2. it技术
  3. Nginx基础

Nginx基础

it2024-08-17  45

NGINX

Nginx 简介

是俄罗斯人编写的十分轻量级的HTPP服务器 是一个高性能的HTTP和反向代理服务器,同时也是一个IMAP/POP3/SMTP代理服务器

官方网站:http://nginx.org

安装与升级

准备源码包nginx-1.16.1.tar.gz

yum -y install gcc make openssl-devel pcre-devel \ mariadb mariadb-devel mariadb-server php php-mysql php-fpm

源码安装nginx

tar -xf nginx-1.16.1.tar.gz cd nginx-1.16.1 useradd nginx ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with- http_ssl_module make && make install

启动程序:/usr/loca/nginx /sbin/nginx

热升级

1.16–1.17

tar -xf nginx-1.17.6.tar.gz cd nginx-1.17.6 ./configure --with-http_ssl_module make mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.old cp objs/nginx /usr/local/nginx/sbin/ make upgrade或 killall

启动程序: /usr/local/nginx/sbin/nginx

配置文件目录

/usr/local/nginx/ ##安装目录 conf/nginx.conf ##主配置文件 html ##网页目录 logs ##日志文件 sbin/nginx ##启动脚本

进程管理

启动:/usr/local/nginx/sbin/nginx -V:查看编译参数 -c:指定配置文件,启动服务 -t:测试配置文件语法是否有错误 端口: ps aux | grep nginx ss -antulp | grep nginx

用户认证配置

vim /usr/local/nginx/conf/nginx.conf server { listen 80; server_name localhost; auth_basic "username && password:"; auth_basic_user_file /usr/local/nginx/pass; location / { root html; index index.html index.htm; } } :wq ###登录需要认证 yum -y install httpd-tools htpasswd -c /usr/local/nginx/pass admin htpasswd /usr/local/nginx/pass user1 /usr/local/nginx/sbin/nginx -s reload

基于域名的虚拟机配置

vim /usr/local/nginx/conf/nginx.conf server { listen 80; server_name web1.tedu.cn; auth_basic "username && password:"; auth_basic_user_file /usr/local/nginx/pass; location / { root html; index index.html index.htm; } } server { listen 80; server_name web2.zx.cn; location / { root web; index index.html index.htm; } } :wq mkdir /usr/local/nginx/web echo web2 > /usr/local/nginx/web/index.html /usr/local/nginx/sbin/nginx -s reload

http加密配置

1)常见密钥算法 对称加密:AES、DES 非对称加密:RSA、DSA 2)生成密钥 SSL 加密网站的核心技术是非对称生成密钥 公钥、私钥、证书 cd /usr/local/nginx/conf openssl genrsa > cert.key ##生成私钥 openssl req -new -x509 -key cert.key > cert.pem ##生成证书(公钥)根据提示分别输入:国家、省份、城市、公司名称、部门名称、你的名字或服务器名字、邮箱 req:申请 -new:新建证书 -x509:证书格式 -key:指定私钥,利用私钥生成公钥 3)部署SSL加密网站 vim /usr/local/nginx/conf/nginx.conf server { listen 443 ssl; server_name web3.zx.cn; ssl_certificate cert.pem; ssl_certificate_key cert.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { root html; index index.html index.htm; } } /usr/local/nginx/sbin/nginx -s reload

地址重写配置

1)什么是地址重写: 获得一个来访的URL请求,然后改写成服务器可以处理的另一个URL 语法格式:rewite regex replacement [flag] 2)应用案例: 案例1:当访问web1.zx.cn/a.html 时跳转到 web1.zx.cn/b.html server { listen 80; server_name web1.zx.cn; rewrite "/a.html" /b.html; ...... 案例2:当访问web1.tedu.cn 时跳转到 www.zx.cn server { listen 80; server_name web1.zx.cn; rewrite ^/ http://www.zx.cn; ...... 案例3:当访问web1.zx.cn/任意 时跳转到 www.zx.cn/任意 server { listen 80; server_name web1.zx.cn; rewrite ^/(.*)$ http://www.zx.cn/$1;

LNMP动态网站

部署:

安装Nginx yum -y install gcc pcre-devel openssl-devel tar -xf nginx-1.17.6.tar.gz cd nginx-1.17.6 ./configure --with-http_ssl_module make && make install 安装mariadb yum -y install mariadb-server mariadb mariadb-devel 安装PHP yum -y install php php-fpm php-mysql 启动服务 /usr/local/nginx/sbin/nginx systemctl restart mariadb systemctl restart php-fpm ss -antulp | grep -E ":80|:3306|:9000" 配置动静分离 vim /usr/local/nginx/conf/nginx.conf localtion / { root html; index index.php index.html index.htm; } location ~ \.php$ { root html; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; #fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; include fastcgi.conf; } vim /usr/local/nginx/html/test.php <?php $i=33; echo $i; ?> 客户端访问测试:访问 web1.zx.cn/test.php cp /root/lnmp_soft/php_scripts/mysql.php /usr/local/nginx/html/ 客户端访问测试:访问 web1.zx.cn/mysql.php

WordPress案例

1)WrodPress简介 是一款用PHP语言开发的博客平台,可以支持再PHP和MySQL数据库的服务器上架设属于自己的网站 WordPress 功能强大、插件众多、主题丰富 官方网址:https://wordpress.org 2)上线WordPress 创建数据库,添加数据库账户并赋权 mysql create database wordpress character set utf8mb4; grant all on wordpress.* to wordpress@'localhost' identified by 'wordpress'; flush privlieges; exit 上线wordpress代码 yum -y install unzip cd /root/lnmp_soft unzip wordpress.zip cd wordpress tar -xf wordpress-5.0.3-zh_CN.tar.gz cp -r wordpress/* /usr/local/nginx/html chown -R apache:apache /usr/local/nginx/html/ iptables -F setenforce 0 客户端浏览器访问测试,进行初始化界面:web1.zx.cn

nginx的方向代理

配置 upstream 集群池属性 weight:设置服务器权重值,默认值为1 max_fails:设置最大失败次数 fail_timeout:设置失败超时时间,单位为秒 down:标记服务器已关机,不参与集群调度 vim /usr/local/nginx/conf/nginx.conf http { upstream servers { server 192.168.2.100:80 weight=2 max_fails=1 fail_timeout=20; server 192.168.2.200:80; } server { listen 80; server_name localhost; location / { proxy_pass http://servers; root html index index.html index.htm; } } } :wq 访问测试: http://192.168.4.5/test.php ip_hash ,相同客户端访问相同服务器 vim /usr/local/nginx/conf/nginx.conf http { upstream servers { ip_hash; server 192.168.2.100:80 weight=2 max_fails=1 fail_timeout=20; server 192.168.2.200:80; } server { listen 80; server_name localhost; location / { proxy_pass http://servers; root html index index.html index.htm; } } } :wq

nginx实现四层代理

安装 stream 模块(proxy上操作) /usr/local/nginx/sbin/nginx -s stop rm -rf /usr/local/nginx yum -y install gcc pcre-devel openssl-devel tar -xf nginx-1.17.6.tar.gz cd nginx-1.17.6 ./configure --with-http_ssl_module --with-stream make && make install 修改Nginx配置,实现ssh四层代理 vim /usr/local/nginx/conf/nginx.conf stream { upstream backend { server 192.168.2.100:22; server 192.168.2.200:22; } server { listen 12345; proxy_pass backend; } } http { ... ... } :wq /usr/local/nginx/sbin/nginx iptables -F setenforce 0
最新回复(0)