1, Overview
Nginx is a high-performance, lightweight Web service software.
advantage
(1) High stability
(2) Low system resource consumption
(3) High processing capacity for HTTP concurrent connections
(4) A single physical server can support 30000 ~ 50000 concurrent requests
2, Steps and practice of configuring Nginx
(1) Turn off the firewall and the software package required by nginx to the / opt directory
systemctl stop firewalld systemctl disable firewalld setenforce 0
(2) Install dependent packages
#The configuration and operation of nginx need the support of software packages such as pcre and zlib. Therefore, these installed development packages need to be installed in order to provide corresponding libraries and header files. yum -y install pcre-devel zlib-devel gcc gcc-c++ make
(3) Create run user (Group)
The Nginx service program runs as nobody by default. It is recommended to create a special user account for it to more accurately control its access rights.
useradd -M -s /sbin/nologin nginx
(4) Compile and install Nginx
cd /opt tar zxvf nginx-1.12.0.tar.gz cd /opt/nginx-1.12.0/ ./configure \ --prefix=/usr/local/nginx \ --user=nginx \ --group=nginx \ --with-http_stub_status_module #-----Configuration command interpretation --prefix=/usr/local/nginx #Specify the installation path of nginx --user=nginx #Specify user name --group=nginx #Specify group name --with-http_stub_status_module #Enable http_stub_status_module module to support status statistics #----- make -j 2 && make install #Let the system recognize the operation commands of nginx ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
(5) Check, start, restart and stop nginx service
#Check whether the configuration file is configured correctly nginx -t #Start (shut down the Apache service first) nginx #Check whether the port is started netstat -natp | grep 80 #stop it; First check the PID number of nginx cat /usr/local/nginx/logs/nginx.pid kill -3 <PID number> kill -s QUIT <PID number> killall -3 nginx killall -s QUIT nginx #restart kill -1 <PID number> kill -s HUP <PID number> killall -1 nginx killall -s HUP nginx #Log separator, reopen log file kill -USR1 <PID number> #Smooth upgrade kill -USR2 <PID number>
Five supplementary methods for viewing the pid number of Nginx
(6) Add Nginx system service
Method 1
vim /etc/init.d/nginx
#!/bin/bash
#chkconfig: - 99 20
#description:Nginx Service Control Script
COM="/usr/local/nginx/sbin/nginx"
PID="/usr/local/nginx/logs/nginx.pid"
case "$1" in
start)
$COM
;;
stop)
kill -s QUIT $(cat $PID)
;;
restart)
$0 stop
$0 start
;;
reload)
kill -s HUP $(cat $PID)
;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac
exit 0
#Add execution permissions for script files
chmod +x /etc/init.d/nginx
#Add as system service
chkconfig --add nginx
#Restart service
systemctl stop nginx
systemctl start nginx
#systemctl restart nginx
Method 2 (this method is used in this experiment)
vim /lib/systemd/system/nginx.service [Unit] Description=nginx After=network.target [Service] Type=forking PIDFile=/usr/local/nginx/logs/nginx.pid ExecStart=/usr/local/nginx/sbin/nginx ExecrReload=/bin/kill -s HUP $MAINPID ExecrStop=/bin/kill -s QUIT $MAINPID PrivateTmp=true [Install] WantedBy=multi-user.target chmod 754 /lib/systemd/system/nginx.service systemctl start nginx.service systemctl enable nginx.service
Note: in this step, you should first kill the previous pid number and reload the service.
3, The main configuration file of Nginx service Nginx Configuration and operation of conf
(1) Global configuration
vim /usr/local/nginx/conf/nginx.conf #Run the user. If it is not specified during compilation, it defaults to nobody #user nobody; #Number of working processes, which can be configured as the number of server cores * 2 worker_processes 1; #Location of the error log file #error_log logs/error.log; #Location of PID file #pid logs/nginx.pid;
(2) I/O event configuration
#About 12-15 rows
events {
#Using epoll model and system kernel of version 2.6 and above, it is recommended to use epoll model to improve performance
use epoll;
#Each process handles 4096 connections
worker_connections 4096;
}
#If you want to increase the number of connections per process, you also need to execute the command "ulimit -n 65535" to temporarily modify the maximum number of files that each local process can open at the same time.
