1.Nginx-高性能的 Web 服务端
Nginx是由1994年毕业于俄罗斯国立莫斯科鲍曼科技大学的同学 伊戈尔·赛索耶夫 为俄罗斯著名搜索网站 rambler.ru开发的,开发工作 早从2002年开始,第一次公开发布时间是2004年10月4日,版本号是 0.1.0
2019年3月11日F5 与 NGINX达成协议,F5 将收购 NGINX 的所有已发行股票,总价值约为 6.7 亿美元。 6.7亿美金约合44.97亿人民币,nginx核心模块代码长度198430(包括空格、注释),所以一行代码约为 2.2万人民币
官网地址 www.nginx.org
Nginx历经十几年的迭代更新(https://nginx.org/en/CHANGES), 目前功能已经非常完善且运行稳定,另外Nginx的版本分为开发版、稳定版和过期版,nginx以功能丰富著称,它即可以作为http服务器,也可以作为反向代理服务器或者邮件服务器能够快速的响应静态网页的请求 支持FastCGI/SSL/Virtual Host/URL Rwrite /Gzip / HTTP Basic Auth/http或者TCP的负载均衡(1.9版本以上且开启stream模块)等功能,并且支持第三方的功能扩展。
天猫 淘宝 京东 小米 163 新浪等一线互联网公司都在用Nginx或者进行二次开发基于Nginx的工作场景:
2.Nginx 介绍
Nginx:engine X ,2002年开发,分为社区版和商业版(nginx plus )
2019年3月11日 F5 Networks 6.7亿美元的价格收购
Nginx是免费的、开源的、高性能的HTTP和反向代理服务器、邮件代理服务器、以及TCP/UDP代理服务器
解决C10K问题(10K Connections)
Nginx官网:http://nginx.org nginx的其它的二次发行版:
Tengine:由淘宝网发起的Web服务器项目。它在Nginx的基础上,针对大访问量网站的需求,添加了很多高级功能和特性。Tengine的性能和稳定性已经在大型的网站如淘宝网,天猫商城等得到了 很好的检验。它的 终目标是打造一个高效、稳定、安全、易用的Web平台。从2011年12月开始, Tengine成为一个开源项目官网: http://tengine.taobao.org/
OpenResty:基于 Nginx 与 Lua 语言的高性能 Web 平台, 章亦春团队开发,官网:http://openr esty.org/cn/
Nginx 功能介绍
静态的web资源服务器HTML,图片,js,CSS,txt等静态资源 http/https协议的反向代理 结合FastCGI/uWSGI/SCGI等协议反向代理动态资源请求 tcp/udp协议的请求转发(反向代理) imap4/pop3协议的反向代理
基础特性
模块化设计,较好的扩展性高可靠性 支持热部署:不停机更新配置文件,升级版本,更换日志文件 低内存消耗:10000个keep-alive连接模式下的非活动连接,仅需2.5M内存 event-driven,aio,mmap,sendfile
Web 服务相关的功能
虚拟主机(server) 支持 keep-alive 和管道连接(利用一个连接做多次请求) 访问日志(支持基于日志缓冲提高其性能) url rewirte 路径别名 基于IP及用户的访问控制支持速率限制及并发数限制 重新配置和在线升级而无须中断客户的工作进程
Nginx 架构和进程
Nginx 进程结构
web请求处理机制
多进程方式:服务器每接收到一个客户端请求就有服务器的主进程生成一个子进程响应客户端,直到用户关闭连接,这样的优势是处理速度快,子进程之间相互独立,但是如果访问过大会导致服务器资源耗尽而无法提供请求
多线程方式:与多进程方式类似,但是每收到一个客户端请求会有服务进程派生出一个线程和此客户端进行交互,一个线程的开销远远小于一个进程,因此多线程方式在很大程度减轻了web服务器对系统资源的要求,但是多线程也有自己的缺点,即当多个线程位于同一个进程内工作的时候,可以相互访问同样的内存地址空间,所以他们相互影响,一旦主进程挂掉则所有子线程都不能工作了,IIS服务器使用了多线程的方式,需要间隔一段时间就重启一次才能稳定。
Nginx是多进程组织模型,而且是一个由Master主进程和Worker工作进程组成。
主进程(master process)的功能:
对外接口:接收外部的操作(信号)
对内转发:根据外部的操作的不同,通过信号管理 Worker
监控:监控 worker 进程的运行状态,worker 进程异常终止后,自动重启 worker 进程读取Nginx 配置文件并验证其有效性和正确性建立、绑定和关闭socket连接 按照配置生成、管理和结束工作进程 接受外界指令,比如重启、升级及退出服务器等指令不中断服务,实现平滑升级,重启服务并应用新的配置开启日志文件,获取文件描述符 不中断服务,实现平滑升级,升级失败进行回滚处理编译和处理perl脚本
工作进程(worker process)的功能: 所有 Worker 进程都是平等的
实际处理:网络请求,由 Worker 进程处理
Worker进程数量:一般设置为核心数,充分利用CPU资源,同时避免进程数量过多,导致进程竞争 CPU资源, 增加上下文切换的损耗接受处理客户的请求 将请求依次送入各个功能模块进行处理 I/O调用,获取响应数据 与后端服务器通信,接收后端服务器的处理结果缓存数据,访问缓存索引,查询和调用缓存数据发送请求结果,响应客户的请求 接收主程序指令,比如重启、升级和退出等
Nginx 进程间通信
工作进程是由主进程生成的,主进程使用fork()函数,在Nginx服务器启动过程中主进程根据配置文件决定启动工作进程的数量,然后建立一张全局的工作表用于存放当前未退出的所有的工作进程,主进程生成工作进程后会将新生成的工作进程加入到工作进程表中,并建立一个单向的管道并将其传递给工作进程,该管道与普通的管道不同,它是由主进程指向工作进程的单向通道,包含了主进程向工作进程发出的指令、工作进程ID、工作进程在工作进程表中的索引和必要的文件描述符等信息。
主进程与外界通过信号机制进行通信,当接收到需要处理的信号时,它通过管道向相关的工作进程发送正确的指令,每个工作进程都有能力捕获管道中的可读事件,当管道中有可读事件的时候,工作进程就会从管道中读取并解析指令,然后采取相应的执行动作,这样就完成了主进程与工作进程的交互。
Nginx 启动和 HTTP 连接建立
Nginx 模块介绍
nginx 有多种模块
核心模块:是 Nginx 服务器正常运行必不可少的模块,提供错误日志记录 、配置文件解析 、事件驱动机制 、进程管理等核心功能
标准HTTP模块:提供 HTTP 协议解析相关的功能,比如: 端口配置 、 网页编码设置 、 HTTP响应头设置 等等
可选HTTP模块:主要用于扩展标准的 HTTP 功能,让 Nginx 能处理一些特殊的服务,比如: Flash 多媒体传输 、解析 GeoIP 请求、 网络传输压缩 、 安全协议 SSL 支持等
邮件服务模块:主要用于支持 Nginx 的 邮件服务 ,包括对 POP3 协议、 IMAP 协议和 SMTP协议的支持
Stream服务模块: 实现反向代理功能,包括TCP协议代理
第三方模块:是为了扩展 Nginx 服务器应用,完成开发者自定义功能,比如: Json 支持、 Lua 支持等
nginx高度模块化,但其模块早期不支持DSO机制;1.9.11 版本支持动态装载和卸载模块分类:
3..Nginx 核心配置详解
(1)配置文件说明
nginx 官方帮助文档:http://nginx.org/en/docs/
Nginx的配置文件的组成部分:
主配置文件:nginx.conf
子配置文件: include conf.d/*.conf fastcgi, uwsgi,scgi 等协议相关的配置文件
mime.types:支持的mime类型,MIME(Multipurpose Internet Mail Extensions)多用途互联网邮件扩展类型,MIME消息能包含文本、图像、音频、视频以及其他应用程序专用的数据,是设定某种扩展名的文件用一种应用程序来打开的方式类型,当该扩展名文件被访问的时候,浏览器会自动使用指定应用程序来打开。多用于指定一些客户端自定义的文件名,以及一些媒体文件打开方式。
nginx 配置文件格式说明:
配置文件由指令与指令块构成
每条指令以分号结尾,指令与值之间以空格符号分隔
可以将多条指令放在同一行用分号分隔即可,但可读性差,不推荐
指令块以{ }大括号组合多个指令组织在一起且可以嵌套指令块
include语句允许组合多个 配置文件以提升可维护性
使用符号添加注释,提高可读性
使用符号使用变量
部分指令的参数支持正则表达式
Nginx 主配置文件的配置指令方式:
directive value 【value2 ...】;
注意:
(1)指令必须以分号结尾
(2)支持使用配置变量
内建变量:由Nginx模块引入,可直接引用
自定义变量:由用户使用set命令定义,格式:set variable_name value;
引用变量:$variable_name
4.Nginx的源码编译
1.下载软件
root@Nginx \~\]# wget https://nginx.org/download/nginx-1.28.1.tar.gz 2.解压 \[root@Nginx \~\]# tar zxf nginx-1.28.1.tar.gz \[root@Nginx \~\]# cd nginx-1.28.1/ \[root@Nginx nginx-1.28.1\]# ls auto CHANGES.ru conf contrib html man SECURITY.md CHANGES CODE_OF_CONDUCT.md configure CONTRIBUTING.md LICENSE README.md src 3.检测环境 #安装依赖性 \[root@Nginx \~\]# dnf install gcc openssl-devel.x86_64 pcre2-devel.x86_64 zlib-devel -y \[root@Nginx nginx-1.28.1\]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module 4.编译 \[root@Nginx nginx-1.28.1\]# make \[root@Nginx nginx-1.28.1\]# make install 5.nginx启动 #设定环境变量 \[root@Nginx sbin\]# vim \~/.bash_profile export PATH=$PATH:/usr/local/nginx/sbin \[root@Nginx sbin\]# source \~/.bash_profile \[root@Nginx logs\]# useradd -s /sbin/nologin -M nginx \[root@Nginx logs\]# nginx \[root@Nginx logs\]# ps aux \| grep nginx root 44012 0.0 0.1 14688 2356 ? Ss 17:01 0:00 nginx: master process nginx nginx 44013 0.0 0.2 14888 3892 ? S 17:01 0:00 nginx: worker process root 44015 0.0 0.1 6636 2176 pts/0 S+ 17:01 0:00 grep --color=auto nginx #测试 \[root@Nginx logs\]# echo timinglee \> /usr/local/nginx/html/index.html  6.编写启动文件 \[root@Nginx \~\]# vim /lib/systemd/system/nginx.service \[Unit
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
Service
Type=forking
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
Install
WantedBy=multi-user.target
