################## The following operations are configured on the nginx reverse proxy server ############ #######
1. Disable SELinux
Vi/etc/selinux/config
# SELINUX = enforcing # comment out
# SELINUXTYPE = targeted # comment out
SELINUX = disabled # Add
: Wq save, close.
Shutdown-r now restart the system
2. enable port 80 of the firewall
Vi/etc/sysconfig/iptables
Add the following content
-A input-m state -- state NEW-m tcp-p tcp -- dport 80-j ACCEPT
/Etc/init. d/iptables restart # restart the firewall to make the configuration take effect.
3. Install the compilation tool
Yum install wget make gcc-c ++ zlib-devel openssl-devel pcre-devel gd kernel keyutils patch perl
4. system conventions
Software source code package storage location:/usr/local/src
Source code package compilation and installation location:/usr/local/software name
5. Download Software
Cd/usr/local/src # enter the Directory
(1) download nginx (current stable version)
Wget http://nginx.org/download/nginx-1.0.12.tar.gz
(2) download pcre (support for nginx pseudo-static)
Wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.21.tar.gz
(2) download ngx_cache_purge (clear the specified URL cache)
Wget http://labs.frickle.com/files/ngx_cache_purge-1.5.tar.gz
6. Install pcre
Cd/usr/local/src
Mkdir/usr/local/pcre # create the installation directory
Tar zxvf pcre-8.21.tar.gz
Cd pcre-8.21
./Configure -- prefix =/usr/local/pcre # Configuration
Make
Make install
7. Install nginx
Groupadd www # Add a www Group
Useradd-g www-s/bin/false # create an nginx Running Account www and add it to the www group. www users are not allowed to log on to the system directly.
Cd/usr/local/src
Tar zxvf ngx_cache_purge-1.5.tar.gz
Tar zxvf nginx-1.0.12.tar.gz
Cd nginx-1.0.12
. /Configure -- prefix =/usr/local/nginx -- user = www -- group = www -- with-http_stub_status_module -- with-openssl =/usr/-- with-pcre =/usr/local/src /pcre-8.21 -- add-module = .. ngx_cache_purge-1.5
Note: -- with-pcre =/usr/local/src/pcre-8.21 points to the path of the source package decompression, rather than the installation path, otherwise an error will be reported
Make # compile
Make install # install
/Usr/local/nginx/sbin/nginx # Start nginx
Chown www. www-R/usr/local/nginx/html # Set the directory owner
Chmod 700-R/usr/local/nginx/html # Set Directory Permissions
Vi/etc/rc. d/init. d/nginx # Set nginx to enable startup and edit the Startup File to add the following content
========================================================== ====================
#! /Bin/bash
# Nginx Startup script for the Nginx HTTP Server
# It is v.0.0.2 version.
# Chkconfig:-85 15
# Description: Nginx is a high-performance web and proxy server.
# It has a lot of features, but it's not for everyone.
# Processname: nginx
# Pidfile:/var/run/nginx. pid
# Config:/usr/local/nginx/conf/nginx. conf
Nginxd =/usr/local/nginx/sbin/nginx
Nginx_config =/usr/local/nginx/conf/nginx. conf
Nginx_pid =/usr/local/nginx/logs/nginx. pid
RETVAL = 0
Prog = "nginx"
# Source function library.
./Etc/rc. d/init. d/functions
# Source networking configuration.
./Etc/sysconfig/network
# Check that networking is up.
[$ {NETWORKING} = "no"] & exit 0
[-X $ nginxd] | exit 0
# Start nginx daemons functions.
Start (){
If [-e $ nginx_pid]; then
Echo "nginx already running ...."
Exit 1
Fi
Echo-n $ "Starting $ prog :"
Daemon $ nginxd-c $ {nginx_config}
RETVAL =$?
Echo
[$ RETVAL = 0] & touch/var/lock/subsys/nginx
Return $ RETVAL
}
# Stop nginx daemons functions.
Stop (){
Echo-n $ "Stopping $ prog :"
Killproc $ nginxd
RETVAL =$?
Echo
[$ RETVAL = 0] & rm-f/var/lock/subsys/nginx/usr/local/nginx/logs/nginx. pid
}
Reload (){
Echo-n $ "Reloading $ prog :"
# Kill-HUP 'cat $ {nginx_pid }'
Killproc $ nginxd-HUP
RETVAL =$?
Echo
}
# See how we were called.
Case "$1" in
Start)
Start
Stop)
Stop
Reload)
Reload
Restart)
Stop
Start
;;
Status)
Status $ prog
RETVAL =$?
