Nginx开源版本安装与配置

Nginx开源版本安装与配置

目录

1 版本区别

2 安装开源版本

2.1 下载与解压

  • 下载地址:http://nginx.org/en/download.html
  • 拷贝到虚拟机:/root/tool目录下
  • 解压: tar -zxvf nginx-1.20.2.tar.gz
  • /usr/local下创建文件夹:mkdir nginx
  • 返回压缩包所在目录,将解压后内容移动到创建的文件夹内:mv nginx-1.20.2 /usr/local/nginx

2.2 编译安装

  • 进入nginx-1.20.2目录下:./configure --prefix=/usr/local/nginx
  • 报错:

  • 解决方案:需要安装c编译器,执行 yum install -y gcc

  • 重新执行:./configure --prefix=/usr/local/nginx

2.3 启动与常用命令

  • 进入sbin目录下,执行./nginx

    不报错即正常,可以浏览器访问http://localhost 能看到如下内容即正常:

    Welcome to nginx! If you see this page, the nginx web server is successfully installed and working. Further configuration is required.  For online documentation and support please refer to nginx.org. Commercial support is available at nginx.com.  Thank you for using nginx. 
  • 常见命令:

    ./nginx 启动  ./nginx -s stop 快速停止  ./nginx -s quit 优雅关闭,在退出前完成已经接受的连接请求  ./nginx -s reload 重新加载配置 

3 防火墙

对nginx所在服务器,关闭防火墙并禁止开机启动,后台服务所在服务器,放行PORT,禁止外网访问后台服务

3.1 关闭防火墙

systemctl stop firewalld.service

3.2 禁止开机启动

systemctl disable firewalld.service

3.3 放行80端口

firewall-cmd --zone=public --add-port=80/tcp --permanent

4 将nginx做成服务,方便管理

4.1 创建脚本文件

vi /usr/lib/systemd/system/nginx.service

4.2 确定脚本内容

[Unit] Description=nginx web server After=network.target remote-fs.target nss-lookup.target [Service] Type=forking PIDFile=/usr/local/nginx/logs/nginx.pid ExecStartPre=/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf ExecReload=/usr/local/nginx/sbin/nginx -s reload ExecStop=/usr/local/nginx/sbin/nginx -s stop ExecQuit=/usr/local/nginx/sbin/nginx -s quit PrivateTmp=true [Install] WantedBy=multi-user.target 

4.3 重新加载服务

systemctl daemon-reload

4.4 启动服务并设置开机启动

systemctl start nginx.servic systemctl enable nginx.service 

5 配置

5.1 安装目录

client_body_temp conf fastcgi_temp html logs proxy_temp sbin scgi_temp uwsgi_temp

其中有四个文件夹是运行时生成的:

client_body_temp fastcgi_temp proxy_temp scgi_temp

主要的文件夹内容:

  • conf 用来存放配置文件相关
  • html 用来存放静态文件的默认目录 html、css等
  • sbin nginx的主程序
  • logs 日志文件目录

5.2 初始配置文件

 #user  nobody; worker_processes  1;  #error_log  logs/error.log; #error_log  logs/error.log  notice; #error_log  logs/error.log  info;  #pid        logs/nginx.pid;   events {     worker_connections  1024; }   http {     include       mime.types;     default_type  application/octet-stream;      #log_format  main  '$remote_addr - $remote_user [$time_local] $request '     #                  '$status $body_bytes_sent $http_referer '     #                  '$http_user_agent $http_x_forwarded_for';      #access_log  logs/access.log  main;      sendfile        on;     #tcp_nopush     on;      #keepalive_timeout  0;     keepalive_timeout  65;      #gzip  on;      server {         listen       80;         server_name  localhost;          #charset koi8-r;          #access_log  logs/host.access.log  main;          location / {             root   html;             index  index.html index.htm;         }          #error_page  404              /404.html;          # redirect server error pages to the static page /50x.html         #         error_page   500 502 503 504  /50x.html;         location = /50x.html {             root   html;         }          # proxy the PHP scripts to Apache listening on 127.0.0.1:80         #         #location ~ \.php$ {         #    proxy_pass   http://127.0.0.1;         #}          # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000         #         #location ~ \.php$ {         #    root           html;         #    fastcgi_pass   127.0.0.1:9000;         #    fastcgi_index  index.php;         #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;         #    include        fastcgi_params;         #}          # deny access to .htaccess files, if Apache's document root         # concurs with nginx's one         #         #location ~ /\.ht {         #    deny  all;         #}     }       # another virtual host using mix of IP-, name-, and port-based configuration     #     #server {     #    listen       8000;     #    listen       somename:8080;     #    server_name  somename  alias  another.alias;      #    location / {     #        root   html;     #        index  index.html index.htm;     #    }     #}       # HTTPS server     #     #server {     #    listen       443 ssl;     #    server_name  localhost;      #    ssl_certificate      cert.pem;     #    ssl_certificate_key  cert.key;      #    ssl_session_cache    shared:SSL:1m;     #    ssl_session_timeout  5m;      #    ssl_ciphers  HIGH:!aNULL:!MD5;     #    ssl_prefer_server_ciphers  on;      #    location / {     #        root   html;     #        index  index.html index.htm;     #    }     #}  } 