root@Nginx \~\]# systemctl daemon-reload #验证 \[root@Nginx \~\]# systemctl status nginx.service \[root@Nginx \~\]# systemctl enable --now nginx \[root@Nginx \~\]# ps aux \| grep nginx  \[root@Nginx \~\]# reboot \[root@Nginx \~\]# systemctl status nginx.service 5.Nginx的平滑升级及回滚 1.下载高版本的软件 \[root@Nginx \~\]# wget https://nginx.org/download/nginx-1.29.4.tar.gz #编译nginx隐藏版本 \[root@Nginx \~\]# tar zxf nginx-1.29.4.tar.gz \[root@Nginx \~\]# cd nginx-1.29.4/src/core/ \[root@Nginx core\]# vim nginx.h #define nginx_version 1029004 #define NGINX_VERSION "" #define NGINX_VER "TIMINGLEE/" NGINX_VERSION #文件编辑完成后进行源码编译即可 \[root@Nginx core\]# cd ../../ \[root@Nginx nginx-1.29.4\]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module \[root@Nginx nginx-1.29.4\]# make \[root@Nginx nginx-1.29.4\]# cd objs/ \[root@Nginx objs\]# ls autoconf.err nginx ngx_auto_config.h ngx_modules.c src Makefile nginx.8 ngx_auto_headers.h ngx_modules.o \[root@Nginx objs\]# cd /usr/local/nginx/sbin/ \[root@Nginx sbin\]# ls nginx \[root@Nginx sbin\]# \\cp -f /root/nginx-1.29.4/objs/nginx /usr/local/nginx/sbin/nginx \[root@Nginx sbin\]# ls /usr/local/nginx/logs/ access.log error.log nginx.pid \[root@Nginx sbin\]# ps aux \| grep nginx root 1643 0.0 0.1 14688 2360 ? Ss 09:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx nginx 1644 0.0 0.2 14888 3896 ? S 09:55 0:00 nginx: worker process \[root@Nginx sbin\]# kill -USR2 1643 #nginx master进程id \[root@Nginx sbin\]# ps aux \| grep nginx root 1643 0.0 0.1 14688 2744 ? Ss 09:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx nginx 1644 0.0 0.2 14888 3896 ? S 09:55 0:00 nginx: worker process root 4919 0.0 0.4 14716 7936 ? S 10:24 0:00 nginx: master process /usr/local/nginx/sbin/nginx nginx 4921 0.0 0.2 14916 4156 ? S 10:24 0:00 nginx: worker process root 4923 0.0 0.1 6636 2176 pts/0 S+ 10:25 0:00 grep --color=auto nginx \[root@Nginx sbin\]# ls /usr/local/nginx/logs/ access.log error.log nginx.pid nginx.pid.oldbin #测试效果 \[root@Nginx sbin\]# nginx -V #回收旧版本子进程 \[root@Nginx sbin\]# ps aux \| grep nginx \[root@Nginx sbin\]# kill -WINCH 1643 \[root@Nginx sbin\]# ps aux \| grep nginx 3.版本回退\|版本回滚 \[root@Nginx sbin\]# cd /usr/local/nginx/sbin/ \[root@Nginx sbin\]# cp nginx nginx.new -p \[root@Nginx sbin\]# \\cp nginx.old nginx -pf \[root@Nginx sbin\]# ps aux \| grep nginx root 1643 0.0 0.1 14688 2744 ? Ss 09:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx root 4919 0.0 0.4 14716 7936 ? S 10:24 0:00 nginx: master process /usr/local/nginx/sbin/nginx nginx 4921 0.0 0.2 14916 4156 ? S 10:24 0:00 nginx: worker process \[root@Nginx sbin\]# kill -HUP 1643 \[root@Nginx sbin\]# ps aux \| grep nginx root 1643 0.0 0.1 14688 2744 ? Ss 09:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx root 4919 0.0 0.4 14716 7936 ? S 10:24 0:00 nginx: master process /usr/local/nginx/sbin/nginx nginx 4921 0.0 0.2 14916 4156 ? S 10:24 0:00 nginx: worker process nginx 4963 0.0 0.2 14888 3896 ? S 10:32 0:00 nginx: worker process root 4965 0.0 0.1 6636 2176 pts/0 S+ 10:32 0:00 grep --color=auto nginx \[root@Nginx sbin\]# nginx -V #回收新版本进程 \[root@Nginx sbin\]# kill -WINCH 4919 \[root@Nginx sbin\]# ps aux \| grep nginx 6.Nginx配置文件的管理及优化参数 \[root@Nginx \~\]# vim /usr/local/nginx/conf/nginx.conf user nginx; \[root@Nginx \~\]# nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful \[root@Nginx \~\]# nginx -s reload \[root@Nginx \~\]# ps aux \| grep nginx  \[root@Nginx \~\]# vim /usr/local/nginx/conf/nginx.conf worker_processes 2; \[root@Nginx \~\]# nginx -s reload \[root@Nginx \~\]# ps aux \| grep nginx #在vmware中更改硬件cpu核心个数,然后重启 \[root@Nginx \~\]# vim /usr/local/nginx/conf/nginx.conf worker_processes auto; worker_cpu_affinity 0001 0010 0100 1000; \[root@Nginx \~\]# ps aux \| grep nginx \[root@Nginx \~\]# ps axo pid,cmd,psr \| grep nginx  \[root@Nginx \~\]# vim /usr/local/nginx/conf/nginx.conf events { worker_connections 10000; use epoll; accept_mutex on; multi_accept on; } \[root@Nginx \~\]# nginx -s reload #测试并发 \[root@Nginx \~\]# dnf install httpd-tools -y \[root@Nginx \~\]# ab -n 100000 -c5000 http://172.25.254.100/index.html #处理本地文件系统的并发文件数量 \[root@Nginx \~\]# vim /etc/security/limits.conf \* - nofile 100000 \* - noproc 100000 root - nofile 100000 \[root@Nginx \~\]# sudo -u nginx ulimit -n 100000 \[root@Nginx \~\]# ulimit -n 10000 100000 #测试 \[root@Nginx \~\]# ab -n 100000 -c10000 http://172.25.254.100/index.html  7.Nginx下构建PC站点 1.location中的root \[root@Nginx conf\]# cd /usr/local/nginx/conf/ \[root@Nginx conf\]# mkdir conf.d \[root@Nginx conf\]# vim nginx.conf 82 include "/usr/local/nginx/conf/conf.d/\*.conf"; \[root@Nginx conf\]# nginx -s reload \[root@Nginx conf\]# cd conf.d/ \[root@Nginx \~\]# mkdir -p /webdata/nginx/timinglee.org/lee/html \[root@Nginx \~\]# echo lee.timinglee.org \> /webdata/nginx/timinglee.org/lee/html/index.html \[root@Nginx conf.d\]# vim vhosts.conf server { listen 80; server_name lee.timinglee.org; location / { root /webdata/nginx/timinglee.org/lee/html; } } root@Nginx conf.d\]# systemctl restart nginx.service #测试 \[root@Nginx conf.d\]# vim /etc/hosts 172.25.254.100 Nginx www.timinglee.org lee.timinglee.org  #local示例需要访问lee.timinglee.org/lee/目录 \[root@Nginx conf.d\]# vim vhosts.conf server { listen 80; server_name lee.timinglee.org; location / { root /webdata/nginx/timinglee.org/lee/html; } location /lee { #lee标识location中的root值+location 后面指定的值代表目录的路径 root /webdata/nginx/timinglee.org/lee/html; } } \[root@Nginx conf.d\]# systemctl restart nginx.service \[root@Nginx conf.d\]# mkdir -p /webdata/nginx/timinglee.org/lee/html/lee \[root@Nginx conf.d\]# echo lee \> /webdata/nginx/timinglee.org/lee/html/lee/index.html \[root@Nginx conf.d\]# curl lee.timinglee.org/lee/ lee  2.location中的alias \[root@Nginx conf.d\]# vim vhosts.conf server { listen 80; server_name lee.timinglee.org; location /passwd { #标识文件 alias /etc/passwd; } location /passwd/ { #表示目录 alias /mnt/; } } \[root@Nginx conf.d\]# nginx -s reload \[root@Nginx conf.d\]# echo passwd \> /mnt/index.html #测试 \[root@Nginx conf.d\]# curl lee.timinglee.org/passwd/ passwd \[root@Nginx conf.d\]# curl lee.timinglee.org/passwd  8.KeepAlived长链接优化 1.设定长链接时间 \[root@Nginx \~\]# vim /usr/local/nginx/conf/nginx.conf keepalive_timeout 5; \[root@Nginx \~\]# nginx -s reload #测试 \[root@Nginx \~\]# dnf install telnet -y \[root@Nginx \~\]# telnet www.timinglee.org 80  2.