Nginx 基础定义
Nginx 是一款高性能的开源 HTTP 服务器、反向代理服务器及邮件代理服务器,核心优势体现在高并发处理能力(基于异步非阻塞的事件驱动模型)、低内存占用、模块化架构和灵活的配置扩展性。它被广泛应用于静态资源服务、反向代理、负载均衡、动静分离、缓存加速等场景,是现代 Web 架构中不可或缺的核心组件。
实验核心背景
本次实验围绕 Nginx 的源码编译部署 与核心功能验证展开,区别于系统包管理器(如 yum、apt)的一键安装方式,选择源码编译是实验的核心切入点,所有后续功能验证均基于源码编译的 Nginx 环境完成,旨在深入理解 Nginx 的定制化部署逻辑与核心功能的底层实现。
一、Nginx的源码编译
1.1 为什么选择源码编译而非命令行一键安装?
系统包管理器(如 yum install nginx、apt-get install nginx)安装的 Nginx 是预编译版本,存在以下局限性,也是本次实验选择源码编译的核心原因:
-
功能阉割:预编译版本仅包含基础核心模块,缺少实验所需的扩展模块(如 SSL 模块、缓存模块、第三方模块),无法满足定制化功能验证;
-
版本锁定:系统仓库的 Nginx 版本通常滞后于官方最新版,无法验证新版本的特性或修复已知漏洞;
-
路径固化:安装路径、配置文件路径、日志路径等均由系统默认设定,无法按需调整,不利于理解 Nginx 的目录结构与依赖关系;
-
无编译过程感知:一键安装跳过了编译环节,无法理解 Nginx 与依赖库(如 PCRE、zlib、OpenSSL)的关联,也无法掌握模块编译、参数定制的核心逻辑。
1.2 源码编译的核心价值(实验目标)
通过源码编译,实验可实现:
- 按需选择编译模块(如启用
--with-http_ssl_module支持 HTTPS、--with-http_stub_status_module监控状态); - 自定义安装路径(如
/usr/local/nginx),清晰区分配置、程序、日志、模块的存储位置; - 掌握 Nginx 编译依赖(PCRE 用于正则解析、zlib 用于压缩、OpenSSL 用于加密),理解环境搭建的核心逻辑;
- 为后续反向代理、负载均衡、HTTPS 配置等实验提供 "纯净且可定制" 的基础环境。
1.3 实验核心步骤总结
(1).下载软件
[root@Nginx ~]# wget https://nginx.org/download/nginx-1.28.1.tar.gz(2).解压
[root@Nginx ~]# tar zxf nginx-1.28.1.tar.gz
[root@Nginx ~]# cd nginx-1.28.1/
[root@Nginx nginx-1.28.1]# ls
auto CHANGES.ru conf contrib html man SECURITY.md
CHANGES CODE_OF_CONDUCT.md configure CONTRIBUTING.md LICENSE README.md src(3).检测环境
#安装依赖性
[root@Nginx ~]# dnf install gcc openssl-devel.x86_64 pcre2-devel.x86_64 zlib-devel -y
[root@Nginx nginx-1.28.1]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module(4).编译
[root@Nginx nginx-1.28.1]# make
[root@Nginx nginx-1.28.1]# make install(5).nginx启动
#设定环境变量
[root@Nginx sbin]# vim ~/.bash_profile
export PATH=$PATH:/usr/local/nginx/sbin
[root@Nginx sbin]# source ~/.bash_profile
[root@Nginx logs]# useradd -s /sbin/nologin -M nginx
[root@Nginx logs]# nginx
[root@Nginx logs]# ps aux | grep nginx
root 44012 0.0 0.1 14688 2356 ? Ss 17:01 0:00 nginx: master process nginx
nginx 44013 0.0 0.2 14888 3892 ? S 17:01 0:00 nginx: worker process
root 44015 0.0 0.1 6636 2176 pts/0 S+ 17:01 0:00 grep --color=auto nginx
#测试
[root@Nginx logs]# echo timinglee > /usr/local/nginx/html/index.html
[root@Nginx logs]# curl 192.168.170.100
timinglee(6).编写启动文件
[root@Nginx ~]# vim /lib/systemd/system/nginx.service
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
[root@Nginx ~]# systemctl daemon-reload
#验证
[root@Nginx ~]# systemctl status nginx.service
○ nginx.service - The NGINX HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; preset: disabled)
Active: inactive (dead)
[root@Nginx ~]# systemctl enable --now nginx
[root@Nginx ~]# ps aux | grep nginx
root 1839 0.0 0.1 14688 2356 ? Ss 09:53 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 1840 0.0 0.2 14888 3828 ? S 09:53 0:00 nginx: worker process
[root@Nginx ~]# reboot
[root@Nginx ~]# systemctl status nginx.service
二、Nginx的平滑升级及回滚
1.下载高版本的软件
[root@Nginx ~]# wget https://nginx.org/download/nginx-1.29.4.tar.gz2.对于新版本的软件进行源码编译并进行平滑升级
#编译nginx隐藏版本
[root@Nginx ~]# tar zxf nginx-1.29.4.tar.gz
[root@Nginx ~]# cd nginx-1.29.4/src/core/
[root@Nginx core]# vim nginx.h
#define nginx_version 1029004
#define NGINX_VERSION ""
#define NGINX_VER "TIMINGLEE/" NGINX_VERSION
#文件编辑完成后进行源码编译即可
[root@Nginx core]# cd ../../
[root@Nginx nginx-1.29.4]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module
[root@Nginx nginx-1.29.4]# make
[root@Nginx nginx-1.29.4]# cd objs/
[root@Nginx objs]# ls
autoconf.err nginx ngx_auto_config.h ngx_modules.c src
