编译安装
可以自定义一些特殊的功能:无法解决软件依赖关系
1、部署的环境
[root@moban tools]# cat /etc/redhat-release CentOS release 6.9 (Final) [root@moban scripts]# uname -r 2.6.32-696.el6.x86_64 [root@moban tools]# uname -m x86_64 [root@moban tools]# uname -a Linux moban 2.6.32-696.el6.x86_64 #1 SMP Tue Mar 21 19:29:05 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
2、官网下载nginx
wget http://nginx.org/download/nginx-1.14.0.tar.gz
官网地址:http://nginx.org/
3、安装依赖
yum install -y pcre-devel openssl-devel gcc
perl正则表达式兼容工具 rewrite模块 匹配一个信息进行替换
openssl实现https访问
4、worker进程由指定用户管理-- www
useradd -s /sbin/nologin -M www
5、编译安装nginx
cd /server/tools/ tar xf nginx-1.14.0.tar.gz cd nginx-1.14.0 ./configure --prefix=/application/nginx-1.14 --user=www --group=www --with-http_stub_status_module --with-http_ssl_module echo $? make && make install
--prefix=PATH set installation prefix -->设置程序安装路径信息 --user=USER set non-privileged user for worker processes -->设置虚拟用户管理worker进程 --group=GROUP set non-privileged group for worker processes --with-http_ssl_module enable ngx_http_ssl_module -->启用ssl功能 --with-http_stub_status_module enable ngx_http_stub_status_module -->启用监控nginx状态的模块
6、创建软链接
ln -s /application/nginx-1.14 /application/nginx
7、启动nginx
/application/nginx/sbin/nginx
安装nginx全过程
mkdir -p /server/tools cd /server/tools/ wget http://nginx.org/download/nginx-1.14.0.tar.gz yum install -y pcre-devel openssl-devel useradd -s /sbin/nologin -M www cd /server/tools/ tar xf nginx-1.14.0.tar.gz cd nginx-1.14.0 ./configure --prefix=/application/nginx-1.14 --user=www --group=www --with-http_stub_status_module --with-http_ssl_module echo $? make && make install ln -s /application/nginx-1.14 /application/ngi
nx
ngx_http_status_module -->状态模块 ngx_http_ssl_module ngx_http_log_module -->日志模块 ngx_http_upstream_module -->节点池,只能应用于http模块下 ngx_http_proxy_module -->代理模块
[root@web01 ~]# ll /application/nginx/ total 36 drwx------ 2 www root 4096 Sep 4 17:43 client_body_temp drwxr-xr-x 2 root root 4096 Sep 5 14:49 conf -->配置文件保存路径(nginx.conf) drwx------ 2 www root 4096 Sep 4 17:43 fastcgi_temp drwxr-xr-x 2 root root 4096 Sep 4 17:42 html -->站点目录,整合网站资源 drwxr-xr-x 2 root root 4096 Sep 4 23:56 logs -->日志文件(错误日志文件 访问日志文件 进程pid文件) drwx------ 2 www root 4096 Sep 4 17:43 proxy_temp drwxr-xr-x 2 root root 4096 Sep 4 17:42 sbin -->程序命令保存路径
drwx------ 2 www root 4096 Sep 4 17:43 scgi_temp
drwx------ 2 www root 4096 Sep 4 17:43 uwsgi_temp
nginx软件常用命令/application/nginx/sbin/nginx #-->启动 /application/nginx/sbin/nginx -s reload #-->平滑重启 /application/nginx/sbin/nginx -s stop #-->关闭 /application/nginx/sbin/nginx -t #-->检查配置文件语法是否正确 是否可以应用 /application/nginx/sbin/nginx -V #查看nginx软件编译安装配置参数信息 还有看到版本信息
echo 'export PATH=$PATH:/application/nginx/sbin' >>/etc/profile source /etc/profile echo $PATH #检查环境变量是否添加成功 [root@web01 ~]# echo $PATH /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/application/nginx/sbin
sed -ri '/#|^$/d' /application/nginx/conf/nginx.conf
nginx.conf配置文件详解
nginx.conf配置文件规范总结:
1、配置文件中指令或者参数,一定要编写正确(拼写 位置)
2、每一个区块都是有成对大括号组成
3、所有区块中的指令信息结尾都要有分号
虚拟主机配置
单域名配置
vim /application/nginx/conf/nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name www.abc.com;
location / {
root html/www;
