Nginx开源版本安装与配置
Nginx开源版本安装与配置
目录- Nginx开源版本安装与配置
1 版本区别
- Nginx开源版 http://nginx.org/
- Nginx plus 商业版 https://www.nginx.com
- openresty http://openresty.org/cn/
- Tengine http://tengine.taobao.org/
2 安装开源版本
2.1 下载与解压
- 下载地址:http://nginx.org/en/download.html
- 拷贝到虚拟机:
/root/tool
目录下 - 解压:
tar -zxvf nginx-1.20.2.tar.gz
- 在
/usr/local
下创建文件夹:mkdir nginx
- 返回压缩包所在目录,将解压后内容移动到创建的文件夹内:
mv nginx-1.20.2 /usr/local/nginx
2.2 编译安装
- 进入
nginx-1.20.2
目录下:./configure --prefix=/usr/local/nginx
- 报错:
-
解决方案:需要安装c编译器,执行
yum install -y gcc
-
重新执行:
./configure --prefix=/usr/local/nginx
2.3 启动与常用命令
-
进入sbin目录下,执行
./nginx
不报错即正常,可以浏览器访问http://localhost 能看到如下内容即正常:
Welcome to nginx! If you see this page, the nginx web server is successfully installed and working. Further configuration is required. For online documentation and support please refer to nginx.org. Commercial support is available at nginx.com. Thank you for using nginx.
-
常见命令:
./nginx 启动 ./nginx -s stop 快速停止 ./nginx -s quit 优雅关闭,在退出前完成已经接受的连接请求 ./nginx -s reload 重新加载配置
3 防火墙
对nginx所在服务器,关闭防火墙并禁止开机启动,后台服务所在服务器,放行PORT,禁止外网访问后台服务
3.1 关闭防火墙
systemctl stop firewalld.service
3.2 禁止开机启动
systemctl disable firewalld.service
3.3 放行80端口
firewall-cmd --zone=public --add-port=80/tcp --permanent
4 将nginx做成服务,方便管理
4.1 创建脚本文件
vi /usr/lib/systemd/system/nginx.service
4.2 确定脚本内容
[Unit] Description=nginx web server After=network.target remote-fs.target nss-lookup.target [Service] Type=forking PIDFile=/usr/local/nginx/logs/nginx.pid ExecStartPre=/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf ExecReload=/usr/local/nginx/sbin/nginx -s reload ExecStop=/usr/local/nginx/sbin/nginx -s stop ExecQuit=/usr/local/nginx/sbin/nginx -s quit PrivateTmp=true [Install] WantedBy=multi-user.target
4.3 重新加载服务
systemctl daemon-reload
4.4 启动服务并设置开机启动
systemctl start nginx.servic systemctl enable nginx.service
5 配置
5.1 安装目录
client_body_temp conf fastcgi_temp html logs proxy_temp sbin scgi_temp uwsgi_temp
其中有四个文件夹是运行时生成的:
client_body_temp fastcgi_temp proxy_temp scgi_temp
主要的文件夹内容:
- conf 用来存放配置文件相关
- html 用来存放静态文件的默认目录 html、css等
- sbin nginx的主程序
- logs 日志文件目录
5.2 初始配置文件
#user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] $request ' # '$status $body_bytes_sent $http_referer ' # '$http_user_agent $http_x_forwarded_for'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / { root html; index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} }
5.3 最小化配置文件
worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; server { listen 80; server_name localhost; location / { root html; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } }
5.4 最小配置
5.4.1 worker_processes
worker_processes 1; 默认为1,表示开启一个业务进程
5.4.2 worker_connections
worker_connections 1024; 单个业务进程可接受连接数
5.4.3 include mime.types;
include mime.types; 引入http mime类型
5.4.4 default_type application/octet-stream;
default_type application/octet-stream; 如果mime类型没匹配上,默认使用二进制流的方式传输。