Makefile nginx.8 ngx_auto_headers.h ngx_modules.o
[root@Nginx objs]# cd /usr/local/nginx/sbin/
[root@Nginx sbin]# ls
nginx
[root@Nginx sbin]# \cp -f /root/nginx-1.29.4/objs/nginx /usr/local/nginx/sbin/nginx
[root@Nginx sbin]# ls /usr/local/nginx/logs/
access.log error.log nginx.pid
[root@Nginx sbin]# ps aux | grep nginx
root 1643 0.0 0.1 14688 2360 ? Ss 09:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 1644 0.0 0.2 14888 3896 ? S 09:55 0:00 nginx: worker process
[root@Nginx sbin]# kill -USR2 1643 # <nginx旧master进程ID>
[root@Nginx sbin]# ps aux | grep nginx
root 1643 0.0 0.1 14688 2744 ? Ss 09:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 1644 0.0 0.2 14888 3896 ? S 09:55 0:00 nginx: worker process
root 4919 0.0 0.4 14716 7936 ? S 10:24 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 4921 0.0 0.2 14916 4156 ? S 10:24 0:00 nginx: worker process
root 4923 0.0 0.1 6636 2176 pts/0 S+ 10:25 0:00 grep --color=auto nginx
[root@Nginx sbin]# ls /usr/local/nginx/logs/
access.log error.log nginx.pid nginx.pid.oldbin测试:
[root@Nginx sbin]# nginx -V
nginx version: nginx/1.29.4
built by gcc 11.5.0 20240719 (Red Hat 11.5.0-5) (GCC)
built with OpenSSL 3.2.2 4 Jun 2024
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module回收旧版本子进程:
[root@Nginx sbin]# ps aux | grep nginx
root 1643 0.0 0.1 14688 2744 ? Ss 09:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 1644 0.0 0.2 14888 3896 ? S 09:55 0:00 nginx: worker process
root 4919 0.0 0.4 14716 7936 ? S 10:24 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 4921 0.0 0.2 14916 4156 ? S 10:24 0:00 nginx: worker process
root 4929 0.0 0.1 6636 2176 pts/0 S+ 10:27 0:00 grep --color=auto nginx
[root@Nginx sbin]# kill -WINCH 1643 #触发指定 Master 下 Worker 进程优雅退出
[root@Nginx sbin]# ps aux | grep nginx
root 1643 0.0 0.1 14688 2744 ? Ss 09:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx
root 4919 0.0 0.4 14716 7936 ? S 10:24 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 4921 0.0 0.2 14916 4156 ? S 10:24 0:00 nginx: worker process
root 4932 0.0 0.1 6636 2176 pts/0 S+ 10:28 0:00 grep --color=auto nginx3.版本回退|版本回滚
[root@Nginx sbin]# cd /usr/local/nginx/sbin/
[root@Nginx sbin]# cp nginx nginx.new -p
[root@Nginx sbin]# \cp nginx.old nginx -pf
[root@Nginx sbin]# ps aux | grep nginx
root 1643 0.0 0.1 14688 2744 ? Ss 09:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx
root 4919 0.0 0.4 14716 7936 ? S 10:24 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 4921 0.0 0.2 14916 4156 ? S 10:24 0:00 nginx: worker process
[root@Nginx sbin]# kill -HUP 1643 #触发旧Master重载配置并重建旧版本Worker进程
[root@Nginx sbin]# ps aux | grep nginx
root 1643 0.0 0.1 14688 2744 ? Ss 09:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx
root 4919 0.0 0.4 14716 7936 ? S 10:24 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 4921 0.0 0.2 14916 4156 ? S 10:24 0:00 nginx: worker process
nginx 4963 0.0 0.2 14888 3896 ? S 10:32 0:00 nginx: worker process
root 4965 0.0 0.1 6636 2176 pts/0 S+ 10:32 0:00 grep --color=auto nginx
[root@Nginx sbin]# nginx -V
nginx version: nginx/1.28.1
built by gcc 11.5.0 20240719 (Red Hat 11.5.0-5) (GCC)
built with OpenSSL 3.2.2 4 Jun 2024
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module
#回收新版本进程
[root@Nginx sbin]# kill -WINCH 4919
[root@Nginx sbin]# ps aux | grep nginx
root 1643 0.0 0.1 14688 2744 ? Ss 09:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx
root 4919 0.0 0.4 14716 7936 ? S 10:24 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 4963 0.0 0.2 14888 3896 ? S 10:32 0:00 nginx: worker process
root 4969 0.0 0.1 6636 2176 pts/0 S+ 10:34 0:00 grep --color=auto nginx三、Nginx配置文件的管理及优化参数
[root@Nginx ~]# vim /usr/local/nginx/conf/nginx.conf
user nginx;
[root@Nginx ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@Nginx ~]# nginx -s reload
[root@Nginx ~]# ps aux | grep nginx
root 5506 0.0 0.2 14564 3912 ? Ss 14:40 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 5511 0.0 0.2 14996 4032 ? S 14:41 0:00 nginx: worker process
[root@Nginx ~]# vim /usr/local/nginx/conf/nginx.conf
worker_processes 2;
[root@Nginx ~]# nginx -s reload
[root@Nginx ~]# ps aux | grep nginx
root 5506 0.0 0.2 14796 4040 ? Ss 14:40 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 5516 0.0 0.2 15012 4048 ? S 14:42 0:00 nginx: worker process
nginx 5517 0.0 0.2 15012 4048 ? S 14:42 0:00 nginx: worker process
#在vmware中更改硬件cpu核心个数,然后重启
[root@Nginx ~]# vim /usr/local/nginx/conf/nginx.conf
worker_processes auto;
worker_cpu_affinity 0001 0010 0100 1000;
[root@Nginx ~]# ps aux | grep nginx
root 887 0.0 0.1 14564 2212 ? Ss 14:51 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 889 0.0 0.2 14964 3748 ? S 14:51 0:00 nginx: worker process
nginx 890 0.0 0.2 14964 3748 ? S 14:51 0:00 nginx: worker process
nginx 891 0.0 0.2 14964 3748 ? S 14:51 0:00 nginx: worker process
nginx 892 0.0 0.2 14964 3748 ? S 14:51 0:00 nginx: worker process
[root@Nginx ~]# ps axo pid,cmd,psr | grep nginx
887 nginx: master process /usr/ 3
1635 nginx: worker process 0
1636 nginx: worker process 1
1637 nginx: worker process 2
1638 nginx: worker process 3
[root@Nginx ~]# vim /usr/local/nginx/conf/nginx.conf
events {
worker_connections 10000;
use epoll;
accept_mutex on;
multi_accept on;
}
[root@Nginx ~]# nginx -s reload
#测试并发
[root@Nginx ~]# dnf install httpd-tools -y
[root@Nginx ~]# ab -n 100000 -c5000 http://192.168.170.100/index.html
This is ApacheBench, Version 2.3 <$Revision: 1913912 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking 172.25.254.100 (be patient)
socket: Too many open files (24) #并发数量过多导致访问失败
#处理本地文件系统的并发文件数量
[root@Nginx ~]# vim /etc/security/limits.conf
* - nofile 100000
* - noproc 100000
root - nofile 100000
[root@Nginx ~]# sudo -u nginx ulimit -n
100000
[root@Nginx ~]# ulimit -n 10000
100000
#测试
[root@Nginx ~]# ab -n 100000 -c10000 http://192.168.170.100/index.html
This is ApacheBench, Version 2.3 <$Revision: 1913912 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking 172.25.254.100 (be patient)
Completed 10000 requests
Completed 20000 requests
Completed 30000 requests
Completed 40000 requests
Completed 50000 requests四、Nginx下构建PC站点
1.location中的root
[root@Nginx conf]# cd /usr/local/nginx/conf/
[root@Nginx conf]# mkdir conf.d
[root@Nginx conf]# vim nginx.conf
82 include "/usr/local/nginx/conf/conf.d/*.conf";
[root@Nginx conf]# nginx -s reload
[root@Nginx conf]# cd conf.d/
[root@Nginx ~]# mkdir -p /webdata/nginx/timinglee.org/lee/html
[root@Nginx ~]# echo lee.timinglee.org > /webdata/nginx/timinglee.org/lee/html/index.html
[root@Nginx conf.d]# vim vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
location / {
root /webdata/nginx/timinglee.org/lee/html;
}
}
root@Nginx conf.d]# systemctl restart nginx.service
#测试
[root@Nginx conf.d]# vim /etc/hosts
172.25.254.100 Nginx www.timinglee.org lee.timinglee.org
[root@Nginx conf.d]# curl www.timinglee.org
timinglee
[root@Nginx conf.d]# curl lee.timinglee.org
