Install Nginx in CentOS and implement web functions

NginxInstall and implement web functions

Nginx is a web server tool developed by Russians. It is mainly a server that implements reverse proxy acceleration for the third largest portal website in Russia. Nginx can only implement reverse proxy acceleration for http and mail servers, but its speed is much faster than reverse proxy acceleration implemented by squid and varnish, Which is incomparable.

NginxDifferences from apache:

Apache uses processes to process user requests. If the prefork mpms mechanism is used, apache maintains eight idle sub-processes at every moment. When there are too many user requests, many processes are started, occupying a large amount of memory, and the efficiency is lower than that of nginx. the maximum number of concurrent connection requests per second cannot exceed 3000. However, apache is very stable. When a process dies, it will not affect other users. While nginx uses threads to process user requests, while threads share the memory. nginx only needs to enable a small number of processes and multiple threads can share the memory of the process, occupying a small amount of memory, nginx adopts the epoll mechanism (Active event notification mechanism). The maximum number of concurrent connection requests per second can reach 50000 theoretically. However, nginx has poor stability. When a process dies, it will affect the use of multiple users.

If you don't talk about it, use nginx to implement web functions:

Environment: rhel 5.4

Software: nginx-1.5.4.tar.gz

Libevent-2.0.16-stable.tar.gz because nginx uses the epoll mechanism requires the support of the event Library

Library where pcre-devel-6.6-2.el5_1.7.i386.rpm supports regular expressions

To build an environment that supports nginx, first install pcre-devel and libevent:

[Root @ localhostServer] # rpm-ivh pcre-devel-6.6-2.el5_1.7.i386.rpm

[Root @ localhost ~] # Tar-zxvf libevent-2.0.16-stable.tar.gz-C/usr/local/src/

[Root @ localhost ~] # Cd/usr/local/src/libevent-2.0.16-stable/

[Root@localhostlibevent-2.0.16-stable] #./configure -- prefix =/usr/local/libevent

[Root@localhostlibevent-2.0.16-stable] # make & make install

[Root@localhostlibevent-2.0.16-stable] # cd/usr/local/libevent/

To enable other programs to call the libevent header file and library file, we need to perform the following operations:

[Root @ localhostlibevent] # ln-s/usr/local/libevent/include/usr/include/libevent

[Root @ localhostlibevent] # The content of vim/etc/ld. so. conf. d/libevent. conf is as follows:

[Root @ localhostlibevent] # ldconfig

To install nginx, We need to disassemble the configuration and install the source code:

As nginx is a system service and a system account is required to run this service, we need to create a system account nginx

[Root @ localhost ~] # Groupadd nginx

[Root @ localhost ~] # Useradd-r-g nginx-s/sbin/nologin-M nginx

[Root @ localhost ~] # Tar-zxvf nginx-1.5.4.tar.gz-C/usr/local/src/

[Root @ localhost ~] # Cd/usr/local/src/nginx-1.5.4/

[Root@localhostnginx-1.5.4] #./configure \

> -- Conf-path =/etc/nginx. conf \

> -- Error-log-path =/var/log/nginx/error. log \

> -- Http-log-path =/var/log/nginx/access. log \

> -- Pid-path =/var/run/nginx. pid \

> -- Lock-path =/var/lock/nginx. lock \

> -- User = nginx \

> -- Group = nginx \

-- With-http_ssl_module \

-- With-http_flv_module \

-- With-http_stub_status_module \

-- With-http_gzip_static_module \

> -- Http-client-body-temp-path =/var/tmp/nginx/client /\

> -- Http-proxy-temp-path =/var/tmp/nginx/proxy /\

> -- Http-fastcgi-temp-path =/var/tmp/nginx/fcgi /\

> -- With-pcre

[Root@localhostnginx-1.5.4] # make & make install

After the installation is complete, the following two directories are generated under the installation directory:

Then create the/var/tmp/nginx/client,/var/tmp/nginx/proxy,/var/tmp/nginx/fcgi directory:

[Root @ localhost ~] # Mkdir-pv/var/tmp/nginx/client

[Root @ localhost ~] # Mkdir-pv/var/tmp/nginx/proxy

[Root @ localhost ~] # Mkdir-pv/var/tmp/nginx/fcgi

Add the following statement to the/etc/profile environment file and then use the./etc/profile command to re-read the environment file to make the modified content take effect:

To facilitate management, we need to write nginx control scripts. The control scripts of General programs are stored in/etc/init. d/directory, So we create an nginx file in this directory and modify its permissions to execute nginx as follows:

#! /Bin/bash

# Chkconfig: 2345 65 45

# Description: nginx serverdaemon

Prog =/usr/local/nginx/sbin/nginx

Lockfile =/var/lock/nginx. lock

Pidfile =/var/run/nginx. pid

Space = 'echo "\ t "'

Start (){

[-F $ lockfile] & echo "nginx is started." & exit

Echo-n "nginx is starting .."

Sleep 1 & echo-n "."

$ Prog & echo-e "$ space [\ 033 [32 m OK \ 033 [0 m]" & touch $ lockfile | echo-e "$ space [\ 033 [31 m failed \ 033 [0 m]"

}

Stop (){

[! -F $ lockfile] & echo "nginx is stopped." & exit

Echo-n "nginx is stopping .."

Sleep 1 & echo-n "."

$ Prog-s stop & echo-e "$ space [\ 033 [32 m OK \ 033 [0 m]" & rm-f $ lockfile | echo-e" $ space [\ 033 [31 m failed \ 033 [0 m]"

}

Status (){

[! -F $ pidfile] & echo "nginx is stoped" | echo "'cat $ pidfile ', nginx is running"

}

Case "$1" in

Start)

Start

;;

Stop)

Stop

;;

Restart)

Stop

Start

;;

Status)

Status

;;

*)

Echo "uasge is: start | stop | restart | status"

;;

Esac

Now you can run chkconfig-add nginx to manage chkconfig. You can also use chkconfig-list nginx to check the level of enable and disable nginx services.

Start the nginx service. visit http: // 192.168.2.10:

It indicates that the web can run normally. Of course, the web server implemented by nginx is the same as the web server implemented by apache. It can also be used as a virtual site based on virtual directories, host headers, and IP addresses.

IP address-based virtual site implementation:

To achieve the purpose of the experiment, configure another temporary address for our linux host.

[Root @ localhost ~] # Ifconfig eth0: 0 192.168.2.20

Modify the nginx configuration file as follows:

Server {

Listen 192.168.2.10: 80;

Server_name localhost;

Access_log/var/log/nginx/access. log;

Error_log/var/log/nginx/error. log;

Location /{

Root html;

Index index.html index.htm;

}

}

Server {

Listen 192.168.2.20: 80;

Server_name localhost;

Access_log/var/log/nginx/tec_access.log;

Error_log/var/log/nginx/tec_error.log;

Location /{

Root/usr/local/nginx/tec;

Index index.html index.htm;

}

}

Create a/usr/local/nginx/tecdirectory, enter the directory to create an index.html webpage, restart the nginx service, and access http: // 192.168.2.10 and http: // 192.168.2.20 respectively:

The VM Based on the host header only needs to be slightly modified based on the above:

Server {

Listen 192.168.2.10: 80;

Server_name www.abc.com;

Location /{

Root html;

Index index.html index.htm;

}

}

Server {

Listen 192.168.2.10: 80;

Server_name tec.abc.com;

Location /{

Root/usr/local/nginx/tec;

Index index.html index.htm;

}

}

To implement domain name-based access, either DNS domain name resolution or host hosts file modification, I will steal the lazy and modify the hosts file (Note the location of the hosts file: c: \ windows \ System32 \ drivers \ etc \ hosts in Windows,/etc/hosts in linux)

Now visit the http://www.abc.com and http://tec.abc.com respectively:

The virtual host based on the virtual directory is very simple. The access based on the virtual directory can allow access based on a directory regardless of the directory where the web page is stored:

We will create a directory/abcat will and create a new index.html webpage under the directory. Then we will slightly modify the above nginx configuration file:

[Root @ localhost/] # mkdir/abc

[Root @ localhost/] # echo "this is just a test">/abc/index.html

Add the following location to the server of tec.abc.com in the configuration file:

Location/test {

Alias/abc;

Index index.html index.htm;

}

Visit http://tec.abc.com/test:

Similarly, nginx can implement https-encrypted access Like apache. Encrypted access requires the combination of http and ssl at the Secure Sockets Layer to ensure the security of the website. For more information about how the web site implements ssl security, see kunjiang's another blog titled apache website security.

First, you need to set up a CA server to issue a certificate to the user or server. Now you need to set up a CA Server:

Modify the/etc/pki/tls/openssl. cnf file as follows:

45Dir =/etc/pki/CA

88CountryName = optional

89StateOrProvinceName = optional

90OrganizationName = optional

136CountryName_default = CN

141StateOrProvinceName_default = henan

144LocalityName_default = Zhengzhou

After the content is modified, we need to create three directories (certs‑crl‑newcerts‑and two files (index.txt and serial) in the/etc/pki/ca directory and write the number 01 to the serial file. After these preparations are complete, you can implement the CA Server:

We use openssl to generate a private key for the CA. The private key name is cakey. pem is stored in the/etc/pki/CA/private/directory. To ensure the security of the private key, you must modify the cakey. the pem permission is 600:

To serve other people, the CA server must be an institution trusted by others and must issue a certificate to the CA. In our environment, only this CA server is available, then it is the Root CA, and its certificate must be signed by itself.

The operations on the CA server have been completed. to issue a certificate for our web server, you must have a request file. The private key file is used to generate the request file, therefore, when the web server issues a certificate, the private key file à request file à certificate:

First, create the cert directory in the/usr/local/nginx directory to store the above three files on the server, and then switch to the cert Directory to generate these three files:

Now we need to combine the certificate with the web, then we need to modify the nginx configuration file and add the following content in the braces of http:

Restart the nginx service:

Now let's access the https://www.abc.com to see the following page:

This indicates that the client does not trust our certificate. to trust our certificate, the client must first trust our Certificate Authority CA. we must add the CA to the Trust List. To add a certificate to the Trust List, the full path must appear in the certificate path.

The operation here is a little different from the encrypted access to apache. To see the complete path, we must merge the CA certificate with the web certificate.

Access the https://www.abc.com again:

Perform the following operations according to the Wizard:

Import successful. Open the console (start running à mmc) to add the certificate. You can see that the Root CA has been added to a trusted root institution:

Now, you can access the service based on https!

This article from the "night wind" blog, please be sure to keep this source http://jiangkun08.blog.51cto.com/6266992/1293456