Nginx

简介

Nginx是由1994年毕业于俄罗斯国立莫斯科鲍曼科技大学的同学 伊戈尔**·****赛索耶夫**为俄罗斯著名搜索网站rambler.ru开发的，开发工作最早从2002年开始，第一次公开发布时间是2004年10月4日，版本号是 0.1.0
2019年3月11日F5 与 NGINX达成协议,F5 将收购 NGINX 的所有已发行股票，总价值约为 6.7 亿美元6.7亿美金约合44.97亿人民币,nginx核心模块代码长度198430（包括空格、注释），所以一行代码约为2.2万人民币
官网地址 www.nginx.org
Nginx历经十几年的迭代更新（https://nginx.org/en/CHANGES）， 目前功能已经非常完善且运行稳 定，另外Nginx的版本分为开发版、稳定版和过期版，nginx以功能丰富著称，它即可以作为http服务 器，也可以作为反向代理服务器或者邮件服务器能够快速的响应静态网页的请求
支持FastCGI/SSL/Virtual Host/URL Rwrite /Gzip / HTTP Basic Auth/http或者TCP的负载均衡(1.9版本以 上且开启stream模块)等功能，并且支持第三方的功能扩展。
天猫 淘宝 京东 小米 163 新浪等一线互联网公司都在用Nginx或者进行二次开发基于Nginx的工作场景：

Nginx****功能介绍

• 静态的web资源服务器HTML，图片，js，CSS，txt等静态资源
• http/https协议的反向代理
• 结合FastCGI/uWSGI/SCGI等协议反向代理动态资源请求
• tcp/udp协议的请求转发（反向代理）
• imap4/pop3协议的反向代理

基础特性

• 模块化设计，较好的扩展性
• 高可靠性
• 支持热部署：不停机更新配置文件，升级版本，更换日志文件
• 低内存消耗：10000个keep-alive连接模式下的非活动连接，仅需2.5M内存
• event-driven,aio,mmap，sendfile

Web****服务相关的功能

• 虚拟主机（server）
• 支持 keep-alive 和管道连接(利用一个连接做多次请求)
• 访问日志（支持基于日志缓冲提高其性能）
• url rewirte路径别名
• 基于IP及用户的访问控制
• 支持速率限制及并发数限制
• 重新配置和在线升级而无须中断客户的工作进程

Nginx****架构和进程

web请求处理机制

• 多进程方式：服务器每接收到一个客户端请求就有服务器的主进程生成一个子进程响应客户端，直到用户关闭连接，这样的优势是处理速度快，子进程之间相互独立，但是如果访问过大会导致服务器资源耗尽而无法提供请求。
• 多线程方式：与多进程方式类似，但是每收到一个客户端请求会有服务进程派生出一个线程和此客户端进行交互，一个线程的开销远远小于一个进程，因此多线程方式在很大程度减轻了web服务器对系统资源的要求，但是多线程也有自己的缺点，即当多个线程位于同一个进程内工作的时候，可以相互访问同样的内存地址空间，所以他们相互影响，一旦主进程挂掉则所有子线程都不能工作了，IIS服务器使用了多线程的方式，需要间隔一段时间就重启一次才能稳定。

Nginx是多进程组织模型，而且是一个由Master主进程和Worker工作进程组成

主进程(master process)的功能：

• 对外接口：接收外部的操作（信号）
• 对内转发：根据外部的操作的不同，通过信号管理 Worker
• 监控：监控 worker 进程的运行状态，worker 进程异常终止后，自动重启 worker 进程
• 读取Nginx 配置文件并验证其有效性和正确性
• 建立、绑定和关闭socket连接
• 按照配置生成、管理和结束工作进程
• 接受外界指令，比如重启、升级及退出服务器等指令
• 不中断服务，实现平滑升级，重启服务并应用新的配置
• 开启日志文件，获取文件描述符
• 不中断服务，实现平滑升级，升级失败进行回滚处理
• 编译和处理perl脚本

工作进程（worker process）的功能：

• 所有 Worker 进程都是平等的
• 实际处理：网络请求，由 Worker 进程处理
• Worker进程数量：一般设置为核心数，充分利用CPU资源，同时避免进程数量过多，导致进程竞争
• CPU资源，
• 增加上下文切换的损耗
• 接受处理客户的请求
• 将请求依次送入各个功能模块进行处理
• I/O调用，获取响应数据
• 与后端服务器通信，接收后端服务器的处理结果
• 缓存数据，访问缓存索引，查询和调用缓存数据
• 发送请求结果，响应客户的请求
• 接收主程序指令，比如重启、升级和退出等

Nginx启动和HTTP****连接建立

• Nginx 启动时，Master 进程，加载配置文件
• Master 进程，初始化监听的 socket
• Master 进程，fork 出多个 Worker 进程
• Worker 进程，竞争新的连接，获胜方通过三次握手，建立 Socket 连接，并处理请求

Nginx****模块介绍

nginx 有多种模块

• 核心模块：是 Nginx 服务器正常运行必不可少的模块，提供错误日志记录 、配置文件解析 、事件驱动机制 、进程管理等核心功能
• 标准HTTP模块：提供 HTTP 协议解析相关的功能，比如： 端口配置 、 网页编码设置 、 HTTP响应头设置 等等
• 可选HTTP模块：主要用于扩展标准的 HTTP 功能，让 Nginx 能处理一些特殊的服务，比如： Flash
• 多媒体传输 、解析 GeoIP 请求、 网络传输压缩 、 安全协议 SSL 支持等
• 邮件服务模块：主要用于支持 Nginx 的 邮件服务 ，包括对 POP3 协议、 IMAP 协议和 SMTP协议的支持
• Stream服务模块: 实现反向代理功能,包括TCP协议代理
• 第三方模块：是为了扩展 Nginx 服务器应用，完成开发者自定义功能，比如： Json 支持、 Lua 支持等

Nginx的源码编译

#下载软件：

root@Nginx \~# wget https://nginx.org/download/nginx-1.28.1.tar.gz

#解压

root@Nginx \~# tar zxf nginx-1.28.1.tar.gz

root@Nginx \~# cd nginx-1.28.1/

root@Nginx nginx-1.28.1# ls

auto CHANGES.ru conf contrib html man SECURITY.md

CHANGES CODE_OF_CONDUCT.md configure CONTRIBUTING.md LICENSE README.md src

#环境监测

#安装依赖性

root@Nginx \~# dnf install gcc openssl-devel.x86_64 pcre2-devel.x86_64 zlib-devel -y

root@Nginx nginx-1.28.1#./configure --prefix=/usr/local/nginx \

--user=nginx \ # 指定nginx运行用户

--group=nginx \ # 指定nginx运行组

--with-http_ssl_module \ # 支持https://

--with-http_v2_module \ # 支持http版本2

--with-http_realip_module \ # 支持ip透传

--with-http_stub_status_module \ # 支持状态页面

--with-http_gzip_static_module \ # 支持压缩

--with-pcre \ # 支持正则

--with-stream \ # 支持tcp反向代理

--with-stream_ssl_module \ # 支持tcp的ssl加密

--with-stream_realip_module # 支持tcp的透传ip

#编译

root@Nginx nginx-1.28.1# make

root@Nginx nginx-1.28.1# make install

root@Nginx nginx-1.28.1# ls /usr/local/nginx/

conf html logs sbin

#conf：保存nginx所有的配置文件，其中nginx.conf是nginx服务器的最核心最主要的配置文件，其他

的.conf则是用来配置nginx相关的功能的，例如fastcgi功能使用的是fastcgi.conf和

fastcgi_params两个文件，配置文件一般都有一个样板配置文件，是以.default为后缀，使用时可将其

复制并将default后缀去掉即可。

#html目录中保存了nginx服务器的web文件，但是可以更改为其他目录保存web文件,另外还有一个50x的

web文件是默认的错误页面提示页面。

l#ogs：用来保存nginx服务器的访问日志错误日志等日志，logs目录可以放在其他路径，比

如/var/logs/nginx里面。

#sbin：保存nginx二进制启动脚本，可以接受不同的参数以实现不同的功能。

#启动

#设定环境变量

root@Nginx sbin# vim ~/.bash_profile

export PATH=$PATH:/usr/local/nginx/sbin

root@Nginx sbin# source ~/.bash_profile

root@Nginx logs# useradd -s /sbin/nologin -M nginx

root@Nginx logs# nginx

root@Nginx logs# ps aux | grep nginx

root 44012 0.0 0.1 14688 2356 ? Ss 17:01 0:00 nginx: master process nginx

nginx 44013 0.0 0.2 14888 3892 ? S 17:01 0:00 nginx: worker process

root 44015 0.0 0.1 6636 2176 pts/0 S+ 17:01 0:00 grep --color=auto nginx

#测试

root@Nginx logs# echo hjw > /usr/local/nginx/html/index.html

root@Nginx logs# curl 172.25.254.100

hjw

#编写启动文件

root@Nginx \~# vim /lib/systemd/system/nginx.service

Unit

Description=The NGINX HTTP and reverse proxy server

After=syslog.target network-online.target remote-fs.target nss-lookup.target

Wants=network-online.target

Service

Type=forking

ExecStartPre=/usr/local/nginx/sbin/nginx -t

ExecStart=/usr/local/nginx/sbin/nginx

ExecReload=/usr/local/nginx/sbin/nginx -s reload

ExecStop=/bin/kill -s QUIT $MAINPID

PrivateTmp=true

Install

WantedBy=multi-user.target

root@Nginx \~# systemctl daemon-reload

#验证

root@Nginx \~# systemctl status nginx.service

○ nginx.service - The NGINX HTTP and reverse proxy server

Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; preset: disabled)