lee.timinglee.org测试:
[root@Nginx conf.d]# vim /etc/hosts
192.168.170.100 Nginx www.timinglee.org lee.timinglee.org
[root@Nginx conf.d]# curl www.timinglee.org
timinglee
[root@Nginx conf.d]# curl lee.timinglee.org
lee.timinglee.org
#local示例需要访问lee.timinglee.org/lee/目录
[root@Nginx conf.d]# vim vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
location / {
root /webdata/nginx/timinglee.org/lee/html;
}
location /lee { #lee标识location中的root值+location 后面指定的值代表目录的路径
root /webdata/nginx/timinglee.org/lee/html;
}
}
[root@Nginx conf.d]# systemctl restart nginx.service
[root@Nginx conf.d]# mkdir -p /webdata/nginx/timinglee.org/lee/html/lee
[root@Nginx conf.d]# echo lee > /webdata/nginx/timinglee.org/lee/html/lee/index.html
[root@Nginx conf.d]# curl lee.timinglee.org/lee/
lee2.location中的alias
[root@Nginx conf.d]# vim vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
location /passwd { #标识文件
alias /etc/passwd;
}
location /passwd/ { #表示目录
alias /mnt/;
}
}
[root@Nginx conf.d]# nginx -s reload
[root@Nginx conf.d]# echo passwd > /mnt/index.html测试效果:
五、Location字符匹配详解
1.Location后什么都不带直接指定目录
核心原理
匹配规则 :无修饰符时,location 是前缀匹配(也叫 "普通字符串匹配"),且大小写敏感。
- 匹配逻辑:请求 URI 必须以
location后指定的字符串(/null)作为开头,且字符大小写完全一致。
适用场景 :匹配固定前缀的目录,比如静态资源目录 location /static { ... }。
[root@Nginx conf.d]# vim vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
location /null {
return 200 "/null-1";
}
}
[root@Nginx conf.d]# nginx -s reload
#URI是/null/,以/null开头 → 匹配成功,返回/null-1;
[root@Nginx conf.d]# curl lee.timinglee.org/null/
/null-1
#URI是/NULL/,大小写(NULL vs null)不一致 → 前缀匹配失败,触发 404;
[root@Nginx conf.d]# curl lee.timinglee.org/NULL/
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.28.1</center>
</body>
</html>
#URI是/test/null,开头是/test而非/null → 前缀匹配失败,触发 404。
[root@Nginx conf.d]# curl lee.timinglee.org/test/null
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.28.1</center>
</body>
</html>2.location 后用 =
匹配规则 := 表示精确匹配,优先级是所有 location 中最高的。
-
匹配逻辑:请求 URI 必须与
location后指定的字符串完全一致(包括字符、长度、结尾是否有/),且大小写敏感; -
优先级:
=精确匹配 > 其他所有匹配方式(哪怕后面有正则 / 前缀匹配,只要精确匹配命中,直接执行)。
适用场景 :匹配固定的、高频的短 URI(如 /、/login),减少 Nginx 匹配开销(精确匹配命中后直接终止匹配流程)。
[root@Nginx conf.d]# vim vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
location /null {
return 200 "null-1";
}
location = /null { #精确匹配到此结束
return 200 "null-2";
}
location ~ /null {
return 200 "null-3";
}
}
[root@Nginx conf.d]# nginx -s reload
[root@Nginx conf.d]# curl lee.timinglee.org/null
null-2
#请求 URI 是 /null,与 location = /null 完全一致 → 直接命中该规则,返回 null-2;
即使同时存在 /null(前缀匹配)、~ /null(正则匹配),但因 = 优先级最高,其他规则不会生效。3.location 后用"^~"
匹配规则 :^~ 是前缀匹配(与无修饰符一致)+ 跳过正则匹配,优先级仅次于 = 精确匹配。
-
匹配逻辑:① 先按 "前缀匹配" 规则(URI 以
/lee开头)匹配;② 若命中^~规则,直接跳过后续所有正则匹配(~/~*),执行当前规则; -
大小写敏感(因为是字符串前缀匹配,非正则)。
适用场景 :静态资源目录(如 /js、/css),避免被后续的正则匹配规则覆盖,提升匹配效率。
[root@Nginx conf.d]# vim vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
location /null {
return 200 "null-1";
}
location = /null {
return 200 "null-2";
}
location ~ /null {
return 200 "null-3";
}
location ^~ /lee {
return 200 "lee";
}
}
[root@Nginx conf.d]# nginx -s reload
#URI 以 /lee 开头 → 命中,返回 lee;
[root@Nginx conf.d]# curl lee.timinglee.org/lee
lee
#URI 是 /test/lee,开头是 /test → 前缀不匹配,404;
[root@Nginx conf.d]# curl lee.timinglee.org/test/lee
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.28.1</center>
</body>
</html>
#URI 是 /lee/test,开头是 /lee → 命中;
[root@Nginx conf.d]# curl lee.timinglee.org/lee/test
lee
#URI 是 /aleea/test,开头是 /aleea → 前缀不匹配,404;
