源码编译
下载
root@nginx \~\]# wget https://nginx.org/download/nginx-1.28.1.tar.gz #### 解压 \[root@nginx \~\]# tar zxf nginx-1.28.1.tar.gz \[root@nginx \~\]# cd nginx-1.28.1/ #### 安装依赖 \[root@nginx nginx-1.28.1\]# dnf install gcc openssl-devel.x86_64 pcre2-devel.x86_64 zlib-devel -y #### 编译 \[root@nginx nginx-1.28.1\]# make \[root@nginx nginx-1.28.1\]# make install #### nginx启动 \[root@nginx \~\]# vim \~/.bash_profile 2 export PATH=$PATH:/usr/local/nginx/sbin \[root@nginx \~\]# source \~/.bash_profile \[root@nginx \~\]# useradd -s /sbin/nologin -M nginx \[root@nginx \~\]# nginx #启动 \[root@nginx \~\]# ps aux \| grep nginx root 1828 0.0 0.6 30768 23680 pts/0 T 20:23 0:00 wget https://nginx.org/download/nginx-1.28.1.tar.gz root 8453 0.0 0.0 14688 2360 ? Ss 20:36 0:00 nginx: master process nginx nginx 8454 0.0 0.1 14888 3896 ? S 20:36 0:00 nginx: worker process root 8459 0.0 0.0 6636 2176 pts/0 S+ 20:37 0:00 grep --color=auto nginx 测试 \[root@nginx \~\]# echo 172.25.254.10 \> /usr/local/nginx/html/index.html \[root@nginx \~\]# curl 172.25.254.10 172.25.254.10 #### 编写启动文件 \[root@nginx \~\]# vim /lib/systemd/system/nginx.service \[Unit
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
Service
Type=forking
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
Install
WantedBy=multi-user.target
root@nginx \~\]# systemctl daemon-reload #### 验证  \[root@nginx \~\]# systemctl enable --now nginx #开机启动  \[root@nginx \~\]# reboot  ### Nginx的平滑升级及回滚 #### 下载高版本压缩包 \[root@nginx \~\]# wget https://nginx.org/download/nginx-1.29.4.tar.gz #### 解压 \[root@nginx \~\]# tar zxf nginx-1.29.4.tar.gz #### 隐藏版本 \[root@nginx \~\]# vim nginx-1.29.4/src/core/nginx.h 13 #define NGINX_VERSION "" #### 编译 \[root@nginx nginx-1.29.4\]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http__v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --wtith-stream_ssl_module --with-stream_realip_module \[root@nginx nginx-1.29.4\]# make \[root@nginx nginx-1.29.4\]# cd objs/ 查看是否有nginx  \[root@nginx sbin\]# cp nginx nginx.old \[root@nginx sbin\]# \\cp -f /root/nginx-1.29.4/objs/nginx /usr/local/nginx/sbin/nginx \[root@nginx sbin\]# ps aux \| grep nginx root 899 0.0 0.0 14688 2220 ? Ss 20:48 0:00 nginx: master process /usr/local/nginx/sbin/nginx nginx 901 0.0 0.1 14888 3884 ? S 20:48 0:00 nginx: worker process root 4763 0.0 0.0 6636 2176 pts/0 S+ 21:00 0:00 grep --color=auto nginx \[root@nginx sbin\]# kill -USR2 899 #结束nginx master进程 #### 回收旧版本子进程 \[root@nginx sbin\]# ps aux \| grep nginx root 899 0.0 0.0 14688 2604 ? Ss 20:48 0:00 nginx: master process /usr/local/nginx/sbin/nginx nginx 901 0.0 0.1 14888 3884 ? S 20:48 0:00 nginx: worker process root 4783 0.0 0.2 14716 8064 ? S 21:01 0:00 nginx: master process /usr/local/nginx/sbin/nginx nginx 4784 0.0 0.1 14916 4144 ? S 21:01 0:00 nginx: worker process root 4796 0.0 0.0 6636 2176 pts/0 S+ 21:03 0:00 grep --color=auto nginx \[root@nginx sbin\]# kill -WINCH 899 \[root@nginx sbin\]# ps aux \| grep nginx root 899 0.0 0.0 14688 2604 ? Ss 20:48 0:00 nginx: master process /usr/local/nginx/sbin/nginx root 4783 0.0 0.2 14716 8064 ? S 21:01 0:00 nginx: master process /usr/local/nginx/sbin/nginx nginx 4784 0.0 0.1 14916 4144 ? S 21:01 0:00 nginx: worker process root 4798 0.0 0.0 6636 2176 pts/0 S+ 21:04 0:00 grep --color=auto nginx 版本回退 \[root@nginx sbin\]# cd /usr/local/nginx/sbin/ \[root@nginx sbin\]# cp nginx nginx.new -p 将旧版本的nginx.old改回nginx \[root@nginx sbin\]# \\cp nginx .old nginx -pf \[root@nginx sbin\]# ps aux \| grep nginx root 899 0.0 0.0 14688 2604 ? Ss 20:48 0:00 nginx: master process /usr/local/nginx/sbin/nginx root 4783 0.0 0.2 14716 8064 ? S 21:01 0:00 nginx: master process /usr/local/nginx/sbin/nginx nginx 4784 0.0 0.1 14916 4144 ? S 21:01 0:00 nginx: worker process root 4847 0.0 0.0 6636 2176 pts/0 S+ 21:06 0:00 grep --color=auto nginx \[root@nginx sbin\]# kill -HUP 899 \[root@nginx sbin\]# ps aux \| grep nginx root 899 0.0 0.0 14688 2604 ? Ss 20:48 0:00 nginx: master process /usr/local/nginx/sbin/nginx root 4783 0.0 0.2 14716 8064 ? S 21:01 0:00 nginx: master process /usr/local/nginx/sbin/nginx nginx 4784 0.0 0.1 14916 4144 ? S 21:01 0:00 nginx: worker process nginx 4849 0.0 0.1 14888 3884 ? S 21:08 0:00 nginx: worker process root 4851 0.0 0.0 6636 2176 pts/0 S+ 21:09 0:00 grep --color=auto nginx \[root@nginx sbin\]# nginx -V nginx version: nginx/1.28.1 #旧版本 built by gcc 11.5.0 20240719 (Red Hat 11.5.0-5) (GCC) built with OpenSSL 3.2.2 4 Jun 2024 TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module #### 回收新版本进程 \[root@nginx sbin\]# kill -WINCH 4783  ### Nginx配置文件的管理及优化参数 \[root@nginx \~\]# vim /usr/local/nginx/conf/nginx.conf 2 user nginx; \[root@nginx \~\]# nginx -t #查看是否有配置语法错误 nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful \[root@nginx \~\]# nginx -s reload #重启nginx  将处理器数量设置为1内核数量设置为4,设置好后重启系统  \[root@nginx \~\]# vim /usr/local/nginx/conf/nginx.conf 3 worker_processes 2; \[root@nginx \~\]# nginx -s reload  \[root@nginx \~\]# vim /usr/local/nginx/conf/nginx.conf 3 worker_processes auto; 4 worker_cpu_affinity 0001 0010 0100 1000; \[root@nginx \~\]# nginx -s reload   \[root@nginx \~\]# vim /usr/local/nginx/conf/nginx.conf 12 events { 13 worker_connections 10000; #nginx最大连接数 14 use epoll; 15 accept_mutex on; 16 multi_accept on; 17 } \[root@nginx \~\]# nginx -s reload \[root@nginx \~\]# dnf install httpd-tools-2.4.62-4.el9.x86_64 -y \[root@nginx \~\]# ab -n 10000 -c5000 http://172.25.254.10/index.html This is ApacheBench, Version 2.3 \<$Revision: 1913912 $\> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Licensed to The Apache Software Foundation, http://www.apache.org/ Benchmarking 172.25.254.10 (be patient) socket: Too many open files (24) #访问过多请求失败 处理本地文件系统的并发文件数量 \[root@nginx \~\]# vim /etc/security/limits.conf 60 \* - nofile 10000 61 \* - nofile 10000 62 root - nofile 10000 \[root@nginx \~\]# sudo -u nginx ulimit -n 10000 \[root@nginx \~\]# ulimit -n 10000 测试  ### KeepAlived长链接优化 #### 设置连接时长 \[root@nginx \~\]# vim /usr/local/nginx/conf/nginx.conf 34 keepalive_timeout 5; \[root@nginx \~\]# vim /etc/hosts 172.25.254.10 nginx www.qqq.com \[root@nginx \~\]# telnet www.qqq.com 80 再输入下面两行后按回车两次  设置最大连接次数 \[root@nginx \~\]# vim /usr/local/nginx/conf/nginx.conf 35 keepalive_requests 3; \[root@nginx \~\]# telnet www.qqq.com 80 Trying 172.25.254.10... Connected to www.qqq.com. Escape character is '\^\]'. GET / HTTP/1.1 #第一次连接 Host: www.qqq.com HTTP/1.1 200 OK Server: nginx/1.28.1 Date: Mon, 23 Feb 2026 14:03:07 GMT Content-Type: text/html Content-Length: 14 Last-Modified: Mon, 23 Feb 2026 12:38:30 GMT Connection: keep-alive Keep-Alive: timeout=100 ETag: "699c4a46-e" Accept-Ranges: bytes 172.25.254.10 GET / HTTP/1.1 #第二次连接 Host: www.qqq.com HTTP/1.1 200 OK Server: nginx/1.28.1 Date: Mon, 23 Feb 2026 14:03:17 GMT Content-Type: text/html Content-Length: 14 Last-Modified: Mon, 23 Feb 2026 12:38:30 GMT Connection: keep-alive Keep-Alive: timeout=100 ETag: "699c4a46-e" Accept-Ranges: bytes 172.25.254.10 GET / HTTP/1.1 #第三次连接 Host: www.qqq.com HTTP/1.1 200 OK Server: nginx/1.28.1 Date: Mon, 23 Feb 2026 14:03:27 GMT Content-Type: text/html Content-Length: 14 Last-Modified: Mon, 23 Feb 2026 12:38:30 GMT Connection: close ETag: "699c4a46-e" Accept-Ranges: bytes 172.25.254.10 Connection closed by foreign host. #连接关闭 ### Location 字符匹配详解 #### Location后什么都不带直接指定目录 \[root@nginx conf\]# mkdir /usr/local/nginx/conf/conf.d \[root@nginx conf\]# vim /usr/local/nginx/conf/nginx.conf 84 include "/usr/local/nginx/conf/conf.d/\*.conf";  null改为大写访问不了  #### = 用于标准uri前,需要请求字串与uri精确匹配,大小敏感,如果匹配成功就停止向下匹配并立即处理请求 \[root@nginx conf.d\]# vim vhosts.conf server { listen 80; server_name www.qqq.com; location /null { return 200 "/null-1"; } location = /null { return 200 "="; } location \~ /null { return 200 "\~"; } } 精确匹配  #### \^\~ #用于标准uri前,表示包含正则表达式,并且匹配以指定的正则表达式开头 #对uri的最左边部分做匹配检查,不区分字符大小写 \[root@nginx conf.d\]# vim vhosts.conf 1 server { 2 listen 80; 3 server_name www.qqq.com; 4 location /null { 5 return 200 "/null-1"; 6 } 7 location \^\~ /aaa { 8 return 200 "\~"; 9 } 10 } \[root@nginx conf.d\]# nginx -s reload 凡是aaa开头的都能匹配到  #### \~ 用于标准uri前,表示包含正则表达式,并且区分大小写 \[root@nginx conf.d\]# vim vhosts.conf server { listen 80; server_name www.qqq.com; location /null { return 200 "/null-1"; } location \^\~ /aaa { return 200 "\~"; } location \~ /lll { return 200 "lll" } } \[root@nginx conf.d\]# nginx -s reload  #### \~\* 用于标准uri前,表示包含正则表达式,并且不区分大写 \[root@nginx conf.d\]# vim vhosts.conf server { listen 80; server_name www.qqq.com; location /null { return 200 "/null-1"; } location \^\~ /aaa { return 200 "\~"; } location \~ /lll { return 200 "lll"; } location \~\* /abc { return 200 "nihao"; } } \[root@nginx conf.d\]# nginx -s reload \[root@nginx conf.d\]# curl www.qqq.com/abc nihao\[root@nginx conf.d\]# curl www.qqq.com/ABC nihao\[root@nginx conf.d\]# curl www.qqq.com/Abc nihao\[root@nginx conf.d\]# #### / 用于标准uri前,表示包含正则表达式并且转义字符。可以将 . \* ?