Active: inactive (dead)

root@Nginx \~# systemctl enable --now nginx

root@Nginx \~# ps aux | grep nginx

root 1839 0.0 0.1 14688 2356 ? Ss 09:53 0:00 nginx: master process /usr/local/nginx/sbin/nginx

nginx 1840 0.0 0.2 14888 3828 ? S 09:53 0:00 nginx: worker process

root@Nginx \~# reboot

root@Nginx \~# systemctl status nginx.service

Nginx的平滑升级及回滚

• 将旧Nginx二进制文件换成新Nginx程序文件（注意先备份)
• 向master进程发送USR2信号
• master进程修改pid文件名加上后缀.oldbin,成为nginx.pid.oldbin
• master进程用新Nginx文件启动新master进程成为旧master的子进程,系统中将有新旧两个Nginx主进程共同提供Web服务,当前新的请求仍然由旧Nginx的worker进程进行处理,将新生成的master进程的PID存放至新生成的pid文件nginx.pid
• 向旧的Nginx服务进程发送WINCH信号，使旧的Nginx worker进程平滑停止
• 向旧master进程发送QUIT信号，关闭老master，并删除Nginx.pid.oldbin文件
• 如果发现升级有问题,可以回滚∶向老master发送HUP，向新master发送QUIT

#下载高版本软件

root@Nginx \~# wget https://nginx.org/download/nginx-1.29.4.tar.gz

#对于新版本的软件进行源码编译并进行平滑升级

#编译nginx隐藏版本

root@Nginx \~# tar zxf nginx-1.29.4.tar.gz

root@Nginx \~# cd nginx-1.29.4/src/core/

root@Nginx core# vim nginx.h

#define nginx_version 1029004

#define NGINX_VERSION ""

#define NGINX_VER "TIMINGLEE/" NGINX_VERSION

#文件编辑完成后进行源码编译即可

root@Nginx core# cd ../../

root@Nginx nginx-1.29.4# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module

root@Nginx nginx-1.29.4# make

root@Nginx nginx-1.29.4# cd objs/

root@Nginx objs# ls

autoconf.err nginx ngx_auto_config.h ngx_modules.c src

Makefile nginx.8 ngx_auto_headers.h ngx_modules.o

root@Nginx objs# cd /usr/local/nginx/sbin/

root@Nginx sbin# ls

#把之前的旧版的nginx命令备份

root@Nginx sbin# cp nginx nginx.old

nginx

root@Nginx sbin# \cp -f /root/nginx-1.29.4/objs/nginx /usr/local/nginx/sbin/nginx

root@Nginx sbin# ls /usr/local/nginx/logs/

access.log error.log nginx.pid

root@Nginx sbin# ps aux | grep nginx

root 1643 0.0 0.1 14688 2360 ? Ss 09:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx

nginx 1644 0.0 0.2 14888 3896 ? S 09:55 0:00 nginx: worker process

root@Nginx sbin# kill -USR2 1643 #nginx master进程id

#USR2 平滑升级可执行程序,将存储有旧版本主进程PID的文件重命名为nginx.pid.oldbin，并启动新的

nginx

#此时两个master的进程都在运行,只是旧的master不在监听,由新的master监听80

#此时Nginx开启一个新的master进程，这个master进程会生成新的worker进程，这就是升级后的Nginx进程，此时老的进程不会自动退出，但是当接收到新的请求不作处理而是交给新的进程处理。

root@Nginx sbin# ps aux | grep nginx

root 1643 0.0 0.1 14688 2744 ? Ss 09:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx

nginx 1644 0.0 0.2 14888 3896 ? S 09:55 0:00 nginx: worker process

root 4919 0.0 0.4 14716 7936 ? S 10:24 0:00 nginx: master process /usr/local/nginx/sbin/nginx

nginx 4921 0.0 0.2 14916 4156 ? S 10:24 0:00 nginx: worker process

root 4923 0.0 0.1 6636 2176 pts/0 S+ 10:25 0:00 grep --color=auto nginx

root@Nginx sbin# ls /usr/local/nginx/logs/

access.log error.log nginx.pid nginx.pid.oldbin

#测试效果

root@Nginx sbin# nginx -V

nginx version: TIMINGLEE/

built by gcc 11.5.0 20240719 (Red Hat 11.5.0-5) (GCC)

built with OpenSSL 3.2.2 4 Jun 2024

TLS SNI support enabled

configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module

#回收旧版本子进程

root@Nginx sbin# ps aux | grep nginx

root 1643 0.0 0.1 14688 2744 ? Ss 09:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx

nginx 1644 0.0 0.2 14888 3896 ? S 09:55 0:00 nginx: worker process

root 4919 0.0 0.4 14716 7936 ? S 10:24 0:00 nginx: master process /usr/local/nginx/sbin/nginx

nginx 4921 0.0 0.2 14916 4156 ? S 10:24 0:00 nginx: worker process

root 4929 0.0 0.1 6636 2176 pts/0 S+ 10:27 0:00 grep --color=auto nginx

#回收旧版本

root@Nginx sbin# kill -WINCH 1643

root@Nginx sbin# ps aux | grep nginx

root 1643 0.0 0.1 14688 2744 ? Ss 09:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx

root 4919 0.0 0.4 14716 7936 ? S 10:24 0:00 nginx: master process /usr/local/nginx/sbin/nginx

nginx 4921 0.0 0.2 14916 4156 ? S 10:24 0:00 nginx: worker process

root 4932 0.0 0.1 6636 2176 pts/0 S+ 10:28 0:00 grep --color=auto nginx

版本回退|版本回滚

root@Nginx sbin# cd /usr/local/nginx/sbin/

root@Nginx sbin# cp nginx nginx.new -p

root@Nginx sbin# \cp nginx.old nginx -pf

root@Nginx sbin# ps aux | grep nginx

root 1643 0.0 0.1 14688 2744 ? Ss 09:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx

root 4919 0.0 0.4 14716 7936 ? S 10:24 0:00 nginx: master process /usr/local/nginx/sbin/nginx

nginx 4921 0.0 0.2 14916 4156 ? S 10:24 0:00 nginx: worker process

root@Nginx sbin# kill -HUP 1643

root@Nginx sbin# ps aux | grep nginx

root 1643 0.0 0.1 14688 2744 ? Ss 09:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx

root 4919 0.0 0.4 14716 7936 ? S 10:24 0:00 nginx: master process /usr/local/nginx/sbin/nginx

nginx 4921 0.0 0.2 14916 4156 ? S 10:24 0:00 nginx: worker process

nginx 4963 0.0 0.2 14888 3896 ? S 10:32 0:00 nginx: worker process

root 4965 0.0 0.1 6636 2176 pts/0 S+ 10:32 0:00 grep --color=auto nginx

root@Nginx sbin# nginx -V

nginx version: nginx/1.28.1

built by gcc 11.5.0 20240719 (Red Hat 11.5.0-5) (GCC)

built with OpenSSL 3.2.2 4 Jun 2024

TLS SNI support enabled

configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module

#回收新版本进程

root@Nginx sbin# kill -WINCH 4919

root@Nginx sbin# ps aux | grep nginx

root 1643 0.0 0.1 14688 2744 ? Ss 09:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx

root 4919 0.0 0.4 14716 7936 ? S 10:24 0:00 nginx: master process /usr/local/nginx/sbin/nginx

nginx 4963 0.0 0.2 14888 3896 ? S 10:32 0:00 nginx: worker process

root 4969 0.0 0.1 6636 2176 pts/0 S+ 10:34 0:00 grep --color=auto nginx

Nginx配置文件的管理及优化参数

配置文件详解

#全局配置端，对全局生效，主要设置nginx的启动用户/组，启动的工作进程数量，工作模式，Nginx的PID
路径，日志路径等。
user nginx nginx;
worker_processes 1; #启动工作进程数数量
events { 
            #events #设置快，主要影响nginx服务器与用户的网络连接，比如是否允许同时接受多个网络连接，使用哪种事件驱动模型 #处理请求，每个工作进程可以同时支持的最大连接数，是否开启对多工作进程下的网络连接进行序列化等。
            worker_connections 1024; #设置单个nginx工作进程可以接受的最大并发，作为web服务器的时候最大并发数为 #worker_connections* worker_processes，作为反向代理的时候为
                                        #(worker_connections * worker_processes)/2
        }
http { 
            #http块是Nginx服务器配置中的重要部分，缓存、代理和日志格式定义等绝大多数功能和第三方模块都 #可以在这设置，http块可以包含多个server块，而一个server块中又可以包含多个location块，
            #server块可以配置文件引入、MIME-Type定义、日志自定义、是否启用sendfile、连接超时时间和 #单个链接的请求上限等。
    include mime.types;
    default_type application/octet-stream;
    sendfile on;         #作为web服务器的时候打开sendfile加快静态文件传输，指定是否使用
                         #sendfile系统调用来传输文件
                         #sendfile系统调用在两个文件描述符之间直接传递数据(完全在内核中操作)
                         #从而避免了数据在内核缓冲区和用户缓冲区之间的拷贝，操作效率很高，被称之为零拷贝，
                         #硬盘 >> kernel buffer (快速拷贝到kernelsocketbuffer) >>协议栈。
keepalive_timeout 65; #长连接超时时间，单位是秒
server { 
                #设置一个虚拟机主机，可以包含自己的全局快，同时也可以包含多个location模块
                #比如本虚拟机监听的端口、本虚拟机的名称和IP配置，多个server 可以使用一个端口比如都使用 #80端口提供web服务
        listen 80; #配置server监听的端口
        server_name localhost; #本server的名称，当访问此名称的时候nginx会调用当前serevr内部的配置进程匹配。
        location / { #location其实是server的一个指令，为nginx服务器提供比较多而且灵活的指令
                #都是在location中体现的，主要是基于nginx接受到的请求字符串
                #对用户请求的UIL进行匹配，并对特定的指令进行处理
                #包括地址重定向、数据缓存和应答控制等功能都是在这部分实现
                #另外很多第三方模块的配置也是在location模块中配置。
        root html; #相当于默认页面的目录名称，默认是安装目录的相对路径，可以使用绝对路径配置。
        index index.html index.htm; #默认的页面文件名称
            }
        error_page 500 502 503 504 /50x.html; #错误页面的文件名称
        location = /50x.html { #location处理对应的不同错误码的页面定义到/50x.html
                #这个跟对应其server中定义的目录下。
        root html; #定义默认页面所在的目录
        }
    }

