catalogue
1, Compilation and installation of Nginx
1. Turn off the firewall and the software package required by nginx to the / opt directory
3. Create running users and groups
5. Check, start, restart and stop nginx service
II. Know the main configuration file Nginx of Nginx service conf
III. access status statistics configuration
2. Modify nginx Conf configuration file, specify access location and add stub_status configuration
3. Restart the service and access the test
IV. authorization based access control
1. Generate user password authentication file
3. Restart the service and access the test
V. client based access control
6, Domain name based Nginx virtual host
1. Provide domain name resolution for virtual host
2. Prepare web documents for the virtual host
3. Modify the configuration file of Nginx
4. Restart the service and access the test
VII. IP based Nginx virtual host
VIII. Port based Nginx virtual host
Nginx website service
A high-performance, lightweight Web service software
High stability
Low system resource consumption
High processing capacity for HTTP concurrent connections
A single physical server can support 30000 ~ 50000 concurrent requests
1, Compilation and installation of Nginx
1. Turn off the firewall and the software package required by nginx to the / opt directory
systemctl stop firewalld systemctl disable firewalld setenforce 0 nginx-1.12.0.tar.gz
2. Install dependent packages
yum -y install pcre-devel zlib-devel gcc gcc-c++ make
3. Create running users and groups
(the Nginx service program runs as nobody by default. It is recommended to create a special user account for it to more accurately control its access rights)
useradd -M -s /sbin/nologin nginx
4. Compile and install Nginx
cd /opt tar zxvf nginx-1.12.0.tar.gz -C /opt/ cd nginx-1.12.0/ ./configure \ --prefix=/usr/local/nginx \ #Specify the installation path of nginx --user=nginx \ #Specify user name --group=nginx \ #Specify group name --with-http_stub_status_module #Enable http_stub_status_module module to support status statistics make && make install ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/ #Let the system recognize the operation commands of nginx
5. Check, start, restart and stop nginx service
nginx -t #Check whether the configuration file is configured correctly nginx #start-up cat /usr/local/nginx/logs/nginx.pid #First check the PID number of nginx kill -3 <PID number> kill -s QUIT <PID number> #stop it killall -3 nginx killall -s QUIT nginx kill -1 <PID number> #heavy load kill -s HUP <PID number> killall -1 nginx killall -s HUP nginx #Log separator, reopen log file kill -USR1 <PID number> #Smooth upgrade kill -USR2 <PID number>
6. Add Nginx system service
Method 1:
vim /etc/init.d/nginx #!/bin/bash #chkconfig: - 99 20 #description:Nginx Service Control Script COM="/usr/local/nginx/sbin/nginx" PID="/usr/local/nginx/logs/nginx.pid" case "$1" in start) $COM ;; stop) kill -s QUIT $(cat $PID) ;; restart) $0 stop $0 start ;; reload) kill -s HUP $(cat $PID) ;; *) echo "Usage: $0 {start|stop|restart|reload}" exit 1 esac exit 0 chmod +x /etc/init.d/nginx chkconfig --add nginx #Add as system service systemctl stop nginx systemctl start nginx
Method 2:
vim /lib/systemd/system/nginx.service [Unit] Description=nginx After=network.target [Service] Type=forking PIDFile=/usr/local/nginx/logs/nginx.pid ExecStart=/usr/local/nginx/sbin/nginx ExecrReload=/bin/kill -s HUP $MAINPID ExecrStop=/bin/kill -s QUIT $MAINPID PrivateTmp=true [Install] WantedBy=multi-user.target chmod 754 /lib/systemd/system/nginx.service systemctl start nginx.service systemctl enable nginx.service
II. Know the main configuration file Nginx of Nginx service conf
vim /usr/local/nginx/conf/nginx.conf
1. Global configuration
#user nobody; #Run the user. If it is not specified during compilation, it defaults to nobody worker_processes 1; #Number of working processes, which can be configured as the number of server cores * 2 #error_log logs/error.log; #Location of the error log file #pid logs/nginx.pid; #Location of PID file
2. I/O event configuration