[root@Nginx conf.d]# curl lee.timinglee.org/aleea/test
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.28.1</center>
</body>
</html>
#URI 是 /leeab/test,开头是 /lee → 命中。
[root@Nginx conf.d]# curl lee.timinglee.org/leeab/test
lee4.location 后用"~"
匹配规则 :~ 表示正则表达式匹配 ,优先级低于 = 和 ^~,且大小写敏感。
- 匹配逻辑:① 只有当
=(精确)、^~(前缀优先)都未命中时,才会执行正则匹配;② 按location配置的先后顺序匹配正则规则,命中第一个即停止;③ 正则表达式/timing/表示:URI 中包含/timing/这个子串(注意前后的/)。
适用场景:需要按复杂规则匹配 URI(如包含特定路径),且要求大小写敏感的场景。
[root@Nginx conf.d]# vim vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
location /null {
return 200 "null-1";
}
location = /null {
return 200 "null-2";
}
location ~ /null {
return 200 "null-3";
}
location ^~ /lee {
return 200 "lee";
}
location ~ /timing/ {
return 200 "timing";
}
}
[root@Nginx conf.d]# nginx -s reload
#URI 是 /timinga/,包含 /timing/(timing 后接 a/)→ 命中;
[root@Nginx conf.d]# curl lee.timinglee.org/timinga/
timing
[root@Nginx conf.d]# curl lee.timinglee.org/timing/
timing
#URI 是 /a/timing/,明确包含 /timing/ → 命中;
[root@Nginx conf.d]# curl lee.timinglee.org/a/timing/
timing
#URI 是 /a/timinga/,包含 /timing/ → 命中;
[root@Nginx conf.d]# curl lee.timinglee.org/a/timinga/
timing
#URI 是 /a/atiming/,子串是 atiming(前面多了 a),无 /timing/ → 失败;
[root@Nginx conf.d]# curl lee.timinglee.org/a/atiming/
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.28.1</center>
</body>
</html>
[root@Nginx conf.d]# curl lee.timinglee.org/aTiminga/a/
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.28.1</center>
</body>
</html>
#URI 是 /Timinga/a/,Timing 首字母大写,与正则 /timing/(小写)不匹配 → 失败。
[root@Nginx conf.d]# curl lee.timinglee.org/Timinga/a/
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.28.1</center>
</body>
</html>5.location 后用"~*"
匹配规则 :~* 是 ~ 的 "大小写不敏感版",优先级、匹配逻辑与 ~ 一致,仅取消大小写限制。
- 匹配逻辑:正则表达式
/timinglee表示 URI 中包含timinglee子串(无论大小写),且无需严格前后缀,只要子串存在即可。
适用场景 :匹配用户输入的 URI(如 /download//Download)、兼容不同大小写的访问路径。
[root@Nginx conf.d]# vim vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
location /null {
return 200 "null-1";
}
location = /null {
return 200 "null-2";
}
location ~ /null {
return 200 "null-3";
}
location ^~ /lee {
return 200 "lee";
}
location ~ /timing/ {
return 200 "timing";
}
location ~* /timinglee {
return 200 "timinglee";
}
}
[root@Nginx conf.d]# nginx -s reload
#URI 包含 Timinglee(大写 T),~* 忽略大小写 → 命中;
[root@Nginx conf.d]# curl lee.timinglee.org/Timinglee/
timinglee
#URI 包含 timinglee 子串 → 命中;
[root@Nginx conf.d]# curl lee.timinglee.org/timinglee/
timinglee
#URI 包含 timinglee(后接 a)→ 命中;
[root@Nginx conf.d]# curl lee.timinglee.org/timinglee/a
timinglee
[root@Nginx conf.d]# curl lee.timinglee.org/a/timinglee/a
timinglee
#URI 子串是 atiminglee(前面多了 a),无独立的 timinglee → 失败。
[root@Nginx conf.d]# curl lee.timinglee.org/a/atiminglee/a
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.28.1</center>
</body>
</html>
[root@Nginx conf.d]# curl lee.timinglee.org/a/timingleea/a
timinglee
[root@Nginx conf.d]# curl lee.timinglee.org/a/Timinglee/a
timinglee6.location 后用"\"
正则语法补充:
-
\.:.在正则中是 "匹配任意单个字符",加反斜杠\表示转义 ,仅匹配字面量.(文件后缀的分隔符); -
(img|php|jsp):正则 "分组 + 或",匹配img、php、jsp中的任意一个; -
$:正则结束符,表示 "匹配到 URI 的末尾"。
匹配逻辑 :~* \.(img|php|jsp)$ 表示:URI 以 .php/.jsp/.img 结尾(大小写不敏感)。
适用场景 :按文件后缀做差异化处理(如 .php 转发给 PHP-FPM,.jpg 直接返回静态文件,.html 加缓存头等)。
[root@Nginx conf.d]# vim vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
location /null {
return 200 "null-1";
}
location = /null {
return 200 "null-2";
}
location ~ /null {
return 200 "null-3";
}
location ^~ /lee {