#和邮件相关的配置
#mail {
#         ...
#         }     mail 协议相关配置段
#tcp代理配置，1.9版本以上支持
#stream {
#         ...
#         }     stream 服务器相关配置段
#导入其他路径的配置文件
#include /apps/nginx/conf.d/*.conf
}

如：修改用户 进程数

root@Nginx \~# vim /usr/local/nginx/conf/nginx.conf

user nginx;

root@Nginx \~# nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

root@Nginx \~# nginx -s reload

root@Nginx \~# ps aux | grep nginx

root 5506 0.0 0.2 14564 3912 ? Ss 14:40 0:00 nginx: master process /usr/local/nginx/sbin/nginx

nginx 5511 0.0 0.2 14996 4032 ? S 14:41 0:00 nginx: worker process

root@Nginx \~# vim /usr/local/nginx/conf/nginx.conf

worker_processes 2;

root@Nginx \~# nginx -s reload

root@Ngix \~# ps -aux | grep nginx

root 3971 0.0 0.0 10064 936 ? Ss 15:20 0:00 nginx: master process /usr/local/nginx/sbin/nginx

nginx 3972 0.1 0.5 17544 9676 ? S 15:20 0:00 nginx: worker process

nginx 3973 0.0 0.5 17404 9652 ? S 15:20 0:00 nginx: worker process

nginx 3974 0.0 0.5 17396 9644 ? S 15:20 0:00 nginx: worker process

nginx 3975 0.0 0.5 17396 9644 ? S 15:20 0:00 nginx: worker process

root 4024 0.0 0.5 14632 9380 pts/0 S+ 15:20 0:00 vim /usr/local/nginx/conf/nginx.conf

root 6396 0.0 0.1 6636 2212 pts/1 S+ 15:26 0:00 grep --color=auto nginx

#在vmware中更改硬件cpu核心个数，然后重启

root@Nginx \~# vim /usr/local/nginx/conf/nginx.conf

worker_processes auto;

worker_cpu_affinity 0001 0010 0100 1000;

#测试

root@Nginx \~# ab -n 100000 -c10000 http://172.25.254.100/index.html

This is ApacheBench, Version 2.3 <Revision: 1913912 >

Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/

Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 172.25.254.100 (be patient)

Completed 10000 requests

Completed 20000 requests

Completed 30000 requests

Completed 40000 requests

Completed 50000 requests

root@Nginx \~# ps axo pid,cmd,psr | grep nginx

887 nginx: master process /usr/ 3

1635 nginx: worker process 0

1636 nginx: worker process 1

1637 nginx: worker process 2

1638 nginx: worker process 3

root@Nginx \~# vim /usr/local/nginx/conf/nginx.conf

events {

worker_connections 10000;

use epoll;

accept_mutex on;

multi_accept on;

}

root@Nginx \~# nginx -s reload

#测试并发

root@Nginx \~# dnf install httpd-tools -y

root@Nginx \~# ab -n 100000 -c5000 http://172.25.254.100/index.html

This is ApacheBench, Version 2.3 <Revision: 1913912 >

Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/

Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 172.25.254.100 (be patient)

socket: Too many open files (24) #并发数量过多导致访问失败

#处理本地文件系统的并发文件数量

root@Nginx \~# vim /etc/security/limits.conf

* - nofile 100000

* - noproc 100000

root - nofile 100000

root@Nginx \~# sudo -u nginx ulimit -n

100000

root@Nginx \~# ulimit -n 10000

100000

#测试

root@Nginx \~# ab -n 100000 -c10000 http://172.25.254.100/index.html

This is ApacheBench, Version 2.3 <Revision: 1913912 >

Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/

Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 172.25.254.100 (be patient)

Completed 10000 requests

Completed 20000 requests

Completed 30000 requests

Completed 40000 requests

Completed 50000 requests

Nginx下构建PC站点

location中的root

root@Nginx conf# cd /usr/local/nginx/conf/

root@Nginx conf# mkdir conf.d

root@Nginx conf# vim nginx.conf

82 include "/usr/local/nginx/conf/conf.d/*.conf";

root@Nginx conf# nginx -s reload

root@Nginx conf# cd conf.d/

root@Nginx \~# mkdir -p /web/nginx/hjw.org/lee/html

root@Nginx \~# echo lee.hjw.org > /web/nginx/hjw.org/lee/html/index.html

root@Nginx conf.d# vim vhosts.conf

server {

listen 80;

server_name lee.hjw.org;

location / {

root /web/nginx/hjw.org/lee/html;

}

}

root@Nginx conf.d]# systemctl restart nginx.service

#测试

root@Nginx conf.d# vim /etc/hosts

172.25.254.100 Nginx www.hjw.org lee.hjw.org

root@Nginx conf.d# curl www.hjw.org

hjw

root@Nginx conf.d# curl lee.hjw.org

lee.hjw.org

#local示例需要访问lee.hjw.org/lee/目录

root@Nginx conf.d# vim vhosts.conf

server {

listen 80;

server_name lee.hjw.org;

location / {

root /web/nginx/hjw.org/lee/html;

}

location /lee { #lee标识location中的root值+location 后面指定的值代表目录的路径

root /web/nginx/hjw.org/lee/html;

}

}

root@Nginx conf.d# systemctl restart nginx.service

root@Nginx conf.d# mkdir -p /web/nginx/hjw.org/lee/html/lee

root@Nginx conf.d# echo lee > /web/nginx/hjw.org/lee/html/lee/index.html

root@Nginx conf.d# curl lee.hjw.org/lee/

lee

location中的alias

root@Nginx conf.d# vim vhosts.conf

server {

listen 80;

server_name lee.hjw2.org;

location /passwd { #标识文件

alias /etc/passwd;

}

location /passwd/ { #表示目录

alias /mnt/;

}

}

root@Nginx conf.d# nginx -s reload

root@Nginx conf.d# echo passwd > /mnt/index.html

#测试

root@Nginx conf.d# curl lee.hjw2.org/passwd/

passwd

root@Nginx conf.d# curl lee.hjw2.org/passwd

root:x:0:0:root:/root:/bin/bash

bin:x:1:1:bin:/bin:/sbin/nologin

daemon:x:2:2:daemon:/sbin:/sbin/nologin

KeepAlived长链接优化

设定长链接时间

root@Nginx \~# vim /usr/local/nginx/conf/nginx.conf

keepalive_timeout 5;

root@Nginx \~# nginx -s reload

#测试

root@Nginx \~# dnf install telnet -y

root@Nginx \~# telnet www.hjw.org 80

Trying 172.25.254.100...

Connected to www.hjw.org.

Escape character is '^]'.

GET / HTTP/1.1 <<<<

Host: www.hjw.org <<<<

<<<

HTTP/1.1 200 OK

Server: nginx/1.28.1

Date: Sat, 31 Jan 2026 08:27:02 GMT

Content-Type: text/html

Content-Length: 10

Last-Modified: Thu, 29 Jan 2026 09:02:15 GMT

Connection: keep-alive

ETag: "697b2217-a"

Accept-Ranges: bytes

hjw 显示的页面出现后根据设定的长链接时间会等待，超过时间后会自动退出

Connection closed by foreign host.

设定长链接次数

root@Nginx \~# vim /usr/local/nginx/conf/nginx.conf

#keepalive_timeout 0;

keepalive_timeout 120;

keepalive_requests 2;

root@Nginx \~# nginx -s reload

#测试

root@Ngix \~# telnet www.hjw.org 80

Trying 172.25.254.100...

Connected to www.hjw.org.

Escape character is '^]'.

GET / HTTP/1.1

Host: www.hjw.org

HTTP/1.1 200 OK

Server: nginx/1.28.1

Date: Sat, 31 Jan 2026 08:49:26 GMT

Content-Type: text/html

Content-Length: 4

Last-Modified: Sat, 31 Jan 2026 06:51:39 GMT

Connection: keep-alive

ETag: "697da67b-4"

Accept-Ranges: bytes

hjw

GET / HTTP/1.1

Host: www.hjw.org

HTTP/1.1 200 OK

Server: nginx/1.28.1

Date: Sat, 31 Jan 2026 08:49:37 GMT

Content-Type: text/html

Content-Length: 4

Last-Modified: Sat, 31 Jan 2026 06:51:39 GMT

Connection: close

ETag: "697da67b-4"

Accept-Ranges: bytes

hjw

Connection closed by foreign host.

location参数详解

root@Ngix conf.d# cat vhosts.conf

server {

listen 80;

server_name lee.hjw.org;

location /null {

return 200 "/null-1";普通前缀匹配

}

location = /null {

return 200 "/null-2"; 精确匹配 /null - 完全匹配

}

location ~ /null {

return 200 "/null-3"; 区分大小写的正则匹配

}

location ~* /hjw {

return 200 "/hjw-4"; 不区分大小写的正则匹配

}

location ~* \.(img|php|jsp)$ {

return 200 "app"; #匹配以.img .php .jsp结尾的

}

}

root@Ngix conf.d# curl lee.hjw.org/test.jsp

approot@Ngix conf.d# curl lee.hjw.org/test.img

approot@Ngix conf.d# curl lee.hjw.org/hjw.img

/hjw-4root@Ngix conf.d# curl lee.hjw.org/null

/null-2root@Ngix conf.d# curl lee.hjw.org/null.img

/null-3root@Ngix conf.d# curl lee.hjw.org/null.php

/null-3root@Ngix conf.d# curl lee.hjw.org/testphp

<html>

<head><title>404 Not Found</title></head>

<body>

<center><h1>404 Not Found</h1></center>

<hr><center>nginx/1.28.1</center>

</body>

</html>

root@Ngix conf.d# curl lee.hjw.org/test.php

approot@Ngix conf.d# curl lee.hjw.org/Hjw

/hjw-4

• 1. location = /uri # 精确匹配（最高优先级）
• 2. location ^~ /uri # 前缀匹配（停止正则检查）
• 3. location ~ 正则 # 区分大小写的正则匹配
• 4. location ~* 正则 # 不区分大小写的正则匹配
• 5. location /uri # 普通前缀匹配
• 6. location / # 通用匹配（最低优先级）

