本章结构
- Nginx服务基础
- Nginx访问控制(deny allow 公司内部来源的访问)
- Nginx虚拟主机
- LNMP架构部署及应用
关于Nginx
- 一款高性能、轻量级Web服务软件
稳定性高
系统资源消耗低
对HTTP并发链接的处理能力高(单台物理服务器可支持30000~50000个并发请求)
Nginx编译安装
- 安装支持软件
[root@localhost~]# yum -y install pcre-devel zlib-devel
创建运行用户、组
[root@localhost ~]# useradd -M -s /sbin/nologin nginx
编译安装Nginx
[root@localhost nginx-1.12.0]# ln -s /usr/local/nginx/sbin/nginx/usr/local/sbin/
[root@localhost nginx-1.12.0]# ls -l /usr/local/sbin/nginx
lrwxrwxrwx 1 root root 275月16 16:50 /usr/local/sbin/nginx ->/usr/local/nginx/sbin/nainx
nginx命令执行路径优化
编译安装Nginx服务
1、关闭防火墙,将nginx包上传到/opt目录下
systemctl stop firewalld.service
systemctl disable firewalld.service
setenforce 0
直接把nginx安装包拖拽进去
2、编译安装Nginx
[root@localhost ~]# tar zxvf nginx-1.12.2.tar.gz -C /opt
3、安装依赖包
[root@localhost ~]# yum -y install gcc gcc-c++ pcre-devel zlib-devel make
[root@localhost nginx-1.12.2]# ./configure
--prefix=/usr/local/nginx
--user=nginx
--group=nginx
--with-http_stub_status_module
[root@localhost nginx-1.12.2]# make && make install
[root@localhost nginx-1.12.2]# useradd -M -s /sbin/nologin nginx 添加一个用户
[root@localhost nginx-1.12.2]# ln -s /usr/local/nginx/sbin/* /usr/local/sbin/ 创建一个软链接
[root@localhost nginx-1.12.2]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful 检查语法
4、检查、启用、添加系统管理
a:常用命令
nginx -t 检查配置文件是否配置正确
nginx 启动
- 停止nginx服务
cat /usr/local/nginx/logs/nginx.pid 首先查看nginx的PID号
kill -3 <PID号>
kill -s QUIT <PID号>
killall -3 nginx
killall -s QUIT nginx - 重载
kill -1 <PID号>
kill -s HUP <PID号>
killall -1 nginx
killall -s HUP <PID号>
b:添加Nginx 系统服务(systemct or service)
vim /etc/init.d/nginx
#!/bin/bash
# chkconfig: - 99 20 # chkcofig - “-” 表示不启用开机启动管理 (同时 若不加“#”, chkconfig add nginx 会加载不到配置)
# description: Nginx Service Control Script
COM="/usr/local/nginx/sbin/nginx" #命令程序文件位置(nginx)
PID="/usr/local/nginx/logs/nginx.pid" #pid文件
case "$1" in
start)
$COM
;;
stop)
kill -s QUIT $(cat $PID)
;;
restart)
$0 stop
$0 start
;;
reload)
kill -s HUP $(cat $PID)
;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac
exit 0
[root@localhost opt]# cd nginx-1.12.2 进入,为nginx添加权限
[root@localhost init.d]# chmod +x nginx
[root@localhost init.d]# chkconfig --add nginx 添加为系统服务,让系统可识别
[root@localhost init.d]# systemctl status nginx
● nginx.service - SYSV: Nginx Service Control Script
Loaded: loaded (/etc/rc.d/init.d/nginx; bad; vendor preset: disabled)
Active: inactive (dead)
Docs: man:systemd-sysv-generator(8)
[root@localhost init.d]# systemctl start nginx
启动成功后,此时可在/etc/rc.d/init.d目录下查看到nginx服务
systemctl管理
[root@localhost ~]# vim /usr/lib/systemd/system/nginx.service
[Unit]
Description=nginx 描述
After=network.target 描述服务类别
[Service]
Type=forking #后台运行类型
PIDFile =/usr/local/nginx/logs/nginx.pid #PID文件位置
ExecStart=/usr/local/nginx/sbin/nginx #启动服务
ExecReload=/bin/kill -s HUP $MAINPID #根据PID重载配置
ExecStop=/bin/kill -s QUIT $MAINPID #根据PID终止进程
PrivateTmp=true
[Install]
WantedBy=multi-user.targe #启动级别
~ wq 保存退出
[root@localhost system]# chmod 754 nginx.service #设置754权限是一种安全优化
[root@localhost system]# systemctl start nginx.service
[root@localhost system]# systemctl enable nginx.service
[root@localhost html]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.112.128 www.ky11.com 添加域名
~
- 查看 nginx主配置
先对nginx.conf文件进行一个备份
[root@localhost conf]# cp nginx.conf nginx.conf.bak
编辑nginx的主配置文件
[root@localhost conf]# vim nginx.conf
