1, Nginx
is a high-performance HTTP and reverse proxy server, but also a IMAP/POP3/SMTP proxy server
1.1 Know
APACHE,NGINX,LIGHTTPD (for pages not written by Java programs)
Tomcat,jboss (for Java program write)
User concept: The source package installation needs to establish a user, the user used to perform the service (if not established, the system uses the nobody account by default), in case the use of root causes unsafe consequences, and the Yum source in the package will automatically set up a user for the system.
Configuration file:/usr/local/nginx/conf/nginx.conf
Log file:/usr/local/nginx/logs
Page page:/usr/local/nginx/html/index.html
Custom Page page:/usr/local/nginx/directory Name
Modules required for modular installation
./configure--with-Module name--with-module name
1.2 Adding modules to the original Nginx (upgrade)
1, delete the original unpacked after the Nginx directory, re-decompression
2. CD to this directory
3,./configure--with-httpd_ssl_module
4, make (the source code into a binary program, more than one Nginx execution program)
5, cannot make install (will overwrite objs original file)
6. CP Objs/nginx/usr/local/nginx/sbin #升级只需要拷贝
1.3 Department
1) Install Nginx package using source package
[[email protected] ~]# yum–y install gcc pcre-devel openssl-devel//Install Common Dependency Pack (gcc-c++)
[Email protected] ~]# Useradd–s/sbin/nologin Nginx
[Email protected] ~]# TAR-XF nginx-1.8.0.tar.gz
[Email protected] ~]# CD nginx-1.8.0
[Email protected] nginx-1.8.0]#/configure \
#>--prefix=/usr/local/nginx \//Specify Installation path
#>--user=nginx \//designated user
#>--group=nginx \//Specify Group
#>--with-http_ssl_module//Turn on SSL encryption
.. ..
Make & make Install
2) The use of Nginx command (can establish a soft connection, easy to perform)
[[email protected] ~]#/usr/local/nginx/sbin/nginx//Start service
[[email protected] ~]#/usr/local/nginx/sbin/nginx-s stop//Shut down service
[[email protected] ~]#/usr/local/nginx/sbin/nginx-s reload//reload config file
[[email protected] ~]#/usr/local/nginx/sbin/nginx–v//View software information
Ln-s/usr/local/nginx/sbin/nginx/usr/sbin/(Start-up service just input nginx)
[Email protected] ~]# NETSTAT-ANPTU | grep nginx
TCP 0 0 0.0.0.0:80 0.0.0.0:LISTEN 10441/ngi
2. User authentication
2.1 Modifying Nginx configuration Files
[Email protected] ~]# vim/usr/local/nginx/conf/nginx.conf
server {
Listen 80; #相当于: 80
server_name localhost;
Auth_basic "Input Password:"; #认证提示符
Auth_basic_user_file "/usr/local/nginx/pass"; #认证密码文件 (file does not exist)
Location/{
root HTML;
Index index.html index.htm;
}
}
A server is a Web site
2.2 Generate password file, create user and password
To create an account file using the HTPASSWD command, you need to ensure that the Httpd-tools is installed on the system
[Email protected] ~]# yum-y install Httpd-tools
[[email protected] ~]# Htpasswd-cm/usr/local/nginx/pass Tom//Create password file (consistent with config file)
New Password:
Re-type New Password:
Adding Password for user Tom
[Email protected] ~]# htpasswd-m/usr/local/nginx/pass Jerry
Append user, do not use-c option
New Password:
Re-type New Password:
Adding Password for user Jerry
[Email protected] ~]# Cat/usr/local/nginx/pass
2.3 Restart Nginx Service
[Email protected] ~]#/usr/local/nginx/sbin/nginx–s Reload
tailf/usr/local/nginx/logs/#动态查看错误信息
3. Domain-based virtual host
3.1 Service side:
1) Modify the Nginx service configuration, add the relevant virtual host configuration as follows
[Email protected] ~]# vim/usr/local/nginx/conf/nginx.conf