服务访问的用户认证

root@Nginx \~# htpasswd -cmb /usr/local/nginx/conf/.htpasswd admin lee

Adding password for user admin

root@Ngix \~# mkdir /usr/local/nginx/html/admin -p

root@Ngix \~# echo admin > /usr/local/nginx/html/admin/index.html

root@Nginx \~# vim /usr/local/nginx/conf/conf.d/vhosts.conf

server {

listen 80;

server_name lee.hjw.org;

location /admin {

root /usr/local/nginx/html;

auth_basic "login passwd";

auth_basic_user_file "/usr/local/nginx/conf/.htpasswd";

}

}

root@Nginx \~# systemctl restart nginx.service

#测试：

root@Ngix conf.d# curl lee.hjw.org/admin

<html>

<head><title>401 Authorization Required</title></head>

<body>

<center><h1>401 Authorization Required</h1></center>

<hr><center>nginx/1.28.1</center>

</body>

</html>

root@Ngix conf.d# curl -uadmin:hjw lee.hjw.org/admin/

admin

root@Ngix conf.d#

自定义错误页面

root@Nginx \~# mkdir /usr/local/nginx/errorpage

root@Nginx \~# echo "太不巧了，hjw放假了！！" > /usr/local/nginx/errorpage/errormessage

root@Nginx \~# cat /usr/local/nginx/errorpage/errorhjw

太不巧了，hjw放假了！！

root@Nginx \~# vim /usr/local/nginx/conf/conf.d/vhosts.conf

server {

listen 80;

server_name lee.timinglee.org;

error_page 404 401 405 503 502 /error;

location /lee {

root /usr/local/nginx/html;

}

location /error {

alias /usr/local/nginx/errorpage/errorhjw;

}

}

root@Ngix conf.d# curl lee.hjw.org/admin/

太不巧了，hjw放假了！！

自定义错误日志

root@Nginx \~# mkdir -p /usr/local/nginx/logs/hjw.org/

root@Nginx \~# vim /usr/local/nginx/conf/conf.d/vhosts.conf

server {

listen 80;

server_name lee.timinglee.org;

error_page 404 405 503 502 /error;

error_log logs/hjw.org/lee.error error;

location /lee {

root /usr/local/nginx/html;

}

location /error {

alias /usr/local/nginx/errorpage/errormessage;

}

}

root@Nginx \~# systemctl restart nginx.service

#测试

root@Nginx \~# cd /usr/local/nginx/logs/hjw.org/

root@Nginx timinglee.org# ls

lee.error

root@Nginx timinglee.org# cat lee.error

root@Ngix hjw.org# curl lee.hjw.org/lee

太不巧了，hjw放假了！！

root@Ngix hjw.org# cat lee.error

2026/02/22 11:30:33 error 74965#0: *2 open() "/usr/local/nginx/html/lee" failed (2: No such file or directory), client: 172.25.254.100, server: lee.hjw.org, request: "GET /lee HTTP/1.1", host: "lee.hjw.org"

Nginx中建立下载服务器

root@Nginx \~# mkdir -p /usr/local/nginx/download

root@Nginx \~# cp /etc/passwd /usr/local/nginx/download/

root@Nginx \~# dd if=/dev/zero of=/usr/local/nginx/download/bigfile bs=1M count=100

记录了100+0 的读入

记录了100+0 的写出

104857600字节（105 MB，100 MiB）已复制，0.152409 s，688 MB/s

root@Nginx \~# vim /usr/local/nginx/conf/conf.d/vhosts.conf

server {

listen 80;

server_name lee.hjw.org;

error_page 404 405 503 502 /error;

error_log logs/hjw.org/lee.error error;

location /lee {

root /usr/local/nginx/html;

}

location /error {

alias /usr/local/nginx/errorpage/errorhjw;

}

location /download {

root /usr/local/nginx;

}

}

root@Nginx \~# nginx -s reload

启用列表功能

root@Nginx \~# vim /usr/local/nginx/conf/conf.d/vhosts.conf

server {

listen 80;

server_name lee.hjw.org;

error_page 404 405 503 502 /error;

error_log logs/timinglee.org/lee.error error;

location /lee {

root /usr/local/nginx/html;

}

location /error {

alias /usr/local/nginx/errorpage/errorhjw;

}

location /download {

root /usr/local/nginx;

autoindex on;

}

}

root@Nginx \~# nginx -s reload

下载控速

root@Nginx \~# wget http://lee.hjw.org/download/bigfile

--2026-02-01 11:37:52-- http://lee.hjw.org/download/bigfile

正在解析主机 lee.hjw.org (lee.timinglee.org)... 172.25.254.100

正在连接 lee.hjw.org (lee.hjw.org)|172.25.254.100|:80... 已连接。

已发出 HTTP 请求，正在等待回应... 200 OK

长度：104857600 (100M) application/octet-stream

正在保存至: "bigfile"

bigfile 100%=================================\> 100.00M 232MB/s 用时 0.4s

2026-02-01 11:37:52 (232 MB/s) - 已保存 "bigfile" 104857600/104857600)

root@Nginx \~# rm -fr bigfile

root@Nginx \~# vim /usr/local/nginx/conf/conf.d/vhosts.conf

server {

listen 80;

server_name lee.hjw.org;

error_page 404 405 503 502 /error;

error_log logs/hjw.org/lee.error error;

location /lee {

root /usr/local/nginx/html;

}

location /error {

alias /usr/local/nginx/errorpage/errorhjw;

}

location /download {

root /usr/local/nginx;

autoindex on;

limit_rate 1024k;

}

}

root@Nginx \~# nginx -s reload

root@Nginx \~# wget http://lee.hjw.org/download/bigfile

--2026-02-01 11:39:09-- http://lee.hjw.org/download/bigfile

正在解析主机 lee.hjw.org (lee.hjw.org)... 172.25.254.100

正在连接 lee.hjw.org (lee.hjw.org)|172.25.254.100|:80... 已连接。

已发出 HTTP 请求，正在等待回应... 200 OK

长度：104857600 (100M) application/octet-stream

正在保存至: "bigfile"

bigfile 12%===\> 12.00M 1.00MB/s 剩余 88s

显示文件大小优化

root@Nginx \~# vim /usr/local/nginx/conf/conf.d/vhosts.conf

server {

listen 80;

server_name lee.hjw.org;

error_page 404 405 503 502 /error;

error_log logs/hjw.org/lee.error error;

location /lee {

root /usr/local/nginx/html;

}

location /error {

alias /usr/local/nginx/errorpage/errorhjw;

}

location /download {

root /usr/local/nginx;

autoindex on;

limit_rate 1024k;

autoindex_exact_size off;

}

}

root@Nginx \~# nginx -s reload

效果

root@Nginx ~]# curl lee.hjw.org/download

<html>

<head><title>301 Moved Permanently</title></head>

<body>

<center><h1>301 Moved Permanently</h1></center>

<hr><center>nginx/1.28.1</center>

</body>

</html>

root@Nginx \~# curl lee.hjw.org/download/

<html>

<head><title>Index of /download/</title></head>

<body>

<h1>Index of /download/</h1><hr><pre><a href="../">../</a>

<a href="bigfile">bigfile</a> 01-Feb-2026 03:28 100M

<a href="passwd">passwd</a> 01-Feb-2026 03:27 1294

</pre><hr></body>

</html>

设定页面风格

root@Nginx \~# vim /usr/local/nginx/conf/conf.d/vhosts.conf

server {

listen 80;

server_name lee.hjw.org;

error_page 404 405 503 502 /error;

error_log logs/hjw.org/lee.error error;

location /lee {

root /usr/local/nginx/html;

}

location /error {

alias /usr/local/nginx/errorpage/errorhjw;

}

location /download {

root /usr/local/nginx;

autoindex on;

limit_rate 1024k;

autoindex_exact_size off;

autoindex_localtime on;

autoindex_format html | xml | json | jsonp;

}

}

root@Nginx \~# nginx -s reload

json风格

Nginx的文件检测

root@Nginx \~# echo default > /usr/local/nginx/errorpage/default.html

root@Nginx \~# cat /usr/local/nginx/errorpage/default.html

default

root@Nginx \~# vim /usr/local/nginx/conf/conf.d/vhosts.conf

server {

listen 80;

server_name lee.hjw.org;

error_page 404 405 503 502 /error;

error_log logs/hjw.org/lee.error error;

root /usr/local/nginx/errorpage;

try_files uri uri.html $uri/index.html /default.html; #添加

location /lee {

root /usr/local/nginx/html;

}

#测试：

root@Ngix \~# curl -v lee.hjw.org/wwww

* Trying 172.25.254.100:80...

