Configuration file:/usr/local/nginx/conf/nginx.conf
Log file:/usr/local/nginx/logs
Page page:/usr/local/nginx/html/index.html
Custom Page page:/usr/local/nginx/directory Name
Modules required for modular installation
./configure--with-Module name--with-module name
1.2 Adding modules to the original Nginx (upgrade)
1, delete the original unpacked after the Nginx directory, re-decompression
2. CD to this directory
3,./configure--with-httpd_ssl_module
4, make (the source code into a binary program, more than one Nginx execution program)
5, cannot make install (will overwrite objs original file)
6. CP Objs/nginx/usr/local/nginx/sbin #升级只需要拷贝
1.3 Department
1) Install Nginx package using source package
[[email protected] ~]# yum–y install gcc pcre-devel openssl-devel//Install Common Dependency Pack (gcc-c++)
[Email protected] ~]# Useradd–s/sbin/nologin Nginx
[Email protected] ~]# TAR-XF nginx-1.8.0.tar.gz
[Email protected] ~]# CD nginx-1.8.0
[Email protected] nginx-1.8.0]#/configure \
#>--prefix=/usr/local/nginx \//Specify Installation path
#>--user=nginx \//designated user
#>--group=nginx \//Specify Group
#>--with-http_ssl_module//Turn on SSL encryption
.. ..
Make & make Install
2) The use of Nginx command (can establish a soft connection, easy to perform)
[[email protected] ~]#/usr/local/nginx/sbin/nginx//Start service
[[email protected] ~]#/usr/local/nginx/sbin/nginx-s stop//Shut down service
[[email protected] ~]#/usr/local/nginx/sbin/nginx-s reload//reload config file
[[email protected] ~]#/usr/local/nginx/sbin/nginx–v//View software information
Ln-s/usr/local/nginx/sbin/nginx/usr/sbin/(Start-up service just input nginx)
[Email protected] ~]# NETSTAT-ANPTU | grep nginx
TCP 0 0 0.0.0.0:80 0.0.0.0:LISTEN 10441/ngi
2. User authentication
2.1 Modifying Nginx configuration Files
[Email protected] ~]# vim/usr/local/nginx/conf/nginx.conf
server {
Listen 80; #相当于: 80
server_name localhost;
Auth_basic "Input Password:"; #认证提示符
Auth_basic_user_file "/usr/local/nginx/pass"; #认证密码文件 (file does not exist)
Location/{
root HTML;
Index index.html index.htm;
}
}
A server is a Web site
2.2 Generate password file, create user and password
To create an account file using the HTPASSWD command, you need to ensure that the Httpd-tools is installed on the system
[Email protected] ~]# yum-y install Httpd-tools
[[email protected] ~]# Htpasswd-cm/usr/local/nginx/pass Tom//Create password file (consistent with config file)
New Password:
Re-type New Password:
Adding Password for user Tom
[Email protected] ~]# htpasswd-m/usr/local/nginx/pass Jerry
Append user, do not use-c option
New Password:
Re-type New Password:
Adding Password for user Jerry
[Email protected] ~]# Cat/usr/local/nginx/pass
2.3 Restart Nginx Service
[Email protected] ~]#/usr/local/nginx/sbin/nginx–s Reload
tailf/usr/local/nginx/logs/#动态查看错误信息
3. Domain-based virtual host
3.1 Service side:
1) Modify the Nginx service configuration, add the relevant virtual host configuration as follows
[Email protected] ~]# vim/usr/local/nginx/conf/nginx.conf
server {
Listen 80; Port
server_name www.aa.com; Domain name
Auth_basic "Input Password:"; Authentication prompt
Auth_basic_user_file "/usr/local/nginx/pass"; Authentication password file
Location/{
root HTML; Specify site Root Path
Index index.html index.htm;
}
}
server {
Listen 80; Port
server_name www.bb.com; Domain name
Location/{
Root www; Specify site root path (need to create directory named WWW)
Index index.html index.htm;
}
}
Use CTRL + V in a file and move the up and down keys to select characters, and press X to delete
2) Create the root directory of the site and the corresponding home file
[Email protected] ~]# mkdir/usr/local/nginx/www
[[email protected] ~]# echo "www" >/usr/local/nginx/www/index.html
3) Restart Nginx service
[Email protected] ~]#/usr/local/nginx/sbin/nginx–s Reload
3.2 Client:
1) Modify the client host 192.168.4.100/etc/hosts file for domain name resolution
/etc/hosts #本地域名解析文件 change precedence over DNS on the client
[Email protected] ~]# vim/etc/hosts
192.168.4.5 www.aa.com www.bb.com
2) test Firefox http://www.aa.com firefox http://www.bb.com
4. SSL Virtual Host
Encryption algorithm:
(1) Symmetric encryption
(2) Asymmetric encryption
(3) hash value md5sum + file
4.1 Generating the private key and certificate
[Email protected] ~]# cd/usr/local/nginx/conf
[[email protected] ~]# OpenSSL genrsa-out cert.key (or OpenSSL genrsa > Cert.key)//Generate private key
