404 @aaa;
location @aaa {
default_type text/html;
charset utf8;
return 200 'search page is not exit\n';
}}
root@ubuntu-test:~# systemctl reload nginx.service
root@ubuntu-test2:~# curl http://www.wlm.com
<html>
<head><title>302 Found</title></head>
<body>
<center><h1>302 Found</h1></center>
<hr><center>nginx/1.24.0</center>
</body>
</html>root@ubuntu-test2:~# curl -kL http://www.wlm.com
www.wlm.com#实现错误URL返回至首页
root@ubuntu-test:~# vim /home/app/nginx/conf/conf.d/1a.conf
server
{
listen 80;
listen 443 ssl http2;
server_name www.wlm.com;
location / {
root /home/app/nginx/html/1a;
}location /about {
root /home/app/nginx/html/1a;
}
ssl_certificate /home/app/nginx/certs/www.wlm.com.pem;
ssl_certificate_key /home/app/nginx/certs/www.wlm.com.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
if ( $scheme = http ) {
rewrite ^(.*) https://$server_name/$1 redirect;
}
if ( !-e $request_filename ) {
rewrite ^(.*) https://$server_name/index.html;
}
}
root@ubuntu-test:~# systemctl reload nginx.serviceroot@ubuntu-test2:~# curl -kL http://www.wlm.com/xxxxx.html
www.wlm.com
#实现网站维护跳转
root@ubuntu-test:~# vim /home/app/nginx/conf/conf.d/1a.conf
server
{
listen 80;
listen 443 ssl http2;
..................................
set $ip 0;
if ( $remote_addr = 10.0.0.161 ) {
set $ip 1;
}
if ( $ip = 0 ) {
rewrite ^(.*) /maintain.html break;
}
}root@ubuntu-test:~# systemctl reload nginx.service
root@ubuntu-test:~# echo "the web site is maintaining" > /home/app/nginx/html/1a/maintain.html
root@ubuntu-test:~# curl -kL https://www.wlm.com #指定IP可正常访问
www.wlm.com
root@ubuntu-test2:~# curl -kL https://www.wlm.com #非指定IP自动跳转指定页面
the web site is maintaining
兴趣实验--Nginx盗链与防盗链
#准备盗链页面
root@ubuntu-test:~# ls /home/app/nginx/html/1a/image #准备本地图片并上传
daolian.jpgroot@ubuntu-test:~# vim /home/app/nginx/conf/conf.d/1a.conf
server
{
listen 80;
server_name www.wlm.com;
location / {
root /home/app/nginx/html/1a;
}location /about {
root /home/app/nginx/html/1a;
}access_log /home/app/nginx/logs/wlm.com_access.log;
}
}root@ubuntu-test:~# systemctl reload nginx.service
root@ubuntu-test:~# vim /home/app/nginx/html/1a/index.html
www.wlm.com
#实现盗链
root@ubuntu-test2:~# apt update && apt -y install nginx #下载安装Nginx
root@ubuntu-test2:~# vim /etc/nginx/conf.d/gov.conf
server {
listen 80;
root /var/www/html;
}root@ubuntu-test2:~# vim /var/www/html/index.nginx-debian.html
<html>
<head>
<meta http-equiv=Content-Type content="text/html;charset=utf-8">
<title>盗链</title>
</head>
<body>
<img src="http://www.wlm.com/daolian.jpg" >
</body>
</html>root@ubuntu-test:~# tail -f /home/app/nginx/logs/wlm.com_access.log #当刷新www.wlm.gov页面时可以在被盗链的服务器看到盗取者
10.0.0.1 - - [15/Jul/2024:16:21:18 +0800] "GET /daolian.jpg HTTP/1.1" 200 54246 "http://www.wlm.gov/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36"
#实现防盗链
root@ubuntu-test:~# vim /home/app/nginx/conf/conf.d/1a.conf
server
{
listen 80;
server_name www.wlm.com;