设定长链接次数 \[root@Nginx \~\]# vim /usr/local/nginx/conf/nginx.conf keepalive_requests 3; \[root@Nginx \~\]# nginx -s reload #测试 \[root@Nginx \~\]# telnet www.timinglee.org 80  9.Location 字符匹配详解 1.Location后什么都不带直接指定目录 \[root@Nginx conf.d\]# vim vhosts.conf server { listen 80; server_name lee.timinglee.org; location /null { return 200 "/null-1"; } } \[root@Nginx conf.d\]# curl lee.timinglee.org/null/ /null-1 \[root@Nginx conf.d\]# curl lee.timinglee.org/NULL/   2.location 后用 = \[root@Nginx conf.d\]# vim vhosts.conf server { listen 80; server_name lee.timinglee.org; location /null { return 200 "null-1"; } location = /null { #精确匹配到此结束 return 200 "null-2"; } location \~ /null { return 200 "null-3"; } } \[root@Nginx conf.d\]# nginx -s reload \[root@Nginx conf.d\]# curl lee.timinglee.org/null  3.location 后用"\^\~" \[root@Nginx conf.d\]# vim vhosts.conf server { listen 80; server_name lee.timinglee.org; location /null { return 200 "null-1"; } location = /null { return 200 "null-2"; } location \~ /null { return 200 "null-3"; } location \^\~ /lee { return 200 "lee"; } } \[root@Nginx conf.d\]# nginx -s reload lee \[root@Nginx conf.d\]# curl lee.timinglee.org/lee lee \[root@Nginx conf.d\]# curl lee.timinglee.org/test/lee  4.location 后用"\~" \[root@Nginx conf.d\]# vim vhosts.conf server { listen 80; server_name lee.timinglee.org; location /null { return 200 "null-1"; } location = /null { return 200 "null-2"; } location \~ /null { return 200 "null-3"; } location \^\~ /lee { return 200 "lee"; } location \~ /timing/ { return 200 "timing"; } } \[root@Nginx conf.d\]# nginx -s reload \[root@Nginx conf.d\]# curl lee.timinglee.org/timinga/ timing \[root@Nginx conf.d\]# curl lee.timinglee.org/timing/ timing \[root@Nginx conf.d\]# curl lee.timinglee.org/a/timing/ timing \[root@Nginx conf.d\]# curl lee.timinglee.org/a/timinga/ timing \[root@Nginx conf.d\]# curl lee.timinglee.org/a/atiming/  5.location 后用"\~\*" \[root@Nginx conf.d\]# vim vhosts.conf server { listen 80; server_name lee.timinglee.org; location /null { return 200 "null-1"; } location = /null { return 200 "null-2"; } location \~ /null { return 200 "null-3"; } location \^\~ /lee { return 200 "lee"; } location \~ /timing/ { return 200 "timing"; } location \~\* /timinglee { return 200 "timinglee"; } } \[root@Nginx conf.d\]# nginx -s reload \[root@Nginx conf.d\]# curl lee.timinglee.org/Timinglee/ timinglee \[root@Nginx conf.d\]# curl lee.timinglee.org/timinglee/ timinglee \[root@Nginx conf.d\]# curl lee.timinglee.org/timinglee/a timinglee \[root@Nginx conf.d\]# curl lee.timinglee.org/a/timinglee/a timinglee \[root@Nginx conf.d\]# curl lee.timinglee.org/a/atiminglee/a  6.location 后用"\\" \[root@Nginx conf.d\]# vim vhosts.conf server { listen 80; server_name lee.timinglee.org; location /null { return 200 "null-1"; } location = /null { return 200 "null-2"; } location \~ /null { return 200 "null-3"; } location \^\~ /lee { return 200 "lee"; } location \~ /timing/ { return 200 "timing"; } location \~\* /timinglee { return 200 "timinglee"; } location \~\* \\.(img\|php\|jsp)$ { return 200 "app"; } } \[root@Nginx conf.d\]# nginx -s reload \[root@Nginx conf.d\]# curl lee.timinglee.org/test.php app \[root@Nginx conf.d\]# curl lee.timinglee.org/test.jsp app  10.服务访问的用户认证 \[root@Nginx \~\]# htpasswd -cmb /usr/local/nginx/conf/.htpasswd admin lee Adding password for user admin \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; location /admin { root /usr/local/nginx/html; auth_basic "login passwd"; auth_basic_user_file "/usr/local/nginx/conf/.htpasswd"; } } \[root@Nginx \~\]# systemctl restart nginx.service #测试: root@Nginx \~\]# curl lee.timinglee.org/admin/ \[root@Nginx \~\]# curl -uadmin:lee http://lee.timinglee.org/admin/  11.自定义错误页面 \[root@Nginx \~\]# mkdir /usr/local/nginx/errorpage \[root@Nginx \~\]# echo "太不巧了,你要访问的页面辞职了!!" \> /usr/local/nginx/errorpage/errormessage \[root@Nginx \~\]# cat /usr/local/nginx/errorpage/errormessage 太不巧了,你要访问的页面辞职了!! \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; error_page 404 405 503 502 /error; location /lee { root /usr/local/nginx/html; } location /error { alias /usr/local/nginx/errorpage/errormessage; } } \[root@Nginx \~\]# curl lee.timinglee.org/lee/  12.自定义错误日志 \[root@Nginx \~\]# mkdir -p /usr/local/nginx/logs/timinglee.org/ \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; error_page 404 405 503 502 /error; error_log logs/timinglee.org/lee.error error; location /lee { root /usr/local/nginx/html; } location /error { alias /usr/local/nginx/errorpage/errormessage; } } \[root@Nginx \~\]# systemctl restart nginx.service #测试 \[root@Nginx \~\]# cd /usr/local/nginx/logs/timinglee.org/ \[root@Nginx timinglee.org\]# ls lee.error \[root@Nginx timinglee.org\]# cat lee.error \[root@Nginx timinglee.org\]# curl lee.timinglee.org/lee/ 太不巧了,你要访问的页面辞职了!! \[root@Nginx timinglee.org\]# cat lee.error ##  13.Nginx中建立下载服务器 \[root@Nginx \~\]# mkdir -p /usr/local/nginx/download \[root@Nginx \~\]# cp /etc/passwd /usr/local/nginx/download/ \[root@Nginx \~\]# dd if=/dev/zero of=/usr/local/nginx/download/bigfile bs=1M count=100 记录了100+0 的读入 记录了100+0 的写出 104857600字节(105 MB,100 MiB)已复制,0.152409 s,688 MB/s \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; error_page 404 405 503 502 /error; error_log logs/timinglee.org/lee.error error; location /lee { root /usr/local/nginx/html; } location /error { alias /usr/local/nginx/errorpage/errormessage; } location /download { root /usr/local/nginx; } } \[root@Nginx \~\]# nginx -s reload  1.启用列表功能 \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; error_page 404 405 503 502 /error; error_log logs/timinglee.org/lee.error error; location /lee { root /usr/local/nginx/html; } location /error { alias /usr/local/nginx/errorpage/errormessage; } location /download { root /usr/local/nginx; autoindex on; } } \[root@Nginx \~\]# nginx -s reload  2.