5.4.5 sendfile on;
sendfile on; 使用linux的 sendfile(socket, file, len) 高效网络传输,也就是数据0拷贝。
-
sendfile未开启
-
sendfile开启
5.4.6 keepalive_timeout
keepalive_timeout 65; 保持alive的超时时间
5.4.7 虚拟主机
原本一台服务器只能对应一个站点,通过虚拟主机技术可以虚拟化成多个站点同时对外提供服务
server { listen 80; 监听端口号 server_name localhost; 主机名 location / { 匹配路径 root html; 文件根目录 index index.html index.htm; 默认页名称 } error_page 500 502 503 504 /50x.html; 报错编码对应页面 location = /50x.html { root html; } }
5.4.8 server_name
- 完整匹配:
server_name vod.mmban.com www1.mmban.com;
- 通配符匹配:
server_name *.mmban.com
- 正则匹配:
server_name ~^[0-9]+\.mmban\.com$;
5.5 反向代理
proxy_pass http://baidu.com;
location / { proxy_pass http://baidu.com/; }
5.6 基于反向代理的负载均衡
upstream httpd { server 192.168.44.102:80; server 192.168.43.103:80; } location / { proxy_pass http://httpd/; }
5.7 负载均衡策略
- 轮询:指定轮询几率,weight和访问比率成正比,用于后端服务器性能不均的情况。
- down:表示当前的server暂时不参与负载
- weight:默认为1.weight越大,负载的权重就越大。
- backup: 其它所有的非backup机器down或者忙的时候,请求backup机器。
- down:表示当前的server暂时不参与负载
upstream httpd { server 127.0.0.1:8050 weight=10 down; server 127.0.0.1:8060 weight=1; server 127.0.0.1:8060 weight=1 backup; }
- ip_hash 根据客户端的ip地址转发同一台服务器,可以保持回话。
- least_conn 最少连接访问
- url_hash 根据用户访问的url定向转发请求
- fair 根据后端服务器响应时间转发请求
5.8 location匹配规则
server{ listen 80; server_name localhost; location / { } location /abc{ } ... }
- 不带符号,要求必须以指定模式开始
server { listen 80; server_name 127.0.0.1; location /abc{ default_type text/plain; return 200 access success; } } 以下访问都是正确的 http://192.168.200.133/abc http://192.168.200.133/abc?p1=TOM http://192.168.200.133/abc/ http://192.168.200.133/abcdef
- = : 用于不包含正则表达式的uri前,必须与指定的模式精确匹配
server { listen 80; server_name 127.0.0.1; location =/abc{ default_type text/plain; return 200 access success; } } 可以匹配到 http://192.168.200.133/abc http://192.168.200.133/abc?p1=TOM 匹配不到 http://192.168.200.133/abc/ http://192.168.200.133/abcdef
- ~ : 用于表示当前uri中包含了正则表达式,并且区分大小写
- ~*: 用于表示当前uri中包含了正则表达式,并且不区分大小写
换句话说,如果uri包含了正则表达式,需要用上述两个符合来标识
server { listen 80; server_name 127.0.0.1; location ~^/abc\w${ default_type text/plain; return 200 access success; } } server { listen 80; server_name 127.0.0.1; location ~*^/abc\w${ default_type text/plain; return 200 access success; } }
- ^~: 用于不包含正则表达式的uri前,功能和不加符号的一致,唯一不同的是,如果模式匹配,那么就停止搜索其他模式了。
server { listen 80; server_name 127.0.0.1; location ^~/abc{ default_type text/plain; return 200 access success; } }
5.9 动静分离
location ~*/(css|img|js) { root /usr/local/nginx/static; index index.html index.htm; }
- root与alias
http://192.168.200.133/images/mv.png
在/usr/local/nginx/html目录下创建一个 images目录,并在目录下放入一张图片mv.png图片
root的处理结果是: root路径+location路径 /usr/local/nginx/html/images/mv.png alias的处理结果是:使用alias路径替换location路径 /usr/local/nginx/html/images
如果location路径是以/结尾,则alias也必须是以/结尾,root没有要求
location /images { root /usr/local/nginx/html; } 或者 location /images { alias /usr/local/nginx/html/images; }