等转义为普通符号 \[root@nginx conf.d\]# vim vhosts.conf server { listen 80; server_name www.qqq.com; location /null { return 200 "/null-1"; } location \^\~ /aaa { return 200 "\~"; } location \~ /lll { return 200 "lll"; } location \~\* /abc { return 200 "nihao"; } location \~\* \\.(com\|org)${ #以.com或.org结尾 return 200 "\\\\\\"; } } \[root@nginx conf.d\]# nginx -s reload  #### #匹配优先级从高到低: =, \^\~, \~/\~\*, 不带符号 ### 服务访问的用户认证 \[root@nginx conf.d\]# vim vhosts.conf server { listen 80; server_name www.qqq.com; location /admin { root /usr/loacl/nginx/html; auth_basic "login passwd"; auth_basic_user_file "/usr/local/nginx/conf/.htpasswd"; } } \[root@nginx conf.d\]# systemctl restart nginx.service  ### 自定义错误界面 \[root@nginx conf.d\]# vim vhosts.conf server { listen 80; server_name www.qqq.com; error_page 404 405 503 502 /error; location /admin { root /usr/local/nginx/html; } location /error { alias /usr/local/nginx/errorpage/errormessage; } }  ### 自定义错误日志 \[root@nginx conf.d\]# vim vhosts.conf \[root@nginx conf.d\]# mkdir -p /usr/local/nginx/logs/aaa.org/ \[root@nginx conf.d\]# vim vhosts.conf \[root@nginx conf.d\]# systemctl restart nginx.service \[root@nginx conf.d\]# cd /usr/local/nginx/logs/aaa.org/ \[root@nginx aaa.org\]# ll 总用量 0 -rw-r--r--. 1 root root 0 2月 23 23:38 aaa.error \[root@nginx aaa.org\]# curl www.qqq.com/admin no file \[root@nginx aaa.org\]# cat aaa.error 2026/02/23 23:38:54 \[error\] 3598#0: \*1 open() "/usr/local/nginx/html/admin" failed (2: No such file or directory), client: 172.25.254.10, server: www.qqq.com, request: "GET /admin HTTP/1.1", host: "www.qqq.com" ### Nginx中建立下载服务器 #### 下载服务器配置 \[root@nginx \~\]# mkdir -p /usr/local/nginx/download \[root@nginx \~\]# cp /etc/passwd /usr/local/nginx/download/ \[root@nginx \~\]# dd if=/dev/zero of=/usr/local/nginx/download/bigfile bs=1M count=100 记录了100+0 的读入 记录了100+0 的写出 104857600字节(105 MB,100 MiB)已复制,0.0428074 s,2.4 GB/s \[root@nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf 12 location /download { 13 root /usr/local/nginx; 14 } \[root@nginx \~\]# nginx -s reload  #### 启用列表功能 \[root@nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf 14 autoindex on; \[root@nginx \~\]# nginx -s reload 访问成功  #### 下载控速 控速前  \[root@nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf 15 limit_rate 1024k; \[root@nginx \~\]# nginx -s reload 控速后  #### 显示文件大小 \[root@nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf 16 autoindex_exact_size off; \[root@nginx \~\]# nginx -s reload  #### 显示时间调整 \[root@nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf 17 autoindex_localtime on; \[root@nginx \~\]# nginx -s reload  #### 设定页面风格 \[root@nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf 18 autoindex_format html; \[root@nginx \~\]# nginx -s reload 18 autoindex_format xml; html  xml  json 18 autoindex_format json;  ### Nginx的文件检测 \[root@nginx \~\]# echo default \> /usr/local/nginx/errorpage/default.html \[root@nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf 7 try_files $uri $uri.html $uri/index.html /default.html; \[root@nginx \~\]# nginx -s reload  ### nginx状态页 \[root@nginx \~\]# htpasswd -cmb /usr/local/nginx/conf/conf.d/.htpasswd admin 1 Adding password for user admin \[root@nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf 1 server { 2 listen 80; 3 server_name www.qqq.com; 4 location /status { 5 stub_status; 6 auth_basic "auth login"; 7 auth_basic_user_file /usr/local/nginx/conf/conf.d/.htpasswd; 8 allow 172.25.254.0/24; 9 deny all; 10 } 11 } \[root@nginx \~\]# nginx -s reload  ### Nginx的压缩功能 \[root@nginx \~\]# mkdir -p /usr/local/nginx/www.qqq.com/qqq/html \[root@nginx conf.d\]# vim /usr/local/nginx/conf/nginx.conf 36 gzip on; 37 gzip_comp_level 4; 38 gzip_disable "MSIE \[1-6\]\\."; 39 gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript applicati on/x-httpd-php image/gif image/png; 40 gzip_vary on; 41 gzip_static on; \[root@nginx conf.d\]# vim vhosts.conf server { listen 80; server_name www.qqq.com; root /usr/local/nginx/www.qqq.com/qqq/html; location /status { stub_status; auth_basic "auth login"; auth_basic_user_file /usr/local/nginx/conf/conf.d/.htpasswd; allow 172.25.254.0/24; deny all; } } \[root@nginx conf.d\]# nginx -s reload   ### nginx变量 #### 升级Nginx支持echo \[root@nginx conf.d\]# systemctl stop nginx.service #停止nginx服务 下载 \[root@nginx nginx-1.28.1\]# tar zxf echo-nginx-module-0.64.tar.gz \[root@nginx nginx-1.28.1\]# cd nginx-1.28.1/ \[root@nginx nginx-1.28.1\]# make clean \[root@nginx