1, Nginx website service

• A high-performance, lightweight Web service software
• High stability
• Low system resource consumption
• High processing capacity for HTTP concurrent connections
• A single physical server can support 30000 ~ 50000 concurrent requests

① Installing nginx lightweight web services

1. Turn off the firewall and the software package required by nginx to the / opt directory

systemctl stop firewalld
systemctl disable firewalld
setenforce 0

nginx-1.12.0.tar.gz

2. Install dependent packages

yum -y install pcre-devel zlib-devel gcc gcc-c++ make

3. Create and run users and groups
(the Nginx service program runs as nobody by default. It is recommended to create a special user account for it to more accurately control its access rights)

useradd -M -s /sbin/nologin nginx

4. Compile and install Nginx

cd /opt
tar zxvf nginx-1.12.0.tar.gz -C /opt/

cd nginx-1.12.0/
./configure \
--prefix=/usr/local/nginx \				      #Specify the installation path of nginx
--user=nginx \										#Specify user name
--group=nginx \										#Specify group name
--with-http_stub_status_module						#Enable http_stub_status_module module to support status statistics

make && make install

ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/		#Let the system recognize the operation commands of nginx

5. Check, start, restart and stop nginx service

nginx -t								#Check whether the configuration file is configured correctly
nginx							#start-up		
cat /usr/local/nginx/logs/nginx.pid		#First check the PID number of nginx
kill -3 <PID number>
kill -s QUIT <PID number>				#stop it
killall -3 nginx
killall -s QUIT nginx

kill -1 <PID number>					#heavy load
kill -s HUP <PID number>
killall -1 nginx
killall -s HUP nginx
#Log separator, reopen log file
kill -USR1 <PID number>
#Smooth upgrade
kill -USR2 <PID number>

6. Add Nginx system service
Method 1:

vim /etc/init.d/nginx
#!/bin/bash
#chkconfig: - 99 20
#description:Nginx Service Control Script
COM="/usr/local/nginx/sbin/nginx"
PID="/usr/local/nginx/logs/nginx.pid"
case "$1" in
start)
  $COM
;;

stop)
  kill -s QUIT $(cat $PID)
;;

restart)
  $0 stop
  $0 start
;;

reload)
  kill -s HUP $(cat $PID)
;;

*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1

esac
exit 0


chmod +x /etc/init.d/nginx
chkconfig --add nginx							#Add as system service
systemctl stop nginx
systemctl start nginx

Method 2:

vim /lib/systemd/system/nginx.service
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStart=/usr/local/nginx/sbin/nginx
ExecrReload=/bin/kill -s HUP $MAINPID
ExecrStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target

chmod 754 /lib/systemd/system/nginx.service
systemctl start nginx.service
systemctl enable nginx.service

2, Know the main configuration file of Nginx service Nginx conf

vim /usr/local/nginx/conf/nginx.conf 

① Global configuration

#user nobody; 					#Run the user. If it is not specified during compilation, it defaults to nobody
worker_processes 1; 			#Number of working processes, which can be configured as the number of server cores * 2
#error_log logs/error.log; 		#Location of the error log file
#pid logs/nginx.pid; 			#Location of PID file

② I/O event configuration

events {
    use epoll; 					#Using epoll model and system kernel of version 2.6 and above, it is recommended to use epoll model to improve performance
    worker_connections 4096; 	#Each process handles 4096 connections
}
#If you want to increase the number of connections per process, you also need to execute the command "ulimit -n 65535" to temporarily modify the maximum number of files that each local process can open at the same time.
#On the Linux platform, when dealing with highly concurrent TCP connections, the maximum number of concurrent connections is limited by the system to the number of files that can be opened by a single user process at the same time (this is because the system creates a socket handle for each TCP connection, and each socket handle is also a file handle).
#You can use ulimit -a command to view the limit of the number of files that the system allows the current user process to open

③ HTTP configuration

http {
	##File extension and file type mapping table
    include       mime.types;

	##Default file type
    default_type  application/octet-stream;

	##Log format setting
    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

	##Access log location
    #access_log  logs/access.log  main;

	##Support file sending (downloading)
    sendfile        on;
 	##This option allows or disables TCP using socke_ The option of cork (cache data before sending packets), which is only used when sendfile is used
    #tcp_nopush     on;

	##Connection hold timeout, in seconds
    #keepalive_timeout  0;
    keepalive_timeout  65;

	##Gzip module settings, setting whether to enable gzip compressed output
    #gzip  on;

##Listening configuration of Web Services
server {
	##Listening address and port
	listen 80; 
	##The site domain name can have multiple, separated by spaces
	server_name www.lic.com;

	##Default character set for web pages
	charset utf-8;

	##Root configuration
	location / {
	
		##Location of website root directory / usr/local/nginx/html
		root html;
	
		##Default home page file name
		index index.html index.htm;
	}

	##Feedback page for internal errors
	error_page 500 502 503 504 /50x.html;
	##Error page configuration
	location = /50x.html {
		root html;
	}
}
}

Windows access:

Add test:

verification

④ Log format setting

$remote_addr And $http_x_forwarded_for Used to record the of the client ip Address;
$remote_user: Used to record the client user name;
$time_local:  Used to record access time and time zone;
$request:  Used to record requests url And http agreement;
$status:  Used to record request status; Success is 200,
$body_bytes_sent : Record the size of the main content of the file sent to the client;
$http_referer: Used to record the information accessed from that page link;
$http_user_agent: Record the relevant information of the client browser;

usually web The server is placed behind the reverse proxy, so you can't get the information of the customer IP Address, through $remote_add Got it IP The address is the address of the reverse proxy server iP Address. The reverse proxy server is forwarding the request http Header information can be added x_forwarded_for Information to record the information of the original client IP Address and the server address requested by the original client.