index index.html index.htm;
}
}
}/application/nginx/sbin/nginx -t
/application/nginx/sbin/nginx
创建首页文件
mkdir -p /application/nginx/html/www cp /application/nginx/html/index.html /application/nginx/html/www/index.html
windows添加hosts浏览器访问
windows的hosts文件位置:C:\Windows\System32\drivers\etc
多域名配置
cat /application/nginx/conf/nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name www.abc.com;
location / {
root html/www;
index index.html index.htm;
}
}
server {
listen 80;
server_name bbs.abc.com;
location / {
root html/bbs;
index index.html index.htm;
}
}
server {
listen 80;
server_name blog.abc.com;
location / {
root html/blog;
index index.html index.htm;
}
}
}重载nginx
/application/nginx/sbin/nginx -t
/application/nginx/sbin/nginx -s reload
创建首页文件
mkdir -p /application/nginx/html/{www,bbs,blog}
for i in www bbs blog;do echo "web01 $i.abc.com" >/application/nginx/html/$i/index.html;done
检查是否创建成功
for i in www bbs blog;do cat /application/nginx/html/$i/index.html;done
web服务本地添加hosts 访问
[root@moban nginx]# curl www.abc.com web01 www.abc.com [root@moban nginx]# curl bbs.abc.com web01 bbs.abc.com [root@moban nginx]# curl blog.abc.com web01 blog.abc.com
[
root@web01 ~]# for i in www bbs blog;do curl $i.abc.com;sleep 2;done web01 www.abc.com web01 bbs.abc.com web01 blog.abc.com [root@web01 ~]#
windows添加hosts 浏览器访问,观察是否是对应的页面信息
基于端口-访问网站过程
配置过程
vim /application/nginx/conf/nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 8080;
server_name www.abc.com;
location / {
root html/www;
index index.html index.htm;
}
}
server {
listen 80;
server_name bbs.abc.com;
location / {
root html/bbs;
index index.html index.htm;
}
}
server {
listen 80;
server_name blog.abc.com;
location / {
root html/blog;
index index.html index.htm;
}
}
}
重载nginx
/application/nginx/sbin/nginx -t
/application/nginx/sbin/nginx -s reload
windows浏览器访问 www.abc.com:8080
windows浏览器访问www.abc.com没有加端口时
windows浏览器访问bbs.abc.com:8080加端口8080时
造成原因
当配置了端口信息的虚拟主机如(www.abc.com)8080,但在浏览器访问时,并没有指定8080端口去访问,以默认端口(www.abc.com)80访问网站时访问到的将是虚拟主机中配置的第一个以80为端口的虚拟主机,也就是bbs.abc.com虚拟主机
当访问时(bbs.abc.com)8080时,指定了8080端口,但却没有指定正确的域名,将会寻找到的是指定了对应8080端口的虚拟主机www.abc.com的页面
基于IP配置虚拟主机
基于IP的虚拟主机,这里的IP是linux系统中的拥有IP地址信息,表示监听系统中指定的IP地址,访问时也只能从监听的IP地址访问到该虚拟主机
注意:nginx配置文件中只要涉及IP地址的修改,必须真正重启nginx服务(不能采用平滑重启)
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 10.0.0.7:80;
server_name www.abc.com;
location / {
root html/www;
index index.html index.htm;
}
}
server {
listen 172.16.1.7:80;
server_name bbs.abc.com;
location / {
root html/bbs;
index index.html index.htm;
}
}
#server {
# listen 80;
# server_name blog.abc.com;
# location / {
# root html/blog;
# index index.html index.htm;
# }
#}
}
重启nginx
/application/nginx/sbin/nginx -s stop
/application/nginx/sbin/nginx
检查是否监听了指定网卡IP
[root@web01 ~]# netstat -lnp|grep nginx tcp 0 0 172.16.1.7:80 0.0.0.0:* LISTEN 1861/nginx tcp 0 0 10.0.0.7:80 0.0.0.0:* LISTEN 1861/nginx [root@web01 ~]#显示站点目录结构配置-除非特殊情况,否则不要开启
模拟故障,移除站点首页文件(index.html)
mv /application/nginx/html/www/index.html /application/nginx/html/www/index.html.bak
配置显示站点目录 目录结构
vim /application/nginx/conf/nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name www.abc.com;
location / {
root html/www;