下载控速 \[root@Nginx \~\]# wget http://lee.timinglee.org/download/bigfile  \[root@Nginx \~\]# rm -fr bigfile \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; error_page 404 405 503 502 /error; error_log logs/timinglee.org/lee.error error; location /lee { root /usr/local/nginx/html; } location /error { alias /usr/local/nginx/errorpage/errormessage; } location /download { root /usr/local/nginx; autoindex on; limit_rate 1024k; } } \[root@Nginx \~\]# nginx -s reload \[root@Nginx \~\]# wget http://lee.timinglee.org/download/bigfile  3.显示文件大小优化 \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; error_page 404 405 503 502 /error; error_log logs/timinglee.org/lee.error error; location /lee { root /usr/local/nginx/html; } location /error { alias /usr/local/nginx/errorpage/errormessage; } location /download { root /usr/local/nginx; autoindex on; limit_rate 1024k; autoindex_exact_size off; } } \[root@Nginx \~\]# nginx -s reload  4.时间显示调整 \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; error_page 404 405 503 502 /error; error_log logs/timinglee.org/lee.error error; location /lee { root /usr/local/nginx/html; } location /error { alias /usr/local/nginx/errorpage/errormessage; } location /download { root /usr/local/nginx; autoindex on; limit_rate 1024k; autoindex_exact_size off; autoindex_localtime on; } } \[root@Nginx \~\]# nginx -s reload  5.设定页面风格 \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; error_page 404 405 503 502 /error; error_log logs/timinglee.org/lee.error error; location /lee { root /usr/local/nginx/html; } location /error { alias /usr/local/nginx/errorpage/errormessage; } location /download { root /usr/local/nginx; autoindex on; limit_rate 1024k; autoindex_exact_size off; autoindex_localtime on; autoindex_format html \| xml \| json \| jsonp; } } \[root@Nginx \~\]# nginx -s reload  14.Nginx的文件检测 \[root@Nginx \~\]# echo default \> /usr/local/nginx/errorpage/default.html \[root@Nginx \~\]# cat /usr/local/nginx/errorpage/default.html default \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; error_page 404 405 503 502 /error; error_log logs/timinglee.org/lee.error error; root /usr/local/nginx/errorpage; try_files $uri $uri.html $uri/index.html /default.html; } \[root@Nginx \~\]# nginx -s reload #测试: \[root@Nginx \~\]# curl -v lee.timinglee.org/aaaaaaaaaa/  15.Nginx的状态页 \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; location /nginx_status{ stub_status; auth_basic "auth login"; auth_basic_user_file /usr/local/nginx/conf/.htpasswd; allow 172.25.254.0/24; deny all; } } \[root@Nginx \~\]# nginx -s reload  16.Nginx的压缩功能 \[root@Nginx \~\]# mkdir /usr/local/nginx/timinglee.org/lee/html -p \[root@Nginx \~\]# echo hello lee \> /usr/local/nginx/timinglee.org/lee/html/index.html \[root@Nginx html\]# cp /usr/local/nginx/logs/access.log /usr/local/nginx/timinglee.org/lee/html/bigfile.txt \[root@Nginx \~\]# vim /usr/local/nginx/conf/nginx.conf gzip on; gzip_comp_level 4; gzip_disable "MSIE \[1-6\]\\."; gzip_min_length 1024k; gzip_buffers 32 1024k gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/gif image/png; gzip_vary on; gzip_static on; \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; root /usr/local/nginx/timinglee.org/lee/html; location /nginx_status{ stub_status; auth_basic "auth login"; auth_basic_user_file /usr/local/nginx/conf/.htpasswd; allow 172.25.254.0/24; deny all; } } \[root@Nginx \~\]# nginx -s reload #测试 \[root@Nginx html\]# curl --head --compressed lee.timinglee.org/bigfile.txt  17.Nginx 变量 1.升级Nginx支持echo \[root@Nginx \~\]# systemctl stop nginx.service \[root@Nginx \~\]# ps aux \| grep nginx root 5193 0.0 0.1 6636 2176 pts/1 S+ 16:08 0:00 grep --color=auto nginx \[root@Nginx \~\]# tar zxf echo-nginx-module-0.64.tar.gz \[root@Nginx \~\]# cd nginx-1.28.1/ \[root@Nginx nginx-1.28.1\]# make clean \[root@Nginx nginx-1.28.1\]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module --add-module=/root/echo-nginx-module-0.64 \[root@Nginx nginx-1.28.1\]# make \[root@Nginx nginx-1.28.1\]# rm -rf /usr/local/nginx/sbin/nginx \[root@Nginx nginx-1.28.1\]# cp objs/nginx /usr/local/nginx/sbin/ -p #测试 \[root@Nginx nginx-1.28.1\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; root /usr/local/nginx/timinglee.org/lee/html; location /vars { default_type text/html; echo $remote_addr; } } \[root@Nginx nginx-1.28.1\]# nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful \[root@Nginx nginx-1.28.1\]# systemctl start nginx.service 2.理解内建变量 \[root@Nginx nginx-1.28.1\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; root /usr/local/nginx/timinglee.org/lee/html; location /vars { default_type text/html; echo $remote_addr; } } \[root@Nginx nginx-1.28.1\]# nginx -s reload \[root@Nginx nginx-1.28.1\]# curl lee.timinglee.org/vars/ 172.25.254.100 \[root@Nginx nginx-1.28.1\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; root /usr/local/nginx/timinglee.org/lee/html; location /vars { default_type text/html; echo $args; } } \[root@Nginx nginx-1.28.1\]# nginx -s reload  \[root@Nginx nginx-1.28.1\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; root /usr/local/nginx/timinglee.org/lee/html; location /vars { default_type text/html; echo $args; echo $is_args; } } \[root@Nginx nginx-1.28.1\]# nginx -s reload \[root@Nginx nginx-1.28.1\]# curl "http://lee.timinglee.org/vars?  \[root@Nginx nginx-1.28.1\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; root /usr/local/nginx/timinglee.org/lee/html; location /vars { default_type text/html; echo $document_root; } } \[root@Nginx nginx-1.28.1\]# nginx -s reload  \[root@Nginx nginx-1.28.1\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf listen 80; server_name lee.timinglee.org; root /usr/local/nginx/timinglee.org/lee/html; location /vars { default_type text/html; echo $remote_addr; echo $args; echo $is_args; echo $document_root; echo $document_uri; echo $host; echo $remote_port; echo $remote_user; echo $request_method; echo $request_filename; echo $request_uri; echo $scheme; echo $server_protocol; echo $server_addr; echo $server_name; echo $server_port; echo $http_user_agent; echo $cookie_key2; echo $http_user_agent; echo $sent_http_content_type; } } \[root@Nginx nginx-1.28.1\]# nginx -s reload \[root@Nginx nginx-1.28.1\]# curl -b "key1=hello,key2=timinglee" -A "haha" -ulee:lee "http://lee.timinglee.org/vars?key=lee\&id=11"  18.