location Common configuration instructions, root,alias,proxy_pass

root(Root path configuration): request www.lic.com/test，The file is returned/usr/local/nginx/html/test/index.html

alias(Alias configuration): request www.lic.com/test，Will return the file/usr/local/nginx/html/index.html

3, Access status statistics configuration

① First use the command / usr/local/nginx/sbin/nginx -V to check whether the installed Nginx contains HTTP_STUB_STATUS module

cd /usr/local/nginx/conf
cp nginx.conf nginx.conf.bak

② Modify nginx Conf configuration file, specify access location and add stub_status configuration

vim /usr/local/nginx/conf/nginx.conf
......
http {
......
	server {
		listen 80;
		server_name www.lic.com;
		charset utf-8;
		location / {
			root html;
			index index.html index.php;
		}
		##add to stub_status to configure##
		location /status { 					#The access location is / status
			stub_status on; 				#Turn on the status statistics function
			access_log off; 				#Turn off logging at this location
		}
	}
}

③ Restart the service and access the test

systemctl restart nginx
 Browser access http://192.168.184.30/status
Active connections : Indicates the current number of active connections;
server accepts handled requests : Represents the connection information that has been processed. The three numbers represent the number of connections that have been processed and the number of successful connections in turn TCP Number of handshakes, number of requests processed.

4, Authorization based access control

① Generate user password authentication file

yum install -y httpd-tools
htpasswd -c /usr/local/nginx/passwd.db zhangsan
chown nginx /usr/local/nginx/passwd.db
chmod 400 /usr/local/nginx/passwd.db

② Modify the directory corresponding to the main configuration file and add authentication configuration items

vim /usr/local/nginx/conf/nginx.conf
......
	server {
		location / {
			......
			##Add authentication configuration##
			auth_basic "secret";
			auth_basic_user_file /usr/local/nginx/passwd.db;
		}
	}

③ Restart the service and access the test

nginx -t
systemctl restart nginx

Browser access http://192.168.217.3 or www.wei.com com

5, Client based access control

The access control rules are as follows:

• deny IP/IP segment: deny client access to an IP or IP segment.
• allow IP/IP segment: allows client access to an IP or IP segment.
• The rule is executed from top to bottom. If it matches, it will stop and no longer match from bottom to top.

vim /usr/local/nginx/conf/nginx.conf
......
	server {
		location / {
			......
			##Add control rule##
			deny 192.168.217.13; 					#Access denied client IP
			allow all;								#Allow other IP clients to access
		}
	}

systemctl restart nginx

6, Domain name based Nginx virtual host

① Provide domain name resolution for virtual host

echo "192.168.17.33 www.wei.com www.accp.com" >> /etc/hosts

② Prepare web document for virtual host

mkdir -p /var/www/html/kgc
mkdir -p /var/www/html/accp
echo "<h1>www.kgc.com</h1>" > /var/www/html/kgc/index.html
echo "<h1>www.accp.com</h1>" > /var/www/html/accp/index.html

③ Modify the configuration file of Nginx

vim /usr/local/nginx/conf/nginx.conf
......
http {
......
	server {
		listen 80;
		server_name www.kgc.com;					#Set the domain name www.kgc.com com
		charset utf-8;
		access_log logs/www.kgc.access.log; 
		location / {
			root /var/www/html/lic;					#Set up www.lic.com Com working directory
			index index.html index.php;
		}
		error_page 500 502 503 504 /50x.html;
		location = 50x.html{
			root html;
		}
	}
	
	server {
		listen 80;
		server_name www.accp.com;					#Set the domain name www.accp.com com
		charset utf-8;
		access_log logs/www.accp.access.log; 
		location / {
			root /var/www/html/accp;
			index index.html index.php;
		}
		error_page 500 502 503 504 /50x.html;
		location = 50x.html{
			root html;
		}
	}	
}

④ Restart the service and access the test

systemctl restart nginx

7, IP based Nginx virtual host

ifconfig ens33:0 192.168.184.31 netmask 255.255.255.0 

vim /usr/local/nginx/conf/nginx.conf
......
http {
......
server {
		listen 192.168.184.30:80;					#Set listening address
		server_name www.lic.com;
		charset utf-8;
		access_log logs/www.lic.access.log; 
		location / {
			root /var/www/html/kgc;
			index index.html index.php;
		}
		error_page 500 502 503 504 /50x.html;
		location = 50x.html{
			root html;
		}
	}

server {
	listen 192.168.184.31:80;					#Set listening address
	server_name www.accp.com;
	charset utf-8;
	access_log logs/www.accp.access.log; 
	location / {
		root /var/www/html/accp;
		index index.html index.php;
	}
	error_page 500 502 503 504 /50x.html;
	location = 50x.html{
		root html;
	}
}	
}


systemctl restart nginx

8, Port based Nginx virtual host

vim /usr/local/nginx/conf/nginx.conf
......
http {
......
	server {
		listen 192.168.184.30:8080;					#Set listening 8080 port
		server_name www.lic.com;
		charset utf-8;
		access_log logs/www.lic.access.log; 
		location / {
			root /var/www/html/lic;
			index index.html index.php;
		}
		error_page 500 502 503 504 /50x.html;
		location = 50x.html{
			root html;
		}
	}

server {
	listen 192.168.217.3:8888;					#Set listening 8888 port
	server_name www.accp.com;
	charset utf-8;
	access_log logs/www.accp.access.log; 
	location / {
		root /var/www/html/accp;
		index index.html index.php;
	}
	error_page 500 502 503 504 /50x.html;
	location = 50x.html{
		root html;
	}
}