index index.html index.htm;
autoindex on; #除非特殊情况,否则不要开启
}
}
server {
listen 80;
server_name bbs.abc.com;
location / {
root html/bbs;
index index.html index.htm;
}
}
#server {
# listen 80;
# server_name blog.abc.com;
# location / {
# root html/blog;
# index index.html index.htm;
# }
#}
}
重启nginx
/application/nginx/sbin/nginx -s stop
/application/nginx/sbin/nginx
创建站点目录的目录结构
touch /application/nginx/html/www/{01..10}.txt
mkdir /application/nginx/html/www/{01..10}
浏览器访问,当浏览器找不到首页文件(index.html),就会显示出来 站点目录下的目录结构
规范化配置虚拟主机配置文件
1、生成虚拟主机文件以及虚拟主机文件保存目录
1、创建虚拟主机目录
mkdir -p /application/nginx/conf/extra
将虚拟主机各自的配置文件都放置到该目录下
2、生成虚拟主机各自的配置文件
sed -n '10,17p' /application/nginx/conf/nginx.conf >/application/nginx/conf/extra/www.conf sed -n '18,25p' /application/nginx/conf/nginx.conf >/application/nginx/conf/extra/bbs.conf sed -n '26,33p' /application/nginx/conf/nginx.conf >/application/nginx/conf/extra/blog.conf
查看结果
cat /application/nginx/conf/extra/www.conf
server {
listen 80;
server_name www.abc.com;
location / {
root html/www;
index index.html index.htm;
}
}cat /application/nginx/conf/extra/bbs.conf
server {
listen 80;
server_name bbs.abc.com;
location / {
root html/bbs;
index index.html index.htm;
}
}cat /application/nginx/conf/extra/blog.conf
server {
listen 80;
server_name blog.abc.com;
location / {
root html/blog;
index index.html index.htm;
}
}
使用cat添加方法
www虚拟主机
cat >/application/nginx/conf/extra/www.conf <<EOF
server {
listen 80;
server_name www.abc.com;
location / {
root html/www;
index index.html index.htm;
}
}
EOFbbs虚拟主机
cat >/application/nginx/conf/extra/bbs.conf <<EOF
server {
listen 80;
server_name bbs.abc.com;
location / {
root html/bbs;
index index.html index.htm;
}
}
EOFblog虚拟主机
cat >/application/nginx/conf/extra/blog.conf <<EOF
server {
listen 80;
server_name blog.abc.com;
location / {
root html/blog;
index index.html index.htm;
}
}
EOF
3、配置主配置文件
vim /application/nginx/conf/nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include /application/nginx/conf/extra/www.conf;
include /application/nginx/conf/extra/blog.conf;
include /application/nginx/conf/extra/bbs.conf;
}
#使用cat添加
cat >/application/nginx/conf/nginx.conf <<EOF
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include /application/nginx/conf/extra/www.conf;
include /application/nginx/conf/extra/blog.conf;
include /application/nginx/conf/extra/bbs.conf;
}
EOF注意:include指定虚拟主机时最好不要指定整个目录如extra/* 当使用IP访问web服务器时,出来的网站内容可能不是我们想要的www网站对应的内容,而是在虚拟主机目录extra/下使用ll查看时的默认排序-以字母排序,第一个虚拟主机,nginx默认这样查找
4、重启nginx
/application/nginx/sbin/nginx -s stop
/application/nginx/sbin/nginx
别名配置主要用于运维人员访问相应正确的web服务器,zabbix监控对应的web服务器
cat /application/nginx/conf/extra/www.conf
server {
listen 80;
server_name www.abc.com abc.com www01.abc.com;
location / {
root html/www;
index index.html index.htm;
}
}重载nginx
/application/nginx/sbin/nginx -s reload
windows中hosts添加abc.com www01.abc.com,然后访问
状态模块功能nginx -V --查看编译参数中,是否加载了状态模块信息(--with-http_stub_status_module)
[root@web01 ~]# /application/nginx/sbin/nginx -V nginx version: nginx/1.14.0 built by gcc 4.4.7 20120313 (Red Hat 4.4.7-18) (GCC) built with OpenSSL 1.0.1e-fips 11 Feb 2013 TLS SNI support enabled configure arguments: --prefix=/application/nginx-1.14 --user=www --group=www --with-http_stub_status_module --
