Preface
?? Because the applet wants to use HTTPS, it cannot modify the configuration that is already wired. So the simplest way is to use nginx forwarding, use HTTPS on Nginx, and then forward to the internal server. Nginx due to its excellent performance. A 4-core 16GB of memory is fully capable of supporting the daily million PV level of access.
Basic knowledge
?? Nginx because of the use of the Epoll model, requires that the Linux kernel must be above 2.6.
Use Uname-a to view the Linux kernel version, as shown in CentOS 6.5:
Linux vm_26_145_centos 2.6.32-504.30.3.el6.x86_64 #1 SMP Wed Jul 10:13:09 UTC x86_64 x
Download
Three types of versions are available on the Nginx website:
Mainline Version:mainline is the current main version of Nginx, can be said to be a development version
Stable version: The latest stable edition, recommended versions for production environments
Legacy versions: Legacy old version of stable version
Compiling and installing
Nginx relies on the following modules:
Gzip module requires ZLIB library and its development environment
Rewrite module requires PCRE Library and development environment
The SSL feature requires the OpenSSL library and development environment, as well as the Yum install-y gcc-c++ environment.
Take the gzip module as an example to see if the following modules are installed:
Rpm-qa |grep zlib
If not installed, then the Yum install Zlib zlib-devel.
?? Make is used to compile, it reads the instruction from the makefile, and then compiles. The make install is used to install, and it also reads instructions from makefile and installs to the specified location.
The simplest compile-and-install Nginx
The tar zxvf nginx-1.10.2.tar.gz after decompression into
[Email Protected]_26_145_centos nginx-1.10.2]#./configure
[[Email Protected]_26_145_centos nginx-1.10.2]# Make
[Email protected]_26_145_centos nginx-1.10.2]# make install
?. /configure is used to check the installation environment of this machine. After the Configure phase is over, the following information will appear:
Configuration Summary
- using System PCRE Library
- OpenSSL Library is not used
- md5:using System Crypto Library
- sha1:using system Crypto library
-
Using System zlib Lib Rary
Nginx path prefix: "/usr/local/nginx"
Nginx binary file: "/usr/local/nginx/sbin/nginx"
Nginx Configuration prefix: "/usr/local/nginx/conf"
Nginx configuration file: "/usr/local/nginx/conf/nginx.conf"
Nginx pid file: "/usr/local/nginx/logs/nginx.pid"
Nginx error log file: "/usr/local/nginx/logs/error.log"
Nginx HTTP access log file: "/usr/local/nginx/logs/access.log"
Nginx HTTP client request body Temporary files: "Client_body_ Temp "
Nginx http proxy temporary files:" proxy_temp "
Nginx http fastcgi temporary files:" fastcgi_temp "
Nginx HT TP Uwsgi Temporary files: "uwsgi_temp"
Nginx http scgi temporary files: "scgi_temp"
You can see the default installation directory and some basic configuration.
Start
?? Nginx default to 80 port, before directly starting Nginx, first check whether the 80 port is occupied, using fuser-n TCP 80 or Netstat-pan | grep:80 See if Port 80 is occupied. This assumes that it is not occupied and then enters the/usr/local/nginx (the default installation directory mentioned above) directory:
[Email protected]_26_145_centos nginx]# sbin/nginx-c conf/nginx.conf
Nginx Configuration
In/usr/local/nginx/conf (the default configuration), there is a nginx.conf file. The code for NGINX.CONF is this:
User nobody;
Worker_processes 1;
#error_log Logs/error.log;
#error_log Logs/error.log Notice;
#error_log Logs/error.log Info;
#pid Logs/nginx.pid;
Events {
Worker_connections 1024;
}
HTTP {
Include Mime.types;
Default_type Application/octet-stream;
