一、 Nginx简介
- Nginx (“engine x”) 是一个高性能的HTTP和反向代理服务器,也是一个IMAP/POP3/SMTP服务器。Nginx是由Igor Sysoev为俄罗斯访问量第二的Rambler.ru站点开发的,第一个公开版本0.1.0发布于2004年10月4日。其将源代码以类BSD许可证的形式发布,因它的稳定性、丰富的功能集、示例配置文件和低系统资源的消耗而闻名。2011年6月1日,nginx 1.0.4发布。
- Nginx是一款轻量级的Web 服务器/反向代理服务器及电子邮件(IMAP/POP3)代理服务器,并在一个BSD-like 协议下发行。由俄罗斯的程序设计师IgorSysoev所开发,供俄国大型的入口网站及搜索引擎Rambler(俄文:Рамблер)使用。其特点是占有内存少,并发能力强,事实上nginx的并发能力确实在同类型的网页服务器中表现较好,中国大陆使用nginx网站用户有:百度、京东、新浪、网易、腾讯、淘宝等。
- Nginx下载地址:http://nginx.org/
- Nginx官方网站:https://www.nginx.com/
二、Nginx安装
- 安装快速HTTP服务器“Nginx”并配置HTTP服务器
# install from EPEL
[root@linuxprobe~]# yum --enablerepo=epel -y install nginx
# 基础设置
[root@linuxprobe~]# vi /etc/nginx/nginx.conf
# line 40: change hostname
server_name linuxprobe.org;
[root@linuxprobe ~]# systemctl start nginx
[root@linuxprobe ~]# systemctl enable nginx
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
[root@linuxprobe ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain linuxprobe.org
10.1.1.56 vdevops.com
# 开启防火墙
[root@linuxprobe ~]# firewall-cmd --add-service=http --permanent
success
[root@linuxprobe ~]# firewall-cmd --reload
success
- 客户端设置hosts,从浏览器访问linuxprobe.org
虚拟主机设置
- 配置nginx
[root@linuxprobe ~]# vi /etc/nginx/conf.d/linuxcool.com.conf
# create new
server {
listen 80;
server_name linuxcool.com;
location / {
root /usr/share/nginx/linuxcool;
index index.html index.htm;
}
}
[root@linuxprobe ~]# mkdir /usr/share/nginx/linuxcool
[root@linuxprobe w ~]# systemctl restart nginx
- 创建测试页面
[root@linuxprobe ~]# vi /usr/share/nginx/virtual.host/index.html
<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
Nginx LinuxCool Test Page
</div>
</body>
</html>
Nginx:用户目录配置
- 修改配置文件
[root@linuxprobe ~]# vi /etc/nginx/nginx.conf
# add into "server" section
location ~ ^/~(.+?)(/.*)?$ {
alias /home/$1/public_html$2;
index index.html index.htm;
autoindex on;
}
[root@linuxprobe ~]# systemctl restart nginx
# 切到普通用户
[wang@linuxprobe~]$ chmod 711 /home/cent
[wang@linuxprobe~]$ mkdir ~/public_html
[wang@linuxprobe~]$ chmod 755 ~/public_html
[wang@linuxprobe~]$ vi ~/public_html/index.html
<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
Nginx UserDir Test Page
</div>
</body>
</html>
- 浏览器访问测试配置是否正确
配置Nginx开启SSL
- 第一步,创建证书,参考:http://blog.csdn.net/wh211212/article/details/52982917
- 第二步,配置nginx.conf
[root@linuxprobe~]# vi /etc/nginx/nginx.conf
# add into "server" section
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl;
server_name linuxprobe.org;
root /usr/share/nginx/html;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE+RSAGCM:ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!aNULL!eNull:!EXPORT:!DES:!3DES:!MD5:!DSS;
ssl_certificate /etc/pki/tls/certs/server.crt;
ssl_certificate_key /etc/pki/tls/certs/server.key;
[root@linuxprobe~]# systemctl restart nginx
- 防火墙开启https通信
[root@linuxprobe~]# firewall-cmd --add-service=https --permanent
success
[root@linuxprobe~]# firewall-cmd --reload
success
Nginx 设置访问认证
- 对web页面访问进行控制
# 以auth_basic目录为例
[root@linuxprobe~]# yum -y install httpd-tools
[root@linuxprobe~]# vi /etc/nginx/nginx.conf
# add into "server" section
location /auth_basic {
auth_basic "Basic Auth";
auth_basic_user_file "/etc/nginx/.htpasswd";
}
[root@linuxprobe~]# htpasswd -c /etc/nginx/.htpasswd wang
New password: # set password
Re-type new password:
Adding password for user wang
[root@www ~]# systemctl restart nginx
# 创建目录及测试页面
[root@linuxprobe ~]# mkdir /usr/share/nginx/html/auth_basic
[root@linuxprobe ~]# vim /usr/share/nginx/html/auth_basic/index.html
<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
Nginx UserDir Test Page
</div>
</body>
</html>
- 客户端从浏览器访问测试,查看结果
Nginx 反向代理设置
- 配置通过http方式,nginx的80端口转发到后端apache的80端口
[root@linuxprobe ~]# vi /etc/nginx/nginx.conf
# change like follows in "server" section
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name linuxprobe.org;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
location / {
proxy_pass http://vdevops.org/;
}
}
[root@linuxprobe ~]# systemctl restart nginx
- 后端apache服务设置
[root@vdevops~]# vi /etc/httpd/conf/httpd.conf
# line 196: change
LogFormat "\"%{X-Forwarded-For}i\"
%l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
[root@vdevops~]# systemctl restart httpd
# 通过elinks(模拟浏览器访问)访问验证
[root@localhost ~]# yum -y install elinks
[root@linuxprobe ~]# elinks http://linuxprobe.org/
Nginx && PHP-FPM
- 安装php-fpm解析php页面
[root@linuxprobe ~]# yum --enablerepo=epel -y install php php-mbstring php-pear php-fpm
- 配置 Configure PHP-FPM and Ngin
[root@linuxprobe ~]# vi /etc/php-fpm.d/www.conf
# line 39: change
user = nginx
# line 41: change
group = nginx
[root@linuxprobe ~]# systemctl start php-fpm
[root@linuxprobe ~]# systemctl enable php-fpm
[root@linuxprobe ~]# vi /etc/nginx/nginx.conf
# add into "server" section
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
include fastcgi_params;
}
[root@linuxprobe ~]# systemctl restart nginx
- 创建php测试页
[root@www ~]# echo "<?php phpinfo() ?>" > /usr/share/nginx/html/info.php