with-http_ssl_module
1、配置状态模块功能
cat >/application/nginx/conf/extra/status.conf <<EOF
server {
listen 80;
server_name status.abc.com;
location / {
stub_status on;
access_log off;
}
}
EOF2、主配置文件添加该模块功能虚拟主机
#使用cat添加
cat >/application/nginx/conf/nginx.conf <<EOF
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include /application/nginx/conf/extra/www.conf;
include /application/nginx/conf/extra/blog.conf;
include /application/nginx/conf/extra/bbs.conf;
include /application/nginx/conf/extra/status.conf;
}
EOF3、windows中status.abc.com到hosts中,浏览器访问
4、如何截取数值
curl status.abc.com -s|awk 'NR==1{print $3}'
[root@moban ~]# curl status.abc.com -s|awk 'NR==1{print $3}'
1curl status.abc.com -s|awk 'NR==3'
[root@moban ~]# curl status.abc.com -s|awk 'NR==3' 1325057 1325057 1325296
参数:-s 不显示不必要的一些内容
当不加-s参数时会显示出来很多不必要的内容
curl status.abc.com |awk 'NR==1{print $3}'
[root@moban ~]# curl status.abc.com |awk 'NR==1{print $3}'
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
115 115 115 115 0 0 102k 0 --:--:-- --:--:-- --:--:-- 112k
1
状态模块显示结果详解
Active connections: 1 #表示Nginx 正处理的活动连接数有1 个,当前活动客户端连接数量包含waiting连接数量
server accepts handled requests
19 19 52
Reading: 0 Writing: 1 Waiting: 0
其中第一个server 19 表示Nginx启动到现在共处理了 19 个连接,接收客户端连接的总数量
第二个表示server 19 表示Nginx启动到现在共成功创建了 19 次握手
请求丢失数=(握手数-连接数),可以看出,本次状态显示没有丢失请求数
第三个 handled requests 52表示总共处理了 52 次请求
Reading 为Nginx读取到客户端的Header信息数,当前nginx正在读取请求头的连接数,http请求报文的数量
Writing 为Nginx返回给客户端的Writing信息数,当前nginx将响应写回客户机的连接数量,http响应报文的数量
Waiting 为Nginx已经处理完正在等候下一次请求指令的驻留连接,在开启 keep-alive的情况下,这个值等于active—(reading+writing)
1、nginx错误日志信息
nginx错误日志信息介绍:
配置记录Nginx的错误信息是调试Nginx服务的重要手段,属于核心功能模块(ngx_core_module)的参数,该参数名为error_log,可以放在Main区块中全局配置,也可以放置不同的虚拟主机中单独记录
error_log 的语法格式及参数语法说明:
error_log file level;
关键字 日志文件位置 错误日志级别
错误日志级别: -->级别越高,记录的信息越少
debug 调试级别 输出日志信息最全 最低级别
info 普通级别 输出提示信息
notice 注意级别 输出注意信息
warn 警告级别 输出一些无关紧要的错误信息
error 错误级别 有影响服务正常运行的错误了(重点关注) 默认级别
crit 严重级别 比错误级别更严重些
alert 更严重级别
emerg 崩溃级别 输出的日志信息最少 最高级别
其中,关键字error_log不能改变,日志文件可以指定任意存放日志的目录,错误日志级别常见的有[debug|info|notice|warn|error|crit|alert|emerg ],级别越高,记录信息越少,生产场景一般是warn|error|crit这三个级别之一,注意不要配置info等较低级别,会带来巨大磁盘I/O消耗
error_log的默认值为:
#default: error_log logs/error.log error;
可以放置的标签段为:
#context: main http server location
01、配置全局错误日志
#使用cat添加
cat >/application/nginx/conf/nginx.conf <<EOF
worker_processes 1;
error_log logs/error.log;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include /application/nginx/conf/extra/www.conf;
include /application/nginx/conf/extra/blog.conf;
include /application/nginx/conf/extra/bbs.conf;
include /application/nginx/conf/extra/status.conf;
}
EOF02、重载nginx
/application/nginx/sbin/nginx -t
/application/nginx/sbin/nginx -s reload
2、nginx访问日志
01、配置全局访问日志
#使用cat添加
cat >/application/nginx/conf/nginx.conf <<EOF
worker_processes 1;
error_log logs/error.log;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
#访问日志配置
log_format main '\$remote_addr - \$remote_user [\$time_local] "\$request" '
'\$status \$body_bytes_sent "\$http_referer" '
'"\$http_user_agent" "\$http_x_forwarded_for"';
access_log logs/access.log main;