#On the Linux platform, when dealing with highly concurrent TCP connections, the maximum number of concurrent connections is limited by the system to the number of files that can be opened by a single user process at the same time (this is because the system creates a socket handle for each TCP connection, and each socket handle is also a file handle).
#You can use ulimit -a command to view the limit of the number of files that the system allows the current user process to open
uname -r View kernel version
(3) HTTP configuration
http {
#File extension and file type mapping table
include mime.types;
#Default file type
default_type application/octet-stream;
#Log format setting
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#Access log location
#access_log logs/access.log main;
#Support file sending (downloading)
sendfile on;
#This option allows or disables TCP using socke_ The option of cork (cache data before sending packets), which is only used when sendfile is used
#tcp_nopush on;
#Connection hold timeout, in seconds
#keepalive_timeout 0;
keepalive_timeout 65;
##Gzip module settings, setting whether to enable gzip compressed output
#gzip on;
#Listening configuration of Web Services
server {
#Listening address and port
listen 80;
#The site domain name can have multiple, separated by spaces
server_name www.feng.com;
#Default character set for web pages
charset utf-8;
#Root configuration
location / {
#Location of website root directory / usr/local/nginx/html
root html;
#Default home page file name
index index.html index.htm;
}
#Feedback page for internal errors
error_page 500 502 503 504 /50x.html;
#Error page configuration
location = /50x.html {
root html;
}
}
}
(4) Verify
systemctl restart nginx.service echo "192.168.19.66 www.feng.com" >> /etc/hosts #Access with browser http://www.feng.com/ http://192.168.19.66/
4, Log format setting
$remote_addr And $http_x_forwarded_for Used to record the of the client ip Address; $remote_user: Used to record the client user name; $time_local: Used to record access time and time zone; $request: Used to record requests url And http agreement; $status: Used to record request status; Success is 200, $body_bytes_sent : Record the size of the main content of the file sent to the client; $http_referer: Used to record the information accessed from that page link; $http_user_agent: Record the relevant information of the client browser; usually web The server is placed behind the reverse proxy, so you can't get the information of the customer IP Address, through $remote_add Got it IP The address is the address of the reverse proxy server iP Address. The reverse proxy server is forwarding the request http Header information can be added x_forwarded_for Information to record the information of the original client IP Address and the server address requested by the original client. location Common configuration instructions, root,alias,proxy_pass root(Root path configuration) request www.feng.com/test,The file is returned/usr/local/nginx/html/test/index.html alias(Alias configuration) request www.feng.com/test,The file is returned/usr/local/nginx/html/index.html proxypass (Reverse proxy configuration) #Forward request to http://127.0.0.1:8080/1.jpg proxy_pass http://127.0.0.1:8080/; #Forward request to http://127.0.0.1:8080/test/1.jpg proxy_pass http://127.0.0.1:8080;
Practical operation
Root (root configuration)
Alias (alias configuration)
Move index. Under test HTML to / usr/local/nginx/html/test /, and then visit
5, Access status statistics configuration and Practice
(1) First check whether the Nginx service contains HTTP_STUB_STATUS module
/usr/local/nginx/sbin/nginx -V
(2) Modify nginx Conf configuration file, specify access location and add stub_status configuration
cd /usr/local/nginx/conf
cp nginx.conf nginx.conf.bak
vim /usr/local/nginx/conf/nginx.conf
......
http {
......
server {
listen 80;
server_name www.feng.com;
charset utf-8;
location / {
root html;
index index.html index.php;
}
#Add stub_status configuration
location /status {
stub_status on;
access_log off;
}
}
}
(3) Verify
systemctl restart nginx Browser access http://192.168.19.66/status Active connections : Indicates the current number of active connections; server accepts handled requests : Represents the connection information that has been processed. The three numbers represent the number of connections that have been processed and the number of successful connections in turn TCP Number of handshakes, number of requests processed.