nginx-1.28.1\]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module --add-module=/root/echo-nginx-module-0.64 \[root@nginx nginx-1.28.1\]# rm -rf /usr/local/nginx/sbin/nginx \[root@nginx nginx-1.28.1\]# cp objs/nginx /usr/local/nginx/sbin/ -P \[root@nginx nginx-1.28.1\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name www.qqq.com; root /usr/local/nginx/www.qqq.com/qqq/html; location /vars { default_type text/html; echo $remote_addr; } } \[root@nginx nginx-1.28.1\]# nginx -s reload \[root@nginx nginx-1.28.1\]# systemctl restart nginx.service #### 理解内建变量 \[root@nginx conf.d\]# vim vhosts.conf server { listen 80; server_name www.qqq.com; root /usr/local/nginx/www.qqq.com/qqq/html; location /vars { default_type text/html; echo $args; } } \[root@nginx conf.d\]# nginx -s reload  #### $host; #存放了请求的host名称 \[root@nginx conf.d\]# vim vhosts.conf server { listen 80; server_name www.qqq.com; root /usr/local/nginx/www.qqq.com/qqq/html; location /vars { default_type text/html; echo $host; } }  #### $scheme; #请求的协议,例如:http,https,ftp等 \[root@nginx conf.d\]# vim vhosts.conf server { listen 80; server_name www.qqq.com; root /usr/local/nginx/www.qqq.com/qqq/html; location /vars { default_type text/html; echo $scheme; } }  \[root@nginx conf.d\]# vim vhosts.conf 1 server { 2 listen 80; 3 server_name www.qqq.com; 4 root /usr/local/nginx/www.qqq.com/qqq/html; 5 location /vars { 6 default_type text/html; 7 echo $remote_addr; 8 echo $args; 9 echo $is_args; 10 echo $document_root; 11 echo $document_uri; 12 echo $host; 13 echo $remote_port; 14 echo $remote_user; 15 echo $request_method; 16 echo $request_filename; 17 echo $request_uri; 18 echo $scheme; 19 echo $server_protocol; 20 echo $server_addr; 21 echo $server_name; 22 echo $server_port; 23 echo $http_user_agent; 24 echo $cookie_key2; 25 echo $http_user_agent; 26 echo $sent_http_content_type; 27 set $test lee; 28 echo $test; 29 set $web_port $server_port; 30 echo $web_port;  ### 网页从写 #### 网页重写中的指令 \[root@nginx conf.d\]# vim vhosts.conf 1 server { 2 listen 80; 3 server_name www.qqq.com; 4 root /webdir/www.qqq.com/qqq/html; 5 location /vars { 6 echo $remote_user; 7 echo $request_method; 8 echo $request_filename; 9 echo $request_uri; 10 echo $scheme; 11 } 12 location / { 13 if ( $http_user_agent \~\* firfox ){ 14 return 200 "test if messages"; 15 } 16 } 17 } \[root@nginx conf.d\]# nginx -s reload \[root@nginx conf.d\]# mkdir /webdir/www.qqq.com/qqq/html -p \[root@nginx conf.d\]# vim /webdir/www.qqq.com/qqq/html/index.html nihao 未指定浏览器  指定firefox浏览器  #### set \[root@nginx conf.d\]# vim vhosts.conf server { listen 80; server_name www.qqq.com; root /webdir/www.qqq.com/qqq/html; location /vars { echo $remote_user; echo $request_method; echo $request_filename; echo $request_uri; echo $scheme; } location / { set $testname qqq; echo $testname; } } \[root@nginx conf.d\]# nginx -s reload  #### return \[root@nginx conf.d\]# vim vhosts.conf server { listen 80; server_name www.qqq.com; root /webdir/www.qqq.com/qqq/html; location /vars { echo $remote_user; echo $request_method; echo $request_filename; echo $request_uri; echo $scheme; } location / { return 200 "nihao"; } } \[root@nginx conf.d\]# nginx -s reload  #### break \[root@nginx conf.d\]# vim vhosts.conf server { listen 80; server_name www.qqq.com; root /webdir/www.qqq.com/qqq/html; location /vars { echo $remote_user; echo $request_method; echo $request_filename; echo $request_uri; echo $scheme; } location / { set $test1 aaa; echo $test1; set $test2 bbb; echo $test2; if ($http_user_agent = firefox) { break; } set $test3 ccc; echo $test3; } } 测试 \[root@nginx conf.d\]# nginx -s reload \[root@nginx conf.d\]# curl www.qqq.com aaa bbb ccc \[root@nginx conf.d\]# curl -A "firefox" www.qqq.com aaa bbb \[root@nginx conf.d\]# #### redirect \[root@nginx conf.d\]# vim vhosts.conf server { listen 80; server_name www.qqq.com; root /webdir/www.qqq.com/qqq/html; location /vars { echo $remote_user; echo $request_method; echo $request_filename; echo $request_uri; echo $scheme; } location / { rewrite / http://www.baidu.com redirect; } } \[root@nginx conf.d\]# nginx -s reload 测试  #### permanent #重写完成后以永久重定向方式直接返回重写后生成的新URL给客户端 #由客户端重新发起请求,状态码:301 \[root@nginx conf.d\]# vim vhosts.conf server { listen 80; server_name www.qqq.com; root /webdir/www.qqq.com/qqq/html; location /vars { echo $remote_user; echo $request_method; echo $request_filename; echo $request_uri; echo $scheme; } location / { rewrite / http://www.baidu.com permanent; } } \[root@nginx conf.d\]# nginx -s reload  #### break\&last \[root@nginx conf.d\]# mkdir /webdir/www.qqq.com/qqq/html/{break,last,test1,test2} \[root@nginx conf.d\]# echo break \> /webdir/www.qqq.com/qqq/html/break/index.html \[root@nginx conf.d\]# echo last \> /webdir/www.qqq.com/qqq/html/last/index.html \[root@nginx conf.d\]# echo test1 \> /webdir/www.qqq.com/qqq/html/test1/index.html \[root@nginx conf.d\]# echo test2 \> /webdir/www.qqq.com/qqq/html/test2/index.html \[root@nginx conf.d\]# vim vhosts.conf 1 server { 2 listen 80; 3 server_name www.qqq.com; 4 root /webdir/www.qqq.com/qqq/html; 5 location /vars { 6 echo $remote_user; 7 echo $request_method; 8 echo $request_filename; 9 echo $request_uri; 10 echo $scheme; 11 } 12 location /break { 13 rewrite /break/(.\*) /test/$1 break; 14 rewrite /test1 /test2; 15 16 } 17 location /test1 { 18 return 200 "test1"; 19 } 20 location /test2 { 21 return 200 "test2"; 22 } 23 } \[root@nginx conf.d\]# nginx -s reload \[root@nginx conf.d\]# curl -L http://www.qqq.com/break/index.html test1 #### last \[root@nginx conf.d\]# curl -L http://www.qqq.com/break/index.html test2 ### 防盗链 \[root@nginx conf.d\]# vim vhosts.conf server { listen 80; server_name www.qqq.com; root /webdir/www.qqq.com/qqq/html; location / { valid_referers none blocked server_names \*.qqq.com \~/.baidu/.; if ( $invalid_referer ){ return 404; } } location /img{ valid_referers none blocked server_names \*.qqq.com \~/.baidu/.; if ( $invalid_referer ){ rewrite \^/ http://www.qqq.com/daolian/daolian.png; } } } \[root@nginx conf.d\]# nginx -s reload \[root@client \~\]# vim /var/www/html/index.html \[root@client \~\]# systemctl restart httpd.service ### nginx反向代理 #### rs1和rs2主机配置 \[root@rs1 \~\]# dnf install httpd -y \[root@rs2 \~\]# dnf install httpd -y \[root@rs1 \~\]# echo 172.25.254.20 \> /var/www/html/index.html \[root@rs2 \~\]# echo 172.25.254.30 \> /var/www/html/index.html \[root@rs1 \~\]# systemctl restart httpd \[root@rs2 \~\]# systemctl restart httpd 测试 \[root@rs1 \~\]# curl 172.25.254.20 172.25.254.20 \[root@rs1 \~\]# curl 172.25.254.30 172.25.254.30 \[root@nginx conf.d\]# vim vhosts.conf server { listen 80; server_name www.qqq.com; location / { proxy_pass http://172.25.254.20:80; } location /web { proxy_pass http://172.25.254.30:80; } }  #### proxy_hide_header filed 可以看到etag  \[root@nginx conf.d\]# vim vhosts.conf server { listen 80; server_name www.qqq.com; location / { proxy_pass http://172.25.254.20:80; proxy_hide_header ETag; } } \[root@nginx conf.d\]# nginx -s reload etag被隐藏了  #### proxy_pass_header  \[root@nginx conf.d\]# vim vhosts.conf server { listen 80; server_name www.qqq.com; location / { proxy_pass http://172.25.254.20:80; proxy_pass_header Server; } } \[root@nginx conf.d\]# nginx -s reload  #### 透传信息 \[root@rs1 \~\]# vim /etc/httpd/conf/httpd.conf 201 LogFormat "%h %l %u %t \\"%r\\" %\>s %b \\"%{Referer}i\\" \\"%{User-Agent}i\\" \\"%{X-Forwarded-For}i\\"" combined \[root@nginx conf.d\]# vim vhosts.conf server { listen 80; server_name www.qqq.com; location / { proxy_pass http://172.25.254.20:80; proxy_set_header X-Forwarded $remote_addr; } } \[root@nginx conf.d\]# nginx -s reload  ### 利用反向代理实现动静分离 #### 环境 \[root@rs1 \~\]# dnf install httpd -y \[root@rs1 \~\]# systemctl restart httpd.service \172.25.254.10\"; phpinfo(); ?\> \[root@nginx conf.d\]# vim vhosts.conf server { listen 80; server_name www.qqq.com; location / { proxy_pass http://172.25.254.20:80; } location \~\* \\.(php\|js)$ { proxy_pass http://172.25.254.20:80; } } 静态  动态  ### 缓存加速  \[root@nginx conf.d\]# vim /usr/local/nginx/conf/nginx.conf 41 proxy_cache_path /usr/local/nginx/proxy_cache levels=1:2:2 keys_zone=proxycache:20m inactive=120s max_size=1g; \[root@nginx conf.d\]# vim vhosts.conf server { listen 80; server_name www.qqq.com; location / { proxy_pass http://172.25.254.30:80; } location \~\* \\.