自定义变量 \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; root /usr/local/nginx/timinglee.org/lee/html; location /vars { default_type text/html; echo $remote_addr; echo $args; echo $is_args; echo $document_root; echo $document_uri; echo $host; echo $remote_port; echo $remote_user; echo $request_method; echo $request_filename; echo $request_uri; echo $scheme; echo $server_protocol; echo $server_addr; echo $server_name; echo $server_port; echo $http_user_agent; echo $cookie_key2; echo $http_user_agent; echo $sent_http_content_type; set $test lee; #手动设定变量值 echo $test; set $web_port $server_port; #变量个传递 echo $web_port; } } \[root@Nginx \~\]# nginx -s reload \[root@Nginx \~\]# curl lee.timinglee.org/vars/  19.Nginx利用网页重写实现全站加密 1.制作key \[root@Nginx \~\]# openssl req -newkey rsa:2048 -nodes -sha256 -keyout /usr/local/nginx/certs/timinglee.org.key -x509 -days 365 -out /usr/local/nginx/certs/timinglee.org.crt 2.编辑加密配置文件 \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; listen 443 ssl; ssl_certificate /usr/local/nginx/certs/timinglee.org.crt; ssl_certificate_key /usr/local/nginx/certs/timinglee.org.key; ssl_session_cache shared:sslcache:20m; ssl_session_timeout 10m; server_name lee.timinglee.org; root /webdir/timinglee.org/lee/html; location / { if ($scheme = http ){ rewrite /(.\*) https://$host/$1 redirect; } } } \[root@Nginx \~\]# systemctl restart nginx.service #测试 \[root@Nginx \~\]# curl -I http://lee.timinglee.org/test1/  20.网页从写 1.网页重写中的指令 \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; root /webdir/timinglee.org/lee/html; location /vars { echo $remote_user; echo $request_method; echo $request_filename; echo $request_uri; echo $scheme; } location / { if ( $http_user_agent \~\* firefox ) { return 200 "test if messages"; } } } \[root@Nginx \~\]# nginx -s reload \[root@Nginx \~\]# curl lee.timinglee.org lee page \[root@Nginx \~\]# curl -A "firefox" lee.timinglee.org test if messages\[root@Nginx \~\]# #set \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; root /webdir/timinglee.org/lee/html; location /vars { echo $remote_user; echo $request_method; echo $request_filename; echo $request_uri; echo $scheme; } location / { set $testname timinglee; echo $testname; } } \[root@Nginx \~\]# nginx -s reload  #return \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; root /webdir/timinglee.org/lee/html; location /vars { echo $remote_user; echo $request_method; echo $request_filename; echo $request_uri; echo $scheme; } location / { return 200 "hello world"; } } \[root@Nginx \~\]# nginx -s reload  #break \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; root /webdir/timinglee.org/lee/html; location /vars { echo $remote_user; echo $request_method; echo $request_filename; echo $request_uri; echo $scheme; } location / { set $test1 lee1; set $test2 lee2; if ($http_user_agent = firefox){ break; } set $test3 lee3; echo $test1 $test2 $test3; } } \[root@Nginx \~\]# nginx -s reload  2 flag #redirect; \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; root /webdir/timinglee.org/lee/html; location /vars { echo $remote_user; echo $request_method; echo $request_filename; echo $request_uri; echo $scheme; } location / { rewrite / http://www.baidu.com redirect; } } \[root@Nginx \~\]# nginx -s reload \[root@Nginx \~\]# curl -I lee.timinglee.org HTTP/1.1 302 Moved Temporarily #定向方式返回值 Server: nginx/1.28.1 Date: Tue, 03 Feb 2026 02:43:47 GMT Content-Type: text/html Content-Length: 145 Connection: keep-alive Keep-Alive: timeout=100 Location: http://www.baidu.com #定向效果 #permanent \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; root /webdir/timinglee.org/lee/html; location /vars { echo $remote_user; echo $request_method; echo $request_filename; echo $request_uri; echo $scheme; } location / { rewrite / http://www.baidu.com permanent; } } \[root@Nginx \~\]# nginx -s reload  #break 和 last \[root@Nginx \~\]# mkdir /webdir/timinglee.org/lee/html/{break,last,test1,test2} \[root@Nginx \~\]# echo break \> /webdir/timinglee.org/lee/html/break/index.html \[root@Nginx \~\]# echo last \> /webdir/timinglee.org/lee/html/last/index.html \[root@Nginx \~\]# echo test1 \> /webdir/timinglee.org/lee/html/test1/index.html \[root@Nginx \~\]# echo test2 \> /webdir/timinglee.org/lee/html/test2/index.html #break \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; root /webdir/timinglee.org/lee/html; location /vars { echo $remote_user; echo $request_method; echo $request_filename; echo $request_uri; echo $scheme; } location /break { rewrite /break/(.\*) /test1/$1 break; rewrite /test1 /test2; } location /test1 { return 200 "test1 end page"; } location /test2 { return 200 "TEST2 END PAGE"; } } root@Nginx \~\]# nginx -s reload \[root@Nginx \~\]# curl -L lee.timinglee.org/break/index.html test1 #last \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; root /webdir/timinglee.org/lee/html; location /vars { echo $remote_user; echo $request_method; echo $request_filename; echo $request_uri; echo $scheme; } location /break { rewrite /break/(.\*) /test1/$1 last; rewrite /test1 /test2; } location /test1 { return 200 "test1 end page"; } location /test2 { return 200 "TEST2 END PAGE"; } } root@Nginx \~\]# nginx -s reload  21.