[[email protected] ~]# OpenSSL req-new-x509-key cert.key-out CERT.PEM//Generate Certificate
Country, province, city, company, department, hostname
4.2 Modifying Nginx configuration file, setting up the virtual host of encrypted Web site
[Email protected] ~]# vim/usr/local/nginx/conf/nginx.conf
server {
Listen 443 SSL;
server_name www.cc.com;
Ssl_certificate Cert.pem; #证书名称和生成的保持一致
Ssl_certificate_key Cert.key; #私钥名称和生成的保持一致
Ssl_session_cache shared:ssl:1m;
Ssl_session_timeout 5m;
Ssl_ciphers high:!anull:! MD5;
Ssl_prefer_server_ciphers on;
Location/{
root HTML; New name-Consistent directory name under #此处修改需要在/usr/local/nginx/
Index index.html index.htm;
}
}
Ngnix-s Reload #重新加载
4.3 Client Authentication
[Email protected] ~]# vim/etc/hosts
192.168.4.5 www.cc.com www.aa.com www.bb.com
[[email protected] ~]# Firefox https://www.cc.com//Trust certificate can be accessed
5, Nginx Reverse proxy
Load balancing; Check background conditions (Web high availability);
5.1 Deployment back-end Web server
Yum-y Install httpd
echo "192.168.2.100" >/var/www/html/index.html
Systemctl Restart httpd
5.2 Deployment of Nginx server
Since the configuration file is in use, a self-contained configuration backup file exists under/usr/local/nginx/conf
Nginx.conf.default
Back up the configuration file before you modify it in real-world work
CP Nginx.conf.default nginx.conf (for this experiment to be overwritten after re-doing)
Modifying the/usr/local/nginx/conf/nginx.conf configuration file
HTTP {
Upstream webserver {#定义一个web集群, named webserver
Server 192.168.2.100:80; #后台服务器
Server 192.168.2.200:80;
} #该函数定义集群
#可以添加weight权重: Number of calls,
#max_fails失败次数: Number of times the background web failed to be allowed to connect
#fail_timeout = 10 Timeout: After the failure, 10s after the query to ask the background of the web is normal (after adding down10s is not asked)
server {
Listen 80;
server_name www.tarena.com;
Location/{#匹配用户的地址栏
Proxy_pass Http://webserver; #调用集群
root HTML; #该路径不再寻找
5.3 Restart Service
/usr/local/nginx/sbin/nginx–s Reload
Client Polling Access 2 Web
5.4 Setting the same client access to the same Web server
Upstream webserver {#定义一个web集群, named webserver
Ip_hash; #客户端第一次访问之后, continue assigning to this web later
Server 192.168.2.100:80; #后台服务器
Server 192.168.2.200:80;
}
Client access accesses only one web
1, Dynamic Web site
Lnmp (linux,nginx,mariadb,php,python)
1.1 install Nginx
1) Unpack the TAR-XF
configuration./configure--prefix=/usr/ Local/nginx--with-http_ssl_module
Compile make
Install the make install
2) mariadb use the MySQL command
Mariadb-server where the data is stored Listen for 3306 port
Mariadb-devel dependencies
3) php "interpreter"
<?php #开头 end of content,
PHP-FPM listen to 9000 port services for automatic interpretation of code
Php-mysql Expansion pack, connect to Database
4) Start service and view port status
/usr/local/nginx/sbin/nginx #启动Nginx服务
NETSTAT-UTNLP | grep:80
Systemctl Start mariadb #启动数据库服务
Netstat-utnlp | grep:3306 or Systemctl status mariadb
systemctl start php-fpm #启动php-fpm Service BR>NETSTAT-UTNLP | grep:9000 or Systemctl status php-fpm
1.2 Static and dynamic separation
When a user visits a Web site, it matches the found page according to location, and no matching matches/content
You need to place the PHP script under/usr/local/nginx/html and modify the following configuration file
Vim/usr/local/nginx/conf/nginx.conf
Location ~. php$ {#匹配是否以. PHP end
root HTML; #页面的位置
Fastcgi_pass 127.0.0.1:9000; #把找到的页面给了9000 (php-fpm IP and port)
Fastcgi_index index.php;
Include fastcgi.conf; #加载fastcgi. conf parameter file
}
Log view: Tailf/usr/local/nginx/logs/error.log
Ls/var/log/php-fpm/error.log
Test: Firefox http://192.168.4.5/1.php
FastCGI: is a resident (long-live) type of CGI
Keeping the CGI interpreter process in memory for maintenance and scheduling
Configuration file path:/etc/php-fpm.d/www.conf
2. Address Rewriting
Get a visiting URL request and then rewrite the process to another URL that the server can handle
Rewrite old link (support Regular) new link [option];
Option: Last no longer read other Rewrite;break no longer read other statements, end;
redirect Let the address bar change, the user can see the URL changes (temporary); permament make the Address bar change (permanent)
1) Modify configuration file (Access a.html redirect to b.html)
[Email protected] ~]# vim/usr/local/nginx/conf/nginx.conf
.. ..