server {
Listen 80; Port
server_name www.aa.com; Domain name
Auth_basic "Input Password:"; Authentication prompt
Auth_basic_user_file "/usr/local/nginx/pass"; Authentication password file
Location/{
root HTML; Specify site Root Path
Index index.html index.htm;
}
}
server {
Listen 80; Port
server_name www.bb.com; Domain name
Location/{
Root www; Specify site root path (need to create directory named WWW)
Index index.html index.htm;
}
}
Use CTRL + V in a file and move the up and down keys to select characters, and press X to delete
2) Create the root directory of the site and the corresponding home file
[Email protected] ~]# mkdir/usr/local/nginx/www
[[email protected] ~]# echo "www" >/usr/local/nginx/www/index.html
3) Restart Nginx service
[Email protected] ~]#/usr/local/nginx/sbin/nginx–s Reload
3.2 Client:
1) Modify the client host 192.168.4.100/etc/hosts file for domain name resolution
/etc/hosts #本地域名解析文件 change precedence over DNS on the client
[Email protected] ~]# vim/etc/hosts
192.168.4.5 www.aa.com www.bb.com
2) test Firefox http://www.aa.com firefox http://www.bb.com
4. SSL Virtual Host
Encryption algorithm:
(1) Symmetric encryption
(2) Asymmetric encryption
(3) hash value md5sum + file
4.1 Generating the private key and certificate
[Email protected] ~]# cd/usr/local/nginx/conf
[[email protected] ~]# OpenSSL genrsa-out cert.key (or OpenSSL genrsa > Cert.key)//Generate private key
[[email protected] ~]# OpenSSL req-new-x509-key cert.key-out CERT.PEM//Generate Certificate
Country, province, city, company, department, hostname
4.2 Modifying Nginx configuration file, setting up the virtual host of encrypted Web site
[Email protected] ~]# vim/usr/local/nginx/conf/nginx.conf
server {
Listen 443 SSL;
server_name www.cc.com;
Ssl_certificate Cert.pem; #证书名称和生成的保持一致
Ssl_certificate_key Cert.key; #私钥名称和生成的保持一致
Ssl_session_cache shared:ssl:1m;
Ssl_session_timeout 5m;
Ssl_ciphers high:!anull:! MD5;
Ssl_prefer_server_ciphers on;
Location/{
root HTML; New name-Consistent directory name under #此处修改需要在/usr/local/nginx/
Index index.html index.htm;
}
}
Ngnix-s Reload #重新加载
4.3 Client Authentication
[Email protected] ~]# vim/etc/hosts
192.168.4.5 www.cc.com www.aa.com www.bb.com
[[email protected] ~]# Firefox https://www.cc.com//Trust certificate can be accessed
5, Nginx Reverse proxy
Load balancing; Check background conditions (Web high availability);
5.1 Deployment back-end Web server
Yum-y Install httpd
echo "192.168.2.100" >/var/www/html/index.html
Systemctl Restart httpd
5.2 Deployment of Nginx server
Since the configuration file is in use, a self-contained configuration backup file exists under/usr/local/nginx/conf
Nginx.conf.default
Back up the configuration file before you modify it in real-world work
CP Nginx.conf.default nginx.conf (for this experiment to be overwritten after re-doing)
Modifying the/usr/local/nginx/conf/nginx.conf configuration file
HTTP {
Upstream webserver {#定义一个web集群, named webserver
Server 192.168.2.100:80; #后台服务器
Server 192.168.2.200:80;
} #该函数定义集群
#可以添加weight权重: Number of calls,
#max_fails失败次数: Number of times the background web failed to be allowed to connect
#fail_timeout = 10 Timeout: After the failure, 10s after the query to ask the background of the web is normal (after adding down10s is not asked)
server {
Listen 80;
server_name www.tarena.com;
Location/{#匹配用户的地址栏
Proxy_pass Http://webserver; #调用集群
root HTML; #该路径不再寻找
5.3 Restart Service
/usr/local/nginx/sbin/nginx–s Reload
Client Polling Access 2 Web
5.4 Setting the same client access to the same Web server