防盗链 \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; root /webdir/timinglee.org/lee/html; location / { valid_referers none blocked server_names \*.timinglee.org \~/.baidu/.; if ($invalid_referer){ return 404; } } location /img { valid_referers none blocked server_names \*.timinglee.org \~/.baidu/.; if ($invalid_referer){ rewrite \^/ http://lee.timinglee.org/daolian/daolian.png; } } } \[root@Nginx \~\]# nginx -s reload #另外的web服务器 \[root@RS1 \~\]# vim /var/www/html/index.html  #在浏览器中访问看效果 22.Nginx反向代理 #172.25.254.10 RS1 172.25.254.20 RS2 \[root@RSX \~\]# dnf install httpd -y \[root@RSX \~\]# systemctl enable --now httpd \[root@RSX \~\]# echo 172.25.254.20 \> /var/www/html/index.html #测试 在Nginx主机中  2.简单的代理方法 \[root@RS2 \~\]# mkdir /var/www/html/web \[root@RS2 \~\]# echo 172.25.254.20 web \> /var/www/html/web/index.html \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; location / { proxy_pass http://172.25.254.10:80; } location /web { proxy_pass http://172.25.254.20:80; } } \[root@Nginx \~\]# nginx -s reload  3.proxy_hide_header filed \[Administrator.DESKTOP-VJ307M3\] ➤ curl -v lee.timinglee.org \* Trying 172.25.254.100:80... \* TCP_NODELAY set \* Connected to lee.timinglee.org (172.25.254.100) port 80 (#0) \> GET / HTTP/1.1 \> Host: lee.timinglee.org \> User-Agent: curl/7.65.0 \> Accept: \*/\* \> \* Mark bundle as not supporting multiuse \< HTTP/1.1 200 OK \< Server: nginx/1.28.1 \< Date: Tue, 03 Feb 2026 06:31:03 GMT \< Content-Type: text/html; charset=UTF-8 \< Content-Length: 14 \< Connection: keep-alive \< Keep-Alive: timeout=100 \< Last-Modified: Tue, 03 Feb 2026 06:20:50 GMT \< ETag: "e-649e570e8a49f" #可以看到ETAG信息 \< Accept-Ranges: bytes \< 172.25.254.10 \* Connection #0 to host lee.timinglee.org left intact \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; location / { proxy_pass http://172.25.254.10:80; proxy_hide_header ETag; } location /web { proxy_pass http://172.25.254.20:80; } } \[root@Nginx \~\]# nginx -s reload  4.proxy_pass_header \[Administrator.DESKTOP-VJ307M3\] ➤ curl -v lee.timinglee.org \* Trying 172.25.254.100:80... \* TCP_NODELAY set \* Connected to lee.timinglee.org (172.25.254.100) port 80 (#0) \> GET / HTTP/1.1 \> Host: lee.timinglee.org \> User-Agent: curl/7.65.0 \> Accept: \*/\* \> \* Mark bundle as not supporting multiuse \< HTTP/1.1 200 OK \< Server: nginx/1.28.1 #默认访问不透传server信息 \< Date: Tue, 03 Feb 2026 06:35:35 GMT \< Content-Type: text/html; charset=UTF-8 \< Content-Length: 14 \< Connection: keep-alive \< Keep-Alive: timeout=100 \< Last-Modified: Tue, 03 Feb 2026 06:20:50 GMT \< Accept-Ranges: bytes \< 172.25.254.10 \* Connection #0 to host lee.timinglee.org left intact \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; location / { proxy_pass http://172.25.254.10:80; proxy_pass_header Server; } location /web { proxy_pass http://172.25.254.20:80; } } \[root@Nginx \~\]# nginx -s reload  4.透传信息 \[root@RS1 \~\]# vim /etc/httpd/conf/httpd.conf LogFormat "%h %l %u %t \\"%r\\" %\>s %b \\"%{Referer}i\\" \\"%{User-Agent}i\\" \\"%{X-Forwarded-For}i\\"" combined \[root@RS1 \~\]# systemctl restart httpd \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; location / { proxy_pass http://172.25.254.10:80; proxy_set_header X-Forwarded-For $remote_addr; } location /web { proxy_pass http://172.25.254.20:80; } \[root@Nginx \~\]# nginx -s reload \[Administrator.DESKTOP-VJ307M3\] ➤ curl lee.timinglee.org 172.25.254.10  23.利用反向代理实现动静分离 1.试验机环境 \[root@RS1 \~\]# dnf install php -y \[root@RS1 \~\]# systemctl restart httpd \[root@RS1 \~\]# vim /var/www/html/index.php \172.25.254.10\"; phpinfo(); ?\> 2.动静分离的实现 \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; location / { proxy_pass http://172.25.254.20:80; } location \~\* \\.(php\|js)$ { proxy_pass http://172.25.254.10:80; } } \[root@Nginx \~\]# nginx -s reload  24.缓存加速 1.当未启用缓存时进行压测 \[Administrator.DESKTOP-VJ307M3\] ➤ ab -n 10000 -c 50 lee.timinglee.org/index.php This is ApacheBench, Version 2.3 \<$Revision: 1807734 $\> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Licensed to The Apache Software Foundation, http://www.apache.org/ Benchmarking lee.timinglee.org (be patient) Completed 1000 requests Completed 2000 requests Completed 3000 requests Completed 4000 requests Completed 5000 requests Completed 6000 requests Completed 7000 requests Completed 8000 requests Completed 9000 requests Completed 10000 requests Finished 10000 requests Server Software: nginx/1.28.1 Server Hostname: lee.timinglee.org Server Port: 80 Document Path: /index.php Document Length: 72921 bytes Concurrency Level: 50 Time taken for tests: 13.678 seconds Complete requests: 10000 Failed requests: 9963 #失败的 (Connect: 0, Receive: 0, Length: 9963, Exceptions: 0) Total transferred: 731097819 bytes HTML transferred: 729237819 bytes Requests per second: 731.10 \[#/sec\] (mean) Time per request: 68.390 \[ms\] (mean) Time per request: 1.368 \[ms\] (mean, across all concurrent requests) Transfer rate: 52197.72 \[Kbytes/sec\] received Connection Times (ms) min mean\[+/-sd\] median max Connect: 0 7 4.0 6 26 Processing: 4 61 168.8 44 3405 Waiting: 2 38 129.9 26 3316 Total: 5 68 168.7 51 3405 Percentage of the requests served within a certain time (ms) 50% 51 66% 61 75% 68 80% 71 90% 83 95% 92 98% 105 99% 506 100% 3405 (longest request) 2.设定缓存加速 \[root@Nginx \~\]# vim /usr/local/nginx/conf/nginx.conf proxy_cache_path /usr/local/nginx/proxy_cache levels=1:2:2 keys_zone=proxycache:20m inactive=120s max_size=1g; server { listen 80; server_name lee.timinglee.org; location / { proxy_pass http://172.25.254.20:80; } location \~\* \\.