location / {
root /home/app/nginx/html/1a;
}location /about {
root /home/app/nginx/html/1a;
}access_log /home/app/nginx/logs/wlm.com_access.log;
valid_referers none blocked server_names *.wlm.com ~\.google\. ~\.baidu\. ~\.bing\. ~\.so\. ~\.sogou\. ;
if ( $invalid_referer ) {
return 403 "forbidden access";
}
}root@ubuntu-test:~# systemctl reload nginx.service
5.2,Nginx反向代理
正向代理:客户端访问服务器,是为了实现缓存,科学上网,访问控制等功能
反向代理:服务器端将客户的请求分发给内部的服务器
同构代理:客户端访问代理服务器的协议与代理服务器访问后端服务器协议相同
异构代理:客户端访问代理服务器的协议与代理服务器访问后端服务器协议不同
| 四层代理与七层代理区别 | ||
| 工作层 | 四层代理(LVS,Nginx) | 七层代理(Nginx) |
| 监听端口 | 不监听端口,仅转发 | 监听端口 |
| 后端服务器地址 | 可以看到后端地址 | 不可以看到后端地址 |
| TCP三次握手 | 不参与TCP连接 | 代替后端服务器和客户端建立连接 |
#Nginx反向代理
root@ubuntu-test:~# vim /home/app/nginx/conf/conf.d/1a.conf
server
{
listen 80;
server_name www.wlm.com;
location / { #当访问www.wlm.com时会自动跳转至
proxy_pass http://10.0.0.162/; #设置的目标地址
proxy_set_header Host $http_host;
proxy_connect_timeout 10s;
}
access_log /home/app/nginx/logs/wlm.com_access.log;
}
root@ubuntu-test:~# systemctl reload nginx.service
root@ubuntu-test2:~# echo 10.0.0.162 > /var/www/html/index.nginx-debian.html #修改目标主机的html页面root@ubuntu-test:~# curl http://www.wlm.com #单台代理跳转成功
10.0.0.162#Nginx缓存配置
root@ubuntu-test:~# vim /home/app/nginx/conf/nginx.conf
http {
include mime.types;
default_type application/octet-stream;
proxy_cache_path /home/app/nginx/proxycache levels=1:1:1 keys_zone=proxycache:20m inactive=120s max_size=1g;.......
}
root@ubuntu-test:~# vim /home/app/nginx/conf/conf.d/1a.conf
server
{
listen 80;
server_name www.wlm.com;
location / {
root /home/app/nginx/html/1a;
}
location /static {
proxy_pass http://10.0.0.162/;
proxy_set_header Host $http_host;
proxy_connect_timeout 10s;
proxy_cache proxycache;
proxy_cache_key $request_uri;
proxy_cache_valid 200 301 302 10m;
proxy_cache_valid any 5m;
}
access_log /home/app/nginx/logs/wlm.com_access.log;
}root@ubuntu-test:~# systemctl reload nginx.service
root@ubuntu-test:~# ll -d /home/app/nginx/proxycache/ #配置成功后会自动生成目录
drwx------ 2 nginx root 4096 Jul 18 17:15 /home/app/nginx/proxycache//
root@ubuntu-test:~# tree /home/app/nginx/proxycache/
/home/app/nginx/proxycache/0 directories, 0 files
#Nginx缓存验证
root@ubuntu-test2:~# curl http://www.wlm.com
www.wlm.com
root@ubuntu-test2:~# curl http://www.wlm.com/static
10.0.0.162root@ubuntu-test:/home/app/nginx# tree proxycache/
proxycache/
└── 9
└── f
└── c
└── 7e2b55c4c38e99561caa378268f87cf93 directories, 1 file
#Nginx反向代理客户端IP透传
root@ubuntu-test:~# vim /home/app/nginx/conf/conf.d/1a.conf #前端代理Nginx配置
server
{
listen 80;
server_name www.wlm.com;
location / {
root /home/app/nginx/html/1a;
}
location /static {
proxy_pass http://10.0.0.162/;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}}
root@ubuntu-test2:~# vim /etc/nginx/nginx.conf #后端Nginx配置
http {
.....
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';access_log /var/log/nginx/access.log main;
.....