(php\|js)$ { proxy_pass http://172.25.254.20:80; proxy_cache proxycache; proxy_cache_key $request_uri; proxy_cache_valid 200 302 301 10m; proxy_cache_valid any 1m; } } \[root@nginx conf.d\]# systemctl restart nginx \[root@nginx conf.d\]# tree /usr/local/nginx/proxy_cache/ /usr/local/nginx/proxy_cache/ 0 directories, 0 files 对比上次失败请求少很多了  \[root@nginx conf.d\]# tree /usr/local/nginx/proxy_cache/ /usr/local/nginx/proxy_cache/ └── 1 └── af └── 15 └── e251273eb74a8ee3f661a7af00915af1 3 directories, 1 file ### 反向负载代理 \[root@nginx conf.d\]# vim /usr/local/nginx/conf/nginx.conf 22 include "/usr/local/nginx/conf/upstream/\*.conf"; \[root@nginx conf.d\]# vim /usr/local/nginx/conf/upstream/loadbalance.conf upstream webserver { server 172.25.254.20:80 weight=1 fail_timeout=15s max_fails=3; server 172.25.254.30:80 weight=1 fail_timeout=15s max_fails=3; server 172.25.254.10:8888 backup; } server { listen 80; server_name www.qqq.com; location \~ / { proxy_pass http://webserver; } }  \[root@nginx conf.d\]# mkdir /webdir/www.qqq.com/qqq/error/html/ -p \[root@nginx conf.d\]# echo error \> /webdir/www.qqq.com/qqq/error/html/index.html \[root@nginx conf.d\]# vim vhosts.conf server { listen 8888; root /webdir/www.qqq.com/qqq/error/html; } \[root@nginx conf.d\]# nginx -s reload 停止主机rs1和rs2的httpd服务 \[root@rs1 \~\]# systemctl stop httpd.service \[root@rs2 \~\]# systemctl stop httpd.service  ### Nginx负载均衡算法 \[root@nginx conf.d\]# vim /usr/local/nginx/conf/upstream/loadbalance.conf upstream webserver { hash $cookie_lee; server 172.25.254.20:80 weight=1 fail_timeout=15s max_fails=3; server 172.25.254.30:80 weight=1 fail_timeout=15s max_fails=3; } server { listen 80; server_name www.qqq.com; location \~ / { proxy_pass http://webserver; } }  ### nginx整合php \[root@nginx conf.d\]# mkdir /webdir/www.qqq.com/php/html -p \[root@nginx conf.d\]# echo 172.25.254.10php \> /webdir/www.qqq.com/php/html/index.html \[root@nginx conf.d\]# vim php.conf server { listen 80; server_name www.qqq.php; root /webdir/www.qqq.com/php/html; location \~ \\.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi.conf; } } 测试  ### PHP的源码编译 \[root@nginx \~\]# wget https://www.php.net/distributions/php-8.3.30.tar.gz 下载依赖 \[root@nginx \~\]# wget https://mirrors.aliyun.com/rockylinux/9.7/devel/x86_64/os/Packages/o/oniguruma-devel-6.9.6-1.el9.6.x86_64.rpm \[root@nginx php-8.3.30\]# tar zxf php-8.3.30.tar.gz \[root@nginx php-8.3.30\]# dnf install gcc systemd-devel-252-51.el9.x86_64 libxml2-devel.x86_64 sqlite-devel.x86_64 libcurl-devel.x86_64 libpng-devel.x86_64 oniguruma-devel-6.9.6-1.el9.6.x86_64.rpm -y 编译 \[root@nginx php-8.3.30\]# cd php-8.3.30/ \[root@nginx php-8.3.30\]# ./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-curl --with-iconv --with-mhash --with-zlib --with-openssl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-debug --enable-sockets --enable-soap --enable-xml --enable-ftp --enable-gd --enable-exif --enable-mbstring --enable-bcmath --with-fpm-systemd \[root@nginx php-8.3.30\]# make \[root@nginx php-8.3.30\]# make install \[root@nginx php-8.3.30\]# cd /usr/local/php/etc/ \[root@nginx etc\]# cp -p php-fpm.conf.default php-fpm.conf \[root@nginx etc\]# vim php-fpm.conf 17 pid = run/php-fpm.pid \[root@nginx etc\]# cd php-fpm.d/ \[root@nginx php-fpm.d\]# cp www.conf.default www.conf \[root@nginx php-fpm.d\]# vim www.conf 41 listen = 0.0.0.0:9000 \[root@nginx \~\]# cd /usr/local/php/etc/ \[root@nginx etc\]# cd php-fpm.d/ \[root@nginx php-fpm.d\]# cp www.conf.default www.conf \[root@nginx nginx-1.28.1\]# mv php-8.3.30 ../php-8.3.30 \[root@nginx \~\]# cp php-8.3.30/php.ini-production /usr/local/php/etc/php.ini \[root@nginx \~\]# vim /usr/local/php/etc/php.ini 989 date.timezone = Asia/Shangha \[root@nginx php-fpm.d\]# cp /root/php-8.3.30/sapi/fpm/php-fpm.service /lib/systemd/system/ \[root@nginx php-fpm.d\]# vim /lib/systemd/system/php-fpm.service \[root@nginx php-fpm.d\]# vim /lib/systemd/system/php-fpm.service 18 #PrivateTmp=true \[root@nginx php-fpm.d\]# systemctl daemon-reload \[root@nginx php-fpm.d\]# systemctl enable --now php-fpm.service 查看是否开启 \[root@nginx php-fpm.d\]# netstat -anltupe \| grep php tcp 0 0 0.0.0.0:9000 0.0.0.0:\* LISTEN 0 172393 144771/php-fpm: mas 设定环境变量 \[root@nginx php-fpm.d\]# vim \~/.bash_profile # .bash_profile export PATH=$PATH:/usr/local/nginx/sbin export PATH=$PATH:/usr/local/nginx/sbin:/usr/local/php/sbin:/usr/local/php/bin # Get the aliases and functions if \[ -f \~/.bashrc \]; then . \~/.bashrc fi # User specific environment and startup programs ### 利用memcache实现php的缓存加速 #### 安装 \[root@nginx php-fpm.d\]# dnf install memcached.x86_64 -y #### 配置 \[root@nginx php-fpm.d\]# vim /etc/sysconfig/memcached PORT="11211" USER="memcached" MAXCONN="1024" CACHESIZE="64" OPTIONS="-l 0.0.0.0,::1" 重启 \[root@nginx php-fpm.d\]# systemctl enable --now memcached.service 查看是否开启 \[root@nginx php-fpm.d\]# netstat -antulpe \| grep memcache tcp 0 0 0.0.0.0:11211 0.0.0.0:\* LISTEN 991 174294 145476/memcached tcp6 0 0 ::1:11211 :::\* LISTEN 991 174295 