6, Authorization access control configuration and Practice
(1) Generate user password authentication file
yum install -y httpd-tools htpasswd -c /usr/local/nginx/passwd.db kiki chown nginx /usr/local/nginx/passwd.db chmod 400 /usr/local/nginx/passwd.db
(2) Modify the directory corresponding to the main configuration file and add authentication configuration items
vim /usr/local/nginx/conf/nginx.conf
......
server {
location / {
......
#Add authentication configuration
auth_basic "secret";
auth_basic_user_file /usr/local/nginx/passwd.db;
}
}
(3) Restart the service and access the test
nginx -t systemctl restart nginx Browser access http://192.168.19.66 or www.feng.com com
7, Client access control configuration and Practice
Access control rules
(1) deny IP/IP segment: deny client access to an IP or IP segment.
(2) allow IP/IP segment: allows client access to an IP or IP segment.
(3) The rule is executed from top to bottom. If it matches, it will stop and no longer match from bottom to top.
vim /usr/local/nginx/conf/nginx.conf
......
server {
location / {
......
#Add control rule
#Access denied client IP
deny 192.168.19.66;
#Allow other IP clients to access
allow all;
}
}
systemctl restart nginx
Practical operation
8, Configuration and operation of Nginx virtual host based on domain name
(1) Provide domain name resolution for virtual host
echo "192.168.19.66 www.feng.com www.dian.com" >> /etc/hosts
(2) Prepare web document for virtual host
mkdir -p /var/www/html/feng mkdir -p /var/www/html/dian echo "<h1>this is feng</h1>" > /var/www/html/feng/index.html echo "<h1>this is dian</h1>" > /var/www/html/dian/index.html
(3) Modify the configuration file of Nginx
vim /usr/local/nginx/conf/nginx.conf
......
http {
......
server {
listen 80;
server_name www.feng.com;
charset utf-8;
access_log logs/www.feng.access.log;
location / {
root /var/www/html/feng;
index index.html index.php;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name www.dian.com;
charset utf-8;
access_log logs/www.dian.access.log;
location / {
root /var/www/html/dian;
index index.html index.php;
}
error_page 500 502 503 504 /50x.html;
location = 50x.html{
root html;
}
(4) Restart the service and access the test
#Check syntax nginx -t systemctl restart nginx #Browser access http://www.feng.com/ http://www.dian.com/
9, Configuration and operation of Nginx virtual host based on IP
(1) Add network card and domain name resolution
ifconfig ens33:0 192.168.19.100 netmask 255.255.255.0 echo "192.168.19.66 www.feng.com" >> /etc/hosts echo "192.168.19.100 www.dian.com" >> /etc/hosts
(2) Modify the configuration file of Nginx
vim /usr/local/nginx/conf/nginx.conf
......
http {
......
server {
listen 192.168.19.66:80;
server_name www.feng.com;
charset utf-8;
access_log logs/www.feng.access.log;
location / {
root /var/www/html/feng;
index index.html index.php;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 192.168.19.100:80;
server_name www.dian.com;
charset utf-8;
access_log logs/www.dian.access.log;
location / {
root /var/www/html/dian;
index index.html index.php;
}
error_page 500 502 503 504 /50x.html;
location = 50x.html{
root html;
}
(3) Restart the service and access the test
systemctl restart nginx #Browser access http://192.168.19.66/ http://192.168.19.100/
10, Port based configuration and operation of Nginx virtual host
vim /usr/local/nginx/conf/nginx.conf
......
http {
......
server {
listen 192.168.19.66:80;
server_name www.feng.com;
charset utf-8;
access_log logs/www.feng.access.log;
location / {
root /var/www/html/feng;
index index.html index.php;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 192.168.19.100:80;
server_name www.dian.com;
charset utf-8;
access_log logs/www.dian.access.log;
location / {
root /var/www/html/dian;
index index.html index.php;
}
error_page 500 502 503 504 /50x.html;
location = 50x.html{
root html;
}
systemctl restart nginx
Browser access
http://192.168.19.66:80
http://192.168.19.66:8080
Practical operation
summary
(1) There are five ways to check the pid number of Nginx
(2) When adding the Nginx system service, first kill the previous pid number and reload the service.