Upstream webserver {#定义一个web集群, named webserver
Ip_hash; #客户端第一次访问之后, continue assigning to this web later
Server 192.168.2.100:80; #后台服务器
Server 192.168.2.200:80;
}
Client access accesses only one web
1, Dynamic Web site
Lnmp (linux,nginx,mariadb,php,python)
1.1 install Nginx
1) Unpack the TAR-XF
configuration./configure--prefix=/usr/ Local/nginx--with-http_ssl_module
Compile make
Install the make install
2) mariadb use the MySQL command
Mariadb-server where the data is stored Listen for 3306 port
Mariadb-devel dependencies
3) php "interpreter"
<?php #开头 end of content,
PHP-FPM listen to 9000 port services for automatic interpretation of code
Php-mysql Expansion pack, connect to Database
4) Start service and view port status
/usr/local/nginx/sbin/nginx #启动Nginx服务
NETSTAT-UTNLP | grep:80
Systemctl Start mariadb #启动数据库服务
Netstat-utnlp | grep:3306 or Systemctl status mariadb
systemctl start php-fpm #启动php-fpm Service BR>NETSTAT-UTNLP | grep:9000 or Systemctl status php-fpm
1.2 Static and dynamic separation
When a user visits a Web site, it matches the found page according to location, and no matching matches/content
You need to place the PHP script under/usr/local/nginx/html and modify the following configuration file
Vim/usr/local/nginx/conf/nginx.conf
Location ~. php$ {#匹配是否以. PHP end
root HTML; #页面的位置
Fastcgi_pass 127.0.0.1:9000; #把找到的页面给了9000 (php-fpm IP and port)
Fastcgi_index index.php;
Include fastcgi.conf; #加载fastcgi. conf parameter file
}
Log view: Tailf/usr/local/nginx/logs/error.log
Ls/var/log/php-fpm/error.log
Test: Firefox http://192.168.4.5/1.php
FastCGI: is a resident (long-live) type of CGI
Keeping the CGI interpreter process in memory for maintenance and scheduling
Configuration file path:/etc/php-fpm.d/www.conf
2. Address Rewriting
Get a visiting URL request and then rewrite the process to another URL that the server can handle
Rewrite old link (support Regular) new link [option];
Option: Last no longer read other Rewrite;break no longer read other statements, end;
redirect Let the address bar change, the user can see the URL changes (temporary); permament make the Address bar change (permanent)
1) Modify configuration file (Access a.html redirect to b.html)
[Email protected] ~]# vim/usr/local/nginx/conf/nginx.conf
.. ..
server {
Listen 80;
server_name localhost;
Location/{
root HTML;
Index index.html index.htm;
rewrite/a.html/b.html; #访问a. HTML content jumps to b.html (can shorten the URL)
}
}
echo www.a.com > html/a.html
echo www.b.com > html/b.html
[Email protected] ~]#/usr/local/nginx/sbin/nginx-s Reload
[email protected] ~]# Firefox http://192.168.4.5/a.html
2) Modify the configuration file (request to access 192.168.4.5 Redirect to www.a.com)
[Email protected] ~]# vim/usr/local/nginx/conf/nginx.conf
server {
Listen 80;
server_name localhost;
Rewrite ^/http://www.a.com/; Jump to the site #在进入网站之前匹配到以/start
Location/{
root HTML;
Index index.html index.htm;
}
}
[Email protected] ~]#/usr/local/nginx/sbin/nginx-s Reload
3) Modify the configuration file (visit 192.168.4.5/page, redirect to the same page under www.tmooc.cn/)
[Email protected] ~]# vim/usr/local/nginx/conf/nginx.conf
server {
Listen 80;
server_name localhost;
Rewrite ^/(.) http://www.a.com/$1; #访问子网站都跳转到现有对应的, one () corresponds to a $
Location/{
root HTML;
Index index.html index.htm;
}
}
[Email protected] ~]#/usr/local/nginx/sbin/nginx-s Reload
Visit http://192.168.4.5/web/login_new.html Jump to
Http://www.tmooc.cn/web/login_new.html
4) Implement Curl and Firefox access to the same connection returned by different pages
.. ..