145476/memcached #### 升级php对于memcache的支持 #### 解压 \[root@nginx \~\]# gunzip memc-nginx-module-0.20.gz \[root@nginx \~\]# cd memcache-8.2/ \[root@nginx memcache-8.2\]# dnf install autoconf -y \[root@nginx memcache-8.2\]# phpize \[root@nginx memcache-8.2\]# ./configure \&\& make \&\& make install \[root@nginx memcache-8.2\]# ls /usr/local/php/lib/php/extensions/no-debug-non-zts-20230831/ memcache.so opcache.so \[root@nginx memcache-8.2\]# vim /usr/local/php/etc/php.ini 939 extension=memcache \[root@nginx memcache-8.2\]# systemctl restart php-fpm.service \[root@nginx memcache-8.2\]# php -m \| grep memcache memcache ### nginx+memcache实现高速缓存解 #### 重新编译nginx \[root@nginx \~\]# systemctl stop nginx.service \[root@nginx \~\]# cp /usr/local/nginx/conf/ /mnt/ -r \[root@nginx \~\]# rm -fr /usr/local/nginx/ \[root@nginx \~\]# rm -rf nginx-1.29.4 nginx-1.28.1 \[root@nginx \~\]# tar zxf nginx-1.28.1.tar.gz \[root@nginx \~\]# cd nginx-1.28.1/ \[root@nginx nginx-1.28.1\]# cd .. \[root@nginx \~\]# tar zxf srcache-nginx-module-0.33.tar.gz \[root@nginx \~\]# tar zxf memc-nginx-module-0.20.tar.gz \[root@nginx conf\]# cp /mnt/conf/nginx.conf /mnt/conf/conf.d/ -r \[root@nginx conf\]# systemctl restart nginx.service #### 整合memcache \[root@nginx conf\]# vim /usr/local/nginx/conf/conf.d/php.conf upstream memcache { server 127.0.0.1:11211; keepalive 512; } server { listen 80; server_name php.timinglee.org; root /webdir/timinglee.org/php/html; index index.php index.html; location /memc { internal; memc_connect_timeout 100ms; memc_send_timeout 100ms; memc_read_timeout 100ms; set $memc_key $query_string; set $memc_exptime 300; memc_pass memcache; } location \~ \\.php$ { set $key $uri$args; srcache_fetch GET /memc $key; srcache_store PUT /memc $key; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi.conf; } } ## Nginx的四层负载均衡代理 #### rs主机下载mysql \[root@rs1 \~\]# dnf install mariadb-server -y \[root@rs1 \~\]# vim /etc/my.cnf.d/mariadb-server.cnf 17 server-id=10 \[root@rs1 \~\]# mysql Welcome to the MariaDB monitor. Commands end with ; or \\g. Your MariaDB connection id is 3 Server version: 10.5.27-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\\h' for help. Type '\\c' to clear the current input statement. MariaDB \[(none)\]\> CREATE USER 'rrr'@'%' identified '1'; ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''1'' at line 1 MariaDB \[(none)\]\> CREATE USER 'rrr'@'%' identified by '1'; Query OK, 0 rows affected (0.001 sec) MariaDB \[(none)\]\> GRANT ALL ON \*.\* TO 'rrr'@'%'; Query OK, 0 rows affected (0.001 sec) MariaDB \[(none)\]\> quit Bye \[root@rs2 \~\]# dnf install mariadb-server -y \[root@rs2 \~\]# vim /etc/my.cnf.d/mariadb-server.cnf 17 server-id=20 \[root@rs2 \~\]# mysql Welcome to the MariaDB monitor. Commands end with ; or \\g. Your MariaDB connection id is 3 Server version: 10.5.27-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\\h' for help. Type '\\c' to clear the current input statement. MariaDB \[(none)\]\> CREATE USER 'rrr'@'%' indentified by '1'; ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'indentified by '1'' at line 1 MariaDB \[(none)\]\> CREATE USER 'rrr'@'%' identified by '1'; Query OK, 0 rows affected (0.002 sec) MariaDB \[(none)\]\> GRANT ALL ON \*.\* TO 'rrr'@'%'; Query OK, 0 rows affected (0.001 sec) MariaDB \[(none)\]\> #### 实验环境(dns) \[root@rs1 \~\]# vim /etc/named.conf 注释掉这几行 11 // listen-on port 53 { 127.0.0.1; }; 12 // listen-on-v6 port 53 { ::1; }; 13 directory "/var/named"; 14 dump-file "/var/named/data/cache_dump.db"; 15 statistics-file "/var/named/data/named_stats.txt"; 16 memstatistics-file "/var/named/data/named_mem_stats.txt"; 17 secroots-file "/var/named/data/named.secroots"; 18 recursing-file "/var/named/data/named.recursing"; 19 // allow-query { localhost; }; \[root@rs2 \~\]# vim /etc/named.conf 11 // listen-on port 53 { 127.0.0.1; }; 12 // listen-on-v6 port 53 { ::1; }; 13 directory "/var/named"; 14 dump-file "/var/named/data/cache_dump.db"; 15 statistics-file "/var/named/data/named_stats.txt"; 16 memstatistics-file "/var/named/data/named_mem_stats.txt"; 17 secroots-file "/var/named/data/named.secroots"; 18 recursing-file "/var/named/data/named.recursing"; 19 // allow-query { localhost; }; \[root@rs1 \~\]# vim /etc/named.rfc1912.zones 46 zone "www.qqq.com" IN { 47 type master; 48 file "www.qqq.com.zone"; 49 allow-update { none; }; 50 }; \[root@rs2 \~\]# vim /etc/named.rfc1912.zones 46 zone "www.qqq.com" IN { 47 type master; 48 