* Connected to lee.hjw.org (172.25.254.100) port 80 (#0)

> GET /wwww HTTP/1.1

> Host: lee.hjw.org

> User-Agent: curl/7.76.1

> Accept: */*

>

* Mark bundle as not supporting multiuse

< HTTP/1.1 200 OK

< Server: nginx/1.28.1

< Date: Sun, 01 Feb 2026 06:33:56 GMT

< Content-Type: text/html

< Content-Length: 8

< Last-Modified: Sun, 01 Feb 2026 06:31:54 GMT

< Connection: keep-alive

< ETag: "697ef35a-8"

< Accept-Ranges: bytes

<

default

* Connection #0 to host lee.hjw.org left intact

Nginx的状态页

root@Nginx \~# vim /usr/local/nginx/conf/conf.d/vhosts.conf

server {

listen 80;

server_name lee.hjw.org;

location /nginx_status{

stub_status;

auth_basic "auth login";

auth_basic_user_file /usr/local/nginx/conf/.htpasswd;

allow 172.25.254.0/24;

deny all;

}

}

root@Nginx \~# nginx -s reload

Nginx的压缩功能

root@Nginx \~#mkdir /usr/local/nginx/hjw.org/html -p

root@Nginx \~# echo hello hjw > /usr/local/nginx/hjw.org/html/index.html

root@Nginx html# cp /usr/local/nginx/logs/access.log /usr/local/nginx/hjw.org/html/bigfile.txt

root@Nginx \~# vim /usr/local/nginx/conf/nginx.conf

gzip on;

gzip_comp_level 4;

gzip_disable "MSIE 1-6\.";

gzip_min_length 1024k;

gzip_types text/plain application/javascript application/x-javascript text/css

application/xml text/javascript application/x-httpd-php image/gif image/png;

gzip_vary on;

gzip_static on;

gzip_buffers 32 1024k;

root@Nginx \~# vim /usr/local/nginx/conf/conf.d/vhosts.conf

server {

listen 80;

server_name lee.hjw.org;

root /usr/local/nginx/hjw.org/html;

location /nginx_status {

stub_status;

auth_basic "auth login";

auth_basic_user_file /usr/local/nginx/conf/.htpasswd;

allow 172.25.254.0/24;

deny all;

}

}

root@Nginx \~# nginx -s reload

#测试

root@Ngix \~# curl --head --compressed lee.hjw.org/bigfile.txt

HTTP/1.1 200 OK

Server: nginx/1.28.1

Date: Sun, 01 Feb 2026 07:46:14 GMT

Content-Type: text/plain

Last-Modified: Sun, 01 Feb 2026 07:36:55 GMT

Connection: keep-alive

Vary: Accept-Encoding

ETag: W/"697f0297-9d4f97"

Content-Encoding: gzip

root@Ngix \~# curl --head --compressed lee.hjw.org/index.html

HTTP/1.1 200 OK

Server: nginx/1.28.1

Date: Sun, 01 Feb 2026 07:46:30 GMT

Content-Type: text/html

Content-Length: 10

Last-Modified: Sun, 01 Feb 2026 07:45:28 GMT

Connection: keep-alive

ETag: "697f0498-a"

Accept-Ranges: bytes

Nginx 变量

• nginx的变量可以在配置文件中引用，作为功能判断或者日志等场景使用
• 变量可以分为内置变量和自定义变量
• 内置变量是由nginx模块自带，通过变量可以获取到众多的与客户端访问相关的值。

常用内置变量

$remote_addr;
#存放了客户端的地址，注意是客户端的公网IP

$args;
#变量中存放了URL中的所有参数
#例如:https://search.jd.com/Search?keyword=手机\&enc=utf-8
#返回结果为: keyword=手机&enc=utf-8

$is_args
#如果有参数为? 否则为空

$document_root;
#保存了针对当前资源的请求的系统根目录,例如:/webdata/nginx/timinglee.org/lee。

$document_uri;
#保存了当前请求中不包含参数的URI，注意是不包含请求的指令
#比如:http://lee.timinglee.org/var?\\id=11111会被定义为/var
#返回结果为:/var

$host;
#存放了请求的host名称

limit_rate 10240;
echo $limit_rate;
#如果nginx服务器使用limit_rate配置了显示网络速率，则会显示，如果没有设置， 则显示0

$remote_port;
#客户端请求Nginx服务器时随机打开的端口，这是每个客户端自己的端口

$remote_user;
#已经经过Auth Basic Module验证的用户名

$request_body_file;
#做反向代理时发给后端服务器的本地资源的名称

$request_method;
#请求资源的方式，GET/PUT/DELETE等

$request_filename;
#当前请求的资源文件的磁盘路径，由root或alias指令与URI请求生成的文件绝对路径，
#如:webdata/nginx/timinglee.org/lee/var/index.html

request_uri; #包含请求参数的原始URI，不包含主机名，相当于:document_uri?$args,
#例如：/main/index.do?id=20190221&partner=search

$scheme;
#请求的协议，例如:http，https,ftp等

$server_protocol;
#保存了客户端请求资源使用的协议的版本，例如:HTTP/1.0，HTTP/1.1，HTTP/2.0等

$server_addr;
#保存了服务器的IP地址

$server_name;
#虚拟主机的主机名

$server_port;
#虚拟主机的端口号

$http_user_agent;
#客户端浏览器的详细信息

$http_cookie;
#客户端的所有cookie信息

$cookie_<name>
#name为任意请求报文首部字部cookie的key名

http_\ #name为任意请求报文首部字段,表示记录请求报文的首部字段，name的对应的首部字段名需要为小写，如果有横线需要替换为下划线 #示例: echo http_user_agent;
echo $http_host;

$sent_http_<name>
#name为响应报文的首部字段，name的对应的首部字段名需要为小写，如果有横线需要替换为下划线,此变量有问题

echo sent_http_server; arg_<name>
#此变量存放了URL中的指定参数，name为请求url中指定的参数

echo $arg_id;

想要看到变量效果我们要添加模块

升级Nginx支持echo

root@Nginx \~# systemctl stop nginx.service

root@Nginx \~# ps aux | grep nginx

root 5193 0.0 0.1 6636 2176 pts/1 S+ 16:08 0:00 grep --color=auto nginx

root@Nginx \~# tar zxf echo-nginx-module-0.64.tar.gz

root@Nginx \~# cd nginx-1.28.1/

root@Nginx nginx-1.28.1# make clean

root@Nginx nginx-1.28.1# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module --add-module=/root/echo-nginx-module-0.64

root@Nginx nginx-1.28.1# make

root@Nginx nginx-1.28.1# rm -rf /usr/local/nginx/sbin/nginx

root@Nginx nginx-1.28.1# cp objs/nginx /usr/local/nginx/sbin/ -p

#测试

root@Nginx nginx-1.28.1# vim /usr/local/nginx/conf/conf.d/vhosts.conf

server {

listen 80;

server_name lee.timinglee.org;

root /usr/local/nginx/timinglee.org/lee/html;

location /vars {

default_type text/html;

echo $remote_addr;

}

}

root@Nginx nginx-1.28.1# nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

root@Nginx nginx-1.28.1# systemctl start nginx.service

查看变量

root@Nginx nginx-1.28.1# vim /usr/local/nginx/conf/conf.d/vhosts.conf

listen 80;

server_name lee.hjw.org;

root /usr/local/nginx/hjw.org/lee/html;

location /vars {

default_type text/html;

echo $remote_addr;

echo $args;

echo $is_args;

echo $document_root;

echo $document_uri;

echo $host;

echo $remote_port;

echo $remote_user;

echo $request_method;

echo $request_filename;

echo $request_uri;

echo $scheme;

echo $server_protocol;

echo $server_addr;

echo $server_name;

echo $server_port;

echo $http_user_agent;

echo $cookie_key2;

echo $http_user_agent;

}

}

root@Nginx nginx-1.28.1# nginx -s reload

root@Nginx nginx-1.28.1# root@Ngix \~# curl -b "key1=hello,key2=hjw" -A "haha" -ulee:lee "http://lee.hjw.org/vars?key=lee\&id=11"

172.25.254.100

key=lee&id=11

?

/usr/local/nginx/hjw.org/html

/vars

lee.hjw.org

51542

lee

GET

/usr/local/nginx/hjw.org/html/vars

/vars?key=lee&id=11

http

HTTP/1.1

172.25.254.100

lee.hjw.org

80

haha

hjw

haha

root@Ngix \~#

自定义变量

假如需要自定义变量名称和值，使用指令set variable value; 语法格式： Syntax: set variable value;
Default: ---
Context: server, location, if

root@Nginx \~# vim /usr/local/nginx/conf/conf.d/vhosts.conf

server {

listen 80;

server_name lee.timinglee.org;

root /usr/local/nginx/timinglee.org/lee/html;

location /vars {

default_type text/html;

echo $remote_user;

echo $request_method;

echo $request_filename;

echo $request_uri;

echo $scheme;

set $test lee; #手动设定变量值

echo $test;

set web_port server_port; #变量个传递

echo $web_port;

}

}

root@Ngix \~# curl lee.hjw.org/vars/172.25.254.100

GET

/usr/local/nginx/hjw.org/html/vars/172.25.254.100

/vars/172.25.254.100

http

lee

80

网页从写

网页重写中的指令

#if
用于条件匹配判断，并根据条件判断结果选择不同的Nginx配置，可以配置在server或location块中进行
配置，Nginx的if语法仅能使用if做单次判断，不支持使用if else或者if elif这样的多重判断，用法如下：

root@Nginx \~# vim /usr/local/nginx/conf/conf.d/vhosts.conf

server {

listen 80;

server_name lee.hjw.org;

root /usr/local/nginx/hjw.org/html;

location /vars {

echo $remote_user;

echo $request_method;

echo $request_filename;

echo $request_uri;

echo $scheme;

}

location / {

if ( $http_user_agent ~* Chrome ) {

return 200 "test if messages";

}

}

}

root@Nginx \~# nginx -s reload

root@Nginx \~# curl lee.hjw.org

hjw

root@Ngix \~# curl -A "Chrome" lee.hjw.org

test if messagev

#set
指定key并给其定义一个变量，变量可以调用Nginx内置变量赋值给key
另外set定义格式为set $key value，value可以是text, variables和两者的组合。

root@Nginx \~# vim /usr/local/nginx/conf/conf.d/vhosts.conf

server {

listen 80;

server_name lee.hjw.org;

root /usr/local/nginx/hjw.org/html;

location /vars {

echo $remote_user;

echo $request_method;

echo $request_filename;

echo $request_uri;

echo $scheme;

}

location / {

set $testname hjw;

echo $testname;