server {
Listen 80;
server_name localhost;
Location/{
root HTML;
Index index.html index.htm;
rewrite/a.html/b.html; #访问a. HTML content jumps to b.html (can shorten the URL)
}
}
echo www.a.com > html/a.html
echo www.b.com > html/b.html
[Email protected] ~]#/usr/local/nginx/sbin/nginx-s Reload
[email protected] ~]# Firefox http://192.168.4.5/a.html
2) Modify the configuration file (request to access 192.168.4.5 Redirect to www.a.com)
[Email protected] ~]# vim/usr/local/nginx/conf/nginx.conf
server {
Listen 80;
server_name localhost;
Rewrite ^/http://www.a.com/; Jump to the site #在进入网站之前匹配到以/start
Location/{
root HTML;
Index index.html index.htm;
}
}
[Email protected] ~]#/usr/local/nginx/sbin/nginx-s Reload
3) Modify the configuration file (visit 192.168.4.5/page, redirect to the same page under www.tmooc.cn/)
[Email protected] ~]# vim/usr/local/nginx/conf/nginx.conf
server {
Listen 80;
server_name localhost;
Rewrite ^/(.) http://www.a.com/$1; #访问子网站都跳转到现有对应的, one () corresponds to a $
Location/{
root HTML;
Index index.html index.htm;
}
}
[Email protected] ~]#/usr/local/nginx/sbin/nginx-s Reload
Visit http://192.168.4.5/web/login_new.html Jump to
Http://www.tmooc.cn/web/login_new.html
4) Implement Curl and Firefox access to the same connection returned by different pages
.. ..
server {
Listen 80;
server_name localhost;
Location/{
root HTML;
Index index.html index.htm;
}
if ($http _user_agent ~URL) {//Identify client Curl Browsernot case-sensitive
Rewrite ^ (.) $/curl/$1 break;
}
}
[[email protected] ~]# echo "Firefox" >/usr/local/nginx/html/test.html
[Email protected] ~]# mkdir-p/usr/local/nginx/html/curl/
[Email protected] ~]# echo "Curl" >/usr/local/nginx/html/curl/test.html
[Email protected] ~]#/usr/local/nginx/sbin/nginx-s Reload
[email protected] ~]# Firefox http://192.168.4.5/test.html #出现firefox页面
[Email protected] ~]# Curl http://192.168.4.5/test.html #返回curl的信息
Practical application: Differentiate between PC pages or mobile pages or other
$http _user_agent User-requested variables that contain information about the user
Tailf/usr/local/nginx/logs/access.log #访问信息日志
192.168.4.254--[07/jan/2018:21:48:16-0500] "get/test.html http/1.1" 304 0 "-" "mozilla/5.0 (X11; Linux x86_64; rv:38.0) gecko/20100101 firefox/38.0 "
192.168.4.254--[07/jan/2018:21:48:16-0500] "Get/favicon.ico http/1.1" 404 168 "-" "mozilla/5.0 (X11; Linux x86_64; rv:38.0) gecko/20100101 firefox/38.0 "
User IP Access server-user name time access what the system accesses with what browser access
[Email protected] ~]# curl-a Firefox http://192.168.4.5/test.html
Firefox #并不显示curl
#curl伪装成firefox进行对服务器访问, the server access log shows the information after masquerading
1, Nginx frequently asked questions processing
1.1 The Nginx software version number is not displayed
Server_tokens off/on; #服务器版本号信息
1.2 Concurrent Volume
Ab–n 2000–c http://192.168.4.5/-C concurrency-N requests
How to increase the capacity of concurrent volumes
1) Modification via Nginx configuration file
Worker_processes 2; #与CPU核心数量一致
Events {
Worker_connections 65535; #每个worker最大并发连接数
Use Epoll;
}
2) through the Linux system kernel
Ulimit-a #查看最大所有限制
Ulimit–hn 100000 #临时有效
ULIMIT–SN 100000 #临时有效
-S soft limit (user can modify) n (maximum number of files)
-H hard limit (user can not modify) n (maximum number of files)
Ss-anptu | grep nginx #实时查看并发量有多少人访问 (| WC-L)
Permanent settings:
[Email PROTECTED]R5 ~]# vim/etc/security/limits.conf
<domain> <type> <item> <value>
/usr/local/nginx/conf/sbin/nginx-s Reload
Linux Operation Learning------Nginx
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