37 server_name www.ky11.com; 修改第37行 命名
访问状态统计
[root@localhost html]# nginx -V 查看在configure中配置了哪些内容
nginx version: nginx/1.12.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module
[root@localhost html]# cd ../conf
[root@localhost conf]# vim nginx.conf 编辑配置文件
47 location /status {
48 stub_status on;
49 access_log off;
50 } 添加内容
[root@localhost conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost conf]# systemctl restart nginx
[root@localhost conf]# netstat -natp | grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 80358/nginx: master
访问控制
基于授权的访问控制
htpasswd:htpasswd 是一个用于目录访问权限认证的一个工具
-c:创建密码文件,如果文件存在,那么内容被清空重写
[root@localhost html]# yum install -y httpd-tools 生成用户密码认证文件
[root@localhost html]# htpasswd -c /usr/local/nginx/passwd.db zhangsan 创建一个用户并添加密码
New password:
Re-type new password:
Adding password for user zhangsan
[root@localhost html]# chown nginx /usr/local/nginx/passwd.db 添加nginx管理
[root@localhost html]# chmod 400 /usr/local/nginx/passwd.db 给予400权限
修改主配置文件相对应目录,添加认证配置项
[root@localhost html]# vim /usr/local/nginx/conf/nginx.conf
[root@localhost html]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost html]# systemctl restart nginx 重新启动
[root@localhost html]# systemctl status nginx
● nginx.service - SYSV: Nginx Service Control Script
Loaded: loaded (/etc/rc.d/init.d/nginx; disabled; vendor preset: disabled)
Active: active (running) since 三 2021-06-23 00:21:40 CST; 14s ago
Docs: man:systemd-sysv-generator(8)
Process: 80640 ExecStop=/etc/rc.d/init.d/nginx stop (code=exited, status=0/SUCCESS)
Process: 80642 ExecStart=/etc/rc.d/init.d/nginx start (code=exited, status=0/SUCCESS)
Tasks: 2
CGroup: /system.slice/nginx.service
├─80644 nginx: master process /usr/local/nginx/sbin/nginx
└─80645 nginx: worker process
6月 23 00:21:40 localhost.localdomain systemd[1]: Stopped SYSV: Nginx...
6月 23 00:21:40 localhost.localdomain systemd[1]: Starting SYSV: Ngin...
6月 23 00:21:40 localhost.localdomain systemd[1]: Started SYSV: Nginx...
Hint: Some lines were ellipsized, use -l to show in full.
在主配置文件中添加
再次访问需要密码
基于客户端的访问控制
访问控制规则如下:
deny IP/IP段: 拒绝某个IP或IP段的客户端访问allow IP/IP段:允许某个IP或IP段的客户端的访问规则从上往下执行,如匹配则停止,不再往下匹配
vim /usr/ local/nginx/ conf/ nginx.conf
location / {
root html;
index index.html index.htm;
deny 192.168.226.1;
#添加拒绝访问的客户瑞的IP
allow all;
#添加允许其他IP客户端访问
虚拟主机
1、基于域名nginx虚拟主机
a:添加域名解析
echo "192.168.80.2 www.lv.com www.zhao.com" >> /etc/hosts
b:访问两个不同的域名,需创建两个新的网站目录
[root@wang nginx]# mkdir -p /var/www/html/lv
[root@wang nginx]# mkdir -p /var/www/html/zhao
[root@wang ~]# echo "<h1> hello </h1>" > /var/www/html/lv/index.html
[root@wang ~]# echo "<h1> world </h1>" > /var/www/html/zhao/index.html 创建站点首页
c:编辑主配置文件
[root@wang conf]# vim nginx.conf 编辑主配置文件
[root@wang conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful 检查主配置文件
[root@wang conf]# systemctl restart nginx 重启
d:访问
基于端口的虚拟主机
a:创建8080端口的网页文件
[root@wang ~]# mkdir -p /var/www/html/lv8080/
[root@wang ~]# echo "<h1> lv8080.com </h1>" > /var/www/html/lv8080/index.html
编辑配置文件
b:重启服务后访问
基于不同IP访问
a:临时添加一块网卡
[root@wang ~]# ifconfig ens33:0 192.168.112.100 netmask 255.255.255.0
[root@wang ~]# mkdir -p /var/www/html/zhao100
[root@wang ~]# echo "<h1> www.zhao100.com </h1>" > /var/www/html/zhao100/index.html
[root@wang ~]# echo "192.168.112.100 www.zhao.com" >> /etc/hosts
编辑配置文件,保存退出。重新启动
b:访问