}

}

root@Nginx \~# nginx -s reload

root@Nginx \~# curl lee.hjw.org

hjw

#return
return用于完成对请求的处理，并直接向客户端返回响应状态码，比如:可以指定重定向URL(对于特殊重
定向状态码，301/302等) 或者是指定提示文本内容(对于特殊状态码403/500等)，处于此指令后的所有配
置都将不被执行，return可以在server、if 和 location块进行配置

root@Nginx \~# vim /usr/local/nginx/conf/conf.d/vhosts.conf

server {

listen 80;

server_name lee.hjw.org;

root /usr/local/nginx/hjw.org/html;

location /vars {

echo $remote_user;

echo $request_method;

echo $request_filename;

echo $request_uri;

echo $scheme;

}

location / {

return 200 "hello world";

}

}

root@Nginx \~# nginx -s reload

root@Nginx \~# curl lee.hjw.org

hello world

#break
用于中断当前相同作用域(location)中的其他Nginx配置
与该指令处于同一作用域的Nginx配置中，位于它前面的配置生效
位于后面的 ngx_http_rewrite_module 模块中指令就不再执行
Nginx服务器在根据配置处理请求的过程中遇到该指令的时候，回到上一层作用域继续向下读取配置，、
该指令可以在server块和locationif块中使用
注意: 如果break指令在location块中后续指令还会继续执行,只是不执行 ngx_http_rewrite_module
模块的指令,其它指令还会执行

root@Nginx \~# vim /usr/local/nginx/conf/conf.d/vhosts.conf

server {

listen 80;

server_name lee.hjw.org;

root /usr/local/nginx/hjw.org/html;

location /vars {

echo $remote_user;

echo $request_method;

echo $request_filename;

echo $request_uri;

echo $scheme;

}

location / {

set $hjw1 hjw1;

set $hjw2 hjw2;

set $hjw3 hjw3;

if ($http_user_agent ~* Chrome ){

break;

set $test1 test1;

echo hjw1 hjw2 hjw3 test1;

}

}

}

root@Nginx \~# nginx -s reload

#测试

root@Ngix \~# curl -A "Chrome" lee.hjw.org

hjw1 hjw2 hjw3

rewrite flag****使用介绍
利用nginx的rewrite的指令，可以实现url的重新跳转，rewrite有四种不同的flag，分别是redirect(临时重定向302)、permanent(永久重定向301)、break和last。其中前两种是跳转型的flag，后两种是代理型

• 跳转型指由客户端浏览器重新对新地址进行请求
• 代理型是在WEB服务器内部实现跳转

flag****说明
redirect;
#临时重定向，重写完成后以临时重定向方式直接返回重写后生成的新URL给客户端
#由客户端重新发起请求;使用相对路径,或者http://或https://开头，状态码：302
permanent;
#重写完成后以永久重定向方式直接返回重写后生成的新URL给客户端
#由客户端重新发起请求，状态码：301
break;
#重写完成后,停止对当前URL在当前location中后续的其它重写操作
#而后直接跳转至重写规则配置块之后的其它配置，结束循环，建议在location中使用
#适用于一个URL一次重写
last;
#重写完成后,停止对当前URI在当前location中后续的其它重写操作，
#而后对新的URL启动新一轮重写检查，不建议在location中使用
#适用于一个URL多次重写，要注意避免出现超过十次以及URL重写后返回错误的给用户

#redirect;
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf

server {
    listen 80;
    server_name lee.hjw.org;
    root /web/hjw.org/lee/html;
    location /vars {
        echo $remote_user;
        echo $request_method;
        echo $request_filename;
        echo $request_uri;
        echo $scheme;
    }

    location / {
        rewrite / http://www.baidu.com redirect;
    }
}
[root@Nginx ~]# nginx -s reload

[root@Nginx ~]# curl -I lee.hjw.org
HTTP/1.1 302 Moved Temporarily            #定向方式返回值
Server: nginx/1.28.1
Date: Tue, 03 Feb 2026 02:43:47 GMT
Content-Type: text/html
Content-Length: 145
Connection: keep-alive
Keep-Alive: timeout=100
Location: http://www.baidu.com            #定向效果

#permanent
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
​
server {
    listen 80;
    server_name lee.hjw.org;
    root /web/hjw.org/lee/html;
    location /vars {
        echo $remote_user;
        echo $request_method;
        echo $request_filename;
        echo $request_uri;
        echo $scheme;
    }
​
    location / {
        rewrite / http://www.baidu.com permanent;
    }
}
[root@Nginx ~]# nginx -s reload
​
​
[root@Nginx ~]# curl  -I lee.hjw.org
HTTP/1.1 301 Moved Permanently
Server: nginx/1.28.1
Date: Tue, 03 Feb 2026 02:45:38 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Keep-Alive: timeout=100
Location: http://www.baidu.com
​

#break 和 last
[root@Ngix ~]# mkdir /web/nginx/hjw.org/lee/html/{break,last,test1,test}
[root@Ngix ~]# ls /web/nginx/hjw.org/lee/html/
break  index.html  last  lee  test  test1
[root@Ngix ~]# cat /web/nginx/hjw.org/lee/html/index.html
lee.hjw.org
[root@Ngix ~]# echo break > /web/nginx/hjw.org/lee/html/break/index.html
[root@Ngix ~]# echo last > /web/nginx/hjw.org/lee/html/last/index.html
[root@Ngix ~]# echo test1 > /web/nginx/hjw.org/lee/html/test1/index.html
[root@Ngix ~]# echo test > /web/nginx/hjw.org/lee/html/test/index.html
​
​
#break
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
    listen 80;
    server_name lee.hjw.org;
    root  /web/nginx/hjw.org/lee/html/;
    location /break {
        rewrite /break/(.*) /test/$1 braek;
        rewrite /test  /test1;
        rewrite /test1  /last;
    }
    location /test {
        return 200 "test end page";
    }
    location /test1 {
        return 200 "TEST1 END PAGE";
    }
}
​
root@Nginx ~]# nginx -s reload
[root@Ngix ~]# curl  -L  lee.hjw.org/break/index.html
test
​
​
​
#last
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
    listen 80;
    server_name lee.hjw.org;
    root  /web/nginx/hjw.org/lee/html/;
    location /break {
        rewrite /break/(.*) /test/$1 last;
        rewrite /test  /test1;
        rewrite /test1  /last;
    }
    location /test {
        return 200 "test end page";
    }
    location /test1 {
        return 200 "TEST1 END PAGE";
    }
}
​
root@Nginx ~]# nginx -s reload
[root@Ngix ~]# curl  -L  lee.hjw.org/break/index.html
test end page

Nginx利用网页重写实现全站加密

制作key

root@Ngix \~# openssl req -newkey rsa:2048 -nodes -sha256 -keyout /usr/local/nginx/certs/hjw.org.key -x509 -days 365 -out /usr/local/nginx/certs//hjw.org.crt

编辑加密配置文件

root@Nginx \~# vim /usr/local/nginx/conf/conf.d/vhosts.conf

server {

listen 80;

listen 443 ssl;

ssl_certificate /usr/local/nginx/certs/hjw.org.crt;

ssl_certificate_key /usr/local/nginx/certs/hjw.org.key;

ssl_session_cache shared:sslcache:20m;

ssl_session_timeout 10m;

server_name lee.hjw.org;

root /web/nginx/hjw.org/lee/html/;

location / {

if ($scheme = http ){

rewrite /(.*) https://$host/$1 redirect;

}

}

}

root@Nginx \~# systemctl restart nginx.service

root@Ngix \~# curl -I http://lee.hjw.org/

HTTP/1.1 302 Moved Temporarily

Server: nginx/1.28.1

Date: Tue, 03 Feb 2026 03:57:59 GMT

Content-Type: text/html

Content-Length: 145

Connection: keep-alive

Location: https://lee.hjw.org/

root@Ngix \~# curl -I http://lee.hjw.org/break

HTTP/1.1 302 Moved Temporarily

Server: nginx/1.28.1

Date: Tue, 03 Feb 2026 03:58:05 GMT

Content-Type: text/html

Content-Length: 145

Connection: keep-alive

Location: https://lee.hjw.org/break

Nginx反向代理

反向代理：reverse proxy，指的是代理外网用户的请求到内部的指定的服务器，并将数据返回给用户的 一种方式，这是用的比较多的一种方式。
Nginx 除了可以在企业提供高性能的web服务之外，另外还可以将 nginx 本身不具备的请求通过某种预定义的协议转发至其它服务器处理，不同的协议就是Nginx服务器与其他服务器进行通信的一种规范，主要在不同的场景使用以下模块实现不同的功能

同构代理：用户不需要其他程序的参与，直接通过http协议或者tcp协议访问后端服务器
异构代理：用户访问的资源时需要经过处理后才能返回的，比如php，Python，等等，这种访问资源需 要经过处理才能被访问

简单的代理方法

root@RS2 \~# mkdir /var/www/html/web

root@RS2 \~# echo 172.25.254.20 web > /var/www/html/web/index.html

root@Nginx \~# vim /usr/local/nginx/conf/conf.d/vhosts.conf

server {

listen 80;

server_name lee.hjw.org;

location / {

proxy_pass http://172.25.254.10:80;

}

location /web {

proxy_pass http://172.25.254.20:80;

}

}

root@Nginx \~# nginx -s reload

#测试

root@Nginx \~# curl 172.25.254.20/web/

172.25.254.20 web

root@Nginx \~# curl 172.25.254.10

172.25.254.10

透传信息

root@RS1 \~# vim /etc/httpd/conf/httpd.conf

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{X-Forwarded-For}i\"" combined

#注意\"%{X-Forwarded-For}i\" 格式

root@RS1 \~# systemctl restart httpd

root@Nginx \~# vim /usr/local/nginx/conf/conf.d/vhosts.conf

server {

listen 80;

server_name lee.hjw.org;

location / {

proxy_pass http://172.25.254.10:80;

proxy_set_header X-Forwarded-For $remote_addr;