*)
Echo $ "Usage: $ prog {start | stop | restart | reload | status | help }"
Exit 1
Esac
Exit $ RETVAL
========================================================== ====================
: Wq! Save and exit
Chmod 775/etc/rc. d/init. d/nginx # grant the File Execution permission
Chkconfig nginx on # Set startup
/Etc/rc. d/init. d/nginx restart
Service nginx restart
8. Configure nginx
Cp/usr/local/nginx/conf/nginx. conf/usr/local/nginx/conf/nginx. confbak # back up the nginx configuration file
(1) set the nginx Running Account
Vi/usr/local/nginx/conf/nginx. conf # Edit
Find user nobody; change
User www; # In the first line
(2) Disable nginx from NULL Host Headers
Vi/usr/local/nginx/conf/nginx. conf # Edit
Find the server and add the following content to the above line:
##############################
Server {
Listen 80 default;
Server_name _;
Location /{
Root html;
Return 404;
}
Location ~ /. Ht {
Deny all;
}
}
##############################
/Etc/rc. d/init. d/nginx restart # restart nginx
In this way, the nginx404 error page is directly redirected to the access with an empty Host header.
(3) add nginx VM files
Cd/usr/local/nginx/conf/# enter the nginx installation directory
Mkdir vhost # create a virtual directory
Vi/usr/local/nginx/conf/nginx. conf # Edit
Find the code added in the previous step and add the following content at the end:
Include vhost/*. conf;
For example:
##############################
Server {
Listen 80 default;
Server_name _;
Location /{
Root html;
Return 404;
}
Location ~ /. Ht {
Deny all;
}
}
Include vhost/*. conf;
##############################
(4) Add the proxy_cache parameter configuration file
Cd/usr/local/nginx/conf/# enter the Directory
Touch proxy. conf # create a file
Vi/usr/local/nginx/conf/nginx. conf # Edit
Locate http {and add a line below
Include proxy. conf;
(5) add files contained in the proxy server list
Cd/usr/local/nginx/conf/# enter the Directory
Touch mysvrhost. conf # create a file
Vi/usr/local/nginx/conf/nginx. conf # Edit
Locate the code added in the previous step and add a line below
Include mysvrhost. conf;
(6) set nginx global Parameters
Vi/usr/local/nginx/conf/nginx. conf # Edit
Worker_processes 2; # Number of worker processes, which is the number of CPU cores or twice
Events
{
Use epoll; # Add
Worker_connections 65535; # change to 65535, the maximum number of connections.
}
############ Add and modify the following code in http ##############
Server_names_hash_bucket_size 128; # Add
Client_header_buffer_size 32 k; # increase
Large_client_header_buffers 4 32 k; # increase
Client_max_body_size 300 m; # increase
Tcp_nopush on; # change to on
Keepalive_timeout 60; # change to 60
Tcp_nodelay on; # Add
Server_tokens off; # added. nginx version information is not displayed.
Gzip on; # change to on
Gzip_min_length 1 k; # increase
Gzip_buffers 4 16 k; # increase
Gzip_http_version 1.1; # Add
Gzip_comp_level 2; # Add
Gzip_types text/plain application/x-javascript text/css application/xml; # Add
Gzip_vary on; # Add
(7) Configure proxy_cache Parameters
Cd/home # enter the Directory
Mkdir-p/home/proxy_temp_dir # proxy_temp_dir and proxy_cache_dir must be in the same partition.
Mkdir-p/home/proxy_cache_dir # The two folders proxy_cache_dir and proxy_temp_dir must be in the same partition.
Chown www. www-R proxy_cache_dir proxy_temp_dir # Set the directory owner
Chmod-R 777 proxy_cache_dir proxy_temp_dir # Set Directory Permissions
System O & M www.osyunwei.com reminder: qihang01 original content is copyrighted. Please indicate the source and original text chain for reprinting.
Cd/usr/local/nginx/conf/# enter the Directory
Vi proxy. conf # edit and add the following code
Proxy_temp_path/home/proxy_temp_dir; # specify the temporary file directory
Proxy_cache_path/home/proxy_cache_dir levels = keys_zone = cache_one: 50 m inactive = 1d max_size = 1g;
# Set the name of the Web cache area to cache_one, and the memory cache to 50 MB. Files not accessed within one day are automatically cleared, and the hard disk cache is 1 GB.
Client_body_buffer_size 512 k; # increase the maximum number of bytes requested by the buffer Proxy Buffer Client
Proxy_connect_timeout 60; # increase the timeout time for connecting to the backend server
Proxy_read_timeout 60; # increase the backend server response request timeout time
Proxy_send_timeout 60; # increase the data sending timeout time of the backend server
Proxy_buffer_size 32 k; # increase the cache size of proxy requests
Proxy_buffers 4 64 k; # increase
Proxy_busy_buffers_size 128 k; # increase the proxy_buffers size that can be applied when the system is busy
Proxy_temp_file_write_size 128 k; # increase the size of the proxy cache temporary file
Proxy_next_upstream error timeout invalid_header http_500 http_503 http_404; # Add failover. If the backend server returns errors such as 502, 504, and execution timeout, requests are automatically forwarded to another server in the upstream Server Load balancer pool for failover. Proxy_cache cache_one; # Add and use the web cache zone cache_one
(8) set the list of files on the Proxy Server
Cd/usr/local/nginx/conf/# enter the Directory
Vi mysvrhost. conf # edit and add the following code:
Upstream osyunweihost {
Server 192.168.21.129: 80 weight = 1 max_fails = 2 fail_timeout = 30 s;
}
(9) create a VM configuration file
Cd/usr/local/nginx/conf/vhost # enter the virtual host directory
Touch www.osyunwei.com. conf # create a VM configuration file
Vi www.osyunwei.com. conf # Edit
Server {
Listen 80;
Server_name www.osyunwei.com osyunwei.com;
Location/
{
Proxy_pass http: // osyunweihost;
Proxy_cache_key $ host $ uri $ is_args $ args; # Add the key value for setting the web cache. nginx stores the cache based on the md5 hash of the key value.