server {
Listen 80;
server_name localhost;
Location/{
root HTML;
Index index.html index.htm;
}
if ($http _user_agent ~URL) {//Identify client Curl Browsernot case-sensitive
Rewrite ^ (.) $/curl/$1 break;
}
}
[[email protected] ~]# echo "Firefox" >/usr/local/nginx/html/test.html
[Email protected] ~]# mkdir-p/usr/local/nginx/html/curl/
[Email protected] ~]# echo "Curl" >/usr/local/nginx/html/curl/test.html
[Email protected] ~]#/usr/local/nginx/sbin/nginx-s Reload
[email protected] ~]# Firefox http://192.168.4.5/test.html #出现firefox页面
[Email protected] ~]# Curl http://192.168.4.5/test.html #返回curl的信息
Practical application: Differentiate between PC pages or mobile pages or other
$http _user_agent User-requested variables that contain information about the user
Tailf/usr/local/nginx/logs/access.log #访问信息日志
192.168.4.254--[07/jan/2018:21:48:16-0500] "get/test.html http/1.1" 304 0 "-" "mozilla/5.0 (X11; Linux x86_64; rv:38.0) gecko/20100101 firefox/38.0 "
192.168.4.254--[07/jan/2018:21:48:16-0500] "Get/favicon.ico http/1.1" 404 168 "-" "mozilla/5.0 (X11; Linux x86_64; rv:38.0) gecko/20100101 firefox/38.0 "
User IP Access server-user name time access what the system accesses with what browser access
[Email protected] ~]# curl-a Firefox http://192.168.4.5/test.html
Firefox #并不显示curl
#curl伪装成firefox进行对服务器访问, the server access log shows the information after masquerading
1, Nginx frequently asked questions processing
1.1 The Nginx software version number is not displayed
Server_tokens off/on; #服务器版本号信息
1.2 Concurrent Volume
Ab–n 2000–c http://192.168.4.5/-C concurrency-N requests
How to increase the capacity of concurrent volumes
1) Modification via Nginx configuration file
Worker_processes 2; #与CPU核心数量一致
Events {
Worker_connections 65535; #每个worker最大并发连接数
Use Epoll;
}
2) through the Linux system kernel
Ulimit-a #查看最大所有限制
Ulimit–hn 100000 #临时有效
ULIMIT–SN 100000 #临时有效
-S soft limit (user can modify) n (maximum number of files)
-H hard limit (user can not modify) n (maximum number of files)
Ss-anptu | grep nginx #实时查看并发量有多少人访问 (| WC-L)
Permanent settings:
[Email protected] ~]# vim/etc/security/limits.conf
<domain> <type> <item> <value>
- Soft Nofile 100000
- Hard Nofile 100000
<type> can only be soft or hard
1.3 How to resolve the problem of too long client access header information
Error message 414 (insufficient cache) [Email protected] ~]# vim/usr/local/nginx/conf/nginx.conf
HTTP {
Server_tokens off; Do not display Nginx version number information
Client_header_buffer_size 1k; Cache of Default request header information
Large_client_header_buffers 4 4k; Cache count and capacity of Request packet header information
......
1.4 Turn on GZIP compression to improve data transfer efficiency
[Email protected] ~]# vim/usr/local/nginx/conf/nginx.conf
gzip on; #开启压缩功能
Gzip_min_length 1000; #字节限定 (small files not compressed)
Gzip_comp_level 4; #压缩比率1-9
Gzip_types Text/plain #对什么格式的文件压缩
Reference:/usr/local/nginx/conf/mime.types writes the left side of the format to Gzip_types
Mp4,mp3,jpg can not be compressed, multimedia files are basically compressed format
1.5 How to let the client browser cache data
About:cache #查看浏览器缓存
Caching for unchanging data
[Email protected] ~]# vim/usr/local/nginx/conf/nginx.conf
server {
Listen 80;
server_name www.tarena.com;
Location/{
root HTML;
Index index.html index.htm;
}
Location ~*. (Jpg|jpeg|gif|png|css|js|ico|xml) $ {
Expires 30d; #定义客户端缓存时间为30天
}
}
1.6 How to customize the 404 error page returned to the client
server {
....
CharSet Utf-8;
Error_page 404/40x.html; Custom error page
Location =/40x.html {
root HTML;
}
}
/usr/local/nginx/conf/sbin/nginx-s Reload
Linux Operation Learning------Nginx