file "www.qqq.com.zone"; 49 allow-update { none; }; 50 } \[root@rs1 \~\]# cd /var/named/ \[root@rs1 named\]# cp -p named.localhost www.qqq.com.zone \[root@rs1 named\]# vim www.qqq.com.zone $TTL 1D @ IN SOA dns.www.qqq.com rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS dns.www.qqq.com. dns A 172.25.254.20 \[root@rs1 named\]# systemctl enable --now named.service 测试  \[root@rs2 \~\]# cd /var/named/ \[root@rs2 named\]# cp -p named.localhost www.qqq.com.zone \[root@rs2 named\]# vim www.qqq.com.zone $TTL 1D @ IN SOA dns.www.qqq.com rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS dns.www.qqq.com. dns A 172.25.254.30 \[root@rs2 named\]# systemctl enable --now named.service 测试  #### tcp四层负载 \[root@nginx nginx-1.28.1\]# vim /usr/local/nginx/conf/tcp/mariadb.conf stream { upstream mysql_server { server 172.25.254.20:3306 max_fails=3 fail_timeout=30s; server 172.25.254.30:3306 max_fails=3 fail_timeout=30s; } server { listen 172.25.254.10:3306; proxy_pass mysql_server; proxy_connet_timeout 30s; proxy_timeout 300s; } } \[root@nginx nginx-1.28.1\]# vim /usr/local/nginx/conf/nginx.conf 16 include "/usr/local/nginx/conf/tcp/\*.conf"; \[root@nginx nginx-1.28.1\]# vim /usr/local/nginx/conf/tcp/mariadb.conf stream { upstream mysql_server { server 172.25.254.20:3306 max_fails=3 fail_timeout=30s; server 172.25.254.30:3306 max_fails=3 fail_timeout=30s; } server { listen 172.25.254.10:3306; proxy_pass mysql_server; proxy_connect_timeout 30s; proxy_timeout 300s; } } \[root@nginx nginx-1.28.1\]# nginx -s reload 测试  #### udp四层负载 \[root@nginx nginx-1.28.1\]# vim /usr/local/nginx/conf/tcp/mariadb.conf stream { upstream mysql_server { server 172.25.254.20:3306 max_fails=3 fail_timeout=30s; server 172.25.254.30:3306 max_fails=3 fail_timeout=30s; } upstream dns_server{ server 172.25.254.20:53 max_fails=3 fail_timeout=30s; server 172.25.254.30:53 max_fails=3 fail_timeout=30s; } server { listen 172.25.254.10:3306; proxy_pass mysql_server; proxy_connect_timeout 30s; proxy_timeout 300s; } server { listen 172.25.254.10:53 udp; proxy_pass dns_server; proxy_timeout 1s; proxy_responses 1; error_log logs/dns.log; } } 测试  \[root@nginx nginx-1.28.1\]# cd /usr/local/nginx/conf/ \[root@nginx conf\]# mkdir conf.d \[root@nginx conf\]# vim nginx.conf 81 include "/usr/local/nginx/conf/conf.d/\*.conf"; \[root@nginx conf\]# nginx -s reload ### #Nginx下构建PC站点 #### ## 1.location中的root \[root@nginx conf.d\]# mkdir -p /webdata/nginx/www.qqq.com/qqq/html \[root@nginx conf.d\]# echo www.qqq.com \> /webdata/nginx/www.qqq.com/qqq/html/index.html \[root@nginx conf.d\]# vim vhosts.conf \[root@nginx conf.d\]# nginx -s reload \[root@nginx conf.d\]# systemctl restart nginx.service \[root@nginx conf.d\]# vim /etc/hosts \[root@nginx conf.d\]# curl www.qqq.com www.qqq.com #### local示例需要访问lee.timinglee.org/qqq/目录 \[root@nginx conf.d\]# vim vhosts.conf server { listen 80; server_name www.qqq.com; location / { root /webdata/nginx/www.qqq.com/qqq/html; } location /qqq { root /webdata/nginx/www.qqq.com/qqq/html; } } \[root@nginx conf.d\]# systemctl restart nginx \[root@nginx conf.d\]# mkdir -p /webdata/nginx/www.qqq.com/qqq/html/qqq \[root@nginx conf.d\]# echo qqq \> /webdata/nginx/www.qqq.com/qqq/html/qqq/index.html 测试 \[root@nginx conf.d\]# curl www.qqq.com/qqq/ qqq #### location中的alias \[root@nginx conf.d\]# vim vhosts.conf server { listen 80; server_name www.qqq.com; location /passwd { alias /etc/passwd; } location /passwd/ { alias /mnt/; } } \[root@nginx conf.d\]# nginx -s reload  ### 编译安装 openresty \[root@nginx conf.d\]# wget https://openresty.org/download/openresty-1.27.1.2.tar.gz \[root@nginx conf.d\]# dnf -yq install gcc pcre-devel openssl-devel perl zlib-devel \[root@nginx conf.d\]# useradd -r -s /sbin/nologin nginx 编译 \[root@nginx openresty-1.27.1.2\]# ./configure --prefix=/apps/openresty --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module \[root@nginx openresty-1.27.1.2\]# gmake \[root@nginx openresty-1.27.1.2\]# gmake install \[root@nginx openresty-1.27.1.2\]# vim \~/.bash_profile # .bash_profile export PATH=$PATH:/usr/local/nginx/sbin export PATH=$PATH:/usr/local/nginx/sbin:/usr/local/php/sbin:/usr/local/php/bin export PATH=$PATH:/usr/local/openresty/bin #添加 # Get the aliases and functions if \[ -f \~/.bashrc \]; then . \~/.bashrc fi # User specific environment and startup programs \[root@nginx openresty-1.27.1.2\]# source \~/.bash_profile \[root@nginx openresty-1.27.1.2\]# curl 172.25.254.10 hello