return 200 "lee";
}
location ~ /timing/ {
return 200 "timing";
}
location ~* /timinglee {
return 200 "timinglee";
}
location ~* \.(img|php|jsp)$ {
return 200 "app";
}
}
[root@Nginx conf.d]# nginx -s reload
#URI 是 /test.php,以 .php 结尾 → 命中,返回 app;
[root@Nginx conf.d]# curl lee.timinglee.org/test.php
app
#URI 是 /test.jsp,以 .jsp 结尾 → 命中,返回 app。
[root@Nginx conf.d]# curl lee.timinglee.org/test.jsp
app 总结:Location 匹配优先级与核心规则
-
优先级从高到低:
=(精确匹配) >^~(前缀优先匹配) >~/~*(正则匹配,按配置顺序) > 无修饰符(普通前缀匹配) >/(默认匹配)。 -
大小写敏感规则:
-
精确匹配、普通前缀匹配、
^~、~:大小写敏感; -
~*:大小写不敏感。
-
-
正则匹配关键:
-
需转义特殊字符(如
./$/*等); -
$匹配末尾,^匹配开头,|表示 "或",()分组。
-
理解这些规则后,就能精准控制 Nginx 对不同 URI 的处理逻辑,避免匹配冲突或不符合预期的情况。
六、服务访问的用户认证
[root@Nginx ~]# htpasswd -cmb /usr/local/nginx/conf/.htpasswd admin lee
Adding password for user admin
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
location /admin {
root /usr/local/nginx/html;
auth_basic "login passwd";
auth_basic_user_file "/usr/local/nginx/conf/.htpasswd";
}
}
[root@Nginx ~]# systemctl restart nginx.service
#测试:
root@Nginx ~]# curl lee.timinglee.org/admin/
<html>
<head><title>401 Authorization Required</title></head>
<body>
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.28.1</center>
</body>
</html>
七、自定义错误日志
[root@Nginx ~]# mkdir -p /usr/local/nginx/logs/timinglee.org/
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
error_page 404 405 503 502 /error;
error_log logs/timinglee.org/lee.error error;
location /lee {
root /usr/local/nginx/html;
}
location /error {
alias /usr/local/nginx/errorpage/errormessage;
}
}
[root@Nginx ~]# systemctl restart nginx.service
#测试
[root@Nginx ~]# cd /usr/local/nginx/logs/timinglee.org/
[root@Nginx timinglee.org]# ls
lee.error
[root@Nginx timinglee.org]# cat lee.error
[root@Nginx timinglee.org]# curl lee.timinglee.org/lee/
太不巧了,你要访问的页面辞职了!!
[root@Nginx timinglee.org]# cat lee.error
2026/02/24 17:01:56 [error] 66810#0: *1 "/usr/local/nginx/html/lee/index.html" is not found (2: No such file or directory), client: 192.168.170.100, server: lee.timinglee.org, request: "GET /lee/ HTTP/1.1", host: "lee.timinglee.org"
2026/02/24 17:01:56 [error] 66810#0: *1 open() "/usr/local/nginx/errorpage/errormessage" failed (2: No such file or directory), client: 192.168.170.100, server: lee.timinglee.org, request: "GET /lee/ HTTP/1.1", host: "lee.timinglee.org"八、Nginx中建立下载服务器
[root@Nginx ~]# mkdir -p /usr/local/nginx/download
[root@Nginx ~]# cp /etc/passwd /usr/local/nginx/download/
[root@Nginx ~]# dd if=/dev/zero of=/usr/local/nginx/download/bigfile bs=1M count=100
记录了100+0 的读入
记录了100+0 的写出
104857600字节(105 MB,100 MiB)已复制,0.152409 s,688 MB/s
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
error_page 404 405 503 502 /error;
error_log logs/timinglee.org/lee.error error;
location /lee {
root /usr/local/nginx/html;
}
location /error {
alias /usr/local/nginx/errorpage/errormessage;
}
location /download {
root /usr/local/nginx;
}
}
[root@Nginx ~]# nginx -s reload访问:
1.启用列表功能
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
error_page 404 405 503 502 /error;
error_log logs/timinglee.org/lee.error error;
location /lee {
root /usr/local/nginx/html;
}
location /error {
alias /usr/local/nginx/errorpage/errormessage;
}
location /download {
root /usr/local/nginx;
autoindex on;
}
}
[root@Nginx ~]# nginx -s reload访问效果:
2.下载控速
[root@Nginx ~]# wget http://192.168.170.100/download/bigfile
--2026-02-01 11:37:52-- http://lee.timinglee.org/download/bigfile