}
root@ubuntu-test2:~# systemctl reload nginx.service
#在10.0.0.1的客户端访问时,查看日志可以看出客户端IP和代理IP(10.0.0.161)
root@ubuntu-test2:~# tail -f /var/log/nginx/access.log
10.0.0.161 - - [22/Jul/2024:14:42:07 +0800] "GET / HTTP/1.0" 200 11 "-" "curl/8.4.0" "10.0.0.1"
六、LNAP实例
利用LNMP实现phpmyadmin会话保持
#利用脚本为三台ubuntu机器安装Nginx服务
#安装数据库
[root@Rocky-test1 ~]# yum -y install mysql-server
[root@Rocky-test1 ~]# systemctl enable --now mysqld.service
[root@Rocky-test1 ~]# mysql
(root@localhost)[(none)]>create user phpadmin@'10.0.0.%' identified with mysql_native_password by 'php@123';
(root@localhost)[(none)]>grant all on *.* to phpadmin@'10.0.0.%';
Query OK, 0 rows affected (0.01 sec)#利用包安装Redis服务
[root@Rocky-test2 ~]# yum -y install redis
[root@Rocky-test2 ~]# vim /etc/redis.conf #修改配置使redis服务可远程使用
#bind 127.0.0.1
bind 0.0.0.0
[root@Rocky-test2 ~]# systemctl enable --now redis.service#配置ubuntu-test2的Nginx服务
root@ubuntu-test2:~# mkdir /home/www
root@ubuntu-test2:/home# vim /home/app/nginx/conf/nginx.conf
.......
include ./conf.d/*.conf;
server {
listen 80;........
root@ubuntu-test2:~# vim /home/app/nginx/conf/conf.d/wlm.conf
server{
listen 80;
server_name www.wlm.com;
index index.php;
location / {
root /home/www;
}
client_max_body_size 20m;
location ~ \.php$|/ping|/php_status {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
root@ubuntu-test2:~# vim /home/www/test.php #PHP服务测试页面<?php
phpinfo()
?>
root@ubuntu-test2:~# systemctl reload nginx.service#安装并配置ubuntu-test2的php服务
root@ubuntu-test2:~# apt update &&apt -y install php-fpm
root@ubuntu-test2:~# apt -y install php-mysql php-json php-redis php-mbstringroot@ubuntu-test2:~# vim /etc/php/8.1/fpm/php.ini
upload_max_filesize = 100M
post_max_size = 100M
date.timezone = Asia/Shanghai
root@ubuntu-test2:~# vim /etc/php/8.1/fpm/pool.d/www.conf
user = nginx
group = nginx
listen = 127.0.0.1:9000
listen.owner = nginx
listen.group = nginx
pm.status_path = /status
ping.path = /ping
php_value[session.save_handler] = redis
php_value[session.save_path] = "tcp://10.0.0.152:6379"
root@ubuntu-test2:~# systemctl restart php8.1-fpm.service#安装phpmyadmin
root@ubuntu-test2:~# unzip phpMyAdmin-5.2.1-all-languages.zip
root@ubuntu-test2:~# mv ./phpMyAdmin-5.2.1-all-languages/* /home/www/
root@ubuntu-test2:~# cp /home/www/config.sample.inc.php conf.inc.php -a
root@ubuntu-test2:~# vim /home/www/conf.inc.php
$cfg['Servers'][$i]['host'] = '10.0.0.151'; #修改localhost为数据库IP
root@ubuntu-test2:~# chown nginx.nginx /home/www/ -R
root@ubuntu-test3:~# systemctl restart php8.1-fpm.service
#按照图形界面填入配置信息完成安装,同时对ubuntu-test2进行相同配置
#配置ubuntu-test1反向Nginx代理
root@ubuntu-test1:~# vim /home/app/nginx/conf/conf.d/blog.conf
upstream webservers {
server 10.0.0.162:80;
server 10.0.0.163:80;
}
server{
listen 80;
server_name www.wlm.com;
client_max_body_size 100m;
location / {
proxy_pass http://webservers;
}
}
root@ubuntu-test1:~# systemctl reload nginx.service
扫一扫
241
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