#log_format Main ' $remote _addr-$remote _user [$time _local] "$request" ' # ' $status $body _bytes_sent "$h Ttp_referer "' # '" $http _user_agent "" $http _x_forwarded_for "; #access_log logs/access.log Main;sendfile On, #tcp_nopush on; #keepalive_timeout 0;keepalive_timeout; #gzip on;server {Listen 80; server_name localhost; #charset Koi8-r; #access_log Logs/host.access.log Main; Location/{root HTML; Index index.html index.htm; } #error_page 404/404.html; # REDIRECT Server error pages to the static page/50x.html # Error_page 502 503 504/50x.html; Location =/50x.html {root html; } # Proxy The PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ {# Proxy_pass/http/ 127.0.0.1; #} # Pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ {# root html# Fastcgi_pass 127.0.0.1:9000; # Fastcgi_index index.php; # Fastcgi_param Script_filename/scripts$fastcgi_script_name; # include Fastcgi_params; #} # Deny access to. htaccess files, if Apache ' s document Root # concurs with Nginx ' s one # #location ~/\.ht {# Deny All; #}}# Another virtual host using mix of ip-, name-, and port-based configuration# #server {# listen 8000;# liste n somename:8080;# server_name somename alias another.alias;# location/{# root html;# Inde x index.html index.htm;#}#}# HTTPS server# #server {# Listen 443 ssl;# server_name localhost;# ssl_cer Tificate cert.pem;# ssl_certificate_key cert.key;# ssl_session_cache shared:ssl:1m;# ssl_session_timeout 5m;# ssl_ciphers high:!anull:! md5;# ssl_prefer_server_ciphers on;# location/{# root html;# index index.html index.htm;#}#}
}
Delete unnecessary files, the basic file type is like this:
User nobody;
Worker_processes 1;
#error_log Logs/error.log;
#error_log Logs/error.log Notice;
#error_log Logs/error.log Info;
#pid Logs/nginx.pid;
Events {
Worker_connections 1024;
}
HTTP {
Include Mime.types;
Default_type Application/octet-stream;
#log_format Main ' $remote _addr-$remote _user [$time _local] "$request" '
' $status $body _bytes_sent ' $http _referer '
# ‘"$http_user_agent" "$http_x_forwarded_for"‘;#access_log logs/access.log main;sendfile on;#tcp_nopush on;#keepalive_timeout 0;keepalive_timeout 65;#gzip on;server { listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / { root html; index index.html index.htm; }}
}
? Notice the topmost log configuration? The configuration that is set at the top takes effect globally. But the submodule can overwrite it. Top Log configuration:
Error_log/disk/nginx/logs/error.log;
Accsess_log remove Mian. Main represents the name of the user-defined log format. Currently not set. **
Suppose the developer changes the nginx.conf configuration to test whether the nginx.conf is legitimate:
[Email Protected]_220_53_centos nginx]# sbin/nginx-t-C conf/nginx.conf
Nginx:the configuration file/usr/local/nginx/conf/nginx.conf syntax is OK
Nginx:configuration file/usr/local/nginx/conf/nginx.conf Test is successful
Diagram of Nginx configuration file Schema:
# # #https
?? A compile-time SSL module is required during the compile phase:./configure--with-http_ssl_module
Current limit
Limit_req_zone $binary _remote_addr zone=perip:10m rate=1r/s;
Limit_req_zone $server _name zone=perserver:10m rate=10r/s;
server {
...
Limit_req Zone=perip burst=5 Nodelay;
Limit_req Zone=perserver burst=10;
}
Note that the configuration in HTTP needs to be introduced in the server later.
Burst the amount of data that can be accessed in a second. Burst equivalent to an authorization token, every second in each query, the current burst-1, the end of the query, burst+1;
If burst is 0 o'clock, it cannot be accessed.
**> public class Testnginx {
@Testpublic void testMobileIsUsed() { for (int i = 0; i < 100; i++) { HttpResponse response = HttpRequest.get("http://123.206.18.37:8088/").send(); if (response.statusCode() != 200) { assertEquals(1, 0); } System.out.println(response.bodyText()); }}
}
?? As you can see, it's basically 1 seconds back.
Instance configuration:
#user nobody;
Worker_processes 1;
Error_log/disk/nginx/logs/error.log;
#error_log Logs/error.log Notice;
#error_log Logs/error.log Info;
PID Logs/nginx.pid;
Events {
Worker_connections 2048;
}
HTTP {
Include Mime.types;
Default_type Application/octet-stream;
Access_log/disk/nginx/logs/host.access.log;
Sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
Keepalive_timeout 65;
#gzip on; limit_req_zone $binary_remote_addr zone=perip:10m rate=1r/s; limit_req_zone $server_name zone=perserver:10m rate=10r/s;# HTTPS serverserver { limit_req zone=perip burst=5 nodelay;//限流配置 limit_req zone=perserver burst=10; listen 443; server_name mp.baidu.com; ssl on; ssl_certificate 1_mp.baidu.com_bundle.crt; ssl_certificate_key 2_mp.baidu.com.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; location / { root html; index index.html index.htm; proxy_pass http://10.105.26.210; //直接转发 }}
}
10 minutes-nginx Get started to live