events { use epoll; #Using epoll model and system kernel of version 2.6 and above, it is recommended to use epoll model to improve performance worker_connections 4096; #Each process handles 4096 connections } #If you want to increase the number of connections per process, you also need to execute the command "ulimit -n 65535" to temporarily modify the maximum number of files that each local process can open at the same time. #On the Linux platform, when dealing with highly concurrent TCP connections, the maximum number of concurrent connections is limited by the system to the number of files that can be opened by a single user process at the same time (this is because the system creates a socket handle for each TCP connection, and each socket handle is also a file handle). #You can use ulimit -a command to view the limit of the number of files that the system allows the current user process to open
3. HTTP configuration
http { ##File extension and file type mapping table include mime.types; ##Default file type default_type application/octet-stream; ##Log format setting #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; ##Access log location #access_log logs/access.log main; ##Support file sending (downloading) sendfile on; ##This option allows or disables TCP using socke_ The option of cork (cache data before sending packets), which is only used when sendfile is used #tcp_nopush on; ##Connection hold timeout, in seconds #keepalive_timeout 0; keepalive_timeout 65; ##Gzip module settings, setting whether to enable gzip compressed output #gzip on; ##Listening configuration of Web Services server { ##Listening address and port listen 80; ##The site domain name can have multiple, separated by spaces server_name www.lic.com; ##Default character set for web pages charset utf-8; ##Root configuration location / { ##Location of website root directory / usr/local/nginx/html root html; ##Default home page file name index index.html index.htm; } ##Feedback page for internal errors error_page 500 502 503 504 /50x.html; ##Error page configuration location = /50x.html { root html; } } }
Access with Firefox browser
4. Log format setting:
$remote_addr And $http_x_forwarded_for Used to record the of the client ip Address; $remote_user: Used to record the client user name; $time_local: Used to record access time and time zone; $request: Used to record requests url And http agreement; $status: Used to record request status; Success is 200, $body_bytes_sent : Record the size of the main content of the file sent to the client; $http_referer: Used to record the information accessed from that page link; $http_user_agent: Record the relevant information of the client browser; usually web The server is placed behind the reverse proxy, so you can't get the information of the customer IP Address, through $remote_add Got it IP The address is the address of the reverse proxy server iP Address. The reverse proxy server is forwarding the request http Header information can be added x_forwarded_for Information to record the information of the original client IP Address and the server address requested by the original client.
location Common configuration instructions, root,alias,proxy_pass root(Request path): root www.lic.com/test,The file is returned/usr/local/nginx/html/test/index.html alias(Alias configuration): request www.lic.com/test,The file is returned/usr/local/nginx/html/index.html
III. access status statistics configuration
1. First use the command / usr/local/nginx/sbin/nginx -V to check whether the installed Nginx contains HTTP_STUB_STATUS module
2. Modify nginx Conf configuration file, specify access location and add stub_status configuration
cd /usr/local/nginx/conf cp nginx.conf nginx.conf.bak vim /usr/local/nginx/conf/nginx.conf ...... http { ...... server { listen 80; server_name www.lic.com; charset utf-8; location / { root html; index index.html index.php; } ##add to stub_status to configure## location /status { #The access location is / status stub_status on; #Turn on the status statistics function access_log off; #Turn off logging at this location } } }
3. Restart the service and access the test
systemctl restart nginx
Browser access http://192.168.184.30/status
Active connections: indicates the current number of active connections;
server accepts handled requests: indicates the connection information that has been processed. The three numbers in turn indicate the number of connections that have been processed, the number of successful TCP handshakes, and the number of requests that have been processed.