include /application/nginx/conf/extra/www.conf;
include /application/nginx/conf/extra/blog.conf;
include /application/nginx/conf/extra/bbs.conf;
include /application/nginx/conf/extra/status.conf;
}
EOF注意:可以在/application/nginx/conf/nginx.conf.default找到该配置 复制过来使用
02、提升网站访问性能 的访问日志
在记录日志参数中加上buffer和flush选项,这样可在高并发场景下提升网站访问性能
#使用cat添加
cat >/application/nginx/conf/nginx.conf <<EOF
worker_processes 1;
error_log logs/error.log;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
#访问日志配置
log_format main '\$remote_addr - \$remote_user [\$time_local] "\$request" '
'\$status \$body_bytes_sent "\$http_referer" '
'"\$http_user_agent" "\$http_x_forwarded_for"';
access_log logs/access.log main buffer=32k flush=5s;
include /application/nginx/conf/extra/www.conf;
include /application/nginx/conf/extra/blog.conf;
include /application/nginx/conf/extra/bbs.conf;
include /application/nginx/conf/extra/status.conf;
}
EOF重载nginx
/application/nginx/sbin/nginx -t
/application/nginx/sbin/nginx -s reload
03、配置参数详解
10.0.0.1 - - [04/Sep/2018:00:54:57 +0800] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0" "-" #访问日志配置 log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log logs/access.log main; $remote_addr 10.0.0.1 访问端(客户端)IP地址信息 $remote_user 显示远程访问者用户信息 [$time_local] [04/Sep/2018:00:54:57 +0800] 显示访问时间信息 时区信息 $request GET / HTTP/1.1 请求行信息 $status 304 状态码信息 补充: 304状态,表示客户端本地有缓存信息 $body_bytes_sent 0 响应报文主体内容大小 $http_referer - 显示通过什么网站超链接到本地网站上 $http_user_agen Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0 客户端浏览网页工具信息,客户端访问的浏览器信息 $http_x_forwarded_for - 反向代理内容浏览器显示图标
实现方法:
在站点目录中上传一个图片,并重命名为favicon.ico,就可以了
[root@web01 www]# rz -E
rz waiting to receive.
[root@web01 www]# ls
index.html QQ截图20180906115017.png
[root@web01 www]# mv QQ* favicon.ico
[root@web01 www]# ls
favicon.ico index.html
[root@web01 www]#
修改成功后 浏览器访问
根据用户请求网站地址URL进行配置,匹配成功即进行相关操作
location 语法:
location [=|~|~*|^~|@] uri {...}
指令 匹配标识 匹配的网站 匹配URI后要执行的配置文件
= 精确匹配,指定的什么的内容就匹配的什么内容,优先级最高,无论放置的顺序如何,都将优先被匹配并执行
^~ 的作用是在进行常规的字符串匹配检查后,不做正则表达式检查(不支持正则表达式),即如果最明确的那个字符串匹配的location 配置中有此前缀,那么不做正则表达式的检查,效果与~类似但是不支持正则,匹配优先级高于~,不会讲uri中正则信息进行识别
~ 用于区分大小写(大小写敏感)的匹配;
~* 用于不区分大小写的匹配
还可以用逻辑操作符 ! 对上面取反即,否定式正则匹配:
!~ 和 !~* ,在不匹配指定uri信息的时候,做相应处理
总述:精确匹配(=) > 字符串打头匹配(^~) > 正则匹配(~或~*) >否定式正则匹配(!~或!~*) > 通用匹配(/)。两种正则当中,区分大小写的优先级高,也就是不带*的优先级高
官方案例
location / {
return 401; #默认匹配,只有当下面的都不匹配时才会出现401,如www.abc.com/sdasd/
}
location = / {
return 402; #当访问www.abc.com时会出现402 精确匹配到了 = / 优先级最高的
}
location /documents/ {
return 403; #当访问 www.abc.com/documents/时会出现403 因为内容比 / 更多,更精确了
}
location ^~ /images/ {
return 404; #当访问www.abc.com/images/aa.jpg时会匹配到404,因为^~优先级比~*高
}
location ~* \.(gif|jpg|jpeg)$ {
return 500; #当访问以 .gif jpg jpeg 又没有/images/时才会匹配到500
}
location目录对控制
针对目录访问控制
vim /application/nginx/conf/extra/www.conf
server {
listen 80;
server_name www.abc.com abc.com www01.abc.com;
location / {
root html/www;
index index.html index.htm;
}
location /AV {
root html/www;
index index.html index.htm;
allow 172.16.1.0/24;
deny all;
}
}重载服务
/application/nginx/sbin/nginx -t
/application/nginx/sbin/nginx -s reload
创建测试目录
mkdir -p /application/nginx/html/www/AV
echo "web01 www" >/application/nginx/html/www/AV/oldboy.html