}

location /web {

proxy_pass http://172.25.254.20:80;

}

}

root@Nginx \~# nginx -s reload

#测试

C:\Users\hjw>curl -v lee.hjw.org

* Host lee.hjw.org:80 was resolved.

root@RS1 \~# cat /etc/httpd/logs/access_log

172.25.254.100 - - 03/Feb/2026:14:47:37 +0800 "GET / HTTP/1.0" 200 14 "-" "curl/7.65.0" "172.25.254.1"

利用反向代理实现动静分离

创建动态数据

#在10中

root@RS1 \~# dnf install php -y

root@RS1 \~# systemctl restart httpd

root@RS1 \~# vim /var/www/html/index.php

<?php

echo "<h2>172.25.254.10</h2>";

phpinfo();

?>

动静分离的实现

root@Nginx \~# vim /usr/local/nginx/conf/conf.d/vhosts.conf

server {

listen 80;

server_name lee.hjw.org;

location / {

proxy_pass http://172.25.254.20:80;

}

location ~* \.(php|js)$ {

proxy_pass http://172.25.254.10:80;

}

}

root@Nginx \~# nginx -s reload

缓存加速

当未启用缓存时进行压测

root@Yhu \~# ab -n 10000 -c 50 lee.hjw.org/index.php

This is ApacheBench, Version 2.3 <Revision: 1903618 >

Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/

Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking lee.hjw.org (be patient)

Completed 1000 requests

Completed 2000 requests

Completed 3000 requests

Completed 4000 requests

Completed 5000 requests

Completed 6000 requests

Completed 7000 requests

Completed 8000 requests

Completed 9000 requests

Completed 10000 requests

Finished 10000 requests

Server Software: nginx/1.28.1

Server Hostname: lee.hjw.org

Server Port: 80

Document Path: /index.php

Document Length: 72827 bytes

Concurrency Level: 50

Time taken for tests: 6.716 seconds

Complete requests: 10000

Failed requests: 9974

(Connect: 0, Receive: 0, Length: 9974, Exceptions: 0)

Total transferred: 729927797 bytes

HTML transferred: 728297797 bytes

Requests per second: 1488.98 #/sec (mean)

Time per request: 33.580 ms (mean)

Time per request: 0.672 ms (mean, across all concurrent requests)

Transfer rate: 106137.25 Kbytes/sec received

Connection Times (ms)

min mean+/-sd median max

Connect: 0 2 10.3 1 1026

Processing: 7 32 7.7 31 78

Waiting: 4 26 6.2 25 67

Total: 8 33 12.6 33 1058

Percentage of the requests served within a certain time (ms)

50% 33

66% 36

75% 38

80% 39

90% 43

95% 46

98% 51

99% 55

100% 1058 (longest request)

设定缓存加速

root@Nginx \~# vim /usr/local/nginx/conf/nginx.conf

28 #tcp_nopush on;

29

30 #keepalive_timeout 0;

31 keepalive_timeout 65;

32 proxy_cache_path /usr/local/nginx/proxy_cache levels=1:2:2 keys_zone=proxycache:20m inactive=120s max_size=1g;

33 #gzip on;

34

35 server {

#添加32行信息

server {

listen 80;

server_name lee.hjw.org;

location / {

proxy_pass http://172.25.254.20:80;

}

location ~* \.(php|js)$ {

proxy_pass http://172.25.254.10:80;

proxy_cache proxycache;

proxy_cache_key $request_uri;

proxy_cache_valid 200 302 301 10m;

proxy_cache_valid any 1m;

}

}

root@Nginx \~# systemctl restart nginx.service

root@Nginx \~# tree /usr/local/nginx/proxy_cache/

/usr/local/nginx/proxy_cache/

0 directories, 0 files

#测试

root@Yhu \~# ab -n 10000 -c 50 lee.hjw.org/index.php

This is ApacheBench, Version 2.3 <Revision: 1903618 >

Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/

Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking lee.hjw.org (be patient)

Completed 1000 requests

Completed 2000 requests

Completed 3000 requests

Completed 4000 requests

Completed 5000 requests

Completed 6000 requests

Completed 7000 requests

Completed 8000 requests

Completed 9000 requests

Completed 10000 requests

Finished 10000 requests

Server Software: nginx/1.28.1

Server Hostname: lee.hjw.org

Server Port: 80

Document Path: /index.php

Document Length: 72827 bytes

Concurrency Level: 50

Time taken for tests: 3.868 seconds

Complete requests: 10000

Failed requests: 0

Total transferred: 729900000 bytes

HTML transferred: 728270000 bytes

Requests per second: 2585.06 #/sec (mean)

Time per request: 19.342 ms (mean)

Time per request: 0.387 ms (mean, across all concurrent requests)

Transfer rate: 184261.31 Kbytes/sec received

Connection Times (ms)

min mean+/-sd median max

Connect: 0 4 2.2 3 12

Processing: 2 15 4.9 16 34

Waiting: 0 6 2.9 5 19

Total: 3 19 4.7 20 34

Percentage of the requests served within a certain time (ms)

50% 20

66% 21

75% 22

80% 23

90% 25

95% 27

98% 29

99% 30

100% 34 (longest request)

root@Nginx \~# tree /usr/local/nginx/proxy_cache/

/usr/local/nginx/proxy_cache/

└── 1

└── af

└── 15

└── e251273eb74a8ee3f661a7af00915af1

3 directories, 1 file

反向代理负载均衡

Nginx在1.9.0版本开始支持tcp模式的负载均衡，在1.9.13版本开始支持udp协议的负载，udp主要用于 DNS的域名解析，其配置方式和指令和http 代理类似，其基于ngx_stream_proxy_module模块实现tcp 负载，另外基于模块ngx_stream_upstream_module实现后端服务器分组转发、权重分配、状态监测、 调度算法等高级功能。
如果编译安装,需要指定 --with-stream 选项才能支持ngx_stream_proxy_module模块
官方文档：
https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html

root@Nginx \~# mkdir /usr/local/nginx/conf/upstream/

root@Nginx \~# vim /usr/local/nginx/conf/nginx.conf

events {

worker_connections 10000;

use epoll;

accept_mutex on;

multi_accept on;

}

http {

include mime.types;

default_type application/octet-stream;

include "/usr/local/nginx/conf/upstream/*.conf"; #子配置目录

root@Nginx \~# vim /usr/local/nginx/conf/upstream/loadbalance.conf

upstream webserver {

server 172.25.254.10:80 weight=1 fail_timeout=15s max_fails=3;

server 172.25.254.20:80 weight=1 fail_timeout=15s max_fails=3;

server 172.25.254.100:8888 backup;

}

server {

listen 80;

server_name www.hjw.org;

location ~ / {

proxy_pass http://webserver;

}

}

root@Nginx \~# mkdir /web/hjw.org/error/html -p

root@Nginx \~# echo error > /web/hjw.org/error/html/index.html

root@Nginx \~# vim /usr/local/nginx/conf/conf.d/vhosts.conf

server {

listen 8080;

root /web/hjw.org/error/html;

}

#测试：

root@Yhu \~# for i in {1..10};do curl lee.hjw.org;done

172.25.254.20

172.25.254.10

172.25.254.20

172.25.254.10

172.25.254.20

172.25.254.10

172.25.254.20

172.25.254.10

172.25.254.20

172.25.254.10

root@RS1+2 \~# systemctl stop httpd

root@Yhu \~# for i in {1..10};do curl lee.hjw.org;done

error

error

error

error

error

error

error

error

error

error

实验环境（Mysql）

root@RS1 \~# dnf install mariadb-server -y

root@RS2 \~# dnf install mariadb-server -y

root@RS1 \~# vim /etc/my.cnf.d/mariadb-server.cnf

server-id=10

root@RS2 \~# vim /etc/my.cnf.d/mariadb-server.cnf

server-id=20

root@RS1 \~# systemctl enable --now mariadb

root@RS2 \~# systemctl enable --now mariadb

root@RS1 \~# mysql

Welcome to the MariaDB monitor. Commands end with ; or \g.

Your MariaDB connection id is 3

Server version: 10.5.27-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB (none)> CREATE USER hjw@'%' IDENTIFIED BY 'hjw';

Query OK, 0 rows affected (0.001 sec)

MariaDB (none)> GRANT ALL ON *.* TO lee@'%';

Query OK, 0 rows affected (0.001 sec)

MariaDB (none)>

root@RS2 \~# mysql

Welcome to the MariaDB monitor. Commands end with ; or \g.