IV. authorization based access control
1. Generate user password authentication file
yum install -y httpd-tools htpasswd -c /usr/local/nginx/passwd.db zhangsan chown nginx /usr/local/nginx/passwd.db chmod 400 /usr/local/nginx/passwd.db
2. Modify the directory corresponding to the main configuration file and add authentication configuration items
vim /usr/local/nginx/conf/nginx.conf ...... server { location / { ...... ##Add authentication configuration## auth_basic "secret"; auth_basic_user_file /usr/local/nginx/passwd.db; } }
3. Restart the service and access the test
nginx -t systemctl restart nginx Browser access http://192.168.184.30 or www.lic com
V. client based access control
The access control rules are as follows:
deny IP/IP segment: deny client access to an IP or IP segment.
allow IP/IP segment: allows client access to an IP or IP segment.
The rule is executed from top to bottom. If it matches, it will stop and no longer match from bottom to top.
vim /usr/local/nginx/conf/nginx.conf ...... server { location / { ...... ##Add control rule## deny 192.168.184.31; #Access denied client IP allow all; #Allow other IP clients to access } } systemctl restart nginx
6, Domain name based Nginx virtual host
1. Provide domain name resolution for virtual host
echo "192.168.184.10 www.lic.com www.accp.com" >> /etc/hosts
2. Prepare web documents for the virtual host
mkdir -p /var/www/html/lic mkdir -p /var/www/html/accp echo "<h1>www.lic.com</h1>" > /var/www/html/lic/index.html echo "<h1>www.accp.com</h1>" > /var/www/html/accp/index.html
3. Modify the configuration file of Nginx
vim /usr/local/nginx/conf/nginx.conf ...... http { ...... server { listen 80; server_name www.lic.com; #Set the domain name www.lic com charset utf-8; access_log logs/www.lic.access.log; location / { root /var/www/html/lic; #Set up www.lic.com Com working directory index index.html index.php; } error_page 500 502 503 504 /50x.html; location = 50x.html{ root html; } } server { listen 80; server_name www.accp.com; #Set the domain name www.accp.com com charset utf-8; access_log logs/www.accp.access.log; location / { root /var/www/html/accp; index index.html index.php; } error_page 500 502 503 504 /50x.html; location = 50x.html{ root html; } } }
4. Restart the service and access the test
systemctl restart nginx
Browser access
http://www.lic.com
http://www.benet.com
VII. IP based Nginx virtual host
ifconfig ens33:0 192.168.184.31 netmask 255.255.255.0 vim /usr/local/nginx/conf/nginx.conf ...... http { ...... server { listen 192.168.184.30:80; #Set listening address server_name www.lic.com; charset utf-8; access_log logs/www.lic.access.log; location / { root /var/www/html/kgc; index index.html index.php; } error_page 500 502 503 504 /50x.html; location = 50x.html{ root html; } } server { listen 192.168.184.31:80; #Set listening address server_name www.accp.com; charset utf-8; access_log logs/www.accp.access.log; location / { root /var/www/html/accp; index index.html index.php; } error_page 500 502 503 504 /50x.html; location = 50x.html{ root html; } } } systemctl restart nginx
Browser access
http://192.168.184.30
http://192.168.184.31
VIII. Port based Nginx virtual host
vim /usr/local/nginx/conf/nginx.conf ...... http { ...... server { listen 192.168.184.30:8080; #Set listening 8080 port server_name www.lic.com; charset utf-8; access_log logs/www.lic.access.log; location / { root /var/www/html/lic; index index.html index.php; } error_page 500 502 503 504 /50x.html; location = 50x.html{ root html; } } server { listen 192.168.184.30:8888; #Set listening 8888 port server_name www.accp.com; charset utf-8; access_log logs/www.accp.access.log; location / { root /var/www/html/accp; index index.html index.php; } error_page 500 502 503 504 /50x.html; location = 50x.html{ root html; } }
systemctl restart nginx
Browser access
http://192.168.184.30:8080
http://192.168.184.30:8888