(php\|js)$ { proxy_pass http://172.25.254.10:80; proxy_cache proxycache; proxy_cache_key $request_uri; proxy_cache_valid 200 302 301 10m; proxy_cache_valid any 1m; } } \[root@Nginx \~\]# systemctl restart nginx.service \[root@Nginx \~\]# tree /usr/local/nginx/proxy_cache/ /usr/local/nginx/proxy_cache/ 0 directories, 0 files #测试 \[Administrator.DESKTOP-VJ307M3\] ➤ ab -n 10000 -c 50 lee.timinglee.org/index.php This is ApacheBench, Version 2.3 \<$Revision: 1807734 $\> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Licensed to The Apache Software Foundation, http://www.apache.org/ Benchmarking lee.timinglee.org (be patient) Completed 1000 requests Completed 2000 requests Completed 3000 requests Completed 4000 requests Completed 5000 requests Completed 6000 requests Completed 7000 requests Completed 8000 requests Completed 9000 requests Completed 10000 requests Finished 10000 requests Server Software: nginx/1.28.1 Server Hostname: lee.timinglee.org Server Port: 80 Document Path: /index.php Document Length: 72925 bytes Concurrency Level: 50 Time taken for tests: 4.365 seconds Complete requests: 10000 Failed requests: 0 Total transferred: 731110000 bytes HTML transferred: 729250000 bytes Requests per second: 2290.76 \[#/sec\] (mean) Time per request: 21.827 \[ms\] (mean) Time per request: 0.437 \[ms\] (mean, across all concurrent requests) Transfer rate: 163554.31 \[Kbytes/sec\] received Connection Times (ms) min mean\[+/-sd\] median max Connect: 0 4 1.8 4 11 Processing: 4 18 31.3 15 734 Waiting: 1 9 30.7 5 726 Total: 6 22 31.2 20 734 Percentage of the requests served within a certain time (ms) 50% 20 66% 21 75% 21 80% 22 90% 27 95% 32 98% 41 99% 46 100% 734 (longest request) \[root@Nginx \~\]# tree /usr/local/nginx/proxy_cache/  25.反向代理负载均衡 1.实验环境 172.25.254.100 #Nginx 代理服务器 172.25.254.10 #后端web A,Apache部署 172.25.254.20 #后端web B,Apache部署 2.实现负载均衡 \[root@Nginx \~\]# mkdir /usr/local/nginx/conf/upstream/ \[root@Nginx \~\]# vim /usr/local/nginx/conf/nginx.conf events { worker_connections 10000; use epoll; accept_mutex on; multi_accept on; } http { include mime.types; default_type application/octet-stream; include "/usr/local/nginx/conf/upstream/\*.conf"; #子配置目录 \[root@Nginx \~\]# vim /usr/local/nginx/conf/upstream/loadbalance.conf upstream webserver { server 172.25.254.10:80 weight=1 fail_timeout=15s max_fails=3; server 172.25.254.20:80 weight=1 fail_timeout=15s max_fails=3; server 172.25.254.100:8888 backup; } server { listen 80; server_name www.timinglee.org; location \~ / { proxy_pass http://webserver; } } \[root@Nginx \~\]# mkdir /webdir/timinglee.org/error/html -p \[root@Nginx \~\]# echo error \> /webdir/timinglee.org/error/html/index.html \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 8888; root /webdir/timinglee.org/error/html; } #测试:  \[root@RS1+2 \~\]# systemctl stop httpd \[root@Nginx \~\]# curl www.timinglee.org error 26.Nginx负载均衡算法 \[root@Nginx \~\]# vim /usr/local/nginx/conf/upstream/loadbalance.conf upstream webserver { #ip_hash; #hash $request_uri consistent; #least_conn; hash $cookie_lee; server 172.25.254.10:80 weight=1 fail_timeout=15s max_fails=3; server 172.25.254.20:80 weight=1 fail_timeout=15s max_fails=3; #server 172.25.254.100:8888 backup; } server { listen 80; server_name www.timinglee.org; location \~ / { proxy_pass http://webserver; } } \[root@Nginx \~\]# curl -b lee=20 www.timinglee.org \[root@Nginx \~\]# curl www.timinglee.org/web1/index.html \[root@Nginx \~\]# curl www.timinglee.org/ 27.PHP的源码编译 1.下载源码包 \[root@Nginx \~\]# wget https://www.php.net/distributions/php-8.3.30.tar.gz \[root@Nginx \~\]# wget https://mirrors.aliyun.com/rockylinux/9.7/devel/x86_64/os/Packages/o/oniguruma-devel-6.9.6-1.el9.6.x86_64.rpm #依赖 2.解压 \[root@Nginx \~\]# tar zxf php-8.3.30.tar.gz \[root@Nginx \~\]# ls anaconda-ks.cfg lee.png nginx-1.29.4.tar.gz test.c daolian.png nginx-1.28.1 php-8.3.30 echo-nginx-module-0.64 nginx-1.28.1.tar.gz php-8.3.30.tar.gz echo-nginx-module-0.64.tar.gz nginx-1.29.4 test \[root@Nginx \~\]# cd php-8.3.30 3.源码编译 \[root@Nginx \~\]# dnf install gcc systemd-devel-252-51.el9.x86_64 libxml2-devel.x86_64 sqlite-devel.x86_64 libcurl-devel.x86_64 libpng-devel.x86_64 oniguruma-devel-6.9.6-1.el9.6.x86_64.rpm -y \[root@Nginx \~\]# cd php-8.3.30/ \[root@Nginx php-8.3.30\]# ./configure \\ --prefix=/usr/local/php \\ #安装路径 --with-config-file-path=/usr/local/php/etc \\ #指定配置路径 --enable-fpm \\ #用cgi方式启动程序 --with-fpm-user=nginx \\ #指定运行用户身份 --with-fpm-group=nginx \\ --with-curl \\ #打开curl浏览器支持 --with-iconv \\ #启用iconv函数,转换字符编码 --with-mhash \\ #mhash加密方式扩展库 --with-zlib \\ #支持zlib库,用于压缩http压缩传输 --with-openssl \\ #支持ssl加密 --enable-mysqlnd \\ #mysql数据库 --with-mysqli \\ --with-pdo-mysql \\ --disable-debug \\ #关闭debug功能 --enable-sockets \\ #支持套接字访问 --enable-soap \\ #支持soap扩展协议 --enable-xml \\ #支持xml --enable-ftp \\ #支持ftp --enable-gd \\ #支持gd库 --enable-exif \\ #支持图片元数据 --enable-mbstring \\ #支持多字节字符串 --enable-bcmath \\ #打开图片大小调整,用到zabbix监控的时候用到了这个模块 --with-fpm-systemd #支持systemctl 管理cgi \[root@Nginx php-8.3.30\]# make \&\& make instsall 4.配置PHP \[root@Nginx php-8.3.30\]# cd /usr/local/php/etc \[root@Nginx etc\]# cp -p php-fpm.conf.default php-fpm.conf \[root@Nginx etc\]# vim php-fpm.conf \[global
; Pid file
; Note: the default prefix is /usr/local/php/var
; Default Value: none
pid = run/php-fpm.pid
root@Nginx etc\]# cd php-fpm.d/ \[root@Nginx php-fpm.d\]# cp www.conf.default www.conf \[root@Nginx php-fpm.d\]# vim www.conf 41 listen = 0.0.0.0:9000 \[root@Nginx php-fpm.d\]# cp /root/php-8.3.30/php.ini-production /usr/local/php/etc/php.ini \[root@Nginx php-fpm.d\]# vim /usr/local/php/etc/php.ini 989 date.timezone = Asia/Shangha \[root@Nginx \~\]# cp /root/php-8.3.30/sapi/fpm/php-fpm.service /lib/systemd/system/ \[root@Nginx \~\]# vim /lib/systemd/system/php-fpm.service # Mounts the /usr, /boot, and /etc directories read-only for processes invoked by this unit. #ProtectSystem=full #注释此参数 \[root@Nginx \~\]# systemctl daemon-reload \[root@Nginx \~\]# systemctl enable --now php-fpm \[root@Nginx \~\]# netstat -antlupe \| grep php tcp 0 0 0.0.0.0:9000 0.0.0.0:\* LISTEN 0 329917 165562/php-fpm: mas 5.为php设定环境变量 \[root@Nginx \~\]# vim \~/.bash_profile export PATH=$PATH:/usr/local/nginx/sbin:/usr/local/php/sbin:/usr/local/php/bin \[root@Nginx \~\]# source \~/.bash_profile \[root@Nginx \~\]# php -m 28.Nginx整合PHP \[root@Nginx conf.d\]# mkdir /webdir/timinglee.org/php/html -p \[root@Nginx conf.d\]# vim /webdir/timinglee.org/php/html/index.html php.timinglee.org \[root@Nginx conf.d\]# vim /webdir/timinglee.org/php/html/index.php \ \[root@Nginx \~\]# cd /usr/local/nginx/conf/conf.d/ \[root@Nginx conf.d\]# vim php.conf server { listen 80; server_name php.timinglee.org; root /webdir/timinglee.org/php/html; location \~ \\.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi.conf; } } \[root@Nginx conf.d\]# nginx -s reload #测试 http://php.timinglee.org http://php.timinglee.org/index.php 29.nginx+memcache实现高速缓存解 1.重新编译nginx \[root@Nginx \~\]# systemctl stop nginx.service \[root@Nginx \~\]# cp /usr/local/nginx/conf/ /mnt/ -r \[root@Nginx \~\]# rm -fr /usr/local/nginx/ \[root@Nginx \~\]# rm -rf nginx-1.29.4 nginx-1.28.1 \[root@Nginx \~\]# tar zxf nginx-1.28.1.tar.gz \[root@Nginx \~\]# cd nginx-1.28.1/ \[root@Nginx \~\]# tar zxf srcache-nginx-module-0.33.tar.gz \[root@Nginx \~\]# tar zxf memc-nginx-module-0.20.tar.gz \[root@Nginx \~\]# cd nginx-1.28.1/ \[root@Nginx nginx-1.28.1\]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module --add-module=/root/echo-nginx-module-0.64 --add-module=/root/memc-nginx-module-0.20 --add-module=/root/srcache-nginx-module-0.33 \[root@Nginx nginx-1.28.1\]# make \&\& make install \[root@Nginx \~\]# cd /usr/local/nginx/conf \[root@Nginx conf\]# rm -fr nginx.conf \[root@Nginx conf\]# cp /mnt/conf/nginx.conf /mnt/conf/conf.d/ . -r \[root@Nginx conf\]# systemctl start nginx.service 2.整合memcache \[root@Nginx conf\]# vim /usr/local/nginx/conf/conf.d/php.conf upstream memcache { server 127.0.0.1:11211; keepalive 512; } server { listen 80; server_name php.timinglee.org; root /webdir/timinglee.org/php/html; index index.php index.html; location /memc { internal; memc_connect_timeout 100ms; memc_send_timeout 100ms; memc_read_timeout 100ms; set $memc_key $query_string; set $memc_exptime 300; memc_pass memcache; } location \~ \\.php$ { set $key $uri$args; srcache_fetch GET /memc $key; srcache_store PUT /memc $key; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi.conf; } } \[root@Nginx conf\]# nginx -s reload  29.Nginx的四层负载均衡代理 1.实验环境(Mysql) \[root@RS1 \~\]# dnf install mariadb-server -y \[root@RS2 \~\]# dnf install mariadb-server -y \[root@RS1 \~\]# vim /etc/my.cnf.d/mariadb-server.cnf server-id=10 \[root@RS2 \~\]# vim /etc/my.cnf.d/mariadb-server.cnf server-id=20 \[root@RS1 \~\]# systemctl enable --now mariadb \[root@RS2 \~\]# systemctl enable --now mariadb \[root@RS1 \~\]# mysql  2.实验环境(dns) \[root@RS1 \~\]# dnf install bind -y \[root@RS2 \~\]# dnf install bind -y \[root@RS1 \~\]# vim /etc/named.conf \[root@RS2 \~\]# vim /etc/named.conf options { // listen-on port 53 { 127.0.0.1; }; // listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; secroots-file "/var/named/data/named.secroots"; recursing-file "/var/named/data/named.recursing"; // allow-query { localhost; }; dnssec-validation no; \[root@RS1 \~\]# vim /etc/named.rfc1912.zones \[root@RS2 \~\]# vim /etc/named.rfc1912.zones zone "timinglee.org" IN { type master; file "timinglee.org.zone"; allow-update { none; }; }; \[root@RS1 \~\]# cd /var/named/ \[root@RS2 \~\]# cd /var/named/ \[root@RS1 named\]# cp -p named.localhost timinglee.org.zone \[root@RS2 named\]# cp -p named.localhost timinglee.org.zone \[root@RS1 named\]# vim timinglee.org.zone $TTL 1D @ IN SOA dns.timingle.org. rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS dns.timinglee.org. dns A 172.25.254.10 \[root@RS2 named\]# vim timinglee.org.zone $TTL 1D @ IN SOA dns.timingle.org. rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS dns.timinglee.org. dns A 172.25.254.20 \[root@RS2 named\]# systemctl enable --now named #测试  3.tcp四层负载 \[root@Nginx conf\]# mkdir /usr/local/nginx/conf/tcp -p \[root@Nginx conf\]# mkdir /usr/local/nginx/conf/udp -p \[root@Nginx conf\]# vim /usr/local/nginx/conf/nginx.conf include "/usr/local/nginx/conf/tcp/\*.conf"; \[root@Nginx conf\]# vim /usr/local/nginx/conf/tcp/mariadb.conf stream { upstream mysql_server { server 172.25.254.10:3306 max_fails=3 fail_timeout=30s; server 172.25.254.20:3306 max_fails=3 fail_timeout=30s; } server { listen 172.25.254.100:3306; proxy_pass mysql_server; proxy_connect_timeout 30s; proxy_timeout 300s; } } \[root@Nginx conf\]# nginx -s reload #检测 \[root@Nginx \~\]# mysql -ulee -plee -h172.25.254.100  4.udp四层负载 \[root@Nginx \~\]# vim /usr/local/nginx/conf/tcp/mariadb.conf stream { upstream mysql_server { server 172.25.254.10:3306 max_fails=3 fail_timeout=30s; server 172.25.254.20:3306 max_fails=3 fail_timeout=30s; } upstream dns_server{ server 172.25.254.10:53 max_fails=3 fail_timeout=30s; server 172.25.254.20:53 max_fails=3 fail_timeout=30s; } server { listen 172.25.254.100:3306; proxy_pass mysql_server; proxy_connect_timeout 30s; proxy_timeout 300s; } server { listen 172.25.254.100:53 udp; proxy_pass dns_server; proxy_timeout 1s; proxy_responses 1; error_log logs/dns.log; } } \[root@Nginx \~\]# nginx -s reload  30.编译安装 openresty \[root@Nginx src\]#wget https://openresty.org/download/openresty-1.27.1.2.tar.gz \[root@Nginx \~\]#dnf -yq install gcc pcre-devel openssl-devel perl zlib-devel \[root@Nginx \~\]#useradd -r -s /sbin/nologin nginx \[root@Nginx \~\]#tar zxf openresty-1.27.1.2 \[root@webserver \~\]# cd openresty-1.27.1.2/ \[root@Nginx openresty-1.17.8.2\]#./configure \\ --prefix=/apps/openresty \\ --user=nginx --group=nginx \\ --with-http_ssl_module \\ --with-http_v2_module \\ --with-http_stub_status_module \\ --with-http_gzip_static_module --with-pcre --with-stream \\ --with-stream_ssl_module \\ --with-stream_realip_module \[root@Nginx openresty-1.17.8.2\]#gmake \&\& gmake install \[root@webserver openresty\]# vim \~/.bash_profile export PATH=$PATH:/usr/local/openresty/bin source \~/.bash_profile \[root@Nginx openresty-1.17.8.2\]#openresty -v nginx version: openresty/1.17.8.2 \[root@Nginx openresty-1.17.8.2\]#openresty \[root@Nginx openresty-1.17.8.2\]#ps -ef \|grep nginx \[root@webserver openresty\]# echo hello test \> /usr/local/openresty/nginx/html/index.html 