5.3 最小化配置文件

worker_processes  1;  events {     worker_connections  1024; }  http {     include       mime.types;     default_type  application/octet-stream;     sendfile        on;     keepalive_timeout  65;      server {         listen       80;         server_name  localhost;          location / {             root   html;             index  index.html index.htm;         }          error_page   500 502 503 504  /50x.html;         location = /50x.html {             root   html;         }     } } 

5.4 最小配置

5.4.1 worker_processes

worker_processes 1; 默认为1,表示开启一个业务进程

5.4.2 worker_connections

worker_connections 1024; 单个业务进程可接受连接数

5.4.3 include mime.types;

include mime.types; 引入http mime类型

5.4.4 default_type application/octet-stream;

default_type application/octet-stream; 如果mime类型没匹配上,默认使用二进制流的方式传输。

5.4.5 sendfile on;

sendfile on; 使用linux的 sendfile(socket, file, len) 高效网络传输,也就是数据0拷贝。

  • sendfile未开启

  • sendfile开启

5.4.6 keepalive_timeout

keepalive_timeout 65; 保持alive的超时时间

5.4.7 虚拟主机

原本一台服务器只能对应一个站点,通过虚拟主机技术可以虚拟化成多个站点同时对外提供服务

server { 	listen 80;               监听端口号 	server_name localhost;   主机名 	location / {             匹配路径         root html;                     文件根目录         index index.html index.htm;    默认页名称 	} 	error_page 500 502 503 504 /50x.html; 报错编码对应页面 	location = /50x.html { 		root html; 	} } 

5.4.8 server_name

  • 完整匹配: server_name vod.mmban.com www1.mmban.com;
  • 通配符匹配: server_name *.mmban.com
  • 正则匹配: server_name ~^[0-9]+\.mmban\.com$;

5.5 反向代理

proxy_pass http://baidu.com;

location / { 	proxy_pass http://baidu.com/; } 

5.6 基于反向代理的负载均衡

upstream httpd {     server 192.168.44.102:80;     server 192.168.43.103:80; } location / { 	proxy_pass http://httpd/; }  

5.7 负载均衡策略

  • 轮询:指定轮询几率,weight和访问比率成正比,用于后端服务器性能不均的情况。
    • down:表示当前的server暂时不参与负载
      • weight:默认为1.weight越大,负载的权重就越大。
      • backup: 其它所有的非backup机器down或者忙的时候,请求backup机器。
upstream httpd {     server 127.0.0.1:8050 weight=10 down;     server 127.0.0.1:8060 weight=1;     server 127.0.0.1:8060 weight=1 backup; } 
  • ip_hash 根据客户端的ip地址转发同一台服务器,可以保持回话。
  • least_conn 最少连接访问
  • url_hash 根据用户访问的url定向转发请求
  • fair 根据后端服务器响应时间转发请求

5.8 location匹配规则

server{ 	listen 80; 	server_name localhost; 	location / { 	 	} 	location /abc{ 	 	} 	... } 
  • 不带符号,要求必须以指定模式开始
server { 	listen 80; 	server_name 127.0.0.1; 	location /abc{ 		default_type text/plain; 		return 200 access success; 	} } 以下访问都是正确的 http://192.168.200.133/abc http://192.168.200.133/abc?p1=TOM http://192.168.200.133/abc/ http://192.168.200.133/abcdef 
  • = : 用于不包含正则表达式的uri前,必须与指定的模式精确匹配
server { 	listen 80; 	server_name 127.0.0.1; 	location =/abc{ 		default_type text/plain; 		return 200 access success; 	} } 可以匹配到 http://192.168.200.133/abc http://192.168.200.133/abc?p1=TOM 匹配不到 http://192.168.200.133/abc/ http://192.168.200.133/abcdef 
  • ~ : 用于表示当前uri中包含了正则表达式,并且区分大小写
  • ~*: 用于表示当前uri中包含了正则表达式,并且不区分大小写

换句话说,如果uri包含了正则表达式,需要用上述两个符合来标识

server { 	listen 80; 	server_name 127.0.0.1; 	location ~^/abc\w${ 		default_type text/plain; 		return 200 access success; 	} } server { 	listen 80; 	server_name 127.0.0.1; 	location ~*^/abc\w${ 		default_type text/plain; 		return 200 access success; 	} } 
  • ^~: 用于不包含正则表达式的uri前,功能和不加符号的一致,唯一不同的是,如果模式匹配,那么就停止搜索其他模式了。
server { 	listen 80; 	server_name 127.0.0.1; 	location ^~/abc{ 		default_type text/plain; 		return 200 access success; 	} } 

5.9 动静分离

location ~*/(css|img|js) {     root /usr/local/nginx/static;     index index.html index.htm; } 
  • root与alias
http://192.168.200.133/images/mv.png 

在/usr/local/nginx/html目录下创建一个 images目录,并在目录下放入一张图片mv.png图片

root的处理结果是: root路径+location路径 /usr/local/nginx/html/images/mv.png alias的处理结果是:使用alias路径替换location路径 /usr/local/nginx/html/images 

如果location路径是以/结尾,则alias也必须是以/结尾,root没有要求

location /images { 	root /usr/local/nginx/html; } 或者 location /images { 	alias /usr/local/nginx/html/images; } 
欢迎大家留言,以便于后面的人更快解决问题!另外亦欢迎大家可以关注我的微信公众号,方便利用零碎时间互相交流。共勉!