正在解析主机 lee.timinglee.org (lee.timinglee.org)... 172.25.254.100
正在连接 lee.timinglee.org (lee.timinglee.org)|172.25.254.100|:80... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:104857600 (100M) [application/octet-stream]
正在保存至: "bigfile"
bigfile 100%[=================================>] 100.00M 232MB/s 用时 0.4s
2026-02-01 11:37:52 (232 MB/s) - 已保存 "bigfile" [104857600/104857600])
[root@Nginx ~]# rm -fr bigfile
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
error_page 404 405 503 502 /error;
error_log logs/timinglee.org/lee.error error;
location /lee {
root /usr/local/nginx/html;
}
location /error {
alias /usr/local/nginx/errorpage/errormessage;
}
location /download {
root /usr/local/nginx;
autoindex on;
limit_rate 1024k;
}
}
[root@Nginx ~]# nginx -s reload
[root@Nginx ~]# wget http://192.168.170.100/download/bigfile
--2026-02-01 11:39:09-- http://lee.timinglee.org/download/bigfile
正在解析主机 lee.timinglee.org (lee.timinglee.org)... 192.168.170.100
正在连接 lee.timinglee.org (lee.timinglee.org)|192.168.170.100|:80... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:104857600 (100M) [application/octet-stream]
正在保存至: "bigfile"
bigfile 12%[===> ] 12.00M 1.00MB/s 剩余 88s3.显示文件大小优化
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
error_page 404 405 503 502 /error;
error_log logs/timinglee.org/lee.error error;
location /lee {
root /usr/local/nginx/html;
}
location /error {
alias /usr/local/nginx/errorpage/errormessage;
}
location /download {
root /usr/local/nginx;
autoindex on;
limit_rate 1024k;
autoindex_exact_size off;
}
}
[root@Nginx ~]# nginx -s reload效果:
[root@Nginx timinglee.org]# curl 192.168.170.100/download
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.28.1</center>
</body>
</html>
[root@Nginx timinglee.org]# curl 192.168.170.100/download/
<html>
<head><title>Index of /download/</title></head>
<body>
<h1>Index of /download/</h1><hr><pre><a href="../">../</a>
<a href="bigfile">bigfile</a> 24-Feb-2026 09:08 100M
<a href="passwd">passwd</a> 24-Feb-2026 09:08 1294
</pre><hr></body>
</html>4.时间显示调整
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
error_page 404 405 503 502 /error;
error_log logs/timinglee.org/lee.error error;
location /lee {
root /usr/local/nginx/html;
}
location /error {
alias /usr/local/nginx/errorpage/errormessage;
}
location /download {
root /usr/local/nginx;
autoindex on;
limit_rate 1024k;
autoindex_exact_size off;
autoindex_localtime on;
}
}
[root@Nginx ~]# nginx -s reload效果:
5.设定页面风格
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
error_page 404 405 503 502 /error;
error_log logs/timinglee.org/lee.error error;
location /lee {
root /usr/local/nginx/html;
}
location /error {
alias /usr/local/nginx/errorpage/errormessage;
}
location /download {
root /usr/local/nginx;
autoindex on;
limit_rate 1024k;
autoindex_exact_size off;
autoindex_localtime on;
autoindex_format html | xml | json | jsonp; #只需要写一个
}
}
[root@Nginx ~]# nginx -s reloadxml风格
json风格
九、Nginx的文件检测
[root@Nginx ~]# echo default > /usr/local/nginx/errorpage/default.html
[root@Nginx ~]# cat /usr/local/nginx/errorpage/default.html
default
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
error_page 404 405 503 502 /error;
error_log logs/timinglee.org/lee.error error;
root /usr/local/nginx/errorpage;
try_files $uri $uri.html $uri/index.html /default.html;
}
[root@Nginx ~]# nginx -s reload测试:
[root@Nginx timinglee.org]# curl -v 192.168.170.100/aaaaaaaaaa/
* Trying 192.168.170.100:80...