Proxy_set_header Host $ host;
Proxy_set_header X-Forwarded-For $ remote_addr;
Proxy_cache_valid 200 304 12 h;
Expires 2d;
}
Location ~ . * \. (Php | jsp | cgi | asp | aspx | flv | swf | xml )? $ # The listed extension files are not cached.
{
Proxy_set_header Host $ host;
Proxy_set_header X-Forwarded-For $ remote_addr;
Proxy_pass http: // osyunweihost;
}
Access_log off;
}
Location ~ /Purge (/. *) # used to clear the cache
{
Allow 127.0.0.1;
Allow 192.168.21.0/24; # Only the specified IP address or IP segment is allowed to clear the URL cache.
Deny all;
Proxy_cache_purge cache_one $ host $1 $ is_args $ args;
}
################## The above operations are configured on the nginx reverse proxy server ############ #######
9. Instructions for using ngx_cache_pure to clear cache modules
Note: According to the configuration, only hosts with IP segments 192.168.21.0/24 can clear the URL cache. Currently, the Client IP address I use is 192.168.21.130, With the permission to clear the URL cache.
1. browse image files: http://www.osyunwei.com/images/nopic.gif
2. Purge this File Cache: http://www.osyunwei.com/purge/images/nopic.gif
Tip: Successful purge. The cached file is successfully cleared. If the file has Not been cached, the message 404 Not Found is displayed.
Note:
1. purge is the ngx_cache_pure module instruction
2. images/nopic.gif is the URL path of the cached file to be cleared.
Now, the tutorial on configuring the CDN server using Nginx reverse proxy and proxy_cache cache is complete.
Attachment:
1. nginx configuration file/usr/local/nginx/conf/nginx. conf
user www www; worker_processes 2; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { use epoll; worker_connections 65535; } http { include proxy.conf; include mysvrhost.conf; include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 300m; sendfile on; tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 60; tcp_nodelay on; server_tokens off; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.1; gzip_comp_level 2; gzip_types text/plain application/x-javascript text/css application/xml; gzip_vary on; server { listen 80 default; server_name _; location / { root html; return 404; } location ~ /.ht { deny all; } } include vhost/*.conf; }
2. list file/usr/local/nginx/conf/mysvrhost. conf on the Proxy Server
upstream osyunweihost { server 192.168.21.129:80 weight=1 max_fails=2 fail_timeout=30s; }
3. proxy_cache parameter configuration file/usr/local/nginx/conf/proxy. conf
proxy_temp_path /home/proxy_temp_dir; proxy_cache_path /home/proxy_cache_dir levels=1:2 keys_zone=cache_one:500m inactive=1d max_size=30g; client_body_buffer_size 512k; proxy_connect_timeout 60; proxy_read_timeout 60; proxy_send_timeout 60; proxy_buffer_size 32k; proxy_buffers 4 64k; proxy_busy_buffers_size 128k; proxy_temp_file_write_size 128k; proxy_next_upstream error timeout invalid_header http_500 http_503 http_404; proxy_cache cache_one;
4. VM configuration file/usr/local/nginx/conf/vhost/www.osyunwei.com. conf
server { listen 80; server_name www.osyunwei.com osyunwei.com; location / { proxy_pass http://osyunweihost; proxy_cache_key $host$uri$is_args$args; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; proxy_cache_valid 200 304 12h; expires 2d; } location ~ /purge(/.*) { allow 127.0.0.1; allow 192.168.21.0/24; deny all; proxy_cache_purge cache_one $host$1$is_args$args; } location ~ .*\.(php|jsp|cgi|asp|aspx|flv|swf|xml)?$ { proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; proxy_pass http://osyunweihost; } access_log off; }
Additional reading:
######################################## #########################
Nginx version modification and other information
Vi/usr/local/src/nginx-1.0.12/src/core/nginx. h # compile before editing
# Define nginx_version
# Define NGINX_VERSION
# Define NGINX_VER
# Define NGINX_VAR
Modify the above information to change the nginx display version.
Vi/usr/local/src/http/ngx_http_special_response.c # edit before Compilation
Static u_char ngx_http_error_full_tail [] =
Static u_char ngx_http_error_tail [] =
Modify the above information for your own.
######################################## #########################
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