Your MariaDB connection id is 3

Server version: 10.5.27-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB (none)> CREATE USER hjw@'%' IDENTIFIED BY 'hjw';

Query OK, 0 rows affected (0.001 sec)

MariaDB (none)> GRANT ALL ON *.* TO lee@'%';

Query OK, 0 rows affected (0.001 sec)

实验环境（dns）

root@RS1 \~# dnf install bind -y

root@RS2 \~# dnf install bind -y

root@RS1 \~# vim /etc/named.conf

root@RS2 \~# vim /etc/named.conf

options {

// listen-on port 53 { 127.0.0.1; };

// listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

secroots-file "/var/named/data/named.secroots";

recursing-file "/var/named/data/named.recursing";

// allow-query { localhost; };

dnssec-validation no;

root@RS1 \~# vim /etc/named.rfc1912.zones

root@RS2 \~# vim /etc/named.rfc1912.zones

zone "hjw.org" IN {

type master;

file "hjw.org.zone";

allow-update { none; };

};

root@RS1 \~# cd /var/named/

root@RS2 \~# cd /var/named/

root@RS1 named# cp -p named.localhost hjw.org.zone

root@RS2 named# cp -p named.localhost hjw.org.zone

root@RS1 named# vim hjw.org.zone

$TTL 1D

@ IN SOA dns.hjw.org. rname.invalid. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

NS dns.hjw.org.

dns A 172.25.254.10

root@RS2 named# vim hjw.org.zone

$TTL 1D

@ IN SOA dns.hjw.org. rname.invalid. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

NS dns.hjw.org.

dns A 172.25.254.20

root@RS2 named# systemctl enable --now named

#测试

root@RS1 named# vim /etc/named.r

named.rfc1912.zones named.root.key

root@RS1 named# vim /etc/named.rfc1912.zones

root@RS1 named# systemctl enable --now named

Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.

root@RS1 named# cd

root@RS1 \~# dig dns.hjw.org @172.25.254.10

; <<>> DiG 9.16.23-RH <<>> dns.hjw.org @172.25.254.10

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5132

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 1232

; COOKIE: e3251090f7f942c801000000698306b4b0bcb2269b14ec2c (good)

;; QUESTION SECTION:

;dns.hjw.org. IN A

;; ANSWER SECTION:

dns.hjw.org. 86400 IN A 172.25.254.10

;; Query time: 1 msec

;; SERVER: 172.25.254.10#53(172.25.254.10)

;; WHEN: Wed Feb 04 16:43:32 CST 2026

;; MSG SIZE rcvd: 84

root@RS1 \~# dig dns.hjw.org @172.25.254.20

; <<>> DiG 9.16.23-RH <<>> dns.hjw.org @172.25.254.20

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32855

;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 1232

; COOKIE: b07eee685da11b0c01000000698306c9d37a266c1549c760 (good)

;; QUESTION SECTION:

;dns.hjw.org. IN A

;; ANSWER SECTION:

dns.hjw.org. 86400 IN A 172.25.254.20

;; Query time: 5 msec

;; SERVER: 172.25.254.20#53(172.25.254.20)

;; WHEN: Wed Feb 04 16:43:53 CST 2026

;; MSG SIZE rcvd: 84

tcp四层负载

root@Nginx conf# mkdir /usr/local/nginx/conf/tcp -p

root@Nginx conf# mkdir /usr/local/nginx/conf/udp -p

root@Nginx conf# vim /usr/local/nginx/conf/nginx.conf

include "/usr/local/nginx/conf/tcp/*.conf";

root@Nginx conf# vim /usr/local/nginx/conf/tcp/mariadb.conf

stream {

upstream mysql_server {

server 172.25.254.10:3306 max_fails=3 fail_timeout=30s;

server 172.25.254.20:3306 max_fails=3 fail_timeout=30s;

}

server {

listen 172.25.254.100:3306;

proxy_pass mysql_server;

proxy_connect_timeout 30s;

proxy_timeout 300s;

}

}

root@Nginx conf# nginx -s reload

#检测

root@Yhu \~# mysql -uhjw -phjw -h172.25.254.100

Welcome to the MariaDB monitor. Commands end with ; or \g.

Your MariaDB connection id is 6

Server version: 10.5.16-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB (none)> SELECT @@server_id;

+-------------+

| @@server_id |

+-------------+

| 20 |

+-------------+

1 row in set (0.002 sec)

MariaDB (none)> Ctrl-C -- exit!

Aborted

root@Yhu \~# mysql -uhjw -phjw -h172.25.254.100

Welcome to the MariaDB monitor. Commands end with ; or \g.

Your MariaDB connection id is 8

Server version: 10.5.16-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB (none)> SELECT @@server_id;

+-------------+

| @@server_id |

+-------------+

| 10 |

+-------------+

1 row in set (0.002 sec)

MariaDB (none)>

udp四层负载

root@Nginx \~# vim /usr/local/nginx/conf/tcp/mariadb.conf

stream {

upstream mysql_server {

server 172.25.254.10:3306 max_fails=3 fail_timeout=30s;

server 172.25.254.20:3306 max_fails=3 fail_timeout=30s;

}

upstream dns_server{

server 172.25.254.10:53 max_fails=3 fail_timeout=30s;

server 172.25.254.20:53 max_fails=3 fail_timeout=30s;

}

server {

listen 172.25.254.100:3306;

proxy_pass mysql_server;

proxy_connect_timeout 30s;

proxy_timeout 300s;

}

server {

listen 172.25.254.100:53 udp;

proxy_pass dns_server;

proxy_timeout 1s;

proxy_responses 1;

error_log logs/dns.log;

}

}

root@Nginx \~# nginx -s reload

#测试

root@Yhu \~# dig dns.hjw.org @172.25.254.100

; <<>> DiG 9.16.23-RH <<>> dns.hjw.org @172.25.254.100

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39940

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 1232

; COOKIE: 3042a3ccea4255840100000069830975482c8980359e1df0 (good)

;; QUESTION SECTION:

;dns.hjw.org. IN A

;; ANSWER SECTION:

dns.hjw.org. 86400 IN A 172.25.254.10

;; Query time: 4 msec

;; SERVER: 172.25.254.100#53(172.25.254.100)

;; WHEN: Wed Feb 04 16:55:17 CST 2026

;; MSG SIZE rcvd: 84

root@Yhu \~# dig dns.hjw.org @172.25.254.100

; <<>> DiG 9.16.23-RH <<>> dns.hjw.org @172.25.254.100

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56309

;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 1232

; COOKIE: 87800bfd2fb054a501000000698309a76c1c64807b2675af (good)

;; QUESTION SECTION:

;dns.hjw.org. IN A

;; ANSWER SECTION:

dns.hjw.org. 86400 IN A 172.25.254.20

;; Query time: 1 msec

;; SERVER: 172.25.254.100#53(172.25.254.100)

;; WHEN: Wed Feb 04 16:56:07 CST 2026

;; MSG SIZE rcvd: 84

nginx+memcache实现高速缓存解

重新编译nginx

root@Nginx \~# systemctl stop nginx.service

root@Nginx \~# cp /usr/local/nginx/conf/ /mnt/ -r

root@Nginx \~# rm -fr /usr/local/nginx/

root@Nginx \~# rm -rf nginx-1.29.4 nginx-1.28.1

root@Nginx \~# tar zxf nginx-1.28.1.tar.gz

root@Nginx \~# cd nginx-1.28.1/

root@Nginx \~# tar zxf srcache-nginx-module-0.33.tar.gz

root@Nginx \~# tar zxf memc-nginx-module-0.20.tar.gz

root@Nginx \~# cd nginx-1.28.1/

root@Nginx nginx-1.28.1# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module --add-module=/root/memc-nginx-module-0.20 --add-module=/root/srcache-nginx-module-0.33

root@Nginx nginx-1.28.1# make && make install

root@Nginx \~# cd /usr/local/nginx/conf

root@Nginx conf# cp /mnt/conf/nginx.conf /usr/conf/conf.d/ -r

root@Nginx \~#cp /mnt/conf/nginx.conf /usr/local/nginx/conf/nginx.conf

root@Nginx conf# systemctl start nginx.service

整合memcache

root@Nginx conf# vim /usr/local/nginx/conf/conf.d/php.conf

upstream memcache {

server 127.0.0.1:11211;

keepalive 512;

}

server {

listen 80;

server_name php.hjw.org;

root /web/hjw.org/php/html;

index index.php index.html;

location /memc {

internal;

memc_connect_timeout 100ms;

memc_send_timeout 100ms;

memc_read_timeout 100ms;

set memc_key query_string;

set $memc_exptime 300;

memc_pass memcache;

}

location ~ \.php$ {

set key uri$args;

srcache_fetch GET /memc $key;

srcache_store PUT /memc $key;

fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

include fastcgi.conf;

}

}

root@Nginx conf# nginx -s reload

#测试

root@Nginx conf# ab -n 10000 -c500 http://php.hjw.org/example.php

编译安装 openresty

Nginx 是俄罗斯人发明的， Lua 是巴西几个教授发明的，中国人章亦春把 LuaJIT VM 嵌入到 Nginx 中， 实现了 OpenResty 这个高性能服务端解决方案
OpenResty® 是一个基于 Nginx 与 Lua 的高性能 Web 平台，其内部集成了大量精良的 Lua 库、第三方 模块以及大多数的依赖项。用于方便地搭建能够处理超高并发、扩展性极高的动态 Web 应用、Web 服 务和动态网关。
OpenResty® 通过汇聚各种设计精良的 Nginx 模块（主要由 OpenResty 团队自主开发），从而将Nginx 有效地变成一个强大的通用 Web 应用平台。这样，Web 开发人员和系统工程师可以使用 Lua 脚本语言 调动 Nginx 支持的各种 C 以及 Lua 模块，快速构造出足以胜任 10K 乃至 1000K 以上单机并发连接的高 性能 Web 应用系统。
OpenResty 由于有功能强大且方便的的API,可扩展性更强,如果需要实现定制功能,OpenResty是个不错的
选择
官网: http://openresty.org/cn/

root@Nginx src#wget https://openresty.org/download/openresty-1.27.1.2.tar.gz

root@Nginx \~#dnf -yq install gcc pcre-devel openssl-devel perl zlib-devel

root@Nginx \~#useradd -r -s /sbin/nologin nginx

root@Nginx \~#tar zxf openresty-1.27.1.2

root@webserver \~# cd openresty-1.27.1.2/

root@Nginx openresty-1.17.8.2#./configure \

--prefix=/usr/local/openresty \

--user=nginx --group=nginx \

--with-http_ssl_module \

--with-http_v2_module \

--with-http_stub_status_module \

--with-http_gzip_static_module

--with-pcre --with-stream \

--with-stream_ssl_module \

--with-stream_realip_module

root@Nginx openresty-1.17.8.2#gmake && gmake install

root@webserver openresty# vim ~/.bash_profile

export PATH=$PATH:/usr/local/openresty/bin

root@webserver openresty#source ~/.bash_profile

root@Nginx openresty-1.17.8.2#openresty -v

nginx version: openresty/1.17.8.2

root@Nginx openresty-1.17.8.2#openresty

root@Nginx openresty-1.17.8.2#ps -ef |grep nginx

root@webserver openresty# echo hello test > /usr/local/openresty/nginx/html/index.html

root@webserver openresty# curl 172.25.254.200

hello test