* Connected to 192.168.170.100 (192.168.170.100) port 80 (#0)
> GET /aaaaaaaaaa/ HTTP/1.1
> Host: 192.168.170.100
> User-Agent: curl/7.76.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.28.1
< Date: Tue, 24 Feb 2026 11:07:44 GMT
< Content-Type: text/html
< Content-Length: 8
< Last-Modified: Tue, 24 Feb 2026 11:06:50 GMT
< Connection: keep-alive
< ETag: "699d864a-8"
< Accept-Ranges: bytes
<
default
* Connection #0 to host 192.168.170.100 left intact十 、Nginx的状态页
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
location /nginx_status{
stub_status;
auth_basic "auth login";
auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
allow 192.168.170.0/24;
deny all;
}
}
[root@Nginx ~]# nginx -s reload
十一、Ngnix的压缩功能
[root@Nginx ~]# mkdir /usr/local/nginx/timinglee.org/lee/html -p
[root@Nginx ~]# echo hello lee > /usr/local/nginx/timinglee.org/lee/html/index.html
[root@Nginx html]# cp /usr/local/nginx/logs/access.log /usr/local/nginx/timinglee.org/lee/html/bigfile.txt
[root@Nginx ~]# vim /usr/local/nginx/conf/nginx.conf
gzip on;
gzip_comp_level 4;
gzip_disable "MSIE [1-6]\.";
gzip_min_length 1024k;
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/gif image/png;
gzip_vary on;
gzip_static on;
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
root /usr/local/nginx/timinglee.org/lee/html;
location /nginx_status{
stub_status;
auth_basic "auth login";
auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
allow 192.168.170.0/24;
deny all;
}
}
[root@Nginx ~]# nginx -s reload测试:
十二、Nginx变量
1.升级Nginx支持echo
[root@Nginx ~]# systemctl stop nginx.service
[root@Nginx ~]# ps aux | grep nginx
root 5193 0.0 0.1 6636 2176 pts/1 S+ 16:08 0:00 grep --color=auto nginx
[root@Nginx ~]# tar zxf echo-nginx-module-0.64.tar.gz
[root@Nginx ~]# cd nginx-1.28.1/
[root@Nginx nginx-1.28.1]# make clean
[root@Nginx nginx-1.28.1]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module --add-module=/root/echo-nginx-module-0.64
[root@Nginx nginx-1.28.1]# make
[root@Nginx nginx-1.28.1]# rm -rf /usr/local/nginx/sbin/nginx
[root@Nginx nginx-1.28.1]# cp objs/nginx /usr/local/nginx/sbin/ -p
#测试
[root@Nginx nginx-1.28.1]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
root /usr/local/nginx/timinglee.org/lee/html;
location /vars {
default_type text/html;
echo $remote_addr;
}
}
[root@Nginx nginx-1.28.1]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@Nginx nginx-1.28.1]# systemctl start nginx.service2.理解内建变量
[root@Nginx nginx-1.28.1]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
root /usr/local/nginx/timinglee.org/lee/html;
location /vars {
default_type text/html;
echo $remote_addr;
}
}
[root@Nginx nginx-1.28.1]# nginx -s reload
[root@Nginx nginx-1.28.1]# curl lee.timinglee.org/vars/
192.169.170.100
[root@Nginx nginx-1.28.1]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
root /usr/local/nginx/timinglee.org/lee/html;
location /vars {
default_type text/html;
echo $args;
}
}
[root@Nginx nginx-1.28.1]# nginx -s reload
[root@Nginx nginx-1.28.1]# curl "http://lee.timinglee.org/vars?key=lee&id=11"
key=lee&id=11
[root@Nginx nginx-1.28.1]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
root /usr/local/nginx/timinglee.org/lee/html;
location /vars {
default_type text/html;
echo $args;
echo $is_args;
}
}
[root@Nginx nginx-1.28.1]# nginx -s reload
[root@Nginx nginx-1.28.1]# curl "http://lee.timinglee.org/vars?key=lee&id=11"
key=lee&id=11
?
[root@Nginx nginx-1.28.1]# curl "http://lee.timinglee.org/vars"
192.168.170.100
[root@Nginx nginx-1.28.1]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
root /usr/local/nginx/timinglee.org/lee/html;
location /vars {
default_type text/html;
echo $document_root;
}
}
[root@Nginx nginx-1.28.1]# nginx -s reload测试:
[root@Nginx nginx-1.28.1]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server{
listen 80;
server_name lee.timinglee.org;
root /usr/local/nginx/timinglee.org/lee/html;
location /vars {
default_type text/html;
echo $remote_addr;
echo $args;
echo $is_args;
echo $document_root;
echo $document_uri;
echo $host;
echo $remote_port;
echo $remote_user;
echo $request_method;
echo $request_filename;
echo $request_uri;
echo $scheme;
echo $server_protocol;
echo $server_addr;
echo $server_name;
echo $server_port;
echo $http_user_agent;
echo $cookie_key2;
echo $http_user_agent;
echo $sent_http_content_type;
}
}
[root@Nginx nginx-1.28.1]# nginx -s reload测试:
[root@Nginx nginx-1.28.1]# curl -b "key1=hello,key2=timinglee" -A "haha" -ulee:lee "http://lee.timinglee.org/vars?key=lee&id=11"
十三、自定义变量
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
listen 80;
server_name lee.timinglee.org;
root /usr/local/nginx/timinglee.org/lee/html;
location /vars {
default_type text/html;
echo $remote_addr;
echo $args;
echo $is_args;
echo $document_root;
echo $document_uri;
echo $host;
echo $remote_port;
echo $remote_user;
echo $request_method;
echo $request_filename;
echo $request_uri;
echo $scheme;
echo $server_protocol;
echo $server_addr;
echo $server_name;
echo $server_port;
echo $http_user_agent;
echo $cookie_key2;
echo $http_user_agent;
echo $sent_http_content_type;
set $test lee; #手动设定变量值
echo $test;
set $web_port $server_port; #变量个传递
echo $web_port;
}
}
[root@Nginx ~]# nginx -s reload测试: